Bug #1904098 “[SRU] 2.48” : Bugs : snapd package : Ubuntu

Revision history for this message

Łukasz Zemczak (sil2100) wrote on 2020-11-23:

#1

The testing environment has changed from travis to github actions and the experience is still not entirely perfect. Michael kicked off a test run for the need of this SRU here:
https://github.com/snapcore/snapd/pull/9685

In the meantime I won't block on this and just proceed with the reviews. But let's keep an eye out for the tests to finish.

Changed in snapd (Ubuntu Groovy):
status:	New → Fix Committed
tags:	added: verification-needed verification-needed-groovy

Revision history for this message

Łukasz Zemczak (sil2100) wrote on 2020-11-23: Please test proposed package

#2

Hello Michael, or anyone else affected,

Accepted snapd into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.48+20.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in snapd (Ubuntu Focal):
status:	New → Fix Committed
tags:	added: verification-needed-focal

Revision history for this message

Łukasz Zemczak (sil2100) wrote on 2020-11-23:

#3

Hello Michael, or anyone else affected,

Accepted snapd into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.48+20.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in snapd (Ubuntu Bionic):
status:	New → Fix Committed
tags:	added: verification-needed-bionic

Revision history for this message

Łukasz Zemczak (sil2100) wrote on 2020-11-23:

#4

Hello Michael, or anyone else affected,

Accepted snapd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.48+18.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in snapd (Ubuntu Xenial):
status:	New → Fix Committed
tags:	added: verification-needed-xenial

Revision history for this message

Łukasz Zemczak (sil2100) wrote on 2020-11-23:

#5

Hello Michael, or anyone else affected,

Accepted snapd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.48 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message

Ubuntu SRU Bot (ubuntu-sru-bot) wrote on 2020-11-23: Autopkgtest regression report (snapd/2.48)

#6

All autopkgtests for the newly accepted snapd (2.48) for xenial have finished running.
The following regressions have been reported in tests triggered by the package:

ubuntu-image/1.10+16.04ubuntu1 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/xenial/update_excuses.html#snapd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message

Ubuntu SRU Bot (ubuntu-sru-bot) wrote on 2020-11-23: Autopkgtest regression report (snapd/2.48+20.04)

#7

All autopkgtests for the newly accepted snapd (2.48+20.04) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

snapcraft/3.0ubuntu1 (ppc64el, arm64, amd64, s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#snapd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message

Michael Vogt (mvo) wrote on 2020-11-24:

#8

The travis runs are currently not active, we move to GH actions. The 2.48 release test run is visible at https://github.com/snapcore/snapd/pull/9685/checks?check_run_id=1443415116

Some isolated test failures on centos/suse but Ubuntu is all green. One small issue on ubuntu-core-20 with the fsck test which happens because of a change in the gadget and the fix for that will be part of 2.48.1 (it's harmless, really just affects the test, no real functionality).

Sergio Cazzolato (sergio-j-cazzolato) on 2020-11-26

tags:

added: verification-done-bionic verification-done-groovy verification-done-xenial
removed: verification-needed-bionic verification-needed-groovy verification-needed-xenial

Revision history for this message

Sergio Cazzolato (sergio-j-cazzolato) wrote on 2020-11-26:

#9

The SRU validation is completed and approved.
Test results: https://trello.com/c/6NyUmAhC/753-snapd-248

tags:

added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-11-28:

#10

Download full text (15.7 KiB)

This bug was fixed in the package snapd - 2.48+21.04

---------------
snapd (2.48+21.04) hirsute; urgency=medium

  * New upstream release, LP: #1904098
    - osutil: add KernelCommandLineKeyValue
    - devicestate: implement boot.HasFDESetupHook
    - boot/makebootable.go: set snapd_recovery_mode=install at image-
      build time
    - bootloader: use ForGadget when installing boot config
    - interfaces/raw_usb: allow read access to /proc/tty/drivers
    - boot: add scaffolding for "fde-setup" hook support for sealing
    - tests: fix basic20 test on arm devices
    - seed: make a shared seed system label validation helper
    - snap: add new "fde-setup" hooktype
    - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
    - secboot,cmd/snap-bootstrap: fix degraded mode cases with better
      device handling
    - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
      messiness
    - tests/nested/manual/refresh-revert-fundamentals: temporarily
      disable secure boot
    - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
      boot modes
    - many: address degraded recover mode feedback, cleanups
    - tests: Use systemd-run on tests part2
    - tests: set the opensuse tumbleweed system as manual in spread.yaml
    - secboot: call BlockPCRProtectionPolicies even if the TPM is
      disabled
    - vendor: update to current secboot
    - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
      save
    - spread.yaml: increase number of workers on 20.10
    - snap: add new `snap recovery --show-keys` option
    - tests: minor test tweaks suggested in the review of 9607
    - snapd-generator: set standard snapfuse options when generating
      units for containers
    - tests: enable lxd test on ubuntu-core-20 and 16.04-32
    - interfaces: share /tmp/.X11-unix/ from host or provider
    - tests: enable main lxd test on 20.10
    - cmd/s-b/initramfs-mounts: refactor recover mode to implement
      degraded mode
    - gadget/install: add progress logging
    - packaging: keep secboot/encrypt_dummy.go in debian
    - interfaces/udev: use distro specific path to snap-device-helper
    - o/devistate: fix chaining of tasks related to regular snaps when
      preseeding
    - gadget, overlord/devicestate: validate that system supports
      encrypted data before install
    - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
      ESP layout
    - many: add /v2/system-recovery-keys API and client
    - secboot, many: return UnlockMethod from Unlock* methods for future
      usage
    - many: mv keys to ubuntu-boot, move model file, rename keyring
      prefix for secboot
    - tests: using systemd-run instead of manually create a systemd unit
      - part 1
    - secboot, cmd/snap-bootstrap: enable or disable activation with
      recovery key
    - secboot: refactor Unlock...IfEncrypted to take keyfile + check
      disks first
    - secboot: add LockTPMSealedKeys() to lock access to keys
      independently
    - gadget: correct sfdisk arguments
    - bootloader/assets/grub: adjust fwsetup menuentry label
    - tests: new boot state tool
    - spread: use the officia...

This bug was fixed in the package snapd - 2.48+21.04

---------------
snapd (2.48+21.04) hirsute; urgency=medium

* New upstream release, LP: #1904098
    - osutil: add KernelCommandLineKeyValue
    - devicestate: implement boot.HasFDESetupHook
    - boot/makebootable.go: set snapd_recovery_mode=install at image-
      build time
    - bootloader: use ForGadget when installing boot config
    - interfaces/raw_usb: allow read access to /proc/tty/drivers
    - boot: add scaffolding for "fde-setup" hook support for sealing
    - tests: fix basic20 test on arm devices
    - seed: make a shared seed system label validation helper
    - snap: add new "fde-setup" hooktype
    - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
    - secboot,cmd/snap-bootstrap: fix degraded mode cases with better
      device handling
    - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
      messiness
    - tests/nested/manual/refresh-revert-fundamentals: temporarily
      disable secure boot
    - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
      boot modes
    - many: address degraded recover mode feedback, cleanups
    - tests: Use systemd-run on tests part2
    - tests: set the opensuse tumbleweed system as manual in spread.yaml
    - secboot: call BlockPCRProtectionPolicies even if the TPM is
      disabled
    - vendor: update to current secboot
    - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
      save
    - spread.yaml: increase number of workers on 20.10
    - snap: add new `snap recovery --show-keys` option
    - tests: minor test tweaks suggested in the review of 9607
    - snapd-generator: set standard snapfuse options when generating
      units for containers
    - tests: enable lxd test on ubuntu-core-20 and 16.04-32
    - interfaces: share /tmp/.X11-unix/ from host or provider
    - tests: enable main lxd test on 20.10
    - cmd/s-b/initramfs-mounts: refactor recover mode to implement
      degraded mode
    - gadget/install: add progress logging
    - packaging: keep secboot/encrypt_dummy.go in debian
    - interfaces/udev: use distro specific path to snap-device-helper
    - o/devistate: fix chaining of tasks related to regular snaps when
      preseeding
    - gadget, overlord/devicestate: validate that system supports
      encrypted data before install
    - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
      ESP layout
    - many: add /v2/system-recovery-keys API and client
    - secboot, many: return UnlockMethod from Unlock* methods for future
      usage
    - many: mv keys to ubuntu-boot, move model file, rename keyring
      prefix for secboot
    - tests: using systemd-run instead of manually create a systemd unit
      - part 1
    - secboot, cmd/snap-bootstrap: enable or disable activation with
      recovery key
    - secboot: refactor Unlock...IfEncrypted to take keyfile + check
      disks first
    - secboot: add LockTPMSealedKeys() to lock access to keys
      independently
    - gadget: correct sfdisk arguments
    - bootloader/assets/grub: adjust fwsetup menuentry label
    - tests: new boot state tool
    - spread: use the official image for Ubuntu 20.10, no longer an
      unstable system
    - tests/lib/nested: enable snapd logging to console for core18
    - osutil/disks: re-implement partition searching for disk w/ non-
      adjacent parts
    - tests: using the nested-state tool in nested tests
    - many: seal a fallback object to the recovery boot chain
    - gadget, gadget/install: move helpers to install package, refactor
      unit tests
    - dirs: add "gentoo" to altDirDistros
    - update-pot: include file locations in translation template, and
      extract strings from desktop files
    - gadget/many: drop usage of gpt attr 59 for indicating creation of
      partitions
    - gadget/quantity: tweak test name
    - snap: fix failing unittest for quantity.FormatDuration()
    - gadget/quantity: introduce a new package that captures quantities
    - o/devicestate,a/sysdb: make a backup of the device serial to save
    - tests: fix rare interaction of tests.session and specific tests
    - features: enable classic-preserves-xdg-runtime-dir
    - tests/nested/core20/save: check the bind mount and size bump
    - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
    - tests: rename hasHooks to hasInterfaceHooks in the ifacestate
      tests
    - o/devicestate: unit test tweaks
    - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
    - testutil, cmd/snap/version: fix misc little errors
    - overlord/devicestate: bind mount ubuntu-save under
      /var/lib/snapd/save on startup
    - gadget/internal: tune ext4 setting for smaller filesystems
    - tests/nested/core20/save: a test that verifies ubuntu-save is
      present and set up
    - tests: update google sru backend to support groovy
    - o/ifacestate: handle interface hooks when preseeding
    - tests: re-enable the apt hooks test
    - interfaces,snap: use correct type: {os,snapd} for test data
    - secboot: set metadata and keyslots sizes when formatting LUKS2
      volumes
    - tests: improve uc20-create-partitions-reinstall test
    - client, daemon, cmd/snap: cleanups from #9489 + more unit tests
    - cmd/snap-bootstrap: mount ubuntu-save during boot if present
    - secboot: fix doc comment on helper for unlocking volume with key
    - tests: add spread test for refreshing from an old snapd and core18
    - o/snapstate: generate snapd snap wrappers again after restart on
      refresh
    - secboot: version bump, unlock volume with key
    - tests/snap-advise-command: re-enable test
    - cmd/snap, snapmgr, tests: cleanups after #9418
    - interfaces: deny connected x11 plugs access to ICE
    - daemon,client: write and read a maintenance.json file for when
      snapd is shut down
    - many: update to secboot v1 (part 1)
    - osutil/disks/mockdisk: panic if same mountpoint shows up again
      with diff opts
    - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
      reseal tests
    - many: implement snap routine console-conf-start for synchronizing
      auto-refreshes
    - dirs, boot: add ubuntu-save directories and related locations
    - usersession: fix typo in test name
    - overlord/snapstate: refactor ihibitRefresh
    - overlord/snapstate: stop warning about inhibited refreshes
    - cmd/snap: do not hardcode snapshot age value
    - overlord,usersession: initial notifications of pending refreshes
    - tests: add a unit test for UpdateMany where a single snap fails
    - o/snapstate/catalogrefresh.go: don't refresh catalog in install
      mode uc20
    - tests: also check snapst.Current in undo-unlink tests
    - tests: new nested tool
    - o/snapstate: implement undo handler for unlink-snap
    - tests: clean systems.sh helper and migrate last set of tests
    - tests: moving the lib section from systems.sh helper to os.query
      tool
    - tests/uc20-create-partitions: don't check for grub.cfg
    - packaging: make sure that static binaries are indeed static, fix
      openSUSE
    - many: have install return encryption keys for data and save,
      improve tests
    - overlord: add link participant for linkage transitions
    - tests: lxd smoke test
    - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
      seed too
    - tests: moving main suite from systems.sh to os.query tool
    - tests: moving the core test suite from systems.sh to os.query tool
    - cmd/snap-confine: mask host's apparmor config
    - o/snapstate: move setting updated SnapState after error paths
    - tests: add value to INSTANCE_KEY/regular
    - spread, tests: tweaks for openSUSE
    - cmd/snap-confine: update path to snap-device-helper in AppArmor
      profile
    - tests: new os.query tool
    - overlord/snapshotstate/backend: specify tar format for snapshots
    - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
      UC20
    - client,daemon,snap: auto-import does not error on managed devices
    - interfaces: PTP hardware clock interface
    - tests: use tests.backup tool
    - many: verify that unit tests work with nosecboot tag and without
      secboot package
    - wrappers: do not error out on read-only /etc/dbus-1/session.d
      filesystem on core18
    - snapshots: import of a snapshot set
    - tests: more output for sbuild test
    - o/snapstate: re-order remove tasks for individual snap revisions
      to remove current last
    - boot: skip some unit tests when running as root
    - o/assertstate: introduce
      ValidationTrackingKey/ValidationSetTracking and basic methods
    - many: allow ignoring running apps for specific request
    - tests: allow the searching test to fail under load
    - overlord/snapstate: inhibit startup while unlinked
    - seed/seedwriter/writer.go: check DevModeConfinement for dangerous
      features
    - tests/main/sudo-env: snap bin is available on Fedora
    - boot, overlord/devicestate: list trusted and managed assets
      upfront
    - gadget, gadget/install: support for ubuntu-save, create one during
      install if needed
    - spread-shellcheck: temporary workaround for deadlock, drop
      unnecessary test
    - snap: support different exit-code in the snap command
    - logger: use strutil.KernelCommandLineSplit in
      debugEnabledOnKernelCmdline
    - logger: fix snapd.debug=1 parsing
    - overlord: increase refresh postpone limit to 14 days
    - spread-shellcheck: use single thread pool executor
    - gadget/install,secboot: add debug messages
    - spread-shellcheck: speed up spread-shellcheck even more
    - spread-shellcheck: process paths from arguments in parallel
    - tests: tweak error from tests.cleanup
    - spread: remove workaround for openSUSE go issue
    - o/configstate: create /etc/sysctl.d when applying early config
      defaults
    - tests: new tests.backup tool
    - tests: add tests.cleanup pop sub-command
    - tests: migration of the main suite to snaps-state tool part 6
    - tests: fix journal-state test
    - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
      recover files
    - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
      same IP addr
    - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
      building snapd
    - boot, gadget, bootloader: observer preserves managed bootloader
      configs
    - tests/nested/manual: add uc20 grade signed cloud-init test
    - o/snapstate/autorefresh.go: eliminate race when launching
      autorefresh
    - daemon,snapshotstate: do not return "size" from Import()
    - daemon: limit reading from snapshot import to Content-Length
    - many: set/expect Content-Length header when importing snapshots
    - github: switch from ::set-env command to environment file
    - tests: migration of the main suite to snaps-state tool part 5
    - client: cleanup the Client.raw* and Client.do* method families
    - tests: moving main suite to snaps-state tool part 4
    - client,daemon,snap: use constant for snapshot content-type
    - many: fix typos and repeated "the"
    - secboot: fix tpm connection leak when it's not enabled
    - many: scaffolding for snapshots import API
    - run-checks: run spread-shellcheck too
    - interfaces: update network-manager interface to allow
      ObjectManager access from unconfined clients
    - tests: move core and regression suites to snaps-state tool
    - tests: moving interfaces tests to snaps-state tool
    - gadget: preserve files when indicated by content change observer
    - tests: moving smoke test suite and some tests from main suite to
      snaps-state tool
    - o/snapshotstate: pass set id to backend.Open, update tests
    - asserts/snapasserts: introduce ValidationSets
    - o/snapshotstate: improve allocation of new set IDs
    - boot: look at the gadget for run mode bootloader when making the
      system bootable
    - cmd/snap: allow snap help vs --all to diverge purposefully
    - usersession/userd: separate bus name ownership from defining
      interfaces
    - o/snapshotstate: set snapshot set id from its filename
    - o/snapstate: move remove-related tests to snapstate_remove_test.go
    - desktop/notification: switch ExpireTimeout to time.Duration
    - desktop/notification: add unit tests
    - snap: snap help output refresh
    - tests/nested/manual/preseed: include a system-usernames snap when
      preseeding
    - tests: fix sudo-env test
    - tests: fix nested core20 shellcheck bug
    - tests/lib: move to new directory when restoring PWD, cleanup
      unpacked unpacked snap directories
    - desktop/notification: add bindings for FDO notifications
    - dbustest: fix stale comment references
    - many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
      drop former
    - snap-repair: add uc20 support
    - tests: print all the serial logs for the nested test
    - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
      bug in test
    - cmd/snap/auto-import: stop importing system user assertions from
      initramfs mnts
    - osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
      as Unknown*
    - asserts: deserialize grouping only once in Pool.AddBatch if needed
    - gadget: allow content observer to have opinions about a change
    - tests: new snaps-state command - part1
    - o/assertstate: support refreshing any number of snap-declarations
    - boot: use test helpers
    - tests/core/snap-debug-bootvars: also check snap_mode
    - many/apparmor: adjust rules for reading profile/ execing new
      profiles for new kernel
    - tests/core/snap-debug-bootvars: spread test for snap debug boot-
      vars
    - tests/lib/nested.sh: more little tweaks
    - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
    - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
      recover modes
    - overlord: explicitly set refresh-app-awareness in tests
    - kernel: remove "edition" from kernel.yaml and add "update"
    - spread: drop vendor from the packed project archive
    - boot: fix debug bootloader variables dump on UC20 systems
    - wrappers, systemd: allow empty root dir and conditionally do not
      pass --root to systemctl
    - tests/nested/manual: add test for grades above signed booting with
      testkeys
    - tests/nested: misc robustness fixes
    - o/assertstate,asserts: use bulk refresh to refresh snap-
      declarations
    - tests/lib/prepare.sh: stop patching the uc20 initrd since it has
      been updated now
    - tests/nested/manual/refresh-revert-fundamentals: re-enable test
    - update-pot: ignore .go files inside .git when running xgettext-go
    - tests: disable part of the lxd test completely on 16.04.
    - o/snapshotstate: tweak comment regarding snapshot filename
    - o/snapstate: improve snapshot iteration
    - bootloader: lk cleanups
    - tests: update to support nested kvm without reboots on UC20
    - tests/nested/manual/preseed: disable system-key check for 20.04
      image
    - spread.yaml: add ubuntu-20.10-64 to qemu
    - store: handle v2 error when fetching assertions
    - gadget: resolve device mapper devices for fallback device lookup
    - tests/nested/cloud-init-many: simplify tests and unify
      helpers/seed inputs
    - tests: copy /usr/lib/snapd/info to correct directory
    - check-pr-title.py * : allow "*" in the first part of the title
    - many: typos and small test tweak
    - tests/main/lxd: disable cgroup combination for 16.04 that is
      failing a lot
    - tests: make nested signing helpers less confusing
    - tests: misc nested changes
    - tests/nested/manual/refresh-revert-fundamentals: disable
      temporarily
    - tests/lib/cla_check: default to Python 3, tweaks, formatting
    - tests/lib/cl_check.py: use python3 compatible code

-- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 19 Nov 2020 17:51:02 +0100

Changed in snapd (Ubuntu):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-11-30:

#11

Download full text (15.7 KiB)

This bug was fixed in the package snapd - 2.48+20.10

---------------
snapd (2.48+20.10) groovy; urgency=medium

  * New upstream release, LP: #1904098
    - osutil: add KernelCommandLineKeyValue
    - devicestate: implement boot.HasFDESetupHook
    - boot/makebootable.go: set snapd_recovery_mode=install at image-
      build time
    - bootloader: use ForGadget when installing boot config
    - interfaces/raw_usb: allow read access to /proc/tty/drivers
    - boot: add scaffolding for "fde-setup" hook support for sealing
    - tests: fix basic20 test on arm devices
    - seed: make a shared seed system label validation helper
    - snap: add new "fde-setup" hooktype
    - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
    - secboot,cmd/snap-bootstrap: fix degraded mode cases with better
      device handling
    - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
      messiness
    - tests/nested/manual/refresh-revert-fundamentals: temporarily
      disable secure boot
    - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
      boot modes
    - many: address degraded recover mode feedback, cleanups
    - tests: Use systemd-run on tests part2
    - tests: set the opensuse tumbleweed system as manual in spread.yaml
    - secboot: call BlockPCRProtectionPolicies even if the TPM is
      disabled
    - vendor: update to current secboot
    - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
      save
    - spread.yaml: increase number of workers on 20.10
    - snap: add new `snap recovery --show-keys` option
    - tests: minor test tweaks suggested in the review of 9607
    - snapd-generator: set standard snapfuse options when generating
      units for containers
    - tests: enable lxd test on ubuntu-core-20 and 16.04-32
    - interfaces: share /tmp/.X11-unix/ from host or provider
    - tests: enable main lxd test on 20.10
    - cmd/s-b/initramfs-mounts: refactor recover mode to implement
      degraded mode
    - gadget/install: add progress logging
    - packaging: keep secboot/encrypt_dummy.go in debian
    - interfaces/udev: use distro specific path to snap-device-helper
    - o/devistate: fix chaining of tasks related to regular snaps when
      preseeding
    - gadget, overlord/devicestate: validate that system supports
      encrypted data before install
    - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
      ESP layout
    - many: add /v2/system-recovery-keys API and client
    - secboot, many: return UnlockMethod from Unlock* methods for future
      usage
    - many: mv keys to ubuntu-boot, move model file, rename keyring
      prefix for secboot
    - tests: using systemd-run instead of manually create a systemd unit
      - part 1
    - secboot, cmd/snap-bootstrap: enable or disable activation with
      recovery key
    - secboot: refactor Unlock...IfEncrypted to take keyfile + check
      disks first
    - secboot: add LockTPMSealedKeys() to lock access to keys
      independently
    - gadget: correct sfdisk arguments
    - bootloader/assets/grub: adjust fwsetup menuentry label
    - tests: new boot state tool
    - spread: use the official...

This bug was fixed in the package snapd - 2.48+20.10

---------------
snapd (2.48+20.10) groovy; urgency=medium

* New upstream release, LP: #1904098
    - osutil: add KernelCommandLineKeyValue
    - devicestate: implement boot.HasFDESetupHook
    - boot/makebootable.go: set snapd_recovery_mode=install at image-
      build time
    - bootloader: use ForGadget when installing boot config
    - interfaces/raw_usb: allow read access to /proc/tty/drivers
    - boot: add scaffolding for "fde-setup" hook support for sealing
    - tests: fix basic20 test on arm devices
    - seed: make a shared seed system label validation helper
    - snap: add new "fde-setup" hooktype
    - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
    - secboot,cmd/snap-bootstrap: fix degraded mode cases with better
      device handling
    - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
      messiness
    - tests/nested/manual/refresh-revert-fundamentals: temporarily
      disable secure boot
    - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
      boot modes
    - many: address degraded recover mode feedback, cleanups
    - tests: Use systemd-run on tests part2
    - tests: set the opensuse tumbleweed system as manual in spread.yaml
    - secboot: call BlockPCRProtectionPolicies even if the TPM is
      disabled
    - vendor: update to current secboot
    - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
      save
    - spread.yaml: increase number of workers on 20.10
    - snap: add new `snap recovery --show-keys` option
    - tests: minor test tweaks suggested in the review of 9607
    - snapd-generator: set standard snapfuse options when generating
      units for containers
    - tests: enable lxd test on ubuntu-core-20 and 16.04-32
    - interfaces: share /tmp/.X11-unix/ from host or provider
    - tests: enable main lxd test on 20.10
    - cmd/s-b/initramfs-mounts: refactor recover mode to implement
      degraded mode
    - gadget/install: add progress logging
    - packaging: keep secboot/encrypt_dummy.go in debian
    - interfaces/udev: use distro specific path to snap-device-helper
    - o/devistate: fix chaining of tasks related to regular snaps when
      preseeding
    - gadget, overlord/devicestate: validate that system supports
      encrypted data before install
    - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
      ESP layout
    - many: add /v2/system-recovery-keys API and client
    - secboot, many: return UnlockMethod from Unlock* methods for future
      usage
    - many: mv keys to ubuntu-boot, move model file, rename keyring
      prefix for secboot
    - tests: using systemd-run instead of manually create a systemd unit
      - part 1
    - secboot, cmd/snap-bootstrap: enable or disable activation with
      recovery key
    - secboot: refactor Unlock...IfEncrypted to take keyfile + check
      disks first
    - secboot: add LockTPMSealedKeys() to lock access to keys
      independently
    - gadget: correct sfdisk arguments
    - bootloader/assets/grub: adjust fwsetup menuentry label
    - tests: new boot state tool
    - spread: use the official image for Ubuntu 20.10, no longer an
      unstable system
    - tests/lib/nested: enable snapd logging to console for core18
    - osutil/disks: re-implement partition searching for disk w/ non-
      adjacent parts
    - tests: using the nested-state tool in nested tests
    - many: seal a fallback object to the recovery boot chain
    - gadget, gadget/install: move helpers to install package, refactor
      unit tests
    - dirs: add "gentoo" to altDirDistros
    - update-pot: include file locations in translation template, and
      extract strings from desktop files
    - gadget/many: drop usage of gpt attr 59 for indicating creation of
      partitions
    - gadget/quantity: tweak test name
    - snap: fix failing unittest for quantity.FormatDuration()
    - gadget/quantity: introduce a new package that captures quantities
    - o/devicestate,a/sysdb: make a backup of the device serial to save
    - tests: fix rare interaction of tests.session and specific tests
    - features: enable classic-preserves-xdg-runtime-dir
    - tests/nested/core20/save: check the bind mount and size bump
    - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
    - tests: rename hasHooks to hasInterfaceHooks in the ifacestate
      tests
    - o/devicestate: unit test tweaks
    - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
    - testutil, cmd/snap/version: fix misc little errors
    - overlord/devicestate: bind mount ubuntu-save under
      /var/lib/snapd/save on startup
    - gadget/internal: tune ext4 setting for smaller filesystems
    - tests/nested/core20/save: a test that verifies ubuntu-save is
      present and set up
    - tests: update google sru backend to support groovy
    - o/ifacestate: handle interface hooks when preseeding
    - tests: re-enable the apt hooks test
    - interfaces,snap: use correct type: {os,snapd} for test data
    - secboot: set metadata and keyslots sizes when formatting LUKS2
      volumes
    - tests: improve uc20-create-partitions-reinstall test
    - client, daemon, cmd/snap: cleanups from #9489 + more unit tests
    - cmd/snap-bootstrap: mount ubuntu-save during boot if present
    - secboot: fix doc comment on helper for unlocking volume with key
    - tests: add spread test for refreshing from an old snapd and core18
    - o/snapstate: generate snapd snap wrappers again after restart on
      refresh
    - secboot: version bump, unlock volume with key
    - tests/snap-advise-command: re-enable test
    - cmd/snap, snapmgr, tests: cleanups after #9418
    - interfaces: deny connected x11 plugs access to ICE
    - daemon,client: write and read a maintenance.json file for when
      snapd is shut down
    - many: update to secboot v1 (part 1)
    - osutil/disks/mockdisk: panic if same mountpoint shows up again
      with diff opts
    - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
      reseal tests
    - many: implement snap routine console-conf-start for synchronizing
      auto-refreshes
    - dirs, boot: add ubuntu-save directories and related locations
    - usersession: fix typo in test name
    - overlord/snapstate: refactor ihibitRefresh
    - overlord/snapstate: stop warning about inhibited refreshes
    - cmd/snap: do not hardcode snapshot age value
    - overlord,usersession: initial notifications of pending refreshes
    - tests: add a unit test for UpdateMany where a single snap fails
    - o/snapstate/catalogrefresh.go: don't refresh catalog in install
      mode uc20
    - tests: also check snapst.Current in undo-unlink tests
    - tests: new nested tool
    - o/snapstate: implement undo handler for unlink-snap
    - tests: clean systems.sh helper and migrate last set of tests
    - tests: moving the lib section from systems.sh helper to os.query
      tool
    - tests/uc20-create-partitions: don't check for grub.cfg
    - packaging: make sure that static binaries are indeed static, fix
      openSUSE
    - many: have install return encryption keys for data and save,
      improve tests
    - overlord: add link participant for linkage transitions
    - tests: lxd smoke test
    - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
      seed too
    - tests: moving main suite from systems.sh to os.query tool
    - tests: moving the core test suite from systems.sh to os.query tool
    - cmd/snap-confine: mask host's apparmor config
    - o/snapstate: move setting updated SnapState after error paths
    - tests: add value to INSTANCE_KEY/regular
    - spread, tests: tweaks for openSUSE
    - cmd/snap-confine: update path to snap-device-helper in AppArmor
      profile
    - tests: new os.query tool
    - overlord/snapshotstate/backend: specify tar format for snapshots
    - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
      UC20
    - client,daemon,snap: auto-import does not error on managed devices
    - interfaces: PTP hardware clock interface
    - tests: use tests.backup tool
    - many: verify that unit tests work with nosecboot tag and without
      secboot package
    - wrappers: do not error out on read-only /etc/dbus-1/session.d
      filesystem on core18
    - snapshots: import of a snapshot set
    - tests: more output for sbuild test
    - o/snapstate: re-order remove tasks for individual snap revisions
      to remove current last
    - boot: skip some unit tests when running as root
    - o/assertstate: introduce
      ValidationTrackingKey/ValidationSetTracking and basic methods
    - many: allow ignoring running apps for specific request
    - tests: allow the searching test to fail under load
    - overlord/snapstate: inhibit startup while unlinked
    - seed/seedwriter/writer.go: check DevModeConfinement for dangerous
      features
    - tests/main/sudo-env: snap bin is available on Fedora
    - boot, overlord/devicestate: list trusted and managed assets
      upfront
    - gadget, gadget/install: support for ubuntu-save, create one during
      install if needed
    - spread-shellcheck: temporary workaround for deadlock, drop
      unnecessary test
    - snap: support different exit-code in the snap command
    - logger: use strutil.KernelCommandLineSplit in
      debugEnabledOnKernelCmdline
    - logger: fix snapd.debug=1 parsing
    - overlord: increase refresh postpone limit to 14 days
    - spread-shellcheck: use single thread pool executor
    - gadget/install,secboot: add debug messages
    - spread-shellcheck: speed up spread-shellcheck even more
    - spread-shellcheck: process paths from arguments in parallel
    - tests: tweak error from tests.cleanup
    - spread: remove workaround for openSUSE go issue
    - o/configstate: create /etc/sysctl.d when applying early config
      defaults
    - tests: new tests.backup tool
    - tests: add tests.cleanup pop sub-command
    - tests: migration of the main suite to snaps-state tool part 6
    - tests: fix journal-state test
    - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
      recover files
    - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
      same IP addr
    - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
      building snapd
    - boot, gadget, bootloader: observer preserves managed bootloader
      configs
    - tests/nested/manual: add uc20 grade signed cloud-init test
    - o/snapstate/autorefresh.go: eliminate race when launching
      autorefresh
    - daemon,snapshotstate: do not return "size" from Import()
    - daemon: limit reading from snapshot import to Content-Length
    - many: set/expect Content-Length header when importing snapshots
    - github: switch from ::set-env command to environment file
    - tests: migration of the main suite to snaps-state tool part 5
    - client: cleanup the Client.raw* and Client.do* method families
    - tests: moving main suite to snaps-state tool part 4
    - client,daemon,snap: use constant for snapshot content-type
    - many: fix typos and repeated "the"
    - secboot: fix tpm connection leak when it's not enabled
    - many: scaffolding for snapshots import API
    - run-checks: run spread-shellcheck too
    - interfaces: update network-manager interface to allow
      ObjectManager access from unconfined clients
    - tests: move core and regression suites to snaps-state tool
    - tests: moving interfaces tests to snaps-state tool
    - gadget: preserve files when indicated by content change observer
    - tests: moving smoke test suite and some tests from main suite to
      snaps-state tool
    - o/snapshotstate: pass set id to backend.Open, update tests
    - asserts/snapasserts: introduce ValidationSets
    - o/snapshotstate: improve allocation of new set IDs
    - boot: look at the gadget for run mode bootloader when making the
      system bootable
    - cmd/snap: allow snap help vs --all to diverge purposefully
    - usersession/userd: separate bus name ownership from defining
      interfaces
    - o/snapshotstate: set snapshot set id from its filename
    - o/snapstate: move remove-related tests to snapstate_remove_test.go
    - desktop/notification: switch ExpireTimeout to time.Duration
    - desktop/notification: add unit tests
    - snap: snap help output refresh
    - tests/nested/manual/preseed: include a system-usernames snap when
      preseeding
    - tests: fix sudo-env test
    - tests: fix nested core20 shellcheck bug
    - tests/lib: move to new directory when restoring PWD, cleanup
      unpacked unpacked snap directories
    - desktop/notification: add bindings for FDO notifications
    - dbustest: fix stale comment references
    - many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
      drop former
    - snap-repair: add uc20 support
    - tests: print all the serial logs for the nested test
    - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
      bug in test
    - cmd/snap/auto-import: stop importing system user assertions from
      initramfs mnts
    - osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
      as Unknown*
    - asserts: deserialize grouping only once in Pool.AddBatch if needed
    - gadget: allow content observer to have opinions about a change
    - tests: new snaps-state command - part1
    - o/assertstate: support refreshing any number of snap-declarations
    - boot: use test helpers
    - tests/core/snap-debug-bootvars: also check snap_mode
    - many/apparmor: adjust rules for reading profile/ execing new
      profiles for new kernel
    - tests/core/snap-debug-bootvars: spread test for snap debug boot-
      vars
    - tests/lib/nested.sh: more little tweaks
    - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
    - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
      recover modes
    - overlord: explicitly set refresh-app-awareness in tests
    - kernel: remove "edition" from kernel.yaml and add "update"
    - spread: drop vendor from the packed project archive
    - boot: fix debug bootloader variables dump on UC20 systems
    - wrappers, systemd: allow empty root dir and conditionally do not
      pass --root to systemctl
    - tests/nested/manual: add test for grades above signed booting with
      testkeys
    - tests/nested: misc robustness fixes
    - o/assertstate,asserts: use bulk refresh to refresh snap-
      declarations
    - tests/lib/prepare.sh: stop patching the uc20 initrd since it has
      been updated now
    - tests/nested/manual/refresh-revert-fundamentals: re-enable test
    - update-pot: ignore .go files inside .git when running xgettext-go
    - tests: disable part of the lxd test completely on 16.04.
    - o/snapshotstate: tweak comment regarding snapshot filename
    - o/snapstate: improve snapshot iteration
    - bootloader: lk cleanups
    - tests: update to support nested kvm without reboots on UC20
    - tests/nested/manual/preseed: disable system-key check for 20.04
      image
    - spread.yaml: add ubuntu-20.10-64 to qemu
    - store: handle v2 error when fetching assertions
    - gadget: resolve device mapper devices for fallback device lookup
    - tests/nested/cloud-init-many: simplify tests and unify
      helpers/seed inputs
    - tests: copy /usr/lib/snapd/info to correct directory
    - check-pr-title.py * : allow "*" in the first part of the title
    - many: typos and small test tweak
    - tests/main/lxd: disable cgroup combination for 16.04 that is
      failing a lot
    - tests: make nested signing helpers less confusing
    - tests: misc nested changes
    - tests/nested/manual/refresh-revert-fundamentals: disable
      temporarily
    - tests/lib/cla_check: default to Python 3, tweaks, formatting
    - tests/lib/cl_check.py: use python3 compatible code

-- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 19 Nov 2020 17:51:02 +0100

Changed in snapd (Ubuntu Groovy):
status:	Fix Committed → Fix Released

Revision history for this message

Łukasz Zemczak (sil2100) wrote on 2020-11-30: Update Released

#12

The verification of the Stable Release Update for snapd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message

Matthieu Baerts (matttbe) wrote on 2020-11-30:

#13

Hello!

Thanks for maintaining snapd packages!

I recently got an upgrade of snapd on Ubuntu 20.10 Hirsute. I only use it for Chromium, mainly to attend some meetings. Chromium had been updated 12 days ago according to 'snap info'. It has been restarted since then. "lxd" has not been upgraded recently.

After the upgrade, my microphone was not accepted in a meeting. I restarted chromium but nothing happened: it didn't restart. I quickly checked with "ps" and there was one process started and related to chromium: /snap/bin/chromium. Relaunching Chromium added one process like that.

I also did: "snap list" but nothing was printed and it looked stuck, I didn't get the prompt back.

Sadly, I didn't have time to investigate more because I was expected in a meeting so I did a Windows (reboot) and after it was OK. I didn't try to restart snapd services :-/

After the reboot (and the meeting), I tried to collect more logs:

$ journalctl -u snapd -b-1
(...)
Nov 29 21:26:46 me snapd[974]: storehelpers.go:551: cannot refresh: snap has no updates available: "chromium", "core", "core18", "core20", "gtk-common-themes" (...)
Nov 30 10:43:48 me systemd[1]: Stopping Snap Daemon...
Nov 30 10:43:48 me snapd[974]: main.go:155: Exiting on terminated signal.
Nov 30 10:44:13 me snapd[974]: daemon.go:586: WARNING: cannot gracefully shut down in-flight snapd API activity within: 25s
Nov 30 10:45:18 me systemd[1]: snapd.service: State 'stop-sigterm' timed out. Killing.
Nov 30 10:45:18 me systemd[1]: snapd.service: Killing process 974 (snapd) with signal SIGKILL.
Nov 30 10:45:18 me systemd[1]: snapd.service: Main process exited, code=killed, status=9/KILL
Nov 30 10:45:18 me systemd[1]: snapd.service: Failed with result 'timeout'.
Nov 30 10:45:18 me systemd[1]: Stopped Snap Daemon.
Nov 30 10:45:18 me systemd[1]: snapd.service: Triggering OnFailure= dependencies.

$ journalctl -u snapd.apparmor -b-1
-- Logs begin at Mon 2020-10-12 09:26:32 CEST, end at Mon 2020-11-30 12:08:22 CET. --
Nov 27 10:41:38 me systemd[1]: Starting Load AppArmor profiles managed internally by snapd...
Nov 27 10:41:38 me systemd[1]: Finished Load AppArmor profiles managed internally by snapd.
Nov 30 10:43:48 me systemd[1]: snapd.apparmor.service: Succeeded.
Nov 30 10:43:48 me systemd[1]: Stopped Load AppArmor profiles managed internally by snapd.

$ journalctl -u snapd.seeded.service -b-1
-- Logs begin at Mon 2020-10-12 09:26:32 CEST, end at Mon 2020-11-30 12:08:52 CET. --
Nov 27 10:41:39 me systemd[1]: Starting Wait until snapd is fully seeded...
Nov 27 10:41:39 me systemd[1]: Finished Wait until snapd is fully seeded.
Nov 30 10:43:48 me systemd[1]: snapd.seeded.service: Succeeded.
Nov 30 10:43:48 me systemd[1]: Stopped Wait until snapd is fully seeded.

$ journalctl -u snapd.failure -b-1
-- Logs begin at Mon 2020-10-12 09:26:32 CEST, end at Mon 2020-11-30 12:08:52 CET. --
Nov 30 10:45:18 me systemd[1]: Starting Failure handling of the snapd snap...
Nov 30 10:45:18 me systemd[1]: snapd.failure.service: Succeeded.
Nov 30 10:45:18 me systemd[1]: Finished Failure handling of the snapd snap.

Not sure it would help. I didn't find any logs related to snapd in /var/log.