forked from canonical/snapd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
changelog
11526 lines (10950 loc) · 556 KB
/
changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
snapd (2.51.1) xenial; urgency=medium
* New upstream release, LP: #1929842
- interfaces: add netlink-driver interface
- interfaces: builtin: add dm-crypt interface to support external
storage encryption
- interfaces/dsp: fix typo in udev rule
- overlord/snapstate: lock the mutex before returning from stop
snap services undo
- interfaces: opengl: change path for Xilinx zocl driver
- interfaces/dsp: add /dev/cavalry into dsp interface
- packaging/fedora/snapd.spec: correct date format in changelog
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 15 Jun 2021 12:45:08 +0200
snapd (2.51) xenial; urgency=medium
* New upstream release, LP: #1929842
- cmd/snap: stacktraces debug endpoint
- secboot: deactivate volume again when model checker fails
- store: extra log message, a few minor cleanups
- packaging/debian-sid: update systemd patch
- snapstate: adjust update-gadget-assets user visible message
- tests/nested/core/core20-create-recovery: verify that recovery
system can be created at runtime
- gadget: support creating vfat partitions during bootstrap
- daemon/api_quotas.go: support updating quotas with ensure action
- daemon: tighten access to a couple of POST endpoints that should
be really be root-only
- seed/seedtest, overlord/devicestate: move seed validation helper
to seedtest
- overlord/hookstate/ctlcmd: remove unneeded parameter
- snap/quota: add CurrentMemoryUsage for current memory usage of a
quota group
- systemd: add CurrentMemoryUsage to get current memory usage for a
unit
- o/snapstate: introduce minimalInstallInfo interface
- o/hookstate: print pending info (ready, inhibited or none)
- osutil: a helper to find out the total amount of memory in the
system
- overlord, overlord/devicestate: allow for reloading modeenv in
devicemgr when testing
- daemon: refine access testing
- spread: disable unattended-upgrades on debian
- tests/lib/reset: make nc exit after a while when connection is
idle
- daemon: replace access control flags on commands with access
checkers
- release-tools/changelog.py: refactor regexp + file reading/writing
- packaging/debian-sid: update locale patch for the latest master
- overlord/devicestate: tasks for creating recovery systems at
runtime
- release-tools/changelog.py: implement script to update all the
changelog files
- tests: change machine type used for nested testsPrices:
- cmd/snap: include locale when linting description being lower case
- o/servicestate: add RemoveSnapFromQuota
- interfaces/serial-port: add Qualcomm serial port devices to
allowed list
- packaging: merge 2.50.1 changelog back
- interfaces/builtin: introduce raw-input interface
- tests: remove tests.cleanup prepare from nested test
- cmd/snap-update-ns: fix linter errors
- asserts: fix errors reported by linter
- o/hookstate/ctlcmd: allow system-mode for non-root
- overlord/devicestate: comment why explicit system mode check is
needed in ensuring tried recovery systems (#10275)
- overlord/devicesate: observe snap writes when creating recovery
systems
- packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1
- tests: moving to tests directories snaps built locally - part 1
- seed/seedwriter: fail early when system seed directory exists
- o/snapstate: autorefresh phase1 for refresh-control
- c/snap: more precise message for ErrorKindSystemRestart op !=
reboot
- tests: simplify the tests.cleanup tool
- boot: helpers for manipulating current and good recovery systems
list
- o/hookstate, o/snapstate: print revision, version, channel with
snapctl --pending
- overlord: unit test tweaks, use well known snap IDs, setup snap
declarations for most common snaps
- tests/nested/manual: add test for install-device + snapctl reboot
- o/servicestate: restart slices + services on modifications
- tests: update mount-ns test to support changes in the distro
- interfaces: fix linter issues
- overlord: mock logger in managers unit tests
- tests: adding support for fedora-34
- tests: adding support for debian 10 on gce
- boot: reseal given keys when the respective boot chain has changed
- secboot: switch encryption key size to 32 byte (thanks to Chris)
- interfaces/dbus: allow claiming 'well-known' D-Bus names with a
wildcard suffix
- spread: bump delta reference version
- interfaces: builtin: update permitted paths to be compatible with
UC20
- overlord: fix errors reported by linter
- tests: remove old fedora systems from tests
- tests: update spread url
- interfaces/camera: allow devices in /sys/devices/platform/**/usb*
- interfaces/udisks2: Allow access to the login manager via dbus
- cmd/snap: exit normally if "snap changes" has no changes
(LP #1823974)
- tests: more fixes for spread suite on openSUSE
- tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed
- daemon: fix linter errors
- spread: add Fedora 34, leave a TODO about dropping Fedora 32
- interfaces: fix linter errors
- tests: use op.paths tools instead of dirs.sh helper - part 2
- client: Fix linter errors
- cmd/snap: Fix errors reported by linter
- cmd/snap-repair: fix linter issues
- cmd/snap-bootstrap: Fix linter errors
- tests: update permission denied message for test-snapd-event on
ubuntu 2104
- cmd/snap: small tweaks based on previous reviews
- snap/snaptest: helper that mocks both the squashfs file and a snap
directory
- overlord/devicestate: tweak comment about creating recovery
systems, formatting tweaks
- overlord/devicestate: move devicemgr base suite helpers closer to
test suite struct
- overlord/devicestate: keep track of tried recovery system
- seed/seedwriter: clarify in the diagram when SetInfo is called
- overlord/devicestate: add helper for creating recovery systems at
runtime
- snap-seccomp: update syscalls.go list
- boot,image: support image.Customizations.BootFlags
- overlord: support snapctl --halt|--poweroff in gadget install-
device
- features,servicestate: add experimental.quota-groups flag
- o/servicestate: address comments from previous PR
- tests: basic spread test for snap quota commands
- tests: moving the snaps which are not locally built to the store
directory
- image,c/snap: implement prepare-image --customize
- daemon: implement REST API for quota groups (create / list / get)
- cmd/snap, client: snap quotas command
- o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods
and snapctl system-mode
- o/servicestate/quota_control.go: introduce (very) basic group
manipulation methods
- cmd/snap, client: snap remove-quota command
- wrappers, quota: implement quota groups slice generation
- snap/quotas: followups from previous PR
- cmd/snap: introduce 'snap quota' command
- o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in
uc20 run mode
- o/servicestate: test has internal ordering issues, consider both
cases
- o/servicestate/quotas: add functions for getting and setting
quotas in state
- tests: new buckets for snapd-spread project on gce
- spread.yaml: update the gce project to start using snapd-spread
- quota: new package for managing resource groups
- many: bind and check keys against models when using FDE hooks v2
- many: move responsibilities down seboot -> kernel/fde and boot ->
secboot
- packaging: add placeholder changelog
- o/configstate/configcore/vitality: fix RequireMountedSnapdSnap
bug
- overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
Core system
- many: hide EncryptionKey size and refactors for fde hook v2 next
steps
- tests: adding debug info for create user tests
- o/hookstate: add "refresh" command to snapctl (hidden, not
complete yet)
- systemd: wait for zfs mounts (LP #1922293)
- testutil: support referencing files in FileEquals checker
- many: refactor to kernel/fde and allow `fde-setup initial-setup`
to return json
- o/snapstate: store refresh-candidates in the state
- o/snapstate: helper for creating gate-auto-refresh hooks
- bootloader/bootloadertest: provide interface implementation as
mixins, provide a mock for recovery-aware-trusted-asses bootloader
- tests/lib/nested: do not compress images, return early when
restored from pristine image
- boot: split out a helper for making recovery system bootable
- tests: update os.query check to match new bullseye codename used
on sid images
- o/snapstate: helper for getting snaps affected by refresh, define
new hook
- wrappers: support in EnsureSnapServices a callback to observe
changes (#10176)
- gadget: multi line support in gadget's cmdline file
- daemon: test that requesting restart from (early) Ensure works
- tests: use op.paths tools instead of dirs.sh helper - part 1
- tests: add new command to snaps-state to get current core, kernel
and gadget
- boot, gadget: move opening the snap container into the gadget
helper
- tests, overlord: extend unit tests, extend spread tests to cover
full command line support
- interfaces/builtin: introduce dsp interface
- boot, bootloader, bootloader/assets: support for full command line
override from gadget
- overlord/devicestate, overlord/snapstate: add task for updating
kernel command lines from gadget
- o/snapstate: remove unused DeviceCtx argument of
ensureInstallPreconditions
- tests/lib/nested: proper status return for tpm/secure boot checks
- cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars
- wrappers/services.go: refactor helper lambda function to separate
function
- boot/flags.go: add HostUbuntuDataForMode
- boot: handle updating of components that contribute to kernel
command line
- tests: add 20.04 to systems for nested/core
- daemon: add new accessChecker implementations
- boot, overlord/devicestate: consider gadget command lines when
updating boot config
- tests: fix prepare-image-grub-core18 for arm devices
- tests: fix gadget-kernel-refs-update-pc test on arm and when
$TRUST_TEST_KEY is false
- tests: enable help test for all the systems
- boot: set extra command line arguments when preparing run mode
- boot: load bits of kernel command line from gadget snaps
- tests: update layout for tests - part 2
- tests: update layout for tests - part 1
- tests: remove the snap profiler from the test suite
- boot: drop gadget snap yaml which is already defined elsewhere in
the tests
- boot: set extra kernel command line arguments when making a
recovery system bootable
- boot: pass gadget path to command line helpers, load gadget from
seed
- tests: new os.paths tool
- daemon: make ucrednetGet() return a *ucrednet structure
- boot: derive boot variables for kernel command lines
- cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from
initramfs
-- Ian Johnson <ian.johnson@canonical.com> Thu, 27 May 2021 11:15:20 -0500
snapd (2.50.1) xenial; urgency=medium
* New upstream release, LP: #1926005
- interfaces: update permitted /lib/.. paths to be compatible with
UC20
- interfaces: builtin: update permitted paths to be compatible with
UC20
- interfaces/greengrass-support: delete white spaces at the end of
lines
- snap-seccomp: update syscalls.go list
- many: backport kernel command line for 2.50
- interfaces/dbus: allow claiming 'well-known' D-Bus names with a
wildcard suffix
- interfaces/camera: allow devices in /sys/devices/platform/**/usb*
- interfaces/builtin: introduce dsp interface
-- Ian Johnson <ian.johnson@canonical.com> Wed, 19 May 2021 10:46:02 -0500
snapd (2.50) xenial; urgency=medium
* New upstream release, LP: #1926005
- overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
Core system
- o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug
- o/servicestate/servicemgr.go: add ensure loop for snap service
units
- wrappers/services.go: introduce EnsureSnapServices()
- snapstate: add "kernel-assets" to featureSet
- systemd: wait for zfs mounts
- overlord: make servicestate responsible to compute
SnapServiceOptions
- boot,tests: move where we write boot-flags one level up
- o/configstate: don't pass --root=/ when
masking/unmasking/enabling/disabling services
- cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to
/run
- gadget: be more flexible with kernel content resolving
- boot, cmd/snap: include extra cmdline args in debug boot-vars
output
- boot: support read/writing boot-flags from userspace/initramfs
- interfaces/pwm: add PWM interface
- tests/lib/prepare-restore.sh: clean out snapd changes and snaps
before purging
- systemd: enrich UnitStatus returned by systemd.Status() with
Installed flag
- tests: updated restore phase of spread tests - part 1
- gadget: add support for kernel command line provided by the gadget
- tests: Using GO111MODULE: "off" in spread.yaml
- features: add gate-auto-refresh-hook feature flag
- spread: ignore linux kernel upgrade in early stages for arch
preparation
- tests: use snaps-state commands and remove them from the snaps
helper
- o/configstate: fix panic with a sequence of config unset ops over
same path
- api: provide meaningful error message on connect/disconnect for
non-installed snap
- interfaces/u2f-devices: add HyperFIDO Pro
- tests: add simple sanity check for systemctl show
--property=UnitFileState for unknown service
- tests: use tests.session tool on interfaces-desktop-document-
portal test
- wrappers: install D-Bus service activation files for snapd session
tools on core
- many: add x-gvfs-hide option to mount units
- interfaces/builtin/gpio_test.go: actually test the generated gpio
apparmor
- spread: tentative workaround for arch failure caused by libc
upgrade and cgroups v2
- tests: add spread test for snap validate against store assertions
- tests: remove snaps which are not used in any test
- ci: set the accept-existing-contributors parameter for the cla-
check action
- daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and
some apiBaseSuite cosmetics)
- o/devicestate/devicemgr: register install-device hook, run if
present in install
- o/configstate/configcore: simple refactors in preparation for new
function
- tests: unifying the core20 nested suite with the core nested suite
- tests: uboot-unpacked-assets updated to reflect the real path used
to find the kernel
- daemon: switch api_test.go to daemon_test and various other
cleanups
- o/configstate/configcore/picfg.go: add hdmi_cvt support
- interfaces/apparmor: followup cleanups, comments and tweaks
- boot: cmd/snap-bootstrap: handle a candidate recovery system v2
- overlord/snapstate: skip catalog refresh when snappy testing is
enabled
- overlord/snapstate, overlord/ifacestate: move late security
profile removal to ifacestate
- snap-seccomp: fix seccomp test on ppc64el
- interfaces, interfaces/apparmor, overlord/snapstate: late removal
of snap-confine apparmor profiles
- cmd/snap-bootstrap/initramfs-mounts: move time forward using
assertion times
- tests: reset the system while preparing the test suite
- tests: fix snap-advise-command check for 429
- gadget: policy for gadget/kernel refreshes
- o/configstate: deal with no longer valid refresh.timer=managed
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- cla-check: Use has-signed-canonical-cla GitHub Action
- tests: validation sets spread test
- tests: simplify the reset.sh logic by removing not needed command
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20
- tests/lib/fde-setup-hook: also verify that fde-reveal-key key data
is base64
- o/devicestate: split off ensuring next boot goes to run mode into
new task
- tests: fix cgroup-tracking test
- boot: export helper for clearing tried system state, add tests
- cmd/snap: use less aggressive client timeouts in unit tests
- daemon: fix signing key validity timestamp in unit tests
- o/{device,hook}state: encode fde-setup-request key as base64
string
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- cmd/snap/pack: unhide the compression option
- boot: extend set try recovery system unit tests
- cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use
secboot's implicit fallback
- o/configstate/configcore: add hdmi_timings to pi-config
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- interfaces/tee: add TEE/OPTEE interface
- o/snapstate: update validation sets assertions with auto-refresh
- vendor: update go-tpm2/secboot to latest version
- seed: ReadSystemEssentialAndBetterEarliestTime
- tests: replace while commands with the retry tool
- interfaces/builtin: update unit tests to use proper distro's
libexecdir
- tests: run the reset.sh helper and check test invariants while the
test is restored
- daemon: switch preexisting daemon_test tests to apiBaseSuite and
.req
- boot, o/devicestate: split makeBootable20 into two parts
- interfaces/docker-support: add autobind unix rules to docker-
support
- interfaces/apparmor: allow reading
/proc/sys/kernel/random/entropy_avail
- tests: use retry tool instead a loops
- tests/main/uc20-create-partitions: fix tests cleanup
- asserts: mode where Database only assumes cur time >= earliest
time
- daemon: validation sets/api tests cleanup
- tests: improve tests self documentation for nested test suite
- api: local assertion fallback when it's not in the store
- api: validation sets monitor mode
- tests: use fs-state tool in interfaces tests
- daemon: move out /v2/login|logout and errToResponse tests from
api_test.go
- boot: helper for inspecting the outcome of a recovery system try
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- tests: update documentation and checks for interfaces tests
- snap-seccomp: add new `close_range` syscall
- boot: revert #10009
- gadget: remove `device-tree{,-origin}` from gadget tests
- boot: simplify systems test setup
- image: write resolved-content from snap prepare-image
- boot: reseal the run key for all recovery systems, but recovery
keys only for the good ones
- interfaces/builtin/network-setup-{control,observe}: allow using
netplan directly
- tests: improve sections prepare and restore - part 1
- tests: update details on task.yaml files
- tests: revert os.query usage in spread.yaml
- boot: export bootAssetsMap as AssetsMap
- tests/lib/prepare: fix repacking of the UC20 kernel snap for with
ubuntu-core-initramfs 40
- client: protect against reading too much data from stdin
- tests: improve tests documentation - part 2
- boot: helper for setting up a try recover system
- tests: improve tests documentation - part 1
- tests/unit/go: use tests.session wrapper for running tests as a
user
- tests: improvements for snap-seccomp-syscalls
- gadget: simplify filterUpdate (thanks to Maciej)
- tests/lib/prepare.sh: use /etc/group and friends from the core20
snap
- tests: fix tumbleweed spread tests part 2
- tests: use new commands of os.query tool on tests
- o/snapshotstate: create snapshots directory on import
- tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list
- packaging: drop 99-snapd.conf via dpkg-maintscript-helper
- osutil: add SetTime() w/ 32-bit and 64-bit implementations
- interfaces/wayland: rm Xwayland Xauth file access from wayland
slot
- packaging/ubuntu-16.04/rules: turn modules off explicitly
- gadget,devicestate: perform kernel asset update for $kernel: style
refs
- cmd/recovery: small fix for `snap recovery` tab output
- bootloader/lkenv: add recovery systems related variables
- tests: fix new tumbleweed image
- boot: fix typo, should be systems
- o/devicestate: test that users.create.automatic is configured
early
- asserts: use Fetcher in AddSequenceToUpdate
- daemon,o/c/configcore: introduce users.create.automatic
- client, o/servicestate: expose enabled state of user daemons
- boot: helper for checking and marking tried recovery system status
from initramfs
- asserts: pool changes for validation-sets (#9930)
- daemon: move the last api_foo_test.go to daemon_test
- asserts: include the assertion timestamp in error message when
outside of signing key validity range
- ovelord/snapshotstate: keep a few of the last line tar prints
before failing
- gadget/many: rm, delay sector size + structure size checks to
runtime
- cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
- interfaces: add allegro-vcu and media-control interfaces
- interfaces: opengl: add Xilinx zocl bits
- mkversion: check that version from changelog is set before
overriding the output version
- many: fix new ineffassign warnings
- .github/workflows/labeler.yaml: try work-around to not sync
labels
- cmd/snap, boot: add debug set-boot-vars
- interfaces: allow reading the Xauthority file KDE Plasma writes
for Wayland sessions
- tests/main/snap-repair: test running repair assertion w/ fakestore
- tests: disable lxd tests for 21.04 until the lxd images are
published for the system
- tests/regression/lp-1910456: cleanup the /snap symlink when done
- daemon: move single snap querying and ops to api_snaps.go
- tests: fix for preseed and dbus tests on 21.04
- overlord/snapshotstate: include the last message printed by tar in
the error
- interfaces/system-observe: Allow reading /proc/zoneinfo
- interfaces: remove apparmor downgrade feature
- snap: fix unit tests on Go 1.16
- spread: disable Go modules support in environment
- tests: use new path to find kernel.img in uc20 for arm devices
- tests: find files before using cat command when checking broadcom-
asic-control interface
- boot: introduce good recovery systems, provide compatibility
handling
- overlord: add manager gadget refresh test
- tests/lib/fakestore: support repair assertions too
- github: temporarily disable action labeler due to issues with
labels being removed
- o/devicestate,many: introduce DeviceManager.preloadGadget for
EarlyConfig
- tests: enable ubuntu 21.04 for spread tests
- snap: provide a useful error message if gdbserver is not installed
- data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1
- tests/lib/prepare.sh: split reflash.sh into two parts
- packaging/opensuse: sync with openSUSE packaging
- packaging: disable Go modules in snapd.mk
- snap: add deprecation noticed to "snap run --gdb"
- daemon: add API for checking and installing available theme snaps
- tests: using labeler action to add automatically a label to run
nested tests
- gadget: improve error handling around resolving content sources
- asserts: repeat the authority cross-check in CheckSignature as
well
- interfaces/seccomp/template.go: allow copy_file_range
- o/snapstate/check_snap.go: add support for many subversions in
assumes snapdX..
- daemon: move postSnap and inst.dispatch tests to api_snaps_test.go
- wrappers: use proper paths for mocked mount units in tests
- snap: rename gdbserver option to `snap run --gdbserver`
- store: support validation sets with fetch-assertions action
- snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky
- packaging/fedora: sync with downstream packaging in Fedora
- many: add Delegate=true to generated systemd units for special
interfaces (master)
- boot: use a common helper for mocking boot assets in cache
- api: validate snaps against validation set assert from the store
- wrappers: don't generate an [Install] section for timer or dbus
activated services
- tests/nested/core20/boot-config-update: skip when snapd was not
built with test features
- o/configstate,o/devicestate: introduce devicestate.EarlyConfig
implemented by configstate.EarlyConfig
- cmd/snap-bootstrap/initramfs-mounts: fix typo in func name
- interfaces/builtin: mock distribution in fontconfig cache unit
tests
- tests/lib/prepare.sh: add another console= to the reflash magic
grub entry
- overlord/servicestate: expose dbus activators of a service
- desktop/notification: test against a real session bus and
notification server implementation
- cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
recover+install
- HACKING.md: explain how to run UC20 spread tests with QEMU
- asserts: introduce AtSequence
- overlord/devicestate: task for updating boot configs, spread test
- gadget: fix documentation/typos
- gadget: cleanup MountedFilesystem{Writer,Updater}
- gadget: use ResolvedSource in MountedFilesystemWriter
- snap/info.go: add doc-comment for SortServices
- interfaces: add an optional mount-host-font-cache plug attribute
to the desktop interface
- osutil: skip TestReadBuildGo inside sbuild
- o/hookstate/ctlcmd: add optional --pid and --apparmor-label
arguments to "snapctl is-connected"
- data/env/snapd: use quoting in case PATH contains spaces
- boot: do not observe successful boot assets if not in run mode
- tests: fix umount for snapd snap on fsck-on-boot testumount:
/run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount
- misc: little tweaks
- snap/info.go: ignore unknown daemons in SortSnapServices
- devicestate: keep log from install-mode on installed system
- seed: add LoadEssentialMeta to seed16 and allow all of its
implementations to be called multiple times
- cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
seeds
- tests/core/uc20-recovery: move recover mode helpers to generic
testslib script
- interfaces/fwupd: allow any distros to access fw files via fwupd
- store: method for fetching validation set assertion
- store: switch to v2/assertions api
- gadget: add new ResolvedContent and populate from LayoutVolume()
- spread: use full format when listing processes
- osutil/many: make all test pkgs osutil_test instead of "osutil"
- tests/unit/go: drop unused environment variables, skip coverage
- OpenGL interface: Support more Tegra libs
- gadget,overlord: pass kernelRoot to install.Run()
- tests: run unit tests in Focal instead of Xenial
- interfaces/browser-support: allow sched_setaffinity with browser-
sandbox: true
- daemon: move query /snaps/<name> tests to api_snaps_test.go
- cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair
runner
- systemd/systemd.go: support journald JSON messages with arrays for
values
- cmd: make string/error code more robust against errno leaking
- github, run-checks: do not collect coverage data on subsequent
test runs
- boot: boot config update & reseal
- o/snapshotstate: handle conflicts between snapshot forget, export
and import
- osutil/stat.go: add RegularFileExists
- cmd/snapd-generator: don't create mount overrides for snap-try
snaps inside lxc
- gadget/gadget.go: rename ubuntu-* to system-* in doc-comment
- tests: use 6 spread workers for centos8
- bootloader/assets: support injecting bootloader assets in testing
builds of snapd
- gadget: enable multi-volume uc20 gadgets in
LaidOutSystemVolumeFromGadget; rename too
- overlord/devicestate, sysconfig: do nothing when cloud-init is not
present
- cmd/snap-repair: filter repair assertions based on bases + modes
- snap-confine: make host /etc/ssl available for snaps on classic
-- Michael Vogt <michael.vogt@ubuntu.com> Sat, 24 Apr 2021 12:17:45 +0200
snapd (2.49.2) xenial; urgency=medium
* New upstream release, LP: #1915248
- interfaces/tee: add TEE/OPTEE interface
- o/configstate/configcore: add hdmi_timings to pi-config
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- snap-seccomp: fix seccomp test on ppc64el
- interfaces{,/apparmor}, overlord/snapstate:
late removal of snap-confine apparmor profiles
- overlord/snapstate, wrappers: add dependency on usr-lib-
snapd.mount for services on core with snapd snap
- o/configstate: deal with no longer valid refresh.timer=managed
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- o/{device,hook}state: encode fde-setup-request key as base64
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- tests/main/uc20-create-partitions: fix tests cleanup
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- snap-seccomp: add new `close_range` syscall
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 26 Mar 2021 16:49:46 +0100
snapd (2.49.1) xenial; urgency=medium
* New upstream release, LP: #1915248
- tests: turn modules off explicitly in spread go unti test
- o/snapshotstate: create snapshots directory on import
- cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
- interfaces: add allegro-vcu and media-control interfaces
- interfaces: opengl: add Xilinx zocl bits
- many: fix new ineffassign warnings
- interfaces/seccomp/template.go: allow copy_file_range
- interfaces: allow reading the Xauthority file KDE Plasma writes
for Wayland sessions
- data/selinux: allow system dbus to watch
/var/lib/snapd/dbus-1
- Remove apparmor downgrade feature
- Support tmp and log dirs on Yocto/Poky
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 08 Mar 2021 10:47:30 +0100
snapd (2.49) xenial; urgency=medium
* New upstream release, LP: #1915248
- many: add Delegate=true to generated systemd units for special
interfaces
- cmd/snap-bootstrap: rename ModeenvFromModel to
EphemeralModeenvForModel
- cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
recover+install
- osutil: skip TestReadBuildGo inside sbuild
- tests: fix umount for snapd snap on fsck-on-boot test
- snap/info_test.go: add unit test cases for bug
- tests/main/services-after-before: add regression spread test
- snap/info.go: ignore unknown daemons in SortSnapServices
- cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
seeds
- OpenGL interface: Support more Tegra libs
- interfaces/browser-support: allow sched_setaffinity with browser-
sandbox: true
- cmd: make string/error code more robust against errno leaking
- o/snapshotstate: handle conflicts between snapshot forget, export
and import
- cmd/snapd-generator: don't create mount overrides for snap-try
snaps inside lxc
- tests: update test pkg for fedora and centos
- gadget: pass sector size in to mkfs family of functions, use to
select block sz
- o/snapshotstate: fix returning of snap names when duplicated
snapshot is detected
- tests/main/snap-network-errors: skip flushing dns cache on
centos-7
- interfaces/builtin: Allow DBus property access on
org.freedesktop.Notifications
- cgroup-support.c: fix link to CGROUP DELEGATION
- osutil: update go-udev package
- packaging: fix arch-indep build on debian-sid
- {,sec}boot: pass "key-name" to the FDE hooks
- asserts: sort by revision with Sort interface
- gadget: add gadget.ResolveContentPaths()
- cmd/snap-repair: save base snap and mode in device info; other
misc cleanups
- tests: cleanup the run-checks script
- asserts: snapasserts method to validate installed snaps against
validation sets
- tests: normalize test tools - part 1
- snapshotstate: detect duplicated snapshot imports
- interfaces/builtin: fix unit test expecting snap-device-helper at
/usr/lib/snapd
- tests: apply workaround done for snap-advise-command to apt-hooks
test
- tests: skip main part of snap-advise test if 429 error is
encountered
- many: clarify gadget role-usage consistency checks for UC16/18 vs
UC20
- sandbox/cgroup, tess/main: fix unit tests on v2 system, disable
broken tests on sid
- interfaces/builtin: more drive by fixes, import ordering, removing
dead code
- tests: skip interfaces-openvswitch spread test on debian sid
- interfaces/apparmor: drive by comment fix
- cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree
usage
- cmd/libsnap-confine-private: make unit tests execute happily in a
container
- interfaces, wrappers: misc comment fixes, etc.
- asserts/repair.go: add "bases" and "modes" support to the repair
assertion
- interfaces/opengl: allow RPi MMAL video decoding
- snap: skip help output tests for go-flags v1.4.0
- gadget: add validation for "$kernel:ref" style content
- packaging/deb, tests/main/lxd-postrm-purge: fix purge inside
containers
- spdx: update to SPDX license list version: 3.11 2020-11-25
- tests: improve hotplug test setup on classic
- tests: update check to verify is the current system is arm
- tests: use os-query tool to check debian, trusty and tumbleweed
- daemon: start moving implementation to api_snaps.go
- tests/main/snap-validate-basic: disable test on Fedora due to go-
flags panics
- tests: fix library path used for tests.pkgs
- tests/main/cohorts: replace yq with a Python snippet
- run-checks: update to match new argument syntax of ineffassign
- tests: use apiBaseSuite for snapshots tests, fix import endpoint
path
- many: separate consistency/content validation into
gadget.Validate|Content
- o/{device,snap}state: enable devmode snaps with dangerous model
assertions
secboot: add test for when systemd-run does not honor
RuntimeMaxSec
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- o/daemon: validation sets api and basic spread test
- gadget: move BuildPartitionList to install and make it unexported
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- tests: add os query commands for subsystems and architectures
- o/snapshotstate: don't set auto flag in the snapshot file
- tests: use os.query tool instead of comparing the system var
- testutil: use the original environment when calling shellcheck
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and
instead set the implicit labels when loading the yaml
- secboot: add new LockSealedKeys() that uses either TPM/fde-reveal-
key
- gadget/quantity: introduce Offset, start using it for offset
related fields in the gadget
- gadget: use "sealed-keys" to determine what method to use for
reseal
- tests/main/fake-netplan-apply: disable test on xenial for now
- daemon: start splitting snaps op tests out of api_test.go
- testutil: make DBusTest use a custom bus configuration file
- tests: replace pkgdb.sh (library) with tests.pkgs (program)
- gadget: prepare gadget kernel refs (0/N)
- interfaces/builtin/docker-support: allow /run/containerd/s/...
- cmd/snap-preseed: reset run inhibit locks on --reset.
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- daemon: reorg snap.go and split out sections and icons support
from api.go
- sandbox/seccomp: use snap-seccomp's stdout for getting version
info
- daemon: split find support to its own api_*.go files and move some
helpers
- tests: move snapstate config defaults tests to a separate file.
- bootloader/{lk,lkenv}: followups from #9695
- daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite
- gadget,o/devicestate: set implicit values for schema and role
directly instead of relying on Effective* accessors
- daemon: split aliases support to its own api_*.go files
- gadget: start separating rule/convention validation from basic
soundness
- cmd/snap-update-ns: add better unit test for overname sorting
- secboot: use `fde-reveal-key` if available to unseal key
- tests: fix lp-1899664 test when snapd_x1 is not installed in the
system
- tests: fix the scenario when the "$SRC".orig file does not exist
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- devicestate: add runFDESetupHook() helper
- bootloader/lk: add support for UC20 lk bootloader with V2 lkenv
structs
- daemon: split unsupported buy implementation to its own api_*.go
files
- tests: download timeout spread test
- gadget,o/devicestate: hybrid 18->20 ready volume setups should be
valid
- o/devicestate: save model with serial in the device save db
- bootloader: add check for prepare-image time and more tests
validating options
- interfaces/builtin/log_observe.go: allow controlling apparmor
audit levels
- hookstate: refactor around EphemeralRunHook
- cmd/snap: implement 'snap validate' command
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- boot: observe successful command line update, provide a default
- tests: New queries for the os tools
- bootloader/lkenv: specify backup file as arg to NewEnv(), use ""
as path+"bak"
- osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk
iface
- daemon: split out snapctl support and snap configuration support
to their own api_*.go files
- snapshotstate: improve handling of multiple errors
- tests: sign new nested-18|20* models to allow for generic serials
- bootloader: remove installableBootloader interface and methods
- seed: cleanup/drop some no longer valid TODOS, clarify some other
points
- boot: set kernel command line in modeenv during install
- many: rename disks.FindMatching... to FindMatching...WithFsLabel
and err type
- cmd/snap: suppress a case of spurious stdout logging from tests
- hookstate: add new HookManager.EphemeralRunHook()
- daemon: move some more api tests from daemon to daemon_test
- daemon: split apps and logs endpoints to api_apps.go and tests
- interfaces/utf: Add Ledger to U2F devices
- seed/seedwriter: consider modes when checking for deps
availability
- o/devicestate,daemon: fix reboot system action to not require a
system label
- cmd/snap-repair,store: increase initial retry time intervals,
stalling TODOs
- daemon: split interfacesCmd to api_interfaces.go
- github: run nested suite when commit is pushed to release branch
- client: reduce again the /v2/system-info timeout
- tests: reset fakestore unit status
- update-pot: fix typo in plural keyword spec
- tests: remove workarounds that add "ubuntu-save" if missing
- tests: add unit test for auto-refresh with validate-snap failure
- osutil: add helper for getting the kernel command line
- tests/main/uc20-create-partitions: verify ubuntu-save encryption
keys, tweak not MATCH
- boot: add kernel command lines to the modeenv file
- spread: bump delta ref, tweak repacking to make smaller delta
archives
- bootloader/lkenv: add v2 struct + support using it
- snapshotstate: add cleanup of abandonded snapshot imports
- tests: fix uc20-create-parition-* tests for updated gadget
- daemon: split out /v2/interfaces tests to api_interfaces_test.go
- hookstate: implement snapctl fde-setup-{request,result}
- wrappers, o/devicestate: remove EnableSnapServices
- tests: enable nested on 20.10
- daemon: simplify test helpers Get|PostReq into Req
- daemon: move general api to api_general*.go
- devicestate: make checkEncryption fde-setup hook aware
- client/snapctl, store: fix typos
- tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files
before doing apt ops
- cmd/snap-bootstrap: update model cross-check considerations
- client,snapctl: add naive support for "stdin"
- many: add new "install-mode: disable" option
- osutil/disks: allow building on mac os
- data/selinux: update the policy to allow operations on non-tmpfs
/tmp
- boot: add helper for generating candidate kernel lines for
recovery system
- wrappers: generate D-Bus service activation files
- bootloader/many: rm ConfigFile, add Present for indicating
presence of bloader
- osutil/disks: allow mocking DiskFromDeviceName
- daemon: start cleaning up api tests
- packaging/arch: sync with AUR packaging
- bootloader: indicate when boot config was updated
- tests: Fix snap-debug-bootvars test to make it work on arm devices
and core18
- tests/nested/manual/core20-save: verify handling of ubuntu-save
with different system variants
- snap: use the boot-base for kernel hooks
- devicestate: support "storage-safety" defaults during install
- bootloader/lkenv: mv v1 to separate file,
include/lk/snappy_boot_v1.h: little fixups
- interfaces/fpga: add fpga interface
- store: download timeout
- vendor: update secboot repo to avoid including secboot.test binary
- osutil: add KernelCommandLineKeyValue
- gadget/gadget.go: allow system-recovery-{image,select} as roles in
gadget.yaml
- devicestate: implement boot.HasFDESetupHook
- osutil/disks: add DiskFromName to get a disk using a udev name
- usersession/agent: have session agent connect to the D-Bus session
bus
- o/servicestate: preserve order of services on snap restart
- o/servicestate: unlock state before calling wrappers in
doServiceControl
- spread: disable unattended-upgrades on ubuntu
- tests: testing new fedora 33 image
- tests: fix fsck on boot on arm devices
- tests: skip boot state test on arm devices
- tests: updated the systems to run prepare-image-grub test
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- tests: unmount /boot/efi in fsck-on-boot test
- strutil/shlex,osutil/udev/netlink: minimally import go-check
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- tests/many: enable some uc20 tests, delete old unneeded tests or
TODOs
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- tests: migrate test from boot.sh helper to boot-state tool
- asserts: implement "storage-safety" in uc20 model assertion
- bootloader: use ForGadget when installing boot config
- spread: UC20 no longer needs 2GB of mem
- cmd/snap-confine: implement snap-device-helper internally
- bootloader/grub: replace old reference to Managed...Blr... with
Trusted...Blr...
- cmd/snap-bootstrap: add readme for snap-bootstrap + real state
diagram
- interfaces: fix greengrass attr namingThe flavor attribute names
are now as follows:
- tests/lib/nested: poke the API to get the snap revisions
- tests: compare options of mount units created by snapd and snapd-
generator
- o/snapstate,servicestate: use service-control task for service
actions
- sandbox: track applications unconditionally
- interfaces/greengrass-support: add additional "process" flavor for
1.11 update
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 10 Feb 2021 10:47:17 +0100
snapd (2.48.2) xenial; urgency=medium
* New upstream release, LP: #1906690
- tests: sign new nested-18|20* models to allow for generic serials
- secboot: add extra paranoia when waiting for that fde-reveal-key
- tests: backport netplan workarounds from #9785
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- secboot: add new LockSealedKeys() that uses either TPM or
fde-reveal-key
- gadget: use "sealed-keys" to determine what method to use for
reseal
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- secboot: use `fde-reveal-key` if available to unseal key
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- o/devicestate: save model with serial in the device save db
- devicestate: add runFDESetupHook() helper
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- hookstate: add new HookManager.EphemeralRunHook()
- update-pot: fix typo in plural keyword spec
- store,cmd/snap-repair: increase initial expontential time
intervals
- o/devicestate,daemon: fix reboot system action to not require a
system label
- github: run nested suite when commit is pushed to release branch
- tests: reset fakestore unit status
- tests: fix uc20-create-parition-* tests for updated gadget
- hookstate: implement snapctl fde-setup-{request,result}
- devicestate: make checkEncryption fde-setup hook aware
- client,snapctl: add naive support for "stdin"
- devicestate: support "storage-safety" defaults during install
- snap: use the boot-base for kernel hooks
- vendor: update secboot repo to avoid including secboot.test binary
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 15 Dec 2020 20:21:44 +0100
snapd (2.48.1) xenial; urgency=medium
* New upstream release, LP: #1906690
- gadget: disable ubuntu-boot role validation check
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Dec 2020 17:43:30 +0100
snapd (2.48) xenial; urgency=medium
* New upstream release, LP: #1904098
- osutil: add KernelCommandLineKeyValue
- devicestate: implement boot.HasFDESetupHook
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- bootloader: use ForGadget when installing boot config
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- boot: add scaffolding for "fde-setup" hook support for sealing
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- snap: add new "fde-setup" hooktype
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
- secboot,cmd/snap-bootstrap: fix degraded mode cases with better
device handling
- boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
messiness
- tests/nested/manual/refresh-revert-fundamentals: temporarily
disable secure boot
- snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
boot modes
- many: address degraded recover mode feedback, cleanups
- tests: Use systemd-run on tests part2
- tests: set the opensuse tumbleweed system as manual in spread.yaml
- secboot: call BlockPCRProtectionPolicies even if the TPM is
disabled
- vendor: update to current secboot
- cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
save
- spread.yaml: increase number of workers on 20.10
- snap: add new `snap recovery --show-keys` option
- tests: minor test tweaks suggested in the review of 9607
- snapd-generator: set standard snapfuse options when generating
units for containers
- tests: enable lxd test on ubuntu-core-20 and 16.04-32
- interfaces: share /tmp/.X11-unix/ from host or provider
- tests: enable main lxd test on 20.10
- cmd/s-b/initramfs-mounts: refactor recover mode to implement
degraded mode
- gadget/install: add progress logging