-
snapd (2.58+18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: possible sandbox escape via TIOCLINUX ioctl
- interfaces/seccomp/template.go: block ioctl with TIOCLINUX. Patch
from upstream. Graphical terminal emulators like xterm, gnome-terminal
and others are not affected - this can only be exploited when snaps
are run on a virtual console.
- https://github.com/snapcore/snapd/pull/12849
- CVE-2023-1523
-- Alex Murray <email address hidden> Mon, 29 May 2023 21:40:12 +0930
-
snapd (2.58+18.04) bionic; urgency=medium
* New upstream release, LP: #1998462
- many: Use /tmp/snap-private-tmp for per-snap private tmps
- data: Add systemd-tmpfiles configuration to create private tmp dir
- cmd/snap: test allowed and forbidden refresh hold values
- cmd/snap: be more consistent in --hold help and err messages
- cmd/snap: error on refresh holds that are negative or too short
- o/homedirs: make sure we do not write to /var on build time
- image: make sure file customizations happen also when we have
defaultscause
- tests/fde-on-classic: set ubuntu-seed label in seed partitions
- gadget: system-seed-null should also have fs label ubuntu-seed
- many: gadget.HasRole, ubuntu-seed can come also from system-seed-
null
- o/devicestate: fix paths for retrieving recovery key on classic
- cmd/snap-confine: do not discard const qualifier
- interfaces: allow python3.10+ in the default template
- o/restart: fix PendingForSystemRestart
- interfaces: allow wayland slot snaps to access shm files created
by Firefox
- o/assertstate: add Sequence() to val set tracking
- o/assertstate: set val set 'Current' to pinned sequence
- tests: tweak the libvirt interface test to work on 22.10
- tests: use system-seed-null role on classic with modes tests
- boot: add directory for data on install
- o/devicestate: change some names from esp to seed/seed-null
- gadget: add system-seed-null role
- o/devicestate: really add error to new error message
- restart,snapstate: implement reboot-required notifications on
classic
- many: avoid automatic system restarts on classic through new
overlord/restart logic
- release: Fix WSL detection in LXD
- o/state: introduce WaitStatus
- interfaces: Fix desktop interface rules for document portal
- client: remove classic check for `snap recovery --show-
keys`
- many: create snapd.mounts targets to schedule mount units
- image: enable sysfs overlay for UC preseeding
- i/b/network-control: add permissions for using AF_XDP
- i/apparmor: move mocking of home and overlay conditions to osutil
- tests/main/degraded: ignore man-db update failures in CentOS
- cmd/snap: fix panic when running snap w/ flag but w/o subcommand
- tests: save snaps generated during image preaparation
- tests: skip building snapd based on new env var
- client: remove misleading comments in ValidateApplyOptions
- boot/seal: add debug traces for bootchains
- bootloader/assets: fix grub.cfg when there are no labels
- cmd/snap: improve refresh hold's output
- packaging: enable BPF in RHEL9
- packaging: do not traverse filesystems in postrm script
- tests: get microk8s from another branch
- bootloader: do not specify Core version in grub entry
- many: refresh --hold follow-up
- many: support refresh hold/unhold to API and CLI
- many: expand fully handling links mapping in all components, in
the API and in snap info
- snap/system_usernames,tests: Azure IoT Edge system usernames
- interface: Allow access to
org.freedesktop.DBus.ListActivatableNames via system-observe
interface
- o/devicestate,daemon: use the expiration date from the assertion
in user-state and REST api (user-removal 4/n)
- gadget: add unit tests for new install functions for FDE on
classic
- cmd/snap-seccomp: fix typo in AF_XDP value
- tests/connected-after-reboot-revert: run also on UC16
- kvm: allow read of AMD-SEV parameters
- data: tweak apt integration config var
- o/c/configcore: add faillock configuration
- tests: use dbus-daemon instead of dbus-launch
- packaging: remove unclean debian-sid patch
- asserts: add keyword 'user-presence' keyword in system-user
assertion (auto-removal 3/n)
- interfaces: steam-support allow pivot /run/media and /etc/nvidia
mount
- aspects: initial code
- overlord: process auto-import assertion at first boot
- release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
- tests: fix lxd-mount-units in ubuntu kinetic
- tests: new variable used to configure the kernel command line in
nested tests
- go.mod: update to newer secboot/uc22 branch
- autopkgtests: fix running autopkgtest on kinetic
- tests: remove squashfs leftovers in fakeinstaller
- tests: create partition table in fakeinstaller
- o/ifacestate: introduce DebugAutoConnectCheck hook
- tests: use test-snapd-swtpm instead of swtpm-mvo snap in nested
helper
- interfaces/polkit: do not require polkit directory if no file is
needed
- o/snapstate: be consistent not creating per-snap save dirs for
classic models
- inhibit: use hintFile()
- tests: use `snap prepare-image` in fde-on-classic mk-image.sh
- interfaces: add microceph interface
- seccomp: allow opening XDP sockets
- interfaces: allow access to icon subdirectories
- tests: add minimal-smoke test for UC22 and increase minimal RAM
- overlord: introduce hold levels in the snapstate.Hold* API
- o/devicestate: support mounting ubuntu-save also on classic with
modes
- interfaces: steam-support allow additional mounts
- fakeinstaller: format SystemDetails result with %+v
- cmd/libsnap-confine-private: do not panic on chmod failure
- tests: ensure that fakeinstaller put the seed into the right place
- many: add stub services for prompting
- tests: add libfwupd and libfwupdplugin5 to openSUSE dependencies
- o/snapstate: fix snaps-hold pruning/reset in the presence of
system holding
- many: add support for setting up encryption from installer
- many: support classic snaps in the context of classic and extended
models
- cmd/snap,daemon: allow zero values from client to daemon for
journal rate limit
- boot,o/devicestate: extend HasFDESetupHook to consider unrelated
kernels
- cmd/snap: validation set refresh-enforce CLI support + spread test
- many: fix filenames written in modeenv for base/gadget plus drive-
by TODO
- seed: fix seed test to use a pseudo-random byte sequence
- cmd/snap-confine: remove setuid calls from cgroup init code
- boot,o/devicestate: introduce and use MakeRunnableStandaloneSystem
- devicestate,boot,tests: make `fakeinstaller` test work
- store: send Snap-Device-Location header with cloud information
- overlord: fix unit tests after merging master in
- o/auth: move HasUserExpired into UserState and name it HasExpired,
and add unit tests for this
- o/auth: rename NewUserData to NewUserParams
- many: implementation of finish install step handlers
- overlord: auto-resolve validation set enforcement constraints
- i/backends,o/ifacestate: cleanup backends.All
- cmd/snap-confine: move bind-mount setup into separate function
- tests/main/mount-ns: update namespace for 18.04
- o/state: Hold pseudo-error for explicit holding, concept of
pending changes in prune logic
- many: support extended classic models that omit kernel/gadget
- data/selinux: allow snapd to detect WSL
- overlord: add code to remove users that has an expiration date set
- wrappers,snap/quota: clear LogsDirectory= in the service unit for
journal namespaces
- daemon: move user add, remove operations to overlord device state
- gadget: implement write content from gadget information
- {device,snap}state: fix ineffectual assignments
- daemon: support validation set refresh+enforce in API
- many: rename AddAffected* to RegisterAffected*, add
Change|State.Has, fix a comment
- many: reset store session when setting proxy.store
- overlord/ifacestate: fix conflict detection of auto-connection
- interfaces: added read/write access to /proc/self/coredump_filter
for process-control
- interfaces: add read access to /proc/cgroups and
/proc/sys/vm/swappiness to system-observe
- fde: run fde-reveal-key with `DefaultDependencies=no`
- many: don't concatenate non-constant format strings
- o/devicestate: fix non-compiling test
- release, snapd-apparmor: fixed outdated WSL detection
- many: add todos discussed in the review in
tests/nested/manual/fde-on-classic, snapstate cleanups
- overlord: run install-device hook during factory reset
- i/b/mount-control: add optional `/` to umount rules
- gadget/install: split Run in several functions
- o/devicestate: refactor some methods as preparation for install
steps implementation
- tests: fix how snaps are cached in uc22
- tests/main/cgroup-tracking-failure: fix rare failure in Xenial and
Bionic
- many: make {Install,Initramfs}{{,Host},Writable}Dir a function
- tests/nested/manual/core20: fix manual test after changes to
'tests.nested exec'
- tests: move the unit tests system to 22.04 in github actions
workflow
- tests: fix nested errors uc20
- boot: rewrite switch in SnapTypeParticipatesInBoot()
- gadget: refactor to allow usage from the installer
- overlord/devicestate: support for mounting ubuntu-save before the
install-device hook
- many: allow to install/update kernels/gadgets on classic with
modes
- tests: fix issues related to dbus session and localtime in uc18
- many: support home dirs located deeper under /home
- many: refactor tests to use explicit strings instead of
boot.Install{Initramfs,Host}{Writable,FDEData}Dir
- boot: add factory-reset cases for boot-flags
- tests: disable quota tests on arm devices using ubuntu core
- tests: fix unbound SPREAD_PATH variable on nested debug session
- overlord: start turning restart into a full state manager
- boot: apply boot logic also for classic with modes boot snaps
- tests: fix snap-env test on debug section when no var files were
created
- overlord,daemon: allow returning errors when requesting a restart
- interfaces: login-session-control: add further D-Bus interfaces
- snapdenv: added wsl to userAgent
- o/snapstate: support running multiple ops transactionally
- store: use typed valset keys in store package
- daemon: add `ensureStateSoon()` when calling systems POST api
- gadget: add rules for validating classic with modes gadget.yaml
files
- wrappers: journal namespaces did not honor journal.persistent
- many: stub devicestate.Install{Finish,SetupStorageEncryption}()
- sandbox/cgroup: don't check V1 cgroup if V2 is active
- seed: add support to load auto import assertion
- tests: fix preseed tests for arm systems
- include/lk: update LK recovery environment definition to include
device lock state used by bootloader
- daemon: return `storage-encryption` in /systems/<label> reply
- tests: start using remote tools from snapd-testing-tools project
in nested tests
- tests: fix non mountable filesystem error in interfaces-udisks2
- client: clarify what InstallStep{SetupStorageEncryption,Finish} do
- client: prepare InstallSystemOptions for real use
- usersession: Remove duplicated struct
- o/snapstate: support specific revisions in UpdateMany/InstallMany
- i/b/system_packages_doc: restore access to Libreoffice
documentation
- snap/quota,wrappers: allow using 0 values for the journal rate
limit
- tests: add kinetic images to the gce bucket for preseed test
- multiple: clear up naming convention for thread quota
- daemon: implement stub `"action": "install"`
- tests/main/snap-quota-{install/journal}: fix unstable spread tests
- tests: remove code for old systems not supported anymore
- tests: third part of the nested helper cleanup
- image: clean snapd mount after preseeding
- tests: use the new ubuntu kinetic image
- i/b/system_observe: honour root dir when checking for
/boot/config-*
- tests: restore microk8s test on 16.04
- tests: run spread tests on arm64 instances in google cloud
- tests: skip interfaces-udisks2 in fedora
- asserts,boot,secboot: switch to a secboot version measuring
classic
- client: add API for GET /systems/<label>
- overlord: frontend for --quota-group support (2/2)
- daemon: add GET support for `/systems/<seed-label>`
- i/b/system-observe: allow reading processes security label
- many: support '--purge' when removing multiple snaps
- snap-confine: remove obsolete code
- interfaces: rework logic of unclashMountEntries
- data/systemd/Makefile: add comment warning about "snapd." prefix
- interfaces: grant access to speech-dispatcher socket (bug 1787245)
- overlord/servicestate: disallow removal of quota group with any
limits set
- data: include snapd/mounts in preseeded blob
- many: Set SNAPD_APPARMOR_REEXEC=1
- store/tooling,tests: support UBUNTU_STORE_URL override env var
- multiple: clear up naming convention for cpu-set quota
- tests: improve and standardize debug section on tests
- device: add new DeviceManager.encryptionSupportInfo()
- tests: check snap download with snapcraft v7+ export-login auth
data
- cmd/snap-bootstrap: changes to be able to boot classic rootfs
- tests: fix debug section for test uc20-create-partitions
- overlord: --quota-group support (1/2)
- asserts,cmd/snap-repair: drop not pursued
AuthorityDelegation/signatory-id
- snap-bootstrap: add CVM mode* snap-bootstrap: add classic runmode
- interfaces: make polkit implicit on core if /usr/libexec/polkitd
exists
- multiple: move arguments for auth.NewUser into a struct (auto-
removal 1/n)
- overlord: track security profiles for non-active snaps
- tests: remove NESTED_IMAGE_ID from nested manual tests
- tests: add extra space to ubuntu bionic
- store/tooling: support using snapcraft v7+ base64-encoded auth
data
- overlord: allow seeding in the case of classic with modes system
- packaging/*/tests/integrationtests: reload ssh.service, not
sshd.service
- tests: rework snap-logs-journal test and add missing cleanup
- tests: add spread test for journal quotas
- tests: run spread tests in ubuntu kinetic
- o/snapstate: extend support for holding refreshes
- devicestate: return an error in checkEncryption() if KernelInfo
fails
- tests: fix sbuild test on debian sid
- o/devicestate: do not run tests in this folder twice
- sandbox/apparmor: remove duplicate hook into testing package
- many: refactor store code to be able to use simpler form of auth
creds
- snap,store: drop support/consideration for anonymous download urls
- data/selinux: allow snaps to read certificates
- many: add Is{Core,Classic}Boot() to DeviceContext
- o/assertstate: don't refresh enforced validation sets during check
- go.mod: replace maze.io/x/crypto with local repo
- many: fix unnecessary use of fmt.Sprintf
- bootloader,systemd: fix `don't use Yoda conditions (ST1017)`
- HACKING.md: extend guidelines with common review comments
- many: progress bars should use the overridable stdouts
- tests: remove ubuntu 21.10 from sru validation
- tests: import remote tools
- daemon,usersession: switch from HeaderMap to Header in tests
- asserts: add some missing `c.Check()` in the asserts test
- strutil: fix VersionCompare() to allow multiple `-` in the version
- testutil: remove unneeded `fmt.Sprintf`
- boot: remove some unneeded `fmt.Sprintf()` calls
- tests: implement prepare_gadget and prepare_base and unify all the
version
- o/snapstate: refactor managed refresh schedule logic
- o/assertstate, snapasserts: implementation of
assertstate.TryEnforceValidationSets function
- interfaces: add kconfig paths to system-observe
- dbusutil: move debian patch into dbustest
- many: change name and input of CheckProvenance to clarify usage
- tests: Fix a missing parameter in command to wait for device
- tests: Work-around non-functional --wait on systemctl
- tests: unify the way the snapd/core and kernel are repacked in
nested helper
- tests: skip interfaces-ufisks2 on centos-9
- i/b/mount-control: allow custom filesystem types
- interfaces,metautil: make error handling in getPaths() more
targeted
- cmd/snap-update-ns: handle mountpoint removal failures with EBUSY
- tests: fix pc-kernel repacking
- systemd: add `WantedBy=default.target` to snap mount units
- tests: disable microk8s test on 16.04
-- Michael Vogt <email address hidden> Thu, 01 Dec 2022 09:52:23 +0100
-
snapd (2.57.5+18.04ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Local privilege escalation
- snap-confine: Fix race condition in snap-confine when preparing a
private tmp mount namespace for a snap
- CVE-2022-3328
-- Alex Murray <email address hidden> Mon, 28 Nov 2022 15:26:53 +1030
-
snapd (2.57.5+18.04) bionic; urgency=medium
* New upstream release, LP: #1983035
- image: clean snapd mount after preseeding
- wrappers,snap/quota: clear LogsDirectory= in the service unit
for journal namespaces
- cmd/snap,daemon: allow zero values from client to daemon for
journal rate-limit
- interfaces: steam-support allow pivot /run/media and /etc/nvidia
mount
- o/ifacestate: introduce DebugAutoConnectCheck hook
- release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
- autopkgtests: fix running autopkgtest on kinetic
- interfaces: add microceph interface
- interfaces: steam-support allow additional mounts
- many: add stub services
- interfaces: add kconfig paths to system-observe
- i/b/system_observe: honour root dir when checking for
/boot/config-*
- interfaces: grant access to speech-dispatcher socket
- interfaces: rework logic of unclashMountEntries
-- Michael Vogt <email address hidden> Mon, 17 Oct 2022 18:25:18 +0200
-
snapd (2.55.5+18.04) bionic; urgency=medium
* New upstream release, LP: #1965808
- snapstate: do not auto-migrate to ~/Snap for core22 just yet
- cmd/snap-seccomp: add copy_file_range to
syscallsWithNegArgsMaskHi32
- cmd/snap-update-ns: correctly set sticky bit on created
directories where applicable
- .github: Skip misspell and ineffassign on go 1.13
- tests: add lz4 dependency for jammy to avoid issues repacking
kernel
- interfaces: posix-mq: add new interface
-- Michael Vogt <email address hidden> Wed, 11 May 2022 06:38:24 +0200
-
snapd (2.54.3+18.04.2ubuntu0.2) bionic-security; urgency=medium
* SECURITY REGRESSION: Fix fish shell compatibility
- data/env/snapd.fish.in: more workarounds for even older fish shells,
provide reasonable defaults.
- LP: #1961791
-- Paulo Flabiano Smorigo <email address hidden> Wed, 23 Feb 2022 18:29:05 +0000
-
snapd (2.54.3+18.04.2ubuntu0.1) bionic-security; urgency=medium
* SECURITY REGRESSION: Fix fish shell compatibility
- data/env/snapd.fish.in: fix fish env for all versions of fish, unexport
local vars, export XDG_DATA_DIRS.
- LP: #1961365
-- Paulo Flabiano Smorigo <email address hidden> Fri, 18 Feb 2022 14:06:51 +0000
-
snapd (2.54.3+18.04) bionic-security; urgency=medium
* SECURITY UPDATE: Sensitive information exposure
- usersession/autostart: change ~/snap perms to 0700 on startup.
- cmd: create ~/snap dir with 0700 perms.
- CVE-2021-3155
- LP: #1910298
* SECURITY UPDATE: Local privilege escalation
- snap-confine: Add validations of the location of the snap-confine
binary within snapd.
- snap-confine: Fix race condition in snap-confine when preparing a
private mount namespace for a snap.
- CVE-2021-44730
- CVE-2021-44731
* SECURITY UPDATE: Data injection from malicious snaps
- interfaces: Add validations of snap content interface and layout
paths in snapd.
- CVE-2021-4120
- LP: #1949368
-- Michael Vogt <email address hidden> Tue, 15 Feb 2022 17:45:13 +0100
-
snapd (2.54.2+18.04ubuntu1) bionic; urgency=medium
* New upstream release, LP: #1955137
- fix missing prepare in autopkgtest setup, this fixes the
autopkgest failure from the previous upload
-- Michael Vogt <email address hidden> Fri, 14 Jan 2022 17:23:34 +0100
-
snapd (2.54.2+18.04) bionic; urgency=medium
* New upstream release, LP: #1955137
- tests: exclude interfaces-kernel-module load on arm
- tests: ensure that test-snapd-kernel-module-load is
removed
- tests: do not test microk8s-smoke on arm
- tests/core/failover: replace boot-state with snap debug boot-vars
- tests: use snap info|awk to extract tracking channel
- tests: fix remodel-kernel test when running on external devices
- .github/workflows/test.yaml: also check internal snapd version for
cleanliness
- packaging/ubuntu-16.04/rules: eliminate seccomp modification
- bootloader/assets/grub_*cfg_asset.go: update Copyright
- build-aux/snap/snapcraft.yaml: adjust comment about get-version
- .github/workflows/test.yaml: add check in github actions for dirty
snapd snaps
- build-aux/snap/snapcraft.yaml: use build-packages, don't fail
dirty builds
- data/selinux: allow poking /proc/xen
-- Ian Johnson <email address hidden> Thu, 06 Jan 2022 15:25:16 -0600
-
snapd (2.51.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1929842
- interfaces: add netlink-driver interface
- interfaces: builtin: add dm-crypt interface to support external
storage encryption
- interfaces/dsp: fix typo in udev rule
- overlord/snapstate: lock the mutex before returning from stop
snap services undo
- interfaces: opengl: change path for Xilinx zocl driver
- interfaces/dsp: add /dev/cavalry into dsp interface
- packaging/fedora/snapd.spec: correct date format in changelog
-- Michael Vogt <email address hidden> Tue, 15 Jun 2021 12:45:08 +0200
-
snapd (2.49.2+18.04) bionic; urgency=medium
* New upstream release, LP: #1915248
- interfaces/tee: add TEE/OPTEE interface
- o/configstate/configcore: add hdmi_timings to pi-config
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- snap-seccomp: fix seccomp test on ppc64el
- interfaces{,/apparmor}, overlord/snapstate:
late removal of snap-confine apparmor profiles
- overlord/snapstate, wrappers: add dependency on usr-lib-
snapd.mount for services on core with snapd snap
- o/configstate: deal with no longer valid refresh.timer=managed
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- o/{device,hook}state: encode fde-setup-request key as base64
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- tests/main/uc20-create-partitions: fix tests cleanup
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- snap-seccomp: add new `close_range` syscall
-- Michael Vogt <email address hidden> Fri, 26 Mar 2021 16:49:46 +0100
-
snapd (2.48.3+18.04) bionic-security; urgency=medium
* SECURITY UPDATE: sandbox escape vulnerability for containers
(LP: #1910456)
- many: add Delegate=true to generated systemd units for special
interfaces
- interfaces/greengrass-support: back-port interface changes to
2.48
- CVE-2020-27352
* interfaces/builtin/docker-support: allow /run/containerd/s/...
- This is a new path that docker 19.03.14 (with a new version of
containerd) uses to avoid containerd CVE issues around the unix
socket. See also CVE-2020-15257.
snapd (2.48.2) xenial; urgency=medium
* New upstream release, LP: #1906690
- tests: sign new nested-18|20* models to allow for generic serials
- secboot: add extra paranoia when waiting for that fde-reveal-key
- tests: backport netplan workarounds from #9785
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- secboot: add new LockSealedKeys() that uses either TPM or
fde-reveal-key
- gadget: use "sealed-keys" to determine what method to use for
reseal
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- secboot: use `fde-reveal-key` if available to unseal key
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- o/devicestate: save model with serial in the device save db
- devicestate: add runFDESetupHook() helper
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- hookstate: add new HookManager.EphemeralRunHook()
- update-pot: fix typo in plural keyword spec
- store,cmd/snap-repair: increase initial expontential time
intervals
- o/devicestate,daemon: fix reboot system action to not require a
system label
- github: run nested suite when commit is pushed to release branch
- tests: reset fakestore unit status
- tests: fix uc20-create-parition-* tests for updated gadget
- hookstate: implement snapctl fde-setup-{request,result}
- devicestate: make checkEncryption fde-setup hook aware
- client,snapctl: add naive support for "stdin"
- devicestate: support "storage-safety" defaults during install
- snap: use the boot-base for kernel hooks
- vendor: update secboot repo to avoid including secboot.test binary
snapd (2.48.1) xenial; urgency=medium
* New upstream release, LP: #1906690
- gadget: disable ubuntu-boot role validation check
-- Michael Vogt <email address hidden> Tue, 02 Feb 2021 09:21:12 +0100
-
snapd (2.48+18.04) bionic; urgency=medium
* New upstream release, LP: #1904098
- osutil: add KernelCommandLineKeyValue
- devicestate: implement boot.HasFDESetupHook
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- bootloader: use ForGadget when installing boot config
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- boot: add scaffolding for "fde-setup" hook support for sealing
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- snap: add new "fde-setup" hooktype
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
- secboot,cmd/snap-bootstrap: fix degraded mode cases with better
device handling
- boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
messiness
- tests/nested/manual/refresh-revert-fundamentals: temporarily
disable secure boot
- snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
boot modes
- many: address degraded recover mode feedback, cleanups
- tests: Use systemd-run on tests part2
- tests: set the opensuse tumbleweed system as manual in spread.yaml
- secboot: call BlockPCRProtectionPolicies even if the TPM is
disabled
- vendor: update to current secboot
- cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
save
- spread.yaml: increase number of workers on 20.10
- snap: add new `snap recovery --show-keys` option
- tests: minor test tweaks suggested in the review of 9607
- snapd-generator: set standard snapfuse options when generating
units for containers
- tests: enable lxd test on ubuntu-core-20 and 16.04-32
- interfaces: share /tmp/.X11-unix/ from host or provider
- tests: enable main lxd test on 20.10
- cmd/s-b/initramfs-mounts: refactor recover mode to implement
degraded mode
- gadget/install: add progress logging
- packaging: keep secboot/encrypt_dummy.go in debian
- interfaces/udev: use distro specific path to snap-device-helper
- o/devistate: fix chaining of tasks related to regular snaps when
preseeding
- gadget, overlord/devicestate: validate that system supports
encrypted data before install
- interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
ESP layout
- many: add /v2/system-recovery-keys API and client
- secboot, many: return UnlockMethod from Unlock* methods for future
usage
- many: mv keys to ubuntu-boot, move model file, rename keyring
prefix for secboot
- tests: using systemd-run instead of manually create a systemd unit
- part 1
- secboot, cmd/snap-bootstrap: enable or disable activation with
recovery key
- secboot: refactor Unlock...IfEncrypted to take keyfile + check
disks first
- secboot: add LockTPMSealedKeys() to lock access to keys
independently
- gadget: correct sfdisk arguments
- bootloader/assets/grub: adjust fwsetup menuentry label
- tests: new boot state tool
- spread: use the official image for Ubuntu 20.10, no longer an
unstable system
- tests/lib/nested: enable snapd logging to console for core18
- osutil/disks: re-implement partition searching for disk w/ non-
adjacent parts
- tests: using the nested-state tool in nested tests
- many: seal a fallback object to the recovery boot chain
- gadget, gadget/install: move helpers to install package, refactor
unit tests
- dirs: add "gentoo" to altDirDistros
- update-pot: include file locations in translation template, and
extract strings from desktop files
- gadget/many: drop usage of gpt attr 59 for indicating creation of
partitions
- gadget/quantity: tweak test name
- snap: fix failing unittest for quantity.FormatDuration()
- gadget/quantity: introduce a new package that captures quantities
- o/devicestate,a/sysdb: make a backup of the device serial to save
- tests: fix rare interaction of tests.session and specific tests
- features: enable classic-preserves-xdg-runtime-dir
- tests/nested/core20/save: check the bind mount and size bump
- o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
- tests: rename hasHooks to hasInterfaceHooks in the ifacestate
tests
- o/devicestate: unit test tweaks
- boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
- testutil, cmd/snap/version: fix misc little errors
- overlord/devicestate: bind mount ubuntu-save under
/var/lib/snapd/save on startup
- gadget/internal: tune ext4 setting for smaller filesystems
- tests/nested/core20/save: a test that verifies ubuntu-save is
present and set up
- tests: update google sru backend to support groovy
- o/ifacestate: handle interface hooks when preseeding
- tests: re-enable the apt hooks test
- interfaces,snap: use correct type: {os,snapd} for test data
- secboot: set metadata and keyslots sizes when formatting LUKS2
volumes
- tests: improve uc20-create-partitions-reinstall test
- client, daemon, cmd/snap: cleanups from #9489 + more unit tests
- cmd/snap-bootstrap: mount ubuntu-save during boot if present
- secboot: fix doc comment on helper for unlocking volume with key
- tests: add spread test for refreshing from an old snapd and core18
- o/snapstate: generate snapd snap wrappers again after restart on
refresh
- secboot: version bump, unlock volume with key
- tests/snap-advise-command: re-enable test
- cmd/snap, snapmgr, tests: cleanups after #9418
- interfaces: deny connected x11 plugs access to ICE
- daemon,client: write and read a maintenance.json file for when
snapd is shut down
- many: update to secboot v1 (part 1)
- osutil/disks/mockdisk: panic if same mountpoint shows up again
with diff opts
- tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
reseal tests
- many: implement snap routine console-conf-start for synchronizing
auto-refreshes
- dirs, boot: add ubuntu-save directories and related locations
- usersession: fix typo in test name
- overlord/snapstate: refactor ihibitRefresh
- overlord/snapstate: stop warning about inhibited refreshes
- cmd/snap: do not hardcode snapshot age value
- overlord,usersession: initial notifications of pending refreshes
- tests: add a unit test for UpdateMany where a single snap fails
- o/snapstate/catalogrefresh.go: don't refresh catalog in install
mode uc20
- tests: also check snapst.Current in undo-unlink tests
- tests: new nested tool
- o/snapstate: implement undo handler for unlink-snap
- tests: clean systems.sh helper and migrate last set of tests
- tests: moving the lib section from systems.sh helper to os.query
tool
- tests/uc20-create-partitions: don't check for grub.cfg
- packaging: make sure that static binaries are indeed static, fix
openSUSE
- many: have install return encryption keys for data and save,
improve tests
- overlord: add link participant for linkage transitions
- tests: lxd smoke test
- tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
seed too
- tests: moving main suite from systems.sh to os.query tool
- tests: moving the core test suite from systems.sh to os.query tool
- cmd/snap-confine: mask host's apparmor config
- o/snapstate: move setting updated SnapState after error paths
- tests: add value to INSTANCE_KEY/regular
- spread, tests: tweaks for openSUSE
- cmd/snap-confine: update path to snap-device-helper in AppArmor
profile
- tests: new os.query tool
- overlord/snapshotstate/backend: specify tar format for snapshots
- tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
UC20
- client,daemon,snap: auto-import does not error on managed devices
- interfaces: PTP hardware clock interface
- tests: use tests.backup tool
- many: verify that unit tests work with nosecboot tag and without
secboot package
- wrappers: do not error out on read-only /etc/dbus-1/session.d
filesystem on core18
- snapshots: import of a snapshot set
- tests: more output for sbuild test
- o/snapstate: re-order remove tasks for individual snap revisions
to remove current last
- boot: skip some unit tests when running as root
- o/assertstate: introduce
ValidationTrackingKey/ValidationSetTracking and basic methods
- many: allow ignoring running apps for specific request
- tests: allow the searching test to fail under load
- overlord/snapstate: inhibit startup while unlinked
- seed/seedwriter/writer.go: check DevModeConfinement for dangerous
features
- tests/main/sudo-env: snap bin is available on Fedora
- boot, overlord/devicestate: list trusted and managed assets
upfront
- gadget, gadget/install: support for ubuntu-save, create one during
install if needed
- spread-shellcheck: temporary workaround for deadlock, drop
unnecessary test
- snap: support different exit-code in the snap command
- logger: use strutil.KernelCommandLineSplit in
debugEnabledOnKernelCmdline
- logger: fix snapd.debug=1 parsing
- overlord: increase refresh postpone limit to 14 days
- spread-shellcheck: use single thread pool executor
- gadget/install,secboot: add debug messages
- spread-shellcheck: speed up spread-shellcheck even more
- spread-shellcheck: process paths from arguments in parallel
- tests: tweak error from tests.cleanup
- spread: remove workaround for openSUSE go issue
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- tests: new tests.backup tool
- tests: add tests.cleanup pop sub-command
- tests: migration of the main suite to snaps-state tool part 6
- tests: fix journal-state test
- cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
recover files
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- boot, gadget, bootloader: observer preserves managed bootloader
configs
- tests/nested/manual: add uc20 grade signed cloud-init test
- o/snapstate/autorefresh.go: eliminate race when launching
autorefresh
- daemon,snapshotstate: do not return "size" from Import()
- daemon: limit reading from snapshot import to Content-Length
- many: set/expect Content-Length header when importing snapshots
- github: switch from ::set-env command to environment file
- tests: migration of the main suite to snaps-state tool part 5
- client: cleanup the Client.raw* and Client.do* method families
- tests: moving main suite to snaps-state tool part 4
- client,daemon,snap: use constant for snapshot content-type
- many: fix typos and repeated "the"
- secboot: fix tpm connection leak when it's not enabled
- many: scaffolding for snapshots import API
- run-checks: run spread-shellcheck too
- interfaces: update network-manager interface to allow
ObjectManager access from unconfined clients
- tests: move core and regression suites to snaps-state tool
- tests: moving interfaces tests to snaps-state tool
- gadget: preserve files when indicated by content change observer
- tests: moving smoke test suite and some tests from main suite to
snaps-state tool
- o/snapshotstate: pass set id to backend.Open, update tests
- asserts/snapasserts: introduce ValidationSets
- o/snapshotstate: improve allocation of new set IDs
- boot: look at the gadget for run mode bootloader when making the
system bootable
- cmd/snap: allow snap help vs --all to diverge purposefully
- usersession/userd: separate bus name ownership from defining
interfaces
- o/snapshotstate: set snapshot set id from its filename
- o/snapstate: move remove-related tests to snapstate_remove_test.go
- desktop/notification: switch ExpireTimeout to time.Duration
- desktop/notification: add unit tests
- snap: snap help output refresh
- tests/nested/manual/preseed: include a system-usernames snap when
preseeding
- tests: fix sudo-env test
- tests: fix nested core20 shellcheck bug
- tests/lib: move to new directory when restoring PWD, cleanup
unpacked unpacked snap directories
- desktop/notification: add bindings for FDO notifications
- dbustest: fix stale comment references
- many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
drop former
- snap-repair: add uc20 support
- tests: print all the serial logs for the nested test
- o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
bug in test
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
as Unknown*
- asserts: deserialize grouping only once in Pool.AddBatch if needed
- gadget: allow content observer to have opinions about a change
- tests: new snaps-state command - part1
- o/assertstate: support refreshing any number of snap-declarations
- boot: use test helpers
- tests/core/snap-debug-bootvars: also check snap_mode
- many/apparmor: adjust rules for reading profile/ execing new
profiles for new kernel
- tests/core/snap-debug-bootvars: spread test for snap debug boot-
vars
- tests/lib/nested.sh: more little tweaks
- tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- overlord: explicitly set refresh-app-awareness in tests
- kernel: remove "edition" from kernel.yaml and add "update"
- spread: drop vendor from the packed project archive
- boot: fix debug bootloader variables dump on UC20 systems
- wrappers, systemd: allow empty root dir and conditionally do not
pass --root to systemctl
- tests/nested/manual: add test for grades above signed booting with
testkeys
- tests/nested: misc robustness fixes
- o/assertstate,asserts: use bulk refresh to refresh snap-
declarations
- tests/lib/prepare.sh: stop patching the uc20 initrd since it has
been updated now
- tests/nested/manual/refresh-revert-fundamentals: re-enable test
- update-pot: ignore .go files inside .git when running xgettext-go
- tests: disable part of the lxd test completely on 16.04.
- o/snapshotstate: tweak comment regarding snapshot filename
- o/snapstate: improve snapshot iteration
- bootloader: lk cleanups
- tests: update to support nested kvm without reboots on UC20
- tests/nested/manual/preseed: disable system-key check for 20.04
image
- spread.yaml: add ubuntu-20.10-64 to qemu
- store: handle v2 error when fetching assertions
- gadget: resolve device mapper devices for fallback device lookup
- tests/nested/cloud-init-many: simplify tests and unify
helpers/seed inputs
- tests: copy /usr/lib/snapd/info to correct directory
- check-pr-title.py * : allow "*" in the first part of the title
- many: typos and small test tweak
- tests/main/lxd: disable cgroup combination for 16.04 that is
failing a lot
- tests: make nested signing helpers less confusing
- tests: misc nested changes
- tests/nested/manual/refresh-revert-fundamentals: disable
temporarily
- tests/lib/cla_check: default to Python 3, tweaks, formatting
- tests/lib/cl_check.py: use python3 compatible code
-- Michael Vogt <email address hidden> Thu, 19 Nov 2020 17:51:02 +0100
-
snapd (2.47.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1895929
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- cmd/snap: allow snap help vs --all to diverge purposefully
- snap: snap help output refresh
-- Michael Vogt <email address hidden> Thu, 08 Oct 2020 09:30:44 +0200
-
snapd (2.46.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1891134
- interfaces: allow snap-update-ns to read
/proc/cmdline
- github: run macOS job with Go 1.14
- o/snapstate, features: add feature flag for disk space check on
remove
- tests: account for apt-get on core18
- mkversion.sh: include dirty in version if the tree
is dirty
- interfaces/systemd: compare dereferenced Service
- vendor.json: update mysterious secboot SHA again
-- Michael Vogt <email address hidden> Fri, 04 Sep 2020 17:42:54 +0200
-
snapd (2.45.1+18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: sandbox escape vulnerability via snapctl user-open
(xdg-open)
- usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
variable modification when calling the system xdg-open. Patch
thanks to James Henstridge
- packaging/ubuntu-16.04/snapd.postinst: kill userd on upgrade so it
may autostart on next use. Patch thanks to Michael Vogt
- CVE-2020-11934
- LP: #1880085
-- Emilia Torino <email address hidden> Fri, 10 Jul 2020 11:00:39 -0300
-
snapd (2.45.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1875071
- data/selinux: allow checking /var/cache/app-info
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellanious policy updates xlv
- snap-bootstrap: remove sealed key file on reinstall
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- gadget: make ext4 filesystems with or without metadata checksum
- interfaces/fwupd: allow bind mount to /boot on core
- tests: cherry-pick test fixes from master
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- data/completion, packaging: cherry-pick zsh completion
- state: log task errors in the journal too
- devicestate: do not report "ErrNoState" for seeded up
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- packaging: stop depending on python-docutils
-- Michael Vogt <email address hidden> Fri, 05 Jun 2020 15:13:49 +0200
-
snapd (2.42.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1846181
- interfaces: de-duplicate emitted update-ns profiles
- packaging: tweak handling of usr.lib.snapd.snap-confine
- interfaces: allow introspecting network-manager on core
- tests/main/interfaces-contacts-service: disable on openSUSE
Tumbleweed
- tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
- snap: fix default-provider in seed validation
- tests: update system-usernames test now that opensuse-15.1 works
- overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
- gadget: rename "boot{select,img}" -> system-boot-{select,image}
- tests: listing test, make accepted snapd/core versions consistent
-- Michael Vogt <email address hidden> Wed, 30 Oct 2019 13:17:43 +0100
-
snapd (2.40+18.04) bionic; urgency=medium
* New upstream release, LP: #1836327
- overlord/patch: simplify conditions for re-applying sublevel
patches for level 6
- cmd,tests: forcibly discard mount namespace when bases change
- cmd/snap-confine: handle device cgroup before pivot
- cmd/snap-apparmor-service: quit if there are no profiles
- cmd/snap, image: add --target-directory and --basename to 'snap
download'
- interfaces: add jack1 implicit classic interface
- interfaces: miscellaneous policy updates
- daemon: classic confinement is not supported on core
- interfaces: bluetooth-control: add mtk BT device node
- cmd/snap-seccomp: initial support for negative arguments with
uid/gid caching
- snap-confine: move seccomp load after permanent privilege drop
- tests: new profiler snap used to track cpu and memory for snapd
and snap commands
- debian: make maintainer scripts do nothing on powerpc
- gadget: mounted filesystem writer
- cmd/snap: use padded checkers for snapshot output
- bootloader: switch to bootloader_test style testing
- gadget: add a wrapper for generating partitioned images with
sfdisk
- tests/main/snap-seccomp-syscalls: add description
- tests: continue executing on errors either updating the repo db or
installing dependencies
- cmd/snap-seccomp/syscalls: add io_uring syscalls
- systemd: add InstanceMode enumeration to control which systemd
instance to control
- netutil: extract socket activation helpers from daemon package.
- interfaces: spi: update regex rules to accept spi nodes like
spidev12345.0
- gadget: fallback device lookup
- many: add strutil.ElliptLeft, use it for shortening cohorts
- wrappers: allow sockets under $XDG_RUNTIME_DIR
- gadget: add wrapper for creating and populating filesystems
- gadget: add writer for offset-write
- gadget: support relative symlinks in device lookup
- snap, snapstate: additional validation of base field
- many: fix some races and missing locking, make sure UDevMonitor is
stopped
- boot: move ExtractKernelAssets
- daemon, snap: screenshots _only_ shows the deprecation notice,
from 2.39
- osutil: add a workaround for overlayfs apparmor as it is used on
Manjaro
- snap: introduce GetType() function for snap.Info
- tests: update systems to be used for during sru validation
- daemon: increase `shutdownTimeout` to 25s to deal with slow
HW
- interfaces/network-manager: move deny ptrace to the connected slot
- interfaces: allow locking of pppd files
- cmd/snap-exec: fix snap completion for classic snaps with non
/usr/lib/snapd libexecdir
- daemon: expose pprof endpoints
- travis: disable snap pack on OSX
- client, cmd/snap: expose the new cohort options for snap ops
- overlord/snapstate: tweak switch summaries
- tests: reuse the image created initially for nested tests
execution
- tests/lib/nested: tweak assert disk prepare step
- daemon, overlord/snapstate: support leave-cohort
- tests/main/appstream-id: collect debug info
- store,daemon: add client-user-agent support to store.SnapInfo
- tests: add check for invalid PR titles in the static checks
- tests: add snap-tool for easier access to internal tools
- daemon: unexport file{Response,Stream}
- devicestate: make TestUpdateGadgetOnClassicErrorsOut less racy
- tests: fix test desktop-portal-filechooser
- tests: sort commands from DumpCommands in the dumpDbHook
- cmd/snap: add unit test for "advise-snap --dump-db".
- bootloader: remove extra mock bootloader implementation
- daemon: tweak for "add api endpoint for download" PR
- packaging: fix reproducible build error
- tests: synchronize journal logs before check logs
- tests: fix snap service watchdog test
- tests: use more readable test directory names
- tests/regression/lp-1805485: update test description
- overlord: make changes conflict with remodel
- tests: make sure the snapshot unit test uses a snapshot time
relative to Now()
- tests: revert "tests: stop catalog-update/apt-hooks test for now"
- tests: mountinfo-tool --one prints matches on failure
- data/selinux: fix policy for snaps with bases and classic snaps
- debian: fix building on eoan by tweaking golang build-deps
- packaging/debian-sid: update required golang version to 1.10
- httputil: handle "no such host" error explicitly and do not retry
it
- overlord/snapstate, & fallout: give Install a *RevisionOptions
- cmd/snap: don't run install on 'snap --help install'
- gadget: raw/bare structure writer and updater
- daemon, client, cmd/snap: show cohort key in snap info --verbose
- overlord/snapstate: add update-gadget task when needed, block
other changes
- image: turn a missing default content provider into an error
- overlord/devicestate: update-gadget-assets task handler with
stubbed gadget callbacks
- interface: builtin: avahi-observe/control: update label for
implicit slot
- tests/lib/nested: fix multi argument copy_remote
- tests/lib/nested: have mkfs.ext4 use a rootdir instead of mounting
an image
- packaging: fix permissons powerpc docs dir
- overlord: mock store to avoid net requests
- debian: rework how we run autopkgtests
- interface: builtin: avahi-observe/control: allow slots
implementation also by app snap on classic system
- interfaces: builtin: utils: add helper function to identify system
slots
- interfaces: add missing adjtimex to time-control
- overlord/snapstate, snap: support base = "none"
- daemon, overlord/snapstate: give RevisionOptions a CohortKey
- data/selinux: permit init_t to remount snappy_snap_t
- cmd/snap: test for a friendly error on 'okay' without 'warnings'
- cmd/snap: support snap debug timings --startup=.. and measure
loadState time
- advise-snap: add --dump-db which dumps the command database
- interfaces/docker-support: support overlayfs on ubuntu core
- cmd/okay: Remove err message when warning file not exist
- devicestate: disallow removal of snaps used in booting early
- packaging: fix build-depends on powerpc
- tests: run spread tests on opensuse leap 15.1
- strutil/shlex: fix ineffassign
- cmd/snapd: ensure GOMAXPROCS is at least 2
- cmd/snap-update-ns: detach unused mount points
- gadget: record gadget root directory used during positioning
- tests: force removal to prevent restore fails when directory
doesn't exist on lp-1801955 test
- overlord: implement store switch remodeling
- tests: stop using ! for naive negation in shell scripts
- snap,store,daemon,client: send new "Snap-Client-User-Agent" header
in Search()
- osutil: now that we require golang-1.10, use user.LookupGroup()
- spread.yaml,tests: change MATCH and REBOOT to cmds
- packaging/fedora: force external linker to ensure static linking
and -extldflags use
- timings: tweak the conditional for ensure timings
- timings: always store ensure timings as long as they have an
associated change
- cmd/snap: tweak the output of snap debug timings --ensure=...
- overlord/devicestate: introduce remodel kinds and
contextsregistrationContext:
- snaptest: add helper for mocking snap with contents
- snapstate: allow removal of non-model kernels
- tests: change strace parameters on snap-run test to avoid the test
gets stuck
- gadget: keep track of the index where structure content was
defined
- cmd/snap-update-ns: rename leftover ctx to upCtx
- tests: add "not" command
- spread.yaml: use "snap connections" in debug
- tests: fix how strings are matched on auto-refresh-retry test
- spread-shellcheck: add support for variants and environment
- gadget: helper for shifting structure start position
- cmd/snap-update-ns: add several TODO comments
- cmd/snap-update-ns: rename ctx to upCtx
- spread.yaml: make HOST: usage shellcheck-clean
- overlord/snapstate, daemon: snapstate.Switch now takes a
RevisionOption
- tests: add mountinfo-tool
- many: make snapstate.Update take *RevisionOptions instead of chan,
rev
- tests/unit/spread-shellcheck: temporary workaround for SC2251
- daemon: refactor user ops to api_users
- cmd/snap, tests: refactor info to unify handling of 'direct' snaps
- cmd/snap-confine: combine sc_make_slave_mount_ns into caller
- cmd/snap-update-ns: use "none" for propagation changes
- cmd/snap-confine: don't pass MS_SLAVE along with MS_BIND
- cmd/snap, api, snapstate: implement "snap remove --purge"
- tests: new hotplug test executed on ubuntu core
- tests: running tests on fedora 30
- gadget: offset-write: fix validation, calculate absolute position
- data/selinux: allow snap-confine to do search on snappy_var_t
directories
- daemon, o/snapstate, store: support for installing from cohorts
- cmd/snap-confine: do not mount over non files/directories
- tests: validates snapd from ppa
- overlord/configstate: don't panic on invalid configuration
- gadget: improve device lookup, add helper for mount point lookup
- cmd/snap-update-ns: add tests for executeMountProfileUpdate
- overlord/hookstate: don't run handler unless hooksup.Always
- cmd/snap-update-ns: allow changing mount propagation
- systemd: workaround systemctl show quirks on older systemd
versions
- cmd/snap: allow option descriptions to start with the command
- many: introduce a gadget helper for locating device matching given
structure
- cmd/snap-update-ns: fix golint complaints about variable names
- cmd/snap: unit tests for debug timings
- testutil: support sharing-related mount flags
- packaging/fedora: Merge changes from Fedora Dist-Git and drop EOL
Fedora releases
- cmd/snap: support for --ensure argument for snap debug timings
- cmd,sandbox: tweak seccomp version info handling
- gadget: record sector size in positioned volume
- tests: make create-user test support managed devices
- packaging: build empty package on powerpc
- overlord/snapstate: perform hard refresh check
- gadget: add volume level update checks
- cmd/snap: mangle descriptions that have indent > terminal width
- cmd/snap-update-ns: rename applyFstab to executeMountProfileUpdate
- cmd/snap-confine: unshare per-user mount ns once
- tests: retry govendor sync
- tests: avoid removing snaps which are cached to speed up the
prepare on boards
- tests: fix how the base snap are deleted when there are multiple
to deleted on reset
- cmd/snap-update-ns: merge apply functions
- many: introduce assertstest.SigningAccounts and AddMany test
helpers
- interfaces: special-case "snapd" in sanitizeSlotReservedForOS*
helpers
- cmd/snap-update-ns: make apply{User,System}Fstab identical
- gadget: introduce checkers for sanitizing structure updates
- cmd/snap-update-ns: move apply{Profile,{User,System}Fstab} to same
file
- overlord/devicestate: introduce registrationContext
- cmd/snap-update-ns: add no-op load/save current user profile logic
- devicestate: set "new-model" on the remodel change
- devicestate: use deviceCtx in checkGadgetOrKernel
- many: use a fake assertion model in the device contexts for tests
- gadget: fix handling of positioning constrains for structures of
MBR role
- snap-confine: improve error when running on a not /home homedir
- devicestate: make Remodel() return a state.Change
- many: make which store to use contextualThis reworks
snapstate.Store instead of relying solely on DeviceContext,
because:
- tests: enable tests on centos 7 again
- interfaces: add login-session-control interface
- tests: extra debug for snapshot-basic test
- overlord,overlord/devicestate: do without GadgetInfo/KernelInfo in
devicestate
- gadget: more validation checks for legacy MBR structure type &
role
- osutil: fix TestReadBuildGo test in sbuild
- data: update XDG_DATA_DIRS via the systemd environment.d mechanism
too
- many: do without device state/assertions accessors based on state
only outside of devicestate/tests
- interfaces/dbus: fix unit tests when default snap mount dir is not
/snap
- tests: add security-seccomp to verify seccomp with arg filtering
- snapshotstate: disable automatic snapshots on core for now
- snapstate: auto-install snapd when needed
- overlord/ifacestate: update static attributes of "content"
interface
- interfaces: add support for the snapd snap in the dbus backend*
- overlord/snapstate: tweak autorefresh logic if network is not
available
- snapcraft: also include ld.so.conf from libc in the snapcraft.yml
- snapcraft.yaml: fix links ld-linux-x86-64.so.2/ld64.so.2
- overlord: pass a DeviceContext to the checkSnap implementations
- daemon: add RootOnly flag to commands
- many: make access to the device model assertion etc contextual
via a DeviceCtx hook/DeviceContext interface
- snapcraft.yaml: include libc6 in snapd
- tests: reduce snapcraft leftovers from PROJECT_PATH, temp disable
centos
- overlord: make the store context composably backed by separate
backends for device asserts/info etc.
- snapstate: revert "overlord/snapstate: remove PlugsOnly"
- osutil,cmdutil: move CommandFromCore and make it use the snapd
snap (if available)
- travis: bump Go version to 1.10.x
- cmd/snap-update-ns: remove instanceName argument from applyProfile
- gadget: embed volume in positioned volume, rename fields
- osutil: use go build-id when no gnu build-id is available
- snap-seccomp: add 4th field to version-info for golang-seccomp
features
- cmd/snap-update-ns: merge computeAndSaveSystemChanges into
applySystemFstab
- cmd/snap, client, daemon, store: create-cohort
- tests: give more time until nc returns on appstream test
- tests: run spread tests on ubuntu 19.04
- gadget: layout, smaller fixes
- overlord: update static attrs when reloading connections
- daemon: verify snap instructions for multi-snap requests
- overlord/corecfg: make expiration of automatic snapshots
configurable (4/4)
- cmd/snap-update-ns: pass MountProfileUpdate to
apply{System,User}Fstab
- snap: fix interface bindings on implicit hooks
- tests: improve how snaps are cached
- cmd/snap-update-ns: formatting tweaks
- data/selinux: policy tweaks
- cmd/snap-update-ns: move locking to the common layer
- overlord: use private YAML inside several tests
- cmd/snap, store, image: support for cohorts in "snap download"
- overlord/snapstate: add timings to critical task handlers and the
backend
- cmd: add `snap debug validate-seed <path>` cmd
- state: add possible error return to TaskSet.Edge()
- snap-seccomp: use username regex as defined in osutil/user.go
- osutil: make IsValidUsername public and fix regex
- store: serialize the acquisition of device sessions
- interfaces/builtin/desktop: fonconfig v6/v7 cache handling on
Fedora
- many: move Device/SetDevice to devicestate, start of making them
pluggable in storecontext
- overlord/snapstate: remove PlugsOnly
- interfaces/apparmor: allow running /usr/bin/od
- spread: add qemu:fedora-29-64
- tests: make test parallel-install-interfaces work for boards with
pre-installed snaps
- interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern
- spread.yaml: add qemu:centos-7-64
- overlord/devicestate: extra measurements related to
populateStateFromSeed
- cmd/snap-update-ns: move Assumption to {System,User}ProfileUpdate
- cmd/libsnap: remove fringe error function
- gadget: add validation of cross structure overlap and offset
writes
- cmd/snap-update-ns: refactor of profile application (3/N)
- data/selinux: tweak the policy for runuser and s-c, interpret
audit entries
- tests: fix spaces issue in the base snaps names to remove during
reset phase
- tests: wait for man db cache is updated before after install snapd
on Fedora
- tests: extend timeout of sbuild test
-- Michael Vogt <email address hidden> Fri, 12 Jul 2019 10:40:08 +0200
-
snapd (2.39.2+18.04) bionic; urgency=medium
* New upstream release, LP: #1827495
- debian: rework how we run autopkgtests
- interfaces/docker-support: add overlayfs accesses for ubuntu core
- data/selinux: permit init_t to remount snappy_snap_t
- strutil/shlex: fix ineffassign
- packaging: fix build-depends on powerpc
-- Michael Vogt <email address hidden> Wed, 05 Jun 2019 08:41:21 +0200
-
snapd (2.38+18.04) bionic; urgency=medium
* New upstream release, LP: #1818648
- overlord/snapstate,: retry less for auto-stuff
- cmd/snap: fix regression of snap saved command
- interfaces/builtin: add dev/pts/ptmx access to docker_support
- overlord/snapstate, store: set a header when auto-refreshing
- interfaces/builtin: add add exec "/" to docker-support
- cmd/snap, client, daemon, ifacestate: show a leading attribute of
a connection
- interface: avahi-observe: Fixing socket permissions on 4.15
kernels
- tests: check that apt works before using it
- apparmor: support AppArmor 2.13
- snapstate: restart into the snapd snap on classic
- overlord/snapstate: during refresh, re-refresh on epoch bump
- cmd, daemon: split out the common bits of mapLocal and mapRemote
- cmd/snap-confine: chown private /tmp to root.root
- cmd/snap-confine: drop uid from random /tmp name
- overlord/hookstate: apply pending transaction changes onto
temporary configuration for snapctl get
- cmd/snap: `snap connections` command
- interfaces/greengrass_support: update accesses for GGC 1.8
- cmd/snap, daemon: make the connectivity check use GET
- interfaces/builtin,/udev: add spec support to disable udev +
device cgroup and use it for greengrass
- interfaces/intel-mei: small follow up tweaks
- ifacestate/tests: fix/improve udev mon test
- interfaces: add multipass-support interface
- tests/main/high-user-handling: fix the test for Go 1.12
- interfaces: add new intel-mei interface
- systemd: decrease the checker counter before unlocking otherwise
we can get spurious panics
- daemon/tests: fix race in the disconnect conflict test
- cmd/snap-confine: allow moving tasks to pids cgroup
- tests: enable opensuse tumbleweed on spread
- cmd/snap: fix `snap services` completion
- ifacestate/hotplug: integration with udev monitor
- packaging: build snapctl as a static binary
- packaging/opensuse: move most logic to snapd.mk
- overlord: fix ensure before slowness on Retry
- overlord/ifacestate: fix migration of connections on upgrade from
ubuntu-core
- daemon, client, cmd/snap: debug GETs ask aspects, not actions
- tests/main/desktop-portal-*: fix handling of python dependencies
- interfaces/wayland: allow wayland server snaps function on classic
too
- daemon, client, cmd/snap: snap debug base-declaration
- tests: run tests on opensuse leap 15.0 instead of 42.3
- cmd/snap: fix error messages for snapshots commands if ID is not
uint
- interfaces/seccomp: increase filter precision
- interfaces/network-manager: no peer label check for hostname1
- tests: add a tests for xdg-desktop-portal integration
- tests: not checking 'tracking channel' after refresh core on
nested execution
- tests: remove snapweb from tests
- snap, wrappers: support StartTimeout
- wrappers: Add an X-SnapInstanceName field to desktop files
- cmd/snap: produce better output for help on subcommands
- tests/main/nfs-support: use archive mode for creating fstab backup
- many: collect time each task runs and display it with `snap debug
timings <id>`
- tests: add attribution to helper script
- daemon: make ucrednetGet not loop
- squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
- features,cmd/libsnap: add new feature "refresh-app-awareness"
- overlord: fix random typos
- interfaces/seccomp: generate global seccomp profile
- daemon/api: fix error case for disconnect conflict
- overlord/snapstate: add some randomness to the catalog refresh
- tests: disable trusty-proposed for now
- tests: fix upgrade-from-2.15 with kernel 4.15
- interfaces/apparmor: allow sending and receiving signals from
ourselves
- tests: split the test interfaces-many in 2 and remove snaps on
restore
- tests: use snap which takes 15 seconds to install on retryable-
error test
- packaging: avoid race in snapd.postinst
- overlord/snapstate: discard mount namespace when undoing 1st link
snap
- cmd/snap-confine: allow writes to /var/lib/**
- tests: stop catalog-update test for now
- tests/main/auto-refresh-private: make sure to actually download
with the expired macaroon
- many: save media info when installing, show it when listing
- userd: handle help urls which requires prepending XDG_DATA_DIRS
- tests: fix NFS home mocking
- tests: improve snaps-system-env test
- tests: pre-cache core on core18 systems
- interfaces/hotplug: renamed RequestedSlotSpec to ProposedSlot,
removed Specification
- debian: ensure leftover usr.lib.snapd.snap-confine is gone
- image,cmd/snap,tests: introduce support for modern prepare-image
--snap <snap>[=<channel>]
- overlord/ifacestate: tweak logic for generating unique slot names
- packaging: import debian salsa packaging work, add sbuild test and
use in spead
- overlord/ifacestate: hotplug-add-slot handler
- image,cmd/snap: simplify --classic-arch to --arch, expose
prepare-image
- tests: run test snap as user in the smoke test
- cmd/snap: tweak man output to have no doubled up .TP lines
- cmd/snap, overlord/snapstate: silently ignore classic flag when a
snap is strictly confined
- snap-confine: remove special handling of /var/lib/jenkins
- cmd/snap-confine: handle death of helper process
- packaging: disable systemd environment generator on 18.04
- snap-confine: fix classic snaps for users with /var/lib/* homedirs
- tests/prepare: prevent console-conf from running
- image: bootstrapToRootDir => setupSeed
- image,cmd/snap,tests: introduce prepare-image --classic
- tests: update smoke/sandbox test for armhf
- client, daemon: introduce helper for querying snapd API for the
list of slot/plug connections
- cmd/snap-confine: refactor and cleanup of seccomp loading
- snapstate, snap: allow update/switch requests with risk only
channel to DTRT
- interfaces: add network-manager-observe interface
- snap-confine: increase locking timeout to 30s
- snap-confine: fix incorrect "sanity timeout 3s" message
- snap-confine: provide proper error message on sc_sanity_timeout
- snapd,state: improve error message on state reading failure
- interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
- snap: fix reexec from the snapd snap for classic snaps
- snap: fix hook autodiscovery for parallel installed snaps
- overlord/snapstate: format the refresh time for the log
- cmd/snap-confine: add special case for Jenkins
- snapcraft.yaml: fix XBuildDeb PATH for go-1.10
- overlord/snapstate: validate instance names early
- overlord/ifacestate: handler for hotplug-update-slot tasks
- polkit: cast pid to uint32 to keep polkit happy for now
- snap/naming: move various name validation helpers to separate
package
- tests: iterate getting journal logs to support delay on boards on
daemon-notify test
- cmd/snap: fix typo in cmd_wait.go
- snap/channel: improve channel parsing
- daemon, polkit: pid_t is signed
- daemon: introduce /v2/connections snapd API endpoint
- cmd/snap: small refactor of cmd_info's channel handling
- overlord/snapstate: use an ad-hoc error when no results
- cmd/snap: wrap "summary" better
- tests: workaround missing go dependencies in debian-9
- daemon: try to tidy up the icon stuff a little
- interfaces: add display-control interface
- snapcraft.yaml: fix snap building in launchpad
- tests: update fedora 29 workers to speed up the whole testing time
- interfaces: add u2f-devices interface and allow reading udev
+power_supply:* in hardware-observe
- cmd/snap-update-ns: save errno from strtoul
- tests: interfaces tests normalization
- many: cleanup golang.org/x/net/context
- tests: add spread test for system dbus interface
- tests: remove -o pipefail
- interfaces: add block-devices interface
- spread: enable upgrade suite on fedora
- tests/main/searching: video section got renamed to photo-and-video
- interfaces/home: use dac_read_search instead of dac_override with
'read: all'
- snap: really run the RunSuite
- interfaces/camera: allow reading vendor/etc info from
/run/udev/data/+usb:*
- interfaces/dbus: be less strict about alternations for well-known
names
- interfaces/home: allow dac_override with 'read:
all'
- interfaces/pulseaudio: allow reading subdirectories of
/etc/pulse
- interfaces/system-observe: allow read on
/proc/locks
- run-checks: ensure we use go-1.10 if available
- tests: get test-snapd-dbus-{provider,consumer} from the beta
channel
- interfaces/apparmor: mock presence of overlayfs root
- spread: increase default kill-timeout to 30min
- tests: simplify interfaces-contacts-service test
- packaging/ubuntu: build with golang 1.10
- ifacestate/tests: extra test for hotplug-connect handler
- packaging: make sure that /var/lib/snapd/lib/glvnd is accounted
for
- overlord/snapstate/backend: call fontconfig helpers from the new
'current'
- kvm: load required kernel modules if necessary
- cmd/snap: use a fake user for 'run' tests
- tests: update systems for google sru backend
- tests: fix install-snaps test by changing the snap info regex
- interfaces: helpers for sorting plug/slot/connection refs
- tests: moving core-snap-refresh-on-core test from main to nested
suite
- tests: fix daemon-notify test checking denials considering all the
log lines
- tests: skip lp-1802591 on "official" images
- tests: fix listing tests to match "snap list --unicode=never"
- debian: fix silly typo in the spread test invocation
- interface: raw-usb: Adding ttyACM ttyACA permissions
- tests: fix enable-disable-unit-gpio test on external boards
- overlord/ifacestate: helper API to obtain the state of connections
- tests: define new "tests/smoke" suite and use that for
autopkgtests
- cmd/snap-update-ns: explicitly check for return value from
parse_arg_u
- interfaces/builtin/opengl: allow access to NVIDIA VDPAU library
- tests: auto-clean the test directory
- cmd/snap: further tweak messaging; add a test
- overlord/ifacestate: handler for hotplug-connect task
- cmd/snap-confine: join freezer only after setting up user mount
- cmd/snap-confine: don't preemptively create .mnt files
- cmd/snap-update-ns: manually implement isspace
- cmd/snap-update-ns: let the go parser know we are parsing -u
- cmd/snap-discard-ns: fix name of user fstab files
- snapshotstate: don't task.Log without the lock
- tests: exclude some more slow tests from runs in autopkgtest
- many: remove .user-fstab files from /run/snapd/ns
- cmd/libsnap: pass --from-snap-confine when calling snap-update-ns
as user
- cmd/snap-update-ns: make freezer mockable
- cmd/snap-update-ns: move XDG code to dedicated file
- osutil: add helper for loading fstab from string
- cmd/snap-update-ns: move existing code around, renaming some
functions
- overlord/configstate/configcore: support - and _ in cloud init
field names
- * cmd/snap-confine: use makedev instead of MKDEV
- tests: review/fix the autopkgtest failures in disco
- overlord: drop old v1 store api support from managers test
- tests: new test for snapshots with more than 1 user
-- Michael Vogt <email address hidden> Thu, 21 Mar 2019 10:55:27 +0100
-
snapd (2.37.4+18.04.1) bionic-security; urgency=medium
* No change rebuild for bionic-security (LP: #1812973)
- CVE-2019-7303
-- Jamie Strandboge <email address hidden> Fri, 15 Mar 2019 19:54:24 +0000
-
snapd (2.37.4+18.04) bionic; urgency=medium
* New upstream release, LP: #1817949
- squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
- overlord/ifacestate: fix migration of connections on upgrade from
ubuntu-core
- tests: fix upgrade-from-2.15 with kernel 4.15
- interfaces/seccomp: increase filter precision
- tests: remove snapweb from tests
-- Michael Vogt <email address hidden> Wed, 27 Feb 2019 19:53:36 +0100
-
snapd (2.37.1.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1811233
- disable systemd environment generator on bionic to fix
LP: #1814355
-- Michael Vogt <email address hidden> Sun, 03 Feb 2019 15:20:57 +0100
-
snapd (2.37.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1811233
- cmd/snap-confine: add special case for Jenkins
- tests: workaround missing go dependencies in debian-9
- daemon, polkit: pid_t is signed
- interfaces: add display-control interface
- interfaces: add block-devices interface
- tests/main/searching: video section got renamed to photo-and-video
- interfaces/camera: allow reading vendor/etc info from
/run/udev/data/+usb
- interfaces/dbus: be less strict about alternations for well-known
names
- interfaces/home: allow dac_read_search with 'read: all'
- interfaces/pulseaudio: allow reading subdirectories of
/etc/pulse
- interfaces/system-observe: allow read on
/proc/locks
- tests: get test-snapd-dbus-{provider,consumer} from the beta
channel
- interfaces/apparmor: mock presence of overlayfs root
- packaging/{fedora,opensuse,ubuntu}: add /var/lib/snapd/lib/glvnd
-- Michael Vogt <email address hidden> Tue, 29 Jan 2019 18:35:36 +0100
-
snapd (2.37+18.04) bionic; urgency=medium
* New upstream release, LP: #1811233
- snapd: fix race in TestSanityFailGoesIntoDegradedMode test
- cmd: fix snap-device-helper to deal correctly with hooks
- tests: various fixes for external backend
- interface: raw-usb: Adding ttyACM[0-9]* as many serial devices
have device node /dev/ttyACM[0-9]
- tests: fix enable-disable-unit-gpio test on external boards
- tests: define new "tests/smoke" suite and use that for
autopkgtests
- interfaces/builtin/opengl: allow access to NVIDIA VDPAU
library
- snapshotstate: don't task.Log without the lock
- overlord/configstate/configcore: support - and _ in cloud init
field names
- cmd/snap-confine: use makedev instead of MKDEV
- tests: review/fix the autopkgtest failures in disco
- systemd: allow only a single daemon-reload at the same time
- cmd/snap: only auto-enable unicode to a tty
- cmd/snap: right-align revision and size in info's channel map
- dirs, interfaces/builtin/desktop: system fontconfig cache path is
different on Fedora
- tests: fix "No space left on device" issue on amazon-linux
- store: undo workaround for timezone-less released-at
- store, snap, cmd/snap: channels have released-at
- snap-confine: fix incorrect use "src" var in mount-support.c
- release: support probing SELinux state
- release-tools: display self-help
- interface: add new `{personal,system}-files` interface
- snap: give Epoch an Equal method
- many: remove unused interface code
- interfaces/many: use 'unsafe' with docker-support change_profile
rules
- run-checks: stop running HEAD of staticcheck
- release: use sync.Once around lazy intialized state
- overlord/ifacestate: include interface name in the hotplug-
disconnect task summary
- spread: show free space in debug output
- cmd/snap: attempt to restore SELinux context of snap user
directories
- image: do not write empty etc/cloud
- tests: skip snapd snap on reset for core systems
- cmd/snap-discard-ns: fix umount(2) typo
- overlord/ifacestate: hotplug-remove-slot task handler
- overlord/ifacestate: handler for hotplug-disconnect task
- ifacestate/hotplug: updateDevice helper
- tests: reset snapd state on tests restore
- interfaces: return security setup errors
- overlord: make InstallMany work like UpdateMany, issuing a single
request to get candidates
- systemd/systemd.go: add missing tests for systemd.IsActive
- overlord/ifacestate: addHotplugSeqWaitTask helper
- cmd/snap-confine: refactor call to snap-update-ns --user-mounts
- tests: new backend used to run upgrade test suite
- travis: short circuit failures in static and unit tests travis job
- cmd: automatically fix localized <option>s to <option>
- overlord/configstate,features: expose features to snapd tools
- selinux: package to query SELinux status and verify/restore file
contexts
- wrappers: use new systemd.IsActive in core18 early boot
- cmd: add tests for lintArg and lintDesc
- httputil: retry on temporary net errors
- cmd/snap-confine: remove unused sc_discard_preserved_mount_ns
- wrappers: only restart service in core18 when they are active
- overlord/ifacestate: helpers for serializing hotplug changes
- packaging/{fedora,opensuse}: own /var/lib/snapd/cookie
- systemd: start snapd.autoimport.service in --no-block mode
- data/selinux: fix syntax error in definition of snappy_admin
interface
- snap/info: bind global plugs/slots to implicit hooks
- cmd/snap-confine: remove SC_NS_MNT_FILE
- spread: record each tests/upgrade job
- osutil: do not import dirs
- cmd/snap-confine: fix typo "a pipe"
- tests: make security-device-cgroups-{devmode,jailmode} work on arm
devices
- tests: force test-snapd-daemon-notify exit 0 when the interface is
not connected
- overlord/snapstate: run 'remove' hook before 'auto-disconnect'
- centos: enable SELinux support on CentOS 7
- apparmor: allow hard link to snap-specific semaphore files
- tests/lib/pkgdb: disable weak deps on Fedora
- release: detect too old apparmor_parser
- tests: improve how the log is checked to see if the system is
waiting for a reboot
- cmd, dirs, interfaces/apparmor: update distro identification to
support ID="archlinux"
- spread, tests: add Fedora 29
- cmd/snap-confine: refactor calling snapd tools into helper module
- apparmor: allow snap-update-ns access to common devices
- cmd/snap-confine: capture initialized per-user mount ns
- tests: reduce verbosity around package installation
- data: set KillMode=process for snapd
- cmd/snap: handle DNS error gracefully
- spread, tests: use checkpoints when dumping audit log
- tests/lib/prepare: make sure that SELinux context of repacked core
snap is controlled
- testutils: split checkers, tweak tests
- tests: fix for tests test-*-cgroup
- spread: show AVC audits when debugging, start auditd on Fedora
- spread: drop Fedora 27, add Fedora 29
- tests/lib/reset: restore context of removed snapd directories
- testutil: add File{Present,Absent} checkers
- snap: add new `snap run --trace-exec`
- tests: fix for failover test on how logs are checked
- snapctl: add "services"
- overlord/snapstate: use file timestamp to initialize timer
- cmd/libsnap: introduce and use sc_strdup
- interfaces: let NM access ifindex/ifupdown files
- overlord/snapstate: on refresh, check new rev can read current
- client, store: don't use store from client (use client from store)
- tests/main/parallel-install-store: verify installation of more
than one instance at a time
- overlord: don't write system key if security setup fails
- packaging/fedora/snapd.spec: fix bogus date in changelog
- snapstate: update fontconfig caches on install
- interfaces/apparmor/backend.go:411:38: regular expression does not
contain any meta characters (SA6004)
- asserts/header_checks.go:199:35: regular expression does not
contain any meta characters (SA6004)
- run staticcheck every time :-)
- tests/lib/systemd-escape/main.go:46:14: printf-style function with
dynamic first argument and no further arguments should use print-
style function instead (SA1006)
- tests/lib/fakestore/cmd/fakestore/cmd_run.go:66:15: the channel
used with signal.Notify should be buffered (SA1017)
- tests/lib/fakedevicesvc/main.go:55:15: the channel used with
signal.Notify should be buffered (SA1017)
- spdx/parser.go:30:1: only the first constant has an explicit type
(SA9004)
- overlord/snapstate/snapmgr.go:553:21: printf-style function with
dynamic first argument and no further arguments should use print-
style function instead (SA1006)
- overlord/patch/patch3.go:44:70: printf-style function with dynamic
first argument and no further arguments should use print-style
function instead (SA1006)
- cmd/snap/cmd_advise.go:200:2: empty branch (SA9003)
- osutil/udev/netlink/conn.go:120:5: ineffective break statement.
Did you mean to break out of the outer loop? (SA4011)
- daemon/api.go:992:22: printf-style function with dynamic first
argument and no further arguments should use print-style function
instead (SA1006)
- cmd/snapd/main.go:94:5: ineffective break statement. Did you mean
to break out of the outer loop? (SA4011)
- cmd/snap/cmd_userd.go:73:15: the channel used with signal.Notify
should be buffered (SA1017)
- cmd/snap/cmd_help.go:102:7: io.Writer.Write must not modify the
provided buffer, not even temporarily (SA1023)
- release: probe apparmor features lazily
- overlord,daemon: mock security backends for testing
- cmd/libsnap: move apparmor-support to libsnap
- cmd: drop cruft from snap-discard-ns build rules
- cmd/snap-confine: use snap-discard-ns ns to discard stale
namespaces
- cmd/snap-confine: handle mounted shared /run/snapd/ns
- many: fix composite literals with unkeyed fields
- dirs, wrappers, overlord/snapstate: make completion + bases work
- tests: revert "tests: restore in restore, not prepare"
- many: validate title
- snap: make description maximum in runes, not bytes
- tests: discard mount namespaces in reset.sh
- tests/lib: sync cla check back from snapcraft
- Revert "cmd/snap, tests/main/snap-info: highlight the current
channel"
- daemon: remove enableInternalInterfaceActions
- mkversion: use "test -n" rather than "! test -z"
- run-checks: assorted fixes
- tests: restore in restore, not in prepare
- cmd/snap: fix missing newline in "snap keys" error message
- snap: epoch lists must contain no duplicate entries
- interfaces/avahi_observe: Fix typo in comment
- tests: add SPREAD_JOB to the description of
systemd_create_and_start_unit
- daemon, vendor: bump github.com/coreos/go-systemd/activation,
handle API changes
- Revert "cmd/snap-confine: don't allow mapping lib{uuid,blkid}"
- packaging/fedora: use %_sysctldir macro
- cmd/snap-confine: remove unneeded unshare
- sanity: extend the kernel version check to cover CentOS/RHEL
kernels
- wrappers: remove all desktop files from a snap on removal
- snap: add an explicit check for `epoch: null` loading
- snap: check max description length in validate
- spread, tests: add CentOS support
- cmd/snap-confine: allow mapping more libc shards
- cmd/snap-discard-ns: add support for --from-snap-confine
- tests: make tinyproxy support systemd notify
- tests: fix shellcheck
- snap, store: rename `snap.Epoch`'s `Unset` to `IsZero`
- store: add a test for a non-zero epoch refresh (with epoch bump)
- store: v1 search doesn't send epoch, stop pretending it does
- snap: make any "0" epoch be Unset, and marshalled to {[0],[0]}
- overlord/snapstate: amend test should send local revision
- tests: use mock-gpio.py in enable-disable-units-gpio test
- snap: enforce minimal snap name len of 2
- cmd/libsnap: add sc_verify_snap_lock
- cmd/snap-update-ns: extra debugging of trespassing events
- userd: force zenity width if the text displayed is long
- overlord/snapstate, store: always send epochs
- cmd/snap-confine,snap-update-ns: discard quirks
- cmd/snap: add nanosleep to blacklisted syscalls when running with
--strace
- cmd/snap-update-ns, tests: clean trespassing paths
- nvidia, interfaces/builtin: OpenCL fixes
- ifacestate/hotplug: removeDevice helper
- cmd: install snap-discard-ns in "make hack"
- overlord/ifacestate: setup security backends phased by backends
first
- ifacestate/helpers: added SystemSnapName mapper helper method
- overlord/ifacestate: set hotplug-key of the connection when
connecting hotplug slots
- snapd: allow snap-update-ns to read /proc/version
- cmd: handle tumbleweed and leap in autogen.sh
- interfaces/tests: MockHotplugSlot test helper
- store,daemon: make UserInfo,LoginUser part of the store interface
- overlord/ifacestate: use remapper when checking if system snap is
installed
- tests: fix how pinentry is prepared for new gpg v 2.1 and 2.2
- packaging/arch: fix bash completions path
- interfaces/builtin: add device-buttons interface for accessing
events
- tests, fakestore: extend refresh tests with parallel installed
snaps
- snap, store, overlord/snapshotstate: drop epoch pointers
- snap: make Epoch default to {[0],[0]} on load from yaml
- data/completion: pass documented arguments to completion functions
- tests: skip opensuse from interfaces-openvswitch-support test
- tests: simple reproducer for snap try and hooks bug
- snapstate: do not allow classic mode for strict snaps
- snap: make Epoch's MarshalJSON not simplify
- store: remove unused currentSnap and currentSnapJSON
- many: some small doc comment fixes in recent hotplug code
- ifacestate/udevmonitor: added callback to signal end of
enumeration
- cmd/libsnap: add simplified feature flag checker
- interfaces/opengl: add additional accesses for cuda
- tests: add core18 only hooks test and fix running core18 only on
classic
- sanity, release, cmd/snap: refuse to try to do things on WSL.
- cmd: make coreSupportsReExec faster
- overlord/ifacestate: don't remove the dash when generating unique
slot name
- cmd/snap-seccomp: add full complement of ptrace constants
- cmd: update autogen.sh for opensuse
- interfaces/apparmor: allow access to /run/snap.$SNAP_INSTANCE_NAME
- spread.yaml: add more systems to the autopkgtest and qemu backends
- daemon: spool sideloaded snap into blob dir
overlord/snapstate: address review feedback
- packaging/opensuse: stop using golang-packaging
- overlord/snapshots: survive an unknown user
- wrappers: fix generating of service units with multiple `before`
dependencies
- data: run snapd.autoimport.service only after seeding
- cmd/snap: unhide --name parameter to snap install, tweak help
message
- packaging/fedora: Merge changes from Fedora Dist-Git
- tests/main/snap-service-after-before-install: verify after/before
in snap install
- overlord/ifacestate: mark connections disconnected by hotplug with
hotplug-gone
- ifacestate/ifacemgr: don't reload hotplug-gone connections on
startup
- tests: install dependencies during prepare
- tests,store,daemon: ensure proxy settings are honored in
auth/userinfo too
- tests: core 18 does not support classic confinement
- tests: add debug output for degraded test
- strutil: make VersionCompare faster
- overlord/snapshotstate/backend: survive missing directories
- overlord/ifacestate: use map[string]*connState when passing conns
around
- tests: move fedora 28 to manual
- overlord/snapshotstate/backend: be more verbose when
SNAPPY_TESTING=1
- tests: removing fedora 26 system from spread.yaml
- tests: linode execution is not needed anymore
- tests/lib: adjust to changed systemctl behaviour on debian-9
- tests: fixes and new backend for tests on nested suite
- strutil: let MatchCounter work with a nil regexp
- ifacestate/helpers: findConnsForHotplugKey helper
- many: move regexp.(Must)Compile out of non-init functions into
variables
- store: also make snaps downloaded via deltas 0600
- snap: use Lstat to determine snap size, remove
ReadSnapInfoExceptSize
- interfaces/builtin: add adb-support interface
- tests: fail if install_snap_local fails
- strutil: add extra test to CommaSeparatedList as suggested by
mborzecki
- cmd/snap, daemon, strutil: use CommaSeparatedList to split a CSL
- ifacestate: optimize disconnect hooks
- cmd/snap-update-ns: parse the -u <uid> command line option
- cmd/snap, tests: snapshots for all
- client, cmd/daemon: allow disabling keepalive, improve degraded
mode unit tests
- snap: only show "next" refresh time if its after the hold time
- overlord/snapstate: run tests for classic snaps even on systems
that don't support classic
- overlord/standby: fix a race between standby goroutine and stop
- cmd/snap-exec: don't fail on some try mode snaps
- cmd/snap, userd, testutil: tweak DBus tests to use private session
bus connection
- cmd: remove remnants of sc_should_populate_mount_ns
- client, daemon, cmd/snap: indicate that services are socket/timer
activated
- cmd/snap-seccomp: only look for PTRACE_GETFPX?REGS where available
- cmd/snap-confine: remove SC_NS_FAIL_GRACEFULLY
- snap/pack, cmd/snap: allow specifying the filename of 'snap pack'
- cmd/snap-discard-ns: add support for per-user mount namespaces
- cmd/snap-confine: remove stale mount profile along stale namespace
- data/apt: close stderr when calling snap in the apt install hook.
- tests/main: fixes for the new shellcheck
- testutil, cmd/snap: introduce and use testutil.EqualsWrapped and
fly
- tests: initial setup for testing current branch on nested vm and
hotplug management
- cmd: refactor IPC and lifecycle of the helper process
- tests/main/parallel-install-store: the store has caught up, do not
expect failures
- overlord/snapstate, snap, wrappers: start services in the right
order during install
- interfaces/browser-support, cmd/snap-seccomp: Allow read-only
ptrace, for the Breakpad crash reporter
- snap,client: use a different exit code for retryable errors
- overlord/ifacestate: don't conflict on own discard-snap tasks when
refreshing & doing garbage collection
- cmd/snap: tweak `snap services` output when there is no services
- interfaces/many: updates to support k8s worker nodes
- cmd/snap: gnome-software install via snap:// handler
- overlord/many: cleanup use of snapName vs. instanceName
- snapstate: add command-chain to supported featureset
- daemon, snap: mark screenshots as deprecated
- interfaces: fix decoding of json numbers for static/dynamic
attributes* ifstate: fix decoding of json numbers
- cmd/snap: try not to panic on error from "snap try"
- tests: new cosmic image for spread tests on gce
- interfaces/system-key: add parser mtime and only discover features
on write
- overlord/snapshotstate/backend: detect path to tar in unit tests
- tests/unit/gccgo: drop gccgo unit tests
- cmd: use relative file names in locking APIs
- interfaces: fix NormalizeInterfaceAttributes, add tests
- overlord/snapshotstate/backend: fall back on sudo when no runuser
- cmd/snap-confine: reduce verbosity of debug and error messages
- systemd: extend Status() to work for socket and timer units
- interfaces: typo 'allows' for consistency with other ifaces
- systemd,wrappers: don't start disabled services
- ifacestate: simplify task chaining in ifacestate.Connect
- tests: ensure that goa-daemon is off
- snap/pack, snap/squashfs: remove extra copy before mksquashfs
- cmd/snap: block 'snap help <cmd> --all'
- asserts, image: ensure kernel, gadget, base and required-snaps use
valid snap names
- apparmor: add unit test for probeAppArmorParser and simplify code
- interfaces/apparmor: conditionally add explicit deny rules for
ptrace
- po: sync translations from launchpad
- osutil: tweak handling of error adduser errors
- cmd: rename ns_group to mount_ns
- tests/main/interfaces-accounts-service: more debugging
- snap/pack, snap/squashfs: use type to determine mksquashfs args
- data/systemd, wrappers: tweak system-shutdown helper for core18
- tests: show list of processes when ifaces-accounts-service fails
- tests: do not run degraded test in autopkgtest env
- snap: overhaul validation error messages
- ifacestate/hooks: only create interface hook tasks if hooks exist
- osutil: workaround overlayfs on ubuntu 18.10
- interfaces/home: don't allow snaps to write to $HOME/bin
- interfaces: improve Attr error further
- snapstate: tweak GetFeatureFlagBool() to have a default argument
- many: cleanup remaining parallel installs TODOs
- image: improve validation of extra snaps
-- Michael Vogt <email address hidden> Wed, 16 Jan 2019 17:16:56 +0100
-
snapd (2.35.5+18.04) bionic; urgency=medium
* New upstream release, LP: #1786438
- interfaces/home: don't allow snaps to write to $HOME/bin
- osutil: workaround overlayfs on ubuntu 18.10
-- Michael Vogt <email address hidden> Mon, 15 Oct 2018 22:23:02 +0200
-
snapd (2.35.4+18.04) bionic; urgency=medium
* New upstream release, LP: #1786438
- wrappers: do not depend on network.taget in socket units, tweak
generated units
snapd (2.35.3) xenial; urgency=medium
* New upstream release, LP: #1786438
- overlord: don't make become-operational interfere with user
requests
- docker_support.go: add rules to read apparmor macros
- interfaces/apparmor: handle overlayfs snippet for snap-update-
nsFixes:
- snapcraft.yaml: add workaround to fix snapcraft build
- interfaces/opengl: misc accesses for VA-API
-- Michael Vogt <email address hidden> Fri, 05 Oct 2018 14:41:33 +0200
-
snapd (2.35.2+18.04) bionic; urgency=medium
* New upstream release, LP: #1786438
- cmd,overlord/snapstate: go 1.11 format fixes
- ifacestate: fix hang when retrying content providers
- snap-env-generator: do nothing when PATH is unset
- interfaces/modem-manager: allow access to more USB strings
-- Michael Vogt <email address hidden> Wed, 12 Sep 2018 09:32:00 +0200
-
snapd (2.35.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1786438
- packaging/fedora: Merge changes from Fedora Dist-Git
- snapcraft: do not use --diry in mkversion.sh
- cmd: add systemd environment generator
- snap-confine: map /var/lib/extrausers into snaps mount-namespace
- tests: cherry-pick test fixes from master for 2.35
- systemd: do not run "snapd.snap-repair.service.in on firstboot
bootstrap
- interfaces: retain order of inserted security backends
- selftest: detect if apparmor is unusable and error
-- Michael Vogt <email address hidden> Mon, 03 Sep 2018 14:44:06 +0200
-
snapd (2.34.2+18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: local privilege escalation via improper input validation
of socket peer credential (LP: #1813365)
- daemon/ucrednet.go: utilize regex for validating and parsing remoteAddr.
Patch thanks to John Lenton
- CVE-YYYY-NNNN
-- Jamie Strandboge <email address hidden> Tue, 29 Jan 2019 17:50:52 +0000
-
snapd (2.34.2+18.04) bionic; urgency=medium
* New upstream release, LP: #1779403
- packaging: fix bogus date in fedora snapd.spec
- tests: fix tests expecting old email address
snapd (2.34.1) xenial; urgency=medium
* New upstream release, LP: #1779403
- tests: cherry-pick test fixes from master for 2.34
- coreconfig: add support for `snap set system network.disable-
ipv6`
- debian: do not ship snapd.apparmor.service on ubuntu
- overlord/snapstate: dedupe default content providers
- interfaces/builtin: create can-bus interface
snapd (2.34) xenial; urgency=medium
* New upstream release, LP: #1779403
- store, daemon, client, cmd/snap: expose "scope", default to wide*
- tests: fix arch tests
- snapstate: make sure all *link-*snap tasks carry a snap type and
further hints
- snapstate: allow setting "refresh.timer=managed"
- cmd/snap: display a link to data privacy notice for interactive
snap login
- devicestate: fix race when refreshing a snap with snapd-control
- tests: skip interfaces-framebuffer when no /dev/fb0 is found
- tests: run interfaces-contacts-service only where test-snapd-eds
is available
- many: expose publisher's validation throughout the API
- many: use extra "releases" information on store "revision-not-
found" errors to produce better errors
- dirs: improve distro detection for Antegros
- Revert "dirs: improve identification of Arch Linux like systems"
- devicestate: fix panic in firstboot code when no snaps are seeded
- i18n: use xgettext-go --files-from to avoid running into cmdline
size limits
- interfaces: move ValidateName helper to utils
- snapstate,ifstate: wait for pending restarts before auto-
connecting
- snap: account for parallel installs in wrappers, place info and
tests
- configcore: fix incorrect handling of keys with numbers (like
gpu_mem_512)
- tests: fix tests when no keyboard input detected
- overlord/configstate: add watchdog options
- snap-mgmt: fix for non-existent dbus system policy dir,
shellchecks
- tests/main/snapd-notify: use systemd's service properties rater
than the journal
- snapstate: allow removal of snap.TypeOS when using a model with a
base
- interfaces: make findSnapdPath smarter
- tests: run "arp" tests only if arp is available
- spread: increase the number of auto retries for package downloads
in opensuse
- cmd/snap-confine: fix nvidia support under lxd
- corecfg: added experimental.hotplug feature flag
- image: block installation of parallel snap instances
- interfaces: moved normalize method to interfaces/utils and made it
public
- api/snapctl: allow -h and --help for regular users.
- interfaces/udisks2: also implement implicit classic slot
- cmd/snap-confine: include CUDA runtime libraries
- tests: disable auto-refresh test on core18
- many: switch to account validation: unproven|verified
- overlord/ifacestate: get/set connection state only via helpers
- tests: adding extra check to validate journalctl is showing
current test data
- data: add systemd environment configuration
- i18n: handle write errors in xgettext-go
- snap: helper for validating snap instance names
- snap{/snaptest}: set instance key based on snap name
- userd: fix running unit tests on KDE
- tests/main/econnreset: limit ingress traffic to 512kB/s
- snap: introduce a struct Channel to represent store channels, and
helpers to work with it
- tests: add fedora to distro_clean_package_cache function
- many: rename snap.Info.StoreName() to snap.Info.SnapName()
- tests: add spread test to ensure snapd/core18 are not removable
- tests: tweaks for running the main tests on core18
- overlord/{config,snap}state: introduce experimental.parallel-
instances feature flag
- strutil: support iteration over almost clean paths
- strutil: add PathIterator.Rewind
- tests: update interfaces-timeserver-control to core18
- tests: add halt-timeout to google backend
- tests: skip security-udev-input-subsystem without /dev/input/by-
path
- snap: introduce the instance key field
- packaging/opensuse: remaining packaging updates for 2.33.1
- overlord/snapstate: disallow installing snapd on baseless models
- tests: disable core tests on all core systems (16 and 18)
- dirs: improve identification of Arch Linux like systems
- many: expose full publisher info over the snapd API
- tests: disable core tests on all core systems (16 and 18)
- tests/main/xdg-open: restore or clean up xdg-open
- tests/main/interfaces-firewall-control: shellcheck fix
- snapstate: sort "snapd" first
- systemd: require snapd.socket in snapd.seeded.service; make sure
snapd.seeded
- spread-shellcheck: use the latest shellcheck available from snaps
- tests: use "ss" instead of "netstat" (netstat is not available in
core18)
- data/complete: fix three out of four shellcheck warnings in
data/complete
- packaging/opensuse: fix typo, missing assignment
- tests: initial core18 spread image building
- overlord: introduce a gadget-connect task and use it at first boot
- data/completion: fix inconsistency in +x and shebang
- firstboot: mark essential snaps as "Required" in the state
- spread-shellcheck: use a whitelist of files that are allowed to
fail validation
- packaging/opensuse: build position-independent binaries
- ifacestate: prevent running interface hooks twice when self-
connecting on autoconnect
- data: remove /bin/sh from snapd.sh
- tests: fix shellcheck 0.5.0 warnings
- packaging/opensuse: snap-confine should be 06755
- packaging/opensuse: ship apparmor integration if enabled
- interfaces/udev,misc: only trigger udev events on input subsystem
as needed
- packaging/opensuse: add missing bits for snapd.seeded.service
- packaging/opensuse: don't use %-macros in comments
- tests: shellchecks part 4
- many: rename snap.Info.Name() to snap.Info.InstanceName(), leave
parallel-install TODOs
- store: drop unused: channel map types, and details fixture.
- store: have a basic test about the unmarshalling of /search
results
- tests: show executed tests on current system when a test fails
- tests: fix for the download of the big snap
- interfaces/apparmor: add chopTree
- tests: remove double debug: | entry in tests and add more checks
- cmd/snap-update-ns: introduce mimicRequired helper
- interfaces: move assertions around for better failure line number
- store: log a nice clear "download succeeded" message
- snap: run snap-confine from the re-exec location
- snapstate: support restarting snapd from the snapd snap on core18
- tests: show status of the partial test-snapd-huge snap in
econnreset test
- tests: fix interfaces-calendar-service test when gvfsd-metadata
loks the xdg dirctory
- store: switch store.SnapInfo to use the new v2/info endpoint
- interfaces: add Repository.AllInterfaces
- snapstate: stop using evolving SnapSpec internally, use an
internal-only snapSpec instead
- cmd/libsnap-confine-private: introduce a helper for splitting snap
name
- tests: econnreset/retry tweaks
- store, et al: kill dead code that uses the bulk endpoint
- tests/lib/prepare-restore: fix upgrade/reboot handling on arch
- cmd/snap-update-ns,strutil: move PathIterator to strutil, add
Depth helper
- data/systemd/snapd.run-from-snap: ensure snapd tooling is
available
- store: switch connectivity check to use v2/info
- devicestate: support seeding from a base snap instead of core
- snapstate,ifacestate: remove core-phase-2 handling
- interfaces/docker-support: update for docker 18.05
- tests: enable fedora 28 again
- overlord/ifacestate: simplify checkConnectConflicts and also
connect signature
- snap: parse connect instructions in gadget.yaml
- tests: fix snapd-repair.timer on ubuntu-core-snapd-run- from-snap
test
- interfaces/apparmor: allow killing snap-update-ns
- tests: skip "try" test on s390x
- store, image: have 'snap download' use v2/refresh action=download
- interfaces/policy: test that base policy can be parsed
- tests: publish test-snapd-appstreamid for any architecture
- snap: don't include newline in hook environment
- cmd/snap-update-ns: use RCall with SyscallsEqual
- cmd/snap-update-ns: add IsSnapdCreatedPrivateTmpfs and tests
- tests: skip security-dev-input-event-denied on s390x/arm64
- interfaces: add the dvb interface
- daemon: paging is not a thing.
- cmd/snap-mgmt: remove system key on purge
- testutil: syscall sequence checker
- cmd/snap-update-ns: fix a leaking file descriptor in MkSymlink
- packaging: use official bolt in the errtracker on fedora
- many: add `snap debug connectivity` command* many: add `snap debug
connectivity` command
- configstate: deny configuration of base snaps and for the "snapd"
snap
- interfaces/raw-usb: also allow usb serial devices
- snap: reject more layout locations
- errtracker: do not send duplicated reports
- httputil: extra debug if an error is not retried
- cmd/snap-update-ns: improve wording in many errors
- cmd/snap: use snaptest.MockSnapCurrent in `snap run` tests
- cmd/snap-update-ns: add helper for checking for read-only
filesystems
- interfaces/builtin/docker: use commonInterface over specific
struct
- testutil: add test support for Fstatfs
- cmd/snap-update-ns: discard the concept of segments
- cmd/libsnap-confine-private: helper for extracting store snap name
from local-name
- tests: fix flaky test for hooks undo
- interfaces: add {contacts,calendar}-service interfaces
- tests: retry 'restarting into..' match in the snap-confine-from-
core test
- systemd: adjust TestWriteMountUnitForDirs() to use
squashfs.MockUseFuse(false)
- data: add helper that can generate/start/stop the snapd service
- sefltest: advise reboot into 4.4 on trusty running 3.13
- selftest: add new selftest package that tests squashfs mounting
- store, jsonutil: move store.getStructFields to
jsonutil.StructFields
- ifacestate: improved conflict and error handling when creating
autoconnect tasks
- cmd/snap-confine: applied make fmt
- interfaces/udev: call 'udevadm settle --timeout=10' after
triggering events
- tests: wait more time until snap start to be downloaded on
econnreset test
- snapstate: ensure fakestore returns TypeOS for the core snap
- tests: fix lxd test which hangs on restore
- cmd/snap-update-ns: add PathIterator
- asserts,image: add support for models with bases
- tests: shellchecks part 3
- overlord/hookstate: support undo for hooks
- interfaces/tpm: Allow access to the kernel resource manager
- tests: skip appstream-id test for core systems 32 bits
- interfaces/home: remove redundant common interface assignment
- tests: reprioritise a few tests that are known to be slow
- cmd/snap: small help tweaks and fixes
- tests: add test to ensure /dev/input/event* for non-joysticks is
denied
- spread-shellcheck: silly fix & pep8
- spread: switch fedora 28 to manual
- client,cmd/snap,daemon,tests: expose base of a snap over API, show
it in snap info --verbose
- tests: fix lxd test - --auto now sets up networking
- tests: adding fedora-28 to spread.yaml
- interfaces: add juju-client-observe interface
- client, daemon: add a "mounted-from" entry to local snaps' JSON
- image: set model.DisplayName() in bootenv as "snap_menuentry"
- packaging/opensuse: Refactor packaging to support all openSUSE
targets
- interfaces/joystick: force use of the device cgroup with joystick
interface
- interfaces/hardware-observe: allow access to /etc/sensors* for
libsensors
- interfaces: remove Plug/Slot types
- interface hooks: update old AutoConnect methods
- snapcraft: run with DEB_BUILD_OPTIONS=nocheck
- overlord/{config,snap}state: the number of inactive revisions is
config
- cmd/snap: check with snapd for unknown sections
- tests: moving test helpers from sh to bash
- data/systemd: add snapd.apparmor.service
- many: expose AppStream IDs (AKA common ID)
- many: hold refresh when on metered connections
- interfaces/joystick: also support modern evdev joysticks and
gamepads
- xdgopenproxy: skip TestOpenUnreadableFile when run as root
- snapcraft: use dpkg-buildpackage options that work in xenial
- spread: openSUSE LEAP 42.2 was EOLd in January, remove it
- get-deps: work with an unset GOPATH too
- interfaces/apparmor: use strict template on openSUSE tumbleweed
- packaging: filter out verbose flags from "dh-golang"
- packaging: fix description
- snapcraft.yaml: add minimal snapcraft.yaml with custom build
-- Michael Vogt <email address hidden> Thu, 19 Jul 2018 12:05:50 +0200
-
snapd (2.33.1+18.04ubuntu2) bionic; urgency=medium
* New upstream release, LP: #1773118
- cherry pick https://github.com/snapcore/snapd/pull/5464
to workaround kernel urandom bug in bionic that slows down
boot
-- Michael Vogt <email address hidden> Thu, 05 Jul 2018 08:42:47 +0200
-
snapd (2.33.1+18.04ubuntu1) bionic; urgency=medium
* New upstream release, LP: #1773118
- cherry pick https://github.com/snapcore/snapd/pull/5376/
to fix autopkgtest
snapd (2.33.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1773118
- many: improve udev trigger on refresh experience
- systemd: require snapd.socket in snapd.seeded.service
- snap: don't include newline in hook environment
- interfaces/apparmor: allow killing snap-update-ns
- tests: skip "try" test on s390x
- tests: skip security-dev-input-event-denied when /dev/input/by-
path/ is missing
- tests: skip security-dev-input-event-denied on s390x/arm64
snapd (2.33) xenial; urgency=medium
* New upstream release, LP: #1773118
- packaging: use official bolt in the errtracker on fedora
- many: add `snap debug connectivity` command
- interfaces/raw-usb: also allow usb serial devices
- errtracker: do not send duplicated reports
- selftest: add new selftest package that tests squashfs mounting
- tests: backport lxd force stop and econnreset fixes
- tests: add test to ensure /dev/input/event* for non-joysticks is
denied
- interfaces/joystick: support modern evdev joysticks
- interfaces: add juju-client-observe
- interfaces/hardware-observe: allow access to /etc/sensors* for
libsensors
- many: holding refresh on metered connections
- many: expose AppStream IDs (AKA common ID)
- tests: speed up save/restore snapd state for all-snap systems
during tests execution
- interfaces/apparmor: use helper to load stray profile
- tests: ubuntu core abstraction
- overlord/snapstate: don't panic in a corner case interaction of
cleanup tasks and pruning
- interfaces/apparmor: add 'mediate_deleted' profile flag for all
snaps
- tests: new parameter for the journalctl rate limit
- spread-shellcheck: port to python
- interfaces/home: add 'read' attribute to allow non-owner read to
@{HOME}
- testutil: import check.v1 differently to workaround gccgo error
- interfaces/many: miscellaneous updates for default, desktop,
desktop-legacy, system-observe, hardware-observe, opengl and gpg-
keys
- snapstate/hooks: reorder autoconnect and reconnect hooks
- daemon: update unit tests to match current master
- overlord/snapshotstate/backend: introducing the snapshot backend
- many: support 'system' nickname in interfaces
- userd: add the "snap" scheme to the whitelist
- many: make rebooting of core on refresh immediate, refactor logic
around it
- tests/main/snap-service-timer: account for service timer being in
the 'running' state
- interfaces/builtin: allow access to libGLESv* too for opengl
interface
- daemon: fix unit tests on arch
- interfaces/default,process-control: miscellaneous signal policy
fixes
- interfaces/bulitin: add write permission to optical-drive
- configstate: validate known core.* options
- snap, wrappers: systemd WatchdogSec support
- ifacestate: do not auto-connect manually disconnected interfaces
- systemd: mock useFuse() so testsuite passes in container via lxd
snap
- snap/env: fix env duplication logic
- snap: some doc comments fixes and additions
- cmd/snap-confine, interfaces/opengl: allow access to glvnd EGL
vendor files
- ifacestate: unify reconnect and autoconnect methods
- tests: fix user mounts test for external systems
- overlord/snapstate,overlord/auth,store: coalesce no auth user
refresh requests
- boot,partition: improve tests/docs around SetNextBoot()
- many: improve `snap wait` command
- snap: fix `snap interface --attrs` output when numbers are used
- cmd/snap-update-ns: poke holes when creating source paths for
layouts
- snapstate: support getting new bases/default-providers on refresh
- ifacemgr: remove stale connections on startup
- asserts: use Attrer in policy checks
- testutil: record system call errors / return values
- tests: increase timeouts to make tests reliable on slow boards
- repo: pass and return ConnRef via pointers
- interfaces: add xdg-document-portal support to desktop interface
- debian: add a zenity|kdialog suggests
- snapstate: make TestDoPrereqRetryWhenBaseInFlight less brittle
- tests: go must be installed as a classic snap
- tests: use journalctl cursors instead rotating logs
- daemon: add confinement-options to /v2/system-info
daemon: refactor classic support flag to be more structured
- tests: build spread in the autopkgtests with a more recent go
- cmd/snap: fix the message when snap.channel != snap.tracking
- overlord/snapstate: allow core defaults configuration via 'system'
key
- many: add "snap debug sandbox-features" and needed bits
- interfaces: interface hooks for refresh
- snapd.core-fixup.sh: add workaround for corrupted uboot.env
- boot: clear "snap_mode" when needed
- many: add wait command and `snapd.seeded` service
- interfaces: move host font update-ns AppArmor rules to desktop
interface
- jsonutil/safejson: introducing safejson.String &
safejson.Paragraph
- cmd/snap-update-ns: use Secure.BindMount to bind mount files
- cmd/snap-update-ns,tests: mimic the mode and ownership of
directories
- cmd/snap-update-ns: add support for ignoring mounts with missing
source/target
- interfaces: interface hooks implementation
- cmd/libsnap: fix compile error on more restrictive gcc
cmd/libsnap: fix compilation errors on gcc 8
- interfaces/apparmor: allow bash and dash to be in /usr/bin/
- cmd/snap-confine: allow any base snap to provide /etc/alternatives
- tests: fix interfaces-network test for systems with partial
confinement
- spread.yaml: add cosmic (18.10) to autopkgtest/qemu
- tests: ubuntu 18.04 or higher does not need linux-image-extra-
- configcore: validate experimental.layouts option
- interfaces:minor autoconnect cleanup
- HACKING: fix typos
- spread: add adt for ubuntu 18.10
- tests: skip test lp-1721518 for arch, snapd is failing to start
after reboot
- interfaces/x11: allow X11 slot implementations
- tests: checking interfaces declaring the specific interface
- snap: improve error for snaps not available in the given context
- cmdstate: add missing test for default timeout handling
- tests: shellcheck spread tasks
- cmd/snap: update install/refresh help vs --revision
- cmd/snap-confine: add support for per-user mounts
- snap: do not use overly short timeout in `snap
{start,stop,restart}`
- tests: adding google-sru backend replacing linode-sur
- interfaces/apparmor: fix incorrect apparmor profile glob
- systemd: replace ancient paths with 16.04+ standards
- overlord,systemd: store snap revision in mount units
- testutil: add test helper for SysLstat
- testutil,cmd: rename test helper of Lstat to OsLstat
- testutil: document all fake syscall/os functions
- osutil,interfaces,cmd: use less hardcoded strings
- testutil: rename UNMOUNT_NOFOLLOW to umountNoFollow
- testutil: don't dot-import check.v1
- store: getStructFields takes pointers now
- tests: drop `linux-image-extra-$(uname -r)` install in 18.04
- many: fix false negatives reported by vet
- osutil,interfaces: use uint32 for uid, gid
- many: fix various issues reported by shellcheck
- tests: add pending shutdown detection
- image: support refreshing soft-expired user macaroons in tooling
- interfaces/builtin, daemon: cleanup mocked builtin interfaces in
daemon tests
- interfaces/builtin: add support for software-watchdog interface
- spread: auto accept key changes when calling dnf
- snap,overlord/snapstate: introduce and use BrokenSnapError
- tests: detect kernel oops during tests and abort tests in this
case
- tests: bring back one missing test in snap-service-stop-mode
- debian: update LP bug for the 2.32.5 SRU
- userd: set up journal logging streams for autostarted apps
- snap,tests : don't fail if we cannot stat MountFile
- tests: smaller fixes for Arch tests
- tests: run interfaces-broadcom-asic-control early
- client: support for snapshot sets, snapshots, and snapshot actions
- tests: skip interfaces-content test on core devices
- cmd: generalize locking to global, snap and per-user locks
- release-tools: handle the snapd-x.y.z version
- packaging: fix incorrectly auto-generated changelog entry for
2.32.5
- tests: add arch to CI
- systemd: add helper for opening stream file descriptors to the
journal
- cmd/snap: handle distros with no version ID
- many: add "stop-mode: sig{term,hup,usr[12]}{,-all}" instead of
conflating that with refresh-mode
- tests: removing linode-sru backend
- tests: updating bionic version for spread tests on google
- overlord/snapstate: poll for up to 10s if a snap is unexpectedly
not mounted in doMountSnap
- overlord/snapstate: allow to get an error from readInfo instead of
a broken stub, use it in doMountSnap
- snap: snap.AppInfo is now a fmt.Stringer
- tests: move fedora 27 to google backend
- many: add `core.problem-reports.disabled` option
- cmd/snap-update-ns: remove the need for stash directory in secure
bind mount implementation
- errtracker: check for whoopsie.service instead of reading
/etc/whoopsie
- cmd/snap: user session application autostart v3
- tests: add test to ensure `snap refresh --amend` works with
different channels
- tests: add check for OOM error after each test
- cmd/snap-seccomp: graceful handling of non-multilib host
- interfaces/shutdown: allow calling SetWallMessage
- cmd/snap-update-ns: add secure bind mount implementation for use
with user mounts
- snap: fix `snap advise-snap --command` output to match spec
- overlord/snapstate: on multi-snap refresh make sure bases and core
are finished before dependent snaps
- overlord/snapstate: introduce envvars to control the channels for
based and prereqs
- cmd/snap-confine: ignore missing cgroups in snap-device-helper
- debian: add gbp.conf script to build snapd via `gbp buildpackage`
- daemon,overlord/hookstate: stop/wait for running hooks before
closing the snapctl socket
- advisor: use json for package database
- interfaces/hostname-control: allow setting the hostname via
syscall and systemd
- tests/main/interfaces-opengl-nvidia: verify access to 32bit
libraries
- interfaces: misc updates for default, firewall-control, fuse-
support and process-control
- data/selinux: Give snapd access to more aspects of the system
- many: use the new install/refresh API by switching snapstate to
use store.SnapAction
- errtracker: make TestJournalErrorSilentError work on gccgo
- ifacestate: add to the repo also snaps that are pending being
activated but have a done setup-profiles
- snapstate, ifacestate: inject auto-connect tasks try 2
- cmd/snap-confine: allow creating missing gl32, gl, vulkan dirs
- errtracker: add more fields to aid debugging
- interfaces: make system-key more robust against invalid fstab
entries
- overlord,interfaces: be more vocal about broken snaps and read
errors
- ifacestate: injectTasks helper
- osutil: fix fstab parser to allow for # in field values
- cmd/snap-mgmt: remove timers, udev rules, dbus policy files
- release-tools: add repack-debian-tarball.sh
- daemon,client: add build-id to /v2/system-info
- cmd: make fmt (indent 2.2.11)
- interfaces/content: add rule so slot can access writable files at
plug's mountpoint
- interfaces: add /var/lib/snapd/snap to @{INSTALL_DIR}
- ifacestate: don't surface errors from stale connections
- cmd/snap-update-ns: convert Secure* family of functions into
methods
- tests: adjust canonical-livepatch test on GCE
- tests: fix quoting issues in econnreset test
- cmd/snap-confine: make /run/media an alias of /media
- cmd/snap-update-ns: rename i to segNum
- interfaces/serial: change pattern not to exclude /dev/ttymxc*
- spread: disable StartLimitInterval option on opensuse-42.3
- configstate: give a chance to immediately recompute the next
refresh time when schedules are set
- cmd/snap-confine: attempt to detect if multiarch host uses
arch triplets
- store: add Store.SnapAction to support the new install/refresh API
endpoint
- tests: adding test for removable-media interface
- tests: update interface tests to remove extra checks and normalize
tests
- timeutil: in Human, count days with fingers
- vendor: update gopkg.in/yaml.v2 to the latest version
- cmd/snap-confine: fix Archlinux compatibility
- cmd/snapd: make sure signal handlers are established during early
daemon startup
- cmd/snap-confine: apparmor: allow creating prefix path for
gl/vulkan
- osutil: use tilde suffix for temporary files used for atomic
replacement
- tests: copy or sanity check core users using usernames
- tests: disentangle etc vs extrausers in core tests
- tests: fix snap-run tests when snapd is not running
- overlord/configstate: change how ssh is stopped/started
- snap: make `snap run` look at the system-key for security profiles
- strutil, cmd/snap: drop strutil.WordWrap, first pass at
replacement
- tests: adding opensuse-42.3 to google
- cmd/snap: fix one issue with noWait error handling logic, add
tests plus other cleanups
- cmd/snap-confine: nvidia: preserve globbed file prefix
- advisor: add comment why osutil.FileExists(dirs.SnapCommandsDB) is
needed
- interfaces,release: probe seccomp features lazily
- tests: change debug for layout test
- advisor: deal with missing commands.db file
- interfaces/apparmor: simplify UpdateNS internals
- polkit: Pass caller uid to PolicyKit authority
- tests: moving debian 9 from linode to google backend
- cmd/snap-confine: nvidia: add tls/libnvidia-tls.so* glob
- po: specify charset in po/snappy.pot
- interfaces: harden snap-update-ns profile
- snap: Call SanitizePlugsSlots from InfoFromSnapYaml
- tests: update tests to deal with s390x quirks
- debian: run snap.mount upgrade fixup *before* debhelper
- tests: move xenial i386 to google backend
- snapstate: add compat mode for default-provider
- tests: a bunch of test fixes for s390x from looking at the
autopkgtest logs
- packaging: recommend "gnupg" instead of "gnupg1 | gnupg"
- interfaces/builtin: let MM change qmi device attributes
- tests: add workaround for s390x failure
- snap/pack, cmd/snap: add `snap pack --check-skeleton`
- daemon: support 'system' as nickname of the core snap
- cmd/snap-update-ns: use x-snapd.{synthetic,needed-by} in practice
- devicestate: add DeviceManager.Registered returning a channel
closed when the device is known to be registered
- store: Sections and WriteCatalogs need to strictly send device
auth only if the device has a custom store
- tests: add bionic system to google backend
- many: fix shellcheck warnings in bionic
- cmd/snap-update-ns: don't fail on existing symlinks
- tests: make autopkgtest tests more targeted
- cmd/snap-update-ns: fix creation of layout symlinks
- spread,tests: move suite-level prepare/restore to central script
- many: propagate contexts enough to be able to mark store
operations done from the Ensure loop
- snap: don't create empty Change with "Hold" state on disconnect
- snap: unify snap name validation w/python; enforce length limit.
- cmd/snap: use shlex when parsing `snap run --strace` arguments
- osutil,testutil: add symlinkat(2) and readlinkat(2)
- tests: autopkgtest may have non edge core too
- tests: adding checks before stopping snapd service to avoid job
canceled on ubuntu 14.04
- errtracker: respect the /etc/whoopsie configuration
- overlord/snapstate: hold refreshes for 2h after seeding on
classic
- cmd/snap: tweak and polish help strings
- snapstate: put layout feature behind feature flag
- tests: force profile re-generation via system-key
- snap/squashfs: when installing from seed, try symlink before cp
- wrappers: services which are socket or timer activated should not
be started during boot
- many: go vet cleanups
- tests: define MATCH from spread
- packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
fix
- cmd/snap: use timeutil.Human to show times in `snap refresh
--time`
- cmd/snap: in changes and tasks, default to human-friendly times
- many: support holding refreshes by setting refresh.hold
- Revert "cmd/snap: use timeutil.Human to show times in `snap
refresh -…-time`"
- cmd/snap: use timeutil.Human to show times in `snap refresh
--time`
- tests/main/snap-service-refresh-mode: refactor the test to rely on
comparing PIDs
- tests/main/media-sharing: improve the test to cover /media and
/run/media
- store: enable deltas for core devices too
- cmd/snap: unhide --no-wait; make wait use go via waitMixin
- strutil/shlex: import github.com/google/shlex into the tree
- vendor: update github.com/mvo5/libseccomp-golang
- overlord/snapstate: block install of "system"
- cmd/snap: "current"→"installed"; "refreshed"→"refresh-date"
- many: add the snapd-generator
- cmd/snap-seccomp: Cancel the atomic file on error, not just Close
- polkit: ensure error is properly set if dialog is dismissed
- snap-confine, snap-seccomp: utilize new seccomp logging features
- progress: tweak ansimeter cvvis use to no longer confuse minicom
- xdgopenproxy: integrate xdg-open implementation into snapctl
- tests: avoid removing preinstalled snaps on core
- tests: chroot into core to run xdg-open there
- userd: add an OpenFile method for launching local files with xdg-
open
- tests: moving ubuntu core from linode to google backend
- run-checks: remove accidental bashism
- i18n: simplify NG usage by doing the modulo math in-package.
- snap/squashfs: set timezone when calling unsquashfs to get the
build date
- timeutil: timeutil.Human(t) gives a human-friendly string for t
- snap: add autostart app property
- tests: add support for external backend executions on listing test
- tests: make interface-broadcom-asic-control test work on rpi
- configstate: when disable "ssh" we must disable the "sshd" service
- interfaces/apparmor,system-key: add upperdir snippets for strict
snaps on livecd
- snap/squashfs: add BuildDate
- store: parse the JSON format used by the coming new store API to
convey snap information
- many: remove snapd.refresh.{timer,service}
- tests: adding ubuntu-14.04-64 to the google backend
- interfaces: add xdg-desktop-portal support to desktop interface
- packaging/arch: sync with snapd/snapd-git from AUR
- wrappers, tests/main/snap-service-timer: restore missing commit,
add spread test for timer services
- store: don't ask for snap_yaml_raw except on the details endpoint
- many: generate and use per-snap snap-update-ns profile
- tests: add debug for layout test
- wrappers: detect whether systemd-analyze can be used in unit tests
- osutil: allow creating strings out of MountInfoEntry
- servicestate: use systemctl enable+start and disable+stop instead
of --now flag
- osutil: handle file being matched by multiple patterns
- daemon, snap: fix InstallDate, make a method of *snap.Info
- wrappers: timer services
- wrappers: generator for systemd OnCalendar schedules
- asserts: fix flaky storeSuite.TestCheckAuthority
- tests: fix dependency for ubuntu artful
- spread: start moving towards google backend
- tests: add a spread test for layouts
- ifacestate: be consistent passing Retry.After as named field
- cmd/snap-update-ns: use recursive bind mounts for writable mimic
- testutil: allow mocking syscall.Fstat
- overlord/snapstate: verify that default schedule is randomized and
is not a single time
- many: simplify mocking of home-on-NFS
- cmd/snap-update-ns: use syscall.Symlink instead of os.Symlink
- store: move infoFromRemote into details.go close to snapDetails
- userd/tests: Test kdialog calls and mock kdialog too to make tests
work in KDE
- cmd/snap: tweaks to 'snap info' (feat. installed->current rename)
- cmd/snap: add self-strace to `snap run`
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- update-pot: Force xgettext() to return true
- store: cleanup test naming, dropping remoteRepo and
UbuntuStore(Repository)? references
- store: reorg auth refresh
-- Michael Vogt <email address hidden> Fri, 22 Jun 2018 09:43:57 +0200
-
snapd (2.33.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1773118
- many: improve udev trigger on refresh experience
- systemd: require snapd.socket in snapd.seeded.service
- snap: don't include newline in hook environment
- interfaces/apparmor: allow killing snap-update-ns
- tests: skip "try" test on s390x
- tests: skip security-dev-input-event-denied when /dev/input/by-
path/ is missing
- tests: skip security-dev-input-event-denied on s390x/arm64
-- Michael Vogt <email address hidden> Thu, 21 Jun 2018 17:37:56 +0200
-
snapd (2.33+18.04) bionic; urgency=medium
* New upstream release, LP: #1773118
- packaging: use official bolt in the errtracker on fedora
- many: add `snap debug connectivity` command
- interfaces/raw-usb: also allow usb serial devices
- errtracker: do not send duplicated reports
- selftest: add new selftest package that tests squashfs mounting
- tests: backport lxd force stop and econnreset fixes
- tests: add test to ensure /dev/input/event* for non-joysticks is
denied
- interfaces/joystick: support modern evdev joysticks
- interfaces: add juju-client-observe
- interfaces/hardware-observe: allow access to /etc/sensors* for
libsensors
- many: holding refresh on metered connections
- many: expose AppStream IDs (AKA common ID)
- tests: speed up save/restore snapd state for all-snap systems
during tests execution
- interfaces/apparmor: use helper to load stray profile
- tests: ubuntu core abstraction
- overlord/snapstate: don't panic in a corner case interaction of
cleanup tasks and pruning
- interfaces/apparmor: add 'mediate_deleted' profile flag for all
snaps
- tests: new parameter for the journalctl rate limit
- spread-shellcheck: port to python
- interfaces/home: add 'read' attribute to allow non-owner read to
@{HOME}
- testutil: import check.v1 differently to workaround gccgo error
- interfaces/many: miscellaneous updates for default, desktop,
desktop-legacy, system-observe, hardware-observe, opengl and gpg-
keys
- snapstate/hooks: reorder autoconnect and reconnect hooks
- daemon: update unit tests to match current master
- overlord/snapshotstate/backend: introducing the snapshot backend
- many: support 'system' nickname in interfaces
- userd: add the "snap" scheme to the whitelist
- many: make rebooting of core on refresh immediate, refactor logic
around it
- tests/main/snap-service-timer: account for service timer being in
the 'running' state
- interfaces/builtin: allow access to libGLESv* too for opengl
interface
- daemon: fix unit tests on arch
- interfaces/default,process-control: miscellaneous signal policy
fixes
- interfaces/bulitin: add write permission to optical-drive
- configstate: validate known core.* options
- snap, wrappers: systemd WatchdogSec support
- ifacestate: do not auto-connect manually disconnected interfaces
- systemd: mock useFuse() so testsuite passes in container via lxd
snap
- snap/env: fix env duplication logic
- snap: some doc comments fixes and additions
- cmd/snap-confine, interfaces/opengl: allow access to glvnd EGL
vendor files
- ifacestate: unify reconnect and autoconnect methods
- tests: fix user mounts test for external systems
- overlord/snapstate,overlord/auth,store: coalesce no auth user
refresh requests
- boot,partition: improve tests/docs around SetNextBoot()
- many: improve `snap wait` command
- snap: fix `snap interface --attrs` output when numbers are used
- cmd/snap-update-ns: poke holes when creating source paths for
layouts
- snapstate: support getting new bases/default-providers on refresh
- ifacemgr: remove stale connections on startup
- asserts: use Attrer in policy checks
- testutil: record system call errors / return values
- tests: increase timeouts to make tests reliable on slow boards
- repo: pass and return ConnRef via pointers
- interfaces: add xdg-document-portal support to desktop interface
- debian: add a zenity|kdialog suggests
- snapstate: make TestDoPrereqRetryWhenBaseInFlight less brittle
- tests: go must be installed as a classic snap
- tests: use journalctl cursors instead rotating logs
- daemon: add confinement-options to /v2/system-info
daemon: refactor classic support flag to be more structured
- tests: build spread in the autopkgtests with a more recent go
- cmd/snap: fix the message when snap.channel != snap.tracking
- overlord/snapstate: allow core defaults configuration via 'system'
key
- many: add "snap debug sandbox-features" and needed bits
- interfaces: interface hooks for refresh
- snapd.core-fixup.sh: add workaround for corrupted uboot.env
- boot: clear "snap_mode" when needed
- many: add wait command and `snapd.seeded` service
- interfaces: move host font update-ns AppArmor rules to desktop
interface
- jsonutil/safejson: introducing safejson.String &
safejson.Paragraph
- cmd/snap-update-ns: use Secure.BindMount to bind mount files
- cmd/snap-update-ns,tests: mimic the mode and ownership of
directories
- cmd/snap-update-ns: add support for ignoring mounts with missing
source/target
- interfaces: interface hooks implementation
- cmd/libsnap: fix compile error on more restrictive gcc
cmd/libsnap: fix compilation errors on gcc 8
- interfaces/apparmor: allow bash and dash to be in /usr/bin/
- cmd/snap-confine: allow any base snap to provide /etc/alternatives
- tests: fix interfaces-network test for systems with partial
confinement
- spread.yaml: add cosmic (18.10) to autopkgtest/qemu
- tests: ubuntu 18.04 or higher does not need linux-image-extra-
- configcore: validate experimental.layouts option
- interfaces:minor autoconnect cleanup
- HACKING: fix typos
- spread: add adt for ubuntu 18.10
- tests: skip test lp-1721518 for arch, snapd is failing to start
after reboot
- interfaces/x11: allow X11 slot implementations
- tests: checking interfaces declaring the specific interface
- snap: improve error for snaps not available in the given context
- cmdstate: add missing test for default timeout handling
- tests: shellcheck spread tasks
- cmd/snap: update install/refresh help vs --revision
- cmd/snap-confine: add support for per-user mounts
- snap: do not use overly short timeout in `snap
{start,stop,restart}`
- tests: adding google-sru backend replacing linode-sur
- interfaces/apparmor: fix incorrect apparmor profile glob
- systemd: replace ancient paths with 16.04+ standards
- overlord,systemd: store snap revision in mount units
- testutil: add test helper for SysLstat
- testutil,cmd: rename test helper of Lstat to OsLstat
- testutil: document all fake syscall/os functions
- osutil,interfaces,cmd: use less hardcoded strings
- testutil: rename UNMOUNT_NOFOLLOW to umountNoFollow
- testutil: don't dot-import check.v1
- store: getStructFields takes pointers now
- tests: drop `linux-image-extra-$(uname -r)` install in 18.04
- many: fix false negatives reported by vet
- osutil,interfaces: use uint32 for uid, gid
- many: fix various issues reported by shellcheck
- tests: add pending shutdown detection
- image: support refreshing soft-expired user macaroons in tooling
- interfaces/builtin, daemon: cleanup mocked builtin interfaces in
daemon tests
- interfaces/builtin: add support for software-watchdog interface
- spread: auto accept key changes when calling dnf
- snap,overlord/snapstate: introduce and use BrokenSnapError
- tests: detect kernel oops during tests and abort tests in this
case
- tests: bring back one missing test in snap-service-stop-mode
- debian: update LP bug for the 2.32.5 SRU
- userd: set up journal logging streams for autostarted apps
- snap,tests : don't fail if we cannot stat MountFile
- tests: smaller fixes for Arch tests
- tests: run interfaces-broadcom-asic-control early
- client: support for snapshot sets, snapshots, and snapshot actions
- tests: skip interfaces-content test on core devices
- cmd: generalize locking to global, snap and per-user locks
- release-tools: handle the snapd-x.y.z version
- packaging: fix incorrectly auto-generated changelog entry for
2.32.5
- tests: add arch to CI
- systemd: add helper for opening stream file descriptors to the
journal
- cmd/snap: handle distros with no version ID
- many: add "stop-mode: sig{term,hup,usr[12]}{,-all}" instead of
conflating that with refresh-mode
- tests: removing linode-sru backend
- tests: updating bionic version for spread tests on google
- overlord/snapstate: poll for up to 10s if a snap is unexpectedly
not mounted in doMountSnap
- overlord/snapstate: allow to get an error from readInfo instead of
a broken stub, use it in doMountSnap
- snap: snap.AppInfo is now a fmt.Stringer
- tests: move fedora 27 to google backend
- many: add `core.problem-reports.disabled` option
- cmd/snap-update-ns: remove the need for stash directory in secure
bind mount implementation
- errtracker: check for whoopsie.service instead of reading
/etc/whoopsie
- cmd/snap: user session application autostart v3
- tests: add test to ensure `snap refresh --amend` works with
different channels
- tests: add check for OOM error after each test
- cmd/snap-seccomp: graceful handling of non-multilib host
- interfaces/shutdown: allow calling SetWallMessage
- cmd/snap-update-ns: add secure bind mount implementation for use
with user mounts
- snap: fix `snap advise-snap --command` output to match spec
- overlord/snapstate: on multi-snap refresh make sure bases and core
are finished before dependent snaps
- overlord/snapstate: introduce envvars to control the channels for
based and prereqs
- cmd/snap-confine: ignore missing cgroups in snap-device-helper
- debian: add gbp.conf script to build snapd via `gbp buildpackage`
- daemon,overlord/hookstate: stop/wait for running hooks before
closing the snapctl socket
- advisor: use json for package database
- interfaces/hostname-control: allow setting the hostname via
syscall and systemd
- tests/main/interfaces-opengl-nvidia: verify access to 32bit
libraries
- interfaces: misc updates for default, firewall-control, fuse-
support and process-control
- data/selinux: Give snapd access to more aspects of the system
- many: use the new install/refresh API by switching snapstate to
use store.SnapAction
- errtracker: make TestJournalErrorSilentError work on gccgo
- ifacestate: add to the repo also snaps that are pending being
activated but have a done setup-profiles
- snapstate, ifacestate: inject auto-connect tasks try 2
- cmd/snap-confine: allow creating missing gl32, gl, vulkan dirs
- errtracker: add more fields to aid debugging
- interfaces: make system-key more robust against invalid fstab
entries
- overlord,interfaces: be more vocal about broken snaps and read
errors
- ifacestate: injectTasks helper
- osutil: fix fstab parser to allow for # in field values
- cmd/snap-mgmt: remove timers, udev rules, dbus policy files
- release-tools: add repack-debian-tarball.sh
- daemon,client: add build-id to /v2/system-info
- cmd: make fmt (indent 2.2.11)
- interfaces/content: add rule so slot can access writable files at
plug's mountpoint
- interfaces: add /var/lib/snapd/snap to @{INSTALL_DIR}
- ifacestate: don't surface errors from stale connections
- cmd/snap-update-ns: convert Secure* family of functions into
methods
- tests: adjust canonical-livepatch test on GCE
- tests: fix quoting issues in econnreset test
- cmd/snap-confine: make /run/media an alias of /media
- cmd/snap-update-ns: rename i to segNum
- interfaces/serial: change pattern not to exclude /dev/ttymxc*
- spread: disable StartLimitInterval option on opensuse-42.3
- configstate: give a chance to immediately recompute the next
refresh time when schedules are set
- cmd/snap-confine: attempt to detect if multiarch host uses
arch triplets
- store: add Store.SnapAction to support the new install/refresh API
endpoint
- tests: adding test for removable-media interface
- tests: update interface tests to remove extra checks and normalize
tests
- timeutil: in Human, count days with fingers
- vendor: update gopkg.in/yaml.v2 to the latest version
- cmd/snap-confine: fix Archlinux compatibility
- cmd/snapd: make sure signal handlers are established during early
daemon startup
- cmd/snap-confine: apparmor: allow creating prefix path for
gl/vulkan
- osutil: use tilde suffix for temporary files used for atomic
replacement
- tests: copy or sanity check core users using usernames
- tests: disentangle etc vs extrausers in core tests
- tests: fix snap-run tests when snapd is not running
- overlord/configstate: change how ssh is stopped/started
- snap: make `snap run` look at the system-key for security profiles
- strutil, cmd/snap: drop strutil.WordWrap, first pass at
replacement
- tests: adding opensuse-42.3 to google
- cmd/snap: fix one issue with noWait error handling logic, add
tests plus other cleanups
- cmd/snap-confine: nvidia: preserve globbed file prefix
- advisor: add comment why osutil.FileExists(dirs.SnapCommandsDB) is
needed
- interfaces,release: probe seccomp features lazily
- tests: change debug for layout test
- advisor: deal with missing commands.db file
- interfaces/apparmor: simplify UpdateNS internals
- polkit: Pass caller uid to PolicyKit authority
- tests: moving debian 9 from linode to google backend
- cmd/snap-confine: nvidia: add tls/libnvidia-tls.so* glob
- po: specify charset in po/snappy.pot
- interfaces: harden snap-update-ns profile
- snap: Call SanitizePlugsSlots from InfoFromSnapYaml
- tests: update tests to deal with s390x quirks
- debian: run snap.mount upgrade fixup *before* debhelper
- tests: move xenial i386 to google backend
- snapstate: add compat mode for default-provider
- tests: a bunch of test fixes for s390x from looking at the
autopkgtest logs
- packaging: recommend "gnupg" instead of "gnupg1 | gnupg"
- interfaces/builtin: let MM change qmi device attributes
- tests: add workaround for s390x failure
- snap/pack, cmd/snap: add `snap pack --check-skeleton`
- daemon: support 'system' as nickname of the core snap
- cmd/snap-update-ns: use x-snapd.{synthetic,needed-by} in practice
- devicestate: add DeviceManager.Registered returning a channel
closed when the device is known to be registered
- store: Sections and WriteCatalogs need to strictly send device
auth only if the device has a custom store
- tests: add bionic system to google backend
- many: fix shellcheck warnings in bionic
- cmd/snap-update-ns: don't fail on existing symlinks
- tests: make autopkgtest tests more targeted
- cmd/snap-update-ns: fix creation of layout symlinks
- spread,tests: move suite-level prepare/restore to central script
- many: propagate contexts enough to be able to mark store
operations done from the Ensure loop
- snap: don't create empty Change with "Hold" state on disconnect
- snap: unify snap name validation w/python; enforce length limit.
- cmd/snap: use shlex when parsing `snap run --strace` arguments
- osutil,testutil: add symlinkat(2) and readlinkat(2)
- tests: autopkgtest may have non edge core too
- tests: adding checks before stopping snapd service to avoid job
canceled on ubuntu 14.04
- errtracker: respect the /etc/whoopsie configuration
- overlord/snapstate: hold refreshes for 2h after seeding on
classic
- cmd/snap: tweak and polish help strings
- snapstate: put layout feature behind feature flag
- tests: force profile re-generation via system-key
- snap/squashfs: when installing from seed, try symlink before cp
- wrappers: services which are socket or timer activated should not
be started during boot
- many: go vet cleanups
- tests: define MATCH from spread
- packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
fix
- cmd/snap: use timeutil.Human to show times in `snap refresh
--time`
- cmd/snap: in changes and tasks, default to human-friendly times
- many: support holding refreshes by setting refresh.hold
- Revert "cmd/snap: use timeutil.Human to show times in `snap
refresh -…-time`"
- cmd/snap: use timeutil.Human to show times in `snap refresh
--time`
- tests/main/snap-service-refresh-mode: refactor the test to rely on
comparing PIDs
- tests/main/media-sharing: improve the test to cover /media and
/run/media
- store: enable deltas for core devices too
- cmd/snap: unhide --no-wait; make wait use go via waitMixin
- strutil/shlex: import github.com/google/shlex into the tree
- vendor: update github.com/mvo5/libseccomp-golang
- overlord/snapstate: block install of "system"
- cmd/snap: "current"→"installed"; "refreshed"→"refresh-date"
- many: add the snapd-generator
- cmd/snap-seccomp: Cancel the atomic file on error, not just Close
- polkit: ensure error is properly set if dialog is dismissed
- snap-confine, snap-seccomp: utilize new seccomp logging features
- progress: tweak ansimeter cvvis use to no longer confuse minicom
- xdgopenproxy: integrate xdg-open implementation into snapctl
- tests: avoid removing preinstalled snaps on core
- tests: chroot into core to run xdg-open there
- userd: add an OpenFile method for launching local files with xdg-
open
- tests: moving ubuntu core from linode to google backend
- run-checks: remove accidental bashism
- i18n: simplify NG usage by doing the modulo math in-package.
- snap/squashfs: set timezone when calling unsquashfs to get the
build date
- timeutil: timeutil.Human(t) gives a human-friendly string for t
- snap: add autostart app property
- tests: add support for external backend executions on listing test
- tests: make interface-broadcom-asic-control test work on rpi
- configstate: when disable "ssh" we must disable the "sshd" service
- interfaces/apparmor,system-key: add upperdir snippets for strict
snaps on livecd
- snap/squashfs: add BuildDate
- store: parse the JSON format used by the coming new store API to
convey snap information
- many: remove snapd.refresh.{timer,service}
- tests: adding ubuntu-14.04-64 to the google backend
- interfaces: add xdg-desktop-portal support to desktop interface
- packaging/arch: sync with snapd/snapd-git from AUR
- wrappers, tests/main/snap-service-timer: restore missing commit,
add spread test for timer services
- store: don't ask for snap_yaml_raw except on the details endpoint
- many: generate and use per-snap snap-update-ns profile
- tests: add debug for layout test
- wrappers: detect whether systemd-analyze can be used in unit tests
- osutil: allow creating strings out of MountInfoEntry
- servicestate: use systemctl enable+start and disable+stop instead
of --now flag
- osutil: handle file being matched by multiple patterns
- daemon, snap: fix InstallDate, make a method of *snap.Info
- wrappers: timer services
- wrappers: generator for systemd OnCalendar schedules
- asserts: fix flaky storeSuite.TestCheckAuthority
- tests: fix dependency for ubuntu artful
- spread: start moving towards google backend
- tests: add a spread test for layouts
- ifacestate: be consistent passing Retry.After as named field
- cmd/snap-update-ns: use recursive bind mounts for writable mimic
- testutil: allow mocking syscall.Fstat
- overlord/snapstate: verify that default schedule is randomized and
is not a single time
- many: simplify mocking of home-on-NFS
- cmd/snap-update-ns: use syscall.Symlink instead of os.Symlink
- store: move infoFromRemote into details.go close to snapDetails
- userd/tests: Test kdialog calls and mock kdialog too to make tests
work in KDE
- cmd/snap: tweaks to 'snap info' (feat. installed->current rename)
- cmd/snap: add self-strace to `snap run`
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- update-pot: Force xgettext() to return true
- store: cleanup test naming, dropping remoteRepo and
UbuntuStore(Repository)? references
- store: reorg auth refresh
-- Michael Vogt <email address hidden> Fri, 08 Jun 2018 17:13:47 +0200
-
snapd (2.32.9+18.04) bionic; urgency=medium
* New upstream release, LP: #1767833
- tests: run all spread tests inside GCE
- tests: build spread in the autopkgtests with a more recent go
-- Michael Vogt <email address hidden> Wed, 16 May 2018 10:20:08 +0200
-
snapd (2.32.8+18.04) bionic; urgency=medium
* New upstream release, LP: #1767833
-- Michael Vogt <email address hidden> Fri, 11 May 2018 14:36:16 +0200
-
snapd (2.32.5+18.04) bionic; urgency=medium
* New upstream release, LP: #1756173
- many: add "stop-mode: sig{term,hup,usr[12]}{,-all}" instead of
conflating that with refresh-mode
- overlord/snapstate: poll for up to 10s if a snap is unexpectedly
not mounted in doMountSnap
- daemon: support 'system' as nickname of the core snap
snapd (2.32.4) xenial; urgency=medium
* New upstream release, LP: #1756173
- cmd/snap: user session application autostart
- overlord/snapstate: introduce envvars to control the channels for
bases and prereqs
- overlord/snapstate: on multi-snap refresh make sure bases and core
are finished before dependent snaps
- many: use the new install/refresh /v2/snaps/refresh store API
-- Michael Vogt <email address hidden> Mon, 16 Apr 2018 11:41:48 +0200
-
snapd (2.32.3.2+18.04) bionic; urgency=medium
* New upstream release, LP: #1756173
- errtracker: make TestJournalErrorSilentError work on
gccgo
- errtracker: check for whoopsie.service instead of reading
/etc/whoopsie
snapd (2.32.3.1) xenial; urgency=medium
* New upstream release, LP: #1756173
- debian: add gbp.conf script to build snapd via `gbp
buildpackage`
- tests: add check for OOM error after each test
- cmd/snap-seccomp: graceful handling of non-multilib host
- interfaces/shutdown: allow calling SetWallMessage
- data/selinux: Give snapd access to more aspects of the system
- daemon,overlord/hookstate: stop/wait for running hooks before
closing the snapctl socket
- cmd/snap-confine: ignore missing cgroups in snap-device-helper
- interfaces: misc updates for default, firewall-control, fuse-
support and process-control
- overlord: test fix, address corner case
snapd (2.32.3) xenial; urgency=medium
* New upstream release, LP: #1756173
- ifacestate: add to the repo also snaps that are pending being
activated but have a done setup-profiles
- snapstate: inject autoconnect tasks in doLinkSnap for regular
snaps
- cmd/snap-confine: allow creating missing gl32, gl, vulkan dirs
- errtracker: add more fields to aid debugging
- interfaces: make system-key more robust against invalid fstab
entries
- cmd/snap-mgmt: remove timers, udev rules, dbus policy files
- overlord,interfaces: be more vocal about broken snaps and read
errors
- osutil: fix fstab parser to allow for # in field values
snapd (2.32.2) xenial; urgency=medium
* New upstream release, LP: #1756173
- interfaces/content: add rule so slot can access writable files at
plug's mountpoint
- tests: adjust canonical-livepatch test on GCE
- interfaces/serial: change pattern not to exclude /dev/ttymxc
- spread.yaml: switch Fedora 27 tests to manual
- store: Sections and WriteCatalogs need to strictly send device
auth only if the device has a custom store
- configstate: give a chance to immediately recompute the next
refresh time when schedules are set
- cmd/snap-confine: attempt to detect if multiarch host uses arch
triplets
- vendor: update gopkg.in/yaml.v2 to the latest version (#4945)
snapd (2.32.1) xenial; urgency=medium
* New upstream release, LP: #1756173
- cmd/snapd: make sure signal handlers are established during early
daemon startup
- osutil: use tilde suffix for temporary files used for atomic
replacement
- cmd/snap-confine: apparmor: allow creating prefix path for
gl/vulkan
- tests: disentangle etc vs extrausers in core tests
- packaging: fix changelogs' typo
snapd (2.32) xenial; urgency=medium
* New upstream release, LP: #1756173
- snap: make `snap run` look at the system-key for security profiles
- overlord/configstate: change how ssh is stopped/started
- cmd/snap-confine: nvidia: preserve globbed file prefix
- advisor: deal with missing commands.db file
- interfaces,release: probe seccomp features lazily
- interfaces: harden snap-update-ns profile
- polkit: Pass caller uid to PolicyKit authority
- tests: change debug for layout test
- cmd/snap-confine: don't use per-snap s-u-n profile
- many: backported fixes for layouts and symlinks
- cmd/snap-confine: nvidia: add tls/libnvidia-tls.so* glob
- cmd/snap-update-ns: use x-snapd.{synthetic,needed-by} in practice
- snap: Call SanitizePlugsSlots from InfoFromSnapYaml
- cmd/snap-confine: fix ptrace rule with snap-confine peer
- tests: update tests to deal with s390x quirks
- snapstate: add compat mode for default-provider"snapname:ifname"
- snap-confine: fallback to /lib/udev/snappy-app-dev if the core is
older
- tests: a bunch of test fixes for s390x from looking at the
autopkgtest logs
- packaging: recommend "gnupg" instead of "gnupg1 | gnupg"
- interfaces/builtin: let MM change qmi device attributes
- debian: undo snap.mount system unit removal
- snap: don't create empty Change with "Hold" state on disconnect
- tests: add workaround for s390x failure
- tests: make autopkgtest tests more targeted
- many: propagate contexts enough to be able to mark store
operations done from the Ensure loop
- store: cleanup test naming, dropping remoteRepo and
UbuntuStore(Repository)? references
- store: reorg auth refresh
- tests: autopkgtest may have non edge core too
- data: translate polkit strings
- snapstate: put layout feature behind feature flag
- errtracker: respect the /etc/whoopsie configuration
- overlord/snapstate: hold refreshes for 2h after seeding on classic
- many: cherry-pick relevant `go vet` 1.10 fixes to 2.32
- snap/squashfs: when installing from seed, try symlink before cp
- wrappers: services which are socket or timer activated should not
be started during boot
- many: generate and use per-snap snap-update-ns profile
- many: support holding refreshes by setting refresh.hold
- snap-confine, snap-seccomp: utilize new seccomp logging features
- many: remove snapd.refresh.{timer,service}
- many: add the snapd-generator
- polkit: do not shadow dbus errors, avoid panic in case of errors
- polkit: ensure error is properly set if dialog is dismissed
- xdgopenproxy: integrate xdg-open implementation into snapctl
- userd: add an OpenFile method for launching local files with xdg-
open
- asserts: use a timestamp for the assertion after the signing key
has been created
- ifacestate: be consistent passing Retry.After as named field
- interfaces/apparmor,system-key: add upperdir snippets for strict
snaps on livecd
interfaces/apparmor,system-key: add upperdir snippets for strict
snaps
- configstate: when disable "ssh" we must disable the "sshd"
service
- store: don't ask for snap_yaml_raw except on the details endpoint
- osutil: handle file being matched by multiple patterns
- cmd/snap-update-ns: use recursive bind mounts for writable mimic
- cmd/snap-update-ns: use syscall.Symlink instead of os.Symlink
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- interfaces/network-status: fix use of '/' in interface in DBus
rule
- interfaces/screen-inhibit-control: fix use of '.' in path in DBus
rule
- overlord/snapstate: fix task iteration order in
TestDoPrereqRetryWhenBaseInFlight
- interfaces: add an interface for gnome-online-accounts D-Bus
service
- snap: pass full timer spec in `snap run --timer`
- cmd/snap: introduce `snap run --timer`
- snapstate: auto install default-providers for content snaps
- hooks/strutil: limit the number of data read from the hooks to
avoid oom
- osutil: aggregate mockable symbols
- tests: make sure snapd is running before attempting to remove
leftover snaps
- timeutil: account for 24h wrap when flattening clock spans
- many: send new Snap-CDN header with none or with cloud instance
placement info as needed
- cmd/snap-update-ns,testutil: move syscall testing helpers
- tests: disable interfaces-location-control on s390x
- tests: new spread test for gpio-memory-control interface
- tests: spread test for broadcom-asic-control interface
- tests: make restore of interfaces-password-manager-service more
robust
- tests/lib/prepare-restore: sync journal before rotating and
vacuuming
- overlord/snapstate: use spread in the default refresh schedule
- tests: fixes for autopkgtest in bionic
- timeutil: introduce helpers for checking it time falls inside the
schedule
- cmd/snap-repair,httputil: set snap-repair User-Agent on requests
- vendor: resync formatting of vendor.json
- snapstate/ifacestate: auto-connect tasks
- cmd/snap: also include tracking channel in list output.
- interfaces/apparmor: use snap revision with surrounding '.' when
replacing in glob
- debian,vendor: import github.com/snapcore/squashfs and use
- many: implement "refresh-mode: {restart,endure,...}" for services
- daemon: make the ast-inspecting test smarter; drop 'exceptions'
- tests: new spread test for kvm interface
- cmd/snap: tweaks to 'snap info' output
- snap: remove underscore from version validator regexp
- testutil: add File{Matches,Equals,Contains} checkers.
- snap: improve the version validator's error messages.
- osutil: refactor EnsureFileState to separate out the comparator
- timeutil: fix scheduling on nth weekday of the month
- cmd/snap-update-ns: small refactor for upcoming per-user mounts
- many: rename snappy-app-dev to snap-device-helper
- systemd: add default target for timers
- interfaces: miscellaneous policy updates for home, opengl, time-
control, network, et al
- cmd/snap: linter cleanups
- interfaces/mount: generate per-user mount profiles
- cmd/snap: use proper help strings for `snap userd --help`
- packaging: provide a compat symlink for snappy-app-dev
- interfaces/time-control,netlink-audit: adjust for util-linux
compiled with libaudit
- tests: adding new test to validate the raw-usb interface
- snap: add support for `snap run --gdb`
- interfaces/builtin: allow MM to access login1
- packaging: fix build on sbuild
- store: revert PR#4532 and do not display displayname
- interfaces/mount: add support for per-user mount entries
- cmd/system-shutdown: move sync to be even more pessimistic
- osutil: reimplement IsMounted with LoadMountInfo
- tests/main/ubuntu-core-services: enable snapd.refresh.timer for
the test
- many: don't allow layout construction to silently fail
- interfaces/apparmor: ensure snap-confine profile for reexec is
current
- interfaces/apparmor: generalize apparmor load and unload helpers
- tests: removing packages which are not needed anymore to generate
random data
- snap: improve `snap run` comments/naming
- snap: allow options for --strace, e.g. `snap run --strace="-tt"`
- tests: fix spread test failures on 18.04
- systemd: update comment on SocketsTarget
- osutil: add and update docstrings
- osutil: parse mount entries without options field
- interfaces: mock away real mountinfo/fstab
- many: move /lib/udev/snappy-app-dev to /usr/lib/snapd/snappy-app-
dev
- overlord/snapstate/backend: perform cleanup if snap setup fails
- tests/lib/prepare: disable snapd.refresh.timer
- daemon: remove redundant UserOK markings from api commands
- snap: introduce timer service data types and validation
- cmd/snap: fix UX of snap services
- daemon: allow `snapctl get` from any uid
- debian, snap: only static link libseccomp in snap-seccomp on
ubuntu
- all: snap versions are now validated
- many: add nfs-home flag to system-key
- snap: disallow layouts in various special directories
- cmd/snap: add help for service commands.
- devicestate: fix autopkgtest failure in
TestDoRequestSerialErrorsOnNoHost
- snap,interfaces: allow using bind-file layouts
- many: move mount code to osutil
- snap: understand directories in layout blacklist
- snap: use custom unsquashfsStderrWriter for unsquashfs error
detection
- tests/main/user-data-handling: get rid of ordering bug
- snap: exclude `gettimeofday` from `snap run --strace`
- tests: check if snapd.socket is active before stoping it
- snap: sort layout elements before validating
- strutil: introducing MatchCounter
- snap: detect unsquashfs write failures
- spread: add missing ubuntu-18.04-arm64 to available autopkgtest
machines
- cmd/snap-confine: allow mounting anywhere, effectively
- daemon: improve ucrednet code for the snap.socket
- release, interfaces: add new release.AppArmorFeatures helper
- snap: apply some golint suggestions
- many: add interfaces.SystemKey() helper
- tests: new snaps to test installs nightly
- tests: skip alsa interface test when the system does not have any
audio devices
- debian/rules: workaround for
https://github.com/golang/go/issues/23721
- interfaces/apparmor: early support for snap-update-ns snippets
- wrappers: cleanup enabled service sockets
- cmd/snap-update-ns: large refactor / update of unit tests
- interfaces/apparmor: remove leaked future layout code
- many: allow constructing layouts (phase 1)
- data/systemd: for debugging/testing use /etc/environment also for
snap-repair runs
- cmd/snap-confine: create lib/{gl,gl32,vulkan} under /var/lib/snapd
and chown as root:root
- overlord/configstate/config: make [GS]etSnapConfig use *RawMessage
- daemon: refactor snapFooMany helpers a little
- cmd/snap-confine: allow snap-update-ns to chown things
- interfaces/apparmor: use a helper to set the scope
- overlord/configstate/config: make SetSnapConfig delete on empty
- osutil: make MkdirAllChown clean the path passed in
- many: at seeding try to capture cloud information into core config
under "cloud"
- cmd/snap: add completion conversion helper to increase DRY
- many: remove "content" argument from snaptest.MockSnap()
- osutil: allow using many globs in EnsureDirState
- cmd/snap-confine: fix read-only filesystem when mounting nvidia
files in biarch
- tests: use root path to /home/test/tmp to avoid lack of space
issue
- packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
packaging
- tests: update kill-timeout focused on making tests pass on boards
- advisor: ensure commands.db has mode 0644 and add test
- snap: improve validation of snap layouts
- tests: ensure disabled services are masked
- interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
- systemd, wrappers: start all snap services in one systemctl call
- mir: software clients need access to shared memory /dev/shm/#*
- snap: add support for `snap advise-snap pkgName`
- snap: fix command-not-found on core devices
- tests: new spead test for openvswitch-support interface
- tests: add integration for local snap licenses
- config: add (Get|Set)SnapConfig to do bulk config e.g. from
snapshots
- cmd/snap: display snap license information
- tests: enable content sharing test for $SNAP
- osutil: add ContextWriter and RunWithContext helpers.
- osutil: add DirExists and IsDirNotExist
snapd (2.31.2) xenial; urgency=medium
* New upstream release, LP: #1745217
- many: add the snapd-generator
- polkit: ensure error is properly set if dialog is dismissed
- xdgopenproxy: integrate xdg-open implementation into snapctl
- userd: add an OpenFile method for launching local files with xdg-
open
- configstate: when disable "ssh" we must disable the "sshd"
service
- many: remove snapd.refresh.{timer,service}
- interfaces/builtin: allow MM to access login1
- timeutil: account for 24h wrap when flattening clock spans
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- systemd, wrappers: start all snap services in one systemctl
call
- tests: disable interfaces-location-control on s390x
snapd (2.31.1) xenial; urgency=medium
* New upstream release, LP: #1745217
- tests: multiple autopkgtest related fixes for 18.04
- overlord/snapstate: use spread in the default refresh schedule
- timeutil: fix scheduling on nth weekday of the month
- interfaces: miscellaneous policy updates for home, opengl, time-
control, network, et al
- cmd/snap: use proper help strings for `snap userd --help`
- interfaces/time-control,netlink-audit: adjust for util-linux
compiled with libaudit
- rules: do not static link on powerpc
- packaging: revert LDFLAGS rewrite again after building snap-
seccomp
- store: revert PR#4532 and do not display displayname
- daemon: allow `snapctl get` from any uid
- debian, snap: only static link libseccomp in snap-seccomp on
ubuntu
- daemon: improve ucrednet code for the snap.socket
snapd (2.31) xenial; urgency=medium
* New upstream release, LP: #1745217
- cmd/snap-confine: allow snap-update-ns to chown things
- cmd/snap-confine: fix read-only filesystem when mounting nvidia
files in biarch
- packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
packaging
- advisor: ensure commands.db has mode 0644 and add test
- interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
- snap: improve validation of snap layoutsRules for validating
layouts:
- snap: fix command-not-found on core devices
- cmd/snap: display snap license information
- tests: enable content sharing test for $SNAP
- userd: add support for a simple UI that can be used from userd
- snap-confine/nvidia: Support legacy biarch trees for GLVND systems
- tests: generic detection of gadget and kernel snaps
- cmd/snap-update-ns: refactor and improve Change.Perform to handle
EROFS
- cmd/snap: improve output when snaps were found in a section or the
section is invalid
- cmd/snap-confine,tests: hide message about stale base snap
- cmd/snap-mgmt: fix out of source tree build
- strutil/quantity: new package that exports formatFoo (from
progress)
- cmd/snap: snap refresh --time with new and legacy schedules
- state: unknown tasks handler
- cmd/snap-confine,data/systemd: fix removal of snaps inside LXD
- snap: add io.snapcraft.Settings to `snap userd`
- spread: remove more EOLed releases
- snap: tidy up top-level help output
- snap: fix race in `snap run --strace`
- tests: update "searching" test to match store changes
- store: use the "publisher" when populating the "publisher" field
- snap: make `snap find --section` show all sections
- tests: new test to validate location control interface
- many: add new `snap refresh --amend <snap>` command
- tests/main/kernel-snap-refresh-on-core: skip the whole test if
edge and stable are the same version
- tests: set test kernel-snap-refresh-on-core to manual
- tests: new spread test for interface gpg-keys
- packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
fix
- interfaces: miscellaneous policy updates
- interfaces/builtin: Replace Solus support with GLVND support
- tests/main/kernel-snap-refresh-on-core: do not fail if edge and
stable kernels are the same version
- snap: add `snap run --strace` to be able to strace snap apps
- tests: new spread test for ssh-keys interface
- errtracker: include detected virtualisation
- tests: add new kernel refresh/revert test for spread-cron
- interfaces/builtin: blacklist zigbee dongle
- cmd/snap-confine: discard stale mount namespaces
- cmd: remove unused execArg0/execEnv
- snap,interfaces/mount: disallow nobody/nogroup
- cmd/snap: improve `snap aliases` output when no aliases are
defined
- tests/lib/snaps/test-snapd-service: refactor service reload
- tests: new spread test for gpg-public-keys interface
- tests: new spread test for ssh-public-keys interface
- spread: setup machine creation on Linode
- interfaces/builtin: allow introspecting UDisks2
- interfaces/builtin: add support for content "source" section
- tests: new spread test for netlink-audit interface
- daemon: avoid panic'ing building an error response w/no snaps
given
- interfaces/mount,snap: early support for snap layouts
- daemon: unlock state even if RefreshSchedule() fails
- arch: add "armv8l" to ubuntuArchFromKernelArch table
- tests: fix for test interface-netlink-connector
- data/dbus: add AssumedAppArmorLabel=unconfined
- advisor: use forked bolt to make it work on ppc
- overlord/snapstate: record the 'kind' of conflicting change
- dirs: fix snap mount dir on Manjaro
- overlord/{snapstate,configstate}, daemon: introduce refresh.timer,
fallback to refresh.schedule
- config: add support for `snap set core proxy.no_proxy=...`
- snap-mgmt: extend spread tests, stop, disable and cleanup snap
services
- spread.yaml: add fedora 27
- cmd/snap-confine: allow snap-update-ns to poke writable holes in
$SNAP
- packaging/14.04: move linux-generic-lts-xenial to recommends
- osutil/sys: ppc has 32-bit getuid already
- snapstate: make no autorefresh message clearer
- spread: try to enable Fedora once more
- overlord/snapstate: do a minimal sanity check on containers
- configcore: ensure config.txt has a final newline
- cmd/libsnap-confine-private: print failed mount/umount regardless
of SNAP_CONFINE_DEBUG
- debian/tests: add missing autopkgtest test dependencies for debian
- image: port ini handling to goconfigparser
- tests/main/snap-service-after-before: add test for after/before
service ordering
- tests: enabling opensuse for tests
- tests: update auto-refresh-private to match messages from current
master
- dirs: check if distro 'is like' fedora when picking path to
libexecdir
- tests: fix "job canceled" issue and improve cleanup for snaps
- cmd/libsnap-confine-private: add debug build of libsnap-confine-
private.a, link it into snap-confine-debug
- vendor: remove x/sys/unix to fix builds on arm64 and powerpc
- image: let consume snapcraft export-login files from tooling
- interfaces/mir: allow Wayland socket and non-root sockets
- interfaces/builtin: use snap.{Plug,Slot}Info over
interfaces.{Plug,Slot}
- tests: add simple snap-mgmt test
- wrappers: autogenerate After/Before in systemd's service files for
apps
- snap: add usage hints in `snap download`
- snap: provide more meaningful errors for installMany and friends
- cmd/snap: show header/footer when `snap find` is used without
arguments
- overlord/snapstate: for Enable's tasks refer to the first task
with snap-setup, do not duplicate
- tests: add hard-coded fully expired macaroons to run related tests
- cmd/snap-update-ns: new test features
- cmd/snap-update-ns: we don't want to bind mount symlinks
- interfaces/mount: test OptsToCommonFlags, filter out x-snapd.
options
- cmd/snap-update-ns: untangle upcoming cyclic initialization
- client, daemon: update user's email when logging in with new
account
- tests: ensure snap-confine apparmor profile is parsable
- snap: do not leak internal errors on install/refresh etc
- snap: fix missing error check when multiple snaps are refreshed
- spread: trying to re-enable tests on Fedora
- snap: fix gadget.yaml parsing for multi volume gadgets
- snap: give the snap.Container interface a Walk method
- snap: rename `snap advise-command` to `snap advise-snap --command`
- overlord/snapstate: no refresh just for hints if there was a
recent regular full refresh
- progress: switch ansimeter's Spin() to use a spinner
- snap: support `command-not-found` symlink for `snap advise-
command`
- daemon: store email, ID and macaroon when creating a new user
- snap: app startup after/before validation
- timeutil: refresh timer take 2
- store, daemon/api: Rename MyAppsServer, point to
dashboard.snapcraft.io instead
- tests: use "quiet" helper instead of "dnf -q" to get errors on
failures
- cmd/snap-update-ns: improve mocking for tests
- many: implement the advisor backend, populate it from the store
- tests: make less calls to the package manager
- tests/main/confinement-classic: enable the test on Fedora
- snap: do not leak internal network errors to the user
- snap: use stdout instead of stderr for "fetching" message
- tests: fix test whoami, share successful_login.exp
- many: refresh with appropriate creds
- snap: add new `snap advice-command` skeleton
- tests: add test that ensures we never parse versions as numbers
- overlord/snapstate: override Snapstate.UserID in refresh if the
installing user is gone
- interfaces: allow socket "shutdown" syscall in default profile
- snap: print friendly message if `snap keys` is empty
- cmd/snap-update-ns: add execWritableMimic
- snap: make `snap info invalid-snap` output more user friendly
- cmd/snap, tests/main/classic-confinement: fix snap-exec path when
running under classic confinement
- overlord/ifacestate: fix disable/enable cycle to setup security
- snap: fix snap find " " output
- daemon: add new polkit action to manage interfaces
- packaging/arch: disable services when removing
- asserts/signtool: support for building tools on top that fill-
in/compute some headers
- cmd: clarify "This leaves %s tracking %s." message
- daemon: return "bad-query" error kind for store.ErrBadQuery
- taskrunner/many: KnownTaskKinds helper
- tests/main/interfaces-fuse_support: fix confinement, allow
unmount, fix spread tests
- snap: use the -no-fragments mksquashfs option
- data/selinux: allow messages from policykit
- tests: fix catalog-update wait loop
- tests/lib/prepare-restore: disable rate limiting in journald
- tests: change interfaces-fuse_support to be debug friendly
- tests/main/postrm-purge: stop snapd before purge
- This is an example of test log:https://paste.ubuntu.com/26215170/
- tests/main/interfaces-fuse_support: dump more debugging
information
- interfaces/dbus: adjust slot policy for listen, accept and accept4
syscalls
- tests: save the snapd-state without compression
- tests/main/searching: handle changes in featured snaps list
- overlord/snapstate: fix auto-refresh summary for 2 snaps
- overlord/auth,daemon: introduce an explicit auth.ErrInvalidUser
- interfaces: add /proc/partitions to system-observe (This addresses
LP#1708527.)
- tests/lib: introduce helpers for setting up /dev/random using
/dev/urandom in project prepare
- tests: new test for interface network status
- interfaces: interfaces: also add an app/hook-specific udev RUN
rule for hotplugging
- tests: fix external backend for tests that need DEBUG output
- tests: do not disable refresh timer on external backend
- client: send all snap related bool json fields
- interfaces/desktop,unity7: allow status/activate/lock of
screensavers
- tests/main: source mkpinentry.sh
- tests: fix security-device-cgroups-serial-port test for rpi and db
- cmd/snap-mgmt: add more directories for cleanup and refactor
purge() code
- snap: YAML and data structures for app before/after ordering
- tests: set TRUST_TEST_KEYS=false for all the external backends
- packaging/arch: install snap-mgmt tool
- tests: add support on tests for cm3 gadget
- interfaces/removable-media: also allow 'k' (lock)
- interfaces: use ConnectedPlug/ConnectedSlot types (step 2)
- interfaces: rename sanitize methods
- devicestate: fix misbehaving test when using systemd-resolved
- interfaces: added Ref() helpers, restored more detailed error
message on spi iface
- debian: make "gnupg" a recommends
- interfaces/many: misc updates for default, browser-support,
opengl, desktop, unity7, x11
- interfaces: PlugInfo/SlotInfo/ConnectedPlug/ConnectedSlot
attribute helpers
- interfaces: update fixme comments
- tests: make interfaces-snapd-control-with-manage more robust
- userd: generalize dbusInterface
- interfaces: use ConnectedPlug/ConnectedSlot types (step 1)
- hookstate: add compat "configure-snapd" task.
- config, overlord/snapstate, timeutil: rename ParseSchedule to
ParseLegacySchedule
- tests: adding tests for time*-control interfaces
- tests: new test to check interfaces after reboot the system
- cmd/snap-mgmt: fixes
- packaging/opensuse-42.2: package and use snap-mgmt
- corecfg: also "mask" services when disabling them
- cmd/snap-mgmt: introduce snap-mgmt tool
- configstate: simplify ConfigManager
- interfaces: add gpio-memory-control interface
- cmd: disable check-syntax-c
- packaging/arch: add bash-completion as optional dependency
- corecfg: rename package to overlord/configstate/configcore
- wrappers: fix unit tests to use dirs.SnapMountDir
- osutil/sys: reimplement getuid and chown with the right int type
- interfaces-netlink-connector: fix sourcing snaps.sh
snapd (2.30) xenial; urgency=medium
* New upstream release, LP: #1735344
- tests: set TRUST_TEST_KEYS=false for all the external backends
- tests: fix external backend for tests that need DEBUG output
- tests: do not disable refresh timer on external backend
- client: send all snap related bool json fields
- interfaces: interfaces: also add an app/hook-specific udev RUN
rule for hotplugging
- interfaces/desktop,unity7: allow status/activate/lock of
screensavers
- tests/main: source mkpinentry.sh
- devicestate: use a different nowhere domain
- interfaces: add ssh-keys, ssh-public-keys, gpg-keys and gpg-public
keys interfaces
- interfaces/many: misc updates for default, browser-support, opengl,
desktop, unity7, x11
- devicestate: fix misbehaving test when using systemd-resolved
- interfaces/removable-media: also allow 'k' (lock)
- interfaces/many: misc updates for default, browser-support,
opengl, desktop, unity7, x11
- corecfg: also "mask" services when disabling them
- tests: add support for autopkgtests on s390x
- snapstate: support for pre-refresh hook
- many: allow to configure core before it is installed
- devicestate: fix unkeyed fields error
- snap-confine: create mount target for lib32,vulkan on demand
- snapstate: add support for refresh.schedule=managed
- cmd/snap-update-ns: teach update logic to handle synthetic changes
- many: remove configure-snapd task again and handle internally
- snap: fix TestDirAndFileMethods() test to work with gccgo
- debian: ensure /var/lib/snapd/lib/vulkan is available
- cmd/snap-confine: use #include instead of bare include
- snapstate: store userID in snapstate
- snapd.dirs: add var/lib/snapd/lib/gl32
- timeutil, overlod/snapstate: cleanup remaining pieces of timeutil
weekday support
- packaging/arch: install missing directories, manpages and version
info
- snapstate,store: store if a snap is a paid snap in the sideinfo
- packaging/arch: pre-create snapd directories when packaging
- tests/main/manpages: set LC_ALL=C as man may complain if the
locale is unset or unsupported
- repo: ConnectedPlug and ConnectedSlot types
- snapd: fix handling of undo in the taskrunner
- store: fix download caching and add integration test
- snapstate: move autorefresh code into autoRefresh helper
- snapctl: don't error out on start/stop/restart from configure hook
during install or refresh
- cmd/snap-update-ns: add planWritableMimic
- deamon: don't omit responses, even if null
- tests: add test for frame buffer interface
- tests/lib: fix shellcheck errors
- apparmor: generate the snap-confine re-exec profile for
AppArmor{Partial,Full}
- tests: remove obsolete workaround
- snap: use existing files in `snap download` if digest/size matches
- tests: merge pepare-project.sh into prepare-restore.sh
- tests: cache snaps to $TESTSLIB/cache
- tests: set -e, -o pipefail in prepare-restore.sh
- apparmor: generate the snap-confine re-exec profile for
AppArmor{Partial,Full}
- cmd/snap-seccomp: fix uid/gid restrictions tests on Arch
- tests: document and slightly refactor prepare/restore code
- snapstate: ensure RefreshSchedule() gives accurate results
- snapstate: add new refresh-hints helper and use it
- spread.yaml,tests: move most of project-wide prepare/restore to
separate file
- timeutil: introduce helpers for weekdays and TimeOfDay
- tests: adding new test for uhid interface
- cmd/libsnap: fix parsing of empty mountinfo fields
- overlord/devicestate: best effort to go to early full retries for
registration on the like of DNS no host
- spread.yaml: bump delta ref to 2.29
- tests: adding test to test physical memory observe interface
- cmd, errtracker: get rid of SNAP_DID_REEXEC environment
- timeutil: remove support to parse weekday schedules
- snap-confine: add workaround for snap-confine on 4.13/upstream
- store: do not log the http body for catalog updates
- snapstate: move catalogRefresh into its own helper
- spread.yaml: fix shellcheck issues and trivial refactor
- spread.yaml: move prepare-each closer to restore-each
- spread.yaml: increase workers for opensuse to 3
- tests: force delete when tests are restore to avoid suite failure
- test: ignore /snap/README
- interfaces/opengl: also allow read on 'revision' in
/sys/devices/pci...
- interfaces/screen-inhibit-control: fix case in screen inhibit
control
- asserts/sysdb: panic early if pointed to staging but staging keys
are not compiled-in
- interfaces: allow /bin/chown and fchownat to root:root
- timeutil: include test input in error message in
TestParseSchedule()
- interfaces/browser-support: adjust base declaration for auto-
connection
- snap-confine: fix snap-confine under lxd
- store: bit less aggressive retry strategy
- tests: add new `fakestore new-snap-{declaration,revision}` helpers
- cmd/snap-update-ns: add secureMkfileAll
- snap: use field names when initializing composite literals
- HACKING: fix path in snap install
- store: add support for flags in ListRefresh()
- interfaces: remove invalid plugs/slots from SnapInfo on
sanitization.
- debian: add missing udev dependency
- snap/validate: extend socket validation tests
- interfaces: add "refresh-schedule" attribute to snapd-control
- interfaces/builtin/account_control: use gid owning /etc/shadow to
setup seccomp rules
- cmd/snap-update-ns: tweak changePerform
- interfaces,tests: skip unknown plug/slot interfaces
- tests: disable interfaces-network-control-tuntap
- cmd: use a preinit_array function rather than parsing
/proc/self/cmdline
- interfaces/time*_control: explicitly deny noisy read on
/proc/1/environ
- cmd/snap-update-ns: misc cleanups
- snapd: allow hooks to have slots
- fakestore: add go-flags to prepare for `new-snap-declaration` cmd
- interfaces/browser-support: add shm path for nwjs
- many: add magic /snap/README file
- overlord/snapstate: support completion for command aliases
- tests: re-enable tun/tap test on Debian
- snap,wrappers: add support for socket activation
- repo: use PlugInfo and SlotInfo for permanent plugs/slots
- tests/interfaces-network-control-tuntap: disable on debian-
unstable for now
- cmd/snap-confine: Loosen the NVIDIA Vulkan ICD glob
- cmd/snap-update-ns: detect and report read-only filesystems
- cmd/snap-update-ns: re-factor secureMkdirAll into
secureMk{Prefix,Dir}
- run-checks, tests/lib/snaps/: shellcheck fixes
- corecfg: validate refresh.schedule when it is applied
- tests: adjust test to match stderr
- snapd: fix snap cookie bugs
- packaging/arch: do not quote MAKEFLAGS
- state: add change.LaneTasks helper
- cmd/snap-update-ns: do not assume 'nogroup' exists
- tests/lib: handle distro specific grub-editenv naming
- cmd/snap-confine: Add missing bi-arch NVIDIA filesthe
`/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl/vdpau` paths within
- cmd: Support exposing NVIDIA Vulkan ICD files to the snaps
- cmd/snap-confine: Implement full 32-bit NVIDIA driver support
- packaging/arch: packaging update
- cmd/snap-confine: Support bash as base runtime entry
- wrappers: do not error on incorrect Exec= lines
- interfaces: fix udev tagging for hooks
- tests/set-proxy-store: exclude ubuntu-core-16 via systems: key
- tests: new tests for network setup control and observe interfaces
- osutil: add helper for obtaining group ID of given file path
- daemon,overlord/snapstate: return snap-not-installed error in more
cases
- interfaces/builtin/lxd_support: allow discovering of host's os-
release
- configstate: add support for configure-snapd for
snapstate.IgnoreHookError
- tests: add a spread test for proxy.store setting together with
store assertion
- cmd/snap-seccomp: do not use group 'shadow' in tests
- asserts/assertstest: fix use of hardcoded value when the passed
or default keys should be used
- interfaces/many: misc policy updates for browser-support, cups-
control and network-status
- tests: fix xdg-open-compat
- daemon: for /v2/logs, 404 when no services are found
- packaging/fedora: Merge changes from Fedora Dist-Git
- cmd/snap-update-ns: add new helpers for mount entries
- cmd/snap-confine: Respect biarch nature of libdirs
- cmd/snap-confine: Ensure snap-confine is allowed to access os-
release
- cmd: fix re-exec bug with classic confinement for host snapd <
2.28
- interfaces/kmod: simplify loadModules now that errors are ignored
- tests: disable xdg-open-compat test
- tests: add test that checks core reverts on core devices
- dirs: use alt root when checking classic confinement support
without …
- interfaces/kmod: treat failure to load module as non-fatal
- cmd/snap-update-ns: fix golint and some stale comments
- corecfg: support setting proxy.store if there's a matching store
assertion
- overlord/snapstate: toggle ignore-validation as needed as we do
for channel
- tests: fix security-device-cgroup* tests on devices with
framebuffer
- interfaces/raw-usb: match on SUBSYSTEM, not SUBSYSTEMS
- interfaces: add USB interface number attribute in udev rule for
serial-port interface
- overlord/devicestate: switch to the new endpoints for registration
- snap-update-ns: add missing unit test for desired/current profile
handling
- cmd/{snap-confine,libsnap-confine-private,snap-shutdown}: cleanup
low-level C bits
- ifacestate: make interfaces.Repository available via state cache
- overlord/snapstate: cleanups around switch-snap*
- cmd/snapd,client,daemon: display ignore-validation flag through
the notes mechanism
- cmd/snap-update-ns: add logging to snap-update-ns
- many: have a timestamp on store assertions
- many: lookup and use the URL from a store assertion if one is set
for use
- tests/test-snapd-service: fix shellcheck issues
- tests: new test for hardware-random-control interface
- tests: use `snap change --last=install` in snapd-reexec test
- repo, daemon: use PlugInfo, SlotInfo
- many: handle core configuration internally instead of using the
core configure hook
- tests: refactor and expand content interface test
- snap-seccomp: skip in-kernel bpf tests for socket() in trusty/i386
- cmd/snap-update-ns: allow Change.Perform to return changes
- snap-confine: Support biarch Linux distribution confinement
- partition/ubootenv: don't panic when uboot.env is missing the eof
marker
- cmd/snap-update-ns: allow fault injection to provide dynamic
result
- interfaces/mount: exspose mount.{Escape,Unescape}
- snapctl: added long help to stop/start/restart command
- cmd/snap-update-ns: create missing mount points automatically.
- cmd: downgrade log message in InternalToolPath to Debugf()
- tests: wait for service status change & file update in the test to
avoid races
- daemon, store: forward SSO invalid credentials errors as 401
Unauthorized responses
- spdx: fix for WITH syntax, require a license name before the
operator
- many: reorg things in preparation to make handling of the base url
in store dynamic
- hooks/configure: queue service restarts
- cmd/snap: warn when a snap is not from the tracking channel
- interfaces/mount: add support for parsing x-snapd.{mode,uid,gid}=
- cmd/snap-confine: add detection of stale mount namespace
- interfaces: add plugRef/slotRef helpers for PlugInfo/SlotInfo
- tests: check for invalid udev files during all tests
- daemon: use newChange() in changeAliases for consistency
- servicestate: use taskset
- many: add support for /home on NFS
- packaging,spread: fix and re-enable opensuse builds
-- Michael Vogt <email address hidden> Wed, 11 Apr 2018 12:40:09 +0200
-
snapd (2.32+18.04) bionic; urgency=medium
* New upstream release, LP: #1756173
- snap: make `snap run` look at the system-key for security profiles
- overlord/configstate: change how ssh is stopped/started
- cmd/snap-confine: nvidia: preserve globbed file prefix
- advisor: deal with missing commands.db file
- interfaces,release: probe seccomp features lazily
- interfaces: harden snap-update-ns profile
- polkit: Pass caller uid to PolicyKit authority
- tests: change debug for layout test
- cmd/snap-confine: don't use per-snap s-u-n profile
- many: backported fixes for layouts and symlinks
- cmd/snap-confine: nvidia: add tls/libnvidia-tls.so* glob
- cmd/snap-update-ns: use x-snapd.{synthetic,needed-by} in practice
- snap: Call SanitizePlugsSlots from InfoFromSnapYaml
- cmd/snap-confine: fix ptrace rule with snap-confine peer
- tests: update tests to deal with s390x quirks
- snapstate: add compat mode for default-provider"snapname:ifname"
- snap-confine: fallback to /lib/udev/snappy-app-dev if the core is
older
- tests: a bunch of test fixes for s390x from looking at the
autopkgtest logs
- packaging: recommend "gnupg" instead of "gnupg1 | gnupg"
- interfaces/builtin: let MM change qmi device attributes
- debian: undo snap.mount system unit removal
- snap: don't create empty Change with "Hold" state on disconnect
- tests: add workaround for s390x failure
- tests: make autopkgtest tests more targeted
- many: propagate contexts enough to be able to mark store
operations done from the Ensure loop
- store: cleanup test naming, dropping remoteRepo and
UbuntuStore(Repository)? references
- store: reorg auth refresh
- tests: autopkgtest may have non edge core too
- data: translate polkit strings
- snapstate: put layout feature behind feature flag
- errtracker: respect the /etc/whoopsie configuration
- overlord/snapstate: hold refreshes for 2h after seeding on classic
- many: cherry-pick relevent `go vet` 1.10 fixes to 2.32
- snap/squashfs: when installing from seed, try symlink before cp
- wrappers: services which are socket or timer activated should not
be started during boot
- many: generate and use per-snap snap-update-ns profile
- many: support holding refreshes by setting refresh.hold
- snap-confine, snap-seccomp: utilize new seccomp logging features
- many: remove snapd.refresh.{timer,service}
- many: add the snapd-generator
- polkit: do not shadow dbus errors, avoid panic in case of errors
- polkit: ensure error is properly set if dialog is dismissed
- xdgopenproxy: integrate xdg-open implementation into snapctl
- userd: add an OpenFile method for launching local files with xdg-
open
- asserts: use a timestamp for the assertion after the signing key
has been created
- ifacestate: be consistent passing Retry.After as named field
- interfaces/apparmor,system-key: add upperdir snippets for strict
snaps on livecd
interfaces/apparmor,system-key: add upperdir snippets for strict
snaps
- configstate: when disable "ssh" we must disable the "sshd"
service
- store: don't ask for snap_yaml_raw except on the details endpoint
- osutil: handle file being matched by multiple patterns
- cmd/snap-update-ns: use recursive bind mounts for writable mimic
- cmd/snap-update-ns: use syscall.Symlink instead of os.Symlink
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- interfaces/network-status: fix use of '/' in interface in DBus
rule
- interfaces/screen-inhibit-control: fix use of '.' in path in DBus
rule
- overlord/snapstate: fix task iteration order in
TestDoPrereqRetryWhenBaseInFlight
- interfaces: add an interface for gnome-online-accounts D-Bus
service
- snap: pass full timer spec in `snap run --timer`
- cmd/snap: introduce `snap run --timer`
- snapstate: auto install default-providers for content snaps
- hooks/strutil: limit the number of data read from the hooks to
avoid oom
- osutil: aggregate mockable symbols
- tests: make sure snapd is running before attempting to remove
leftover snaps
- timeutil: account for 24h wrap when flattening clock spans
- many: send new Snap-CDN header with none or with cloud instance
placement info as needed
- cmd/snap-update-ns,testutil: move syscall testing helpers
- tests: disable interfaces-location-control on s390x
- tests: new spread test for gpio-memory-control interface
- tests: spread test for broadcom-asic-control interface
- tests: make restore of interfaces-password-manager-service more
robust
- tests/lib/prepare-restore: sync journal before rotating and
vacuuming
- overlord/snapstate: use spread in the default refresh schedule
- tests: fixes for autopkgtest in bionic
- timeutil: introduce helpers for checking it time falls inside the
schedule
- cmd/snap-repair,httputil: set snap-repair User-Agent on requests
- vendor: resync formatting of vendor.json
- snapstate/ifacestate: auto-connect tasks
- cmd/snap: also include tracking channel in list output.
- interfaces/apparmor: use snap revision with surrounding '.' when
replacing in glob
- debian,vendor: import github.com/snapcore/squashfs and use
- many: implement "refresh-mode: {restart,endure,...}" for services
- daemon: make the ast-inspecting test smarter; drop 'exceptions'
- tests: new spread test for kvm interface
- cmd/snap: tweaks to 'snap info' output
- snap: remove underscore from version validator regexp
- testutil: add File{Matches,Equals,Contains} checkers.
- snap: improve the version validator's error messages.
- osutil: refactor EnsureFileState to separate out the comparator
- timeutil: fix scheduling on nth weekday of the month
- cmd/snap-update-ns: small refactor for upcoming per-user mounts
- many: rename snappy-app-dev to snap-device-helper
- systemd: add default target for timers
- interfaces: miscellaneous policy updates for home, opengl, time-
control, network, et al
- cmd/snap: linter cleanups
- interfaces/mount: generate per-user mount profiles
- cmd/snap: use proper help strings for `snap userd --help`
- packaging: provide a compat symlink for snappy-app-dev
- interfaces/time-control,netlink-audit: adjust for util-linux
compiled with libaudit
- tests: adding new test to validate the raw-usb interface
- snap: add support for `snap run --gdb`
- interfaces/builtin: allow MM to access login1
- packaging: fix build on sbuild
- store: revert PR#4532 and do not display displayname
- interfaces/mount: add support for per-user mount entries
- cmd/system-shutdown: move sync to be even more pessimistic
- osutil: reimplement IsMounted with LoadMountInfo
- tests/main/ubuntu-core-services: enable snapd.refresh.timer for
the test
- many: don't allow layout construction to silently fail
- interfaces/apparmor: ensure snap-confine profile for reexec is
current
- interfaces/apparmor: generalize apparmor load and unload helpers
- tests: removing packages which are not needed anymore to generate
random data
- snap: improve `snap run` comments/naming
- snap: allow options for --strace, e.g. `snap run --strace="-tt"`
- tests: fix spread test failures on 18.04
- systemd: update comment on SocketsTarget
- osutil: add and update docstrings
- osutil: parse mount entries without options field
- interfaces: mock away real mountinfo/fstab
- many: move /lib/udev/snappy-app-dev to /usr/lib/snapd/snappy-app-
dev
- overlord/snapstate/backend: perform cleanup if snap setup fails
- tests/lib/prepare: disable snapd.refresh.timer
- daemon: remove redundant UserOK markings from api commands
- snap: introduce timer service data types and validation
- cmd/snap: fix UX of snap services
- daemon: allow `snapctl get` from any uid
- debian, snap: only static link libseccomp in snap-seccomp on
ubuntu
- all: snap versions are now validated
- many: add nfs-home flag to system-key
- snap: disallow layouts in various special directories
- cmd/snap: add help for service commands.
- devicestate: fix autopkgtest failure in
TestDoRequestSerialErrorsOnNoHost
- snap,interfaces: allow using bind-file layouts
- many: move mount code to osutil
- snap: understand directories in layout blacklist
- snap: use custom unsquashfsStderrWriter for unsquashfs error
detection
- tests/main/user-data-handling: get rid of ordering bug
- snap: exclude `gettimeofday` from `snap run --strace`
- tests: check if snapd.socket is active before stoping it
- snap: sort layout elements before validating
- strutil: introducing MatchCounter
- snap: detect unsquashfs write failures
- spread: add missing ubuntu-18.04-arm64 to available autopkgtest
machines
- cmd/snap-confine: allow mounting anywhere, effectively
- daemon: improve ucrednet code for the snap.socket
- release, interfaces: add new release.AppArmorFeatures helper
- snap: apply some golint suggestions
- many: add interfaces.SystemKey() helper
- tests: new snaps to test installs nightly
- tests: skip alsa interface test when the system does not have any
audio devices
- debian/rules: workaround for
https://github.com/golang/go/issues/23721
- interfaces/apparmor: early support for snap-update-ns snippets
- wrappers: cleanup enabled service sockets
- cmd/snap-update-ns: large refactor / update of unit tests
- interfaces/apparmor: remove leaked future layout code
- many: allow constructing layouts (phase 1)
- data/systemd: for debugging/testing use /etc/environment also for
snap-repair runs
- cmd/snap-confine: create lib/{gl,gl32,vulkan} under /var/lib/snapd
and chown as root:root
- overlord/configstate/config: make [GS]etSnapConfig use *RawMessage
- daemon: refactor snapFooMany helpers a little
- cmd/snap-confine: allow snap-update-ns to chown things
- interfaces/apparmor: use a helper to set the scope
- overlord/configstate/config: make SetSnapConfig delete on empty
- osutil: make MkdirAllChown clean the path passed in
- many: at seeding try to capture cloud information into core config
under "cloud"
- cmd/snap: add completion conversion helper to increase DRY
- many: remove "content" argument from snaptest.MockSnap()
- osutil: allow using many globs in EnsureDirState
- cmd/snap-confine: fix read-only filesystem when mounting nvidia
files in biarch
- tests: use root path to /home/test/tmp to avoid lack of space
issue
- packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
packaging
- tests: update kill-timeout focused on making tests pass on boards
- advisor: ensure commands.db has mode 0644 and add test
- snap: improve validation of snap layouts
- tests: ensure disabled services are masked
- interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
- systemd, wrappers: start all snap services in one systemctl call
- mir: software clients need access to shared memory /dev/shm/#*
- snap: add support for `snap advise-snap pkgName`
- snap: fix command-not-found on core devices
- tests: new spead test for openvswitch-support interface
- tests: add integration for local snap licenses
- config: add (Get|Set)SnapConfig to do bulk config e.g. from
snapshots
- cmd/snap: display snap license information
- tests: enable content sharing test for $SNAP
- osutil: add ContextWriter and RunWithContext helpers.
- osutil: add DirExists and IsDirNotExist
-- Michael Vogt <email address hidden> Sat, 24 Mar 2018 08:23:31 +0100
-
snapd (2.32+18.04~pre6) bionic; urgency=medium
* New upstream pre-release, LP: #1756173
- snapstate: add compat mode for default-provider"snapname:ifname",
we deal with this gracefully by just stripping ofthe part after
the ":".
- snap-confine: fallback to /lib/udev/snappy-app-dev if the core is
older
- tests: a bunch of test fixes for s390x
- packaging: recommend "gnupg" instead of "gnupg1 | gnupg"
- interfaces/builtin: let MM change qmi device attributes
- debian: undo snap.mount system unit removal
- snap: don't create empty Change with "Hold" state on disconnect
- tests: make autopkgtest tests more targeted
-- Michael Vogt <email address hidden> Tue, 20 Mar 2018 20:31:03 +0100
-
snapd (2.32+18.04~pre5) bionic; urgency=medium
* New upstream pre-release, LP: #1756173
- autopkgtest fixes
-- Michael Vogt <email address hidden> Mon, 19 Mar 2018 08:35:51 +0100
-
snapd (2.32+18.04~pre4) bionic; urgency=medium
* New upstream release, LP: #1756173
-- Michael Vogt <email address hidden> Thu, 15 Mar 2018 21:26:51 +0100
-
snapd (2.32+18.04~pre3) bionic; urgency=medium
* New upstream release, LP: #1756173
-- Michael Vogt <email address hidden> Thu, 15 Mar 2018 21:15:24 +0100
-
snapd (2.32+18.04~pre2) bionic; urgency=medium
* New upstream release, LP: #1756173
-- Michael Vogt <email address hidden> Thu, 15 Mar 2018 20:57:15 +0100
-
snapd (2.31.2+18.04) bionic; urgency=medium
* New upstream release, LP: #1745217
- many: add the snapd-generator
- polkit: ensure error is properly set if dialog is dismissed
- xdgopenproxy: integrate xdg-open implementation into snapctl
- userd: add an OpenFile method for launching local files with xdg-
open
- configstate: when disable "ssh" we must disable the "sshd"
service
- many: remove snapd.refresh.{timer,service}
- interfaces/builtin: allow MM to access login1
- timeutil: account for 24h wrap when flattening clock spans
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- systemd, wrappers: start all snap services in one systemctl
call
- tests: disable interfaces-location-control on s390x
snapd (2.31.1) xenial; urgency=medium
* New upstream release, LP: #1745217
- tests: multiple autopkgtest related fixes for 18.04
- overlord/snapstate: use spread in the default refresh schedule
- timeutil: fix scheduling on nth weekday of the month
- interfaces: miscellaneous policy updates for home, opengl, time-
control, network, et al
- cmd/snap: use proper help strings for `snap userd --help`
- interfaces/time-control,netlink-audit: adjust for util-linux
compiled with libaudit
- rules: do not static link on powerpc
- packaging: revert LDFLAGS rewrite again after building snap-
seccomp
- store: revert PR#4532 and do not display displayname
- daemon: allow `snapctl get` from any uid
- debian, snap: only static link libseccomp in snap-seccomp on
ubuntu
- daemon: improve ucrednet code for the snap.socket
snapd (2.31) xenial; urgency=medium
* New upstream release, LP: #1745217
- cmd/snap-confine: allow snap-update-ns to chown things
- cmd/snap-confine: fix read-only filesystem when mounting nvidia
files in biarch
- packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
packaging
- advisor: ensure commands.db has mode 0644 and add test
- interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
- snap: improve validation of snap layoutsRules for validating
layouts:
- snap: fix command-not-found on core devices
- cmd/snap: display snap license information
- tests: enable content sharing test for $SNAP
- userd: add support for a simple UI that can be used from userd
- snap-confine/nvidia: Support legacy biarch trees for GLVND systems
- tests: generic detection of gadget and kernel snaps
- cmd/snap-update-ns: refactor and improve Change.Perform to handle
EROFS
- cmd/snap: improve output when snaps were found in a section or the
section is invalid
- cmd/snap-confine,tests: hide message about stale base snap
- cmd/snap-mgmt: fix out of source tree build
- strutil/quantity: new package that exports formatFoo (from
progress)
- cmd/snap: snap refresh --time with new and legacy schedules
- state: unknown tasks handler
- cmd/snap-confine,data/systemd: fix removal of snaps inside LXD
- snap: add io.snapcraft.Settings to `snap userd`
- spread: remove more EOLed releases
- snap: tidy up top-level help output
- snap: fix race in `snap run --strace`
- tests: update "searching" test to match store changes
- store: use the "publisher" when populating the "publisher" field
- snap: make `snap find --section` show all sections
- tests: new test to validate location control interface
- many: add new `snap refresh --amend <snap>` command
- tests/main/kernel-snap-refresh-on-core: skip the whole test if
edge and stable are the same version
- tests: set test kernel-snap-refresh-on-core to manual
- tests: new spread test for interface gpg-keys
- packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
fix
- interfaces: miscellaneous policy updates
- interfaces/builtin: Replace Solus support with GLVND support
- tests/main/kernel-snap-refresh-on-core: do not fail if edge and
stable kernels are the same version
- snap: add `snap run --strace` to be able to strace snap apps
- tests: new spread test for ssh-keys interface
- errtracker: include detected virtualisation
- tests: add new kernel refresh/revert test for spread-cron
- interfaces/builtin: blacklist zigbee dongle
- cmd/snap-confine: discard stale mount namespaces
- cmd: remove unused execArg0/execEnv
- snap,interfaces/mount: disallow nobody/nogroup
- cmd/snap: improve `snap aliases` output when no aliases are
defined
- tests/lib/snaps/test-snapd-service: refactor service reload
- tests: new spread test for gpg-public-keys interface
- tests: new spread test for ssh-public-keys interface
- spread: setup machine creation on Linode
- interfaces/builtin: allow introspecting UDisks2
- interfaces/builtin: add support for content "source" section
- tests: new spread test for netlink-audit interface
- daemon: avoid panic'ing building an error response w/no snaps
given
- interfaces/mount,snap: early support for snap layouts
- daemon: unlock state even if RefreshSchedule() fails
- arch: add "armv8l" to ubuntuArchFromKernelArch table
- tests: fix for test interface-netlink-connector
- data/dbus: add AssumedAppArmorLabel=unconfined
- advisor: use forked bolt to make it work on ppc
- overlord/snapstate: record the 'kind' of conflicting change
- dirs: fix snap mount dir on Manjaro
- overlord/{snapstate,configstate}, daemon: introduce refresh.timer,
fallback to refresh.schedule
- config: add support for `snap set core proxy.no_proxy=...`
- snap-mgmt: extend spread tests, stop, disable and cleanup snap
services
- spread.yaml: add fedora 27
- cmd/snap-confine: allow snap-update-ns to poke writable holes in
$SNAP
- packaging/14.04: move linux-generic-lts-xenial to recommends
- osutil/sys: ppc has 32-bit getuid already
- snapstate: make no autorefresh message clearer
- spread: try to enable Fedora once more
- overlord/snapstate: do a minimal sanity check on containers
- configcore: ensure config.txt has a final newline
- cmd/libsnap-confine-private: print failed mount/umount regardless
of SNAP_CONFINE_DEBUG
- debian/tests: add missing autopkgtest test dependencies for debian
- image: port ini handling to goconfigparser
- tests/main/snap-service-after-before: add test for after/before
service ordering
- tests: enabling opensuse for tests
- tests: update auto-refresh-private to match messages from current
master
- dirs: check if distro 'is like' fedora when picking path to
libexecdir
- tests: fix "job canceled" issue and improve cleanup for snaps
- cmd/libsnap-confine-private: add debug build of libsnap-confine-
private.a, link it into snap-confine-debug
- vendor: remove x/sys/unix to fix builds on arm64 and powerpc
- image: let consume snapcraft export-login files from tooling
- interfaces/mir: allow Wayland socket and non-root sockets
- interfaces/builtin: use snap.{Plug,Slot}Info over
interfaces.{Plug,Slot}
- tests: add simple snap-mgmt test
- wrappers: autogenerate After/Before in systemd's service files for
apps
- snap: add usage hints in `snap download`
- snap: provide more meaningful errors for installMany and friends
- cmd/snap: show header/footer when `snap find` is used without
arguments
- overlord/snapstate: for Enable's tasks refer to the first task
with snap-setup, do not duplicate
- tests: add hard-coded fully expired macaroons to run related tests
- cmd/snap-update-ns: new test features
- cmd/snap-update-ns: we don't want to bind mount symlinks
- interfaces/mount: test OptsToCommonFlags, filter out x-snapd.
options
- cmd/snap-update-ns: untangle upcoming cyclic initialization
- client, daemon: update user's email when logging in with new
account
- tests: ensure snap-confine apparmor profile is parsable
- snap: do not leak internal errors on install/refresh etc
- snap: fix missing error check when multiple snaps are refreshed
- spread: trying to re-enable tests on Fedora
- snap: fix gadget.yaml parsing for multi volume gadgets
- snap: give the snap.Container interface a Walk method
- snap: rename `snap advise-command` to `snap advise-snap --command`
- overlord/snapstate: no refresh just for hints if there was a
recent regular full refresh
- progress: switch ansimeter's Spin() to use a spinner
- snap: support `command-not-found` symlink for `snap advise-
command`
- daemon: store email, ID and macaroon when creating a new user
- snap: app startup after/before validation
- timeutil: refresh timer take 2
- store, daemon/api: Rename MyAppsServer, point to
dashboard.snapcraft.io instead
- tests: use "quiet" helper instead of "dnf -q" to get errors on
failures
- cmd/snap-update-ns: improve mocking for tests
- many: implement the advisor backend, populate it from the store
- tests: make less calls to the package manager
- tests/main/confinement-classic: enable the test on Fedora
- snap: do not leak internal network errors to the user
- snap: use stdout instead of stderr for "fetching" message
- tests: fix test whoami, share successful_login.exp
- many: refresh with appropriate creds
- snap: add new `snap advice-command` skeleton
- tests: add test that ensures we never parse versions as numbers
- overlord/snapstate: override Snapstate.UserID in refresh if the
installing user is gone
- interfaces: allow socket "shutdown" syscall in default profile
- snap: print friendly message if `snap keys` is empty
- cmd/snap-update-ns: add execWritableMimic
- snap: make `snap info invalid-snap` output more user friendly
- cmd/snap, tests/main/classic-confinement: fix snap-exec path when
running under classic confinement
- overlord/ifacestate: fix disable/enable cycle to setup security
- snap: fix snap find " " output
- daemon: add new polkit action to manage interfaces
- packaging/arch: disable services when removing
- asserts/signtool: support for building tools on top that fill-
in/compute some headers
- cmd: clarify "This leaves %s tracking %s." message
- daemon: return "bad-query" error kind for store.ErrBadQuery
- taskrunner/many: KnownTaskKinds helper
- tests/main/interfaces-fuse_support: fix confinement, allow
unmount, fix spread tests
- snap: use the -no-fragments mksquashfs option
- data/selinux: allow messages from policykit
- tests: fix catalog-update wait loop
- tests/lib/prepare-restore: disable rate limiting in journald
- tests: change interfaces-fuse_support to be debug friendly
- tests/main/postrm-purge: stop snapd before purge
- This is an example of test log:https://paste.ubuntu.com/26215170/
- tests/main/interfaces-fuse_support: dump more debugging
information
- interfaces/dbus: adjust slot policy for listen, accept and accept4
syscalls
- tests: save the snapd-state without compression
- tests/main/searching: handle changes in featured snaps list
- overlord/snapstate: fix auto-refresh summary for 2 snaps
- overlord/auth,daemon: introduce an explicit auth.ErrInvalidUser
- interfaces: add /proc/partitions to system-observe (This addresses
LP#1708527.)
- tests/lib: introduce helpers for setting up /dev/random using
/dev/urandom in project prepare
- tests: new test for interface network status
- interfaces: interfaces: also add an app/hook-specific udev RUN
rule for hotplugging
- tests: fix external backend for tests that need DEBUG output
- tests: do not disable refresh timer on external backend
- client: send all snap related bool json fields
- interfaces/desktop,unity7: allow status/activate/lock of
screensavers
- tests/main: source mkpinentry.sh
- tests: fix security-device-cgroups-serial-port test for rpi and db
- cmd/snap-mgmt: add more directories for cleanup and refactor
purge() code
- snap: YAML and data structures for app before/after ordering
- tests: set TRUST_TEST_KEYS=false for all the external backends
- packaging/arch: install snap-mgmt tool
- tests: add support on tests for cm3 gadget
- interfaces/removable-media: also allow 'k' (lock)
- interfaces: use ConnectedPlug/ConnectedSlot types (step 2)
- interfaces: rename sanitize methods
- devicestate: fix misbehaving test when using systemd-resolved
- interfaces: added Ref() helpers, restored more detailed error
message on spi iface
- debian: make "gnupg" a recommends
- interfaces/many: misc updates for default, browser-support,
opengl, desktop, unity7, x11
- interfaces: PlugInfo/SlotInfo/ConnectedPlug/ConnectedSlot
attribute helpers
- interfaces: update fixme comments
- tests: make interfaces-snapd-control-with-manage more robust
- userd: generalize dbusInterface
- interfaces: use ConnectedPlug/ConnectedSlot types (step 1)
- hookstate: add compat "configure-snapd" task.
- config, overlord/snapstate, timeutil: rename ParseSchedule to
ParseLegacySchedule
- tests: adding tests for time*-control interfaces
- tests: new test to check interfaces after reboot the system
- cmd/snap-mgmt: fixes
- packaging/opensuse-42.2: package and use snap-mgmt
- corecfg: also "mask" services when disabling them
- cmd/snap-mgmt: introduce snap-mgmt tool
- configstate: simplify ConfigManager
- interfaces: add gpio-memory-control interface
- cmd: disable check-syntax-c
- packaging/arch: add bash-completion as optional dependency
- corecfg: rename package to overlord/configstate/configcore
- wrappers: fix unit tests to use dirs.SnapMountDir
- osutil/sys: reimplement getuid and chown with the right int type
- interfaces-netlink-connector: fix sourcing snaps.sh
-- Michael Vogt <email address hidden> Fri, 09 Mar 2018 11:11:31 +0100
-
snapd (2.31.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1745217
- tests: multiple autopkgtest related fixes for 18.04
- overlord/snapstate: use spread in the default refresh schedule
- timeutil: fix scheduling on nth weekday of the month
- interfaces: miscellaneous policy updates for home, opengl, time-
control, network, et al
- cmd/snap: use proper help strings for `snap userd --help`
- interfaces/time-control,netlink-audit: adjust for util-linux
compiled with libaudit
- rules: do not static link on powerpc
- packaging: revert LDFLAGS rewrite again after building snap-
seccomp
- store: revert PR#4532 and do not display displayname
- daemon: allow `snapctl get` from any uid
- debian, snap: only static link libseccomp in snap-seccomp on
ubuntu
- daemon: improve ucrednet code for the snap.socket
snapd (2.31) xenial; urgency=medium
* New upstream release, LP: #1745217
- cmd/snap-confine: allow snap-update-ns to chown things
- cmd/snap-confine: fix read-only filesystem when mounting nvidia
files in biarch
- packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
packaging
- advisor: ensure commands.db has mode 0644 and add test
- interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
- snap: improve validation of snap layoutsRules for validating
layouts:
- snap: fix command-not-found on core devices
- cmd/snap: display snap license information
- tests: enable content sharing test for $SNAP
- userd: add support for a simple UI that can be used from userd
- snap-confine/nvidia: Support legacy biarch trees for GLVND systems
- tests: generic detection of gadget and kernel snaps
- cmd/snap-update-ns: refactor and improve Change.Perform to handle
EROFS
- cmd/snap: improve output when snaps were found in a section or the
section is invalid
- cmd/snap-confine,tests: hide message about stale base snap
- cmd/snap-mgmt: fix out of source tree build
- strutil/quantity: new package that exports formatFoo (from
progress)
- cmd/snap: snap refresh --time with new and legacy schedules
- state: unknown tasks handler
- cmd/snap-confine,data/systemd: fix removal of snaps inside LXD
- snap: add io.snapcraft.Settings to `snap userd`
- spread: remove more EOLed releases
- snap: tidy up top-level help output
- snap: fix race in `snap run --strace`
- tests: update "searching" test to match store changes
- store: use the "publisher" when populating the "publisher" field
- snap: make `snap find --section` show all sections
- tests: new test to validate location control interface
- many: add new `snap refresh --amend <snap>` command
- tests/main/kernel-snap-refresh-on-core: skip the whole test if
edge and stable are the same version
- tests: set test kernel-snap-refresh-on-core to manual
- tests: new spread test for interface gpg-keys
- packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
fix
- interfaces: miscellaneous policy updates
- interfaces/builtin: Replace Solus support with GLVND support
- tests/main/kernel-snap-refresh-on-core: do not fail if edge and
stable kernels are the same version
- snap: add `snap run --strace` to be able to strace snap apps
- tests: new spread test for ssh-keys interface
- errtracker: include detected virtualisation
- tests: add new kernel refresh/revert test for spread-cron
- interfaces/builtin: blacklist zigbee dongle
- cmd/snap-confine: discard stale mount namespaces
- cmd: remove unused execArg0/execEnv
- snap,interfaces/mount: disallow nobody/nogroup
- cmd/snap: improve `snap aliases` output when no aliases are
defined
- tests/lib/snaps/test-snapd-service: refactor service reload
- tests: new spread test for gpg-public-keys interface
- tests: new spread test for ssh-public-keys interface
- spread: setup machine creation on Linode
- interfaces/builtin: allow introspecting UDisks2
- interfaces/builtin: add support for content "source" section
- tests: new spread test for netlink-audit interface
- daemon: avoid panic'ing building an error response w/no snaps
given
- interfaces/mount,snap: early support for snap layouts
- daemon: unlock state even if RefreshSchedule() fails
- arch: add "armv8l" to ubuntuArchFromKernelArch table
- tests: fix for test interface-netlink-connector
- data/dbus: add AssumedAppArmorLabel=unconfined
- advisor: use forked bolt to make it work on ppc
- overlord/snapstate: record the 'kind' of conflicting change
- dirs: fix snap mount dir on Manjaro
- overlord/{snapstate,configstate}, daemon: introduce refresh.timer,
fallback to refresh.schedule
- config: add support for `snap set core proxy.no_proxy=...`
- snap-mgmt: extend spread tests, stop, disable and cleanup snap
services
- spread.yaml: add fedora 27
- cmd/snap-confine: allow snap-update-ns to poke writable holes in
$SNAP
- packaging/14.04: move linux-generic-lts-xenial to recommends
- osutil/sys: ppc has 32-bit getuid already
- snapstate: make no autorefresh message clearer
- spread: try to enable Fedora once more
- overlord/snapstate: do a minimal sanity check on containers
- configcore: ensure config.txt has a final newline
- cmd/libsnap-confine-private: print failed mount/umount regardless
of SNAP_CONFINE_DEBUG
- debian/tests: add missing autopkgtest test dependencies for debian
- image: port ini handling to goconfigparser
- tests/main/snap-service-after-before: add test for after/before
service ordering
- tests: enabling opensuse for tests
- tests: update auto-refresh-private to match messages from current
master
- dirs: check if distro 'is like' fedora when picking path to
libexecdir
- tests: fix "job canceled" issue and improve cleanup for snaps
- cmd/libsnap-confine-private: add debug build of libsnap-confine-
private.a, link it into snap-confine-debug
- vendor: remove x/sys/unix to fix builds on arm64 and powerpc
- image: let consume snapcraft export-login files from tooling
- interfaces/mir: allow Wayland socket and non-root sockets
- interfaces/builtin: use snap.{Plug,Slot}Info over
interfaces.{Plug,Slot}
- tests: add simple snap-mgmt test
- wrappers: autogenerate After/Before in systemd's service files for
apps
- snap: add usage hints in `snap download`
- snap: provide more meaningful errors for installMany and friends
- cmd/snap: show header/footer when `snap find` is used without
arguments
- overlord/snapstate: for Enable's tasks refer to the first task
with snap-setup, do not duplicate
- tests: add hard-coded fully expired macaroons to run related tests
- cmd/snap-update-ns: new test features
- cmd/snap-update-ns: we don't want to bind mount symlinks
- interfaces/mount: test OptsToCommonFlags, filter out x-snapd.
options
- cmd/snap-update-ns: untangle upcoming cyclic initialization
- client, daemon: update user's email when logging in with new
account
- tests: ensure snap-confine apparmor profile is parsable
- snap: do not leak internal errors on install/refresh etc
- snap: fix missing error check when multiple snaps are refreshed
- spread: trying to re-enable tests on Fedora
- snap: fix gadget.yaml parsing for multi volume gadgets
- snap: give the snap.Container interface a Walk method
- snap: rename `snap advise-command` to `snap advise-snap --command`
- overlord/snapstate: no refresh just for hints if there was a
recent regular full refresh
- progress: switch ansimeter's Spin() to use a spinner
- snap: support `command-not-found` symlink for `snap advise-
command`
- daemon: store email, ID and macaroon when creating a new user
- snap: app startup after/before validation
- timeutil: refresh timer take 2
- store, daemon/api: Rename MyAppsServer, point to
dashboard.snapcraft.io instead
- tests: use "quiet" helper instead of "dnf -q" to get errors on
failures
- cmd/snap-update-ns: improve mocking for tests
- many: implement the advisor backend, populate it from the store
- tests: make less calls to the package manager
- tests/main/confinement-classic: enable the test on Fedora
- snap: do not leak internal network errors to the user
- snap: use stdout instead of stderr for "fetching" message
- tests: fix test whoami, share successful_login.exp
- many: refresh with appropriate creds
- snap: add new `snap advice-command` skeleton
- tests: add test that ensures we never parse versions as numbers
- overlord/snapstate: override Snapstate.UserID in refresh if the
installing user is gone
- interfaces: allow socket "shutdown" syscall in default profile
- snap: print friendly message if `snap keys` is empty
- cmd/snap-update-ns: add execWritableMimic
- snap: make `snap info invalid-snap` output more user friendly
- cmd/snap, tests/main/classic-confinement: fix snap-exec path when
running under classic confinement
- overlord/ifacestate: fix disable/enable cycle to setup security
- snap: fix snap find " " output
- daemon: add new polkit action to manage interfaces
- packaging/arch: disable services when removing
- asserts/signtool: support for building tools on top that fill-
in/compute some headers
- cmd: clarify "This leaves %s tracking %s." message
- daemon: return "bad-query" error kind for store.ErrBadQuery
- taskrunner/many: KnownTaskKinds helper
- tests/main/interfaces-fuse_support: fix confinement, allow
unmount, fix spread tests
- snap: use the -no-fragments mksquashfs option
- data/selinux: allow messages from policykit
- tests: fix catalog-update wait loop
- tests/lib/prepare-restore: disable rate limiting in journald
- tests: change interfaces-fuse_support to be debug friendly
- tests/main/postrm-purge: stop snapd before purge
- This is an example of test log:https://paste.ubuntu.com/26215170/
- tests/main/interfaces-fuse_support: dump more debugging
information
- interfaces/dbus: adjust slot policy for listen, accept and accept4
syscalls
- tests: save the snapd-state without compression
- tests/main/searching: handle changes in featured snaps list
- overlord/snapstate: fix auto-refresh summary for 2 snaps
- overlord/auth,daemon: introduce an explicit auth.ErrInvalidUser
- interfaces: add /proc/partitions to system-observe (This addresses
LP#1708527.)
- tests/lib: introduce helpers for setting up /dev/random using
/dev/urandom in project prepare
- tests: new test for interface network status
- interfaces: interfaces: also add an app/hook-specific udev RUN
rule for hotplugging
- tests: fix external backend for tests that need DEBUG output
- tests: do not disable refresh timer on external backend
- client: send all snap related bool json fields
- interfaces/desktop,unity7: allow status/activate/lock of
screensavers
- tests/main: source mkpinentry.sh
- tests: fix security-device-cgroups-serial-port test for rpi and db
- cmd/snap-mgmt: add more directories for cleanup and refactor
purge() code
- snap: YAML and data structures for app before/after ordering
- tests: set TRUST_TEST_KEYS=false for all the external backends
- packaging/arch: install snap-mgmt tool
- tests: add support on tests for cm3 gadget
- interfaces/removable-media: also allow 'k' (lock)
- interfaces: use ConnectedPlug/ConnectedSlot types (step 2)
- interfaces: rename sanitize methods
- devicestate: fix misbehaving test when using systemd-resolved
- interfaces: added Ref() helpers, restored more detailed error
message on spi iface
- debian: make "gnupg" a recommends
- interfaces/many: misc updates for default, browser-support,
opengl, desktop, unity7, x11
- interfaces: PlugInfo/SlotInfo/ConnectedPlug/ConnectedSlot
attribute helpers
- interfaces: update fixme comments
- tests: make interfaces-snapd-control-with-manage more robust
- userd: generalize dbusInterface
- interfaces: use ConnectedPlug/ConnectedSlot types (step 1)
- hookstate: add compat "configure-snapd" task.
- config, overlord/snapstate, timeutil: rename ParseSchedule to
ParseLegacySchedule
- tests: adding tests for time*-control interfaces
- tests: new test to check interfaces after reboot the system
- cmd/snap-mgmt: fixes
- packaging/opensuse-42.2: package and use snap-mgmt
- corecfg: also "mask" services when disabling them
- cmd/snap-mgmt: introduce snap-mgmt tool
- configstate: simplify ConfigManager
- interfaces: add gpio-memory-control interface
- cmd: disable check-syntax-c
- packaging/arch: add bash-completion as optional dependency
- corecfg: rename package to overlord/configstate/configcore
- wrappers: fix unit tests to use dirs.SnapMountDir
- osutil/sys: reimplement getuid and chown with the right int type
- interfaces-netlink-connector: fix sourcing snaps.sh
-- Michael Vogt <email address hidden> Tue, 20 Feb 2018 17:27:42 +0100
-
snapd (2.31.1~pre8+18.04) bionic; urgency=medium
* New upstream release, LP: #1745217
- do not run the upgrade test in autopkgtest
-- Michael Vogt <email address hidden> Tue, 20 Feb 2018 10:12:20 +0100
-
snapd (2.31.1~pre7+18.04) bionic; urgency=medium
* New upstream release, LP: #1745217
- fix s390x exclude in alsa test
-- Michael Vogt <email address hidden> Tue, 20 Feb 2018 07:21:19 +0100
-
snapd (2.31.1~pre6+18.04) bionic; urgency=medium
* New upstream release, LP: #1745217
- fix also exclude
-- Michael Vogt <email address hidden> Mon, 19 Feb 2018 21:29:58 +0100
-
snapd (2.31.1~pre5+18.04) bionic; urgency=medium
* New upstream release, LP: #1745217
- skip interfaces-many test in adt until the root cause is found
why it fails there but works in our spread tests
-- Michael Vogt <email address hidden> Mon, 19 Feb 2018 19:45:00 +0100
-
snapd (2.31.1~pre4+18.04) bionic; urgency=medium
* New upstream release, LP: #1745217
- set snap-repair User-Agent on requests
- add extra debugging in autopkgtest to track down test failure
on i386
-- Michael Vogt <email address hidden> Mon, 19 Feb 2018 17:54:17 +0100
-
snapd (2.31.1~pre3+18.04) bionic; urgency=medium
* New upstream release, LP: #1745217
- timeutil: fix scheduling on nth weekday of the month
- interfaces: miscellaneous policy updates for home, opengl, time-
control, network, et al
- cmd/snap: use proper help strings for `snap userd --help`
- interfaces/time-control,netlink-audit: adjust for util-linux
compiled with libaudit
- packaging: revert LDFLAGS rewrite again after building snap-
seccomp
-- Michael Vogt <email address hidden> Fri, 16 Feb 2018 21:28:28 +0100
-
snapd (2.31.1~pre2+18.04) bionic; urgency=medium
* New upstream release, LP: #1745217
- fix FTBFS caused by #cgo LDFLAGS rewrite
-- Michael Vogt <email address hidden> Thu, 15 Feb 2018 09:28:39 +0100
-
snapd (2.31.1~pre1+18.04) bionic; urgency=medium
* New upstream release, LP: #1745217
- store: revert PR#4532 and do not display displayname
- tests: fix spread test failures on 18.04
- daemon: allow `snapctl get` from any uid
- debian, snap: only static link libseccomp in snap-seccomp on
ubuntu
- devicestate: fix autopkgtest failure in
TestDoRequestSerialErrorsOnNoHost
- daemon: improve ucrednet code for the snap.socket
- spread: add missing ubuntu-18.04-arm64 to available autopkgtest
machines
-- Michael Vogt <email address hidden> Thu, 15 Feb 2018 09:05:28 +0100
-
snapd (2.31+18.04) bionic; urgency=medium
* New upstream release, LP: #1745217
- cmd/snap-confine: allow snap-update-ns to chown things
- cmd/snap-confine: fix read-only filesystem when mounting nvidia
files in biarch
- packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
packaging
- advisor: ensure commands.db has mode 0644 and add test
- interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
- snap: improve validation of snap layoutsRules for validating
layouts:
- snap: fix command-not-found on core devices
- cmd/snap: display snap license information
- tests: enable content sharing test for $SNAP
- userd: add support for a simple UI that can be used from userd
- snap-confine/nvidia: Support legacy biarch trees for GLVND systems
- tests: generic detection of gadget and kernel snaps
- cmd/snap-update-ns: refactor and improve Change.Perform to handle
EROFS
- cmd/snap: improve output when snaps were found in a section or the
section is invalid
- cmd/snap-confine,tests: hide message about stale base snap
- cmd/snap-mgmt: fix out of source tree build
- strutil/quantity: new package that exports formatFoo (from
progress)
- cmd/snap: snap refresh --time with new and legacy schedules
- state: unknown tasks handler
- cmd/snap-confine,data/systemd: fix removal of snaps inside LXD
- snap: add io.snapcraft.Settings to `snap userd`
- spread: remove more EOLed releases
- snap: tidy up top-level help output
- snap: fix race in `snap run --strace`
- tests: update "searching" test to match store changes
- store: use the "publisher" when populating the "publisher" field
- snap: make `snap find --section` show all sections
- tests: new test to validate location control interface
- many: add new `snap refresh --amend <snap>` command
- tests/main/kernel-snap-refresh-on-core: skip the whole test if
edge and stable are the same version
- tests: set test kernel-snap-refresh-on-core to manual
- tests: new spread test for interface gpg-keys
- packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
fix
- interfaces: miscellaneous policy updates
- interfaces/builtin: Replace Solus support with GLVND support
- tests/main/kernel-snap-refresh-on-core: do not fail if edge and
stable kernels are the same version
- snap: add `snap run --strace` to be able to strace snap apps
- tests: new spread test for ssh-keys interface
- errtracker: include detected virtualisation
- tests: add new kernel refresh/revert test for spread-cron
- interfaces/builtin: blacklist zigbee dongle
- cmd/snap-confine: discard stale mount namespaces
- cmd: remove unused execArg0/execEnv
- snap,interfaces/mount: disallow nobody/nogroup
- cmd/snap: improve `snap aliases` output when no aliases are
defined
- tests/lib/snaps/test-snapd-service: refactor service reload
- tests: new spread test for gpg-public-keys interface
- tests: new spread test for ssh-public-keys interface
- spread: setup machine creation on Linode
- interfaces/builtin: allow introspecting UDisks2
- interfaces/builtin: add support for content "source" section
- tests: new spread test for netlink-audit interface
- daemon: avoid panic'ing building an error response w/no snaps
given
- interfaces/mount,snap: early support for snap layouts
- daemon: unlock state even if RefreshSchedule() fails
- arch: add "armv8l" to ubuntuArchFromKernelArch table
- tests: fix for test interface-netlink-connector
- data/dbus: add AssumedAppArmorLabel=unconfined
- advisor: use forked bolt to make it work on ppc
- overlord/snapstate: record the 'kind' of conflicting change
- dirs: fix snap mount dir on Manjaro
- overlord/{snapstate,configstate}, daemon: introduce refresh.timer,
fallback to refresh.schedule
- config: add support for `snap set core proxy.no_proxy=...`
- snap-mgmt: extend spread tests, stop, disable and cleanup snap
services
- spread.yaml: add fedora 27
- cmd/snap-confine: allow snap-update-ns to poke writable holes in
$SNAP
- packaging/14.04: move linux-generic-lts-xenial to recommends
- osutil/sys: ppc has 32-bit getuid already
- snapstate: make no autorefresh message clearer
- spread: try to enable Fedora once more
- overlord/snapstate: do a minimal sanity check on containers
- configcore: ensure config.txt has a final newline
- cmd/libsnap-confine-private: print failed mount/umount regardless
of SNAP_CONFINE_DEBUG
- debian/tests: add missing autopkgtest test dependencies for debian
- image: port ini handling to goconfigparser
- tests/main/snap-service-after-before: add test for after/before
service ordering
- tests: enabling opensuse for tests
- tests: update auto-refresh-private to match messages from current
master
- dirs: check if distro 'is like' fedora when picking path to
libexecdir
- tests: fix "job canceled" issue and improve cleanup for snaps
- cmd/libsnap-confine-private: add debug build of libsnap-confine-
private.a, link it into snap-confine-debug
- vendor: remove x/sys/unix to fix builds on arm64 and powerpc
- image: let consume snapcraft export-login files from tooling
- interfaces/mir: allow Wayland socket and non-root sockets
- interfaces/builtin: use snap.{Plug,Slot}Info over
interfaces.{Plug,Slot}
- tests: add simple snap-mgmt test
- wrappers: autogenerate After/Before in systemd's service files for
apps
- snap: add usage hints in `snap download`
- snap: provide more meaningful errors for installMany and friends
- cmd/snap: show header/footer when `snap find` is used without
arguments
- overlord/snapstate: for Enable's tasks refer to the first task
with snap-setup, do not duplicate
- tests: add hard-coded fully expired macaroons to run related tests
- cmd/snap-update-ns: new test features
- cmd/snap-update-ns: we don't want to bind mount symlinks
- interfaces/mount: test OptsToCommonFlags, filter out x-snapd.
options
- cmd/snap-update-ns: untangle upcoming cyclic initialization
- client, daemon: update user's email when logging in with new
account
- tests: ensure snap-confine apparmor profile is parsable
- snap: do not leak internal errors on install/refresh etc
- snap: fix missing error check when multiple snaps are refreshed
- spread: trying to re-enable tests on Fedora
- snap: fix gadget.yaml parsing for multi volume gadgets
- snap: give the snap.Container interface a Walk method
- snap: rename `snap advise-command` to `snap advise-snap --command`
- overlord/snapstate: no refresh just for hints if there was a
recent regular full refresh
- progress: switch ansimeter's Spin() to use a spinner
- snap: support `command-not-found` symlink for `snap advise-
command`
- daemon: store email, ID and macaroon when creating a new user
- snap: app startup after/before validation
- timeutil: refresh timer take 2
- store, daemon/api: Rename MyAppsServer, point to
dashboard.snapcraft.io instead
- tests: use "quiet" helper instead of "dnf -q" to get errors on
failures
- cmd/snap-update-ns: improve mocking for tests
- many: implement the advisor backend, populate it from the store
- tests: make less calls to the package manager
- tests/main/confinement-classic: enable the test on Fedora
- snap: do not leak internal network errors to the user
- snap: use stdout instead of stderr for "fetching" message
- tests: fix test whoami, share successful_login.exp
- many: refresh with appropriate creds
- snap: add new `snap advice-command` skeleton
- tests: add test that ensures we never parse versions as numbers
- overlord/snapstate: override Snapstate.UserID in refresh if the
installing user is gone
- interfaces: allow socket "shutdown" syscall in default profile
- snap: print friendly message if `snap keys` is empty
- cmd/snap-update-ns: add execWritableMimic
- snap: make `snap info invalid-snap` output more user friendly
- cmd/snap, tests/main/classic-confinement: fix snap-exec path when
running under classic confinement
- overlord/ifacestate: fix disable/enable cycle to setup security
- snap: fix snap find " " output
- daemon: add new polkit action to manage interfaces
- packaging/arch: disable services when removing
- asserts/signtool: support for building tools on top that fill-
in/compute some headers
- cmd: clarify "This leaves %s tracking %s." message
- daemon: return "bad-query" error kind for store.ErrBadQuery
- taskrunner/many: KnownTaskKinds helper
- tests/main/interfaces-fuse_support: fix confinement, allow
unmount, fix spread tests
- snap: use the -no-fragments mksquashfs option
- data/selinux: allow messages from policykit
- tests: fix catalog-update wait loop
- tests/lib/prepare-restore: disable rate limiting in journald
- tests: change interfaces-fuse_support to be debug friendly
- tests/main/postrm-purge: stop snapd before purge
- This is an example of test log:https://paste.ubuntu.com/26215170/
- tests/main/interfaces-fuse_support: dump more debugging
information
- interfaces/dbus: adjust slot policy for listen, accept and accept4
syscalls
- tests: save the snapd-state without compression
- tests/main/searching: handle changes in featured snaps list
- overlord/snapstate: fix auto-refresh summary for 2 snaps
- overlord/auth,daemon: introduce an explicit auth.ErrInvalidUser
- interfaces: add /proc/partitions to system-observe (This addresses
LP#1708527.)
- tests/lib: introduce helpers for setting up /dev/random using
/dev/urandom in project prepare
- tests: new test for interface network status
- interfaces: interfaces: also add an app/hook-specific udev RUN
rule for hotplugging
- tests: fix external backend for tests that need DEBUG output
- tests: do not disable refresh timer on external backend
- client: send all snap related bool json fields
- interfaces/desktop,unity7: allow status/activate/lock of
screensavers
- tests/main: source mkpinentry.sh
- tests: fix security-device-cgroups-serial-port test for rpi and db
- cmd/snap-mgmt: add more directories for cleanup and refactor
purge() code
- snap: YAML and data structures for app before/after ordering
- tests: set TRUST_TEST_KEYS=false for all the external backends
- packaging/arch: install snap-mgmt tool
- tests: add support on tests for cm3 gadget
- interfaces/removable-media: also allow 'k' (lock)
- interfaces: use ConnectedPlug/ConnectedSlot types (step 2)
- interfaces: rename sanitize methods
- devicestate: fix misbehaving test when using systemd-resolved
- interfaces: added Ref() helpers, restored more detailed error
message on spi iface
- debian: make "gnupg" a recommends
- interfaces/many: misc updates for default, browser-support,
opengl, desktop, unity7, x11
- interfaces: PlugInfo/SlotInfo/ConnectedPlug/ConnectedSlot
attribute helpers
- interfaces: update fixme comments
- tests: make interfaces-snapd-control-with-manage more robust
- userd: generalize dbusInterface
- interfaces: use ConnectedPlug/ConnectedSlot types (step 1)
- hookstate: add compat "configure-snapd" task.
- config, overlord/snapstate, timeutil: rename ParseSchedule to
ParseLegacySchedule
- tests: adding tests for time*-control interfaces
- tests: new test to check interfaces after reboot the system
- cmd/snap-mgmt: fixes
- packaging/opensuse-42.2: package and use snap-mgmt
- corecfg: also "mask" services when disabling them
- cmd/snap-mgmt: introduce snap-mgmt tool
- configstate: simplify ConfigManager
- interfaces: add gpio-memory-control interface
- cmd: disable check-syntax-c
- packaging/arch: add bash-completion as optional dependency
- corecfg: rename package to overlord/configstate/configcore
- wrappers: fix unit tests to use dirs.SnapMountDir
- osutil/sys: reimplement getuid and chown with the right int type
- interfaces-netlink-connector: fix sourcing snaps.sh
-- Michael Vogt <email address hidden> Tue, 06 Feb 2018 09:43:22 +0100
-
snapd (2.30+18.04) bionic; urgency=medium
* New upstream release, LP: #1735344
- tests: set TRUST_TEST_KEYS=false for all the external backends
- tests: fix external backend for tests that need DEBUG output
- tests: do not disable refresh timer on external backend
- client: send all snap related bool json fields
- interfaces: interfaces: also add an app/hook-specific udev RUN
rule for hotplugging
- interfaces/desktop,unity7: allow status/activate/lock of
screensavers
- tests/main: source mkpinentry.sh
- devicestate: use a different nowhere domain
- interfaces: add ssh-keys, ssh-public-keys, gpg-keys and gpg-public
keys interfaces
- interfaces/many: misc updates for default, browser-support, opengl,
desktop, unity7, x11
- devicestate: fix misbehaving test when using systemd-resolved
- interfaces/removable-media: also allow 'k' (lock)
- interfaces/many: misc updates for default, browser-support,
opengl, desktop, unity7, x11
- corecfg: also "mask" services when disabling them
- tests: add support for autopkgtests on s390x
- snapstate: support for pre-refresh hook
- many: allow to configure core before it is installed
- devicestate: fix unkeyed fields error
- snap-confine: create mount target for lib32,vulkan on demand
- snapstate: add support for refresh.schedule=managed
- cmd/snap-update-ns: teach update logic to handle synthetic changes
- many: remove configure-snapd task again and handle internally
- snap: fix TestDirAndFileMethods() test to work with gccgo
- debian: ensure /var/lib/snapd/lib/vulkan is available
- cmd/snap-confine: use #include instead of bare include
- snapstate: store userID in snapstate
- snapd.dirs: add var/lib/snapd/lib/gl32
- timeutil, overlod/snapstate: cleanup remaining pieces of timeutil
weekday support
- packaging/arch: install missing directories, manpages and version
info
- snapstate,store: store if a snap is a paid snap in the sideinfo
- packaging/arch: pre-create snapd directories when packaging
- tests/main/manpages: set LC_ALL=C as man may complain if the
locale is unset or unsupported
- repo: ConnectedPlug and ConnectedSlot types
- snapd: fix handling of undo in the taskrunner
- store: fix download caching and add integration test
- snapstate: move autorefresh code into autoRefresh helper
- snapctl: don't error out on start/stop/restart from configure hook
during install or refresh
- cmd/snap-update-ns: add planWritableMimic
- deamon: don't omit responses, even if null
- tests: add test for frame buffer interface
- tests/lib: fix shellcheck errors
- apparmor: generate the snap-confine re-exec profile for
AppArmor{Partial,Full}
- tests: remove obsolete workaround
- snap: use existing files in `snap download` if digest/size matches
- tests: merge pepare-project.sh into prepare-restore.sh
- tests: cache snaps to $TESTSLIB/cache
- tests: set -e, -o pipefail in prepare-restore.sh
- apparmor: generate the snap-confine re-exec profile for
AppArmor{Partial,Full}
- cmd/snap-seccomp: fix uid/gid restrictions tests on Arch
- tests: document and slightly refactor prepare/restore code
- snapstate: ensure RefreshSchedule() gives accurate results
- snapstate: add new refresh-hints helper and use it
- spread.yaml,tests: move most of project-wide prepare/restore to
separate file
- timeutil: introduce helpers for weekdays and TimeOfDay
- tests: adding new test for uhid interface
- cmd/libsnap: fix parsing of empty mountinfo fields
- overlord/devicestate: best effort to go to early full retries for
registration on the like of DNS no host
- spread.yaml: bump delta ref to 2.29
- tests: adding test to test physical memory observe interface
- cmd, errtracker: get rid of SNAP_DID_REEXEC environment
- timeutil: remove support to parse weekday schedules
- snap-confine: add workaround for snap-confine on 4.13/upstream
- store: do not log the http body for catalog updates
- snapstate: move catalogRefresh into its own helper
- spread.yaml: fix shellcheck issues and trivial refactor
- spread.yaml: move prepare-each closer to restore-each
- spread.yaml: increase workers for opensuse to 3
- tests: force delete when tests are restore to avoid suite failure
- test: ignore /snap/README
- interfaces/opengl: also allow read on 'revision' in
/sys/devices/pci...
- interfaces/screen-inhibit-control: fix case in screen inhibit
control
- asserts/sysdb: panic early if pointed to staging but staging keys
are not compiled-in
- interfaces: allow /bin/chown and fchownat to root:root
- timeutil: include test input in error message in
TestParseSchedule()
- interfaces/browser-support: adjust base declaration for auto-
connection
- snap-confine: fix snap-confine under lxd
- store: bit less aggressive retry strategy
- tests: add new `fakestore new-snap-{declaration,revision}` helpers
- cmd/snap-update-ns: add secureMkfileAll
- snap: use field names when initializing composite literals
- HACKING: fix path in snap install
- store: add support for flags in ListRefresh()
- interfaces: remove invalid plugs/slots from SnapInfo on
sanitization.
- debian: add missing udev dependency
- snap/validate: extend socket validation tests
- interfaces: add "refresh-schedule" attribute to snapd-control
- interfaces/builtin/account_control: use gid owning /etc/shadow to
setup seccomp rules
- cmd/snap-update-ns: tweak changePerform
- interfaces,tests: skip unknown plug/slot interfaces
- tests: disable interfaces-network-control-tuntap
- cmd: use a preinit_array function rather than parsing
/proc/self/cmdline
- interfaces/time*_control: explicitly deny noisy read on
/proc/1/environ
- cmd/snap-update-ns: misc cleanups
- snapd: allow hooks to have slots
- fakestore: add go-flags to prepare for `new-snap-declaration` cmd
- interfaces/browser-support: add shm path for nwjs
- many: add magic /snap/README file
- overlord/snapstate: support completion for command aliases
- tests: re-enable tun/tap test on Debian
- snap,wrappers: add support for socket activation
- repo: use PlugInfo and SlotInfo for permanent plugs/slots
- tests/interfaces-network-control-tuntap: disable on debian-
unstable for now
- cmd/snap-confine: Loosen the NVIDIA Vulkan ICD glob
- cmd/snap-update-ns: detect and report read-only filesystems
- cmd/snap-update-ns: re-factor secureMkdirAll into
secureMk{Prefix,Dir}
- run-checks, tests/lib/snaps/: shellcheck fixes
- corecfg: validate refresh.schedule when it is applied
- tests: adjust test to match stderr
- snapd: fix snap cookie bugs
- packaging/arch: do not quote MAKEFLAGS
- state: add change.LaneTasks helper
- cmd/snap-update-ns: do not assume 'nogroup' exists
- tests/lib: handle distro specific grub-editenv naming
- cmd/snap-confine: Add missing bi-arch NVIDIA filesthe
`/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl/vdpau` paths within
- cmd: Support exposing NVIDIA Vulkan ICD files to the snaps
- cmd/snap-confine: Implement full 32-bit NVIDIA driver support
- packaging/arch: packaging update
- cmd/snap-confine: Support bash as base runtime entry
- wrappers: do not error on incorrect Exec= lines
- interfaces: fix udev tagging for hooks
- tests/set-proxy-store: exclude ubuntu-core-16 via systems: key
- tests: new tests for network setup control and observe interfaces
- osutil: add helper for obtaining group ID of given file path
- daemon,overlord/snapstate: return snap-not-installed error in more
cases
- interfaces/builtin/lxd_support: allow discovering of host's os-
release
- configstate: add support for configure-snapd for
snapstate.IgnoreHookError
- tests: add a spread test for proxy.store setting together with
store assertion
- cmd/snap-seccomp: do not use group 'shadow' in tests
- asserts/assertstest: fix use of hardcoded value when the passed
or default keys should be used
- interfaces/many: misc policy updates for browser-support, cups-
control and network-status
- tests: fix xdg-open-compat
- daemon: for /v2/logs, 404 when no services are found
- packaging/fedora: Merge changes from Fedora Dist-Git
- cmd/snap-update-ns: add new helpers for mount entries
- cmd/snap-confine: Respect biarch nature of libdirs
- cmd/snap-confine: Ensure snap-confine is allowed to access os-
release
- cmd: fix re-exec bug with classic confinement for host snapd <
2.28
- interfaces/kmod: simplify loadModules now that errors are ignored
- tests: disable xdg-open-compat test
- tests: add test that checks core reverts on core devices
- dirs: use alt root when checking classic confinement support
without …
- interfaces/kmod: treat failure to load module as non-fatal
- cmd/snap-update-ns: fix golint and some stale comments
- corecfg: support setting proxy.store if there's a matching store
assertion
- overlord/snapstate: toggle ignore-validation as needed as we do
for channel
- tests: fix security-device-cgroup* tests on devices with
framebuffer
- interfaces/raw-usb: match on SUBSYSTEM, not SUBSYSTEMS
- interfaces: add USB interface number attribute in udev rule for
serial-port interface
- overlord/devicestate: switch to the new endpoints for registration
- snap-update-ns: add missing unit test for desired/current profile
handling
- cmd/{snap-confine,libsnap-confine-private,snap-shutdown}: cleanup
low-level C bits
- ifacestate: make interfaces.Repository available via state cache
- overlord/snapstate: cleanups around switch-snap*
- cmd/snapd,client,daemon: display ignore-validation flag through
the notes mechanism
- cmd/snap-update-ns: add logging to snap-update-ns
- many: have a timestamp on store assertions
- many: lookup and use the URL from a store assertion if one is set
for use
- tests/test-snapd-service: fix shellcheck issues
- tests: new test for hardware-random-control interface
- tests: use `snap change --last=install` in snapd-reexec test
- repo, daemon: use PlugInfo, SlotInfo
- many: handle core configuration internally instead of using the
core configure hook
- tests: refactor and expand content interface test
- snap-seccomp: skip in-kernel bpf tests for socket() in trusty/i386
- cmd/snap-update-ns: allow Change.Perform to return changes
- snap-confine: Support biarch Linux distribution confinement
- partition/ubootenv: don't panic when uboot.env is missing the eof
marker
- cmd/snap-update-ns: allow fault injection to provide dynamic
result
- interfaces/mount: exspose mount.{Escape,Unescape}
- snapctl: added long help to stop/start/restart command
- cmd/snap-update-ns: create missing mount points automatically.
- cmd: downgrade log message in InternalToolPath to Debugf()
- tests: wait for service status change & file update in the test to
avoid races
- daemon, store: forward SSO invalid credentials errors as 401
Unauthorized responses
- spdx: fix for WITH syntax, require a license name before the
operator
- many: reorg things in preparation to make handling of the base url
in store dynamic
- hooks/configure: queue service restarts
- cmd/snap: warn when a snap is not from the tracking channel
- interfaces/mount: add support for parsing x-snapd.{mode,uid,gid}=
- cmd/snap-confine: add detection of stale mount namespace
- interfaces: add plugRef/slotRef helpers for PlugInfo/SlotInfo
- tests: check for invalid udev files during all tests
- daemon: use newChange() in changeAliases for consistency
- servicestate: use taskset
- many: add support for /home on NFS
- packaging,spread: fix and re-enable opensuse builds
-- Michael Vogt <email address hidden> Mon, 18 Dec 2017 15:31:04 +0100
-
snapd (2.30-1) unstable; urgency=medium
* New upstream release.
* Remove several patches:
- 0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch: included in
release.
- apparmor-compat.patch, no-reexec-on-debian.patch: Removed as upstream
now implements a better solution to the problem.
- pb.v1-canonical-path.patch: applied upstream.
* Stop installing udev/rules.d/80-snappy-assign.rules, gone upstream
-- Michael Hudson-Doyle <email address hidden> Fri, 05 Jan 2018 09:39:07 +1300
-
snapd (2.29.4.2+18.04) bionic; urgency=medium
* New upstream release, LP: #1726258
- snap-confine: use #include in snap-confine.apparmor.in
-- Michael Vogt <email address hidden> Thu, 30 Nov 2017 17:42:33 +0100
-
snapd (2.29.4.1+18.04) bionic; urgency=medium
* New upstream release, LP: #1726258
- tests: more debug info for classic-ubuntu-core-transition
- packaging: fix typo that causes error in the misspell test
-- Michael Vogt <email address hidden> Tue, 28 Nov 2017 07:45:23 +0100
-
snapd (2.29.4+18.04) bionic; urgency=medium
* New upstream release, LP: #1726258
- snap-confine: fix snap-confine under lxd
- tests: disable classic-ubuntu-core-transition on i386 temporarly
- many: reject bad plugs/slots
- interfaces,tests: skip unknown plug/slot interfaces
- store: enable "base" field from the store
- packaging/fedora: Merge changes from Fedora Dist-Git
-- Michael Vogt <email address hidden> Fri, 17 Nov 2017 22:55:09 +0100
-
snapd (2.29.3+18.04) bionic; urgency=medium
* New upstream release, LP: #1726258
- daemon: cherry-picked /v2/logs fixes
- cmd/snap-confine: Respect biarch nature of libdirs
- cmd/snap-confine: Ensure snap-confine is allowed to access os-
release
- interfaces: fix udev tagging for hooks
- cmd: fix re-exec bug with classic confinement for host snapd
- tests: disable xdg-open-compat test
- cmd/snap-confine: add slave PTYs and let devpts newinstance
perform mediation
- interfaces/many: misc policy updates for browser-support, cups-
control and network-status
- interfaces/raw-usb: match on SUBSYSTEM, not SUBSYSTEMS
- tests: fix security-device-cgroup* tests on devices with
framebuffer
snapd (2.29.2) xenial; urgency=medium
* New upstream release, LP: #1726258
- snapctl: disable stop/start/restart (2.29)
- cmd/snap-update-ns: fix collection of changes made
snapd (2.29.1) xenial; urgency=medium
* New upstream release, LP: #1726258
- interfaces: fix incorrect signature of ofono DBusPermanentSlot
- interfaces/serial-port: udev tag plugged slots that have just
'path' via KERNEL
- interfaces/hidraw: udev tag plugged slots that have just 'path'
via KERNEL
- interfaces/uhid: unconditionally add existing uhid device to the
device cgroup
- cmd/snap-update-ns: fix mount rules for font sharing
- tests: disable refresh-undo test on trusty for now
- tests: use `snap change --last=install` in snapd-reexec test
- Revert " wrappers: fail install if exec-line cannot be re-written
- interfaces: don't udev tag devmode or classic snaps
- many: make ignore-validation sticky and send the flag with refresh
requests
snapd (2.29) xenial; urgency=medium
* New upstream release, LP: #1726258
- interfaces/many: miscellaneous updates based on feedback from the
field
- snap-confine: allow reading uevents from any where in /sys
- spread: add bionic beaver
- debian: make packaging/ubuntu-14.04/copyright a real file again
- tests: cherry pick the fix for services test into 2.29
- cmd/snap-update-ns: initialize logger
- hooks/configure: queue service restarts
- snap-{confine,seccomp}: make @unrestricted fully unrestricted
- interfaces: clean system apparmor cache on core device
- debian: do not build static snap-exec on powerpc
- snap-confine: increase sanity_timeout to 6s
- snapctl: cherry pick service commands changes
- cmd/snap: tell translators about arg names and descs req's
- systemd: run all mount units before snapd.service to avoid race
- store: add a test to show auth failures are forwarded by doRequest
- daemon: convert ErrInvalidCredentials to a 401 Unauthorized error.
- store: forward on INVALID_CREDENTIALS error as
ErrInvalidCredentials
- daemon: generate a forbidden response message if polkit dialog is
dismissed
- daemon: Allow Polkit authorization to cancel changes.
- travis: switch to container based test runs
- interfaces: reduce duplicated code in interface tests mocks
- tests: improve revert related testing
- interfaces: sanitize plugs and slots early in ReadInfo
- store: add download caching
- preserve TMPDIR and HOSTALIASES across snap-confine invocation
- snap-confine: init all arrays with `= {0,}`
- tests: adding test for network-manager interface
- interfaces/mount: don't generate legacy per-hook/per-app mount
profiles
- snap: introduce structured epochs
- tests: fix interfaces-cups-control test for cups-2.2.5
- snap-confine: cleanup incorrectly created nvidia udev tags
- cmd/snap-confine: update valid security tag regexp
- cmd/libsnap: enable two stranded tests
- cmd,packaging: enable apparmor on openSUSE
- overlord/ifacestate: refresh all security backends on startup
- interfaces/dbus: drop unneeded check for
release.ReleaseInfo.ForceDevMode
- dbus: ensure io.snapcraft.Launcher.service is created on re-
exec
- overlord/auth: continue for now supporting UBUNTU_STORE_ID if the
model is generic-classic
- snap-confine: add support for handling /dev/nvidia-modeset
- interfaces/network-control: remove incorrect rules for tun
- spread: allow setting SPREAD_DEBUG_EACH=0 to disable debug-each
section
- packaging: remove .mnt files on removal
- tests: fix econnreset scenario when the iptables rule was not
created
- tests: add test for lxd interface
- run-checks: use nakedret static checker to check for naked
returns on long functions
- progress: be more flexible in testing ansimeter
- interfaces: fix udev rules for tun
- many: implement our own ANSI-escape-using progress indicator
- snap-exec: update tests to follow main_test pattern
- snap: support "command: foo $ENV_STRING"
- packaging: update nvidia configure options
- snap: add new `snap pack` and use in tests
- cmd: correctly name the "Ubuntu" and "Arch" NVIDIA methods
- cmd: add autogen case for solus
- tests: do not use http://canihazip.com/ which appears to be down
- hooks: commands for controlling own services from snapctl
- snap: refactor cmdGet.Execute()
- interfaces/mount: make Change.Perform testable and test it
- interfaces/mount,cmd/snap-update-ns: move change code
- snap-confine: is_running_on_classic_distribution() looks into os-
release
- interfaces: misc updates for default, browser-support, home and
system-observe
- interfaces: deny lttng by default
- interfaces/lxd: lxd slot implementation can also be an app snap
- release,cmd,dirs: Redo the distro checks to take into account
distribution families
- cmd/snap: completion for alias and unalias
- snap-confine: add new SC_CLEANUP and use it
- snap: refrain from running filepath.Base on random strings
- cmd/snap-confine: put processes into freezer hierarchy
- wrappers: fail install if exec-line cannot be re-written
- cmd/snap-seccomp,osutil: make user/group lookup functions public
- snapstate: deal with snap user data in the /root/ directory
- interfaces: Enhance full-confinement support for biarch
distributions
- snap-confine: Only attempt to copy/mount NVIDIA libs when NVIDIA
is used
- packaging/fedora: Add Fedora 26, 27, and Rawhide symlinks
- overlord/snapstate: prefer a smaller corner case for doing the
wrong thing
- cmd/snap-repair: set user agent for snap-repair http requests
- packaging: bring down the delta between 14.04 and 16.04
- snap-confine: Ensure lib64 biarch directory is respected
- snap-confine: update apparmor rules for fedora based base snaps
- tests: Increase SNAPD_CONFIGURE_HOOK_TIMEOUT to 3 minutes to
install real snaps
- daemon: use client.Snap instead of map[string]interface{} for
snaps.
- hooks: rename refresh hook to post-refresh
- git: make the .gitingore file a bit more targeted
- interfaces/opengl: don't udev tag nvidia devices and use snap-
confine instead
- cmd/snap-{confine,update-ns}: apply mount profiles using snap-
update-ns
- cmd: update "make hack"
- interfaces/system-observe: allow clients to enumerate DBus
connection names
- snap-repair: implement `snap-repair {list,show}`
- dirs,interfaces: create snap-confine.d on demand when re-executing
- snap-confine: fix base snaps on core
- cmd/snap-repair: fix tests when running as root
- interfaces: add Connection type
- cmd/snap-repair: skip disabled repairs
- cmd/snap-repair: prefer leaking unmanaged fds on test failure over
closing random ones
- snap-repair: make `repair` binary available for repair scripts
- snap-repair: fix missing Close() in TestStatusHappy
- cmd/snap-confine,packaging: import snapd-generated policy
- cmd/snap: return empty document if snap has no configuration
- snap-seccomp: run secondary-arch tests via gcc-multilib
- snap: implement `snap {repair,repairs}` and pass-through to snap-
repair
- interfaces/builtin: allow receiving dbus messages
- snap-repair: implement `snap-repair {done,skip,retry}`
- data/completion: small tweak to snap completion snippet
- dirs: fix classic support detection
- cmd/snap-repair: integrate root public keys for repairs
- tests: fix ubuntu core services
- tests: add new test that checks that the compat snapd-xdg-open
works
- snap-confine: improve error message if core/u-core cannot be found
- tests: only run tests/regression/nmcli on amd64
- interfaces: mount host system fonts in desktop interface
- interfaces: enable partial apparmor support
- snapstate: auto-install missing base snaps
- spread: work around temporary packaging issue in debian sid
- asserts,cmd/snap-repair: introduce a mandatory summary for repairs
- asserts,cmd/snap-repair: represent RepairID internally as an int
- tests: test the real "xdg-open" from the core snap
- many: implement fetching sections and package names periodically.
- interfaces/network: allow using netcat as client
- snap-seccomp, osutil: use osutil.AtomicFile in snap-seccomp
- snap-seccomp: skip mknod syscall on arm64
- tests: add trivial canonical-livepatch test
- tests: add test that ensures that all core services are working
- many: add logger.MockLogger() and use it in the tests
- snap-repair: fix test failure in TestRepairHitsTimeout
- asserts: add empty values check in HeadersFromPrimaryKey
- daemon: remove unused installSnap var in test
- daemon: reach for Overlord.Loop less thanks to overlord.Mock
- snap-seccomp: manually resolve socket() call in tests
- tests: change regex used to validate installed ubuntu core snap
- cmd/snapctl: allow snapctl -h without a context (regression fix).
- many: use snapcore/snapd/i18n instead of i18n/dumb
- many: introduce asserts.NotFoundError replacing both ErrNotFound
and store.AssertionNotFoundError
- packaging: don't include any marcos in comments
- overlord: use overlord.Mock in more tests, make sure we check the
outcome of Settle
- tests: try to fix staging tests
- store: simplify api base url config
- systemd: add systemd.MockJournalctl()
- many: provide systemd.MockSystemctl() helper
- tests: improve the listing test to not fail for e.g. 2.28~rc2
- snapstate: give snapmgrTestSuite.settle() more time to settle
- tests: fix regex to check core version on snap list
- debian: update trusted account-keys check on 14.04 packaging
- interfaces: add udev netlink support to hardware-observe
- overlord: introduce Mock which enables to use Overlord.Settle for
settle in many more places
- snap-repair: execute the repair and capture logs/status
- tests: run the tests/unit/go everywhere
- daemon, snapstate: move ensureCore from daemon/api.go into
snapstate.go
- cmd/snap: get keys or root document
- spread.yaml: turn suse to manual given that it's breaking master
- many: configure store from state, reconfigure store at runtime
- osutil: AtomicWriter (an io.Writer), and io.Reader versions of
AtomicWrite*
- tests: check for negative syscalls in runBpf() and skip those
tests
- docs: use abolute path in PULL_REQUEST_TEMPLATE.md
- store: move device auth endpoint uris to config (#3831)
-- Michael Vogt <email address hidden> Thu, 09 Nov 2017 19:16:29 +0100
-
snapd (2.28.5+17.10) artful; urgency=medium
* New upstream release, LP: #1714984
- snap-confine: cleanup broken nvidia udev tags
- cmd/snap-confine: update valid security tag regexp
- overlord/ifacestate: refresh udev backend on startup
- dbus: ensure io.snapcraft.Launcher.service is created on re-
exec
- snap-confine: add support for handling /dev/nvidia-modeset
- interfaces/network-control: remove incorrect rules for tun
-- Michael Vogt <email address hidden> Fri, 13 Oct 2017 23:25:46 +0200