snapd (2.49-1+deb11u2) bullseye-security; urgency=high
* SECURITY UPDATE: Local privilege escalation
- snap-confine: Fix race condition in snap-confine when preparing a
private tmp mount namespace for a snap
- CVE-2022-3328
-- Alex Murray <alex.murray@canonical.com> Mon, 28 Nov 2022 21:07:00 +1030
snapd (2.49-1+deb11u1) bullseye-security; urgency=high
* SECURITY UPDATE: local privilege escalation
- 0015-cve-2021-44730-44731-4120.patch: Add validations of the
location of the snap-confine binary within snapd.
- 0015-cve-2021-44730-44731-4120: Fix race condition in snap-confine
when preparing a private mount namespace for a snap.
- 0016-cve-2021-2021-44730-44731-4120-auto-remove.patch: automatic
remove vulnerable inactive core/snapd snaps
- CVE-2021-44730
- CVE-2021-44731
* SECURITY UPDATE: data injection from malicious snaps
- 0015-cve-2021-44730-44731-4120: Add validations of snap content
interface and layout paths in snapd
- CVE-2021-4120
- LP: #1949368
-- Michael Vogt <mvo@debian.org> Wed, 16 Feb 2022 10:56:34 +0100
snapd (2.49-1) unstable; urgency=high
* New upstream release with security updates:
* SECURITY UPDATE: sandbox escape vulnerability for containers
(LP: #1910456)
- many: add Delegate=true to generated systemd units for special
interfaces
- interfaces/greengrass-support: back-port interface changes to
2.48
- CVE-2020-27352
* interfaces/builtin/docker-support: allow /run/containerd/s/...
- This is a new path that docker 19.03.14 (with a new version of
containerd) uses to avoid containerd CVE issues around the unix
socket. See also CVE-2020-15257.
* debian/patches/0013-cherry-pick-pr9936.patch:
- cherry pick PR#9936 to use all apparmor available (closes: 923500)
* d/p/0011-cherry-pick-pr9809, d/p/0012-cherry-pick-pr9844:
- dropped, applied upstream
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 24 Feb 2021 09:23:51 +0100
snapd (2.48.2-3) unstable; urgency=medium
* debian/patches/0012-cherry-pick-pr9844:
- cherry pick PR#9844 to avoid leaking of errno in snap-confine
tests that caused i386 to FTBFS
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 22 Jan 2021 10:13:11 +0100
snapd (2.48.2-2) unstable; urgency=medium
* debian/rules:
- ignore usr/bin/genasset during arch-indep build too
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 15 Jan 2021 18:32:45 +0100
snapd (2.48.2-1) unstable; urgency=medium
* debian/patch/0011-cherry-pick-pr9809
- Cherry-pick https://github.com/snapcore/snapd/pull/9809.
This skips the --help output unit tests for older go-flags
versions.
* New upstream release, LP: #1906690
- tests: sign new nested-18|20* models to allow for generic serials
- secboot: add extra paranoia when waiting for that fde-reveal-key
- tests: backport netplan workarounds from #9785
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- secboot: add new LockSealedKeys() that uses either TPM or
fde-reveal-key
- gadget: use "sealed-keys" to determine what method to use for
reseal
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- secboot: use `fde-reveal-key` if available to unseal key
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- o/devicestate: save model with serial in the device save db
- devicestate: add runFDESetupHook() helper
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- hookstate: add new HookManager.EphemeralRunHook()
- update-pot: fix typo in plural keyword spec
- store,cmd/snap-repair: increase initial expontential time
intervals
- o/devicestate,daemon: fix reboot system action to not require a
system label
- github: run nested suite when commit is pushed to release branch
- tests: reset fakestore unit status
- tests: fix uc20-create-parition-* tests for updated gadget
- hookstate: implement snapctl fde-setup-{request,result}
- devicestate: make checkEncryption fde-setup hook aware
- client,snapctl: add naive support for "stdin"
- devicestate: support "storage-safety" defaults during install
- snap: use the boot-base for kernel hooks
- vendor: update secboot repo to avoid including secboot.test binary
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 15 Jan 2021 09:11:00 +0100
snapd (2.48.1-1) unstable; urgency=medium
* New upstream release, LP: #1906690
- gadget: disable ubuntu-boot role validation check
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Dec 2020 17:43:30 +0100
snapd (2.48-1) unstable; urgency=medium
* New upstream release, LP: #1904098
- osutil: add KernelCommandLineKeyValue
- devicestate: implement boot.HasFDESetupHook
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- bootloader: use ForGadget when installing boot config
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- boot: add scaffolding for "fde-setup" hook support for sealing
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- snap: add new "fde-setup" hooktype
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
- secboot,cmd/snap-bootstrap: fix degraded mode cases with better
device handling
- boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
messiness
- tests/nested/manual/refresh-revert-fundamentals: temporarily
disable secure boot
- snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
boot modes
- many: address degraded recover mode feedback, cleanups
- tests: Use systemd-run on tests part2
- tests: set the opensuse tumbleweed system as manual in spread.yaml
- secboot: call BlockPCRProtectionPolicies even if the TPM is
disabled
- vendor: update to current secboot
- cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
save
- spread.yaml: increase number of workers on 20.10
- snap: add new `snap recovery --show-keys` option
- tests: minor test tweaks suggested in the review of 9607
- snapd-generator: set standard snapfuse options when generating
units for containers
- tests: enable lxd test on ubuntu-core-20 and 16.04-32
- interfaces: share /tmp/.X11-unix/ from host or provider
- tests: enable main lxd test on 20.10
- cmd/s-b/initramfs-mounts: refactor recover mode to implement
degraded mode
- gadget/install: add progress logging
- packaging: keep secboot/encrypt_dummy.go in debian
- interfaces/udev: use distro specific path to snap-device-helper
- o/devistate: fix chaining of tasks related to regular snaps when
preseeding
- gadget, overlord/devicestate: validate that system supports
encrypted data before install
- interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
ESP layout
- many: add /v2/system-recovery-keys API and client
- secboot, many: return UnlockMethod from Unlock* methods for future
usage
- many: mv keys to ubuntu-boot, move model file, rename keyring
prefix for secboot
- tests: using systemd-run instead of manually create a systemd unit
- part 1
- secboot, cmd/snap-bootstrap: enable or disable activation with
recovery key
- secboot: refactor Unlock...IfEncrypted to take keyfile + check
disks first
- secboot: add LockTPMSealedKeys() to lock access to keys
independently
- gadget: correct sfdisk arguments
- bootloader/assets/grub: adjust fwsetup menuentry label
- tests: new boot state tool
- spread: use the official image for Ubuntu 20.10, no longer an
unstable system
- tests/lib/nested: enable snapd logging to console for core18
- osutil/disks: re-implement partition searching for disk w/ non-
adjacent parts
- tests: using the nested-state tool in nested tests
- many: seal a fallback object to the recovery boot chain
- gadget, gadget/install: move helpers to install package, refactor
unit tests
- dirs: add "gentoo" to altDirDistros
- update-pot: include file locations in translation template, and
extract strings from desktop files
- gadget/many: drop usage of gpt attr 59 for indicating creation of
partitions
- gadget/quantity: tweak test name
- snap: fix failing unittest for quantity.FormatDuration()
- gadget/quantity: introduce a new package that captures quantities
- o/devicestate,a/sysdb: make a backup of the device serial to save
- tests: fix rare interaction of tests.session and specific tests
- features: enable classic-preserves-xdg-runtime-dir
- tests/nested/core20/save: check the bind mount and size bump
- o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
- tests: rename hasHooks to hasInterfaceHooks in the ifacestate
tests
- o/devicestate: unit test tweaks
- boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
- testutil, cmd/snap/version: fix misc little errors
- overlord/devicestate: bind mount ubuntu-save under
/var/lib/snapd/save on startup
- gadget/internal: tune ext4 setting for smaller filesystems
- tests/nested/core20/save: a test that verifies ubuntu-save is
present and set up
- tests: update google sru backend to support groovy
- o/ifacestate: handle interface hooks when preseeding
- tests: re-enable the apt hooks test
- interfaces,snap: use correct type: {os,snapd} for test data
- secboot: set metadata and keyslots sizes when formatting LUKS2
volumes
- tests: improve uc20-create-partitions-reinstall test
- client, daemon, cmd/snap: cleanups from #9489 + more unit tests
- cmd/snap-bootstrap: mount ubuntu-save during boot if present
- secboot: fix doc comment on helper for unlocking volume with key
- tests: add spread test for refreshing from an old snapd and core18
- o/snapstate: generate snapd snap wrappers again after restart on
refresh
- secboot: version bump, unlock volume with key
- tests/snap-advise-command: re-enable test
- cmd/snap, snapmgr, tests: cleanups after #9418
- interfaces: deny connected x11 plugs access to ICE
- daemon,client: write and read a maintenance.json file for when
snapd is shut down
- many: update to secboot v1 (part 1)
- osutil/disks/mockdisk: panic if same mountpoint shows up again
with diff opts
- tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
reseal tests
- many: implement snap routine console-conf-start for synchronizing
auto-refreshes
- dirs, boot: add ubuntu-save directories and related locations
- usersession: fix typo in test name
- overlord/snapstate: refactor ihibitRefresh
- overlord/snapstate: stop warning about inhibited refreshes
- cmd/snap: do not hardcode snapshot age value
- overlord,usersession: initial notifications of pending refreshes
- tests: add a unit test for UpdateMany where a single snap fails
- o/snapstate/catalogrefresh.go: don't refresh catalog in install
mode uc20
- tests: also check snapst.Current in undo-unlink tests
- tests: new nested tool
- o/snapstate: implement undo handler for unlink-snap
- tests: clean systems.sh helper and migrate last set of tests
- tests: moving the lib section from systems.sh helper to os.query
tool
- tests/uc20-create-partitions: don't check for grub.cfg
- packaging: make sure that static binaries are indeed static, fix
openSUSE
- many: have install return encryption keys for data and save,
improve tests
- overlord: add link participant for linkage transitions
- tests: lxd smoke test
- tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
seed too
- tests: moving main suite from systems.sh to os.query tool
- tests: moving the core test suite from systems.sh to os.query tool
- cmd/snap-confine: mask host's apparmor config
- o/snapstate: move setting updated SnapState after error paths
- tests: add value to INSTANCE_KEY/regular
- spread, tests: tweaks for openSUSE
- cmd/snap-confine: update path to snap-device-helper in AppArmor
profile
- tests: new os.query tool
- overlord/snapshotstate/backend: specify tar format for snapshots
- tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
UC20
- client,daemon,snap: auto-import does not error on managed devices
- interfaces: PTP hardware clock interface
- tests: use tests.backup tool
- many: verify that unit tests work with nosecboot tag and without
secboot package
- wrappers: do not error out on read-only /etc/dbus-1/session.d
filesystem on core18
- snapshots: import of a snapshot set
- tests: more output for sbuild test
- o/snapstate: re-order remove tasks for individual snap revisions
to remove current last
- boot: skip some unit tests when running as root
- o/assertstate: introduce
ValidationTrackingKey/ValidationSetTracking and basic methods
- many: allow ignoring running apps for specific request
- tests: allow the searching test to fail under load
- overlord/snapstate: inhibit startup while unlinked
- seed/seedwriter/writer.go: check DevModeConfinement for dangerous
features
- tests/main/sudo-env: snap bin is available on Fedora
- boot, overlord/devicestate: list trusted and managed assets
upfront
- gadget, gadget/install: support for ubuntu-save, create one during
install if needed
- spread-shellcheck: temporary workaround for deadlock, drop
unnecessary test
- snap: support different exit-code in the snap command
- logger: use strutil.KernelCommandLineSplit in
debugEnabledOnKernelCmdline
- logger: fix snapd.debug=1 parsing
- overlord: increase refresh postpone limit to 14 days
- spread-shellcheck: use single thread pool executor
- gadget/install,secboot: add debug messages
- spread-shellcheck: speed up spread-shellcheck even more
- spread-shellcheck: process paths from arguments in parallel
- tests: tweak error from tests.cleanup
- spread: remove workaround for openSUSE go issue
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- tests: new tests.backup tool
- tests: add tests.cleanup pop sub-command
- tests: migration of the main suite to snaps-state tool part 6
- tests: fix journal-state test
- cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
recover files
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- boot, gadget, bootloader: observer preserves managed bootloader
configs
- tests/nested/manual: add uc20 grade signed cloud-init test
- o/snapstate/autorefresh.go: eliminate race when launching
autorefresh
- daemon,snapshotstate: do not return "size" from Import()
- daemon: limit reading from snapshot import to Content-Length
- many: set/expect Content-Length header when importing snapshots
- github: switch from ::set-env command to environment file
- tests: migration of the main suite to snaps-state tool part 5
- client: cleanup the Client.raw* and Client.do* method families
- tests: moving main suite to snaps-state tool part 4
- client,daemon,snap: use constant for snapshot content-type
- many: fix typos and repeated "the"
- secboot: fix tpm connection leak when it's not enabled
- many: scaffolding for snapshots import API
- run-checks: run spread-shellcheck too
- interfaces: update network-manager interface to allow
ObjectManager access from unconfined clients
- tests: move core and regression suites to snaps-state tool
- tests: moving interfaces tests to snaps-state tool
- gadget: preserve files when indicated by content change observer
- tests: moving smoke test suite and some tests from main suite to
snaps-state tool
- o/snapshotstate: pass set id to backend.Open, update tests
- asserts/snapasserts: introduce ValidationSets
- o/snapshotstate: improve allocation of new set IDs
- boot: look at the gadget for run mode bootloader when making the
system bootable
- cmd/snap: allow snap help vs --all to diverge purposefully
- usersession/userd: separate bus name ownership from defining
interfaces
- o/snapshotstate: set snapshot set id from its filename
- o/snapstate: move remove-related tests to snapstate_remove_test.go
- desktop/notification: switch ExpireTimeout to time.Duration
- desktop/notification: add unit tests
- snap: snap help output refresh
- tests/nested/manual/preseed: include a system-usernames snap when
preseeding
- tests: fix sudo-env test
- tests: fix nested core20 shellcheck bug
- tests/lib: move to new directory when restoring PWD, cleanup
unpacked unpacked snap directories
- desktop/notification: add bindings for FDO notifications
- dbustest: fix stale comment references
- many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
drop former
- snap-repair: add uc20 support
- tests: print all the serial logs for the nested test
- o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
bug in test
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
as Unknown*
- asserts: deserialize grouping only once in Pool.AddBatch if needed
- gadget: allow content observer to have opinions about a change
- tests: new snaps-state command - part1
- o/assertstate: support refreshing any number of snap-declarations
- boot: use test helpers
- tests/core/snap-debug-bootvars: also check snap_mode
- many/apparmor: adjust rules for reading profile/ execing new
profiles for new kernel
- tests/core/snap-debug-bootvars: spread test for snap debug boot-
vars
- tests/lib/nested.sh: more little tweaks
- tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- overlord: explicitly set refresh-app-awareness in tests
- kernel: remove "edition" from kernel.yaml and add "update"
- spread: drop vendor from the packed project archive
- boot: fix debug bootloader variables dump on UC20 systems
- wrappers, systemd: allow empty root dir and conditionally do not
pass --root to systemctl
- tests/nested/manual: add test for grades above signed booting with
testkeys
- tests/nested: misc robustness fixes
- o/assertstate,asserts: use bulk refresh to refresh snap-
declarations
- tests/lib/prepare.sh: stop patching the uc20 initrd since it has
been updated now
- tests/nested/manual/refresh-revert-fundamentals: re-enable test
- update-pot: ignore .go files inside .git when running xgettext-go
- tests: disable part of the lxd test completely on 16.04.
- o/snapshotstate: tweak comment regarding snapshot filename
- o/snapstate: improve snapshot iteration
- bootloader: lk cleanups
- tests: update to support nested kvm without reboots on UC20
- tests/nested/manual/preseed: disable system-key check for 20.04
image
- spread.yaml: add ubuntu-20.10-64 to qemu
- store: handle v2 error when fetching assertions
- gadget: resolve device mapper devices for fallback device lookup
- tests/nested/cloud-init-many: simplify tests and unify
helpers/seed inputs
- tests: copy /usr/lib/snapd/info to correct directory
- check-pr-title.py * : allow "*" in the first part of the title
- many: typos and small test tweak
- tests/main/lxd: disable cgroup combination for 16.04 that is
failing a lot
- tests: make nested signing helpers less confusing
- tests: misc nested changes
- tests/nested/manual/refresh-revert-fundamentals: disable
temporarily
- tests/lib/cla_check: default to Python 3, tweaks, formatting
- tests/lib/cl_check.py: use python3 compatible code
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 19 Nov 2020 17:51:02 +0100
snapd (2.47.1-1) unstable; urgency=medium
* New upstream release, LP: #1895929
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- cmd/snap: allow snap help vs --all to diverge purposefully
- snap: snap help output refresh
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 08 Oct 2020 09:30:44 +0200
snapd (2.47-1) unstable; urgency=medium
* New upstream release, LP: #1895929
- tests: fix nested core20 shellcheck bug
- many/apparmor: adjust rule for reading apparmor profile for new
kernel
- snap-repair: add uc20 support
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- gadget: resolve device mapper devices for fallback device lookup
- secboot: add boot manager profile to pcr protection profile
- sysconfig,o/devicestate: mv DisableNoCloud to
DisableAfterLocalDatasourcesRun
- tests: make gadget-reseal more robust
- tests: skip nested images pre-configuration by default
- tests: fix for basic20 test running on external backend and rpi
- tests: improve kernel reseal test
- boot: adjust comments, naming, log success around reseal
- tests/nested, fakestore: changes necessary to run nested uc20
signed/secured tests
- tests: add nested core20 gadget reseal test
- boot/modeenv: track unknown keys in Read and put back into modeenv
during Write
- interfaces/process-control: add sched_setattr to seccomp
- boot: with unasserted kernels reseal if there's a hint modeenv
changed
- client: bump the default request timeout to 120s
- configcore: do not error in console-conf.disable for install mode
- boot: streamline bootstate20.go reseal and tests changes
- boot: reseal when changing kernel
- cmd/snap/model: specify grade in the model command output
- tests: simplify
repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks
- test: improve logging in nested tests
- nested: add support to telnet to serial port in nested VM
- secboot: use the snapcore/secboot native recovery key type
- tests/lib/nested.sh: use more focused cloud-init config for uc20
- tests/lib/nested.sh: wait for the tpm socket to exist
- spread.yaml, tests/nested: misc changes
- tests: add more checks to disk space awareness spread test
- tests: disk space awareness spread test
- boot: make MockUC20Device use a model and MockDevice more
realistic
- boot,many: reseal only when meaningful and necessary
- tests/nested/core20/kernel-failover: add test for failed refresh
of uc20 kernel
- tests: fix nested to work with qemu and kvm
- boot: reseal when updating boot assets
- tests: fix snap-routime-portal-info test
- boot: verify boot chain file in seal and reseal tests
- tests: use full path to test-snapd-refresh.version binary
- boot: store boot chains during install, helper for checking
whether reseal is needed
- boot: add call to reseal an existing key
- boot: consider boot chains with unrevisioned kernels incomparable
- overlord: assorted typos and miscellaneous changes
- boot: group SealKeyModelParams by model, improve testing
- secboot: adjust parameters to buildPCRProtectionProfile
- strutil: add SortedListsUniqueMergefrom the doc comment:
- snap/naming: upgrade TODO to TODO:UC20
- secboot: add call to reseal an existing key
- boot: in seal.go adjust error message and function names
- o/snapstate: check available disk space in RemoveMany
- boot: build bootchains data for sealing
- tests: remove "set -e" from function only shell libs
- o/snapstate: disk space check on UpdateMany
- o/snapstate: disk space check with snap update
- snap: implement new `snap reboot` command
- boot: do not reorder boot assets when generating predictable boot
chains and other small tweaks
- tests: some fixes and improvements for nested execution
- tests/core/uc20-recovery: fix check for at least specific calls to
mock-shutdown
- boot: be consistent using bootloader.Role* consts instead of
strings
- boot: helper for generating secboot load chains from a given boot
asset sequence
- boot: tweak boot chains to support a list of kernel command lines,
keep track of model and kernel boot file
- boot,secboot: switch to expose and use snapcore/secboot load event
trees
- tests: use `nested_exec` in core{20,}-early-config test
- devicestate: enable cloud-init on uc20 for grade signed and
secured
- boot: add "rootdir" to baseBootenvSuite and use in tests
- tests/lib/cla_check.py: don't allow users.noreply.github.com
commits to pass CLA
- boot: represent boot chains, helpers for marshalling and
equivalence checks
- boot: mark successful with boot assets
- client, api: handle insufficient space error
- o/snapstate: disk space check with single snap install
- configcore: "service.console-conf.disable" is gadget defaults only
- packaging/opensuse: fix for /usr/libexec on TW, do not hardcode
AppArmor profile path
- tests: skip udp protocol in nfs-support test on ubuntu-20.10
- packaging/debian-sid: tweak code preparing _build tree
- many: move seal code from gadget/install to boot
- tests: remove workaround for cups on ubuntu-20.10
- client: implement RebootToSystem
- many: seed.Model panics now if called before LoadAssertions
- daemon: add /v2/systems "reboot" action API
- github: run tests also on push to release branches
- interfaces/bluez: let slot access audio streams
- seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with
new seed.ReadSystemEssential
- interfaces: allow snap-update-ns to read /proc/cmdline
- tests: new organization for nested tests
- o/snapstate, features: add feature flags for disk space awareness
- tests: workaround for cups issue on 20.10 where default printer is
not configured.
- interfaces: update cups-control and add cups for providing snaps
- boot: keep track of the original asset when observing updates
- tests: simplify and fix tests for disk space checks on snap remove
- sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for
cloud.conf
- tests/main: mv core specific tests to core suite
- tests/lib/nested.sh: reset the TPM when we create the uc20 vm
- devicestate: rename "mockLogger" to "logbuf"
- many: introduce ContentChange for tracking gadget content in
observers
- many: fix partion vs partition typo
- bootloader: retrieve boot chains from bootloader
- devicestate: add tests around logging in RequestSystemAction
- boot: handle canceled update
- bootloader: tweak doc comments (thanks Samuele)
- seed/seedwriter: test local asserted snaps with UC20 grade signed
- sysconfig/cloudinit.go: add DisableNoCloud to
CloudInitRestrictOptions
- many: use BootFile type in load sequences
- boot,bootloader: clarifications after the changes to introduce
bootloader.Options.Role
- boot,bootloader,gadget: apply new bootloader.Options.Role
- o/snapstate, features: add feature flag for disk space check on
remove
- testutil: add checkers for symbolic link target
- many: refactor tpm seal parameter setting
- boot/bootstate20: reboot to rollback to previous kernel
- boot: add unit test helpers
- boot: observe update & rollback of trusted assets
- interfaces/utf: Add MIRKey to u2f devices
- o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20
cloud-init tests
- many: check that users of BaseTest don't forget to consume
cleanups
- tests/nested/core20/tpm: verify trusted boot assets tracking
- github: run macOS job with Go 1.14
- many: misc doc-comment changes and typo fixes
- o/snapstate: disk space check with InstallMany
- many: cloud-init cleanups from previous PR's
- tests: running tests on opensuse leap 15.2
- run-checks: check for dirty build tree too
- vendor: run ./get-deps.sh to update the secboot hash
- tests: update listing test for "-dirty" versions
- overlord/devicestate: do not release the state lock when updating
gadget assets
- secboot: read kernel efi image from snap file
- snap: add size to the random access file return interface
- daemon: correctly parse Content-Type HTTP header.
- tests: account for apt-get on core18
- cmd/snap-bootstrap/initramfs-mounts: compute string outside of
loop
- mkversion.sh: simple hack to include dirty in version if the tree
is dirty
- cgroup,snap: track hooks on system bus only
- interfaces/systemd: compare dereferenced Service
- run-checks: only check files in git for misspelling
- osutil: add a package doc comment (via doc.go)
- boot: complain about reused asset name during initial install
- snapstate: installSize helper that calculates total size of snaps
and their prerequisites
- snapshots: export of snapshots
- boot/initramfs_test.go: reset boot vars on the bootloader for each
iteration
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 29 Sep 2020 17:19:13 +0200
snapd (2.46.1-1) unstable; urgency=medium
* New upstream release, LP: #1891134
- interfaces: allow snap-update-ns to read
/proc/cmdline
- github: run macOS job with Go 1.14
- o/snapstate, features: add feature flag for disk space check on
remove
- tests: account for apt-get on core18
- mkversion.sh: include dirty in version if the tree
is dirty
- interfaces/systemd: compare dereferenced Service
- vendor.json: update mysterious secboot SHA again
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 04 Sep 2020 17:42:54 +0200
snapd (2.46-1) unstable; urgency=medium
* New upstream release, LP: #1891134
- logger: add support for setting snapd.debug=1 on kernel cmdline
- o/snapstate: check disk space before creating automatic snapshot
on remove
- boot, o/devicestate: observe existing recovery bootloader trusted
boot assets
- many: use transient scope for tracking apps and hooks
- features: add HiddenSnapFolder feature flag
- tests/lib/nested.sh: fix partition typo, unmount the image on uc20
too
- runinhibit: open the lock file in read-only mode in IsLocked
- cmd/s-b/initramfs-mounts: make recover -> run mode transition
automatic
- tests: update spread test for unknown plug/slot with snapctl is-
connected
- osutil: add OpenExistingLockForReading
- kernel: add kernel.Validate()
- interfaces: add vcio interface
- interfaces/{docker,kubernetes}-support: load overlay and support
systemd cgroup driver
- tests/lib/nested.sh: use more robust code for finding what loop
dev we mounted
- cmd/snap-update-ns: detach all bind-mounted file
- snap/snapenv: set SNAP_REAL_HOME
- packaging: umount /snap on purge in containers
- interfaces: misc policy updates xlvi
- secboot,cmd/snap-bootstrap: cross-check partitions before
unlocking, mounting
- boot: copy boot assets cache to new root
- gadget,kernel: add new kernel.{Info,Asset} struct and helpers
- o/hookstate/ctlcmd: make is-connected check whether the plug or
slot exists
- tests: find -ignore_readdir_race when scanning cgroups
- interfaces/many: deny arbitrary desktop files and misc from
/usr/share
- tests: use "set -ex" in prep-snapd-in-lxd.sh
- tests: re-enable udisks test on debian-sid
- cmd/snapd-generator: use PATH fallback if PATH is not set
- tests: disable udisks2 test on arch linux
- github: use latest/stable go, not latest/edge
- tests: remove support for ubuntu 19.10 from spread tests
- tests: fix lxd test wrongly tracking 'latest'
- secboot: document exported functions
- cmd: compile snap gdbserver shim correctly
- many: correctly calculate the desktop file prefix everywhere
- interfaces: add kernel-crypto-api interface
- corecfg: add "system.timezone" setting to the system settings
- cmd/snapd-generator: generate drop-in to use fuse in container
- cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments
from previous PR
- interfaces/many: miscellaneous updates for strict microk8s
- secboot,cmd/snap-bootstrap: don't import boot package from secboot
- cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of
the-tool
- tests: work around broken update of systemd-networkd
- tests/main/install-fontconfig-cache-gen: enhance test by
verifying, add fonts to test
- o/devicestate: wrap asset update observer error
- boot: refactor such that bootStateUpdate20 mainly carries Modeenv
- mkversion.sh: disallow changelog versions that have git in it, if
we also have git version
- interfaces/many: miscellaneous updates for strict microk8s
- snap: fix repeated "cannot list recovery system" and add test
- boot: track trusted assets during initial install, assets cache
- vendor: update secboot to fix key data validation
- tests: unmount FUSE file-systems from XDG runtime dir
- overlord/devicestate: workaround non-nil interface with nil struct
- sandbox/cgroup: remove temporary workaround for multiple cgroup
writers
- sandbox/cgroup: detect dangling v2 cgroup
- bootloader: add helper for creating a bootloader based on gadget
- tests: support different images on nested execution
- many: reorg cmd/snapinfo.go into snap and new client/clientutil
- packaging/arch: use external linker when building statically
- tests: cope with ghost cgroupv2
- tests: fix issues related to restarting systemd-logind.service
- boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to
gadget updates
- vendor: update github.com/kr/pretty to fix diffs of values with
pointer cycles
- boot: move bootloaderKernelState20 impls to separate file
- .github/workflows: move snap building to test.yaml as separate
cached job
- tests/nested/manual/minimal-smoke: run core smoke tests in a VM
meeting minimal requirements
- osutil: add CommitAs to atomic file
- gadget: introduce content update observer
- bootloader: introduce TrustedAssetsBootloader, implement for grub
- o/snapshotstate: helpers for calculating disk space needed for an
automatic snapshot
- gadget/install: retrieve command lines from bootloader
- boot/bootstate20: unify commit method impls, rm
bootState20MarkSuccessful
- tests: add system information and image information when debug
info is displayed
- tests/main/cgroup-tracking: try to collect some information about
cgroups
- boot: introduce current_boot_assets and
current_recovery_boot_assets to modeenv
- tests: fix for timing issues on journal-state test
- many: remove usage and creation of hijacked pid cgroup
- tests: port regression-home-snap-root-owned to tests.session
- tests: run as hightest via tests.session
- github: run CLA checks on self-hosted workers
- github: remove Ubuntu 19.10 from actions workflow
- tests: remove End-Of-Life opensuse/fedora releases
- tests: remove End-Of-Life releases from spread.yaml
- tests: fix debug section of appstream-id test
- interfaces: check !b.preseed earlier
- tests: work around bug in systemd/debian
- boot: add deepEqual, Copy helpers for Modeenv to simplify
bootstate20 refactor
- cmd: add new "snap recovery" command
- interfaces/systemd: use emulation mode when preseeding
- interfaces/kmod: don't load kernel modules in kmod backend when
preseeding
- interfaces/udev: do not reload udevadm rules when preseeding
- cmd/snap-preseed: use snapd from the deb if newer than from seeds
- boot: fancy marshaller for modeenv values
- gadget, osutil: use atomic file copy, adjust tests
- overlord: use new tracking cgroup for refresh app awareness
- github: do not skip gofmt with Go 1.9/1.10
- many: introduce content write observer, install mode glue, initial
seal stubs
- daemon,many: switch to use client.ErrorKind and drop the local
errorKind...
- tests: new parameters for nested execution
- client: move all error kinds into errors.go and add doc strings
- cmd/snap: display the error in snap debug seeding if seeding is in
error
- cmd/snap/debug/seeding: use unicode for proper yaml
- tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty
recovery_mode
- osutil/disks: add mock disk and tests for happy path of mock disks
- tests: refresh/revert snapd in uc20
- osutil/disks: use a dedicated error to indicate a fs label wasn't
found
- interfaces/system-key: in WriteSystemKey during tests, don't call
ParserFeatures
- boot: add current recovery systems to modeenv
- bootloader: extend managed assets bootloader interface to compose
a candidate command line
- interfaces: make the unmarshal test match more the comment
- daemon/api: use pointers to time.Time for debug seeding aspect
- o/ifacestate: update security profiles in connect undo handler
- interfaces: add uinput interface
- cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit
tests
- o/devicestate: save seeding/preseeding times for use with debug
seeding api
- cmd/snap/debug: add "snap debug seeding" command for preseeding
debugging
- tests/main/selinux-clean: workaround SELinux denials triggered by
linger setup on Centos8
- bootloader: compose command line with mode and extra arguments
- cmd/snap, daemon: detect and bail purge on multi-snap
- o/ifacestate: fix bug in snapsWithSecurityProfiles
- interfaces/builtin/multipass: replace U+00A0 no-break space with
simple space
- bootloader/assets: generate bootloader assets from files
- many/tests/preseed: reset the preseeded images before preseeding
them
- tests: drop accidental accents from e
- secboot: improve key sealing tests
- tests: replace _wait_for_file_change with retry
- tests: new fs-state which replaces the files.sh helper
- sysconfig/cloudinit_test.go: add test for initramfs case, rm "/"
from path
- cmd/snap: track started apps and hooks
- tests/main/interfaces-pulseaudio: disable start limit checking for
pulseaudio service
- api: seeding debug api
- .github/workflows/snap-build.yaml: build the snapd snap via GH
Actions too
- tests: moving journalctl.sh to a new journal-state tool
- tests/nested/manual: add spread tests for cloud-init vuln
- bootloader/assets: helpers for registering per-edition snippets,
register snippets for grub
- data,packaging,wrappers: extend D-Bus service activation search
path
- spread: add opensuse 15.2 and tumbleweed for qemu
- overlord,o/devicestate: restrict cloud-init on Ubuntu Core
- sysconfig/cloudinit: add RestrictCloudInit
- cmd/snap-preseed: check that target path exists and is a directory
on --reset
- tests: check for pids correctly
- gadget,gadget/install: refactor partition table update
- sysconfig/cloudinit: add CloudInitStatus func + CloudInitState
type
- interface/fwupd: add more policies for making fwupd upstream
strict
- tests: new to-one-line tool which replaces the strings.sh helper
- interfaces: new helpers to get and compare system key, for use
with seeding debug api
- osutil, many: add helper for checking whether the process is a go
test binary
- cmd/snap-seccomp/syscalls: add faccessat2
- tests: adjust xdg-open after launcher changes
- tests: new core config helper
- usersession/userd: do not modify XDG_DATA_DIRS when calling xdg-
open
- cmd/snap-preseed: handle relative chroot path
- snapshotstate: move sizer to osutil.Sizer()
- tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref
kernel tests
- gadget/install,secboot: use snapcore/secboot luks2 api
- boot/initramfs_test.go: add Commentf to more Assert()'s
- tests/lib: account for changes in arch package file name extension
- bootloader/bootloadertest: fix comment typo
- bootloader: add helper for getting recovery system environment
variables
- tests: preinstall shellcheck and run tests on focal
- strutil: add a helper for parsing kernel command line
- osutil: add CheckFreeSpace helper
- secboot: update tpm connection error handling
- packaging, cmd/snap-mgmt, tests: remove modules files on purge
- tests: add tests.cleanup helper
- packaging: add "ca-certificates" to build-depends
- tests: more checks in core20 early config spread test
- tests: fix some snapstate tests to use pointers for
snapmgrTestSuite
- boot: better naming of helpers for obtaining kernel command line
- many: use more specific check for unit test mocking
- systemd/escape: fix issues with "" and "\t" handling
- asserts: small improvements and corrections for sequence-forming
assertions' support
- boot, bootloader: query kernel command line of run mod and
recovery mode systems
- snap/validate.go: disallow snap layouts with new top-level
directories
- tests: allow to add a new label to run nested tests as part of PR
validation
- tests/core/gadget-update-pc: port to UC20
- tests: improve nested tests flexibility
- asserts: integer headers: disallow prefix zeros and make parsing
more uniform
- asserts: implement Database.FindSequence
- asserts: introduce SequenceMemberAfter in the asserts backstores
- spread.yaml: remove tests/lib/tools from PATH
- overlord: refuse to install snaps whose activatable D-Bus services
conflict with installed snaps
- tests: shorten lxd-state undo-mount-changes
- snap-confine: don't die if a device from sysfs path cannot be
found by udev
- tests: fix argument handling of apt-state
- tests: rename lxd-tool to lxd-state
- tests: rename user-tool to user-state, fix --help
- interfaces: add gconf interface
- sandbox/cgroup: avoid parsing security tags twice
- tests: rename version-tool to version-compare
- cmd/snap-update-ns: handle anomalies better
- tests: fix call to apt.Package.mark_install(auto_inst=True)
- tests: rename mountinfo-tool to mountinfo.query
- tests: rename memory-tool to memory-observe-do
- tests: rename invariant-tool to tests.invariant
- tests: rename apt-tool to apt-state
- many: managed boot config during run mode setup
- asserts: introduce the concept of sequence-forming assertion types
- tests: tweak comments/output in uc20-recovery test
- tests/lib/pkgdb: do not use quiet when purging debs
- interfaces/apparmor: allow snap-specific /run/lock
- interfaces: add system-source-code for access to /usr/src
- sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data
- gadget/install: move udev trigger to gadget/install
- many: make nested spread tests more reliable
- tests/core/uc20-recovery: apply hack to get gopath in recover mode
w/ external backend
- tests: enable tests on uc20 which now work with the real model
assertion
- tests: enable system-snap-refresh test on uc20
- gadget, bootloader: preserve managed boot assets during gadget
updates
- tests: fix leaked dbus-daemon in selinux-clean
- tests: add servicestate.Control tests
- tests: fix "restart.service"
- wrappers: helper for enabling services - extract and move enabling
of services into a helper
- tests: new test to validate refresh and revert of kernel and
gadget on uc20
- tests/lib/prepare-restore: collect debug info when prepare purge
fails
- bootloader: allow managed bootloader to update its boot config
- tests: Remove unity test from nightly test suite
- o/devicestate: set mark-seeded to done in the task itself
- tests: add spread test for disconnect undo caused by failing
disconnect hook
- sandbox/cgroup: allow discovering PIDs of given snap
- osutil/disks: support IsDecryptedDevice for mountpoints which are
dm devices
- osutil: detect autofs mounted in /home
- spread.yaml: allow amazon-linux-2-64 qemu with
ec2-user/ec2-user
- usersession: support additional zoom URL schemes
- overlord: mock timings.DurationThreshold in TestNewWithGoodState
- sandbox/cgroup: add tracking helpers
- tests: detect stray dbus-daemon
- overlord: refuse to install snaps providing user daemons on Ubuntu
14.04
- many: move encryption and installer from snap-boostrap to gadget
- o/ifacestate: fix connect undo handler
- interfaces: optimize rules of multiple connected iio/i2c/spi plugs
- bootloader: introduce managed bootloader, implement for grub
- tests: fix incorrect check in smoke/remove test
- asserts,seed: split handling of essential/not essential model
snaps
- gadget: fix typo in mounted filesystem updater
- gadget: do only one mount point lookup in mounted fs updater
- tests/core/snap-auto-mount: try to make the test more robust
- tests: adding ubuntu-20.04 to google-sru backend
- o/servicestate: add updateSnapstateServices helper
- bootloader: pull recovery grub config from internal assets
- tests/lib/tools: apply linger workaround when needed
- overlord/snapstate: graceful handling of denied "managed" refresh
schedule
- snapstate: fix autorefresh from classic->strict
- overlord/configstate: add system.kernel.printk.console-loglevel
option
- tests: fix assertion disk handling for nested UC systems
- snapstate: use testutil.HostScaledTimeout() in snapstate tests
- tests: extra worker for google-nested backend to avoid timeout
error on uc20
- snapdtool: helper to check whether the current binary is reexeced
from a snap
- tests: mock servicestate in api tests to avoid systemctl checks
- many: rename back snap.Info.GetType to Type
- tests/lib/cla_check: expect explicit commit range
- osutil/disks: refactor diskFromMountPointImpl a bit
- o/snapstate: service-control task handler
- osutil: add disks pkg for associating mountpoints with
disks/partitions
- gadget,cmd/snap-bootstrap: move partitioning to gadget
- seed: fix LoadEssentialMeta when gadget is not loaded
- cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo
secure_path
- asserts: introduce new assertion validation-set
- asserts,daemon: add support for "serials" field in system-user
assertion
- data/sudo: drop a failed sudo secure_path workaround
- gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat
- boot, snap-bootstrap: move initramfs-mounts logic to boot pkg
- spread.yaml: update secure boot attribute name
- interfaces/block_devices: add NVMe subsystem devices, support
multipath paths
- tests: use the "jq" snap from the edge channel
- tests: simplify the tpm test by removing the test-snapd-mokutil
snap
- boot/bootstate16.go: clean snap_try_* vars when not in Trying
status too
- tests/main/sudo-env: check snap path under sudo
- tests/main/lxd: add test for snaps inside nested lxd containers
not working
- asserts/internal: expand errors about invalid serialized grouping
labels
- usersession/userd: add msteams url support
- tests/lib/prepare.sh: adjust comment about sgdisk
- tests: fix how gadget pc is detected when the snap does not exist
and ls fails
- tests: move a few more tests to snapstate_update_test.go
- tests/main: add spread test for running svc from install hook
- tests/lib/prepare: increase the size of the uc16/uc18 partitions
- tests/special-home-can-run-classic-snaps: re-enable
- workflow: test PR title as part of the static checks again
- tests/main/xdg-open-compat: backup and restore original xdg-open
- tests: move update-related tests to snapstate_update_test.go
- cmd,many: move Version and bits related to snapd tools to
snapdtool, merge cmdutil
- tests/prepare-restore.sh: reset-failed systemd-journald before
restarting
- interfaces: misc small interface updates
- spread: use find rather than recursive ls, skip mounted snaps
- tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls
/var/lib/snapd
- tests: enable snap-auto-mount test on core20
- cmd/snap: do not show $PATH warning when executing under sudo on a
known distro
- asserts/internal: add some iteration benchmarks
- sandbox/cgroup: improve pid parsing code
- snap: add new `snap run --experimental-gdbserver` option
- asserts/internal: limit Grouping size switching to a bitset
representationWe don't always use the bit-set representation
because:
- snap: add an activates-on property to apps for D-Bus activation
- dirs: delete unused Cloud var, fix typo
- sysconfig/cloudinit: make callers of DisableCloudInit use
WritableDefaultsDir
- tests: fix classic ubuntu core transition auth
- tests: fail in setup_reflash_magic() if there is snapd state left
- tests: port interfaces-many-core-provided to tests.session
- tests: wait after creating partitions with sfdisk
- bootloader: introduce bootloarder assets, import grub.cfg with an
edition marker
- riscv64: bump timeouts
- gadget: drop dead code, hide exports that are not used externally
- tests: port 2 uc20 part1
- tests: fix bug waiting for snap command to be ready
- tests: move try-related tests to snapstate_try_test.go
- tests: add debug for 20.04 prepare failure
- travis.yml: removed, all our checks run in GH actions now
- tests: clean up up the use of configcoreSuite in the configcore
tests
- sandbox/cgroup: remove redundant pathOfProcPidCgroup
- sandbox/cgroup: add tests for ParsePids
- tests: fix the basic20 test for uc20 on external backend
- tests: use configcoreSuite in journalSuite and remove some
duplicated code
- tests: move a few more tests to snapstate_install_test
- tests: assorted small patches
- dbusutil/dbustest: separate license from package
- interfaces/builtin/time-control: allow POSIX clock API
- usersession/userd: add "slack" to the white list of URL schemes
handled by xdg-open
- tests: check that host settings like hostname are settable on core
- tests: port xdg-settings test to tests.session
- tests: port snap-handle-link test to tests.session
- arch: add riscv64
- tests: core20 early defaults spread test
- tests: move install tests from snapstate_test.go to
snapstate_install_test.go
- github: port macOS sanity checks from travis
- data/selinux: allow checking /var/cache/app-info
- o/devicestate: core20 early config from gadget defaults
- tests: autoremove after removing lxd in preseed-lxd test
- secboot,cmd/snap-bootstrap: add tpm sealing support to secboot
- sandbox/cgroup: move FreezerCgroupDir from dirs.go
- tests: update the file used to detect the boot path on uc20
- spread.yaml: show /var/lib/snapd in debug
- cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock +
netplan files
- snap/naming: add helpers to parse app and hook security tags
- tests: modernize retry tool
- tests: fix and trim debug section in xdg-open-portal
- tests: modernize and use snapd.tool
- vendor: update to latest github.com/snapcore/bolt for riscv64
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellaneous policy updates xlv
- interfaces/system-packages-doc: fix typo in variable names
- tests: port interfaces-calendar-service to tests.session
- tests: install/run the lzo test snap too
- snap: (small) refactor of `snap download` code for
testing/extending
- data: fix shellcheck warnings in snapd.sh.in
- packaging: disable buildmode=pie for riscv64
- tests: install test-snapd-rsync snap from edge channel
- tests: modernize tests.session and port everything using it
- tests: add ubuntu 20.10 to spread tests
- cmd/snap/remove: mention snap restore/automatic snapshots
- dbusutil: move all D-Bus helpers and D-Bus test helpers
- wrappers: pass 'disable' flag to StopServices wrapper
- osutil: enable riscv64 build
- snap/naming: add ParseSecurityTag and friends
- tests: port document-portal-activation to session-tool
- bootloader: rename test helpers to reflect we are mocking EFI boot
locations
- tests: disable test of nfs v3 with udp proto on debian-sid
- tests: plan to improve the naming and uniformity of utilities
- tests: move *-tool tests to their own suite
- snap-bootstrap: remove sealed key file on reinstall
- bootloader/ubootenv: don't panic with an empty uboot env
- systemd: rename actualFsTypeAndMountOptions to
hostFsTypeAndMountOptions
- daemon: fix filtering of service-control changes for snap.app
- tests: spread test for preseeding in lxd container
- tests: fix broken snapd.session agent.socket
- wrappers: add RestartServices function and ReloadOrRestart to
systemd
- o/cmdstate: handle ignore flag on exec-command tasks
- gadget: make ext4 filesystems with or without metadata checksum
- tests: update statx test to run on all LTS releases
- configcore: show better error when disabling services
- interfaces: add hugepages-control
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- tests: run ubuntu-20.04-* tests on all ubuntu-2* releases
- tests: skip interfaces-openvswitch for centos 8 in nightly suite
- tests: reload systemd --user for root, if present
- tests: reload systemd after editing /etc/fstab
- tests: add missing dependencies needed for sbuild test on debian
- tests: reload systemd after removing pulseaudio
- image, tests: core18 early config.
- interfaces: add system-packages-doc interface
- cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when
preseeding
- interfaces/fwupd: allow bind mount to /boot on core
- tests: improve oom-vitality tests
- tests: add fedora 32 to spread.yaml
- config: apply vitality-hint immediately when the config changes
- tests: port snap-routine-portal-info to session-tool
- configcore: add "service.console-conf.disable" config option
- tests: port xdg-open to session-tool
- tests: port xdg-open-compat to session-tool
- tests: port interfaces-desktop-* to session-tool
- spread.yaml: apply yaml formatter/linter
- tests: port interfaces-wayland to session-tool
- o/devicestate: refactor current system handling
- snap-mgmt: perform cleanup of user services
- snap/snapfile,squashfs: followups from 8729
- boot, many: require mode in modeenv
- data/selinux: update policy to allow forked processes to call
getpw*()
- tests: log stderr from dbus-monitor
- packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers
tag
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- data/selinux: allow snapd to remove/create the its socket
- testutil/exec.go: set PATH after running shellcheck
- tests: silence stderr from dbus-monitor
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- github: remove workaround for bug 133 in actions/cache
- tests: remove dbus.sh
- cmd/snap-preseed: improve mountpoint checks of the preseeded
chroot
- spread.yaml: add ps aux to debug section
- github: run all spread systems in a single go with cached results
- test: session-tool cli tweaks
- asserts: rest of the Pool API
- tests: port interfaces-network-status-classic to session-tool
- packaging: remove obsolete 16.10,17.04 symlinks
- tests: setup portals before starting user session
- o/devicestate: typo fix
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- cmd/snap/model: support store, system-user-authority keys in
--verbose
- o/devicestate: raise conflict when requesting system action while
seeding
- tests: detect signs of crashed snap-confine
- tests: sign kernel and gadget to run nested tests using current
snapd code
- tests: remove gnome-online-accounts we install
- tests: fix the issue where all the tests were executed on secboot
system
- tests: port interfaces-accounts-service to session-tool
- interfaces/network-control: bring /var/lib/dhcp from host
- image,cmd/snap,tests: add support for store-wide cohort keys
- configcore: add nomanagers buildtag for conditional build
- tests: port interfaces-password-manager-service to session-tool
- o/devicestate: cleanup system actions supported by recover mode
- snap-bootstrap: remove create-partitions and update tests
- tests: fix nested tests
- packaging/arch: update PKGBUILD to match one in AUR
- tests: port interfaces-location-control to session-tool
- tests: port interfaces-contacts-service to session-tool
- state: log task errors in the journal too
- o/devicestate: change how current system is reported for different
modes
- devicestate: do not report "ErrNoState" for seeded up
- tests: add a note about broken test sequence
- tests: port interfaces-autopilot-introspection to session-tool
- tests: port interfaces-dbus to session-tool
- packaging: update sid packaging to match 16.04+
- tests: enable degraded test on uc20
- c/snaplock/runinhibit: add run inhibition operations
- tests: detect and report root-owned files in /home
- tests: reload root's systemd --user after snapd tests
- tests: test registration with serial-authority: [generic]
- cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon-
key in recover
- tests/mount-ns: stop binfmt_misc mount unit
- cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition
uuid if available
- daemon, tests: indicate system mode, test switching to recovery
and back to run
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- tests/mount-ns: update to reflect new UEFI boot mode
- usersession,tests: clean ups for userd/settings.go and move
xdgopenproxy under usersession
- tests: disable mount-ns test
- tests: test user belongs to systemd-journald, on core20
- tests: run core/snap-set-core-config on uc20 too
- tests: remove generated session-agent units
- sysconfig: use new _writable_defaults dir to create cloud config
- cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for
future work
- asserts: make clearer that with label we mean a serialized label
- cmd/snap-bootstrap: tweak recovery trigger log messages
- asserts: introduce PoolTo
- userd: allow setting default-url-scheme-handler
- secboot: append uuid to ubuntu-data when decrypting
- o/configcore: pass extra options to FileSystemOnlyApply
- tests: add dbus-user-session to bionic and reorder package names
- boot, bootloader: adjust comments, expand tests
- tests: improve debugging of user session agent tests
- packaging: add the inhibit directory
- many: add core.resiliance.vitality-hint config setting
- tests: test adjustments and fixes for recently published images
- cmd/snap: coldplug auto-import assertions from all removable
devices
- secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to
secboot
- tests: not fail when boot dir cannot be determined
- tests: new directory used to store the cloud images on gce
- tests: inject snapd from edge into seeds of the image in manual
preseed test
- usersession/agent,wrappers: fix races between Shutdown and Serve
- tests: add dependency needed for next upgrade of bionic
- tests: new test user is used for external backend
- cmd/snap: fix the order of positional parameters in help output
- tests: don't create root-owned things in ~test
- tests/lib/prepare.sh: delete patching of the initrd
- cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
as well
- progress: tweak multibyte label unit test data
- o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline
- gadget: fix fallback device lookup for 'mbr' type structures
- configcore: only reload journald if systemd is new enough
- cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data
- wrappers: allow user mode systemd daemons
- progress: fix progress bar with multibyte duration units
- tests: fix raciness in pulseaudio test
- asserts/internal: introduce Grouping and Groupings
- tests: remove user.sh
- tests: pair of follow-ups from earlier reviews
- overlord/snapstate: warn of refresh/postpone events
- configcore,tests: use daemon-reexec to apply watchdog config
- c/snap-bootstrap: check mount states via initramfsMountStates
- store: implement DownloadAssertions
- tests: run smoke test with different bases
- tests: port user-mounts test to session-tool
- store: handle error-list in fetch-assertions results
- tests: port interfaces-audio-playback-record to session-tool
- data/completion: add `snap` command completion for zsh
- tests/degraded: ignore failure in systemd-vconsole-setup.service
- image: stub implementation of image.Prepare for darwin
- tests: session-tool --restore -u stops user-$UID.slice
- o/ifacestate/handlers.go: fix typo
- tests: port pulseaudio test to session-tool
- tests: port user-session-env to session-tool
- tests: work around journald bug in core16
- tests: add debug to core-persistent-journal test
- tests: port selinux-clean to session-tool
- tests: port portals test to session-tool, fix portal tests on sid
- tests: adding option --no-install-recommends option also when
install all the deps
- tests: add session-tool --has-systemd-and-dbus
- packaging/debian-sid: add gcc-multilib to build deps
- osutil: expand FileLock to support shared locks and more
- packaging: stop depending on python-docutils
- store,asserts,many: support the new action fetch-assertions
- tests: port snap-session-agent-* to session-tool
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- tests: fix for preseeding failures
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 25 Aug 2020 17:26:21 +0200
snapd (2.45.3.1-1) unstable; urgency=medium
* New upstream release, LP: #1875071
- o/ifacestate: fix bug in snapsWithSecurityProfiles
- tests/main/selinux-clean: workaround SELinux denials triggered by
linger setup on Centos8
-- Samuele Pedroni <pedronis@lucediurna.net> Tue, 28 Jul 2020 21:43:38 +0200
snapd (2.45.3-1) unstable; urgency=medium
* New upstream release, LP: #1875071
- many: backport _writable_defaults dir changes
- tests: fix incorrect check in smoke/remove test
- cmd/snap-bootstrap,seed: backport of uc20 PRs
- tests: avoid exit when nested type var is not defined
- cmd/snap-preseed: backport fixes
- interfaces: optimize rules of multiple connected iio/i2c/spi plugs
- many: cherry-picks for 2.45, gh-action, test fixes
- tests/lib: account for changes in arch package file name extension
- postrm, snap-mgmt: cleanup modules and other cherry-picks
- snap-confine: don't die if a device from sysfs path cannot be
found by udev
- data/selinux: update policy to allow forked processes to call
getpw*()
- tests/main/interfaces-time-control: exercise setting time via date
- interfaces/builtin/time-control: allow POSIX clock API
- usersession/userd: add "slack" to the white list of URL schemes
handled by xdg-open
-- Zygmunt Krynicki <me@zygoon.pl> Mon, 27 Jul 2020 12:01:14 +0200
snapd (2.45.2-1) unstable; urgency=high
* SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
implementation
- usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
variable modification when calling the system xdg-open. Patch
thanks to James Henstridge
- packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
restarted. Patch thanks to Michael Vogt
- CVE-2020-11934
* SECURITY UPDATE: arbitrary code execution vulnerability on core
devices with access to physical removable media
- devicestate: Disable/restrict cloud-init after seeding.
- CVE-2020-11933
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 10 Jul 2020 20:06:29 +0200
snapd (2.45.1-1) unstable; urgency=medium
* New upstream release, LP: #1875071
- data/selinux: allow checking /var/cache/app-info
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellaneous policy updates xlv
- snap-bootstrap: remove sealed key file on reinstall
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- gadget: make ext4 filesystems with or without metadata checksum
- interfaces/fwupd: allow bind mount to /boot on core
- tests: cherry-pick test fixes from master
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- data/completion, packaging: cherry-pick zsh completion
- state: log task errors in the journal too
- devicestate: do not report "ErrNoState" for seeded up
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- packaging: stop depending on python-docutils
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 05 Jun 2020 15:13:49 +0200
snapd (2.45-1) unstable; urgency=medium
* New upstream release, LP: #1875071
- o/devicestate: support doing system action reboots from recover
mode
- vendor: update to latest secboot
- tests: not fail when boot dir cannot be determined
- configcore: only reload journald if systemd is new enough
- cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data
when decrypting
- tests/lib/prepare.sh: delete patching of the initrd
- cmd/snap: coldplug auto-import assertions from all removable
devices
- cmd/snap: fix the order of positional parameters in help output
- c/snap-bootstrap: port mount state mocking to the new style on
master
- cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
as well
- o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline,
unlock in recover mode initramfs
- progress: tweak multibyte label unit test data
- gadget: fix fallback device lookup for 'mbr' type structures
- progress: fix progress bar with multibyte duration units
- many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20
- many: put the sealed keys in a directory on seed for tidiness
- cmd/snap-bootstrap: measure epoch and model before unlocking
encrypted data
- o/configstate: core config handler for persistent journal
- bootloader/uboot: use secondary ubootenv file boot.sel for uc20
- packaging: add "$TAGS" to dh_auto_test for debian packaging
- tests: ensure $cache_dir is actually available
- secboot,cmd/snap-bootstrap: add model to pcr protection profile
- devicestate: do not use snap-boostrap in devicestate to install
- tests: fix a typo in nested.sh helper
- devicestate: add support for cloud.cfg.d config from the gadget
- cmd/snap-bootstrap: cleanups, naming tweaks
- testutil: add NewDBusTestConn
- snap-bootstrap: lock access to sealed keys
- overlord/devicestate: preserve the current model inside ubuntu-
boot
- interfaces/apparmor: use differently templated policy for non-core
bases
- seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
syscalls
- cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first,
other misc changes
- o/snapstate: tweak "waiting for restart" message
- boot: store model model and grade information in modeenv
- interfaces/firewall-control: allow -legacy and -nft for core20
- boot: enable makeBootable20RunMode for EnvRefExtractedKernel
bootloaders
- boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20
implementation
- daemon: fix error message from `snap remove-user foo` on classic
- overlord: have a variant of Mock that can take a state.State
- tests: 16.04 and 18.04 now have mediating pulseaudio (again)
- seed: clearer errors for missing essential snapd or core snap
- cmd/snap-bootstrap/initramfs-mounts: support
EnvRefExtractedKernelBootloader's
- gadget, cmd/snap-bootstrap: MBR schema support
- image: improve/adjust DownloadSnap doc comment
- asserts: introduce ModelGrade.Code
- tests: ignore user-12345 slice and service
- image,seed/seedwriter: support redirect channel aka default
tracks
- bootloader: use binary.Read/Write
- tests: uc20 nested suite part II
- tests/boot: refactor to make it easier for new
bootloaderKernelState20 impl
- interfaces/openvswitch: support use of ovs-appctl
- snap-bootstrap: copy auth data from real ubuntu-data in recovery
mode
- snap-bootstrap: seal and unseal encryption key using tpm
- tests: disable special-home-can-run-classic-snaps due to jenkins
repo issue
- packaging: fix build on Centos8 to support BUILDTAGS
- boot/bootstate20: small changes to bootloaderKernelState20
- cmd/snap: Implement a "snap routine file-access" command
- spread.yaml: switch back to latest/candidate for lxd snap
- boot/bootstate20: re-factor kernel methods to use new interface
for state
- spread.yaml,tests/many: use global env var for lxd channel
- boot/bootstate20: fix bug in try-kernel cleanup
- config: add system.store-certs.[a-zA-Z0-9] support
- secboot: key sealing also depends on secure boot enabled
- httputil: fix client timeout retry tests
- cmd/snap-update-ns: handle EBUSY when unlinking files
- cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20
vars
- secboot: add tpm support helpers
- tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for
kernel and gadget
- cmd/snap-bootstrap: switch to a 64-byte key for unlocking
- tests: preserve size for centos images on spread.yaml
- github: partition the github action workflows
- run-checks: use consistent "Checking ..." style messages
- bootloader: add efi pkg for reading efi variables
- data/systemd: do not run snapd.system-shutdown if finalrd is
available
- overlord: update tests to work with latest go
- cmd/snap: do not hide debug boot-vars on core
- cmd/snap-bootstrap: no error when not input devices are found
- snap-bootstrap: fix partition numbering in create-partitions
- httputil/client_test.go: add two TLS version tests
- tests: ignore user@12345.service hierarchy
- bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things
- tests: rewrite timeserver-control test
- tests: fix racy pulseaudio tests
- many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
- tests: update snap-preseed --reset logic to accommodate for 2.44
change
- cmd/snap: don't wait for system key when stopping
- sandbox/cgroup: avoid making arrays we don't use
- osutil: mock proc/self/mountinfo properly everywhere
- selinux: export MockIsEnforcing; systemd: use in tests
- tests: add 32 bit machine to GH actions
- tests/session-tool: kill cron session, if any
- asserts: it should be possible to omit many snap-ids if allowed,
fix
- boot: cleanup more things, simplify code
- github: skip spread jobs when corresponding label is set
- dirs: don't depend on osutil anymore, mv apparmor vars to apparmor
pkg
- tests/session-tool: add session-tool --dump
- github: allow cached debian downloads to restore
- tests/session-tool: session ordering is non-deterministic
- tests: enable unit tests on debian-sid again
- github: move spread to self-hosted workers
- secboot: import secboot on ubuntu, provide dummy on !ubuntu
- overlord/devicestate: support for recover and run modes
- snap/naming: add validator for snap security tag
- interfaces: add case for rootWritableOverlay + NFS
- tests/main/uc20-create-partitions: tweaks, renames, switch to
20.04
- github: port CLA check to Github Actions
- interfaces/many: miscellaneous policy updates xliv
- configcore,tests: fix setting watchdog options on UC18/20
- tests/session-tool: collect information about services on startup
- tests/main/uc20-snap-recovery: unbreak, rename to uc20-create-
partitions
- state: add state.CopyState() helper
- tests/session-tool: stop anacron.service in prepare
- interfaces: don't use the owner modifier for files shared via
document portal
- systemd: move the doc comments to the interface so they are
visible
- cmd/snap-recovery-chooser: tweaks
- interfaces/docker-support: add overlayfs file access
- packaging: use debian/not-installed to ignore snap-preseed
- travis.yml: disable unit tests on travis
- store: start splitting store.go and store_test.go into subtopic
files
- tests/session-tool: stop cron/anacron from meddling
- github: disable fail-fast as spread cannot be interrupted
- github: move static checks and spread over
- tests: skip "/etc/machine-id" in "writablepaths" test
- snap-bootstrap: store encrypted partition recovery key
- httputil: increase testRetryStrategy max timelimit to 5s
- tests/session-tool: kill leaking closing session
- interfaces: allow raw access to USB printers
- tests/session-tool: reset failed session-tool units
- httputil: increase httpclient timeout in
TestRetryRequestTimeoutHandling
- usersession: extend timerange in TestExitOnIdle
- client: increase timeout in client tests to 100ms
- many: disentagle release and snapdenv from sandbox/*
- boot: simplify modeenv mocking to always write a modeenv
- snap-bootstrap: expand data partition on install
- o/configstate: add backlight option for core config
- cmd/snap-recovery-chooser: add recovery chooser
- features: enable robust mount ns updates
- snap: improve TestWaitRecovers test
- sandbox/cgroup: add ProcessPathInTrackingCgroup
- interfaces/policy: fix comment in recent new test
- tests: make session tool way more robust
- interfaces/seccomp: allow passing an address to setgroups
- o/configcore: introduce core config handlers (3/N)
- interfaces: updates to login-session-observe, network-manager and
modem-manager interfaces
- interfaces/policy/policy_test.go: add more tests'allow-
installation: false' and we grant based on interface attributes
- packaging: detect/disable broken seed in the postinst
- cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia
library
- tests: remove google-tpm backend from spread.yaml
- tests: install dependencies with apt using --no-install-recommends
- usersession/userd: add zoommtg url support
- snap-bootstrap: fix disk layout sanity check
- snap: add `snap debug state --is-seeded` helper
- devicestate: generate warning if seeding fails
- config, features: move and rename config.GetFeatureFlag helper to
features.Flag
- boot, overlord/devicestate, daemon: implement requesting boot
into a given recovery system
- xdgopenproxy: forward requests to the desktop portal
- many: support immediate reboot
- store: search v2 tweaks
- tests: fix cross build tests when installing dependencies
- daemon: make POST /v2/systems/<label> root only
- tests/lib/prepare.sh: use only initrd from the kernel snap
- cmd/snap,seed: validate full seeds (UC 16/18)
- tests/main/user-session-env: stop the user session before deleting
the test-zsh user
- overlord/devicestate, daemon: record the seed current system was
installed from
- gadget: SystemDefaults helper function to convert system defaults
config into a flattened map suitable for FilesystemOnlyApply.
- many: comment or avoid cryptic snap-ids in tests
- tests: add LXD_CHANNEL environment
- store: support for search API v2
- .github: register a problem matcher to detect spread failures
- seed: add Info() method for seed.Snap
- github: always run the "Discard spread workers" step, even if the
job fails
- github: offload self-hosted workers
- cmd/snap: the model command needs just a client, no waitMixin
- github: combine tests into one workflow
- github: fix order of go get caches
- tests: adding more workers for ubuntu 20.04
- boot,overlord: rename operating mode to system mode
- config: add new Transaction.GetPristine{,Maybe}() function
- o/devicestate: rename readMaybe* to maybeRead*
- github: cache Debian dependencies for unit tests
- wrappers: respect pre-seeding in error path
- seed: validate UC20 seed system label
- client, daemon, overlord/devicestate: request system action API
and stubs
- asserts,o/devicestate: support model specified alternative serial-
authority
- many: introduce naming.WellKnownSnapID
- o/configcore: FilesystemOnlyApply method for early configuration
of core (1/N)
- github: run C unit tests
- github: run spread tests on PRs only
- interfaces/docker-support: make containerd abstract socket more
generic
- tests: cleanup security-private-tmp properly
- overlord/devicestate,boot: do not hold to the originally read
modeenv
- dirs: rm RunMnt; boot: add vars for early boot env layout;
sysconfig: take targetdir arg
- cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over
s.runMnt
- tests: add regression test for MAAS refresh bug
- errtracker: add missing mocks
- github: apt-get update before installing build-deps
- github: don't fail-fast
- github: run spread via github actions
- boot,many: add modeenv.WriteTo, make Write take no args
- wrappers: fix timer schedules that are days only
- tests/main/snap-seccomp-syscalls: install gperf
- github: always checkout to snapcore/snapd
- github: add prototype workflow running unit tests
- many: improve comments, naming, a possible TODO
- client: use Assert when checking for error
- tests: ensure sockets target is ready in session agent spread
tests
- osutil: do not leave processes behind after the test run
- tests: update proxy-no-core to match latest CDN changes
- devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade:
dangerous
- cmd/snap-failure,tests: try to make snap-failure more robust
- many: fix packages having mistakenly their copyright as doc
- many: enumerate system seeds, return them on the /v2/systems API
endpoint
- randutil: don't consume kernel entropy at init, just mix more info
to try to avoid fleet collisions
- snap-bootstrap: add creationSupported predicate for partition
types
- tests: umount partitions which are not umounted after remount
gadget
- snap: run gofmt -s
- many: improve environment handling, fixing duplicate entries
- boot_test: add many boot robustness tests for UC20 kernel
MarkBootSuccessul and SetNextBoot
- overlord: remove unneeded overlord.MockPruneInterval() mocks
- interfaces/greengrass-support: fix typo
- overlord,timings,daemon: separate timings from overlord/state
- tests: enable nested on core20 and test current branch
- snap-bootstrap: remove created partitions on reinstall
- boot: apply Go 1.10 formatting
- apparmor: use rw for uuidd request to default and remove from
elsewhere
- packaging: add README.source for debian
- tests: cleanup various uc20 boot tests from previous PR
- devicestate: disable cloud-init by default on uc20
- run-checks: tweak formatting checks
- packaging,tests: ensure debian-sid builds without vendor/
- travis.yml: run unit tests with go/master as well* travis.yml: run
unit tests with go/master as well
- seed: make Brand() part of the Seed interface
- cmd/snap-update-ns: ignore EROFS from rmdir/unlink
- daemon: do a forceful server shutdown if we hit a deadline
- tests/many: don't use StartLimitInterval anymore, unify snapd-
failover variants, build snapd snap for UC16 tests
- snap-seccomp: robustness improvements
- run-tests: disable -v for go test to avoid spaming the logs
- snap: whitelist lzo as support compression for snap pack
- snap: tweak comment in Install() for overlayfs detection
- many: introduce snapdenv.Preseeding instead of release.PreseedMode
- client, daemon, overlord/devicestate: structures and stubs for
systems API
- o/devicestate: delay the creation of mark-seeded task until
asserts are loaded
- data/selinux, tests/main/selinux: cleanup tmpfs operations in the
policy, updates
- interfaces/greengrass-support: add new 1.9 access
- snap: do not hardlink on overlayfs
- boot,image: ARM kernel extract prepare image
- interfaces: make gpio robust against not-existing gpios in /sys
- cmd/snap-preseed: handle --reset flag
- many: introduce snapdenv to present common snapd env options
- interfaces/kubernetes-support: allow autobind to journald socket
- snap-seccomp: allow mprotect() to unblock the tests
- tests/lib/reset: workaround unicode dot in systemctl output
- interfaces/udisks2: also allow Introspection on
/org/freedesktop/UDisks/**
- snap: introduce Container.RandomAccessFile
- o/ifacestate, api: implementation of snap disconnect --forget
- cmd/snap: make the portal-info command search for the network-
status interface
- interfaces: work around apparmor_parser slowness affecting uio
- tests: fix/improve failing spread tests
- many: clean separation of bootenv mocking vs mock bootloader kinds
- tests: mock prune ticker in overlord tests to reduce wait times
- travis: disable arm64 again
- httputil: add support for extra snapd certs
- travis.yml: run unit tests on arm64 as well
- many: fix a pair of ineffectual assignments
- tests: add uc20 kernel snap upgrade managers test, fix
bootloadertest bugs
- o/snapstate: set base in SnapSetup on snap revert
- interfaces/{docker,kubernetes}-support: updates for lastest k8s
- cmd/snap-exec: add test case for LP bug 1860369
- interfaces: make the network-status interface implicit on
classic
- interfaces: power control interfaceIt is documented in the
kernel
- interfaces: miscellaneous policy updates
- cmd/snap: add a "snap routine portal-info" command
- usersession/userd: add "apt" to the white list of URL schemes
handled by xdg-open
- interfaces/desktop: allow access to system prompter interface
- devicestate: allow encryption regardless of grade
- tests: run ipv6 network-retry test too
- tests: test that after "remove-user" the system is unmanaged
- snap-confine: unconditionally add /dev/net/tun to the device
cgroup
- snapcraft.yaml: use sudo -E and remove workaround
- interfaces/audio_playback: Fix pulseaudio config access
- ovelord/snapstate: update only system wide fonts cache
- wrappers: import /etc/environment in all services
- interfaces/u2f: Add Titan USB-C key
- overlord, taskrunner: exit on task/ensure error when preseeding
- tests: add session-tool, a su / sudo replacement
- wrappers: add mount unit dependency for snapd services on core
devices
- tests: just remove user when the system is not managed on create-
user-2 test
- snap-preseed: support for preseeding of snapd and core18
- boot: misc UC20 changes
- tests: adding arch-linux execution
- packaging: revert "work around review-tools and snap-confine"
- netlink: fix panic on arm64 with the new rawsockstop codewith a
nil Timeval panics
- spread, data/selinux: add CentOS 8, update policy
- tests: updating checks to new test account for snapd-test snaps
- spread.yaml: mv opensuse 15.1 to unstable
- cmd/snap-bootstrap,seed: verify only in-play snaps
- tests: use ipv4 in retry-network to unblock failing master
- data/systemd: improve the description
- client: add "Resume" to DownloadOptions and new test
- tests: enable snapd-failover on uc20
- tests: add more debug output to the snapd-failure handling
- o/devicestate: unset recovery_system when done seeding
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 May 2020 17:17:57 +0200
snapd (2.44.5-1) unstable; urgency=medium
* New upstream release, LP: #1864808
- spread.yaml: adding more workers for ubuntu 20.04
- packaging: stop depending on python-docutils on opensuse
- spread.yaml: do not run ubuntu-core-20-64 with snapd 2.44, snapd
is not recent enough to drive ubuntu-core-20
- spread.yaml: Preserve size for centos images on spread.yaml
- spread.yaml: use non-uefi enabled image for uc20
- tests: ensure $cache_dir is actually available
- tests: disable preseed tests, they work in master but require too
much cherry-picking here
- travis.yml: remove go/master unit tests from 2.44
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 30 Apr 2020 09:09:22 +0200
snapd (2.44.4-1) unstable; urgency=medium
* New upstream release, LP: #1864808
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- interfaces/firewall-control: allow -legacy and -nft for core20
- seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
syscalls
- tests: 16.04 and 18.04 now have mediating pulseaudio
- tests: ignore user@12345.service hierarchy
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 Apr 2020 08:32:56 +0200
snapd (2.44.3-1) unstable; urgency=medium
* New upstream release, LP: #1864808
- tests: fix racy pulseaudio tests
- many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
- tests: update snap-preseed --reset logic
- tests: backport partition fixes
- cmd/snap: don't wait for system key when stopping
- interfaces/many: miscellaneous policy updates xliv
- tests/main/uc20-snap-recovery: use 20.04 system
- tests: skip "/etc/machine-id" in "writablepaths
- interfaces/docker-support: add overlays file access
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 10 Apr 2020 16:57:25 +0200
snapd (2.44.2-1) unstable; urgency=medium
* New upstream release, LP: #1864808
- packaging: detect/disable broken seeds in the postinst
- cmd/snap,seed: validate full seeds (UC 16/18)
- snap: add `snap debug state --is-seeded` helper
- devicestate: generate warning if seeding fails
- store: support for search API v2
- cmd/snap-seccomp/syscalls: update the list of known syscalls
- snap/cmd: the model command needs just a client, no waitMixin
- tests: cleanup security-private-tmp properly
- wrappers: fix timer schedules that are days only
- tests: update proxy-no-core to match latest CDN changes
- cmd/snap-failure,tests: make snap-failure more robust
- tests, many: don't use StartLimitInterval anymore, unify snapd-
failover variants, build snapd snap for UC16 tests
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 02 Apr 2020 09:51:34 +0200
snapd (2.44.1-1) unstable; urgency=medium
* New upstream release, LP: #1864808
- randutil: switch back to setting up seed with lower entropy data
- interfaces/greengrass-support: fix typo
- packaging,tests: ensure debian-sid builds without vendor/
- travis.yml: run unit tests with go/master as well
- cmd/snap-update-ns: ignore EROFS from rmdir/unlink
-- Michael Vogt <michael.vogt@ubuntu.com> Sat, 21 Mar 2020 18:32:12 +0100
snapd (2.44-1) unstable; urgency=medium
* New upstream release, LP: #1864808
- daemon: do a forceful serer shutdown if we hit a deadline
- snap: whitelist lzo as support compression for snap pack
- data/selinux: update policy to allow more ops
- interfaces/greengrass-support: add new 1.9 access
- snap: do not hardlink on overlayfs
- cmd/snap-preseed: handle --reset flag
- interfaces/kubernetes-support: allow autobind to journald socket
- snap-seccomp: allow mprotect() to unblock the tests
- tests/lib/reset: workaround unicode dot in systemctl output
- interfaces: work around apparmor_parser slowness affecting uio
- interfaces/udisks2: also allow Introspection on
/org/freedesktop/UDisks2/**
- tests: mock prune ticker in overlord tests to reduce wait times
- interfaces/{docker,kubernetes}-support: updates for lastest k8s
- interfaces: miscellaneous policy updates
- interfaces/audio_playback: Fix pulseaudio config access
- overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
- ovelord/snapstate: update only system wide fonts cache
- wrappers: import /etc/environment in all services
- interfaces/u2f: Add Titan USB-C key
- overlord, taskrunner: exit on task/ensure error when preseeding
- overlord/snapstate/backend: update snapd services contents in unit
tests
- wrappers: add mount unit dependency for snapd services on core
devices
- Revert "tests: remove /tmp/snap.* left over by other tests"
- Revert "packaging: work around review-tools and snap-confine"
- netlink: fix panic on arm64 with the new rawsockstop code
- spread, data/selinux: add CentOS 8, update policy
- spread.yaml: mv opensuse tumbleweed to unstable too
- spread.yaml: mv opensuse 15.1 to unstable
- tests: use ipv4 in retry-network to unblock failing master
- data/systemd: improve the description
- tests/lib/prepare.sh: simplify, combine code paths
- tests/main/user-session-env: add test verifying environment
variables inside the user session
- spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
- run-checks: SKIP_GMFMT really skips formatting checks
- tests: enable more tests for UC20/UC18
- tests: remove tmp dir for snap not-test-snapd-sh on security-
private-tmp test
- seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
simplify bootstrap code
- snapstate: do not restart in undoLinkSnap unless on first install
- cmd/snap-bootstrap: subcommand to detect UC chooser trigger
- cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
mode too
- cmd/libsnap, tests: fix C unit tests failing as non-root
- cmd/snap-bootstrap: verify kernel snap is in modeenv before
mounting it
- tests: adding amazon linux to google backend
- cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
status
- client: add support for "ResumeToken", "HeaderPeek" to download
- build: enable type: snapd
- tests: rm -rf /tmp/snap.* in restore
- cmd/snap-confine: deny snap-confine to load nss libs
- snapcraft.yaml: add comments, rename snapd part to snapd-deb
- boot: write current_kernels in bootstate20, makebootable
- packaging: work around review-tools and snap-confine
- tests: skipping interfaces-openvswitch on centos due to package is
not available
- packaging,snap-confine: stop being setgid root
- cmd/snap-confine: bring /var/lib/dhcp from host, if present
- store: rely on CommandFromSystemSnap to find xdelta3
- tests: bump sleep time of the new overlord tests
- cmd/snap-preseed: snapd version check for the target
- netlink: fix/support stopping goroutines reading netlink raw
sockets
- tests: reset PS1 before possibly interactive dash
- overlord, state: don't abort changes if spawn time before
StartOfOperationTime (2/2)
- snapcraft.yaml: add python3-apt, tzdata as build-deps for the
snapd snap
- tests: ask tar to speak English
- tests: using google storage when downloading ubuntu cloud images
from gce
- Coverity produces false positives for code like this:
- many: maybe restart & security backend options
- o/standby: add SNAPD_STANDBY_WAIT to control standby in
development
- snap: use the actual staging snap-id for snapd
- cmd/snap-bootstrap: create a new parser instance
- snapcraft.yaml: use build-base and adopt-info, rm builddeb
plugin
- tests: set StartLimitInterval in snapd failover test
- tests: disable archlinux system
- tests: add preseed test for classic
- many, tests: integrate all preseed bits and add spread tests
- daemon: support resuming downloads
- tests: use Filename() instead of filepath.Base(sn.MountFile())
- tests/core: add swapfiles test
- interfaces/cpu-control: allow to control cpufreq tunables
- interfaces: use commonInteface for desktopInterface
- interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
location
- snap/info: add Filename
- bootloader: make uboot a RecoveryAwareBootloader
- gadget: skip update when mounted filesystem content is identical
- systemd: improve is-active check for 'failed' services
- boot: add current_kernels to modeenv
- o/devicestate: StartOfOperationTime helper for Prune (1/2)
- tests: detect LXD launching i386 containers
- tests: move main/ubuntu-core-* tests to core/ suite
- tests: remove snapd in ubuntu-core-snapd
- boot: enable base snap updates in bootstate20
- tests: Fix core revert channel after 2.43 has been released to
stable
- data/selinux: unify tabs/spaces
- o/ifacestate: move ResolveDisconnect to ifacestate
- spread: move centos to stable systems
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use in serial
acquire
- store: detect if server does not support http range headers
- test/lib/user: add helper lib for doing things for and as a user
- overlord/snapstate, wrappers: undo of snapd on core
- tests/main/interfaces-pulseaudio: use custom pulseaudio script,
set kill timeout
- store: add support for resume in DownloadStream
- cmd/snap: implement 'snap remove-user'
- overlord/devicestate: fix preseed unit tests on systems not using
/snap
- tests/main/static: ldd in glibc 2.31 logs to stderr now
- run-checks, travis: allow skipping spread jobs by adding a label
- tests: add new backend which includes images with tpm support
- boot: use constants for boot status values
- tests: add "core" suite for UC specific tests
- tests/lib/prepare: use a local copy of uc20 initramfs skeleton
- tests: retry mounting the udisk2 device due to timing issue
- usersession/client: add a client library for the user session
agent
- o/devicestate: Handle preseed mode in the firstboot mode (core16
only for now).
- boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
- cmd/snap-confine: detect base transitions on core16
- boot: don't use "kernel" from the modeenv anymore
- interfaces: add uio interface
- tests: repack the initramfs + kernel snap for UC20 spread tests
- interfaces/greengrass-support: add /dev/null ->
/proc/latency_stats mount
- httputil: remove workaround for redirect handling in go1.7
- httputil: remove go1.6 transport workaround
- snap: add `snap pack --compression=<comp>` options
- tests/lib/prepare: fix hardcoded loopback device names for UC
images
- timeutil: add a unit test case for trivial schedule
- randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
introduction
- dirs: variable with distros using alternate snap mount
- many,randutil: centralize and streamline our random value
generation
- tests/lib/prepare-restore: Revert "Continue on errors updating or
installing dependencies"
- daemon: Allow clients to call /v2/logout via Polkit
- dirs: manjaro-arm is like manjaro
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
- daemon, store: better expose single action errors
- tests: switch mount-ns test to differential data set
- snapstate: refactor things to add the re-refresh task last
- daemon: drop support for the DELETE method
- client: move to /v2/users; implement RemoveUser
- boot: enable UC20 kernel extraction and bootState20 handling
- interfaces/policy: enforce plug-names/slot-names constraints
- asserts: parse plug-names/slot-names constraints
- daemon: make users result more consistent
- cmd/snap-confine,tests: support x.y.z nvidia version
- dirs: fixlet for XdgRuntimeDirGlob
- boot: add bootloader options to coreKernel
- o/auth,daemon: do not remove unknown user
- tests: tweak and enable tests on ubuntu 20.04
- daemon: implement user removal
- cmd/snap-confine: allow snap-confine to link to libpcre2
- interfaces/builtin: Allow NotificationReplied signal on
org.freedesktop.Notifications
- overlord/auth: add RemoveUserByName
- client: move user-related things to their own files
- boot: tweak kernel cmdline helper docstring
- osutil: implement deluser
- gadget: skip update when raw structure content is unchanged
- boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
detection to boot
- tests: fix revisions leaking from snapd-refresh test
- daemon: refactor create-user to a user action & hide behind a flag
- osutil/tests: check there are no leftover symlinks with
AtomicSymlink
- grub: support atomically renaming kernel symlinks
- osutil: add helpers for creating symlinks and renaming in an
atomic manner
- tests: add marker tag for core 20 test failure
- tests: fix gadget-update-pc test leaking snaps
- tests: remove revision leaking from ubuntu-core-refresh
- tests: remove revision leaking from remodel-kernel
- tests: disable system-usernames test on core20
- travis, tests, run-checks: skip nakedret
- tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
- tests: update mount-ns test tables
- snap: disable auto-import in uc20 install-mode
- tests: add a command-chain service test
- tests: use test-snapd-upower instead of upower
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- spread.yaml: fix ubuntu 19.10 and 20.04 names
- debian: check embedded keys for snap-{bootstrap,preseed} too
- interfaces/apparmor: fix doc-comments, unnecessary code
- o/ifacestate,o/devicestatate: merge gadget-connect logic into
auto-connect
- bootloader: add ExtractedRunKernelImageBootloader interface,
implement in grub
- tests: add spread test for hook permissions
- cmd/snap-bootstrap: check device size before boostrapping and
produce a meaningful error
- cmd/snap: add ability to register "snap routine" commands
- tests: add a test demonstrating that snaps can't access the
session agent socket
- api: don't return connections referring to non-existing
plugs/slots
- interfaces: refactor path() from raw-volume into utils with
comments for old
- gitignore: ignore snap files
- tests: skip interfaces-network-manager on arm devices
- o/devicestate: do not create perfTimings if not needed inside
ensureSeed/Operational
- tests: add ubuntu 20.04 to the tests execution and remove
tumbleweed from unstable
- usersession: add systemd user instance service control to user
session agent
- cmd/snap: print full channel in 'snap list', 'snap info'
- tests: remove execution of ubuntu 19.04 from google backend
- cmd/snap-boostrap: add mocking for fakeroot
- tests/core18/snapd-failover: collect more debug info
- many: run black formatter on all python files
- overlord: increase settle timeout for slow machines
- httputil: use shorter timeout in TestRetryRequestTimeoutHandling
- store, o/snapstate: send default-tracks header, use
RedirectChannel
- overlord/standby: fix possible deadlock in standby test
- cmd/snap-discard-ns: fix pattern for .info files
- boot: add HasModeenv to Device
- devicestate: do not allow remodel between core20 models
- bootloader,snap: misc tweaks
- store, overlord/snapstate, etc: SnapAction now returns a []…Result
- snap-bootstrap: create encrypted partition
- snap: remove "host" output from `snap version`
- tests: use snap remove --purge flag in most of the spread tests
- data/selinux, test/main/selinux-clean: update the test to cover
more scenarios
- many: drop NameAndRevision, use snap.PlaceInfo instead
- boot: split MakeBootable tests into their own file
- travis-ci: add go import path
- boot: split MakeBootable implementations into their own file
- tests: enable a lot of the tests of main on uc20
- packaging, tests: stop services in prerm
- tests: enable regression suite on core20
- overlord/snapstate: improve snapd snap backend link unit tests
- boot: implement SetNextBoot in terms of bootState.setNext
- wrappers: write and undo snapd services on core
- boot,o/devicestate: refactor MarkBootSuccessful over bootState
- snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
- snap-bootstrap: refactor partition creation
- tests: use new snapd.spread-tests-run-mode-tweaks.service unit
- tests: add core20 tests
- boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
use the information
- tests/main/snap-sign: add test for non-stdin signing
- snap-bootstrap: trigger udev after filesystem creation
- boot,overlord: introduce internal abstraction bootState and use it
for InUse/GetCurrentBoot
- overlord/snapstate: tracks are now sticky
- cmd: sign: add filename param
- tests: remove "test-snapd-tools" in smoke/sandbox on restore
- cmd/snap, daemon: stop over-normalising channels
- tests: fix classic-ubuntu-core-transition-two-cores after refactor
of MATCH -v
- packaging: ship var/lib/snapd/desktop/applications in the pkg
- spread: drop copr repo with F30 build dependencies
- tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
- tests: fix partition creation test
- tests: unify/rename services-related spread tests to start with
services- prefix
- test: extract code that modifies "writable" for test prep
- systemd: handle preseed mode
- snap-bootstrap: read only stdout when parsing the sfdisk json
- interfaces/browser-support: add more product/vendor paths
- boot: write compat UC16 bootvars in makeBootable20RunMode
- devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
- devicestate: request reboot after successful doSetupRunSystem()
- snapd.core-fixup.sh: do not run on UC20 at all
- tests: unmount automounted snap-bootstrap devices
- devicestate: run boot.MakeBootable in doSetupRunSystem
- boot: copy kernel/base to data partition in makeBootable20RunMode
- tests: also check nested lxd container
- run-checks: complain about MATCH -v
- boot: always return the trivial boot participant in ephemeral mode
- o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
- snap-bootstrap: append new partitions
- snap-bootstrap: mount filesystems after creation
- snapstate: do not try to detect rollback in ephemeral modes
- snap-bootstrap: trigger udev for new partitions
- cmd/snap-bootstrap: xxx todos about kernel cross-checks
- tests: avoid mask rsyslog service in case is not enabled on the
system
- tests: fix use of MATCH -v
- cmd/snap-preseed: update help strings
- cmd/snap-bootstrap: actually parse snapd_recovery_system label
- bootstrap: reduce runmode mounts from 5 to 2 steps.
- lkenv.go: adjust for new location of include file
- snap: improve squashfs.ReadFile() error
- systemd: fix uc20 shutdown
- boot: write modeenv when creating the run mode
- boot,image: add skeleton boot.makeBootable20RunMode
- cmd/snap-preseed: add snap-preseed executable
- overlord,boot: follow ups to #7889 and #7899
- interfaces/wayland: Add access to Xwayland's shm files
- o/hookstate/ctlcmd: fix command name in snapctl -h
- daemon,snap: remove screenshot deprecation notice
- overlord,o/snapstate: make sure we never leave config behind
- many: pass consistently boot.Device state to boot methods
- run-checks: check multiline string blocks in
restore/prepare/execute sections of spread tests
- intrefaces: login-session-control - added missing dbus commands
- tests/main/parallel-install-remove-after: parallel installs should
not break removal
- overlord/snapstate: tweak assumes error hint
- overlord: replace DeviceContext.OldModel with GroundContext
- devicestate: use httputil.ShouldRetryError() in
prepareSerialRequest
- tests: replace "test-snapd-base-bare" with real "bare" base snap
- many: pass a Model to the gadget info reading functions
- snapstate: relax gadget constraints in ConfigDefaults Et al.
- devicestate: only run ensureBootOk() in "run" mode
- tests/many: quiet lxc launching, file pushing
- tests: disable apt-hooks test until it can be properly fixed
- tests: 16.04 and 18.04 now have mediating pulseaudio
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 17 Mar 2020 20:55:47 +0100
snapd (2.43.3-1) unstable; urgency=medium
* New upstream release, LP: #1856159
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use
in serial acquire
- interfaces: add uio interface
- interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to
start due to apparmor deny on mounting of "/proc/latency_stats".
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 12 Feb 2020 14:59:15 +0100
snapd (2.43.2-1) unstable; urgency=medium
* New upstream release, LP: #1856159
- cmd/snap-confine: Revert #7421 (unmount /writable from snap view)
- overlord/snapstate: fix for re-refresh bug
- tests, run-checks, many: fix nakedret issues
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- tests: use test-snapd-upower instead of upower
- overlord: increase overall settle timeout for slow arm boards
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 28 Jan 2020 15:50:25 +0100
snapd (2.43.1-1) unstable; urgency=medium
* New upstream release, LP: #1856159
- devicestate: use httputil.ShouldRetryError() in prepareSerialRequest
- overlord/standby: fix possible deadlock in standby test
- cmd/snap-discard-ns: fix pattern for .info files
- overlord,o/snapstate: make sure we never leave config behind
- data/selinux: update policy to cover more cases
- snap: remove "host" output from `snap version`
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 14 Jan 2020 20:30:07 +0100
snapd (2.43-1) unstable; urgency=medium
* New upstream release
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 09 Jan 2020 17:16:12 +0100
snapd (2.42.5-1) unstable; urgency=medium
* New upstream release, LP: #1853244
- snap-confine: revert, with comment, explicit unix deny for nested
lxd
- Disable mount-ns test on 16.04. It is too flaky currently.
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 06 Dec 2019 14:10:56 +0100
snapd (2.42.4-1) unstable; urgency=medium
* New upstream release, LP: #1853244
- overlord/snapstate: make sure configuration defaults are applied
only once
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 28 Nov 2019 06:48:26 +0100
snapd (2.42.3-1) unstable; urgency=medium
* New upstream release, LP: #1853244
- overlord/snapstate: pick up system defaults when seeding the snapd
snap
- cmd/snap-update-ns: fix overlapping, nested writable mimic
handling
- interfaces: misc updates for u2f-devices, browser-support,
hardware-observe, et al
- tests: reset failing "fwupd-refresh.service" if needed
- tests/main/gadget-update-pc: use a program to modify gadget yaml
- snap-confine: suppress noisy classic snap file_inherit denials
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 27 Nov 2019 12:41:07 +0100
snapd (2.42.2-1) unstable; urgency=medium
* New upstream release, LP: #1853244
- interfaces/lxd-support: Fix on core18
- tests/main/system-usernames: Amazon Linux 2 comes with libseccomp
2.4.1 now
- snap-seccomp: add missing clock_getres_time64
- cmd/snap-seccomp/syscalls: update the list of known
syscalls
- sandbox/seccomp: accept build ID generated by Go toolchain
- interfaces: allow access to ovs bridge sockets
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 20 Nov 2019 08:09:15 +0100
snapd (2.42.1-1) unstable; urgency=medium
* New upstream release, LP: #1846181
- interfaces: de-duplicate emitted update-ns profiles
- packaging: tweak handling of usr.lib.snapd.snap-confine
- interfaces: allow introspecting network-manager on core
- tests/main/interfaces-contacts-service: disable on openSUSE
Tumbleweed
- tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
- snap: fix default-provider in seed validation
- tests: update system-usernames test now that opensuse-15.1 works
- overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
- gadget: rename "boot{select,img}" -> system-boot-{select,image}
- tests: listing test, make accepted snapd/core versions consistent
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 30 Oct 2019 13:17:43 +0100
snapd (2.42-1) unstable; urgency=medium
* New upstream release
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 01 Oct 2019 11:40:58 +0200
snapd (2.41-1) unstable; urgency=medium
[ Michael Vogt ]
* New upstream release, LP: #1840740
[ Jamie Strandboge ]
* debian/control: Depends on apparmor >= 2.10.95-5 instead of
2.10.95-0ubuntu2.2 since 2.10.95-5 in Debian is the first version to have
all the patches that 2.10.95-0ubuntu2.2 in Ubuntu brought.
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 30 Aug 2019 08:53:57 +0200
snapd (2.40-1) unstable; urgency=medium
* New upstream release.
-- Michael Vogt <mvo@debian.org> Tue, 23 Jul 2019 15:38:36 +0200
snapd (2.39.3-1) unstable; urgency=medium
* New upstream release, LP: #1827495
- daemon: increase `shutdownTimeout` to 25s to deal with slow HW
- spread: run tests against openSUSE 15.1
- data/selinux: fix policy for snaps with bases and classic snaps
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 21 Jun 2019 09:06:01 +0200
snapd (2.39.2-1) unstable; urgency=medium
* New upstream release, LP: #1827495
- debian: rework how we run autopkgtests
- interfaces/docker-support: add overlayfs accesses for ubuntu core
- data/selinux: permit init_t to remount snappy_snap_t
- strutil/shlex: fix ineffassign
- packaging: fix build-depends on powerpc
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 05 Jun 2019 08:46:14 +0200
snapd (2.39-1) unstable; urgency=medium
* New upstream release
* d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop,
fixed upstream
-- Zygmunt Krynicki <me@zygoon.pl> Thu, 28 Feb 2019 18:21:26 +0100
snapd (2.39.1-1) unstable; urgency=medium
* New upstream release
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 May 2019 12:08:43 +0200
snapd (2.38-1) unstable; urgency=medium
* New upstream release
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 21 Mar 2019 11:02:04 +0100
snapd (2.37.4-1) unstable; urgency=medium
* New upstream release
* d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop,
fixed upstream
-- Zygmunt Krynicki <me@zygoon.pl> Thu, 28 Feb 2019 18:21:26 +0100
snapd (2.37.3-1) unstable; urgency=medium
* New upstream release
-- Zygmunt Krynicki <me@zygoon.pl> Tue, 19 Feb 2019 13:46:24 +0100
snapd (2.37.2-1) unstable; urgency=medium
* New upstream releease.
-- Michael Hudson-Doyle <mwhudson@debian.org> Thu, 07 Feb 2019 21:26:34 +1300
snapd (2.37.1-1) unstable; urgency=medium
* New upstream release.
* d/patches/0009-interfaces-apparmor-mock-presence-of-overlayfs-root.patch:
applied upstream
-- Zygmunt Krynicki <me@zygoon.pl> Tue, 29 Jan 2019 19:24:35 +0100
snapd (2.37-3) unstable; urgency=medium
* Fix --no-arch-any build.
-- Michael Hudson-Doyle <mwhudson@debian.org> Thu, 24 Jan 2019 16:11:17 +1300
snapd (2.37-2) unstable; urgency=medium
* d/patches/0010-man-page-sections.patch: fix a couple of instances of the
lintian warning 'manpage-section-mismatch'.
-- Michael Hudson-Doyle <mwhudson@debian.org> Thu, 24 Jan 2019 09:52:09 +1300
snapd (2.37-1) unstable; urgency=medium
[ Michael Hudson-Doyle ]
* New upstream version.
* d/control: make myself Maintainer, use my Debian address, update Vcs-* to
point to salsa.
* Add new build-dependencies.
* d/watch: update to download new upstream-provided no-vendor tarballs.
* d/patches: refresh/drop.
* d/patches/no-snapfuse.patch: do not depend on snapfuse fork of squashfuse.
* d/patches/upstram-bolt.patch: use upstream version of boltdb.
* d/patches/systemd-activation-compat.patch: compatibility for the
newer go-systemd in debian
[ Ondřej Nový ]
* d/copyright: Use https protocol in Format field
* d/changelog: Remove trailing whitespaces
[ Zygmunt Krynicki ]
* Update unreleased package to 2.37
* Drop and recreate all patches
* Add patches for failing unit tests
* Reconcile packaging with snapd upstream
-- Zygmunt Krynicki <me@zygoon.pl> Tue, 22 Jan 2019 12:39:58 +0100
snapd (2.30-5) unstable; urgency=medium
* Team upload.
* add fix-pkg-config-line.patch to fix FTBFS
* Set XS-Go-Import-Path
-- Michael Stapelberg <stapelberg@debian.org> Sat, 10 Feb 2018 23:18:15 +0100
snapd (2.30-4) unstable; urgency=medium
* Fix Built-Using computation on Debian.
* Add d/patches/disable-TestDoRequestSerialErrorsOnNoHost.patch to disable
a flaky test.
-- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 16 Jan 2018 13:02:31 +1300
snapd (2.30-3) unstable; urgency=medium
* Fix arch builds again, sigh,
-- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 09 Jan 2018 13:56:48 +1300
snapd (2.30-2) unstable; urgency=medium
* Fix arch-all-only build. (Closes: 886431)
-- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 09 Jan 2018 10:48:20 +1300
snapd (2.30-1) unstable; urgency=medium
* New upstream release.
* Remove several patches:
- 0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch: included in
release.
- apparmor-compat.patch, no-reexec-on-debian.patch: Removed as upstream
now implements a better solution to the problem.
- pb.v1-canonical-path.patch: applied upstream.
* Stop installing udev/rules.d/80-snappy-assign.rules, gone upstream
-- Michael Hudson-Doyle <mwhudson@debian.org> Fri, 05 Jan 2018 09:39:07 +1300
snapd (2.28.5) xenial; urgency=medium
* New upstream release, LP: #1714984
- snap-confine: cleanup broken nvidia udev tags
- cmd/snap-confine: update valid security tag regexp
- overlord/ifacestate: refresh udev backend on startup
- dbus: ensure io.snapcraft.Launcher.service is created on re-
exec
- snap-confine: add support for handling /dev/nvidia-modeset
- interfaces/network-control: remove incorrect rules for tun
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 13 Oct 2017 23:25:46 +0200
snapd (2.28.4) xenial; urgency=medium
* New upstream release, LP: #1714984
- interfaces/opengl: don't udev tag nvidia devices and use snap-
confine instead
- debian: fix replaces/breaks for snap-xdg-open (thanks to apw!)
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 11 Oct 2017 19:40:57 +0200
snapd (2.28.3) xenial; urgency=medium
* New upstream release, LP: #1714984
- interfaces/lxd: lxd slot implementation can also be an app
snap
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 11 Oct 2017 08:20:26 +0200
snapd (2.28.2) xenial; urgency=medium
* New upstream release, LP: #1714984
- interfaces: fix udev rules for tun
- release,cmd,dirs: Redo the distro checks to take into account
distribution families
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 10 Oct 2017 18:39:58 +0200
snapd (2.28.1) xenial; urgency=medium
* New upstream release, LP: #1714984
- snap-confine: update apparmor rules for fedora based basesnaps
- snapstate: rename refresh hook to post-refresh for consistency
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 27 Sep 2017 17:59:49 -0400
snapd (2.28) xenial; urgency=medium
* New upstream release, LP: #1714984
- hooks: rename refresh to after-refresh
- snap-confine: bind mount /usr/lib/snapd relative to snap-confine
- cmd,dirs: treat "liri" the same way as "arch"
- snap-confine: fix base snaps on core
- hooks: substitute env vars when executing hooks
- interfaces: updates for default, browser-support, desktop, opengl,
upower and stub-resolv.conf
- cmd,dirs: treat manjaro the same as arch
- systemd: do not run auto-import and repair services on classic
- packaging/fedora: Ensure vendor/ is empty for builds and fix spec
to build current master
- many: fix TestSetConfNumber missing an Unlock and other fragility
improvements
- osutil: adjust StreamCommand tests for golang 1.9
- daemon: allow polkit authorisation to install/remove snaps
- tests: make TestCmdWatch more robust
- debian: improve package description
- interfaces: add netlink kobject uevent to hardware observe
- debian: update trusted account-keys check on 14.04 packaging
- interfaces/network-{control,observe}: allow receiving
kobject_uevent() messages
- tests: fix lxd test for external backend
- snap-confine,snap-update-ns: add -no-pie to fix FTBFS on
go1.7,ppc64
- corecfg: mock "systemctl" in all corecfg tests
- tests: fix unit tests on Ubuntu 14.04
- debian: add missing flags when building static snap-exec
- many: end-to-end support for the bare base snap
- overlord/snapstate: SetRootDir from SetUpTest, not in just some
tests
- store: have an ad-hoc method on cfg to get its list of uris for
tests
- daemon: let client decide whether to allow interactive auth via
polkit
- client,daemon,snap,store: add license field
- overlord/snapstate: rename HasCurrent to IsInstalled, remove
superfluous/misleading check from All
- cmd/snap: SetRootDir from SetUpTest, not in just some individual
tests.
- systemd: rename snap-repair.{service,timer} to snapd.snap-
repair.{service,timer}
- snap-seccomp: remove use of x/net/bpf from tests
- httputil: more naive per go version way to recreate a default
transport for tls reconfig
- cmd/snap-seccomp/main_test.go: add one more syscall for arm64
- interfaces/opengl: use == to compare, not =
- cmd/snap-seccomp/main_test.go: add syscalls for armhf and arm64
- cmd/snap-repair: track and use a lower bound for the time for
TLS checks
- interfaces: expose bluez interface on classic OS
- snap-seccomp: add in-kernel bpf tests
- overlord: always try to get a serial, lazily on classic
- tests: add nmcli regression test
- tests: deal with __PNR_chown on aarch64 to fix FTBFS on arm64
- tests: add autopilot-introspection interface test
- vendor: fix artifact from manually editing vendor/vendor.json
- tests: rename complexion to test-snapd-complexion
- interfaces: add desktop and desktop-legacy
interfaces/desktop: add new 'desktop' interface for modern DEs
interfaces/builtin/desktop_test.go: use modern testing techniques
interfaces/wayland: allow read on /etc/drirc for Plasma desktop
interfaces/desktop-legacy: add new 'legacy' interface (currently
for a11y and input)
- tests: fix race in snap userd test
- devices/iio: add read/write for missing sysfs entries
- spread: don't set HTTPS?_PROXY for linode
- cmd/snap-repair: check signatures of repairs from Next
- env: set XDG_DATA_DIRS for wayland et.al.
- interfaces/{default,account-control}: Use username/group instead
of uid/gid
- interfaces/builtin: use udev tagging more broadly
- tests: add basic lxd test
- wrappers: ensure bash completion snaps install on core
- vendor: use old golang.org/x/crypto/ssh/terminal to build on
powerpc again
- docs: add PULL_REQUEST_TEMPLATE.md
- interfaces: fix network-manager plug
- hooks: do not error out when hook is optional and no hook handler
is registered
- cmd/snap: add userd command to replace snapd-xdg-open
- tests: new regex used to validate the core version on extra snaps
ass...
- snap: add new `snap switch` command
- tests: wait more and more debug info about fakestore start issues
- apparmor,release: add better apparmor detection/mocking code
- interfaces/i2c: adjust sysfs rule for alternate paths
- interfaces/apparmor: add missing call to dirs.SetRootDir
- cmd: "make hack" now also installs snap-update-ns
- tests: copy files with less verbosity
- cmd/snap-confine: allow using additional libraries required by
openSUSE
- packaging/fedora: Merge changes from Fedora Dist-Git
- snapstate: improve the error message when classic confinement is
not supported
- tests: add test to ensure amd64 can run i386 syscall binaries
- tests: adding extra info for fakestore when fails to start
- tests: install most important snaps
- cmd/snap-repair: more test coverage of filtering
- squashfs: remove runCommand/runCommandWithOutput as we do not need
it
- cmd/snap-repair: ignore superseded revisions, filter on arch and
models
- hooks: support for refresh hook
- Partial revert "overlord/devicestate, store: update device auth
endpoints URLs"
- cmd/snap-confine: allow reading /proc/filesystems
- cmd/snap-confine: genearlize apparmor profile for various lib
layout
- corecfg: fix proxy.* writing and add integration test
- corecfg: deal with system.power-key-action="" correctly
- vendor: update vendor.json after (presumed) manual edits
- cmd/snap: in `snap info`, don't print a newline between tracks
- daemon: add polkit support to /v2/login
- snapd,snapctl: decode json using Number
- client: fix go vet 1.7 errors
- tests: make 17.04 shellcheck clean
- tests: remove TestInterfacesHelp as it breaks when go-flags
changes
- snapstate: undo a daemon restart on classic if needed
- cmd/snap-repair: recover brand/model from
/var/lib/snapd/seed/assertions checking signatures and brand
account
- spread: opt into unsafe IO during spread tests
- snap-repair: update snap-repair/runner_test.go for API change in
makeMockServer
- cmd/snap-repair: skeleton code around actually running a repair
- tests: wait until the port is listening after start the fake store
- corecfg: fix typo in tests
- cmd/snap-repair: test that redirects works during fetching
- osutil: honor SNAPD_UNSAFE_IO for testing
- vendor: explode and make more precise our golang.go/x/crypto deps,
use same version as Debian unstable
- many: sanitize NewStoreStack signature, have shared default store
test private keys
- systemd: disable `Nice=-5` to fix error when running inside lxd
- spread.yaml: update delta ref to 2.27
- cmd/snap-repair: use E-Tags when refetching a repair to retry
- interfaces/many: updates based on chromium and mrrescue denials
- cmd/snap-repair: implement most logic to get the next repair to
run/retry in a brand sequence
- asserts/assertstest: copy headers in SigningDB.Sign
- interfaces: convert uhid to common interface and test cases
improvement for time_control and opengl
- many tests: move all panicing fake store methods to a common place
- asserts: add store assertion type
- interfaces: don't crash if content slot has no attributes
- debian: do not build with -buildmode=pie on i386
- wrappers: symlink completion snippets when symlinking binaries
- tests: adding more debug information for the interfaces-cups-
control …
- apparmor: pass --quiet to parser on load unless SNAPD_DEBUG is set
- many: allow and support serials signed by the 'generic' authority
instead of the brand
- corecfg: add proxy configuration via `snap set core
proxy.{http,https,ftp}=...`
- interfaces: a bunch of interfaces test improvement
- tests: enable regression and completion suites for opensuse
- tests: installing snapd for nested test suite
- interfaces: convert lxd_support to common iface
- interfaces: add missing test for camera interface.
- snap: add support for parsing snap layout section
- cmd/snap-repair: like for downloads we cannot have a timeout (at
least for now), less aggressive retry strategies
- overlord: rely on more conservative ensure interval
- overlord,store: no piles of return args for methods gathering
device session request params
- overlord,store: send model assertion when setting up device
sessions
- interfaces/misc: updates for unity7/x11, browser-
support, network-control and mount-observe
interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
interfaces/browser-support: update sysfs reads for
newer browser versions, interfaces/network-control: rw for
ieee80211 advanced wireless interfaces/mount-observe: allow read
on sysfs entries for block devices
- tests: use dnf --refresh install to avert stale cache
- osutil: ensure TestLockUnlockWorks uses supported flock
- interfaces: convert lxd to common iface
- tests: restart snapd to ensure re-exec settings are applied
- tests: fix interfaces-cups-control test
- interfaces: improve and tweak bunch of interfaces test cases.
- tests: adding extra worker for fedora
- asserts,overlord/devicestate: support predefined assertions that
don't establish foundational trust
- interfaces: convert two hardware_random interfaces to common iface
- interfaces: convert io_ports_control to common iface
- tests: fix for upgrade test on fedora
- daemon, client, cmd/snap: implement snap start/stop/restart
- cmd/snap-confine: set _FILE_OFFSET_BITS to 64
- interfaces: covert framebuffer to commonInterface
- interfaces: convert joystick to common iface
- interfaces/builtin: add the spi interface
- wrappers, overlord/snapstate/backend: make link-snap clean up on
failure.
- interfaces/wayland: add wayland interface
- interfaces: convert kvm to common iface
- tests: extend upower-observe test to cover snaps providing slots
- tests: enable main suite for opensuse
- interfaces: convert physical_memory_observe to common iface
- interfaces: add missing test for optical_drive interface.
- interfaces: convert physical_memory_control to common iface
- interfaces: convert ppp to common iface
- interfaces: convert time-control to common iface
- tests: fix failover test
- interfaces/builtin: rework for avahi interface
- interfaces: convert broadcom-asic-control to common iface
- snap/snapenv: document the use of CoreSnapMountDir for SNAP
- packaging/arch: drop patches merged into master
- cmd: fix mustUnsetenv docstring (thanks to Chipaca)
- release: remove default from VERSION_ID
- tests: enable regression, upgrade and completion test suites for
fedora
- tests: restore interfaces-account-control properly
- overlord/devicestate, store: update device auth endpoints URLs
- tests: fix install-hook test failure
- tests: download core and ubuntu-core at most once
- interfaces: add common support for udev
- overlord/devicestate: fix, don't assume that the serial is backed
by a 1-key chain
- cmd/snap-confine: don't share /etc/nsswitch from host
- store: do not resume a download when we already have the whole
thing
- many: implement "snap logs"
- store: don't call useDeltas() twice in quick succession
- interfaces/builtin: add kvm interface
- snap/snapenv: always expect /snap for $SNAP
- cmd: mark arch as non-reexecing distro
- cmd: fix tests that assume /snap mount
- gitignore: ignore more build artefacts
- packaging: add current arch packaging
- interfaces/unity7: allow receiving media key events in (at least)
gnome-shell
- interfaces/many, cmd/snap-confine: miscellaneous policy updates
- interfaces/builtin: implement broadcom-asic-control interface
- interfaces/builtin: reduce duplication and remove cruft in
Sanitize{Plug,Slot}
- tests: apply underscore convention for SNAPMOUNTDIR variable
- interfaces/greengrass-support: adjust accesses now that have
working snap
- daemon, client, cmd/snap: implement "snap services"
- tests: fix refresh tests not stopping fake store for fedora
- many: add the interface command
- overlord/snapstate/backend: some copydata improvements
- many: support querying and completing assertion type names
- interfaces/builtin: discard empty Validate{Plug,Slot}
- cmd/snap-repair: start of Runner, implement first pass of Peek
and Fetch
- tests: enable main suite on fedora
- snap: do not always quote the snap info summary
- vendor: update go-flags to address crash in "snap debug"
- interfaces: opengl support pci device and vendor
- many: start implenting "base" snap type on the snapd side
- arch,release: map armv6 correctly
- many: expose service status in 'snap info'
- tests: add browser-support interface test
- tests: disable snapd-notify for the external backend
- interfaces: Add /run/uuid/request to openvswitch
- interfaces: add password-manager-service implicit classic
interface
- cmd: rework reexec detection
- cmd: fix re-exec bug when starting from snapd 2.21
- tests: dependency packages installed during prepare-project
- tests: remove unneeded check for re-exec in InternalToolPath()
- cmd,tests: fix classic confinement confusing re-execution code
- store: configurable base api
- tests: fix how package lists are updated for opensuse and fedora
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 25 Sep 2017 12:07:34 -0400
snapd (2.27.6-2) unstable; urgency=medium
* Add d/patches/0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch
to fix FTBFS with Go 1.9. (Closes: #876867)
-- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 26 Sep 2017 13:41:53 -0400
snapd (2.27.6-1) unstable; urgency=medium
* New upstream release, LP: #1703798:
- interfaces: add udev netlink support to hardware-observe
- interfaces/network-{control,observe}: allow receiving
kobject_uevent() messages
-- Zygmunt Krynicki <me@zygoon.pl> Fri, 08 Sep 2017 00:03:18 +0200
snapd (2.27.5-1) unstable; urgency=medium
* New upstream release.
- interfaces: fix network-manager plug regression
- hooks: do not error when hook handler is not registered
- interfaces/alsa,pulseaudio: allow read on udev data for sound
- interfaces/optical-drive: read access to udev data for /dev/scd*
- interfaces/browser-support: read on /proc/vmstat and misc udev data
-- Zygmunt Krynicki <me@zygoon.pl> Thu, 31 Aug 2017 10:11:20 +0200
snapd (2.27.4-1) unstable; urgency=medium
* New upstream release.
* Enable seccomp.
-- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 24 Aug 2017 22:12:52 +1200
snapd (2.27.2-2) unstable; urgency=medium
* Fix re-exec test failure.
-- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Fri, 18 Aug 2017 11:37:47 +1200
snapd (2.27.2-1) unstable; urgency=medium
* New upstream release.
* Stop using single-debian-patch, split delta into separate patches.
* Allow confining snap-confine even when --disable-apparmor is used.
* Pass --enable-static-libcap to cmd/configure, as was always the intention.
* Disable re-exec on Debian until core snap can cope with a partial apparmor
implementation. (Closes: #851473)
-- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Fri, 18 Aug 2017 11:00:31 +1200
snapd (2.27.1-1) unstable; urgency=medium
* New upstream release. (Closes: #868959, #869268, #872071)
* New changes to upstream sources:
- Disable cmd/snap-seccomp tests as they depend on an unpackaged fork of
golang/x/net.
- Use upstream version of libseccomp-golang.
* Do not install ancient ubuntu-core-launcher symlink.
-- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Mon, 14 Aug 2017 21:53:09 +1200
snapd (2.27.1) xenial; urgency=medium
* New upstream release, LP: #1703798:
- tests: use dnf --refresh install to avert stale cache
- tests: fix test failure on 14.04 due to old version of
flock
- updates for unity7/x11, browser-support, network-control,
mount-observe
- interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
- interfaces/browser-support: update sysfs reads for
newer browser versions
- interfaces/network-control: rw for ieee80211 advanced wireless
- interfaces/mount-observe: allow read on sysfs entries for block
devices
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 14 Aug 2017 08:02:17 +0200
snapd (2.27) xenial; urgency=medium
* New upstream release, LP: #1703798
- fix build failure on 32bit fedora
- interfaces: add password-manager-service implicit classic interface
- interfaces/greengrass-support: adjust accesses now that have working
snap
- interfaces/many, cmd/snap-confine: miscellaneous policy updates
- interfaces/unity7: allow receiving media key events in (at least)
gnome-shell
- cmd: fix re-exec bug when starting from snapd 2.21
- tests: restore interfaces-account-control properly
- cmd: fix tests that assume /snap mount
- cmd: mark arch as non-reexecing distro
- snap-confine: don't share /etc/nsswitch from host
- store: talk to api.snapcraft.io for purchases
- hooks: support for install and remove hooks
- packaging: fix Fedora support
- tests: add bluetooth-control interface test
- store: talk to api.snapcraft.io for assertions
- tests: remove snapd before building from branch
- tests: add avahi-observe interface test
- store: orders API now checks if customer is ready
- cmd/snap: snap find only searches stable
- interfaces: updates default, mir, optical-observe, system-observe,
screen-inhibit-control and unity7
- tests: speedup prepare statement part 1
- store: do not send empty refresh requests
- asserts: fix error handling in snap-developer consistency check
- systemd: add explicit sync to snapd.core-fixup.sh
- snapd: generate snap cookies on startup
- cmd,client,daemon: expose "force devmode" in sysinfo
- many: introduce and use strutil.ListContains and also
strutil.SortedListContains
- assserts,overlord/assertstate: test we don't accept chains of
assertions founded on a self-signed key coming externally
- interfaces: enable access to bridge settings
- interfaces: fix copy-pasted iio vs io in io-ports-control
- cmd/snap-confine: various small fixes and tweaks to seccomp
support code
- interfaces: bring back seccomp argument filtering
- systemd, osutil: rework systemd logs in preparation for services
commands
- tests: store /etc/systemd/system/snap-*core*.mount in snapd-
state.tar.gz
- tests: shellcheck improvements for tests/main tasks - first set of
tests
- cmd/snap: `--last` for abort and watch, and aliases
(search→find, change→tasks)
- tests: shellcheck improvements for tests/lib scripts
- tests: create ramdisk if it's not present
- tests: shellcheck improvements for nightly upgrade and regressions
tests
- snapd: fix for snapctl get panic on null config values.
- tests: fix for rng-tools service not restarting
- systemd: add snapd.core-fixup.service unit
- cmd: avoid using current symlink in InternalToolPath
- tests: fix timeout issue for test refresh core with hanging …
- intefaces: control bridged vlan/ppoe-tagged traffic
- cmd/snap: include snap type in notes
- overlord/state: Abort() only visits each task once
- tests: extend find-private test to cover more cases
- snap-seccomp: skip socket() tests on systems that use socketcall()
instead of socket()
- many: support snap title as localized/title-cased name
- snap-seccomp: deal with mknod on aarch64 in the seccomp tests
- interfaces: put base policy fragments inside each interface
- asserts: introduce NewDecoderWithTypeMaxBodySize
- tests: fix snapd-notify when it takes more time to restart
- snap-seccomp: fix snap-seccomp tests in artful
- tests: fix for create-key task to avoid rng-tools service ramains
alive
- snap-seccomp: make sure snap-seccomp writes the bpf file
atomically
- tests: do not disable ipv6 on core systems
- arch: the kernel architecture name is armv7l instead of armv7
- snap-confine: ensure snap-confine waits some seconds for seccomp
security profiles
- tests: shellcheck improvements for tests/nested tasks
- wrappers: add SyslogIdentifier to the service unit files.
- tests: shellcheck improvements for unit tasks
- asserts: implement FindManyTrusted as well
- asserts: open up and optimize Encoder to help avoiding unnecessary
copying
- interfaces: simplify snap-confine by just loading pre-generated
bpf code
- tests: restart rng-tools services after few seconds
- interfaces, tests: add mising dbus abstraction to system-observe
and extend spread test
- store: change main store host to api.snapcraft.io
- overlord/cmdstate: new package for running commands as tasks.
- spread: help libapt resolve installing libudev-dev
- tests: show the IP from .travis.yaml
- tests/main: use pkgdb function in more test cases
- cmd,daemon: add debug command for displaying the base policy
- tests: prevent quoting error on opensuse
- tests: fix nightly suite
- tests: add linode-sru backend
- snap-confine: validate SNAP_NAME against security tag
- tests: fix ipv6 disable for ubuntu-core
- tests: extend core-revert test to cover bluez issues
- interfaces/greengrass-support: add support for Amazon Greengrass
as a snap
- asserts: support timestamp and optional disabled header on repair
- tests: reboot after upgrading to snapd on the -proposed pocket
- many: fix test cases to work with different DistroLibExecDir
- tests: reenable help test on ubuntu and debian systems
- packaging/{opensuse,fedora}: allow package build with testkeys
included
- tests/lib: generalize RPM build support
- interfaces/builtin: sync connected slot and permanent slot snippet
- tests: fix snap create-key by restarting automatically rng-tools
- many: switch to use http numeric statuses as agreed
- debian: add missing Type=notify in 14.04 packaging
- tests: mark interfaces-openvswitch as manual due to prepare errors
- debian: unify built_using between the 14.04 and 16.04 packaging
branch
- tests: pull from urandom when real entropy is not enough
- tests/main/manpages: install missing man package
- tests: add refresh --time output check
- debian: add missing "make -C data/systemd clean"
- tests: fix for upgrade test when it is repeated
- tests/main: use dir abstraction in a few more test cases
- tests/main: check for confinement in a few more interface tests
- spread: add fedora snap bin dir to global PATH
- tests: check that locale-control is not present on core
- many: snapctl outside hooks
- tests: add whoami check
- interfaces: compose the base declaration from interfaces
- tests: fix spread flaky tests linode
- tests,packaging: add package build support for openSUSE
- many: slight improvement of some snap error messaging
- errtracker: Include /etc/apparmor.d/usr.lib.snap-confine md5sum in
err reports
- tests: fix for the test postrm-purge
- tests: restoring the /etc/environment and service units config for
each test
- daemon: make snapd a "Type=notify" daemon and notify when startup
is done
- cmd/snap-confine: add support for --base snap
- many: derive implicit slots from interface meta-data
- tests: add core revert test
- tests,packaging: add package build support for Fedora for our
spread setup
- interfaces: move base declaration to the policy sub-package
- tests: fix for snapd-reexec test cheking for restart info on debug
log
- tests: show available entropy on error
- tests: clean journalctl logs on trusty
- tests: fix econnreset on staging
- tests: modify core before calling set
- tests: add snap-confine privilege test
- tests: add staging snap-id
- interfaces/builtin: silence ptrace denial for network-manager
- tests: add alsa interface spread test
- tests: prefer ipv4 over ipv6
- tests: fix for econnreset test checking that the download already
started
- httputil,store: extract retry code to httputil, reorg usages
- errtracker: report if snapd did re-execute itself
- errtracker: include bits of snap-confine apparmor profile
- tests: take into account staging snap-ids for snap-info
- cmd: add stub new snap-repair command and add timer
- many: stop "snap refresh $x --channel invalid" from working
- interfaces: revert "interfaces: re-add reverted ioctl and quotactl
- snapstate: consider connect/disconnect tasks in
CheckChangeConflict.
- interfaces: disable "mknod |N" in the default seccomp template
again
- interfaces,overlord/ifacestate: make sure installing slots after
plugs works similarly to plugs after slots
- interfaces/seccomp: add bind() syscall for forced-devmode systems
- packaging/fedora: Sync packaging from Fedora Dist-Git
- tests: move static and unit tests to spread task
- many: error types should be called FooError, not ErrFoo.
- partition: add directory sync to the save uboot.env file code
- cmd: test everything (100% coverage \o/)
- many: make shell scripts shellcheck-clean
- tests: remove additional setup for docker on core
- interfaces: add summary to each interface
- many: remove interface meta-data from list of connections
- logger (& many more, to accommodate): drop explicit syslog.
- packaging: import packaging bits for opensuse
- snapstate,many: implement snap install --unaliased
- tests/lib: abstract build dependency installation a bit more
- interfaces, osutil: move flock code from interfaces/mount to
osutil
- cmd: auto import assertions only from ext4,vfat file systems
- many: refactor in preparation for 'snap start'
- overlord/snapstate: have an explicit code path last-refresh
unset/zero => immediately refresh try
- tests: fixes for executions using the staging store
- tests: use pollinate to seed the rng
- cmd/snap,tests: show the sha3-384 of the snap for snap info
--verbose SNAP-FILE
- asserts: simplify and adjust repair assertion definition
- cmd/snap,tests: show the snap id if available in snap info
- daemon,overlord/auth: store from model assertion wins
- cmd/snap,tests/main: add confinement switch instead of spread
system blacklisting
- many: cleanup MockCommands and don't leave a process around after
hookstate tests
- tests: update listing test to the core version number schema
- interfaces: allow snaps to use the timedatectl utility
- packaging: Add Fedora packaging files
- tests/libs: add distro_auto_remove_packages function
- cmd/snap: correct devmode note for anomalous state
- tests/main/snap-info: use proper pkgdb functions to install distro
packages
- tests/lib: use mktemp instead of tempfile to work cross-distro
- tests: abstract common dirs which differ on distributions
- many: model and expose interface meta-data.
- overlord: make config defaults from gadget work also at first boot
- interfaces/log-observe: allow using journalctl from hostfs for
classic distro
- partition,snap: add support for android boot
- errtracker: small simplification around readMachineID
- snap-confine: move rm_rf_tmp to test-utils.
- tests/lib: introduce pkgdb helper library
- errtracker: try multiple paths to read machine-id
- overlord/hooks: make sure only one hook for given snap is executed
at a time.
- cmd/snap-confine: use SNAP_MOUNT_DIR to setup /snap inside the
confinement env
- tests: bump kill-timeout and remove quiet call on build
- tests/lib/snaps: add a test store snap with a passthrough
configure hook
- daemon: teach the daemon to wait on active connections when
shutting down
- tests: remove unit tests task
- tests/main/completion: source from /usr/share/bash-completion
- assertions: add "repair" assertion
- interfaces/seccomp: document Backend.NewSpecification
- wrappers: make StartSnapServices cleanup any services that were
added if a later one fails
- overlord/snapstate: avoid creating command aliases for daemons
- vendor: remove unused packages
- vendor,partition: fix panics from uenv
- cmd,interfaces/mount: run snap-update-ns and snap-discard-ns from
core if possible
- daemon: do not allow to install ubuntu-core anymore
- wrappers: service start/stop were inconsistent
- tests: fix failing tests (snap core version, syslog changes)
- cmd/snap-update-ns: add actual implementation
- tests: improve entropy also for ubuntu
- cmd/snap-confine: use /etc/ssl from the core snap
- wrappers: don't convert between []byte and string needlessly.
- hooks: default timeout
- overlord/snapstate: Enable() was ignoring the flags from the
snap's state, resulting in losing "devmode" on disable/enable.
- difs,interfaces/mount: add support for locking namespaces
- interfaces/mount: keep track of kept mount entries
- tests/main: move a bunch of greps over to MATCH
- interfaces/builtin: make all interfaces private
- interfaces/mount: spell unmount correctly
- tests: allow 16-X.Y.Z version of core snap
- the timezone_control interface only allows changing /etc/timezone
and /etc/writable/timezone. systemd-timedated also updated the
link of /etc/localtime and /etc/writable/localtime ... allow
access to this file too
- cmd/snap-confine: aggregate operations holding global lock
- api, ifacestate: resolve disconnect early
- interfaces/builtin: ensure we don't register interfaces twice
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 10 Aug 2017 12:43:16 +0200
snapd (2.26.14) xenial; urgency=medium
* New upstream release, LP: #1690083
- cmd: fix incorrect re-exec when starting from snapd 2.21
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 20 Jul 2017 13:52:05 +0200
snapd (2.26.13) xenial; urgency=medium
* New upstream release, LP: #1690083
- cmd,tests: fix classic confinement confusing re-execution code
- cmd: fix incorrect check check for re-exec in InternalToolPath()
- snap-seccomp: add secondary arch for unrestricted snaps as well
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 18 Jul 2017 20:34:33 +0200
snapd (2.26.10) xenial; urgency=medium
* New upstream release, LP: #1690083
- Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 17 Jul 2017 11:58:22 +0200
snapd (2.26.9) xenial; urgency=medium
* New upstream release, LP: #1690083
- statically link libseccomp in snap-seccomp to fix refresh issue
on trusty
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 12 Jul 2017 08:27:14 +0200
snapd (2.26.8) xenial; urgency=medium
* New upstream release, LP: #1690083
- Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
- add snapd.core-fixup.service unit
- ensure re-exec uses the right internal tools
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 05 Jul 2017 07:48:22 +0200
snapd (2.26.6) xenial; urgency=medium
* New upstream release, LP: #1690083
- interfaces: allow snaps to use the timedatectl utility in
time-control
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 27 Jun 2017 08:36:23 +0100
snapd (2.26.5) xenial; urgency=medium
* New upstream release, LP: #1690083
- backport of seccomp-bpf branch to the 2.26 release to ensure snap
revert with new seccomp syntax works correctly
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 26 Jun 2017 15:30:15 +0100
snapd (2.26.4) xenial; urgency=medium
* New upstream release, LP: #1690083
- partly revert aace15ab53 to unbreak core reverts
- Revert "interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)"
- Disable "mknod |N" in the default seccomp template
reasons outline in https://forum.snapcraft.io/t/snapd-2-25-blocked-because-of-revert-race-condition
- errtracker: include bits of snap-confine apparmor profile
- errtracker: report if snapd did re-execute itself
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 01 Jun 2017 18:50:52 +0200
snapd (2.26.3) xenial; urgency=medium
* New upstream release, LP: #1690083
- cherry pick test fixes f0103a6, 9de5c8a, d7725a7 to make
sure the image tests are updated for the changes in the
`snap info core` output and the removal of the rsyslog
package from core.
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 17 May 2017 11:31:56 +0200
snapd (2.26.2) xenial; urgency=medium
* New upstream release, LP: #1690083
- cherry pick d444728 to make the uboot.env file parsing more
robust
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 16 May 2017 18:37:07 +0200
snapd (2.26.1) xenial; urgency=medium
* New upstream release, LP: #1690083
- store: fix panic error in auth
- tests: the new ubuntu-image snap needs classic confinement, adjust
tests
- cmd/snap-confine: don't fail on pre 3.8 kernel
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 11 May 2017 21:44:27 +0200
snapd (2.26) xenial; urgency=medium
* New upstream release, LP: #1690083
- timeutil: avoid panicking when the window is very small
- image: fix go vet issue
- overlord/ifacestate: don't spam logs with harmless auto-connect
messages
- interfaces/builtin: add network-status interface
- interfaces/builtin: add online-accounts-service interface
- interfaces/builtin: distribute code of touching allInterfaces
- interfaces: API additions for interface hooks
- interfaces/builtin: add storage-framework-service interface
- tests: disable create-key test on ppc64el for artful (expect not
working)
- snap: make `snap prepare-image --extra-snaps` derive side info
- tests: unify tests/{main/completion,completion}/lib.exp0
- cmd/snap: tweak info channels output
- interfaces: ensure that legacy interface methods are unused
- packaging: cleanup how built-using is generated
- tests: extend kernel-module-control interface test
- interfaces/network: workaround Go's need for NETLINK_ROUTE with
'net'.
- cmd/snap-confine: use defensive argument parser
- tests: add test for empty snap name on revert
- overlord/hookstate: remove unused Context.timeout
- tests: additional setup in docker test for core systems
- configstate: return error if patch is invalid
- interfaces: add random interface
- store, daemon, client, cmd/snap: handle PASSWORD_POLICY_ERROR
- cmd/snap, client: add "whoami" command
- cmd/snap: iterate interface tab completion
- snap: move locale-control to only be present on classic
- interfaces/browser-support: deny read on squashfs backing files
and LVM vg names
- tests: wait for the docker socket to be listening
- snap: add `snap refresh --time` option
- tests: re-enable and moderninze /media sharing test
- cmd: make rst2man optional
- tests: remove quoting from [[ ]] when globs
- interfaces: allow plugging DBus clients to introspect the slot
service
- packaging/ubuntu*/changelog: drop extra dash
- snap-confine: init the ENTRY variable, coverity is unhappy
otherwise
- cmd/snap-confine/spread-tests: discard useless --version test
- spread: add spread target qemu:debian-9-64
- interfaces: mediate netlink sockets via seccomp
- tests,cmd/snap-confine: port older snapd-discard-ns tests
- cmd/snap-confine/tests: fix shellcheck on recently added files
- tests/upgrade: force install core snap from beta for debian
- overlord/snapstate/backend,interfaces/mount: move ns management
code.
- tests: extend network-control spread test to cope with network
namespaces
- tests: fail early in the spread suite if trying to run it inside a
container
- tests: set ownership of $PROJECT_PATH for the external backend
- tests: specify the auto-refreshable snap being tested
- many: fix tests with go1.8 / artful
- fix for tests: debian does not have /snap/bin in secure_path so
sudo
- snap: support for snap tasks --last=...
- cmd/snap-confine: remove obsolete debug message
- address review feedback, add a lot of comments :-), call
shellcheck on the completion scripts, fix a bug in compopt
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 11 May 2017 10:05:44 +0200
snapd (2.25) xenial; urgency=medium
* New upstream release, LP: #1686713
- interfaces/default: allow mknod for regular files, pipes and
sockets
- many: use "SNAP.APP as ALIAS" instead of => when listing
added/removed aliases
- cmd/snap-confine: write current mount profile
- cmd/snap-discard-ns: remove current profile when cleaning up
- many: support debian in our CI
- tests: tweak time for econnreset test a bit more
- cmd/snap-confine: re-enable re-assciate fix for CE
- many: aliases v2 cleanups
- cmd/snap-confine: don't use apparmor if it is disabled on boot
- many: implement `snap prefer <snap>` (aliases v2)
- many: adjust /aliases and "snap aliases" to aliases v2, also some
cleanup
- snapstate: normalize gadget defaults
- many: allow core refresh.schedule setting
- many: show alias changes on snap alias/unalias (aliases v2)
- client,cmd/snap: improve messaging on --devmode and --classic
- many: implement `snap unalias <alias-or-snap>` (aliases v2)
- store: retry on connection reset
- interfaces/mount: add Change.Perform
- tests: add openvswitch interface spread test
- interfaces/i2c: allow modifying device-specific sysfs entries
- interfaces: allow writing to /run/systemd/journal/stdout by
default
- tests: ensure travis fails early if static checks fail
- store,daemon: make store interpret channel="" as stable in most
cases
- overlord/snapstate: make UpdateAliases idempotent, simplify the
backend interface bits for aliases not used anymore (aliases v2)
- many: implement snap alias <snap.app> <alias> (aliases v2)
- snap-confine: add code to ensure that / or /snap is mounted
"shared"
- many: show available "tracks" in `snap info`
- cmd/snap: make users Xauthority file available in snap environment
- interfaces/mount: write current fstab files with mode 0644
- overlord: switch to aliases v2 tasks for install/refresh etc ops
plus transition
- tests: parameterize gadget snap channel (#3117)
- tests: copy .real profile as .real
- tests: add empty initrd failover test
- many: mount squashfs as read-only
- cmd: make locking around namespaces explicit
- tests: address review comments from #3186
- tests: add dbus interface spread test
- interfaces/mount: add ReadMountInfo and LoadMountInfo
- snap: require snap name for 'revert'
- overlord: maintain per-revision snapshots of snap configuration
- tests: relax network-bind interface regexps
- interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)
- store: retry once on hashsum mismatches in a Download()
- interfaces/builtin: don't panic if content plug has nil attrs
- interfaces/mount: pass mount.Profile to mount.NeededChanges
- packaging: add `built-using` header for 16.04 packaging
- interfaces: add media-hub interface
- interfaces/builtin: allow full access to properties iface of the
udisks service
- tests: handle case when both .real and plain are present
- interfaces/mount: add Change.String for readable output
- tests: ensure we mock force dev mode as well to fix FTBFS in
sbuild
- store: add more logs around retry in download
- interfaces/mount: add stub Change.{Needed,Perform}
- tests: allow installing snapd from -proposed for SRU validation
- interfaces/mount: parse mount options to map[string]string
- snap: added tasks subcommand
- tests: copy snap-confine apparmor profile into testbed
- interfaces/mount: improve go identifier names of mountinfo, parse
optional fields
- Arch Linux wants to respect FHS
(https://bugs.archlinux.org/task/53656),
- daemon: do not set RemoveSnapPath flag when doing a try
- debian: add maintscript helper to remove usr.lib.snapd.snap-
confine in snap-confine
- cmd/snap-confine: don't use plain "classic" term
- cmd/snap-confine: set TMPDIR and TEMPDIR each time
- many: fixes for `go vet` in go 1.7
- tests: add kernel-module-control interface test
- overlord/snapstate: introduce tasks for aliases v2 semantics with
temporary names for now (aliases v2)
- overlord/devicestate: switch to ssh-keygen for device key
generation
- snap: skip /dev/ram from auto-import assertions to make it less
noisy (#3010)
- interfaces: add kubernetes-support interface and adjust related
interfaces (LP: #1664638)
- tests: download previous snapd package from published versions
instead of specific PPA
- snap: run snap-confine from core if snap is also running from core
- overlord/ifacestate: automatically rename connections on core snap
- many: break the /aliases mutation API with a clean 400 (aliases
v2)
- interfaces/builting: allow read-only access to /sys/module
- tests: add extra test after the core transition for snap get/set
core
- store: misc cleanups in tests
- interfaces/mount: add parser for mountinfo entries
- store: tests for unexpected EOF
- tests: fix unity test
- interfaces,overlord: log interface auto-connection failures
- cmd/snap-update-ns: add C preamble for setns
- interfaces: validate plug/slot uniqueness
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 28 Apr 2017 07:57:49 +0200
snapd (2.24.1) xenial; urgency=medium
* New upstream release, LP: #1681799:
- fix autopkgtest failures with stable core snap
- ensure the snap-confine transitional package cleans up
the no-longer-used apparmor profile to fix the kernels
autopkgtest failures
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 19 Apr 2017 11:54:33 +0200
snapd (2.24) xenial; urgency=medium
* New upstream release, LP: #1681799:
- interfaces/mount: add InfoEntry type
- many: fix plug auto-connect during core transition
- interfaces: fold network bind into core support with tests
- .travis.yml: add option to make raw log less noisy
- interfaces: adjust shm accesses to use 'm' for updated mmap kernel
mediation
- many: rename two core plugs that clash with slot names
- snap-confine,browser-support: /dev/tty for snap-confine, misc
browser-support for gnome-shell
- store: add download test with EOF in the middle
- tests: adjust to look for network-bind-plug
- store: make hash error message more accurate
- overlord/snapstate: simplify AliasesStatus down to just an
AutoAliasesDisabled bool flag (aliases v2)
- errtracker: never send errtracker reports when running under
SNAPPY_TESTING
- interfaces/repo: validate slot/plug names
- daemon: Give the snap directories via GET /v2/system-info
- interfaces/unity7: support unity messaging menu
- interfaces/mount: add high-level Profile functions
- git: ignore only the cmd/Makefile{,.in}
- cmd: explicitly set _GNU_SOURCE and _FILE_OFFSET_BITS for xfs
support
- daemon: add desktop file location for app to the API
- overlord,release: disable classic snap support when not possible
- overlord: fix TestEnsureLoopPrune not to be so racy
- many: abstract path to /bin/{true,false}
- data/systemd: tweak data/systemd/Makefile to be slightly simpler
- store: handle EOF via url.Error check
- packaging: use templates for relevant systemd units
- tests: run gccgo only on ubuntu-16.04-64
- .travis.yml: remove travis matrix and do a single sequential run
- overlord/state: make sure that setting to nil a state key is
equivalent to deleting it
- tests: fix incorrect shell expression
- interfaces/mount: add OptsToFlags for converting arguments to
syscall…
- interfaces: add a joystick interface
- tests: enable docker test for more ubuntu-core systems
- tests: download and install additional dependencies when using
prepackaged snapd
- many: add support for partially static builds
- interfaces: allow slot to introspect dbus-daemon in dbus
interface, allow /usr/bin/arch by default
- interfaces/mount: fix golint issues
- interfaces/mount: add function for saving fstab-like file
- osutil: introducing GetenvInt64, like GetenvBool but Int64er.
- interfaces: drop udev tagging from framebuffer interface
- snapstate: more helpers to work with aliases state (aliases
v2)
- interfaces/mount: add function for parsing fstab-like file
- cmd: disable the re-associate fix as requested by jdstrand
- overlord/snapstate: unlock/relock the state less, especially not
across mutating the SnapState of a snap
- interfaces: allow executing ld.so (needed with new AppArmor base
abstraction)
- interfaces/mount: add function for parsing mount entries
- cmd: rework header check for xfs/xqm.h
- cmd: add poky to the list of distros which don't support reexec
- overlord: finish reorg, revert "be more conservative until we have
cut 2.23.x"
- cmd: select what socket to use in cmd/snap{,ctl}
- overlord: remove snap config values when snap is removed
- snapstate: introduce helper to apply to disk a alias states change
for a snap (aliases v2)
- configstate,hookstate: timeout the configure hook after 5 mins,
report failures to the errtracker
- interfaces/seccomp: add bind as part of the default seccomp policy
for hooks
- cmd: discard the C implementation of snap-update-ns
- tests: remove stale apt proxy leftover from cloud-init
- tests: move unity test to nightly suite
- interfaces: add support for location-observe for
dbus::ObjectManager session paths
- boot: log error in KernelOrOsRebootRequired
- interfaces: remove old API
- interfaces: use udev spec
- interfaces: convert systemd backend to new APIs
- osutil: add BootID
- tests: move docker test to new nightly suite
- interfaces/mount: compute mount changes required to transition
mount profiles
- data/selinux: add context definition for snapctl
- overlord: clean up organization under state packages
- overlord: make sure all managers packages have *state.go with the
main state manipulation/query APIs
- interfaces: use spec in the dbus backend
- store: download from authenticated URL if there is a device
session set
- tests: remove core_name variable
- interfaces: rename thumbnailer to thumbnailer-service
- interfaces: add chroot to base templates
- asserts: remove some unused things
- systemd: mount the squashfs with nodev
- overlord: when shutting down assume errors might be due to
cancellation so retry
- cmd: rename all unit tests to $command/unit-test
- cmd/snap: fix help string for version command
- asserts: don't allow revocations with other items for the same
developer
- tests: skip lp-1644439 test on older kernels
- interfaces: allow "sync" to be used by core support
- assertstate,snapstate: have assertstate.AutoAliases use the
"aliases" header
- interfaces: allow writing config.txt.tmp in the core-support
interface
- tests: adjust network-bind test
- interfaces: dbus backend spec
- asserts: introduce a snap-declaration "aliases" header to list
auto aliases with explicit targets
- cmd: enable large file support
- cmd/snap: handle missing snap-confine
- cmd/snap-confine: re-associate with pid-1 mount namespace if
required
- cmd/libsnap: make mountinfo structures public
- tests: fix interfaces-cups-control for zesty
- misc: revert "Log if the system goes into ForceDevMode"
- interfaces: seccomp tests cleanup
- cmd: validate SNAP_NAME
- interfaces: log if the system goes into ForceDevMode
- tests: fix classic-ubuntu-core-transition race
- interfaces: use apparmor spec in the apparmor backend
- interfaces: alphabetize framebuffer in base decl and add it to
all_test.go
- tests: add ubuntu-core-16-32 system to the external backend and
fix docker test
- cmd/libsnap: simplify sc_string_quote default case
- osutil: fix double expand in environment map code and add test
- interfaces: extend location-control out-of-process provider
support
- cmd/snap-update-ns: use bidirectional lists for mount entries
- tests: prevent automatic transition before setting the initial
state of the test
- release: detect if we are in ForcedDevMode by inspecting the
kernel
- tests: add core-snap-refresh test
- interfaces: add maliit input method interface
- interfaces: seccomp spec API tweaks for better tests
- interfaces: updates for mir-kiosk in browser-support, mir, opengl,
unity7
- testutils: address review feedback from PR#2997
- tests: specify the core version to be unsquashfs'ed in the
failover tests
- interfaces: use MockInfo in tests
- cmd/libsnap: add sc_quote_string
- cmd/snap-confine: use sc_do_umount everywhere
- interfaces: add unity8 plug permissions
- timeutil: a few helpers for the recurring events
- asserts: implement snap-developer type
- partition: deal with grub{,2}-editenv in tests
- many: add new (hidden) `snap debug ensure-state-soon` command and
use in tests
- interfaces/builtin: small refactor of dbus tests
- packaging, tests: use "systemctl list-unit-files --full"
everywhere
- many: some opensuse patches that are ready to go into master
- packaging: add opensuse permissions files
- client, daemon: move "snap list" name filtering into snapd.
- interfaces: use seccomp specs
- overlord/snapstate: small cleanup of
ensureForceDevmodeDropsDevmodeFromState
- interfaces/builtin/alsa: add read access to alsa state dir
- interfaces: use spec in kmod backend, updated firewall_control,
openvswitch_support, ppp
- cmd/snap-confine: use sc_do_mount everywhere
- tests: remove workaround for docker again, snap-declaration is
fixed now
- interfaces: interface to allow autopilot introspection
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 11 Apr 2017 13:31:46 +0200
snapd (2.23.6) xenial; urgency=medium
* New upstream release, LP: #1673568
- cmd: use the most appropriate snap/snapctl sockets
- tests: fix interfaces-cups-control for zesty
- configstate,hookstate: timeout the configure hook after 5 mins,
report failures
- packaging: rename the file shipping snap-confine AA profile to
workaround dpkg bug #858004
- many: ignore configure hook failures on core refresh to ensure
upgrades are always possible
- snapstate: restart as needed if we undid unlinking aka relinked
core or kernel snap
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 Mar 2017 15:30:35 +0200
snapd (2.23.5) xenial; urgency=medium
* New upstream release, LP: #1673568
- allow "sync" in core-support
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Mar 2017 18:13:43 +0100
snapd (2.23.4) xenial; urgency=medium
* New upstream release, LP: #1673568
- fix core-support interface for the new pi-config options
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Mar 2017 16:05:57 +0100
snapd (2.23.3) xenial; urgency=medium
* FTBFS due to missing files in vendor/
-- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Thu, 16 Mar 2017 19:56:55 +0100
snapd (2.23.2) xenial; urgency=medium
* New upstream release, LP: #1673568
- cmd/snap: handle missing snap-confine (#3041)
-- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Thu, 16 Mar 2017 19:38:24 +0100
snapd (2.23.1) xenial; urgency=medium
* New upstream release, LP: #1665608
- packaging, tests: use "systemctl list-unit-files --full"
everywhere
- interfaces: fix default content attribute value
- tests: do not nuke the entire snapd.conf.d dir when changing
store settings
- hookstate: run the right "snap" command in the hookmanager
- snapstate: revert PR#2958, run configure hook again everywhere
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 08 Mar 2017 14:29:56 +0100
snapd (2.23) xenial; urgency=medium
* New upstream release, LP: #1665608
- overlord: phase 2 with 2nd setup-profiles and hook done after
restart for core installation
- data: re-add snapd.refresh.{timer,service} with weekly schedule
- interfaces: allow 'getent' by default with some missing dbs to
various interfaces
- overlord/snapstate: drop forced devmode
- snapstate: disable running the configure hook on classic for the
core snap
- ifacestate: re-generate apparmor in InterfaceManager.initialize()
- daemon: DevModeDistro does not imply snapstate.Flags{DevMode:true}
- interfaces/bluez,network-manager: implement ConnectedSlot policy
- cmd: add helpers for mounting / unmounting
- snapstate: error in LinkSnap() if revision is unset
- release: add linuxmint 18 to the non-devmode distros
- cmd: fixes to run correctly on opensuse
- interfaces: consistently use 'const' instead of 'var' for security
policy
- interfaces: miscellaneous policy updates for unity7, udisks2 and
browser-support
- interfaces/apparmor: compensate for kernel behavior change
- many: only tweak core config if hook exists
- overlord/hookstate: don't report a run hook output error without
any context
- cmd/snap-update-ns: move test data and helpers to new module
- vet: fix vet error on mount test.
- tests: empty init (systemd) failover test
- cmd: add .indent.pro file to the tree
- interfaces: specs for apparmor, seccomp, udev
- wrappers/services: RemainAfterExit=yes for oneshot daemons w/ stop
cmds
- tests: several improvements to the nested suite
- tests: do not use core for "All snaps up to date" check
- cmd/snap-update-ns: add function for sorting mount entries
- httputil: copy some headers over redirects
- data/selinux: merge SELinux policy module
- kmod: added Specification for kmod security backend
- tests: failover test for rc.local crash
- debian/tests: map snapd deb pockets to core snap channels for
autopkgtest
- many: switch channels on refresh if needed
- interfaces/builtin: add /boot/uboot/config.txt access to core-
support
- release: assume higher version of supported distros will still
work
- cmd/snap-update-ns: add compare function for mount entries
- tests: enable docker test
- tests: bail out if core snap is not installed
- interfaces: use mount.Entry instead of string snippets.
- osutil: trivial tweaks to build ID support
- many: display kernel version in 'snap version'
- osutil: add package for reading Build-ID
- snap: error when `snap list foo` is run and no snap is installed
- cmd/snap-confine: don't crash if nvidia module is loaded but
drivers are not available
- tests: update listing test for latest core snap version update
- overlord/hookstate/ctlcmd: helper function for creating a deep
copy of interface attributes
- interfaces: add a linux framebuffer interface
- cmd/snap, store: change error messages to reflect latest UX doc
- interfaces: initial unity8 interface
- asserts: improved information about assertions format in the
Decode doc comment
- snapstate: ensure snapstate.CanAutoRefresh is nil in tests
- mkversion.sh: Add support for taking the version as a parameter
- interfaces: add an interface for use by thumbnailer
- cmd/snap-confine: ensure that hostfs is root owned.
- screen-inhibit-control: add methods for delaying screensavers
- overlord: optional device registration and gadget support on
classic
- overlord: make seeding work also on classic, optionally
- image,cmd/snap: refactoring and initial envvar support to use
stores needing auth
- tests: add libvirt interface spread test
- cmd/libsnap: add helper for dropping permissions
- interfaces: misc updates for network-control, firewall-control,
unity7 and default policy
- interfaces: allow recv* and send* by default, accept4 with accept
and other cleanups
- interfaces/builtin: add classic-support interface
- store: use xdelta3 from core if available and not on the regular
system
- snap: add contact: line in `snap info`
- interfaces/builtin: add network-setup-control which allows rw
access to netplan
- unity7: support missing signals and methods for status icons
- cmd: autoconf for RHEL
- cmd/snap-confine: look for PROCFS_SUPER_MAGIC
- dirs: use the right snap mount dir for the distribution
- many: differentiate between "distro" and "core" libexecdir
- cmd: don't reexec on RHEL family
- config: make helpers reusable
- snap-exec: support nested environment variables in environment
- release: add galliumos support
- interfaces/builtin: more path options for serial
- i18n: look into core snaps when checking for translations
- tests: nested image testing
- tests: add basic test for docker
- hookstate,ifacestate: support snapctl set/get slot and plug attrs
(step 3)
- cmd/snap: add shell completion to connect
- cmd: add functions to load/save fstab-like files
- snap run: create "current" symlink in user data dir
- cmd: autoconf for centos
- tests: add more debug if ubuntu-core-upgrade fails
- tests: increase service retries
- packaging/ubuntu-14.04: inform user how to extend PATH with
/snap/bin.
- cmd: add helpers for working with mount/umount commands
- overlord/snapstate: prepare for using snap-update-ns
- cmd: use per-snap mount profile to populate the mount namespace
- overlord/ifacestate: setup seccomp security on startup
- interface/seccomp: sort combined snippets
- release: don't force devmode on LinuxMint "serena"
- tests: filter ubuntu-core systems for authenticated find-private
test
- interfaces/builtin/core-support: Allow modifying logind
configuration from the core snap
- tests: fix "snap managed" output check and suppress output from
expect in the authenticated login tests
- interfaces: shutdown: also allow shutdown/reboot/suspend via
logind
- cmd/snap-confine-tests: reformat test to pass shellcheck
- cmd: add sc_is_debug_enabled
- interfaces/mount: add dedicated mount entry type
- interfaces/core-support: allow modifying systemd-timesyncd and
sysctl configuration
- snap: improve message after `snap refresh pkg1 pkg2`
- tests: improve snap-env test
- interfaces/io-ports-control: use /dev/port, not /dev/ports
- interfaces/mount-observe: add quotactl with arg filtering (LP:
#1626359)
- interfaces/mount: generate per-snap mount profile
- tests: add spread test for delta downloads
- daemon: show "$snapname (delta)" in progress when downloading
deltas
- cmd: use safer functions in sc_mount_opt2str
- asserts: introduce a variant of model assertions for classic
systems
- interfaces/core-support: allow modifying snap rsyslog
configuration
- interfaces: remove some syscalls already in the default policy
plus comment cleanups
- interfaces: miscellaneous updates for hardware-observe, kernel-
module-control, unity7 and default
- snap-confine: add the key for which hsearch_r fails
- snap: improve the error message for `snap try`
- tests: fix pattern and use MATCH in find-private
- tests: stop tying setting up staging store access to the setup of
the state tarball
- tests: add regression spread test for #1660941
- interfaces/default: don't allow TIOCSTI ioctl
- interfaces: allow nice/setpriority to 0-19 values for calling
process by default
- tests: improve debug when the core transition test hangs
- tests: disable ubuntu-core->core transition on ppc64el (its just
too slow)
- snapstate: move refresh from a systemd timer to the internal
snapstate Ensure()
- tests/lib/fakestore/refresh: some more info when we fail to copy
asserts
- overlord/devicestate: backoff between retries if the server seems
to have refused the serial-request
- image: check kernel/gadget publisher vs model brand, warn on store
disconnected snaps
- vendor: move gettext.go back to github.com/ojii/gettext.go
- store: retry on 502 http response as well
- tests: increase snap-service kill-timeout
- store,osutil: use new osutil.ExecutableExists(exe) check to only
use deltas if xdelta3 is present
- cmd: fix autogen.sh on fedora
- overlord/devicemgr: fix test: setup account-key before using the
key for signing
- cmd: add /usr/local/* to PATH
- cmd: add sc_string_append
- asserts: support for correctly suggesting format 2 for snap-
declaration
- interfaces: port mount backend to new APIs, unify content of per
app/hook profiles
- overlord/devicestate: implement policy about gadget and kernel
matching the model
- interfaces: allow sched_setscheduler again by default
- debian: update breaks/replaces for snap-confine->snapd
- debian: move the snap-confine packaging into snapd
- 14.04/integrationtests: rely on upstart to restart ssh.
- store: enable download deltas on classic by default
- spread: add unit suite
- snapctl: add config in client to disable auth and use it in
snapctl
- overlord/ifacestate: register all security backends with the
repository
- overlord,tests: have enable/disable affect security profiles
- tests: install ubuntu-core from the same channel as core
- overlord: move configstate.Transaction into config package
- seccomp-support.c: add PF_* domains which can be used instead of
AF_*
- store: always log retry summary when SNAPD_DEBUG is set
- tests: parameterize kernel snap channel
- snapenv: do not append ":" to the SNAP_LIBRARY_PATH
- interfaces/builtin: refine the content interface rules using $SLOT
- asserts,interfaces/policy: add support for
$SLOT()/$PLUG()/$MISSING in *-attributes constraintsThis adds
support for $SLOT(arg), $PLUG(arg) and $MISSING attribute
constraints in plugs and slots rules in snap-declarations:
- cmd/snap-confine: add snap-confine command line parser module
- tests: remove (some) garbage files found by restore cleanup
analysis
- cmd: fix issues uncovered by valgrind
- tests: fix typo in systems name
- cmd: collect string utilities in one module, add missing tests
- cmd: rename mountinfo to sc_mountinfo
- tests: allow to install snapd debs from a ppa instead of building
them
- spread: remove state tar on project restore
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Feb 2017 12:21:42 +0100
snapd (2.22.7) xenial; urgency=medium
* New upstream release:
- errtracker,overlord/snapstate: more info in errtracker reports
- interfaces/apparmor: compensate for kernel behavior change
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 24 Feb 2017 19:24:11 +0100
snapd (2.22.6) xenial; urgency=medium
* New upstream release, LP: #1667105
- overlord/ifacestate: don't fail if affected snap is gone
- revert #2910: osutil: add package for reading Build-ID (#2918)
- errtracker: include the build-id of host and core snapd (#2912)
- errtracker: include the number of ubuntu-core -> core retries
(#2915)
- snapstate: retry ubuntu-core -> core transition every 6h (#2914)
- osutil: add package for reading Build-ID (#2910)
- errtracker: include kernel version in error reports (#2905)
- release: return "unknown" if uname fails
- many: rebased uname branch for 2.22
- errtracker: include snapd version in err reports
- overlord/ifacestate: don't unconditionally retry stuff (#2906)
- snapstate: fix incorrect cut of the timestamps for the error
reports (#2908)
- tests: update listing test for latest core snap version update
-- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Wed, 22 Feb 2017 23:34:23 +0100
snapd (2.22.5) xenial; urgency=medium
* Fix FTBFS due to machine-id file
-- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Tue, 21 Feb 2017 09:43:42 +0100
snapd (2.22.4) xenial; urgency=medium
* New bugfix release:
- errtracker: add support for error reporting via daisy.ubuntu.com
- snapstate: allow for 6 retries for the core transition
- httputils: ensure User-Agent works across redirects
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 21 Feb 2017 09:07:10 +0100
snapd (2.22.3) xenial; urgency=medium
* New bugfix release, LP: #1665729:
- Limit the number of retries for the ubuntu-core -> core
transition to fix possible store overload.
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Feb 2017 18:58:34 +0100
snapd (2.22.2) xenial; urgency=medium
* New upstream release, LP: #1659522
- cherry pick fix for sched_setscheduler regression
(LP: #1661265)
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 02 Feb 2017 17:13:51 +0100
snapd (2.22.1) xenial; urgency=medium
* New upstream release, LP: #1659522
- cherry pick fix for snapctl auth.json handling
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 01 Feb 2017 17:09:31 +0100
snapd (2.22) xenial; urgency=medium
* New upstream release, LP: #1659522
- many: make ubuntu-core-launcher mostly go
- interfaces/builtin: add account-control interface
- interfaces/builtin: add missing syscalls to core-support needed
for systemctl
- interfaces/builtin: rework core-support to only allow full access
to systemctl
- debian/tests: drop stale autopkgtest dependencies.
- tests: make the debugging of c-unit-tests more useful
- store: retry auth-related requests
- tests: integration test for system reload
- snap: be more helpful in the `snap install <already-installed>`
error message
- tests: set SNAPPY_USE_STAGING_STORE in su call
- tests: use test snap
- spread: set SNAPD_DEBUG=1 in the core snap as well
- tests: add extra debugging to security-setuid-root test
- cmd,snap,wrappers: systemd reload command support
- interfaces: builtin: mir: Allow recv and send
- overlord/ifacestate: use ParseConnRef
- overlord/snapstate,overlord/ifacestate: add automatic ubuntu-core
-> core transition
- debian: remove aliases as well in snapd.postrm
- many: change interfaces.ParseID to return value
- interfaces/opengl: allow access to the nvidia abstract socket
- overlord, daemon: flag failures feature fancy forms.
- many: add --classic support to try and revert, and make missing
these things a little harder
- interfaces: allow reading non-PCI-attached usb devices via raw-usb
- many: rename snap-alter-ns to snap-update-ns
- interfaces/builtin: add core-support
- store: increase the retry.LimitTime()
- debian: move the packaging out into package/$id-$version_id
- overlord/stapstate: don't use unkeyed fields
- many: add stub implementation of snap-alter-ns
- asserts: improve error message when key is not valid at the given
time
- snapstate, ifacestate: add snapstate.CheckChangeConflict() to
ifacestate.{Connect,Disconnect}
- debian: remove trusty specific bits
- docs: Add a note about building snapd.
- interfaces: miscellaneous updates for default and network-control
- daemon: bubble out store.ErrSnapNotFound in the findOne codepath
- store: add retry logging into download as well
- snap: show price in `snap info`
- cmd: add fault injection support code
- interfaces: network-manager: allow rw access to /etc/netplan
- debian: move systemd files out of ./debian and into ./data/systemd
- asserts: implement SuggestFormat to help avoid specifying the
wrong format iteration for an assertion
- many: detect potentially insecure use of snap-confine
- interfaces: allow querying added security backends
- cmd: ensure that all .c files have a -test.c file
- asserts: don't use 'context' for the path of attributes, want to
reuse the concept for something else
- interfaces: abbreviate ConnRef construction
- tests: ensure systemd override directory is available before using
it
- cmd: more build system cleanups and a small fix
- tests: increase retries for service up
- cmd: move seccomp cleanup function to seccomp-support
- many: auto-connect plugs and slots symmetrically
- overlord: use a ticker for the pruning
- interfaces/builtin: add uhid interface
- cmd/snap-confine: add shutdown helper
- tests: fix path used when debugging
- cmd: switch to non-recursive make
- overlord/ifacestate: setup security of snaps affected by auto-
connection
- spread: refresh apt cache before first install
- overlord: allow max 500 changes in "ready" state to avoid growing
changes for 24h
- snap: add {Plug,Slot}Info.SecurityTags
- cmd: move snap-discard-ns to dedicated directory
- tests: skip i18n test when no "snappy.mo" file is available
- interfaces,overlord/ifacestate: small refactor around reference
methods
- tests: remove the snapd dirs last (should fix random test errors)
- interfaces: mm: permissions for protocol proxies
- interfaces/builtin: add evolution interfaces
- many: extract the logging http client and user-agent handling for
use in devicestate
- interfaces: unity8-download-manager is the chosen name for this
interface.
- tests: add "quiet" wrapper function that only prints output on
failure
- tests: fix failing snapd-reexec test
- docs: simplify HACKING.md that snapd itself supports setting up
the sockets
- overlord: flag required-snaps from model as required and prevent
removing them
- spread: exclude .o and .a files
- tests: parameterize remote store
- cmd: fix hardcoded paths to rst2man and support rst2man.py
- tests: improve debug output when reexec is used
- tests: disable ipv6 before unpacking delta
- interfaces: add new interface API
- tests: change TRUST_TEST_KEYS to be controlled from the host
- spread: add boilerplate for Linode delta uploads
- wrappers: add support for the X-Ayatana-Desktop-Shortcuts=
extension
- partition: add support for native grubenv read/write and use it
- tests: add test ensuring manual pages are shipped
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 27 Jan 2017 23:18:57 +0100
snapd (2.21-2) unstable; urgency=medium
* Modify snap-confine's apparmor rules to work on Debian when apparmor is
enabled on the kernel command line.
-- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Wed, 25 Jan 2017 10:26:51 +1300
snapd (2.21-1) unstable; urgency=medium
* New upstream release.
* Disable i18n so the package can build in stretch without new packages.
-- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Mon, 16 Jan 2017 11:15:32 +1300
snapd (2.21) xenial; urgency=medium
* New upstream release, LP: #1656382
- daemon: re-enable reexec
- interfaces: allow reading installed files from previous revisions
by default
- daemon: make activation optional
- tests: run all snap-confine tests in c-unit-tests task
- many: fix abbreviated forms of disconnect
- tests: switch more tests to MATCH
- store: export userAgent. daemon: print store.UserAgent() on
startup.
- tests: test classic confinement `snap list` and `snap info`
output
- debian: skip snap-confine unit tests on nocheck
- overlord/snapstate: share code between Update and UpdateMany, so
that it deals with auto-aliases correctly
- interfaces: upower-observe: refactor to allow snaps to provide a
slot
- tests: add end-to-end store test for classic confinement
- overlord,overlord/snapstate: have UpdateMany retire/enable auto-
aliases even without new revision
- interfaces/browser-support: add @{PROC}/@{pid}/fd/[0-9] w and misc
/run/udev
- interfaces/builtin: add physical-memory-* and io-ports-control
- interfaces: allow getsockopt by default since it is so commonly
used
- cmd/snap, daemon, overlord/snapstate: tests and fixes for "snap
refresh" of a classic snap
- interfaces: allow read/write access of real-time clock with time-
control interface
- store: request no CDN via a header using SNAPPY_STORE_NO_CDN
envvar
- snap: add information about tracking channel (not just actual
channel)
- interfaces: use fewer dot imports
- overlord/snapstate: remove restrictions on ResetAliases
- overlord, store: move confinement filtering to the overlord (from
The Store)
- many: move interface test helpers to ifacetest package
- many: implement 'snap aliases'
- vet: fix for unkeyed fields error on aliases_test.go
- interfaces: miscellaneous policy updates for network-control,
unity7, pulseaudio, default and home
- tests: test for auto-aliases
- interface hooks: connect plug slot hooks (step 2)
- cmd/snap: fix internal naming in snap connect
- snap: use "size" as the json tag in snap.ChannelSnapInfo
- tests: restore the missing initialization of iface manager causing
race
- snap: fix missing sizes in `snap info <remote-snap>`
- tests: improve cleanup for c-unit-tests
- cmd/snap-confine: build non-installed libsnap-confine-private.a
- cmd/snap-confine: small tweaks to seccomp support code
- interfaces/docker-support: allow /run/shm/aufs.xeno for 14.04
- many: obtain installed snaps developer/publisher username through
assertions
- store: setting of fields for details endpoint
- cmd/snap-confine: check for rst2man on configure
- snap: show `snap --help` output when just running `snap`
- interface/builtin: drop the obsolete checks in udisks2
SanitizeSlot
- cmd/snap: remove currency switch following UX review
- spread: find top-level directory before running generate-
packaging-dir
- interface hooks: prepare plug slot hooks (step 1)
- i18n: use github.com/mvo5/gettext.go (pure go) for i18n to avoid
cgo
- many: put a marker in the User-Agent sent by snapd/snap when under
testingThe User-Agent will look like:
- tests: fix -reuse and -resend when govendor is missing
- snap: provide friendlier `snap find` message when no snaps are
found
- tests: fix mkversions.sh failure on zesty
- spread: install build-essential unconditionally
- spread: improve qemu ubuntu-14.04-{32,64} support
- overlord/snapstate,daemon: implement GET /v2/aliases handling
- store: retry user info request
- tests: port more snap-confine regression tests
- tests: cancel the scheduled reboot on ubuntu-core-upgrade-no-gc
and restore state
- tests: debug zesty autopkgtest failures
- overlord/snapstate: use keyed fields on literals
- tests: use MATCH in install-remove-multi
- tests: increase wait time for service to be up
- tests: make debug-each succeed if DENIED doesn't match
- tests: skip packaging dir generation for non-git based autopkgtest
runs
- tests: port refresh-all-undo to MATCH
- tests: improve snap connect test
- tests: port additional snap-confine regression tests
- tests: show --version when it matches unknown
- tests: optionally use apt proxy for qemu
- tests: add hello-classic test
- many: behave more consistently when pointed to staging and
possibly the fake store
- overlord/ifacestate: remove stale comments
- interfaces/apparmor: ignore snippets in classic confinement
- tests: port first regression test from snap-confine
- cmd/snap-confine: disable old tests
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 13 Jan 2017 19:39:51 +0100
snapd (2.20.1) xenial; urgency=medium
* New upstream release, LP: #1648520
- tests: enable the ppc64el tests again
- tests: add classic confinement test
- tests: run snap confine tests in debian/rules already
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 19 Dec 2016 11:53:29 +0100
snapd (2.20-2) unstable; urgency=medium
* Replace unversioned Conflicts on snap package with versioned
Breaks/Replaces, now that snap has dropped /usr/bin/snap.
Closes: #849162.
-- Steve Langasek <vorlon@debian.org> Sun, 25 Dec 2016 17:50:25 -0600
snapd (2.20-1) unstable; urgency=medium
* New upstream release.
* Update one test (cmd/snap/cmd_interfaces_test.go) to cope with the newer
golang-go-flags-dev in unstable.
* Explicitly include 'udev' in Build-Depends.
* Add tzdata to Build-Depends to avoid ftbfs. (Closes: #848754)
-- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Mon, 19 Dec 2016 11:43:55 +1300
snapd (2.20) xenial; urgency=medium
* New upstream release, LP: #1648520
- many: implement "snap alias --reset" using snapstate.ResetAliases
- debian: use a packaging branch for 14.04
- store: retry downloads on io.Copy errors and sha3 checksum errors
- snap: show apps in `snap info`
- store: send an explicit X-Ubuntu-Classic header to the store
- overlord/snapstate: implement snapstate.ResetAliases
- interfaces/builtin: add dbus interface
- tests: fix tests on 17.04
- store: use mocked retry strategy to make store tests faster
- overlord: apply auto-aliases information from the snap-declaration
on install or refresh
- many: prepare landing on trusty
- many: implement snap unalias using snapstate.Unalias
- overlord/snapstate: fixing the placement/grouping of some
functions
- interfaces: support network namespaces via 'ip netns' in network-
control
- interfaces/builtin: fix pulseaudio apparmor rules
- interfaces/builtin: add iio interface
- tests: update custom core snap with the freshly build snap-confine
- interfaces: use sysd.{Disable,Stop} instead of sysd.DisableNow()
- overlord,overlord/snapstate: implement snapstate.Unalias by
generalizing the "alias" task
- interfaces: misc openstack snap enablement
- cmd/snap: mock terminal.ReadPassword instead of using /dev/ptmx
- notifications, daemon: kill the unsupported events endpoint
- client: only allow Dangerous option in InstallPath
- overlord/ifacestate: no interface checks if no snap id
- many: implement alias command
- snap: tweak snap install output as designed by Mark
- debian: fix Pre-Depends on dpkg
- tests: check if snap-confine --version is unknown
- cmd/snap-confine: allow content interface mounts
- tests: remove ppa:snappy-dev/image again
- interfaces/apparmor: allow access to core snap
- tests: remove snap-confine/ubuntu-core-launcher after the tests
- overlord,overlord/snapstate: implement snapstate.Alias
- cmd/snap: reject "snap disconnect foo"
- debian: add split ubuntu-core-launcher and snap-confine packages
- cmd: fix mkversion.sh and add regression test
- overlord/snapstate: setup/remove aliases as we link/unlink snaps
- cmd/snap,tests: alias support in snap run
- snap/snapenv: don't obscure HOME if snap uses classic confinement
- store: decode response.Body json inside retry loops
- cmd/snap-confine: fix compilation on platforms with gcc < 4.9.0
- vendor: update tomb package fixing context support
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 15 Dec 2016 22:07:08 +0100
snapd (2.19) xenial; urgency=medium
* New upstream release, LP: #1648520
- cmd/snap-confine: disable support for XDG_RUNTIME_DIR
- cmd/snap-confine/tests: fix stale path after move to snapd
- cmd/snap-confine: don't use __attribute__((nonull))
- snap: add description to `snap info`
- snap: show last refresh time
- store: switch default delta format from xdelta to xdelta3
- interfaces: fix system-observe interface to work with ps_mem
- debian: add missing ca-certificates dependency
- cmd/snap-confine: add support for classic confinement
- snapstate/backend: add backend methods to manage aliases
- tests: re-enable snap-confine unit tests via spread
- many: merge snap-confine into snapd
- many: add support for classic confinement
- snap: abort install with ctrl+c
- cmd/snap: change terms accept URL following UX review
- interfaces/apparmor: use distinct apparmor template for classic
- snap: add snap size to `snap info`
- interfaces: add unconfined access to modem-manager
- snap: support for parsing and exposing on snap.Info aliases
- debian: disable autopkgtests on ppc64el
- snap: disable support for socket activation
- tests: fix incorrect restore of the current symlink
- asserts: introduce auto-aliases header in snap-declaration
- interfaces/seccomp: add support for classic confinement
- tests: do not use external snaps
- daemon: close the dup()ed file descriptor to not leak it
- overlord, daemon, progress: enable building snapd without CGO
- daemon, store: let snap info find things in any channel
- store: retry tweaks and logging
- snap: Improve `snap --help` output as designed by Mark
- interfaces/builtin: fix incorrect udev rule in i2c
- overlord: increase test timeout and improve failure message
- snap: remove unused experimental command
- debian: remove unneeded conflict against the "snappy" package
- daemon, strutil: move daemon.quotedNames to strutil.Quoted
- docs: document SNAP_DEBUG_HTTP in HACKING.md
- cmd/snap: have some completers
- snap: support "daemon: notify" in snap.yaml
- snap: fix try command when daemon linie is added
- interfaces: apparmor support for classic confinement
- debian/rules: build with -buildoptions=pie
- tests: include /boot in saved state (including bootenv and any
kernels)
- daemon: ensure `snap try` installs core if it's missing
- tests: save/restore /snap/core/current symlink
- tests: decrease the number of expected featured apps
- tests: add set -e to the prepare ssh script
- cmd/snap: add tests for section completion; fix bugs.
- cmd/snap: document 'snap list --all'
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 08 Dec 2016 16:16:04 +0100
snapd (2.18.1) xenial; urgency=medium
* New upstream release, LP: #1644625
- daemon: fix crash when `snap refresh` contains a single update
- fix unhandled error from io.Copy() in download()
- interfaces/builtin: fix incorrect udev rule in i2c
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 05 Dec 2016 15:04:13 +0100
snapd (2.18) xenial; urgency=medium
* New upstream release, LP: #1644625
- store: retry on io.EOF
- tests: skip pty tests on ppc64el and powerpc
- client, cmd/snap: introducing "snap info"
- snap: do exit 0 on install/remove if that snap is already
installed or already removed
- snap: add `snap watch <change-id>` to attach to a running change
- store: retry downloads using retry loop
- snap: try doesn't require snap-dir when run in snap's directory
- daemon: show what will change in the "refresh-all" changes
- tests: disable autorefresh for the external backend
- snap: add `snap list -a` to show all snaps (even inactive ones)
- many: unify boolean env var handling
- overlord/ifacestate: don't setup jailmode snaps with devmode
confinement
- snapstate: do not garbage collect the snaps used by the bootenv
- debian: drop hard xdelta dependency for now
- snap: make `snap login` ask for email if not given as argument
- osutil: fix build on armhf (arm in go-arch) and powerpc (ppc in
go-arch)
- many: rename DevmodeConfinement to DevModeConfinement
- store: resp.Body.Close() missing in ReadyToBuy
- many: use ConfinementOptions instead of ConfinementType
- snap, daemon, store: fake the channel map in the REST API
- misc: run github.com/gordonklaus/ineffassign as part of the static
checks
- docs: add goreportcard badge and remove coveralls badge
- tests: force gofmt -s in static checks
- many: run gofmt -s -w on all the code
- store: DRY actual retry code
- many: fix various errors uncovered by goreportcard.com
- interfaces/builtin: allow additional shared memory for webkit
- many: some more missing snapState->snapst
- asserts: introduce an optional freeform display-name for model
- interfaces/builtin: rename usb-raw to raw-usb
- progress: init pbar with correct total value
- daemon/api.go: add quotedNames() helper
- interfaces: add ConfinementOptions type
- tests: add a test about the extra bits that prepare-device can
specify for device registration
- tests: check that gpio device nodes are exported after reboot
- tests: parameterize core channel with env var for classic too
- many: rename variable "ss" to "snapsup" or "snapst" or "st"
(depending on context)
- tests: do not use external snaps in spread
- store: retry buy request
- store: retry store.Find
- store: retry assertion store call
- store: retry call for snap details
- many: use snap.ConfinementType rather than bool devmode
- daemon: if a bad snap is posted it is not an internal error but a
bad request
- client: add "Snap.Screenshots" to the client API
- interfaces: update base declaration documentation and policy for
on-classic and snap-type
- store: check payment method before TOS for a better UX
- interfaces: allow sched_setaffinity in process-control
- tests: parameterize core channel with env var
- tests: ensure that the XDG_ env contains at least XDG_RUNTIME_DIR
- interfaces: fcitx also listens on the session bus for Qt apps
- store: retry ListRefresh
- snap: use "Password of <email>:" in the `snap login`
- many: reshuffle how we load/inject tests keys so image doesn't
need assertstate anymore
- store: use range requests if we have a local file already
- dirs,interfaces,overlord,snap,snapenv,test: export per-snap
XDG_RUNTIME_DIR per user
- osutil: make RealUser only look at SUDO_USER when uid==0
- tests: do not use the ppa:snappy-dev/image in the tests
- store: retry readyToBuy request
- tests: increase `expect` timeouts
- static tests: add spell check
- tests: add debug to all flaky expect tests
- systemd: correct the mount arguments when mounting with squashfuse
- interfaces: add avahi-observe
- store: bring delta downloads back
- interfaces: add alsa
- interfaces/builtin: fix a broken test that snuck into master
- osutil: add chattr funcs
- image: init "snap_mode" on image creation time to avoid ugly
messages
- tests: test-snapd-fuse-consumer needs python-fuse as a build-
package
- interfaces/builtin: add i2c interface
- interfaces: add ofono interface
- tests: do not use hello-world in our tests
- snap: add support for classic confinement
- interfaces: remove LegacyAutoConnect() from the interfaces
- interfaces: miscellaneous policy updates
- tests: run autopkgtests in the autopkgtest.ubuntu.com
infrastructure
- Implement lxd-client interface exposing the lxd snap
- asserts: validate optional account username
- many: remove unnecessary snap name parameter from buying endpoint
- tests: do not hardcode the size of /dev/ram0
- tests: add test that ensures the right content for /etc/os-release
- spread tests: fix snap mode check
- docs: fix path for source files location in HACKING.md
- interfaces/builtin/mir: allow slot to make recvfrom syscalls
- store: sections/featured snaps store support
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 24 Nov 2016 19:43:08 +0100
snapd (2.17.1) xenial; urgency=medium
* New upstream release, LP: #1637215:
- release: os-release on core has changed
- tests: /dev/ptmx does not work on powerpc, skip here
- docs: moved to github.com/snapcore/snapd/wiki (#2258)
- debian: golang is not installable on powerpc, use golang-any
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 04 Nov 2016 18:13:10 +0200
snapd (2.17) xenial; urgency=medium
* New upstream release, LP: #1637215:
- overlord/ifacestate: add unit tests for undo of setup-snap-
security (#2243)
- daemon,overlord,snap,tests: download to .partial in final dir
(#2237)
- overlord/state: marshaling tests for lanes (#2245)
- overlord/state: introduce state lanes (#2241)
- overlord/snapstate: fix revert+refresh (#2224)
- interfaces/sytemd: enable/disable generated service units (#2229)
- many: fix incorrect security files generation on undo
- overlord/snapstate: add dynamic snapdX.Y assumes (#2227)
- interfaces: network-manager: give slot full read-write access to
/run/NetworkManager
- docs: update the name of the command for the cross-build
- overlord/snapstate: fix missing argument to Noticef
- snapstate: ensure gadget/core/kernel can not be disabled (#2218)
- asserts: limit to 1y only if len(models) == 0 (#2219)
- debian: only install share/locale if available (missing on
powerpc)
- overlrod/snapstate: fix revert followed by refresh to old-current
(#2214)
- interfaces/builtin: network-manager and bluez can change hostname
(#2204)
- snap: switch the auto-import dir to /run/snapd/auto-import
- docs: less details about cloud.cfg as requested in trello (#2206)
- spread.yaml: Ensure ubuntu user has passwordless sudo for
autopkgtests (#2201)
- interfaces/builtin: add dcdbas-control interface
- boot: do not set boot to try mode if the revision is unchanged
- interfaces: add shutdown interface (#2162)
- interfaces: add system-power-control interface
- many: use the new systemd backend for configuring GPIOs
- overlord/ifacestate: setup security for slots before plugs
- snap: spool assertion candidates if snapd is not up yet
- store,daemon,overlord: download things to a partials dir
- asserts,daemon: implement system-user-authority header/concept
- interfaces/builtin: home base declaration rule using on-classic
for its policy
- interfaces/builtin: finish decl based checks
- asserts: bump snap-declaration to allow signing with new-style
plugs and slots
- overlord: checks for kernel installation/refresh based on model
assertion and previous kernel
- tests/lib/fakestore: fix logic to distinguish assertion not found
errors
- client: add a few explicit error types (around the request cycle)
- tests/lib/fakestore/cmd/fakestore: make it log, and fix a typo
- overlord/snapstate: two bugs for one
- snappy: disable auto-import of assertions on classic (#2122)
- overlord/snapstate: move trash cleanup to a cleanup handler
(#2173)
- daemon: make create-user --known fail on classic without --force-
managed (#2123)
- asserts,interfaces/policy: implement on-classic plug/slot
constraints
- overlord: check that the first installed gadget matches the model
assertion
- tests: use the snapd-control-consumer snap from the store
- cmd/snap: make snap run not talk to snapd for finding the revision
- snap/squashfs: try to hard link instead of copying. Also, switch
to osutil.CopyFile for cp invocation.
- store: send supported max-format when retrieving assertions
- snapstate, devicestate: do not remove seed
- boot,image,overlord,partition: read/write boot variables in single
operation
- tests: reenable ubuntu-core tests on qemu
- asserts,interfaces/policy: allow OR-ing of subrule constraints in
plug/slot rules
- many: move from flags as ints to flags as structs-of-bools (#2156)
- many: add supports for keeping and finding assertions with
different format iterations
- snap: stop using ubuntu-core-launcher, use snap-confine
- many: introduce an assertion format iteration concept, refuse to
add unsupported assertion
- interfaces: tweak wording and comment
- spread.yaml: dump apparmor denials on spread failure
- tests: unflake ubuntu-core-reboot (#2150)
- cmd/snap: tweak unknown command error message (#2139)
- client,daemon,cmd: add payment-declined error kind (#2107)
- cmd/snap: update remove command help (#2145)
- many: removed frameworks target and fixed service files (#2138)
- asserts,snap: validate attributes to a JSON-compatible type subset
(#2140)
- asserts: remove unused serial-proof type
- tests: skip auto-import tests on systems without test keys (#2142)
- overlord/devicestate: don't spam the debug log on classic (#2141)
- cmd/snap: simplify auto-import mountinfo parsing (#2135)
- tests: run ubuntu-core upgrades on isolated machine (#2137)
- overlord/devicestate: recover seeding from old external approach
(#2134)
- overlord: merge overlord/boot pkg into overlord/devicestate
(#2118)
- daemon: add postCreateUserSuite test suite (#2124)
- tests: abort tests if an update process is scheduled (#2119)
- snapstate: avoid reboots if nothing in the boot setup has changed
(#2117)
- cmd/snap: do not auto-import from loop or non-dev devices (#2121)
- tests: add spread test for `snap auto-import` (#2126)
- tests: add test for auto-mount assertion import (#2127)
- osutil: add missing unit tests for IsMounted (#2133)
- tests: check for failure creating user on managed ubuntu-core
systems (#2096)
- snap: ignore /dev/loop addings from udev (#2111)
- tests: remove snapd.boot-ok reference (#2109)
- tests: enable tests related to the home interface in all-snaps
(#2106)
- snapstate: only import defaults from gadget on install (#2105)
- many: move firstboot code into the snapd daemon (#2033)
- store: send correct JSON type of string for expected payment
amount (#2103)
- cmd/snap: rename is-managed to managed and tune (#2102)
- interfaces,overlord/ifacestate: initial cleaning up of no arg
AutoConnect related bits (#2090)
- client, cmd: prompt for password when buying (#2086)
- snapstate: fix hanging `snap remove` if snap is no longer mounted
- image: support gadget specific cloud.conf file (#2101)
- cmd/snap,ctlcmd: fix behavior of snap(ctl) get (#2093)
- store: local users download from the anonymous url (#2100)
- docs/hooks.md: fix typos (#2099)
- many: check installation of slots and plugs against declarations
- docs: fix missing "=" in the systemd-active docs
- store: do not set store auth for local users (#2092)
- interfaces,overlord/ifacestate: use declaration-based checking for
auto-connect (#2071)
- overlord, daemon, snap: support gadget config defaults (#2082)The
main semantic changes are:
- tests: fix snap-disconnect tests after core rename (#2088)
- client,daemon,overlord,cmd: add /v2/users and create-user on auto-
import (#2074)
- many: abbreviated forms of disconnect (#2066)
- asserts: require lowercase model until insensitive matching is
ready (#2076)
- cmd/snap: add version command, same as --version (#2075)
- all: use "core" by default but allow "ubuntu-core" still (#2070)
- overlord/devicestate, docs/hooks.md: nest prepare-device
configuration options
- daemon: fix login API to return local macaroons (#2078)
- daemon: do not hardcode UID in userLookup (#2080)
- client, cmd: connect fixes (#2026)
- many: preparations for switching most of autoconnect to use the
declarationsfor now:
- overlord/auth: update CheckMacaroon to verify local snapd
macaroons (#2069)
- cmd/snap: trivial auto-import and download tweaks (#2067)
- interfaces: add repo.ResolveConnect that handles name resolution
- interfaces/policy: introduce InstallCandidate and its checks
- interfaces/policy,overlord: check connection requests against the
declarations in ifacestate
- many: setup snapd macaroon for local users (#2051)Next step: do
snapd macaroons verification.
- interfaces/policy: implement snap-id/publisher-id checks
- many: change Connect to take ConnRef instead of strings (#2060)
- snap: auto mount block devices and import assertions (#2047)
- daemon: add `snap create-user --force-managed` support (#2041)
- docs: remove references to removed buying features (#2057)
- interfaces,docs: allow sharing SNAP{,_DATA,_COMMON} via content
iface (#2063)
- interfaces: add Plug/Slot/Connection reference helpers (#2056)
- client,daemon,cmd/snap: improve create-user APIs (#2054)
- many: introduce snap refresh --ignore-validation <snap> to
override refresh validation (#2052)
- daemon: add support for `snap create-user --known` (#2040)
- interfaces/policy: start of interface policy checking code based
on declarations (#2050)
- overlord/configstate: support nested configuration (#2039)
- asserts,interfaces/builtin,overlord/assertstate: introduce base-
declaration (#2037)
- interfaces: builtin: Allow writing DHCP lease files to
/run/NetworkManager/dhcp (#2049)
- many: remove all traces of the /v2/buy/methods endpoint (#2045)
- tests: add external spread backend (#1918)
- asserts: parse the slot rules in snap-declarations (#2035)
- interfaces: allow read of /etc/ld.so.preload by default for armhf
on series 16 (#2048)
- store: change purchase to order and store clean up first pass
(#2043)
- daemon, store: switch to new store APIs in snapd (#2036)
- many: add email to UserState (#2038)
- asserts: support parsing the plugs stanza i.e. plug rules in snap-
declarations (#2027)
- store: apply deltas if explicitly enabled (#2031)
- tests: fix create-key/snap-sign test isolation (#2032)
- snap/implicit: don't restrict the camera iface to classic (#2025)
- client, cmd: change buy command to match UX document (#2011)
- coreconfig: nuke it. Also, ignore po/snappy.pot. (#2030)
- store: download deltas if explicitly enabled (#2017)
- many: allow use of the system user assertion with create-user
(#1990)
- asserts,overlord,snap: add prepare-device hook for device
registration (#2005)
- debian: adjust packaging for trusty/deputy systemd (#2003)
- asserts: introduce AttributeConstraints (#2015)
- interface/builtin: access system bus on screen-inhibit-control
- tests: add firewall-control interface test (#2009)
- snapstate: pass errors from ListRefresh in updateInfo (#2018)
- README: add links to IRC, mailing list and social media (#2022)
- docs: add `configure` hook to hooks list (#2024)LP: #1596629
- cmd/snap,configstate: rename apply-config variables to configure.
(#2023)
- store: retry download on 500 (#2019)
- interfaces/builtin: support time and date settings via
'org.freedesktop.timedate1 (#1832)
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 02 Nov 2016 01:17:36 +0200
snapd (2.16-1) unstable; urgency=medium
[ Michael Hudson-Doyle ]
* New upstream release.
* Import gopkg.in/cheggaaa/pb.v1 rather than github.com/cheggaaa/pb.
* Switch to unconditional conflict against `snap` (Closes: #826884)
* Update Vcs-Git and Vcs-Browser to point to alioth.
[ Steve Langasek ]
* Remove govendor from gbp.conf, and import Ubuntu tarball as our
orig.tar.gz (switching our packaging to non-native).
* Add Uploaders.
* Drop lintian overrides not used in Debian because we dynamically link
against golang-yaml.v2.
* Bump standards-version, no changes required.
* Add/fix various lintian overrides.
-- Steve Langasek <vorlon@debian.org> Wed, 02 Nov 2016 12:14:52 +0000
snapd (2.16) xenial; urgency=medium
* New upstream release, LP: #1628425
- overlord/state: prune old empty changes
- interfaces: ppp: load needed kernel module (#2007)
- interfaces/builtin: add missing rule to allow run-parts to
execute all resolvconf scripts
- many: rename apply-config hook to configure
- tests: use new spread `debug` feature
- many: finish `snap set` API.
- overlord: fix and simplify configstate.Transaction
- assertions: add system-user assertion
- snap: add `snap known --remote`
- tests: replace systemd-run with on-the-fly generation of units.
- overlord/boot: switch to using assertstate.Batch
- snap, daemon, store: pass through screenshots from store
- image: add meta/gadget.yaml infrastructure
- tests: add test benchmark script
- daemon: add the actual ssh keys that got added to the create-user
response
- daemon: add REST API behind `snap get`
- debian: re-add golang-github-gosexy-gettext-dev
- tests: added install_local function
- interfaces/builtin: fix resolvconf permissions for network-manager
interface
- tests: use apt as compatible with trusty
- many: discard preserved namespace after removing snap
- daemon, overlord, store: add ReadyToBuy API to snapd
- many: add support for installing/removing multiple snaps
- progress: use New64 and fix output newline
- interfaces/builtin: allow network-manager to access netplan conf
files
- tests: build once and install test snap from cache
- overlord/state: introduce cleanup support
- snap: move/clarify Info.Broken
- ctlcmd: add snapctl get.
- overlord,store: clean up serial-proof plumbing code
- interfaces/builtin: add network-setup-observe interface
- daemon,overlord/assertstate: support streams of assertions with
snap ack
- snapd: kmod backend
- tests: ensure HOME is also set correctly
- configstate,hookstate: add snapctl set
- tests: disable broken create-key test
- interfaces: adjust bluetooth-control to allow getsockopt (LP:
#1613572)
- tests: add a test for core about device initialization and device
registration and auth
- many: show snap name before the download progress bar
- interfaces/builtin: add rcvfrom for client connected plugs to mir
interface
- asserts: support for maps in assertions
- tests: increase timeout for key generation in create-key test
- many: validate refreshes against validation assertions by gating
snaps
- interfaces/apparmor: allow 'm' in default policy for snap-exec
- many: avoid snap.InfoFromSnapYaml in tests
- interfaces/builtin: allow /dev/net/tun with network-control
- tests: add spread test for snap create-key/snap sign
- tests: add missing quotes in security-device-cgroups/task.yaml
- interfaces: drop ErrUnknownSecurity
- store: add "ready to buy" method
- snap/snapenv, tests: use root's data dirs when running via sudo
- interfaces/builtin: add initial docker interface
- snap: remove extra newline after progress is done
- docs: fix formating of HACKING.md "Testing snapd"
- store : add requestOptions.ExtraHeaders so that individual
requests can customise headers.
- many: use unique plug/slot names in tests
- tests: add tests for the classic dimension
- many: add vendoring of dependencies by default
- tests: use in-tree snap{ctl,-exec} for all tests
- many: support snapctl -h
- tests: adjust regex after changes in stat output
- store,snap: initial support for delta downloads
- interfaces/builtin: add run/udev/data paths to mir interface
- snap: lessen annoyance of implicit interface tests
- tests: ensure http{,s}_proxy is defined inside the fake-store
- interfaces: allow xdg-open in unity7, unity7 cleanups
- daemon,store: move store login user logic to store
- tests: replace realpath with readlink -f for trusty support.
- tests: add https_proxy into environment as well
- interfaces/builtin: allow mmaping pulseaudio buffers
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 28 Sep 2016 11:09:27 +0200
snapd (2.15.2ubuntu1) xenial; urgency=medium
* New upstream release, LP: #1623579
- snap/snapenv, tests: use root's data dirs when running via sudo
(cherry pick PR: #1857)
- tests: add https_proxy into environment
(cherry pick PR: #1926)
- interfaces: allow xdg-open in unity7, unity7 cleanups
(cherry pick PR: #1946)
- tests: ensure http{,s}_proxy is defined inside the fake-store
(cherry pick PR: #1949)
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 21 Sep 2016 17:21:12 +0200
snapd (2.15.2) xenial; urgency=medium
* New upstream release, LP: #1623579
- asserts: define a bit less terse Ref.String
- interfaces: disable auto-connect in libvirt interface
- asserts: check that validation assertions are signed by the
publisher of the gating snap
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 19 Sep 2016 10:42:29 +0200
snapd (2.15.1) xenial; urgency=medium
* New upstream release, LP: #1623579
- image: ensure local snaps are put last in seed.yaml
- asserts: revert change that made the account-key's name mandatory.
- many: refresh all snap decls
- interfaces/apparmor: allow reading /etc/environment
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 19 Sep 2016 09:19:44 +0200
snapd (2.15) xenial; urgency=medium
* New upstream release, LP: #1623579
- tests: disable prepare-image-grub test in autopkgtest
- interfaces: allow special casing for auto-connect until we have
assertions
- docs: add a little documentation on hooks.
- hookstate,daemon: don't mock HookRunner, mock command.
- tests: add http_proxy to /etc/environment in the autopkgtest
environment
- backends: first bits of kernel-module security backend
- tests: ensure openssh-server is installed in autopkgtest
- tests: make ubuntu-core tests more robust
- many: mostly work to support ABA upgrades
- cmd/snap: do runtime linting of descriptions
- spread.yaml: don't assume LANG is set
- snap: fix SNAP* environment merging in `snap run`
- CONTRIBUTING.md: remove integration-tests, include spread
- store: don't discard error body from request device session call
- docs: add create-user documentation
- cmd/snap: match UX document for message when buying without login
- firstboot: do not overwrite any existing netplan config
- tests: add debug output to ubuntu-core-update-rollback-
stresstest:
- tests/lib/prepare.sh: test that classic does not setting bootvars
- snap: run all tests with gpg2
- asserts: basic support for validation assertion and refresh-
control
- interfaces: miscellaneous policy updates for default, browser-
support and camera
- snap: (re)add --force-dangerous compat option
- tests: ensure SUDO_{USER,GID} is unset in the spread tests
- many: clean out left over references to integration tests
- overlord/auth,store: fix raciness in updating device/user in state
through authcontext and other issuesbonus fixes:
- tests: fix spread tests on yakkety
- store: refactor auth/refresh tests
- asserts: use gpg --fixed-list-mode to be compatible with both gpg1
and gpg2
- cmd/snap: i18n option descriptions
- asserts: required account key name header
- tests: add yakkety test host
- packaging: make sure debhelper-generated snippet is invoked on
postrm
- snap,store: capture newest digest from the store, make it
DownloadInfo only
- tests: add upower-observe spread test
- Merge github.com:snapcore/snapd
- tests: fixes to actually run the spread tests inside autopkgtest
- cmd/snap: make "snap find" error nicer.
- tests: get the gadget name from snap list
- cmd/snap: tweak help of 'snap download'
- cmd/snap,image: teach snap download to download also assertions
- interfaces/builtin: tweak opengl interface
- interfaces: serial-port use udevUsbDeviceSnippet
- store: ensure the payment methods method handles auth failure
- overlord/snapstate: support revert flags
- many: add snap configuration to REST API
- tests: use ubuntu-image for the ubuntu-core-16 image creation
- cmd/snap: serialise empty keys list as [] rather than null
- cmd/snap,client: add snap set and snap get commands
- asserts: update trusted account-key asserts with names
- overlord/snapstate: misc fixes/tweaks/cleanups
- image: have prepare-image set devmode correctly
- overlord/boot: have firstboot support assertion files with
multiple assertions
- daemon: bail from enable and disable if revision given, and from
multi-op if unsupported optons given
- osutil: call sync after cp if
requested.overlord/snapstate/backend: switch to use osutil instead
of another buggy call to cp
- cmd/snap: generate account-key-request "since" header in UTC
- many: use symlinks instead of wrappers
- tests: remove silly [Service] entry from snapd.socket.d/local.conf
- store: switch device session to use device-session-request
assertion
- snap: ensure that plug and slot names are unique
- cmd/snap: fix test suite (no Exit(0) on tests!)
- interfaces: add interface for hidraw devices
- tests: use the real model assertion when creating the core test
image
- interfaces/builtin: add udisks2 and removable-media interfaces
- interface: network_manager: enable resolvconf
- interfaces/builtin: usb serial-port support via udev
- interfaces/udev: support noneSecurityTag keyed snippets
- snap: switch to the new agreed regexp for snap names
- tests: adjust test setup after ubuntu user removal
- many: start services only after the snap is fully ready (link-snap
was run)
- asserts: don't have Add/Check panic in the face of unsupported no-
authority assertions
- asserts: initial support to generate/sign snap-build assertions
- asserts: support checking account-key-request assertions
- overlord: introduce AuthContext.DeviceSessionRequest with support
in devicestate
- overlord/state: fix for reloaded task/change crashing on Set if
checkpointed w. no custom data yet
- snapd.refresh.service: require snap.socket and /snap/*/current.
- many: spell --force-dangerous as just --dangerous, devmode should
imply it
- overlord/devicestate: try to fetch/refresh the signing key of
serial (also in case is not there yet)
- image,overlord/boot,snap: metadata from asserts for image snaps
- many: automatically restart all-snap devices after os/kernel
updates
- interfaces: modem-manager: ignore camera
- firstboot: only configure en* and eth* interfaces by default
- interfaces: fix interface handling on no-app snaps
- snap: set user variables even if HOME is unset (like with systemd
services)
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 16 Sep 2016 07:46:22 +0200
snapd (2.14.2~16.04) xenial; urgency=medium
* New upstream release: LP: #1618095
- tests: use the spread tests with the adhoc interface inside
autopkgtest
- interfaces: add fwupd interface
- asserts,cmd/snap: add "name" header to account-key(-request)
- client,cmd/snap: display os-release data only on classic
- asserts/tool,cmd/snap: introduce hidden "snap sign"
- many: when installing snap file derive metadata from assertions
unless --force-dangerous
- osutil: tweak the createUserTests a bit and extract common code
- debian: umount --lazy before rm on snapd.postrm
- interfaces: updates to default policy, browser-support, and x11
- store: set initial device session
- interfaces: add upower-observe interface (LP: #1595813)
- tests: use beta u-d-f in test by default
- interfaces/builtin: allow writing on /dev/vhci in bluetooth-
control
- interfaces/builtin: allow /dev/vhci on bluetooth-control
- tests: port integration tests to spread
- snapstate: use umount --lazy when removing the mount units
- spread: enable halt-timeout, tweak image selection
- tests: fix firstboot-assertions to actually be runnable on classic
again
- asserts: introduce device-session-request
- interfaces: add screen-inhibit-control interface (LP: #1604880)
- firstboot: change location of netplan config
- overlord/devicestate: some cleanups and solving a couple todos
- daemon,overlord: add subcommand handling to snapctl
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 01 Sep 2016 18:52:05 +0200
snapd (2.14.1) xenial; urgency=medium
* New upstream release: LP: #1618095
- snap-exec: add support for commands with internal args in snap-
exec
- store: refresh expired device sessions
- debian: re-add ubuntu-core-snapd-units as a transitional package
- image: snap assertions into image
- overlord/assertstate,asserts/snapasserts: give snap assertions
helpers a package, introduce ReconstructSideInfo
- docs/interfaces: Add empty line after lxd-support title
- README: cover the new /run/snapd-snap.socket
- daemon: make socket split backward-compatible.
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 30 Aug 2016 16:43:29 +0200
snapd (2.14) xenial; urgency=medium
* New upstream release: LP: #1618095
- cmd: enable SNAP_REEXEC only if it is set to SNAP_REEXEC=1
- osutil: fix create-user on classic
- firstboot: disable firstboot on classic for now
- cmd/snap: add export-key --account= option
- many: split public snapd REST API into separate socket.
- many: drop ubuntu-core-snapd-units package, use release.OnClassic
instead
- tests: add content-shareing binary test that excersises snap-
confine
- snap: use "up to date" instead of "up-to-date"
- asserts: add an account-key-request assertion
- asserts: fix GPG key generation parameters
- tests, integration-tests: implement the cups-control manual test
as a spread test
- many: clarify/tie down model assertion
- cmd/snap: add "snap download" command
- integration-tests: remove them in favour of the spread tests
- tests: test all snap ubuntu core upgrade
- many: support install and remove by revision
- overlord/state: prevent change ready => unready
- tests: fixes to make the ubuntu-core-16 image usable with
-keep/-reuse
- asserts: authority-id and brand-id of serial must match
- firstboot: generate netplan config rather than ifupdown
- store: request device session macaroon from store
- tests: add workaround for u-d-f to unblock all-snap image tests
- tests: the stable ubuntu-core snap has snap run support now
- many: use make StripGlobalRootDir public
- asserts: add some stricter checks around format
- many: have AuthContext expose device store-id, serial and serial-
proof signing to the store
- tests: fix "tests/main/ack" to not break if asserts are alreay
there
- tests/main/ack: fix test/style
- snap: add key management commands
- firstboot: add firstboot assertions importing
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 29 Aug 2016 17:07:20 +0200
snapd (2.13) xenial; urgency=medium
* New upstream release: LP: #1616157
- many: respect dirs.SnapSnapsDir in tests
- tests: update listing test for latest stable image
- many: hook in start of code to fetch/check assertions when
installing snap from store
- boot: add missing udevadm mock to fix FTBFS
- interfaces: add lxd-support interface
- dirs,snap: handle empty root directory in SetRootDir
- dirs,snap: define methods for SNAP_USER_DATA and SNAP_USER_COMMON
- tests: spread all-snap test cleanup
- tests: add all-snap spread image tests
- store,tests: have just one envvar SNAPPY_USE_STAGING_STORE to
control talking to staging
- overlord/hookstate: use snap run posix parameters.
- interfaces/builtin: allow bind in the network interface
- asserts,overlord/devicestate: simplify private key/key pairs APIs,
they take just key ids
- dependencies: update godeps
- boot: add support for "devmode: {true,false}" in seed.yaml
- many: teach prepare-image to copy the model assertion (and
prereqs) into the seed area of the image
- tests: start teaching the fakestore about assertions
- asserts/sysdb: embed the new format official root/trusted
assertions
- overlord/devicestate: first pass at device registration logic
- tests: add process-control interface spread test
- tests: disable unity test
- tests: adapt to new spread version
- asserts: add serial-proof device assertion
- client, cmd/snap: use the new multi-refresh endpoint
- many: preparations for image code to fetch model prereqs
- debian: add extra checks when debian/snapd.postrm purge is run
- overlord/snapstate, daemon: support for multi-snap refresh
- tests: do not leave "squashfs-root" around
- snap-exec: Fix broken `snap run --shell` and add test
- overlord/snapstate: check changes to SnapState for conflicts also.
- docs/interfaces: change snappy command to snap
- tests: test `snap run --hook` using in-tree snap-exec.
- partition: ensure that snap_{kernel,core} is not overridden with an
empty value
- asserts,overlord/assertstate: introduce an assertstate task
handler to fetch snap assertions
- spread: disable re-exec to always test development tree.
- interfaces: implement a fuse interface
- interfaces/hardware-observe.go: re-add /run/udev/data
- overlord/assertstate,daemon: reorg how the assert manager exposes
the assertion db and adding to it
- release: Remove "UBUNTU_CODENAME" from the test data
- many: implement snapctl command.
- interfaces: mpris updates (fix unconfined introspection, add name
attribute)
- asserts: export DecodePublicKey
- asserts: introduce support for assertions with no authority,
implement serial-request
- interfaces: bluez: add a few more tests to verify interface
connection works
- interfaces: bluez: add missing mount security snippet case
- interfaces: add kernel-module interface for module insertion.
- integration-tests: look for ubuntu-device-flash on PATH before
calling sudo
- client, cmd, daemon, osutil: support --yaml and --sudoer flags for
create-user
- spread: use snap-confine from ppa:snappy-dev/image for the tests
- many: move to purely hash based key lookup and to new
key/signature format (v1)
- spread: Use /home/gopath in spread.yaml
- tests: base security spread tests
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 24 Aug 2016 14:48:28 +0200
snapd (2.12) xenial; urgency=medium
* New upstream release: LP: #1612362
- many: do not require root for `snap prepare-image`
- tests: prevent restore error on test failure
- osutil: change escaping for create-user's sudoers
- docs: private flag doesn't exist on /v2/find (it's select)
- snap: do not sort the result of `snap find`
- interfaces/builtin: add gpio interface
- partition: fix cleaning of the boot variables on the second good
boot
- tests: add udev rules spread test
- docs: fix references to refresh action
- interfaces/udev,osutil: avoid doubled rules and put all in a per
snap file
- store: minor store improvements from previous reviews
- many: support interactive payments in snapd, filter from command
line
- docs/interfaces.md: improve interfaces documentation
- overlord,store: set store device authorization header
- store: add device nonce API support
- many: various fixes around the `create-user` command
- client, osutil: chown the auth file
- interfaces/builtin: add transitional browser-support interface
- snap: don't load unsupported implicit hooks.
- cmd/snap,cmd/snap-exec: support hooks again.
- interfaces/builtin: improve pulseaudio interface
- asserts: make account-key's `until` optional to represent a never-
expiring key
- store: refactor newRequest/doRequest to take requestOptions
- tests: allow-downgrades on upgrade test to prevent version errors
- daemon: stop using group membership as succedaneous of running
things with sudo
- interfaces: add bluetooth-control interfaces
- many: remove integration-test coverage metrics
- daemon,docs: drop license docs and error kind
- tests: add network-control interface spread test
- tests: add hardware-observe spread test
- interfaces: add system-trace interface LP: #1600085
- boot: use `cp -aLv` instead of `cp -a` (no symlinks on vfat)
- store: soft-refresh discharge macaroon from store when required
- partition: clear snap_try_{kernel,core} on success
- tests: add snapd-control interface spread test
- tests: add locale-control write spread test
- store: fix buy method after some refactoring broke it
- interfaces/builtin: read perms for network devices in network-
observe
- interfaces: also allow rfkill in network_control
- snapstate: remove artifacts from a snap try dir that vanished
- client, cmd/snap: better errors for empty snap list result
- wrappers: set BAMF_DESKTOP_FILE_HINT for unity
- many: cleanup/update rest.md; improve auth errors
- interfaces: miscelleneous policy updates for default, log-observe,
mount-observe, opengl, pulseaudio, system-observe and unity7
- interfaces: add process-control interface (LP: #1598225)
- osutil: support both "nobody" and "nogroup" for grpnam tests
- cmd: support defaulting to the user's preferred payment method
- overlord: actually run hooks.
- overlord/state,overlord/ifacestate: define basic infrastructure
for and then setting up serialising of interface mgr tasks
- asserts: add Assertion.Prerequisites and SigningKey, Ref and
FindTrusted
- overlord/snapstate: ensure calls to store are done without the
state lock held
- asserts,client: switch snap-build and snap-revision to be indexed
by snap-sha3-384
- many: make seed.yaml on firstboot mandatory and include sideInfo
- asserts,many: start supporting structured headers using the new
parseHeaders
- many: update code for the new snap_mode
- tests: added spread find private test
- store: deal with 404 froms the SSO store properly
- snap: remove meta/kernel.yaml again
- daemon: always mock release info in tests
- snapstate: drop revisions after "current" on refresh
- asserts: introduce new parseHeadersThis introduces the new
parseHeaders returning map[string]interface{} and capable of
accepting:
- asserts: remove/disable comma separated lists and their uses
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 11 Aug 2016 19:30:36 +0200
snapd (2.11) xenial; urgency=medium
* New upstream release: LP: #1605303
- increase version number to reflect the nature of the update
better
- store, daemon, client, cmd/snap, docs/rest.md: adieu search
grammar
- debian: move snapd.refresh.timer into timers.target
- snapstate: add daemon-reload to fix autopkgtest on yakkety
- Interfaces: hardware-observe
- snap: rework the output after a snap operation
- daemon, cmd/snap: refresh --devmode
- store, daemon, client, cmd/snap: implement `snap find --private`
- tests: add network-observe interface spread test
- interfaces/builtin: allow getsockopt for connected x11 plugs
- osutil: check for nogrup instead of adm
- store: small cleanups (more needed)
- snap/squashfs: fix test not to hardcode snap size
- client,cmd/snap: cleanup cmd/snap test suite, add extra args
testThis cleans up the cmd/snap test suite:
- wrappers: map "never" restart condition to "no."
- wrappers: run update-desktop-database after add/remove of desktop
files
- release: work around elementary mistake
- many: remove all traces of channel from the buying codepath
- store: kill setUbuntuStoreHeaders
- docs: add payment methods documentation
- many: present user with a choice of payment backends
- asserts: add cross checks for snap asserts
- cmd/snap,cmd/snap-exec: support running hooks via snap-exec.
- tests: improve snap run symlink tests
- tests: add content sharing interface spread test
- store & many: a mechanical branch shortening store names
- snappy: remove old snappy pkg
- overlord/snapstate: kill flagscompat
- overlord/snapstate, daemon, client, cmd/snap: devmode override
(aka confined)
- tests: extend refresh test to talk to the staging and production
stores
- asserts,daemon: cross checks for account and account-key
assertions
- client: existing JSON fixtures uses tabs for indentation
- snap-exec: add proper integration test for snap-exec
- spread.yaml, tests: replace hello-world with test-snapd-tools
- tests: add locale-control interface spread test
- tests: add mount-observe interface spread test
- tests: add system-observe interface spread test
- many: add AuthContext to mediate user updates to the state
- store/auth: add helper for the macaroon refresh endpoint
- cmd: add buy command
- overlord: switch snapstate.Update to use ListRefresh (aka
/snaps/metadata)
- snap-exec: fix silly off-by-one error
- tests: stop using hello-world.echo in the tests
- tests: add env command to test-snapd-tools
- classic: remove (most of) "classic" mode, this is implemented as a
snap now
- many: remove snapstate.Candidate and other cleanups
- many: removed authenticator, store gets a user instead
- asserts: fix minor doc comment typo
- snap: ensure unknown arguments to `snap run` are ignored
- overlord/auth: add Device/SetDevice to persist device identity in
state
- overlord: make SyncBoot work again
- tests: add -y flag to apt autoremove command in unity task restore
- many: migrate SnapSetup and SideInfo to use RealName
- daemon: drop auther()
- client: improve error from client.do() on json decode failures
- tests: readd the fake store tests
- many: allow removal of broken snaps, add spread test
- overlord: implement &Retry{After: duration} support for handlers
- interface: add new interfaces.all.SecurityBackends
- integration-tests: remove login tests
- cmd,interfaces,snap: implement hook whitelist.
- daemon,overlord/auth,store: update macaroon authentication to use
the new endpoints
- daemon, overlord: add buy endpoint to REST API
- tests: use systemd-run for starting and stopping the unity app
- tests, integration-tests: port systemd service check test to
spread
- store: switch search to new snap-specific endpoint
- store, many: start using the new details endpoint
- tests, integration-tests: port unity test to spread
- tests: add spread test for tried snaps removal
- tests, integration-tests: port auth errors test to spread
- snapstate: rename OfficialName to RealName in the new tests
- many: rename SideInfo.OfficialName to SideInfo.RealName
- snapstate: use snapstate.Type in backend.RemoveSnapFiles
- many: add `snap enable/disable` commands
- tests, integration-tests: port refresh all test to spread
- snap: add `snap run --shell`
- tests: set yaml indentation to 4 spaces
- snapstate: cleanup downloaded temp snap files
- overlord: make patch1_test more robust
- debian: add snapd.postrm that purges
- integration-tests: drop already covered refresh app test
- many: add concept of "broken" snaps
- tests, integration-tests: port remove errors tests to spread
- tests, integration-tests: port revert test to spread
- debian: fix snapbuild path
- overlord: fix access to the state without lock in firstboot.go and
add test
- snapstate: add very simple garbage collection on upgrade
- asserts: introduce assertstest with helpers to test code involving
assertions
- tests, integration tests: port undone failed install test to
spread
- snap,store: switch to the new snaps/metadata endpoint, introduce
and start capturing DeveloperID
- tests, integration-tests: port the op remove retry test to spread
- po: remove snappy.pot from git, it will be generated at build time
- many: add some missing tests, clarify some things and nitpicks as
follow up to `snap revert`
- snapstate: when doing snapsate.Update|Install, talk to the store
early
- tests, integration-tests: port the op remove test to spread
- interfaces: allow /usr/bin/locale in default policy
- many: add `snap revert`
- overlord/auth,store: add macaroon serialization/deserialization
helpers
- many: embed main store trusted assertions in snapd, way to have
test ones, spread tests for ack and known
- overlord/snapstate,daemon: clarify active vs current, add
SnapState.HasCurrent,CurrentInfo
- tests: do not search for a specific snap (we hit 100 items) and
pagination kicks in
- tests: use printf instead of echo where we need portability
- tests: rename and generalize basic-binaries to test-snapd-tools
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 26 Jul 2016 15:49:04 +0200
snapd (2.0.10) xenial; urgency=medium
* New upstream release: LP: #1597329
- interfaces: also allow @{PROC}/@{pid}/mountinfo and
@{PROC}/@{pid}/mountstats
- interfaces: allow read access to /etc/machine-id and
@{PROC}/@{pid}/smaps
- interfaces: miscelleneous policy updates for default, log-observe
and system-observe
- snapstate: add logging after a successful doLinkSnap
- tests, integration-tests: port try tests to spread
- store, cmd/snapd: send a basic user-agent to the store
- store: add buy method
- client: retry on failed GETs
- tests: actual refresh test
- docs: REST API update
- interfaces: add mount support for hooks.
- interfaces: add udev support for hooks.
- interfaces: add dbus support for hooks.
- tests, integration-tests: port refresh test to spread
- tests, integration-tests: port change errors test to spread
- overlord/ifacestate: don't retry snap security setup
- integration-tests: remove unused file
- tests: manage the socket unit when reseting state
- overlord: improve organization of state patches
- tests: wait for snapd listening after reset
- interfaces/builtin: allow other sr*/scd* optical devices
- systemd: add support for squashfuse
- snap: make snaps vanishing less fatal for the system
- snap-exec: os.Exec() needs argv0 in the args[] slice too
- many: add new `create-user` command
- interfaces: auto-connect content interfaces with the same content
and developer
- snapstate: add Current revision to SnapState
- readme: tweak readme blurb
- integration-tests: wait for listening port instead of active
service reported by systemd
- many: rename Current -> {CurrentSideInfo,CurrentInfo}
- spread: fix home interface test after suite move
- many: name unversioned data.
- interfaces: add "content" interface
- overlord/snapstate: defaultBackend can go away now
- debian: comment to remember why the timer is setup like it is
- tests,spread.yaml: introduce an upgrade test, support/split into
two suites for this
- overlord,overlord/snapstate: ensure we keep snap type in snapstate
of each snap
- many: rework the firstboot support
- integration-tests: fix test failure
- spread: keep core on suite restore
- tests: temporary fix for state reset
- overlord: add infrastructure for simple state format/content
migrations
- interfaces: add seccomp support for hooks.
- interfaces: allow gvfs shares in home and temporarily allow
socketcall by default (LP: #1592901, LP: #1594675)
- tests, integration-tests: port network-bind interface tests to
spread
- snap,snap/snaptest: use PopulateDir/MakeTestSnapWithFiles directly
and remove MockSnapWithHooks
- interfaces: add mpris interface
- tests: enable `snap run` on i386
- tests, integration-tests: port network interface test to spread
- tests, integration-tests: port interfaces cli to spread
- tests, integration-tests: port leftover install tests to spread
- interfaces: add apparmor support for hooks.
- tests, integration-tests: port log-observe interface tests to
spread
- asserts: improve Decode doc comment about assertion format
- tests: moved snaps to lib
- many: add the camera interface
- many: add optical-drive interface
- interfaces: auto-connect home if running on classic
- spread: bump gccgo test timeout
- interfaces: use security tags to index security snippets.
- daemon, overlord/snapstate, store: send confinement header to the
store for install
- spread: run tests on 16.04 i386 concurrently
- tests,integration-tests: port install error tests to spread
- interfaces: add a serial-port interface
- tests, integration-tests, debian: port sideload install tests to
spread
- interfaces: add new bind security backend and refactor
backendtests
- snap: load and validate implicit hooks.
- tests: add a build/run test for gccgo in spread
- cmd/snap/cmd_login: Adjust message after adding support for wheel
group
- tests, integration-tests: ported install from store tests to
spread
- snap: make `snap change <taskid>` show task progress
- tests, integration-tests: port search tests to spread
- overlord/state,daemon: make abort proceed immediately, fix doc
comment, improve tests
- daemon: extend privileged access to users in "wheel" group
- snap: tweak `snap refresh` and `snap refresh --list` outputTiny
branch that does three things:
- interfaces: refactor auto-connection candidate check
- snap: add support for snap {install,refresh}
--{edge,beta,candidate,stable}
- release: don't force KDE Neon into devmode.
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 Jun 2016 21:02:39 +0200
snapd (2.0.9) xenial; urgency=medium
* New upstream release: LP: #1593201
- snap: add the magic redirect part of `snap run`
- tests, integration-tests: port server related tests to spread
- overlord/snapstate: log restarting in the task
- daemon: test restart wiring, fix setup/teardown
- cmd: don't show the price if a snap has already been purchased
- tests, integration-tests: port listing tests to spread
- integration-tests: do not try to kill ubuntu-clock-app.clock (no
longer a process)
- several: tie up overlord's restart handler into daemon; adjust
snap to cope
- tests, integration-tests: port abort tests to spread
- integration-tests: fix flaky TestRemoveBusyRetries
- testutils: refactor/mock exec
- snap,cmd: add hook support to snap run.
- overlord/snapstate: remove Download from backend
- store: use a custom logging transport
- overlord/hookstate: implement basic HookManager.
- spread: move the suite restore to restore-each
- asserts: turn model os into model core field, making it also more
like the kernel and gadget fields
- asserts: / is not allowed in primary key headers, follow the store
in this
- release: enable full confinement on Elementary 0.4
- integration-tests: fix another i386 autopkgtest failure.
- cmd/snap: create SNAP_USER_DATA and common dirs in `snap run`
- many: have the installation of the core snap request a restart (on
classic)
- asserts: allow to load also account assertions into the trusted
set
- many: install snaps in devmode on distributions without complete
apparmor and seccomp support
- spread: run on travis
- snapenv: do not hardcode amd64 in tests
- spread: initial harness and first test
- interfaces: miscelleneous policy updates for chromium, x86,
opengl, etc
- integration-tests: remove daemon to use the log-observe interface
- client: remove client.Revision and import snap.Revision instead
- integration-tests: wait for network-bind service in try test
- many: move over from snappy to snapstate/backend SetupSnap and
related code
- integration-tests: add interfaces cli tests
- snapenv: cleanup snapenv.{Basic,User}
- cmd/snap: also print slots that connect to the wanted snap (LP:
#1590704)
- asserts: error style, use "cannot" instead of "failed to"
following the main decided style
- integration-tests: wait until the network-bind service is up
before testing
- many: add new `snap run` command
- snappy: unexport snappy.Install and snappy.Overlord.{Un,}Install
- many: add some shared testing helpers to snap/snaptest and to
boot/boottest
- rest-api: support to send apps per snap (LP: #1564076)
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 16 Jun 2016 13:56:12 +0200
snapd (2.0.8.1) UNRELEASED; urgency=medium
* New upstream release
- Cherry pick four commits that show snaps as installed in devmode on
distributions without full confinement dependencies available:
25634d3364a46b5e9147e4466932c59b1b572d35
53f2e8d5f1b2d7ce13f5b50be4c09fa1de8cf1e0
38771f4cc324ad9dd4aa48b03108d13a2c361aad
c46e069351c61e45c338c98ab12689a319790bd5
-- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Tue, 14 Jun 2016 15:55:30 +0200
snapd (2.0.8+1) unstable; urgency=medium
* New upstream release.
* Update lintian-overrides for new paths.
* debian/copyright: fix a typo (thanks, lintian!)
-- Steve Langasek <vorlon@debian.org> Fri, 10 Jun 2016 23:17:22 +0000
snapd (2.0.8) xenial; urgency=medium
* New upstream release: LP: #1589534
- debian: make `snap refresh` times more random (LP: #1537793)
- cmd: ExecInCoreSnap looks in "core" snap first, and only in
"ubuntu-core" snap if rev>125.
- cmd/snap: have 'snap list' display helper message on stderr
(LP: #1587445)
- snap: make app names more restrictive.
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 08 Jun 2016 07:56:58 +0200
snapd (2.0.7) xenial; urgency=medium
* New upstream release: LP: #1589534
- debian: do not ship /etc/ld.so.conf.d/snappy.conf (LP: #1589006)
- debian: fix snapd.refresh.service install and usage (LP: #1588977)
- ovlerlord/state: actually support task setting themself as
done/undone
- snap: do not use "." import in revision_test.go, as this breaks
gccgo-6 (fix build failure on powerpc)
- interfaces: add fcitx and mozc input methods to unity7
- interfaces: add global gsettings interfaces
- interfaces: autoconnect home and doc updates (LP: #1588886)
- integration-tests: remove
abortSuite.TestAbortWithValidIdInDoingStatus
- many: adding backward compatible code to upgrade SnapSetup.Flags
- overlord/snapstate: handle sideloading over an old sideloaded snap
without panicing
- interfaces: add socketcall() to the network/network-bind
interfaces (LP: #1588100)
- overlord/snapstate,snappy: move over CanRemoveThis moves over the
CanRemove check to snapstate itself.overlord/snapstate
- snappy: move over CanRemove
- overlord/snapstate,snappy: move over CopyData and Remove*Data code
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 06 Jun 2016 16:35:50 +0200
snapd (2.0.6) xenial; urgency=medium
* New upstream release: LP: #1588052:
- many: repository moved to snapcore/snapd
- debian: add transitional pkg for the github location change
- snap: ensure `snap try` work with relative paths
- debian: drop run/build dependency on lsb-release
- asserts/tool: gpg key pair manager
- many: add new snap-exec
- many: implement `snap refresh --list` and `snap refresh`
- snap: add parsing support for hooks.
- many: add the cups interface
- interfaces: misc policy fixes (LP: #1583794)
- many: add `snap try`
- interfaces: allow using sysctl and scmp_sys_resolver for parsing
kernel logs
- debian: make snapd get its environ from /etc/environment
- daemon,client,snap: revisions are now strings
- interfaces: allow access to new ibus abstract socket path
LP: #1580463
- integration-tests: add remove tests
- asserts: stronger crypto choices and follow better latest designs
- snappy,daemon: hollow out more of snappy (either removing or not
exporting stuff on its way out), snappy/gadget.go is gone
- asserts: rename device-serial to serial
- asserts: rename identity to account (and username access)
- integration-tests: add changes tests
- backend: add tests for environment wrapper generation
- interfaces/builtin: add location-control interface
- overlord/snapstate: move over check snap logic from snappy
- release: use os-release instead of lsb-release for cross-distro
use
- asserts: allow empty snap-name for snap-declaration
- interfaces/builtin,docs,snap: add the pulseaudio interface
- many: add support for an environment map inside snap.yaml
- overlord/snapstate: increase robustness of doLinkSnap/undoLinkSnap
with sanity unit tests
- snap: parse epoch property
- snappy: do nothing in SetNextBoot when running on classic
- snap: validate snap type
- integration-tests: extend find command tests
- asserts: extend tests to cover mandatory and empty headers
- tests: stop the update-pot check in run-checks
- snap: parse confinement property.
- store: change applyUbuntuStoreHeaders to not take accept, and to
take a channel
- many: struct-based revisions, new representation
- interfaces: remove 'audit deny' rules from network_control.go
- interfaces: add com.canonical.UrlLauncher.XdgOpen to unity7
interface
- interfaces: firewall-control can access xtables lock file
- interfaces: allow unity7 AppMenu
- interfaces: allow unity7 launcher API
- interfaces/builtin: add location-observe interface
- snap: fixed snap empty list text LP: #1587445
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 02 Jun 2016 08:23:50 +0200
snapd (2.0.5+1) unstable; urgency=medium
* Initial Debian upload. Closes: #824943.
* release/release{,_test}.go: use /etc/os-release, which is guaranteed to
be part of base-files on both Ubuntu and Debian, instead of
/etc/lsb-release which doesn't exist at all on Debian.
* drop transitional packages, not needed in Debian.
* Add lintian overrides for false-positive detection of embedded libyaml.
* Update Vcs-* fields to point at maintainer's branch.
* Add a further lintian override for the /snap directory so that the
package is not automatically rejected by the NEW queue; this directory
location is certainly subject to discussion for Debian, but let's have
the discussion rather than blocking the package at the archive level.
-- Steve Langasek <vorlon@debian.org> Mon, 23 May 2016 00:36:06 +0000
snapd (2.0.5) xenial; urgency=medium
* New upstream release: LP: #1583085
- interfaces: add dbusmenu, freedesktop and kde notifications to
unity7 (LP: #1573188)
- daemon: make localSnapInfo return SnapState
- cmd: make snap list with no snaps not special
- debian: workaround for XDG_DATA_DIRS issues
- cmd,po: fix conflicts, apply review from #1154
- snap,store: load and store the private flag sent by the store in
SideInfo
- interfaces/apparmor/template.go: adjust /dev/shm to be more usable
- store: use purchase decorator in Snap and FindSnaps
- interfaces: first version of the networkmanager interface
- snap, snappy: implement the new (minmimal) kernel spec
- cmd/snap, debian: move manpage generation to depend on an environ
key; also, fix completion
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 19 May 2016 15:29:16 +0200
snapd (2.0.4) xenial; urgency=medium
* New upstream release:
- interfaces: cleanup explicit denies
- integration-tests: remove the ancient integration daemon tests
- integration-tests: add network-bind interface test
- integration-tests: add actual checks for undoing install
- integration-tests: add store login test
- snap: add certain implicit slots only on classic
- integration-tests: add coverage flags to snapd.service ExecStart
setting when building from branch
- integration-tests: remove the tests for features removed in 16.04.
- daemon, overlord/snapstate: "(de)activate" is no longer a thing
- docs: update meta.md and security.md for current snappy
- debian: always start snapd
- integration-tests: add test for undoing failed install
- overlord: handle ensureNext being in the past
- overlord/snapstate,overlord/snapstate/backend,snappy: start
backend porting LinkSnap and UnlinkSnap
- debian/tests: add reboot capability to autopkgtest and execute
snapPersistsSuite
- daemon,snappy,progress: drop license agreement broken logic
- daemon,client,cmd/snap: nice access denied message
(LP: #1574829)
- daemon: add user parameter to all commands
- snap, store: rework purchase methods into decorators
- many: simplify release package and add OnClassic
- interfaces: miscellaneous policy updates
- snappy,wrappers: move desktop files handling to wrappers
- snappy: remove some obviously dead code
- interfaces/builtin: quote apparmor label
- many: remove the gadget yaml support from snappy
- snappy,systemd,wrappers: move service units generation to wrappers
- store: add method to determine if a snap must be bought
- store: add methods to read purchases from the store
- wrappers,snappy: move binary wrapper generation to new package
wrappers
- snap: add `snap help` command
- integration-tests: remove framework-test data and avoid using
config-snap for now
- add integration test to verify fix for LP: #1571721
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 13 May 2016 17:19:37 -0700
snapd (2.0.3) xenial; urgency=medium
* New upstream micro release:
- integration-tests, debian/tests: add unity snap autopkg test
- snappy: introduce first feature flag for assumes: common-data-dir
- timeout,snap: add YAML unmarshal function for timeout.Timeout
- many: go into state.Retry state when unmounting a snap fails.
(LP: #1571721, #1575399)
- daemon,client,cmd/snap: improve output after snap
install/refresh/remove (LP: #1574830)
- integration-tests, debian/tests: add test for home interface
- interfaces,overlord: support unversioned data
- interfaces/builtin: improve the bluez interface
- cmd: don't include the unit tests when building with go test -c
for integration tests
- integration-tests: teach some new trick to the fake store,
reenable the app refresh test
- many: move with some simplifications test snap building to
snap/snaptest
- asserts: define type for revision related errors
- snap/snaptest,daemon,overlord/ifacestate,overlord/snapstate: unify
mocking snaps behind MockSnap
- snappy: fix openSnapFile's handling of sideInfo
- daemon: improve snap sideload form handling
- snap: add short and long description to the man-page
(LP: #1570280)
- snappy: remove unused SetProperty
- snappy: use more accurate test data
- integration-tests: add a integration test about remove removing
all revisions
- overlord/snapstate: make "snap remove" remove all revisions of a
snap (LP: #1571710)
- integration-tests: re-enable a bunch of integration tests
- snappy: remove unused dbus code
- overlord/ifacestate: fix setup-profiles to use new snap revision
for setup (LP: #1572463)
- integration-tests: add regression test for auth bug LP:#1571491
- client, snap: remove obsolete TypeCore which was used in the old
SystemImage days
- integration-tests: add apparmor test
- cmd: don't perform type assertion when we know error to be nil
- client: list correct snap types
- intefaces/builtin: allow getsockname on connected x11 plugs
(LP: #1574526)
- daemon,overlord/snapstate: read name out of sideloaded snap early,
improved change summary
- overlord: keep tasks unlinked from a change hidden, prune them
- integration-tests: snap list on fresh boot is good again
- integration-tests: add partial term to the find test
- integration-tests: changed default release to 16
- integration-tests: add regression test for snaps not present after
reboot
- integration-tests: network interface
- integration-tests: add proxy related environment variables to
snapd env file
- README.md: snappy => snap
- etc: trivial typo fix (LP:#1569892)
- debian: remove unneeded /var/lib/snapd/apparmor/additional
directory (LP: #1569577)
- builtin/unity7.go: allow using gmenu. LP: #1576287
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 03 May 2016 07:51:57 +0200
snapd (2.0.2) xenial; urgency=medium
* New upstream release:
- systemd: add multi-user.target (LP: #1572125)
- release: our series is 16
- integration-tests: fix snapd binary path for mounting the daemon
built from branch
- overlord,snap: add firstboot state sync
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 19 Apr 2016 16:02:44 +0200
snapd (2.0.1) xenial; urgency=medium
* client,daemon,overlord: fix authentication:
- fix incorrect authenication check (LP: #1571491)
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 18 Apr 2016 07:24:33 +0200
snapd (2.0) xenial; urgency=medium
* New upstream release:
- debian: put snapd in /usr/lib/snapd/
- cmd/snap: minor polishing
- cmd,client,daemon: add snap abort command
- overlord: don't hold locks when callling backends
- release,store,daemon: no more default-channel, release=>series
- many: drop support for deprecated environment variables
(SNAP_APP_*)
- many: support individual ids in changes cmd
- overlord/state: use numeric change and task ids
- overlord/auth,daemon,client,cmd/snap: logout
- daemon: don't install ubuntu-core twice
- daemon,client,overlord/state,cmd: add changes command
- interfaces/dbus: drop superfluous backslash from template
- daemon, overlord/snapstate: updates are users too!
- cmd/snap,daemon,overlord/ifacestate: add support for developer
mode
- daemon,overlord/snapstate: on refresh use the remembered channel,
default to stable channel otherwise
- cmd/snap: improve UX of snap interfaces when there are no results
- overlord/state: include time in task log messages
- overlord: prune and abort old changes and tasks
- overlord/ifacestate: add implicit slots in setup-profiles
- daemon,overlord: setup authentication for store downloads
- daemon: macaroon-authed users are like root, and sudoers can login
- daemon,client,docs: send install options to daemon
-- Michael Vogt <michael.vogt@ubuntu.com> Sat, 16 Apr 2016 22:15:40 +0200
snapd (1.9.4) xenial; urgency=medium
* New upstream release:
- etc: fix desktop file location
- overlord/snapstate: stop an update once download sees the revision
is already installed
- overlord: make SnapState.DevMode a method, store flags
- snappy: no more snapYaml in snappy.Snap
- daemon,cmd,dirs,lockfile: drop all lockfiles
- debian: use sudo in setup of the proxy environment
- snap/snapenv,snappy,systemd: expose SNAP_REVISION to app
environment
- snap: validate similarly to what we did with old snapYaml info
from squashfs snaps
- daemon,store: plug in authentication for store search/details
- overlord/snapstate: fix JSON name of SnapState.Candidate
- overlord/snapstate: start using revisions higher than 100000 for
local installs (sideloads)
- interfaces,overlorf/ifacestate: honor user choice and don't auto-
connect disconnected plugs
- overlord/auth,daemon,client: hide user ids again
- daemon,overlord/snapstate: back /snaps (and so snap list) using
state
- daemon,client,overlord/auth: rework state auth data
- overlord/snapstate: disable Activate and Deactivate
- debian: fix silly typo in autopkgtest setup
- overlord/ifacestate: remove connection state with discard-conns
task, on the removal of last snap
- daemon,client: rename API update action to refresh
- cmd/snap: rework login to be more resilient
- overlord/snapstate: deny two changes on one snap
- snappy: fix crash on certain snap.yaml
- systemd: use native systemctl enable instead of our own
implementation
- store: add workaround for misbehaving store
- debian: make autopkgtest use the right env vars
- state: log do/undo status too when a task is run
- docs: update rest.md with price information
- daemon: only include price property if the snap is non-free
- daemon, client, cmd/snap: connect/disconnect now async
- snap,snappy: allow snaps to require system features
- integration-tests: fix report of skips in SetUpTest method
- snappy: clean out major bits (still using Installed) now
unreferenced as cmd/snappy is gone
- daemon/api,overlord/auth: add helper to get UserState from a
client request
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 15 Apr 2016 23:30:00 +0200
snapd (1.9.3) xenial; urgency=medium
* New upstream release:
- many: prepare for opengl support on classic
- interfaces/apparmor: load all apparmor profiles on snap setup
- daemon,client: move async resource to change in meta
- debian: disable autopilot
- snap: add basic progress reporting
- client,cmd,daemon,snap,store: show the price of snaps in the cli
- state: add minimal taskrunner logging
- daemon,snap,overlord/snapstate: in the API get the snap icon using
state
- client,daemon,overlord: don't guess snap file vs. name
- overlord/ifacestate: reload snap connections when setting up
security for a given snap
- snappy: remove cmd/snappy (superseded in favour of cmd/snap)
- interfaecs/apparmor: remove all traces of old-security from
apparmor backend
- interfaces/builtin: add bluez interface
- overlord/ifacestate: don't crash if connection cannot be reloaded
- debian: add searchSuite to autopkgtest
- client, daemon, cmd/snap: no more tasks; everything is changes
- client: send authorization header in client requests
- client, daemon: marshal suggested currency over REST
- docs, snap: enumerate snap types correctly in docs and comments
- many: add store authenticator parameter
- overlord/ifacestate,daemon: setup security on conect and
disconnect
- interfaces/apparmor: remove unused apparmor variables
- snapstate: add missing "TaskProgressAdapter.Write()" for working
progress reporting
- many: clean out snap config related code not for OS
- daemon,client,cmd: return snap list from /v2/snaps
- docs: update `/v2/snaps` endpoint documentation
- interfaces: rename developerMode to devMode
- daemon,client,overlord: progress current => done
- daemon,client,cmd/snap: move query metadata to top-level doc
- interfaces: add TestSecurityBackend
- many: replace typographic quotes with ASCII
- client, daemon: rework rest changes to export "ready" and "err"
- overlord/snapstate,snap,store: track snap-id in side-info and
therefore in state
- daemon: improve mocking of interfaces API tests
- integration-tests: remove origins in default snap names for udf
call
- integration-test: use "snap list" in GetCurrentVersion
- many: almost no more NewInstalledSnap reading manifest from
snapstate and backend
- daemon: auto install ubuntu-core if missing
- oauth,store: remove OAuth authentication logic
- overlord/ifacestate: simplify some tests with implicit manager
initialization
- store, snappy: move away from hitting details directly
- overlord/ifacestate: reload connections when restarting the
manager
- overlord/ifacestate: increase flexibility of unit tests
- overlord: use state to discover all installed snaps
- overlord/ifacestate: track connections in the state
- many: separate copy-data from unlinking of current snap
- overlord/auth,store/auth: add macaroon authenticator to UserState
- client: support for /v2/changes and /v2/changes/{id}
- daemon/api,overlord/auth: rework authenticated users information
in state
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 14 Apr 2016 23:29:43 +0200
snapd (1.9.2) xenial; urgency=medium
* New upstream release:
- cmd/snap,daemon,store: rework login command to use daemon login
API
- store: cache suggested currency from the store
- overlord/ifacestate: modularize and extend tests
- integration-tests: reenable failure tests
- daemon: include progress in rest changes
- daemon, overlord/state: expose individual changes
- overlord/ifacestate: drop duplicate package comment
- overlord/ifacestate: allow tests to override security backends
- cmd/snap: install *.snap and *.snap.* as files too
- interfaces/apparmor: replace /var/lib/snap with /var/snap
- daemon,overlord/ifacestate: connect REST API to interfaces in the
overlord
- debian: remove unneeded dependencies from snapd
- overlord/state: checkpoint on final progress only
- osutil: introduce IsUIDInAny
- overlord/snapstate: rename GetSnapState to Get, SetSnapState to
Set
- daemon: add id to changes json
- overlord/snapstate: SetSnapState() needs locks
- overlord: fix broken tests
- overlord/snapstate,overlord/ifacestate: reimplement SnapInfo (as
Info) actually using the state
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 13 Apr 2016 17:27:00 +0200
snapd (1.9.1.1) xenial; urgency=medium
* debian/tests/control:
- add git to make autopkgtest work
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 Apr 2016 17:19:19 +0200
snapd (1.9.1) xenial; urgency=medium
* Add warning about installing ubuntu-core-snapd-units on Desktop systems.
* Add ${misc:Depends} to ubuntu-core-snapd-units.
* interfaces,overlord: add support for auto-connecting plugs on
install
* fix sideloading snaps and (re)add tests for this
* add `ca-certificates` to the test-dependencies to fix autopkgtest
failure on armhf
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 Apr 2016 14:39:57 +0200
snapd (1.9) xenial; urgency=medium
* rename source and binary package to "snapd"
* update directory layout to final 16.04 layout
* use `snap` command instead of the previous `snappy`
* use `interface` based security
* use new state engine for install/update/remove
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 Apr 2016 01:05:09 +0200
ubuntu-snappy (1.7.3+20160310ubuntu1) xenial; urgency=medium
- debian: update versionized ubuntu-core-launcher dependency
- debian: tweak desktop file dir, ship Xsession.d snip for seamless
integration
- snappy: fix hw-assign to work with per-app udev tags
- snappy: use $snap.$app as per-app udev tag
- snap,snappy,systemd: %s/\<SNAP_ORIGIN\>/SNAP_DEVELOPER/g
- snappy: add mksquashfs --no-xattrs parameter
- snap,snappy,systemd: kill SNAP_FULLNAME
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 10 Mar 2016 09:26:20 +0100
ubuntu-snappy (1.7.3+20160308ubuntu1) xenial; urgency=medium
- snappy,snap: move icon under meta/gui/
- debian: add snap.8 manpage
- debian: move snapd to /usr/lib/snappy/snapd
- snap,snappy,systemd: remove TMPDIR, TEMPDIR, SNAP_APP_TMPDIR
- snappy,dirs: add support to use desktop files from inside snaps
- daemon: snapd API events endpoint redux
- interfaces/builtin: add "network" interface
- overlord/state: do small fixes (typo, id clashes paranoia)
- overlord: add first pass of the logic in StateEngine itself
- overlord/state: introduce Status/SetStatus on Change
- interfaces: support permanent security snippets
- overlord/state: introduce Status/SetStatus and
Progress/SetProgress on Task
- overlord/state: introduce Task and Change.NewTask
- many: selectively swap semantics of plugs and slots
- client,cmd/snap: remove useless indirection in Interfaces
- interfaces: maintain Plug and Slot connection details
- client,daemon,cmd/snap: change POST /2.0/interfaces to work with
lists
- overlord/state: introduce Change and NewChange on state to create
them
- snappy: bugfix for snap.yaml parsing to be more consistent with
the spec
- snappy,systemd: remove "ports" from snap.yaml
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 08 Mar 2016 11:24:09 +0100
ubuntu-snappy (1.7.3+20160303ubuntu4) xenial; urgency=medium
* rename:
debian/golang-snappy-dev.install ->
debian/golang-github-ubuntu-core-snappy-dev.install:
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 12:29:16 +0100
ubuntu-snappy (1.7.3+20160303ubuntu3) xenial; urgency=medium
* really fix typo in dependency name
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 12:21:39 +0100
ubuntu-snappy (1.7.3+20160303ubuntu2) xenial; urgency=medium
* fix typo in dependency name
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 12:05:36 +0100
ubuntu-snappy (1.7.3+20160303ubuntu1) xenial; urgency=medium
- debian: update build-depends for MIR
- many: implement new REST API: GET /2.0/interfaces
- integration-tests: properly stop snapd from branch
- cmd/snap: update tests for go-flags changes
- overlord/state: implement Lock/Unlock with implicit checkpointing
- overlord: split out the managers and State to their own
subpackages of overlord
- snappy: rename "migration-skill" to "old-security" and use new
interface names instead of skills
- client,cmd/snap: clarify name ambiguity in Plug or Slot
- overlord: start working on state engine along spec v2, have the
main skeleton follow that
- classic, oauth: update tests for change in MakeRandomString()
- client,cmd/snap: s/add/install/:-(
- interfaces,daemon: specialize Name to either Plug or Slot
- interfaces,interfaces/types: unify security snippet functions
- snapd: close the listener on Stop, to force the http.Serve loop to
exit
- snappy,daemon,snap/lightweight,cmd/snappy,docs/rest.md: expose
explicit channel selection to rest api
- interfaces,daemon: rename package holding built-in interfaces
- integration-tests: add the first classic dimension tests
- client,deaemon,docs: rename skills to interfaces on the wire
- asserts: add identity assertion type
- integration-tests: add the no_proxy env var
- debian: update build-depends for new package names
- oauth: fix oauth & quoting in the oauth_signature
- integration-tests: remove unused field
- integration-tests: add the http proxy argument
- interfaces,interfaces/types,deamon: mass internal rename to
interfaces
- client,cmd/snap: rename skills to interfaces (part 2)
- arch: fix missing mapping for powerpc
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 11:00:19 +0100
ubuntu-snappy (1.7.3+20160225ubuntu1) xenial; urgency=medium
- integration-tests: always use the built snapd when compiling
binaries from branch
- cmd/snap: rename skills to interfaces
- testutil,skills/types,skills,daemon: tweak discovery of know skill
types
- docs: add docs for arm64 cross building
- overlord: implement basic ReadState/WriteState
- overlord: implement Get/Set/Copy on State
- integration-tests: fix dd output check
- integration-tests: add fromBranch config field
- integration-tests: use cli pkg methods in hwAssignSuite
- debian: do not create the snappypkg user, we don't need it anymore
- arch: fix build failure on s390x
- classic: cleanup downloaded lxd tarball
- cmd/snap,client,integration-tests: rename snap subcmds
'assert'=>'ack', 'asserts'=>'known'
- skills: fix broken tests builds
- skills,skills/types: pass slot to SlotSecuritySnippet()
- skills/types: teach bool-file about udev security
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 25 Feb 2016 16:17:19 +0100
ubuntu-snappy (1.7.2+20160223ubuntu1) xenial; urgency=medium
* New git snapshot:
- asserts: introduce snap-declaration
- cmd/snap: fix integration tests for the "cmd_asserts"
- integration-tests: fix fanctl output check
- cmd/snap: fix test failure after merging 23a64e6
- cmd/snap: replace skip-help with empty description
- docs: update security.md to match current migration-skill
semantics
- snappy: treat commands with 'daemon' field as services
- asserts: use more consistent names for receivers in
snap_asserts*.go
- debian: add missing golang-websocket-dev build-dependency
- classic: if classic fails to get created, undo the bind mounts
- snappy: never return nil in NewLocalSnapRepository()
- notifications: A simple notification system
- snappy: when using staging, authenticate there instead
- integration-tests/snapd: fix the start of the test snapd socket
- skills/types: use CamelCase for security names
- skills: add support for implicit revoke
- skills: add security layer
- integration-tests: use exec.Command wrapper for updates
- cmd/snap: add 'snap skills'
- cms/snap: add 'snap revoke'
- docs: add docs for skills API
- cmd/snap: add 'snap grant'
- cmd/snappy, coreconfig, daemon, snappy: move config to always be
bytes (in and out)
- overlord: start with a skeleton and stubs for Overlord,
StateEngine, StateJournal and managers
- integration-tests: skip tests affected by LP: #1544507
- skills/types: add bool-file
- po: refresh translation templates
- cmd/snap: add 'snap experimental remove-skill-slot'
- asserts: introduce device assertion
- cmd/snap: implemented add, remove, purge, refresh, rollback,
activate, deactivate
- cmd/snap: add 'snap experimental add-skill-slot'
- cmd/snap: add 'snap experimental remove-skill'
- cmd/snap: add tests for common skills code
- cmd/snap: add 'snap experimental add-skill'
- asserts: make assertion checkers used by db.Check modular and
pluggable
- cmd,client,daemon,caps,docs,po: remove capabilities
- scripts: move the script to get dependencies to a separate file
- asserts: make the disk layout compatible for storing more than one
revision
- cmd/snap: make the assert command options exported
- integration-tests: Remove the target release and channel
- asserts: introduce model assertion
- integration-tests: add exec.Cmd wrapper
- cmd/snap: add client test support methods
- cmd/snap: move key=value attribute parsing to commmon
- cmd/snap: apply new style consistency to "snap" commands.
- cmd/snap: support redirecting the client for testing
- cmd/snap: support testing command output
- snappy,daemon: remove the meta repositories abstractions
- cmd: add support for experimental commands
- cmd/snappy,daemon,snap,snappy: remove SetActive from parts
- cmd/snappy,daemon,snappy,snap: remove config from parts interface
- client: improve test data
- cmd: allow to construct a fresh parser
- cmd: don't treat help as an error
- cmd/snappy,snappy: remove "Details" from the repository interface
- asserts: check that primary keys are set when
Decode()ing/assembling assertions
- snap,snappy: refactor to remove "Install" from the Part interface
- client,cmd: make client.New() configurable
- client: enable retrieving asynchronous operation information with
`Client.Operation`.
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 23 Feb 2016 11:28:18 +0100
ubuntu-snappy (1.7.2+20160204ubuntu1) xenial; urgency=medium
* New git snapshot:
- integration-tests: fix the rollback error messages
- integration-test: use the common cli method when trying to install
an unexisting snap
- integration-tests: rename snap find test
- daemon: refactor makeErrorResponder()
- integration: add regression test for LP: #1541317
- integration-tests: reenable TestRollbackMustRebootToOtherVersion
- asserts: introduce "snap asserts" subcmd to show assertions in the
system db
- docs: fix parameter style
- daemon: use underscore in JSON interface
- client: add skills API
- asserts,docs/rest.md: change Encoder not to add extra newlines at
the end of the stream
- integration-tests: "snappy search" is no more, its "snap search"
now
- README, integration-tests/tests: chmod snapd.socket after manual
start.
- snappy: add default security profile if none is specified
- skills,daemon: add REST APIs for skills
- cmd/snap, cmd/snappy: move from `snappy search` to `snap find`.
- The first step towards REST world domination: search is now done
via
- debian: remove obsolete /etc/grub.d/09_snappy on upgrade
- skills: provide different security snippets for skill and slot
side
- osutil: make go vet happy again
- snappy,systemd: use Type field in systemd.ServiceDescription
- skills: add basic grant-revoke methods
- client,daemon,asserts: expose the ability to query assertions in
the system db
- skills: add basic methods for slot handling
- snappy,daemon,snap: move "Uninstall" into overlord
- snappy: move SnapFile.Install() into Overlord.Install()
- integration-tests: re-enable some failover tests
- client: remove snaps
- asserts: uniform searching across trusted (account keys) and main
backstore
- asserts: introduce Decoder to parse streams of assertions and
Encoder to build them
- client: filter snaps with a search query
- client: pass query as well as path in client internals
- skills: provide different security snippets for skill and slot
side
- snappy: refactor snapYaml to remove methods on snapYaml type
- snappy: remove unused variable from test
- skills: add basic methods for skill handing
- snappy: remove support for meta/package.yaml and implement new
meta/snap.yaml
- snappy: add new overlord type responsible for
Installed/Install/Uninstall/SetActive and stub it out
- skills: add basic methods for type handling
- daemon, snappy: add find (aka search)
- client: filter snaps by type
- skills: tweak valid names and error messages
- skills: add special skill type for testing
- cmd/snapd,daemon: filter snaps by type
- partition: remove obsolete uEnv.txt
- skills: add Type interface
- integration-tests: fix the bootloader path
- asserts: introduce a memory backed assertion backstore
- integration-tests: get name of OS snap from bootloader
- cmd/snapd,daemon: filter snaps by source
- asserts,daemon: bump some copyright years for things that have
been touched in the new year
- skills: add the initial Repository type
- skills: add a name validation function
- client: filter snaps by source
- snappy: unmount the squashfs snap again if it fails to install
- snap: make a copy of the search uri before mutating it
Closes: LP#1537005
- cmd/snap,client,daemon,asserts: introduce "assert " snap
subcommand
- cmd/snappy, snappy: fix failover handling of the "active"
kernel/os snap
- daemon, client, docs/rest.md, snapd integration tests: move to the
new error response
- asserts: change Backstore interface, backstores can now access
primary key names from types
- asserts: make AssertionType into a real struct exposing the
metadata Name and PrimaryKey
- caps: improve bool-file sanitization
- asserts: fixup toolbelt to use exposed key ID.
- client: return by reference rather than by value
- asserts: exported filesystem backstores + explicit backstores
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 04 Feb 2016 16:35:31 +0100
ubuntu-snappy (1.7.2+20160113ubuntu1) xenial; urgency=medium
* New git snapshot
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 13 Jan 2016 11:25:40 +0100
ubuntu-snappy (1.7.2ubuntu1) xenial; urgency=medium
* New upstream release:
- bin-path integration
- assertions/capability work
- fix squashfs based snap building
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 04 Dec 2015 08:46:35 +0100
ubuntu-snappy (1.7.1ubuntu1) xenial; urgency=medium
* New upstream release:
- fix dependencies
- fix armhf builds
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 02 Dec 2015 07:46:07 +0100
ubuntu-snappy (1.7ubuntu1) xenial; urgency=medium
* New upstream release:
- kernel/os snap support
- squashfs snap support
- initial capabilities work
- initial assertitions work
- rest API support
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 18 Nov 2015 19:59:51 +0100
ubuntu-snappy (1.6ubuntu1) wily; urgency=medium
* New upstream release, including the following changes:
- Fix hwaccess for gpio (LP: #1493389, LP: #1488618)
- Fix handleAssets name normalization
- Run boot-ok job late (LP: #1476129)
- Add support for systemd socket files
- Add "snappy service" command
- Documentation improvements
- Many test improvements (unit and integration)
- Override sideload versions
- Go1.5 fixes
- Add i18n
- Add man-page
- Add .snapignore
- Run services that uses external ports only after the network is up
- Bufix in Synbootloader (LP: 1474125)
- Use uboot.env for boot state tracking
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 09 Sep 2015 14:20:22 +0200
ubuntu-snappy (1.5ubuntu1) wily; urgency=medium
* New upstream release, including the following changes:
- Use O_TRUNC when copying files
- Added path redefinition to include test's binaries location
- Don't run update-grub, instead use grub.cfg from the oem
package
- Do network configuration from first boot
- zero size systemd of new partition made executable to
prevent unrecoverable boot failure
- Close downloaded files
-- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Mon, 06 Jul 2015 15:14:37 -0300
ubuntu-snappy (1.4ubuntu1) wily; urgency=medium
* New upstream release, including the following changes:
- Allow to run the integration tests using snappy from branch
- Add CopyFileOverwrite flag and behaviour to helpers.CopyFile
- add a bunch of missing i18n.G() now that we have gettext
- Generate only the translators comments that start with
TRANSLATORS
- Try both clickpkg and snappypkg when dropping privs
-- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Thu, 02 Jul 2015 16:21:53 -0300
ubuntu-snappy (1.3ubuntu1) wily; urgency=medium
* New upstream release, including the following changes:
- gettext support
- use snappypkg user for the installed snaps
- switch to system-image-3.x as the system-image backend
- more reliable developer mode detection
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 01 Jul 2015 10:37:05 +0200
ubuntu-snappy (1.2-0ubuntu1) wily; urgency=medium
* New upstream release, including the following changes:
- Consider the root directory when installing and removing policies
- In the uboot TestHandleAssetsNoHardwareYaml, patch the cache dir
before creating the partition type
- In the PartitionTestSuite, remove the unnecessary patches for
defaultCacheDir
- Fix the help output of "snappy install -h"
-- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Wed, 17 Jun 2015 11:42:47 -0300
ubuntu-snappy (1.1.2-0ubuntu1) wily; urgency=medium
* New upstream release, including the following changes:
- Remove compatibility for click-bin-path in generated exec-wrappers
- Release the readme.md after parsing it
-- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Thu, 11 Jun 2015 23:42:49 -0300
ubuntu-snappy (1.1.1-0ubuntu1) wily; urgency=medium
* New upstream release, including the following changes:
- Set all app services to restart on failure
- Fixes the missing oauth quoting and makes the code a bit nicer
- Added integrate() to set Integration to default values needed for
integration
- Moved setActivateClick to be a method of SnapPart
- Make unsetActiveClick a method of SnapPart
- Check the package.yaml for the required fields
- Integrate lp:snappy/selftest branch into snappy itself
- API to record information about the image and to check if the kernel was
sideloaded.
- Factor out update from cmd
- Continue updating when a sideload error is returned
-- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Wed, 10 Jun 2015 15:54:12 -0300
ubuntu-snappy (1.1-0ubuntu1) wily; urgency=low
* New wily upload with fix for go 1.4 syscall.Setgid() breakage
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 09 Jun 2015 10:02:04 +0200
ubuntu-snappy (1.0.1-0ubuntu1) vivid; urgency=low
* fix symlink unpacking
* fix typo in apparmor rules generation
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 23 Apr 2015 16:09:56 +0200
ubuntu-snappy (1.0-0ubuntu1) vivid; urgency=low
* 15.04 archive upload
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 23 Apr 2015 11:08:22 +0200
ubuntu-snappy (0.1.2-0ubuntu1) vivid; urgency=medium
* initial ubuntu archive upload
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 13 Apr 2015 22:48:13 -0500
ubuntu-snappy (0.1.1-0ubuntu1) vivid; urgency=low
* new snapshot
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 12 Feb 2015 13:51:22 +0100
ubuntu-snappy (0.1-0ubuntu1) vivid; urgency=medium
* Initial packaging
-- Sergio Schvezov <sergio.schvezov@canonical.com> Fri, 06 Feb 2015 02:25:43 -0200