A new release of the Ubuntu Cloud Images for stable Ubuntu release 22.04 (Jammy Jellyfish) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.
The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
* 'assert'=>'ack', 'asserts'=>'known'
* unset/zero => immediately refresh try
* - README.md: snappy => snap
* - daemon,client,overlord: progress current => done
* - image: bootstrapToRootDir => setupSeed
* - many: use "SNAP.APP as ALIAS" instead of => when listing
* - overlord/state: prevent change ready => unready
* - release,store,daemon: no more default-channel, release=>series
* bind9: 1:9.18.1-1ubuntu1.2 => 1:9.18.1-1ubuntu1.3
* git: 1:2.34.1-1ubuntu1.5 => 1:2.34.1-1ubuntu1.6
* grub2-signed: 1.182~22.04.1+2.06-2ubuntu10 => 1.187.2+2.06-2ubuntu14
* grub2-unsigned: 2.06-2ubuntu10 => 2.06-2ubuntu14
* kbd: 2.3.0-3ubuntu4 => 2.3.0-3ubuntu4.22.04
* krb5: 1.19.2-2 => 1.19.2-2ubuntu0.1
* less: 590-1build1 => 590-1ubuntu0.22.04.1
* libdrm: 2.4.110-1ubuntu1 => 2.4.113-2~ubuntu0.22.04.1
* linux-meta: 5.15.0.57.55 => 5.15.0.60.58
* linux-signed: 5.15.0-57.63 => 5.15.0-60.66
* open-vm-tools: 2:11.3.5-1ubuntu4.1 => 2:12.1.0-1~ubuntu0.22.04.1
* openssh: 1:8.9p1-3 => 1:8.9p1-3ubuntu0.1
* openssl: 3.0.2-0ubuntu1.7 => 3.0.2-0ubuntu1.8
* pam: 1.4.0-11ubuntu2 => 1.4.0-11ubuntu2.3
* python-apt: 2.3.0ubuntu2.1 => 2.4.0
* setuptools: 59.6.0-1.2 => 59.6.0-1.2ubuntu0.22.04.1
* snapd: 2.57.5+22.04ubuntu0.1 => 2.58+22.04
* software-properties: 0.99.22.3 => 0.99.22.5
* sudo: 1.9.9-1ubuntu2.1 => 1.9.9-1ubuntu2.2
* systemd-hwe: 249.11.1 => 249.11.2
* tmux: 3.2a-4ubuntu0.1 => 3.2a-4ubuntu0.2
* ubuntu-advantage-tools: 27.12~22.04.1 => 27.13.3~22.04.1
* update-notifier: 3.192.54 => 3.192.54.5
* vim: 2:8.2.3995-1ubuntu2.1 => 2:8.2.3995-1ubuntu2.3
The following is a complete changelog for this image.
new: {'linux-modules-5.15.0-60-generic': '5.15.0-60.66', 'linux-headers-5.15.0-60-generic': '5.15.0-60.66', 'linux-headers-5.15.0-60': '5.15.0-60.66'}
removed: {'linux-headers-5.15.0-57': '5.15.0-57.63', 'linux-modules-5.15.0-57-generic': '5.15.0-57.63', 'linux-headers-5.15.0-57-generic': '5.15.0-57.63'}
changed: ['bind9-dnsutils', 'bind9-host', 'bind9-libs:amd64', 'git', 'git-man', 'grub-efi-amd64-bin', 'grub-efi-amd64-signed', 'kbd', 'less', 'libdrm-common', 'libdrm2:amd64', 'libgssapi-krb5-2:amd64', 'libk5crypto3:amd64', 'libkrb5-3:amd64', 'libkrb5support0:amd64', 'libpam-modules-bin', 'libpam-modules:amd64', 'libpam-runtime', 'libpam0g:amd64', 'libssl3:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.15.0-60-generic', 'linux-image-virtual', 'linux-virtual', 'open-vm-tools', 'openssh-client', 'openssh-server', 'openssh-sftp-server', 'openssl', 'python-apt-common', 'python3-apt', 'python3-pkg-resources', 'python3-setuptools', 'python3-software-properties', 'snapd', 'software-properties-common', 'sudo', 'systemd-hwe-hwdb', 'tmux', 'ubuntu-advantage-tools', 'update-notifier-common', 'vim', 'vim-common', 'vim-runtime', 'vim-tiny', 'xxd']
new snaps: {}
removed snaps: {}
changed snaps: ['core20', 'lxd', 'snapd']
==== bind9: 1:9.18.1-1ubuntu1.2 => 1:9.18.1-1ubuntu1.3 ====
==== bind9-dnsutils bind9-host bind9-libs:amd64
* SECURITY UPDATE: An UPDATE message flood may cause named to exhaust all
available memory
- debian/patches/CVE-2022-3094.patch: add counter in
bin/named/bind9.xsl, bin/named/statschannel.c, doc/arm/reference.rst,
lib/ns/include/ns/server.h, lib/ns/include/ns/stats.h,
lib/ns/server.c, lib/ns/update.c.
- CVE-2022-3094
* SECURITY UPDATE: named configured to answer from stale cache may
terminate unexpectedly while processing RRSIG queries
- debian/patches/CVE-2022-3736.patch: fix logic in lib/ns/query.c.
- CVE-2022-3736
* SECURITY UPDATE: named configured to answer from stale cache may
terminate unexpectedly at recursive-clients soft quota
- debian/patches/CVE-2022-3924.patch: improve logic in
lib/dns/resolver.c, lib/ns/query.c.
- CVE-2022-3924
==== git: 1:2.34.1-1ubuntu1.5 => 1:2.34.1-1ubuntu1.6 ====
==== git git-man
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE_2022_23521_and_41903/00*.patch:
attr.c, attr.h, pretty.c, column.c, utf8.c, utf8.h,
t/t4205-log-pretty-formats.sh, t/test-lib.sh, git-compat-util.h,
t/t0003-attributes.sh.
- CVE-2022-23521
- CVE-2022-41903
==== grub2-signed: 1.182~22.04.1+2.06-2ubuntu10 => 1.187.2+2.06-2ubuntu14 ====
==== grub-efi-amd64-signed
* Resign with 2022v1 signing key
* Source debconf in postinst script (LP: #1997779)
* Really rebuild against grub2 2.06-2ubuntu14 (LP: #1996950)
* Rebuild against grub2 2.06-2ubuntu14 (LP: #1996950)
* Rebuild against grub2 2.06-2ubuntu13 (LP: #1989446)
* Rebuild against grub2 2.06-2ubuntu12.
* Rebuild against grub2 2.06-2ubuntu11.
* No change rebuild against grub 2.06-2ubuntu10, take 2 (source-only upload)
* No change rebuild against grub 2.06-2ubuntu10.
* No change rebuild against grub 2.06-2ubuntu7.
* No change rebuild against grub 2.06-2ubuntu6.
* Fix grub version number in previous changelog entry.
* No change rebuild against grub 2.06-2ubuntu5.
* No change rebuild against grub 2.06-2ubuntu4.
* No change rebuild against grub 2.06-2ubuntu3.
* No change rebuild against grub 2.06-2ubuntu1.
* No change rebuild against grub 2.04-1ubuntu48.
* Actual no change rebuild against grub 2.04-1ubuntu47.
* No change rebuild against grub 2.04-1ubuntu47.
* No change rebuild against grub 2.04-1ubuntu46.
* Update Vcs-Git to impish-devel.
* key on grub-efi-$(DEB_HOST_ARCH) as the binary package for
download-signed since grub-efi-* and grub2-common are now built from
separate sources.
* No chnage rebuild against grub 2.04-1ubuntu45.
* Change branch name in VCS field to just $suite-devel.
* Forward port debian/rules ifeq/else statement fixes from
bionic&xenial.
* Use debhelper-compat 9 for ease of SRUs to Bionic and earlier. LP:
#1920008
* grub-efi-amd64-signed: add depends on grub2-common with support for
R_X86_64_PLT32 relocations. LP: #1920008
* Rebuild against grub2 2.04-1ubuntu44.
* Rebuild against grub2 2.04-1ubuntu43.
* Rebuild against grub2 2.04-1ubuntu42. LP: #1915536
* Make maintainer scripts compatible with any grub2-common since
precise. LP: #1915536
* Drop unused config_item function.
* Only download signed binaries once.
* Rebuild with correct permissions, and higher version number.
* Rebuild against grub2 2.04-1ubuntu39
* Fix test directory existence race in download-signed, making FTBFS on
arm64:
- download-signed is run 3 times in parallel due to Makefile and download
assets in a single directory.
- testing the directory and then calling makedirs is not done atomically.
- long term fix would be to run it once and collect/compared all signed
files.
* Rebuild against grub2 2.04-1ubuntu38
* Trim trailing whitespace.
* Use secure copyright file specification URI.
* Bump debhelper from deprecated 9 to 12.
* Set debhelper-compat version in Build-Depends.
* Drop unused bzr-builddeb.conf
* Add postinst for the arm64 package (LP: #1914582)
* Set series specific VCS field in debian/control
* Rebuild against grub2 2.04-1ubuntu37
* Rebuild against grub2 2.04-1ubuntu36
* Rebuild against grub2 2.04-1ubuntu35
* Rebuild against grub2 2.04-1ubuntu33
* Rebuild against grub2 2.04-1ubuntu32
* Rebuild against grub2 2.04-1ubuntu31
* Rebuild against grub2 2.04-1ubuntu30.
* Add check to compare that signed grub, matches monolithic builds, to
avoid signing skew when copying grub2/grub2-signed to PPAs.
* Rebuild against grub2 2.04-1ubuntu29.
* Rebuild against grub2 2.04-1ubuntu28
* Rebuild against grub2 2.04-1ubuntu27
* Rebuild against grub2 2.04-1ubuntu26.2.
* Rebuild against grub2 2.04-1ubuntu26.1.
* Fix arm64 download, grub2 package doesn't exist on that arch, use
grub2-common instead.
* Support downloads from PPAs for additional signatures. LP: #1876875
* Rebuild against grub2 2.04-1ubuntu26.
* Rebuild against grub2 2.04-1ubuntu25.
* Fix postinst typpo.
* Rebuild against grub2 2.04-1ubuntu24, enable installing to multiple
ESPs (LP: #1871821)
* Rebuild against grub2 2.04-1ubuntu23.
* Rebuild against grub2 2.04-1ubuntu22.
* Rebuild against grub2 2.04-1ubuntu21.
* Rebuild against grub2 2.04-1ubuntu19.
* Rebuild against grub2 2.04-1ubuntu18.
* Rebuild against grub2 2.04-1ubuntu16.
* Rebuild against grub2 2.04-1ubuntu15.
* Rebuild against grub2 2.04-1ubuntu14.
* Really rebuild against grub2 2.04-1ubuntu13 this time.
(LP: #1845289) (LP: #1848892)
* Rebuild against grub2 2.04-1ubuntu13. (LP: #1845289) (LP: #1848892)
* Rebuild against grub2 2.04-1ubuntu12.
* Rebuild against grub2 2.04-1ubuntu11.
* Rebuild against grub2 2.04-1ubuntu10.
* Rebuild against grub2 2.04-1ubuntu9.
* Rebuild against grub2 2.04-1ubuntu8.
* Rebuild against grub2 2.04-1ubuntu7.
* Rebuild against grub2 2.04-1ubuntu6. (LP: #1845466)
* Rebuild against grub2 2.04-1ubuntu5.
* Rebuild against grub2 2.04-1ubuntu4.
* Rebuild against grub2 2.04-1ubuntu3.
* Rebuild against grub2 2.04-1ubuntu2.
* Rebuild against grub2 2.04-1ubuntu1.
* Rebuild against grub2 2.02+dfsg1-12ubuntu3.
* Rebuild against grub2 2.02+dfsg1-12ubuntu2.
* Rebuild against grub2 2.02+dfsg1-12ubuntu1.
* Rebuild against grub2 2.02+dfsg1-5ubuntu11. (LP: #1814403) (LP: #1814575)
* Rebuild against grub2 2.02+dfsg1-5ubuntu10.
* Rebuild against grub2 2.02+dfsg1-5ubuntu9.
* Rebuild against grub2 2.02+dfsg1-5ubuntu7. (LP: #1798171)
* Rebuild against grub2 2.02+dfsg1-5ubuntu7. (LP: #1784363)
* Rebuild against grub2 2.02+dfsg1-5ubuntu6. (LP: #1788727)
* Rebuild against grub2 2.02+dfsg1-5ubuntu5.
* Rebuild against grub2 2.02+dfsg1-5ubuntu4. (LP: #1792575)
* Rebuild against grub2 2.02+dfsg1-5ubuntu3. (LP: #788298)
* Rebuild against grub2 2.02+dfsg1-5ubuntu2. (LP: #1785033)
* Rebuild against grub2 2.02+dfsg1-5ubuntu1.
* Call grub-check-signatures before calling grub-install, not after, to
avoid overwriting the boot loader on disk with one that will fail to
load. LP: #1786491.
* Rebuild against grub2 2.02-2ubuntu13.
* Rebuild against grub2 2.02-2ubuntu12. (LP: #1258597)
* debian/grub-efi-amd64-signed.postinst: run grub-check-signatures on update
to ensure we have signed kernels installed.
* Rebuild against grub2 2.02-2ubuntu11.
* debian/control: add a dependency of grub-efi-amd64 | grub-pc to
grub-efi-amd64-signed to make sure the grub postinst is triggered even for
cases of old iso (without the fixed installer) installations with
automatic download of updates enabled (LP: #1780897).
* debian/control: switch the grub-efi-amd64 dependency of
grub-efi-amd64-signed to grub-efi-amd64-bin.
* debian/grub-efi-amd64-signed.postinst: invoke grub-install with
--auto-nvram and pass the x86_64-efi target to it, making sure we always
install the right target.
* Rebuild against grub2 2.02-2ubuntu10.
* Rebuild against grub2 2.02-2ubuntu9.
* Rebuild against grub2 2.02-2ubuntu8. (LP: #1752767)
* Rebuild against grub2 2.02-2ubuntu7. (LP: #1711452, #1723434)
* Rebuild against grub2 2.02-2ubuntu6. (LP: #1743249)
* Rebuild against grub2 2.02-2ubuntu5. (LP: #1743884)
* Rebuild against grub2 2.02-2ubuntu3. (LP: #1675453)
* Rebuild against grub2 2.02-2ubuntu3. (LP: #1708245)
* Rebuild against grub2 2.02-2ubuntu2. (LP: #1734278)
* Rebuild against grub2 2.02-2ubuntu1.
* Rebuild against grub2 2.02~beta3-4ubuntu7.
* Rebuild against grub2 2.02~beta3-4ubuntu6.
* Rebuild against grub2 2.02~beta3-4ubuntu5.
* Rebuild against grub2 2.02~beta3-4ubuntu4.
* Rebuild against grub2 2.02~beta3-4ubuntu3.
* Rebuild against grub2 2.02~beta3-4ubuntu2. (LP: #1401532)
* Rebuild against grub2 2.02~beta3-4ubuntu1.
* Rebuild against grub2 2.02~beta3-3ubuntu2. (LP: #1447500)
* Rebuild against grub2 2.02~beta3-3ubuntu1.
* Rebuild against grub2 2.02~beta3-3.
* Rebuild against grub2 2.02~beta2-36ubuntu12.
* Rebuild against grub2 2.02~beta2-36ubuntu11.
* Rebuild against grub2 2.02~beta2-36ubuntu10.
* Rebuild against grub2 2.02~beta2-36ubuntu9.
* Rebuild against grub2 2.02~beta2-36ubuntu8.
* Rebuild against grub2 2.02~beta2-36ubuntu7.
* Rebuild against grub2 2.02~beta2-36ubuntu6.
* Rebuild against grub2 2.02~beta2-36ubuntu5.
* Rebuild against grub2 2.02~beta2-36ubuntu4.
* Rebuild against grub2 2.02~beta2-36ubuntu3. (LP: #1559933)
* Rebuild against grub2 2.02~beta2-36ubuntu2.
* Rebuild against grub2 2.02~beta2-36ubuntu1.
* Rebuild against grub2 2.02~beta2-36.
* Rebuild against grub2 2.02~beta2-35ubuntu1.
* Rebuild against grub2 2.02~beta2-35.
* Rebuild against grub2 2.02~beta2-33.
* Rebuild against grub2 2.02~beta2-32ubuntu1.
* Rebuild against grub2 2.02~beta2-32.
* Rebuild against grub2 2.02~beta2-31ubuntu1.
* Rebuild against grub2 2.02~beta2-31.
* Rebuild against grub2 2.02~beta2-29.
* Rebuild against grub2 2.02~beta2-28.
[ dann frazier ]
* Add arm64 support. (LP: #1457178)
[ Adam Conrad ]
* Rebuild against grub-efi 2.02~beta2-26ubuntu5.
* Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu3.
* Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu2.
* Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu1.
* Rebuild against grub-efi-amd64 2.02~beta2-25ubuntu1.
* Rebuild against grub-efi-amd64 2.02~beta2-25.
* Rebuild against grub-efi-amd64 2.02~beta2-23.
* Rebuild against grub-efi-amd64 2.02~beta2-22ubuntu1.
* Rebuild against grub-efi-amd64 2.02~beta2-22.
* Rebuild against grub-efi-amd64 2.02~beta2-21.
* Rebuild against grub-efi-amd64 2.02~beta2-20.
* Rebuild against grub-efi-amd64 2.02~beta2-19.
* Rebuild against grub-efi-amd64 2.02~beta2-18.
* Rebuild against grub-efi-amd64 2.02~beta2-17.
* Rebuild against grub-efi-amd64 2.02~beta2-16.
* Rebuild against grub-efi-amd64 2.02~beta2-15.
* Rebuild against grub-efi-amd64 2.02~beta2-14.
* Rebuild against grub-efi-amd64 2.02~beta2-11.
* Rebuild against grub-efi-amd64 2.02~beta2-10.
* Rebuild against grub-efi-amd64 2.02~beta2-9.
* Rebuild against grub-efi-amd64 2.02~beta2-8.
* Rebuild against grub-efi-amd64 2.02~beta2-7.
* Rebuild against grub-efi-amd64 2.02~beta2-6.
* Rebuild against grub-efi-amd64 2.02~beta2-5.
* Rebuild against grub-efi-amd64 2.02~beta2-4.
* Policy version 3.9.5: no changes required.
* Rebuild against grub-efi-amd64 2.02~beta2-2.
* Rebuild against grub-efi-amd64 2.00-22.
* Rebuild against grub-efi-amd64 2.00-21.
* Rebuild against grub-efi-amd64 2.00-20.
* Rebuild against grub-efi-amd64 2.00-19ubuntu4.
* Rebuild against grub-efi-amd64 2.00-19ubuntu3 LP: #1242417
* Rebuild against grub-efi-amd64 2.00-19ubuntu2.
* Rebuild against grub-efi-amd64 2.00-19ubuntu2.
* Rebuild against grub-efi-amd64 2.00-19ubuntu1.
* Rebuild against grub-efi-amd64 2.00-18ubuntu4.
* Add grubnetx64.efi.signed.
* Rebuild against grub-efi-amd64 2.00-18ubuntu3.
* Rebuild against grub-efi-amd64 2.00-18ubuntu1.
* Rebuild against grub-efi-amd64 2.00-17ubuntu1.
* Rebuild against grub-efi-amd64 2.00-15ubuntu2. (LP: #1184297)
* Give grub-efi-amd64-signed a strict versioned dependency on the
grub-efi-amd64 we're built against to force a paired migration.
* Rebuild against grub-efi-amd64 2.00-15ubuntu1.
* Rebuild against grub-efi-amd64 2.00-14ubuntu1.
* Rebuild against grub-efi-amd64 2.00-12ubuntu1.
* Recommend secureboot-db (LP: #1087843).
* Rebuild against grub-efi-amd64 2.00-7ubuntu13.
* Download the signed image from the correct pocket.
* Rebuild against grub-efi-amd64 2.00-7ubuntu11.
* Rebuild against grub-efi-amd64 2.00-7ubuntu10.
* Rebuild against grub-efi-amd64 2.00-7ubuntu9.
* Drop Depends back to grub-efi-amd64 (>= 2.00-7ubuntu4), which is good
enough (grub-install extensions).
* Build-depend on a current grub-efi-amd64-bin so that this upload can
safely be accepted before grub2/amd64 binaries have published.
* Rebuild against grub-efi-amd64 2.00-7ubuntu8.
* Rebuild against grub-efi-amd64 2.00-7ubuntu7.
* Rebuild against grub-efi-amd64 2.00-7ubuntu5.
[ Colin Watson ]
* Include gcdx64.efi.signed.
* Depend on grub-efi-amd64 so that /etc/default/grub and
/boot/grub/grub.cfg are updated.
* Run grub-install on configure if appropriate.
[ Steve Langasek ]
* Adjust makefile so gcdx64.efi.signed actually gets included in the
package, not just downloaded.
* Add a Built-Using field, per policy 3.9.4.
* Initial release.
==== grub2-unsigned: 2.06-2ubuntu10 => 2.06-2ubuntu14 ====
==== grub-efi-amd64-bin
* SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
- add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
- add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
- CVE-2022-2601, CVE-2022-3775
- LP: #1996950
* Fix various issues as a result of fuzzing, static analysis and code
review:
- add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
- add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
- add debian/patchces/font-Remove-grub_font_dup_glyph.patch
- add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
- add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
- add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
- add debian/patches/fbutil-Fix-integer-overflow.patch
- add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
- add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
- add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
* Enforce verification of fonts when secure boot is enabled:
- add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch
* Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
- update debian/control
- update debian/build-efi-image
- add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch
* Fix LP: #1997006 - add support for performing measurements to RTMRs
- add debian/patches/commands-efi-tpm-Refine-the-status-of-log-event.patch
- add debian/patches/commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch
- add debian/patches/efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
* Fix the squashfs tests during the build
- remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch
- add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch
* Bump SBAT generation:
- update debian/sbat.ubuntu.csv.in
* Try to pick better locations for kernel and initrd (LP: #1989446)
* x86-efi: Use bounce buffers for reading to addresses > 4GB (enhances
firmware compatibility of previous change)
* ubuntu-zfs-enhance-support.patch: Fix missing lines (LP: #1990143)
[ Mauricio Faria de Oliveira ]
* linux_xen: Properly handle multiple initrd files (LP: #1987567)
- d/p/linux_xen-Properly-load-multiple-initrd-files.patch
- d/p/linux_xen-Properly-order-multiple-initrd-files.patch
* Fix for ZFS snapshots without etc directory.
Thanks to Adam R Bell <a_0x07@protonmail.ch> (LP: #1965983)
[ Heinrich Schuchardt ]
* efi/peimage: fix typos in code comments
[ dann frazier ]
* linuxefi: Invalidate i-cache before starting the kernel (LP: #1987924)
- d/p/linuxefi-Invalidate-i-cache-before-starting-the-kern.patch
==== kbd: 2.3.0-3ubuntu4 => 2.3.0-3ubuntu4.22.04 ====
==== kbd
* d/p/libkfont-Use-only-KDFONTOP.patch:
Fixes error thrown in syslog from deprecated setfont (LP: #1996619)
==== krb5: 1.19.2-2 => 1.19.2-2ubuntu0.1 ====
==== libgssapi-krb5-2:amd64 libk5crypto3:amd64 libkrb5-3:amd64 libkrb5support0:amd64
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-42898.patch: add buffer length checks in
krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for
invalid buffers in src/lib/krb5/krb/t_pac.c.
- CVE-2022-42898
==== less: 590-1build1 => 590-1ubuntu0.22.04.1 ====
==== less
* SECURITY UPDATE: fix OSC8 hyperlinks with invalid escape sequence
- debian/patches/CVE-2022-46663: End OSC8 hyperlinks on invalid embedded
escape sequence
- CVE-2022-46663
==== libdrm: 2.4.110-1ubuntu1 => 2.4.113-2~ubuntu0.22.04.1 ====
==== libdrm-common libdrm2:amd64
* Backport to jammy. (LP: #1991761)
* patches, symbols: Revert dropping unused tegra IOCTL.
* rules: Fix arm FTBFS.
* New upstream release.
* rules: Rework confflags to match current upstream.
* symbols: Updated.
* libdrm-tegra0.symbols: Updated.
* rules: Fix arm build.
* New upstream release.
* symbols: Updated.
* rules: Add more test binaries for arm. (Closes: #1016096)
* New upstream release.
* install, rules: libkms got removed.
* symbols: Updated.
* New upstream version.
* Update signing-key.asc.
* symbols: Updated.
* control: Bump debhelper-compat to 13, policy to 4.6.0.
* amdgpu1.symbols: Updated. (Closes: #1001965)
* New upstream release. (Closes: #1001840)
* symbols: Updated.
* New upstream release.
* libdrm-tests: Add amdgpu_stress.
* symbols: Updated.
* rules: Forcibly disable valgrind.
* Drop valgrind support, it's not ready for multi-arch. (Closes:
#994955)
* control: Fix valgrind dependency archs for libdrm-dev.
* control: Add valgrind to libdrm-dev Depends. (Closes: #994873)
* control: Add libpciaccess-dev to -dev Depends, required by
libdrm_intel.pc.
* Include static libs in -dev again. (LP: #1944107)
* Upload to unstable.
* New upstream release.
* revert-set-fb-modifiers-flag.diff: Dropped, upstream.
* control: Add python3-setuptools to build-depends.
* symbols: Updated.
* Revert a commit causing additional dependencies to be added to *.pc.in.
Also drop libpciaccess-dev from libdrm-dev Depends.
* control: Add libpciaccess-dev to libdrm-dev depends.
* revert-set-fb-modifiers-flag.diff: Revert a commit which broke
chrome on certain setups.
* New upstream release. (LP: #1923880)
* symbols: Updated.
* New upstream release.
* Add signing-key from Simon Ser.
* control: Manpages now need python3-docutils instead of docbook-xsl
to build, make it so.
* hurd-port.diff: Dropped. (Closes: #975658)
* New upstream release. (Closes: #970304)
* control, rules, hurd-port.diff: Add support for Hurd. (Closes:
#909436)
* New upstream release.
* fix-realpath-vs-firefox.diff: Dropped, upstream.
* libdrm-tests.install: Added /usr/bin/drmdevice.
* fix-realpath-vs-firefox.diff: Fix webgl on intel with firefox.
(Closes: #956665) (LP: #1872586)
* New upstream release.
* source, watch: Upstream provides only xz tarballs, bump source to
3.0 (quilt).
* Add my key to signing-key.asc.
* control: Use debhelper-compat, bump to 12.
* control: Bump policy to 4.5.0.
* local-options: Update extend-diff-ignore.
* symbols: Updated.
* rules: Override dh_missing.
* rules: Include additional test binaries on arm. (Closes: #944752)
* Revert dropping libdrm-tests, since the package ended up in NEW
anyway.
* control, rules: Disable libdrm-tests, 2.4.100 is needed for mesa 19.3
now and not after waiting for the NEW queue to clear.
[ Timo Aaltonen ]
* New upstream release. (Closes: #943777)
* symbols: Updated.
[ Rohan Garg ]
* Add a libdrm-tests package. (Closes: #868898)
* New upstream release. (Closes: #934494)
* 02_kfreebsd.diff: Dropped, upstream.
* symbols: Updated.
[ Andreas Boll ]
* New upstream release.
* Update libdrm-amdgpu1.symbols and shlibs.
* Update libdrm-freedreno1.symbols and shlibs.
[ James Clarke ]
* Fix build on GNU/kFreeBSD (Closes: #837034, #909249).
* Remove no longer needed build-dep libbsd-overlay.
[ Timo Aaltonen ]
* rules, control: Switch to meson.
[ Andreas Boll ]
* New upstream release.
- Fixes WebGL on Firefox (Closes: #907698).
* Update libdrm-amdgpu1.symbols and shlibs.
* Drop static libdrm library from libdrm-dev.
* Update extend-diff-ignore.
[ Guido Gnther ]
* Enable etnaviv on arm64 (Closes: #906915)
[ Timo Aaltonen ]
* New upstream release. (LP: #1789924)
* Update libdrm-amdgpu1.symbols and shlibs.
* New upstream release.
* Update libdrm-freedreno1.symbols and shlibs.
* New upstream release.
* Update libdrm-freedreno1.symbols and shlibs.
* control: Update to my Debian address.
* Update Vcs-* URLs to point at salsa.debian.org.
* Bump debhelper compat to 11.
* Bump standards version to 4.1.4.
* Update libdrm-freedreno1.symbols and shlibs (Closes: #892960).
* New upstream release.
* New upstream release.
* Update libdrm-amdgpu1.symbols and shlibs.
* Bump standards version to 4.1.3.
* Update extend-diff-ignore.
* New upstream release.
* Update libdrm2.symbols and shlibs.
* Update libdrm-amdgpu1.symbols and shlibs.
* Update libdrm-etnaviv1.symbols and shlibs.
* Update libdrm-freedreno1.symbols and shlibs.
* Bump standards version to 4.1.2.
* New upstream release.
* Update libdrm-amdgpu1.symbols and shlibs.
* New upstream release.
* Update libdrm-amdgpu1.symbols and shlibs.
* Bump standards version to 4.1.1.
* libdrm-amdgpu1.symbols: Updated.
* New upstream release.
* libdrm2.symbols: Updated.
* New upstream release.
* New upstream release.
* debian/upstream/signing-key.asc: add key from Lucas Stach.
* Add libdrm-common package for new data files.
* debian/*.symbols: add new symbols.
* debian/rules: Bump shlibs for the libraries with new symbols.
* debian/control: Bump Standards-Version to 4.0.0; no changes needed.
* Upload to unstable.
* New upstream release.
* Bump libdrm2's and libdrm-amdgpu1's symbols and shlibs.
* New upstream release.
* Bump libdrm-amdgpu1's and libdrm-etnaviv1's symbols and shlibs.
* Remove libpthread-stubs0-dev build-dep per configure.ac.
* Team upload.
* New upstream release.
* Bump libdrm-amdgpu1 symbols.
* Update debian/upstream/signing-key.asc
* New upstream release.
* Update extend-diff-ignore.
* Cherry-pick 19c4cfc (intel: Add handle to hashtable before freeing
along an error path) from upstream (LP: #1671377).
* New upstream release.
* Bump libdrm2's and libdrm-intel1's symbols and shlibs.
* Update extend-diff-ignore.
* Add debian/source/format file.
[ Andreas Boll ]
* Switch to dbgsym packages.
* Enable building etnaviv on armhf (Closes: #852685).
[ Emilio Pozuelo Monfort ]
* Stop passing --disable-silent-rules to configure, debhelper does it now.
* Don't override dh_auto_install, it defaults to debian/tmp.
* New upstream release.
* Update debian/upstream/signing-key.asc.
* Bump libdrm2's, libdrm-freedreno1's and libdrm-intel1's symbols and
shlibs.
* Bump debhelper compat to 10.
* New upstream release.
* Bump libdrm2's, libdrm-amdgpu1's, libdrm-freedreno1's and libdrm-
intel1's symbols and shlibs.
* Update a bunch of URLs in packaging to https.
* New upstream release.
* Update symbols file and bump shlibs for libdrm2.
* Update libdrm-intel1.symbols and shlibs.
* Remove Hurd from the architecture list. It FTBFS, haven't built in
the past and won't be useful without the equivalent of the Linux
Direct Rendering Manager (DRM) subsystem.
* New upstream release.
* Update libdrm-freedreno1.symbols and shlibs.
* source/local-options: Add more files to extend-diff-ignore option.
Fixes 17 patch-system-but-direct-changes-in-diff lintian warnings.
[ Andreas Boll ]
* New upstream release.
* Update debian/upstream/signing-key.asc.
* Bump Standards-Version to 3.9.8, no changes needed.
* Update watch url to use https instead of http.
[ Julien Cristau ]
* Build libdrm-tegra on arm64 (closes: #828023). Thanks, Martin Michlmayr!
* New upstream release. (LP: #1577735)
* New upstream release.
* patches: Refreshed.
* libdrm-amdgpu1.symbols: Updated.
* Update libdrm-exynos1.symbols and shlibs.
* New upstream release.
* Update symbols file and bump shlibs for libdrm2.
* Update libdrm-intel1.symbols and shlibs.
* Update libdrm-nouveau2.symbols and shlibs.
* Drop obsolete Replaces from pre-wheezy.
* Add myself to Uploaders.
* rules: Bump freedreno shlib back to 2.4.65.
[ Andreas Boll ]
* Update libdrm-freedreno1.symbols and shlibs.
* Drop Debian revision from new symbols in libdrm2.symbols.
[ Fathi Boudra ]
* Enable freedreno build on arm64 architecture.
[ Andreas Boll ]
* New upstream release.
* Update debian/upstream/signing-key.asc.
* Update symbols file and bump shlibs for libdrm2.
* Enable libdrm-amdgpu1 on kfreebsd-*.
* Fix Vcs-* fields.
* Add upstream url.
[ Robert Hooker ]
* New upstream release.
* Bump symbols file and shlibs for libdrm-freedreno1.
[ Robert Hooker ]
* New upstream release.
- Drop Fix-headers-inclusion-in-xf86drmMode.c.diff, upstream.
* Add new libdrm-amdgpu1 package.
[ Sven Joachim ]
* New upstream release.
- nouveau: restore check that avoids multiple user bos per kernel bo
(Closes: #789759).
* Update symbols file and bump shlibs for libdrm2.
* Refresh the patch from 2.4.60-3 after upstream changes.
* Remove duplicate Section fields from debian/control.
* Update debian/upstream/signing-key.asc.
* Bump Standards-Version to 3.9.6, no changes needed.
[ Julien Cristau ]
* Update debian/upstream/signing-key.asc.
* Fix kfreebsd patch that caused an FTBFS on Linux/x32: only include
<sys/sysctl.h> if configure detects it (closes: #787496). Thanks,
Thorsten Glaser.
* Add build-dep on xutils-dev for xorg-macros.
* Cherry-pick upstream patch to let valgrind auto-detection work.
[ Timo Aaltonen ]
* control: Add a typo in libdrm-tegra0 description.
[ Julien Cristau ]
* Fix FTBFS on kfreebsd: include <sys/sysctl.h> for sysctlbyname, and use
-lbsd to make the tests build (they use getopt, and our libbsd-overlay
cflags redirect that to bsd_getopt).
* Bump shlibs for libraries with new symbols.
* Add missing dependency of libdrm-dev on libdrm-tegra0 on arm*.
* Let uscan verify tarball signatures.
[ Maarten Lankhorst ]
* Fix ftbfs on armhf.
* New upstream release.
* libdrm-intel1.symbols, libdrm2.symbols: Updated.
* New upstream release.
* Add libdrm-tegra0 on arm.
[ Andreas Boll ]
* Update libdrm-freedreno1.symbols and shlibs (fixes FTBFS).
[ Andreas Boll ]
* New upstream release.
- 03_hide_symbols.diff dropped, upstream.
* Update libdrm-intel1.symbols and shlibs.
* New upstream release.
* Enable building freedreno and exynos on arm. (Closes: #741509)
* Add a squashed patch from upstream to hide all private symbols.
- 03_hide_symbols.diff
[ Andreas Boll ]
* New upstream release.
* Add 02_fix_qxl_drm_h.diff (Closes: #746807).
[ Timo Aaltonen ]
* New upstream release.
- 02_kbsd_modeset.diff dropped, upstream
[ Julien Cristau ]
* Remove Cyril Brulebois from Uploaders.
[ Maarten Lankhorst ]
* New upstream release.
* New upstream release.
* New upstream release.
* Cherry-pick a commit from upstream to fix a radeonsi regression.
- c8a437f4c76: radeon: Update unaligned offset for 2D->1D tiling
transition on SI
* New upstream release.
[ Colin Watson ]
* Declare libdrm-dev Multi-Arch: same.
[ Maarten Lankhorst ]
* Cherry-pick upstream patch to fix relocations for all cards <nv50.
* Do not require valgrind on armel.
* Make drmCheckModesettingSupported work on FreeBSD. Thanks, Christoph
Egger!
* Stop building libkms.
* Build libdrm-radeon1 on kfreebsd (closes: #684593).
[ Sven Joachim ]
* New upstream release.
* Bump libdrm2's and libdrm-intel1's symbols and shlibs.
* Build libdrm-intel1 on x32 (Closes: #712515).
* Disable silent rules.
* Team upload.
* debian/patches/03_build_against_librt.diff:
+ Removed, no longer needed with our current glibc version.
Thanks to Julien Cristau for pointing it out.
* Upload to unstable.
[ Sven Joachim ]
* Only build-depend on valgrind on architectures where
valgrind is actually available.
* Team upload.
[ Julien Cristau ]
* Bump libdrm2 shlibs to 2.4.38.
[ Maarten Lankhorst ]
* New upstream release.
* Build-depend on xsltproc and docbook-xsl.
* Add valgrind to build-depends.
[ Timo Aaltonen ]
* control: Bump policy to 3.9.4, no changes.
[ Emilio Pozuelo Monfort ]
* Upload to experimental.
[ Maarten Lankhorst ]
* New upstream release.
- Nouveau ABI change, replace libdrm-nouveau1a with libdrm-nouveau2.
[ Timo Aaltonen ]
* Bump libdrm-intel1's and libdrm-nouveau2's shlibs due to new symbols.
* Hardcode the version for libdrm-omap1's shlibs.
[ Christopher James Halse Rogers ]
* Add libdrm2-udeb; Xserver 1.13 wants libdrm for hotplug config, so
will be needed for the 1.13 xserver-xorg-core-udeb.
[ Sven Joachim ]
* Bump libdrm-radeon1's symbols and shlibs.
* Mark some internal libdrm-nouveau2 symbols as private.
* Drop patch 02_build_libkms_against_in_tree_drm.diff, applied upstream.
* Add missing dependency on libdrm-omap1 to libdrm-dev (thanks, Robert
Hooker!). Make some arm matching a bit simpler.
[ Sebastian Reichel ]
* Build libdrm_omap (closes: #667572).
* New upstream release.
[ Robert Hooker ]
* New upstream release (2.4.31).
* Bump libdrm2 and libdrm-radeon1 symbols and shlibs to account for
recent changes.
[ Cyril Brulebois ]
* New upstream release (2.4.32).
* Bump libdrm-intel1's symbols and shlibs accordingly.
* New upstream release.
* Bump libdrm2's and libdrm-intel1's symbols and shlibs accordingly.
* Document the symlink dance when building from git in README.source.
* New upstream release:
- assert()s are now gone (Closes: #651316).
* Update libdrm-intel1's symbols and shlibs accordingly.
* New upstream release.
* New upstream release:
- Push the new Intel API for use by mesa.
- Usual bug fixes.
* Update libdrm-intel1's symbols and shlibs accordingly.
* New upstream release:
- Fix two important intel bugs.
* Add libpciaccess-dev build-dep.
* Update libdrm-intel1.symbols and shlibs for new aperture-related symbol.
* Team upload.
[ Steve Langasek ]
* Build for multiarch.
[ Julien Cristau ]
* Add lintian overrides for symbols-declares-dependency-on-other-package (we
use that for private symbols).
* Bump Standards-Version to 3.9.2.
* Upload to unstable.
* New upstream release.
* Update libdrm2.symbols and shlibs.
* Update libkms1.symbols, marking dumb_create@Base as private.
* Switch to dh:
- Bump compat/build-dep to 8.
- Use dh-autoreconf.
- Tidy old build-deps.
- Testsuite now automatically gets run.
* Accordingly, add a build-dep to fix FTBFS during make check:
- 03_build_against_librt.diff
* Add libudev-dev build-dep on Linux so that detection works.
* Since the testsuite just got enabled, let's not bail out if it fails.
* Remove xsfbs as it's no longer needed.
* Bump Standards-Version (no changes needed).
* Upload to unstable.
[ Christopher James Halse Rogers ]
* New upstream release.
* Add new internal radeon symbols to libkms1.symbols
[ Cyril Brulebois ]
* Just as a reminder, not adding a lintian override for the following
warning, since patches were sent upstream to stop exporting private
symbols: symbols-declares-dependency-on-other-package
* Cherry-pick from upstream:
- intel: Fallback to old exec if no mrb_exec is available
- intel: Set the public handle after opening by name
- intel: Remember named bo
* The first of those fixes should fix some failures to submit batch
buffer (Closes: #612766).
* Bump dependency to 2.4.23-3 for the drm_intel_bo_mrb_exec symbol in
libdrm-intel1's symbols file. While the former version is alright
from a shared object point of view, runtime doesn't seem to agree
(Closes: #609299).
* Bump the libdrm-intel1 shlibs version for consistency.
* Upload to unstable.
* Update Uploaders list. Thanks, David & Brice!
[ Sven Joachim ]
* New upstream release.
* Rename the libdrm-nouveau1 package to libdrm-nouveau1a, since upstream
broke the ABI without changing the soname.
- Make libdrm-nouveau1a{,-dbg} conflict with libdrm-nouveau1{,-dbg} and
remove the Breaks against xserver-xorg-video-nouveau.
- Adjust the lintian override.
- Bump libdrm-nouveau shlibs and symbols versions to 2.4.23.
* Use dh_prep instead of the deprecated dh_clean -k in debian/rules.
* Cherry-pick some commits from upstream to make the intel video driver
2.13.901 buildable:
- 057fab33: intel: Prepare for BLT ring split
- 36245771: intel: enable relaxed fence allocation for i915
- 49447a9b: intel: initialize bufmgr.bo_mrb_exec unconditionally
[ Sven Joachim ]
* New upstream release.
[ Sven Joachim ]
* Bump libdrm-nouveau shlibs and symbols versions to 2.4.21-1 to ensure
that packages built against this version are not used with squeeze's
libdrm-nouveau1.
* Add a lintian override for the symbols-file-contains-debian-revision
warning. Bump debhelper compatibility level to 6 for dh_lintian.
[ Christopher James Halse Rogers ]
* debian/rules:
- Add libkms to build
- Build vmwgfx experimental API. The drm module is available in the 2.6.34
kernel so we might as well build the userspace bits.
* debian/control:
- Add libkms1, libkms1-dbg packages on linux
* debian/patches/02_build_libkms_against_in_tree_drm:
- Link libkms against libdrm as it uses symbols from libdrm.
[ Robert Hooker ]
* New upstream release.
* Refresh 02_build_libkms_against_in_tree_drm.
* Update libdrm-intel1.symbols, libdrm-radeon1.symbols and shlibs.
[ Julien Cristau ]
* Update the copyright file to hopefully include all licenses variations and
copyright statements from the source tree.
* Mark new libdrm_radeon symbols private. They shouldn't actually be
exported.
* Same with libkms. Also don't set a minimum version to 2.4.20, since we
didn't ship it before anyway.
[ Sven Joachim ]
* Update libdrm-nouveau1 to the ABI of Linux 2.6.34.
- Drop 03_revert_abi_change.diff.
- Bump libdrm-nouveau shlibs and symbols versions to 2.4.20-3~
to ensure that packages built against this version are not used
with an older libdrm-nouveau1 version.
- Add versioned Breaks against xserver-xorg-video-nouveau to force
an upgrade of that package and prevent X segfaults.
* Include full SONAME in libdrm-nouveau1.install.
* Update xsfbs to 81fc271788605b52e85c2d11635a0371fb44605e0.
* Upload again, faking a new upstream version, since a screw-up on
ftpmaster side trashed all files from experimental.
* New upstream release.
+ Cherry-pick upstream fixes 107ccd92 and 332739e3.
* Update libdrm-intel1.symbols, libdrm-radeon1.symbols and shlibs.
* Disable libkms for now.
* Upload to unstable.
* Steal 03_revert_abi_change.diff from Ubuntu to revert the nouveau ABI
change. Current Debian kernels support only the old ABI.
Thanks Sven Joachim!
* Build a libdrm-nouveau1 package on Linux architectures (Closes: #568162).
Patch adapted from the Ubuntu package. Thanks Sven Joachim!
* Include full SONAME in libdrm*.install to prevent accidental breakage.
* Add back the drm headers in libdrm-dev.
* Fix FTBFS on non-Linux architectures (Closes: #570851): Replace
--{enable,disable}-radeon-experimental-api configure flag with
--{enable,disable}-radeon since it got renamed.
* Add ${misc:Depends} where it was missing, and fold all Depends.
* Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed).
* Add myself to Uploaders.
* New upstream release.
[ Julien Cristau ]
* New upstream release, closes: #560434, #567831.
* Update patch 01_default_perms.diff to account for upstream move of libdrm
to toplevel.
* Update libdrm2.symbols and shlibs.
* Update libdrm-intel1.symbols and shlibs.
* Bump debhelper build-dep, we use dh_strip --remaining-packages (closes:
#558443). Thanks, Sergio Gelato!
* Enable libdrm_radeon, interface to kernel graphics memory management on
radeon (closes: #558786).
* Rename the build directory to not include DEB_BUILD_GNU_TYPE for no
good reason. Thanks, Colin Watson!
* Remove myself from Uploaders
[ Brice Goglin ]
* Bump linux-libc-dev dependency to 2.6.32, thanks Piotr Engelking,
closes: #561224.
* Add libdrm-radeon1 symbols and update shlibs.
* Update debian/copyright.
[ Timo Aaltonen ]
* Update libdrm2.symbols and shlibs.
* New upstream release.
+ update libdrm-intel1 symbols and shlibs
* Only build libdrm-intel on x86 (linux and kfreebsd).
* Parse space-separated DEB_BUILD_OPTIONS, and handle parallel=N.
* New upstream release.
* Bump Standards-Version to 3.8.3.
[ Christopher James Halse Rogers ]
* debian/control:
+ Remove scary 'built from DRM snapshot' warning from long description of
libdrm-intel1{,-dbg}
[ Julien Cristau ]
* New upstream release.
* Update libdrm-intel1.symbols.
* New upstream release.
* New upstream release.
* Also pull in additional fix for libdrm-intel: Only do BO caching up to
64MB objects.
* Update libdrm-intel1.symbols and bump shlibs.
* Add README.source from xsfbs. Bump Standards-Version to 3.8.1.
* Remove Thierry Reding from Uploaders, he doesn't seem to be around anymore
:(
* Ship all drm headers on kfreebsd, again.
* Move -dbg packages to new debug section.
[ Brice Goglin ]
* New upstream release.
+ Remove buggy symlinks for the upstream tarball.
* Add myself to Uploaders.
[ Julien Cristau ]
* Make the linux-libc-dev dependency linux-only (closes: #521253). Thanks,
Petr Salinger!
* Add drm_mode.h to the list of headers we don't ship.
* New upstream release. (closes: #505740)
[ Timo Aaltonen ]
* debian/rules:
-Run autoreconf at build time, build-depend on automake and libtool.
(closes: #482727)
-Add a debian/libdrm2.symbols file and '-c4' parameter to dh_makeshlibs
to fail if new symbols are added. Don't use Debian versions for now.
[ Julien Cristau ]
* Add a new package for the intel-specific bits (libdrm-intel1)
* Build-depend on pkg-config and libpthread-stubs0-dev (closes: #502078).
Thanks, Frank Lichtenheld!
* Don't mention *.la in libdrm-dev.install.
* Make libdrm-dev depend on libdrm-intel1 on x86.
* On Linux, let udev create the device files.
* Let linux-libc-dev provide some drm headers, drop them from libdrm-dev.
Add dependency on linux-libc-dev >= 2.6.28.
* Set libdrm2 shlibs to 2.4.3, libdrm-intel1 shlibs to 2.4.5. Update
symbols files.
* Remove from the source package a bunch of files that are only used by the
kernel drm component. This gets rid of the mga, r128 and radeon
microcode, and thus closes: #502675. Thanks, Ben Hutchings!
[ Brice Goglin ]
* Update upstream URL in debian/copyright.
* Bump Standards-Version to 3.7.3 (no changes).
* Drop the XS- prefix from Vcs-Git and Vcs-Browser fields in debian/control.
* Install the upstream ChangeLog.
[ Julien Cristau ]
* New upstream release (needed for mesa 7.1 and newer xserver).
* Note: this release removes the memory manager (TTM) interface used by the
i915tex dri driver.
* debian/rules: don't call configure with --host if we're not
cross-building, and fix some rules dependencies.
[ Timo Aaltonen ]
* Bump the shlibs to 2.3.1.
[ David Nusinow ]
* Add NEWS.Debian explaining the change in the last upload to interested
administrators.
[ Julien Cristau ]
* Upload to unstable.
* Add myself to uploaders
* Patch libdrm to default to device permission 666 so we don't have to do it
in xorg.conf. The only way libdrm can do anything is through the server
anyway. This can still be overridden by a user's xorg.conf. This change
also requires adding quilt to the build-depends
* Update my email address in debian/control.
* Add XS-Vcs-Git and XS-Vcs-Browser in debian/control.
* Upload to unstable.
[ Thierry Reding ]
* New upstream release.
* Set the Debian X Strike Force as maintainer.
* Add myself to uploaders.
* Add a debugging symbol package for libdrm2.
[ Julien Cristau ]
* Bump shlibs to libdrm2 >= 2.3.0.
* Add myself to uploaders.
* Add build-dep on dpkg-dev >= 1.13.19 to make sure that the binary:Version
substvar is available.
* libdrm2-dbg depends on libdrm2 (= ${binary:Version}).
* Don't install libdrm.la, and use dh_install --list-missing.
* Non-maintainer upload.
* New upstream release.
* Bump Standards-Version to 3.7.2, no changes required.
* Bump debhelper compatibility to 5 and adjust build-dependency.
* Don't try to install pkgconfig files from usr/share/pkgconfig because
there is nothing in that directory.
* Non-maintainer upload.
* New upstream release (closes: #377166).
- Includes a fix for FTBFS on GNU/kFreeBSD (closes: #332994).
* Manually force static build.
* New upstream release
- Fixes a pathological hash table smash discovered by the Coverity scanner
- updates the installed header files for various new #defines
* First upload to Debian
* New upstream release.
* Change binary package from libdrm1 to libdrm2, following soversion bump.
* New upstream version.
* Yay for understandable bug reports! *gmprf*
* debian/control:libdrm1 =~ s/development/runtime/ (closes: bug#325515)
* libdrm.pc.in: add -ldrm to Libs
* New upstream
* debian/control: it's "Direct Rendering Infraestructure". I was rather
sure it stand for interface... thanks Michel. (closes: bug#324514)
* debian/control: forgot to actually write this in the file. Build-Depends
on libx11-dev. Thanks Kurt (closes: bug#324560)
* Forgot to fix the other broken bit :-P
* Initial release. Closes: #324074
==== linux-meta: 5.15.0.57.55 => 5.15.0.60.58 ====
==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual
* Bump ABI 5.15.0-60
* Bump ABI 5.15.0-59
* Bump ABI 5.15.0-58
==== linux-signed: 5.15.0-57.63 => 5.15.0-60.66 ====
==== linux-image-5.15.0-60-generic
* Master version: 5.15.0-60.66
* SIGNEDv3: add a linux-generate ancillary package (LP: #1989705)
- [Packaging] add linux-generate* direct ancillary
* Miscellaneous Ubuntu changes
- debian/tracking-bug -- update from master
* Master version: 5.15.0-59.65
* Master version: 5.15.0-58.64
==== open-vm-tools: 2:11.3.5-1ubuntu4.1 => 2:12.1.0-1~ubuntu0.22.04.1 ====
==== open-vm-tools
* Backport recent open-vm-tools (LP: #1975767)
- Fixes issue with "udevadm trigger" affecting all devices
that can cause unwanted side-effects.
(LP: #1968354)
- Adds new binary open-vm-tools-containerinfo that installs the
vRealize Container Info plugin, which captures and publishes
information about running containers inside the guest.
- Adds new binary open-vm-tools-salt-minion that installs the Salt
Minion plugin for event driven IT automation, remote task execution,
and configuration management.
* [e704b2c] New upstream version 12.1.0
Closes: #1018012 / CVE-2022-31676
* [f9048c4] Remove patches applied upstream
* Release 12.0.5 to unstable
- also (Closes: #1012814)
[ Christian Ehrhardt ]
* [827c3e4] New upstream version 12.0.5 (LP: #1971253) (Closes: #1011633)
* [0d65b0785] d/copyright: fix whitespace damage
* [e831bdcce] d/control,d/rules: salt-minion is not supported or even built on
i386/arm64
[ Bryce Harrington ]
* [6a499a388] d/control: bump Standards-Version to 4.6.1 (no changes needed)
* [e0b695cf9] d/copyright: Update debian copyright to 2022
* [11f2f331d] d/control: Improve plugin description
* [aa14fc72b] d/control, d/rules, d/*containerinfo*: add containerinfo plugin
* [441d7a31c] d/control, d/rules, d/*salt-minion*: Add salt-minion plugin
* [291c71b07] d/copyright: Add myself and Christian
* [2eaee7c] Add dependencies for the containerinfo plugin.
* [c21ef1d] Fix building containerinfo on i386
%ld is not a 64bit integer on i386.
* [5b23cd3] Use G_GINT64_FORMAT instead of lld
[ Debian Janitor Bot ]
* [b8a7e72] Bump debhelper from old 12 to 13. + Rename debian/open-vm-tools-desktop.tmpfile to debian/open-vm-tools-desktop.tmpfiles.
Changes-By: lintian-brush
Fixes: lintian: package-uses-old-debhelper-compat-version
See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html
* [db353fc] Update renamed lintian tag names in lintian overrides.
Changes-By: lintian-brush
Fixes: lintian: renamed-tag
See-also: https://lintian.debian.org/tags/renamed-tag.html
* [e836429] Set upstream metadata fields: Archive.
Changes-By: lintian-brush
[ Bernd Zeimetz ]
* [c68b4a7] New upstream version 12.0.0 (Closes: #1006845)
* [5e498c2] Refresh patches
* [d1a0fb3] udevadm: trigger only for scsi devices on install.
Thanks to Benjamin Drung (Closes: #1009194)
[ Debian Janitor ]
* Remove constraints unnecessary since buster
[ Christian Ehrhardt ]
* New upstream version 11.3.5 (LP: #1946836) (Closes: #995221)
- Closes gcc-11 FTBFS, actually since 11.3.0 (Closes: #984272)
* d/rules, d/open-vm-tools.lintian-overrides: The hgfsmounter (mount.vmhgfs)
command has been removed from open-vm-tools
* d/p/Update-open-vm-tools-to-build-with-either-Fuse-3-or-2.patch: allow to
build against fuse 3
* d/rules, d/control: switch to use fuse3 (LP: #1935665)
* d/copyright: further fix licenses after consulting SPDX
* d/copyright: state multi-license under one glob pattern
* d/control: enable arm64 which is ready in 11.3.0
* d/control: drop no more needed net-tools dependency
* New upstream version 11.3.0 (Closes: #990163)(LP: #1933143)
- d/rules: install new binary vmwgfxctrl into open-vm-tools-desktop
- d/rules: add new binary vmware-alias-import to open-vm-tools
- d/rules: add new vmsvc plugins libguestStore.so and libgdp.so
to open-vm-tools
* d/open-vm-tools.maintscript: remove stale conffiles (Closes: #868273)
* d/control: add myself to uploaders
* Cleanups flagged by tracker.debian.org
- d/watch: fix to work with upstreams github tags
- d/control: bump Standards-Version to 4.5.1 (no changes needed)
* Cleanups for various Lintian findings
- d/source/lintian-overrides: allow helper scripts by setting
patch-file-present-but-not-mentioned-in-series
- d/{open-vm-tools,open-vm-tools-dev}.lintian-overrides tolerate
package-name-doesnt-match-sonames
- d/{open-vm-tools,open-vm-tools-desktop}.lintian-overrides: tolerate
no-manual-page until upstream issue 526 is resolved
- d/control: fix skip-systemd-native-flag-missing-pre-depends warning by
adding misc:Pre-Depends
- d/copyright: rename non allowed license names to fix
space-in-std-shortname-in-dep5-copyright warning
- d/open-vm-tools-desktop.lintian-overrides: fix setuid override
- d/rules: drop no more needed handling of pam vmtoolsd-x64
- d/rules: put libs and .pc files in correct multiarch directories
- d/rules: do not ship vmware-vgauth-smoketest (only meant for build&test,
per upstream it can wipe system config and therefore should not be
shipped after build - upstream issue 527)
* d/control: Remove constraints unnecessary since stretch (from Janitor)
* [7f14954] Drop max_nic_count patch.
See https://github.com/vmware/open-vm-tools/issues/128 for details.
* [b54d022] New upstream version 11.2.5
Thanks: John Wolfe
Closes: #980190
* [d5d4593] Fix building with new gcc versions
* [94ce968] build-depend on libgdk-pixbuf-xlib-2.0-dev
Closes: #978262
Thanks to Lucas NUssbaum for the upload reminder.
* [447d833] Update upstream source from tag 'upstream/11.2.0'
Update to upstream version '11.2.0'
with Debian dir 67243748d9ba09fc4e53f1ab4e921e119c981beb
Closes: #972732
* [704edba] remove pam-use-common-auth-account patch.
Not needed anymore
* [f792922] Use upstream pam file for Debian
* [5515c98] Don't recommend xserver-xorg-input-vmmouse.
Thanks to Raphal Hertzog (Closes: #966465)
* [8a31efc] Update upstream source from tag 'upstream/11.1.5'
Update to upstream version '11.1.5'
with Debian dir 62c70f15b660e7719555a78e6658ced5ca05ca35
Closes: #968688
* [09714a7] Removing patches that were applied upstream
* [03d18b3] Fix gcc-10 related issues. (Closes: #957631)
[ Christian Ehrhardt ]
* [4d69c6a] d/p/lp-1877678-: fixes for the sdmp plugin that is new in 11.1.0.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
* [38bd11e] d/control: change net-tools dependency to iproute2.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
[ Bernd Zeimetz ]
* [c15c08d] Add net-tools as dependency again.
Various scripts still use ifconfig.
[ Christian Ehrhardt ]
* [6b7d31d] New upstream version 11.1.0
(Closes: #960061) (LP: #1877672)
* [3ece93a14] d/control, d/rules, d//*sdmp*: add service discovery plugin (sdmp)
(Closes: #960065) (LP: #1877678)
Thanks to Oliver Kurth for the initial contribution, changes in addition:
- d/control: improve description
- rules fix whitespace damage
- maintscripts: fixed some whihtespace damage
- maintscripts: fixed maintainer scripts per skeletons from dh_make
- maintscripts: added the service-active-before-restart check to postinst
as well (was only in rm)
- maintscripts: use deb-systemd-invoke
- d/control: add further dependencies used in sdmp
* [e0c9fbc14] remove patches applied upstream in 11.1.0
- d/p/4ee0bd3c8_Rectify-a-log-spew-in-vmsvc-logging-vmware-vmsvc-root.log
- d/p/89c0d4445_GitHub-Issue-367.-Remove-references-to-deprecated-G_INLINE_FUNC
- d/p/f1f0b812e_add-appinfo-plugin
* [f4cf14931] d/rules: drop perm fixup of vm-support as it is properly
in /usr/bin/ now
* [d71e99e33] lintian: add overrides for intentional cases
* [ba27a73eb] d/p/debian/vmxnet_fix_kernel_4.7.patch: drop unused patch
* [7488e6e2f] d/copyright: fix tab in text
* [8700b5e] Revert "Run vmtoolsd with Nice=-20"
After discussing this issue with upstream we came to the conclusion that
reverting this is the best option as it is possible to start programs
trough vmtoolsd and they would also run with a nice level of -20.
Upstream will fix this issue in a sane way.
* [8a3a303] Add appinfo plugin.
Thanks to Oliver Kurth (Closes: #954958)
* [c720d18] Run vmtoolsd with Nice=-20.
Ensure that the watchdog is always able to answer.
Thanks to Aron Xu (Closes: #953346)
* [9d3c1d7] Build-Depend on liblzma-dev.
Thanks to Lucas Nussbaum (Closes: #951940)
* [eab2f1a] Add vmtoolsd.service alias.
Debian's open-vm-tools.service is rather unsuaul and based on the
history of the package, so ship an alias.
* [b2977cd] Rectify a log spew in vmsvc logging.
Upstream commit 4ee0bd3c8ead89541ab7d196fb54e940e397420d
When a LSI Logic Parallel SCSI controller sits in PCI bus 0
(SCSI controller 0), the Linux disk device enumeration does not provide
a "label" file with the controller name. This results in messages like
"GuestInfoGetDiskDevice: Missing disk device name; VMDK mapping
unavailable for "/var/log", fsName: "/dev/sda2" repeatedly appearing
in the vmsvc logging. The patch converts what previously was a warning
message to a debug message and thus avoids the log spew.
Thanks to Oliver Kurth (Closes: #950888)
* [e302fbf] Depend on lsb-release instead of recommending it.
* [7731b26] Update upstream source from tag 'upstream/11.0.5'
Update to upstream version '11.0.5'
with Debian dir 7744f94a9026a7a3178032ef206d5d5798206fa5
Closes: #949011
* [68e74c1] snapshot changelog
* [6ce977f] Refreshing patches
[ Christian Ehrhardt ]
* [e30fabc] d/p/lp-1855686-Avoid-vmtoolsd-crash-in-HostInfo.patch:
fix crash with uncommon lsb_output behavior (LP: #1855686)
* [c30953f] gitlab-ci: disable reprotest
* [ee6873b] Use upstream patch to fix (ignore) ZFS.
* [76c600f] Fix segfault for fs devices without /
See https://github.com/vmware/open-vm-tools/issues/378 for details.
Thanks to Mo Zhou (Closes: #942692)
* [bb36e10] Update upstream source from tag 'upstream/11.0.1'
Update to upstream version '11.0.1'
with Debian dir 60c0d512096774b9a2a7cc9e4e94556b2893ae8a
* [4cfe383] Update Vcs-Git/Browser to point to salsa.
* [bc253ad] Remove .travis.yml, add debian/.gitlab-ci.yml
* [c92ca3a] Add add_patch.sh script to add patches from upstream.
* [1d9b491] Add patch to remove deprecated inline functions
* [3e2e307] Rename lintian-override file properly
[ goldstar611 ]
* [c138871] Ensure VGAuthService starts after AppArmor
https://gitlab.com/apparmor/apparmor/issues/13
[ Bernd Zeimetz ]
* [28ef841] New upstream version 11.0.0~0
* [f78ed2d] New upstream version 11.0.0
Closes: #940853
* [19efc80] Revert "Revert "Removing libdumbnet-dev.""
This reverts commit 31177fab964d92687501ab81774440a9b8d09e39.
* [bc14a8b] snapshot changelog
* [1c5e9ea] Dropping patches that were picked from upstream
[ Bernd Zeimetz ]
* [19c646a] gcc9 compatibility.
Upstream commit c68172ef7f2d4f116078e2aba82986a8cab0b16e (Closes: #925794)
[ Christian Ehrhardt ]
* [865763e] Fix other ftbfs with GCC-9
* d/rules: disable address-of-packed-member gcc-9 warnings for pre 11.0 code
(LP: #1842301)
* d/rules: use modern syntax for disabling deprecated-declarations
* d/p/gcc9-Remove-GLib-2.32-deprecated-APIs-from-tools.patch: stop using
outdated GLib features
Upstream commit a7c141fc
* d/p/gcc9-drop-obsolete-G_INLINE_FUNC.patch: stop using deprecated GLib
Macro
* d/p/gcc9-GStaticRecMutex.patch: stop using deprecated GStaticRecMutex
Upstream commit 19ca3e36
* d/p/gcc9-build-error-in-vmblocktest.c.patch: avoid error due to
stringop-truncation
Upstream commit 553d1283
[ Bernd Zeimetz ]
* [0ce2ba2] Policy 4.0.1: The extra priority has been deprecated
* [c8760c6] Bumping Standards-Version to 4.4.0
* [a6ed8ce] Don't override dh_builddeb.
debian-rules-should-not-use-custom-compression-settings
* [bdfd8b5] Remove add_patch script
* [be4d889] Update copyright years.
* [9ac710e] Remove autotools-dev dependency.
* [4296cf4] Fix permissions of udev rules file
* [ed11c19] A new lintian override
[ Christian Ehrhardt ]
* [d79cc9d] d/control: fix postinst missing lsmod/modprobe.
Upgrades on open-vm-desktop can trigger errors like the following:
/var/lib/dpkg/info/open-vm-tools-desktop.postinst: 5:
/var/lib/dpkg/info/open-vm-tools-desktop.postinst: lsmod: not found
/var/lib/dpkg/info/open-vm-tools-desktop.postinst: 6:
/var/lib/dpkg/info/open-vm-tools-desktop.postinst: modprobe: not found
The reason is that kmod isn't a dependency of open-vm-tools-desktop and
could be missing e.g. if you installed it in a system container.
Once might discuss how useful open-vm-tools-desktop is in that
environment but a n issue to fix none the less.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
[ Bernd Zeimetz ]
* [4d3f25f] Fix guest OS reporting for Debian/Buster.
Without this fix, open-vm-tools report other4xLinux64Guest instead of
Debian/Buster.
Reason is the output of lsb_release, which outputs:
$ lsb_release -sd
Debian GNU/Linux 10 (buster)
But the code in open-vm-tools expects '10.'.
Thanks to Oliver Kurth (Closes: #934005)
* [122e511] Update upstream source from tag 'upstream/10.3.10'
Update to upstream version '10.3.10'
with Debian dir fb12c7cfc99a9497795475c29306e78d08cc3712
- Closes: #925940
- Bugfix release for the 10.3 series.
- Correct and/or improve handling of certain quiesced
snapshot failures (shipped as patch in 2:10.3.5-6).
- Fix some bad derefs in primary NIC gather code
- Fix possible security issue with the permissions of the
intermediate staging directory and path.
Closes: #925959
- CONSTANT_EXPRESSION_RESULT in TimeUtil_StringToDate()
Found by coverity.
- Deploypkg log files of linux should not be world readable.
They might contain sensitive data.
- General code clean-up:
- Treat local variables "len" consistently as "size_t"
type in Posix_Getmntent_r()
- Improve readability of error handling logic in
ShrinkDoWipeAndShrink() and remove another line of dead code.
- Setting "errno" to ENOENT when there is no passwd entry
for the user.
- Fix NULL pointer dereference and remove three lines of dead code.
- Other changes/fixes, not related to Debian:
- Update copyright years
- Fix CentOS 7.6 detection
- Include vmware/tools/log.h to define g_info (fix for SLES)
- Special-case profile loading for StartProgram
(Win32 only)
- Changes to common source files not applicable to
open-vm-tools. (Code used by other vmware tools, unrelated
to open-vm-tools).
- Bump up the SYSIMAGE_VERSION for VMware tools 10.3.10
* [18de70f] Removing backported patches, shipped in 10.3.10.
[ Jean-Baptiste Lallement ]
* [0f35aee] Add modaliases to open-vm-tools-desktop.
Added Modaliases to open-vm-tools-desktop to auto-discover and
auto-install the driver on Ubuntu via ubuntu-drivers. The driver is then
installed at installation time and available on first boot for an
improved user experience (LP: #1819207)
[ Bernd Zeimetz ]
* [dc4e1ce] Load vmwgfx module before vmtoolsd starts.
As discussed on github in vmware/open-vm-tools#214
we need to load the vmwgfx module before starting vmtoolsd
for desktop users. Otherwise it is not able to retrieve the KMS
resolutions and resizing the VM desktop fails.
Thanks to @thomashvmw @rhertzog (Closes: #924518)
[ Christian Ehrhardt ]
* [71b468f] make vgauth service execution more reliable.
Since d3d47039 "Start vgauth before vmtoolsd" there is a potential race
of starting vgauth so early that it might have issues. This was
discussed back in the day in [1] to [2], but confirmed to be ok by
VMWare.
We were all somewhat convinced by this, but a bad feeling remained not
only with me but also with Bernd [4].
A recent SRU review denial made me rethink all of it and I think we can
make it safer without thwarting the purpose of the original change.
Note: Disambiguation of service names used below:
vgauth - open-vm-tools.vgauth.service
vmtoolsd - open-vm-tools.service
fs - systemd-remount-fs.service
tmp - systemd-tmpfiles-setup.service
cloud-init - cloud-init-local.service
Currently we have these dependency requirements:
- vgauth should be before vmtoolsd
- cloud init should be before vmtoolsd
- cloud init has to be really early in general
- therefore this is using DefaultDependencies=No
That lead to this graph:
fs / tmp -> vmtoolsd -> cloud-init
And d3d47039 added it to be like:
fs / tmp -> vmtoolsd -> cloud-init
^
vgauth --|
But there is no need to have vgauth without any pre-dependencies at all.
It is only needed to be "before" vmtoolsd, therefore we can make it:
fs / tmp -> vgauth -> vmtoolsd -> cloud-init
That will make execution of vgauth much less error-prone (even though I
have no hard issue to report) while at the same time holding up all
known required ordering constraints.
[1]: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1804287/comments/3
[2]: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1804287/comments/12
[3]: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1804287/comments/25
[4]: https://github.com/bzed/pkg-open-vm-tools/pull/15#issuecomment-447237910
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
* [43ec618] Correct and/or improve handling of certain quiesced
snapshot failures.
Thanks to Oliver Kurth (Closes: #921470)
* [54cce3e] Start vmtoolsd after apparmor.service.
Github issue #17
[ Alf Gaida ]
* [e13792d] udevadm trigger should not fail (Closes: #917642)
[ Christian Ehrhardt ]
* [d3d4703] Start vgauth before vmtoolsd.
VGAuthService needs to be ready when vmtoolsd runs. Certain cases - e.g.
Site Recovery Manager failover - will need vgauth to be up.
Therefore add an After=vgauth.service dependency to open-vm-tools.service
To have vgauth be able start early - and not pull cloud-init back late - it
is also required to drop default dependencies which according to VMware is
fine to do so.
(LP: #1804287)
[ Raphal Hertzog ]
* [db2a364] Ensure vmwgfx module is loaded before start of vmtoolsd.
This avoids a failure to start the resolutionKMS plugin and it's
achieved through a drop-in snippet extending open-vm-tools.service
adding an ExecStartPre directive loading the module prior to
the start of the service. (Closes: #915031)
[ Christian Ehrhardt ]
* [e6e0ab8] d/rules: fix dangling symlink of vmware-user.
Back in 2:9.4.0-1280544-6 vmware-user* was moved to the
open-vm-tools-desktop package and some follow on fixes moved bits that
were forgotten like the man page.
(LP: #1807441)
There still is a symlink in /usr/bin/vmware-user that is forgotten in
the base package and broken unless open-vm-tools-desktop is installed.
Change d/rules to move the symlink as well.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
* [13d22e5] Breaks and Replaces for moving vmware-user.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
* [d56826a] Bump breaks and replaces to next version to be released.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
[ Bernd Zeimetz ]
* [e4697c7] Fix race condition between open-vm-tools and
systemd-tmpfiles-setup. Thanks to Jean-Louis Dupond (Closes: #914910)
* [7061cb7] Update upstream source from tag 'upstream/10.3.5'
Update to upstream version '10.3.5'
with Debian dir 9315f58cab8ba1356c1e4aa77d714257dc0651f2
* [16acbc3] Remove PrivateTmp=yes.
Thanks to Christian Ehrhardt (Closes: #905170)
* [72aabb2] Add RequiresMountsFor=/tmp.
Thanks to Christopher Odenbach (Closes: #900566)
* [96bf0c5] Update upstream source from tag 'upstream/10.3.0'
Update to upstream version '10.3.0'
with Debian dir ace0137b2d17e039ddac188fdcd15f882119925a
* [e5a9b82] Re-add .travis.yml
* [83e043f] Refreshing patches
* [ea03a58] Update upstream source from tag 'upstream/10.2.5'
Update to upstream version '10.2.5'
with Debian dir 74e96286320224bb6d5b717034930169514dbd51
* [c1c18d3] Refreshing patches.
* [47e50a1] Fix debhelper dep for backports
* [34538a5] Make tools.conf useful.
Thanks to Dariusz Gadomski (Closes: #889884)
* [249d54c] Fix wayland segfault.
Adding a patch from Fedora to fix a wayland/gnome related segfault.
Thanks to Oliver Kurth (Closes: #887755)
* [f0bf956] Add .travis.yml which was removed by gbp.
* [892e2f6] Build with gtk3.
* [03a655b] Check if debhelper handles \ in systemd units.
Thanks to Oliver Kurth (Closes: #886191)
* [5bf9301] Drop -dkms package.
Thanks to Christian Ehrhardt (Closes: #884656)
* [236cdba] Update upstream source from tag 'upstream/10.2.0'
Update to upstream version '10.2.0'
with Debian dir d5190e486b6beb65ee7ed31c0c23a789b8f60cab
(Closes: #884496)
* [692beff] snapshot changelog.
* [45aa743] Add .travis.yml which was removed by gbp.
* [aabeded] Fix dpkg --compare-versions call
* [0697425] Better debhelper version parsing.
* [390ec09] fix even more makefile bugs.
* [6e5fa38] Refreshing patches.
Dropping kernel-module related patches.
* [cbfec05] Drop dh_autoreconf, not needed anymore.
* [d5fef50] autotools-dev is done by dh now.
* [b66ab14] use dh_installsystemd
* [78a17f1] Remove fixed CXX std setting.
* [f96f479] Updated version 10.1.15 from 'upstream/10.1.15'
with Debian dir c44394c71e055f4cfd3a15ee578fc9895d64ebb1
* [682790b] Refreshing patches.
* [00bc9bb] Build with CXXFLAGS=-std=c++14.
Thanks to Rene Engelhard and Oliver Kurth (Closes: #876121)
* [6b61376] Re-add .travis.yml.
Seems it went missing with the last merge.
* [bf07ae8] Work around dh_systemd escaping bugs again.
Seems the unit escaping changed with a new dh version.
Work around the known and reported fails again.
Thanks to Christian Ehrhardt (Closes: #875657)
[ Shota Aratono ]
* [5ab87bd] Fix scsi timeout setting error on debian stretch
* [c0847eb] Fix attempting change setting to unintentional target
[ Raphal Hertzog ]
* [dc2e27f] Add patch to support resolution switching with KMS.
This is needed for proper support of Wayland sessions. (Closes: #872779)
* Drop the extra part of the version string.
Easier to handle in the short variant.
* [6be6a49] Updating watch file.
Use tags from github.
* [8c25235] Updated version 10.1.10 from 'upstream/10.1.10'
with Debian dir 3dddea7985f21457b294b5f554d5ecdf32aabfff
* [195cead] Refreshing patches.
Removing cve-2015-5191.patch as it is part of the upstream release.
* [e6b3fd5] Build using libssl-dev and libxmlsec1-dev. (Closes: #859416)
* [dec8df6] Upstream fix for CVE-2015-5191 (Closes: #869633)
* [718133e] Enable PrivateTmp for the open-vm-tools.service.
* [27689b3] Load the fuse module before mounting /run/vmblock-fuse.
Thanks to Norbert Lange (Closes: #860875, #860861)
* [008bdde] Don't recommend -dkms for -desktop.
The dkms package is clearly not necessary anymore here.
Thanks to Oliver Kurth (Closes: #860857)
* [ffc37f2] Let -desktop depend on fuse.
Mounting fuse filesystems requires mount.fuse - and doing so
is required for a working desktop running under VMware.
* [cf1f9b3] Ensure /run/vmblock-fuse is mounted properly.
- open-vm-tools-desktop.postinst: Add the fuse module if it was
not loaded into the kernel before
- Handle the mount unit with dh_systemd_*
- Ensure /run/vmblock-fuse is mounted before open-vm-tools.service
is started.
* [1f479db] Do not restart run-vmblock\x2dfuse.mount on upgrades.
Restarting won't work if people are using the mountpoint,
also it would require to restart vmtoolsd.
* Unfortunately mounting the fuse filesystem properly depends
on a fix in deb-systemd-invoke, see #861204.
* [0aa95b6] Start open-vm-tools before cloud-init-local.service.
Required for a working guest customization as reported by VMware.
Also add cloud-init to 'Suggests'.
Thanks to Sankar Tanguturi (Closes: #859677)
* [651cdfe] Depend on iproute2.
Necessary for /etc/vmware-tools/scripts/vmware/network.
* [ed95c1d] Depend on libssl1.0-dev | libssl-dev.
Thanks to Tiago Daitx (Closes: #856569)
Makes building the package in Ubuntu easier.
* [2750700] Add o-v-t as dependency of o-v-t-dev.
Thanks to Andreas Beckmann (Closes: #858494)
* [60d1417] Merge tag 'upstream/10.1.5-5055683'
Upstream version 10.1.5-5055683
Closes: #856330
10.1.5 is a point release fixing the following issues:
- Authentication failure is reported as unknown general system error.
Attempts to authenticate through VGAuth service might result
in an authentication-specific error such as an expired account or
password. The authentication-specific error might then be incorrectly
reported as an unknown general system error, similar to the following:
CommunicationException: Failed to create temp file on target
<IP_ADDRESS>: A general system error occurred: Unknown error
- Unable to backup virtual machines with active Docker containers.
This bug should not happen in Debian stretch at all, but might
be relevant for backports.
- Fix ISO mappings for CentOS/OracleLinux. Not relevant for Debian
- Thaw Filesystems if snapshot commit message to VMX fails.
- Add missing agent configuration files that were accidentally
ignored by .gitignore
[ Chris Glass ]
* [d55b33f] Point the control file's homepage to the new one.
The upstream open-vm-tools switched from sourceforge to github. This
simply updates the link to reflect that.
Signed-off-by: Chris Glass <chris.glass@canonical.com>
[ Bernd Zeimetz ]
* [f44a9a8] Drop duplicate udev rules.
Timeouts are set in 99-vmware-scsi-udev.rules now,
shipped by upstream.
Thanks to Bernhard Schmidt (Closes: #851240)
* [21df3fa] Install vgauth.service.
vgauth is a service that allows authentication in the guest using SAML
tokens. Necessary for guest operations initiated from the vSphere
datacenter. (Closes: #855337)
* [17b04da] Override dh_md5sums for arch-dependent packages only.
Thanks to Santiago Vila (Closes: #849876)
* [fe8ae94] Stay with .gz as compression.
* [afb2f52] Use systemd-detect-virt if available.
Use systemd-detect-virt to detect VMware platform because
vmware-checkvm might misbehave on non-VMware platforms.
(RHBZ#1251656)
* [1505d5f] Re-indent files properly.
* [1b0b7eb] vm-support script needs lspci from pciutils.
(RHBZ#1388766)
* [1e2eb34] Make dpkg --verify happy now. (Closes: #847221)
* [72150f0] Merge tag 'upstream/10.1.0-4449150'
Upstream version 10.1.0-4449150
* [d4743dd] Bump dh compat level to 10.
* [acce982] Handle open-vm-tools subdirectory as shipped by upstream.
* [9047555] Install upstream changelog.
* [fafb845] Remove extra \ from md5sums file.
See #843163
dpkg: -V fails on files with \ in the name
for details.
* [1455af1] Refreshing patches.
* [776971c] dh_autoreconf_clean doesn't need --sourcedirectory.
* [d50714b] Stay with libssl1.0 for now. (Closes: #828476)
* [a0c6696] Fix dkms.sh call for new directory structure.
* [9295c22] Add .travis.yml from http://travis.debian.net.
* [af7da59] Fix building the vmxnet module for kernel 4.7.
Thanks to Hilmar Preue (Closes: #836915)
* Non-maintainer upload.
[ Bernd Zeimetz ]
* [0176637] Recommend lsb_release for consistent hostinfo.
[ Raphal Hertzog ]
* [257c90b] Fix build failure with GCC 6.
Thanks to Paul Wise for the patch. (Closes: #812046)
* [007eacb] Better check for availability of vmware-checkvm and -rpctool.
* [5060f42] Notify vmware when removing open-vm-tools.
Thanks to Yanhui He (Closes: #825810)
* [f2f4971] Work around wrong dkms versions.
* [1be403b] Move vmhgfs-fuse to open-vm-tools.
As suggested by various people: vmhgfs-fuse is useful on server
installations by mounting it from fstab, without having GTK installed.
This closes bzed/pkg-open-vm-tools#4
* [537ed0a] Drop -dbg package.
Creating debug packages is handled by dh_strip automatically.
* [3bef19a] Updating debian/watch to use github.
* [806e1e9] Merge tag 'upstream/10.0.7-3227872'
Upstream version 10.0.7-3227872
* [da26597] Merge pull request #3 from rfc1036/usrmerge.
Move mount.vmhgfs to /sbin/
Closes: #810274
* [c973a13] Merge tag 'upstream/10.0.5-3227872'
Upstream version 10.0.5-3227872
* [d10e230] Auto-update version in open-vm-tools-dkms.dkms
* [8b49d5b] fix open-vm-tools-dkms description
* [e42d6de] Fix dkms config file.
* [b0ae431] Merge tag 'upstream/10.0.0-3000743'
Upstream version 10.0.0-3000743
Closes: #797725
* [27f0147] Snapshot changelog
* [236554b] Refreshing patches.
* [711f1e2] Merge remote-tracking branch 'origin/master'
* [bfc0ed3] Remove the vmhgfs module and tools.
* [6ab9fc7] Move fuse binaries into open-vm-tools-desktop package.
* [2617cef] Use -std=gnu++11
* [e5e0c1f] ensure dh_fixperms runs as root
* [4c57986] Remove paths from maintainer scripts.
* [03db1df] Fix dkms destination folder.
* [fb5a5a1] Merge branch 'master' of github.com:bzed/pkg-open-vm-tools
* [ba55c8a] Work around broken cflags from libsigc++.
* [c78bd75] Always use vmhgfs-fuse.
We want to avoid the need to patch the module for every new kernel.
VMware officially supports vmhgfs-fuse for kernels >= 4.0, but
it should just work fine for older kernels. (Closes: #800322)
* [41f90f1] Make open-vm-tools-dev amd64/i386 instead of all.
* [6537e76] Update package version in dkms file.
* [c3a1d4a] Add patch to support backing dev info.
Thanks to Peter Vrabel (Closes: #794843)
* [be97f01] Add missing #DEBHELPER# statement.
* [eac5b6a] Updating Standards Version
* [a508cfe] Remove path from command in maintainer script.
* [085d637] Remove executable bit from config files.
* [b084140] Move all dev files into the -dev package.
* [ac965de] Fix building vmghfs for kernel >= 4.1.
Thanks to Achim Schaefer (Closes: #794707)
* [16ca60a] Update gbp config header in debian/gbp.conf.
* [a4125bd1] Merge tag 'upstream/9.10.2-2822639'
Upstream version 9.10.2-2822639
(Closes: #789722)
* Quiescing Filesystems should work as expected. (Closes: #784398)
* [d7d898c4] Update package version in dkms file.
* [4148c544] Also fix version number in modules/linux/dkms.sh.
* [7967f7c1] Fix version number in configure.ac.
* [4de8ff44] Add script to update patches.
* [52b74910] Merge tag 'upstream/9.10.0-2476743'
Upstream version 9.10.0-2476743
(Closes: #781784)
* [fddc317d] Refreshing patches for new upstream version.
* [7b53f258] Add libmspack-dev as build-dependency.
* [6b5841da] Add libssl-dev as build-dependency.
* [de52be8e] Add libxerces-c-dev as build-dependency.
* [17b2788a] Add libxml-security-c-dev as build-dependency.
* [406817b6] Add patch to move from d_alias to d_u.d_alias.
Make open-vm-tools build with the recent jessie kernel again.
Thanks to Timo Metsala (Closes: #778293)
* [8df5b4ac] Adding patch to fix CVE-2014-4199.
Thanks to Moritz Muehlenhoff (Closes: #770809)
* [6b514014] Fix installation of systemd services.
Thanks to Norbert Lange (Closes: #764295)
* [1130d9e9] Workaround for buggy dh_systemd_start.
* [1d43a9e7] Remove the automount feature for vmblock-fuse.
vmtools* checks /etc/mtab and friends for mounted filesystems
instead of using stat or something similar.
* [b06f93e5] Add mate-panel to xautostart.conf
* [26a5da76] Workaround open-vm-tools-desktop upgrade failures.
For now just ignore errors while unmounting the fuse-vmblock
file system.
* [7f362040] Create /tmp/VMwareDnD for vmblock-fuse.
* [c5f35c1b] Revert "Fix Breaks and Replaces Fields in debian/control"
This reverts commit 34797213251956fbc1451ab1affc7b6c413b7072.
[ Norbert Lange ]
* [34797213] Fix Breaks and Replaces Fields in debian/control
* [aff1eb77] Add udev rule for vsock.
The blockdevice is created at /dev/vsock after loading the module,
but with 0600 permissions which dont allow access for regular users.
This rule fixes the issue by changing perms to 0666
[ Bernd Zeimetz ]
* [371e5d30] Move vsock udev rules into open-vm-tools.udev.
The vsock module is shipped in the vanilla kernel these days.
* [edaeb2fd] Add systemd (auto)mount units for vmblock-fuse.
This will hopefully make drag & drop operations work properly.
Also add fuse to Recommends of the -desktop package as it is
needed to mount fuse filesystems.
Thanks to Norbert Lange (Closes: #736812)
* [171276e3] Remove update-rcd-params from dh_installinit.
Thanks to Remi (Closes: #762695)
[ Bernd Zeimetz ]
* [b04735fa] Ensure LINUX_BACKPORT is defined in
patches/kuid_t-kgid_t-fix-for-3.12.
[ Norbert Lange ]
* [01aaa407] Fix initramfs hook for the vmxnet module
* [5279fa17] Move the dkms module location patch before otehr patches
changing the dkms.conf file. this eases adding or removing those patches
* [b1db2b5c] Move files belonging to modules in dkms package.
Call update-initramfs for the dkms package. Otherwise the initrd wont
contain the vmxnet module if you installed the dkms package after the
tools package. Move the module scripts to the dmks package.
The modules in the dkms package should work without the tools now.
[ Bernd Zeimetz ]
* [d0ccee4f] Run #DEBHELPER# first in open-vm-tools-dkms.postinst.
Otherwise dkms was not called and the module is not built yet.
* [f680b4fa] Run update-initramfs in open-vm-tools-dkms.postrm.
Otherwise a removed module stays in the initrd.
* [ef4bd019] Remove unused DEPRECATED define.
The dkms module ftbfs with 3.16 as DEPRECATED is define in the kernel
source already.
Thanks to Benjamin Kaduk (Closes: #761924)
* [5389dd1f] Some more fixes to make dkms build on 3.16
* [4c1f5fa7] Drop dkms.conf patches.
Ship the dkms.conf file in debian/local instead.
* [805ccb06] Tidying patches.
- Removing those for kernel modules we don't build anymore
- Taking fixes for current issues from Arch
- Sorting patches into from_fedora / from_arch / debian directories.
This will break backports to wheezy.
* [519191ff] Fix dh_dkms call for new dkms.conf
* [d493d4ce] Remove vmware-user-suid-wrapper.1 from open-vm-tools.
The manpage belongs to the -desktop package and was accidentally
synced from Ubuntu.
Thanks to Ralf Treinen (Closes: #757739)
[ Bernd Zeimetz ]
* [d448e841] Merge tag 'upstream/9.4.6-1770165'
Upstream version 9.4.6-1770165
Closes: #756620
* [969fc903] Ensure that vmware-user-suid-wrapper ships a suid bit.
* [8067da08] Add -Wno-sizeof-pointer-memaccess gcc option.
See http://sourceforge.net/p/open-vm-tools/mailman/message/32550433/
for details. Code quality doesn't seem to be the best :(
* [b5ba8c3b] refreshing patches.
* [36cd39c6] Updating changelog.
* [99f43e95] Revert "Add -Wno-sizeof-pointer-memaccess gcc option."
This reverts commit 8067da0891e0fc6a2e55853a103ff2c95fa1f59b.
* [bb95d814] Adding a patch from fedora instead of
-Wno-sizeof-pointer-memaccess.
* [d6b2ad4a] Update manpages.
Changes taken from Ubuntu, thanks!
* [3768ff7f] Better startup message if not in a vm.
Patch taken from Ubuntu (LP: #1289564).
* [4d5dec19] Add patch for Debian 7.X os recognition.
Official code only handles 7.0 and 7.1.
Also maybe 8.x, needs to be tested if it breaks stuff in vmware.
* [7b3d23c9] Refreshing patches.
* [af20a700] Make patches/kuid_t-kgid_t-fix-for-3.12 compatible with
older kernels. Thanks to Norbert Lange for the idea.
* [c4df056b] PIC handling in configure is broken.
Add --with-pic as configure option and -fPIC to CFLAGS.
[ Nicholas Levi Sielicki ]
* [eafd8723] Rise the number of supported NICs.
There is an arbitrary constant declared limiting the amount of NICs that
it supports. I have bumped the limit from 16 to 64 to make this
toolset functional for larger setups. (Closes: #756808)
* [0ecb889e] Removing old transitional packages.
* [5e039b52] Add missing Breaks/Replaces for file moves.
* [9d01b21d] Fix vsock removal patch, add some missing ""
* [2ae80665] Add e55039c_HGFS-Fix-Linux-client-symlinks patch again.
Went missing during a merge conflict. Ouch.
* [d7f7e40e] Fix vsock removal patch (avoid { foo;; })
* [9960cb11] Add gbp setting for merge info in changelog.
* [645a5350] Remove old patch for the vsock module.
Not necessary in the current version anymore.
Thanks to Hilmar Preue (Closes: #748202)
* [4c8effb7] Fix patch to avoid building vmblock on kernel >= 3.0.
No real difference, though, as we don't build kernel modules with
configure.
* [2cbfa96d] Refreshing patches.
* [be59923b] Do not build vsock on kernels >= 3.9
the vsock module was included in the upstream kernel.
* [6d36f49e] Move .desktop file into the -desktop package.
* [ef406f81] Move /lib/modules-load.d/open-vm-tools.conf to
open-vm-tools-dkms. Thanks to Jim Barber (Closes: #748187)
* [56742c8c] Revert "Use /run/VMwareDnD instead of /tmp/VMwareDnD."
This reverts commit 49dc599d453ed40a1299b9a376755cdbb43e0da2.
* [c6df2503] Patch pam.d/vmtoolsd to use common-auth/account.
[ Cdric Barboiron ]
* [4e45e2e8] Hot apply udev rule for disk timeout
* [527525fc] fix syntax-error-in-dep5-copyright
* [5f6b2a47] fix malformed-override open-vm-toolbox
* [5aabaf79] fix manpage-has-errors-from-man
* [f867443c] fix executable-not-elf-or-script
match unit file rights in systemd package
* [f89024a1] fix file locations in copyright
[ Bernd Zeimetz ]
* [76dadf83] Add patch for CVE-2013-3237.
* [fa7d4a63] Merge pull request #1 from yastupin/master
procps, init script and doc
* [115b8c49] Better permission handling.
Especially for pam.d files and vmware-user-suid-wrapper.
* [70fa10d1] Fix vmxnet initramfs-tools hook.
Thanks to Norbert Lange
* [9d3f3c9b] Move vmware-user-suid-wrapper into desktop package.
* [49dc599d] Use /run/VMwareDnD instead of /tmp/VMwareDnD.
/tmp/VMwareDnD might be existing already or evil users might try to
trick us into doing bad things. Using known directories in /tmp is bad
enough not to spend time to try to figure out if the code tries to work
around possible attacks. Using a directory in /run is a much safer
approach. Proper init scripts will be added at a later point.
* [d9467cd9] Dropping lintian override files.
Also fixing some lintian warnings.
* [a7f7e5bd] Use libprocps-dev instead of libprocps0-dev.
* [21214012] Use manpages-desktop as source folder for -desktop.
* [31c30832] Revert "Enable building of vmci again."
This reverts commit 0d55577cd3c262dbbc2bf79593d6f500f84c4170.
Too fast upload, sorry. vmhgfs is indeed (still) broken with
vmci.
* [0d55577c] Enable building of vmci again.
Also patch it to build with 3.12
* [8b23a27d] Revert "Add /mnt/hgfs as hgfs mountpoint."
Although the idea from the Ubuntu people to ship the mountpoint
in the package is nice, lintian is rather unhappy about it.
This reverts commit 1e7d8645e48f601e79eb5771e05272b367fa4eb1.
* [46f99c30] Remove procps support for now.
Unfortunately the procps package in unstable is rather broken, procps
support will be enabled again when the new procps version managed to
migrate to testing.
* [242d45e4] Pick patch from upstream to build with gcc 4.8
* [ed8f797f] Add script to pick patches from upstream.
* [312be5d5] Snapshot changelog.
* [c125af80] Use /updates/dkms/ as location for kernel modules.
We don't want to mess with files shipped in kernel module packages.
* [f63a890c] Bumping Standards-Version, no changes needed.
* [1e7d8645] Add /mnt/hgfs as hgfs mountpoint.
* [0bcabab3] Fix add_patch script.
* [1d436969] Add some more patches to make dkms succeed on recent kernels.
Also add dh_autoreconf as we modify configure.ac
* [088450dd] Also apply the changs from upstream's 530ef7f for dkms.
vmblock should be used via fuse now, vmsync is not needed anymore.
* [cf44ff2f] Pick patch from upstream: Harden HostinfoOSData
* [21ca2b74] Pick patch from upstream: building on kfreebsd.
* [82123155] Use libprocps3-dev instead of libprocps0-dev.
* [da76a5e9] Add patch to convert kuid_t/kgid_t to uid_t/gid_t.
Building against kernel 3.12 should succeed now.
* [91e91538] Pick another fix from upstream to make vmhgfs build on 3.12
* [53ea11a4] Add Vcs Headers to debian/control.
* [d19592cc] Revert "Use libprocps3-dev instead of libprocps0-dev."
This reverts commit 821231554486ec7ff36cd36e89a6b0ef7c7a5552.
Due to procps being completely broken in unstable.
* [b85cd491] Taking over the maintenance of open-vm-tools. (Closes: #717381)
* [ecccbddd] Adding watch file.
* [12cfd169] Merge tag 'upstream/9.4.0-1280544'
Upstream version 9.4.0-1280544
* [7e93ef77] Refreshing patches.
* [25fe744b] Adding CUSTOM_PROCPS_NAME/CFLAGS to dh_auto_configure call.
* [4d1081bc] Importing patches from Ubuntu.
As open-vm-tools should just do the right thing, we leave building
vmsync enabled to make backporting easier.
Thanks to Nate Muench <NowIWillDestroyAbydos@gmail.com>
* [a0fae111] Copy upstream's dkms config for dh_dkms.
* The new upstream release, together with the flags and new patches
mentioned above, makes open-vm-tools build with Kernel 3.11.
Thanks to: Jim Barber and Mihai Limbasan
Closes: #729540
* QA upload
* Fix compilation with Linux 3.10. Thanks to Zack Weinberg for the patch!
(Closes: #717154)
* Correcting syntax of file entries in copyright.
* Adding section override for open-vm-tools-dkms.
* Enforcing build with gcc 4.7 for the time being.
* Orphaning package.
* Dropping obsolete sysvinit initscript start/stop numbers.
* Dropping kfreebsd from architecture list, it has never built and
nobody seems willing to make it work (neither upstream, porters, nor
users).
* Adding initial systemd service file from fedora.
* Skipping vmsync kernel module for the time being until it has been
fixed for the debian specific change introduced in linux 3.8.11-1 that
broke it (Closes: #707208).
* Renaming debian-specific open-vm-toolbox package to open-vm-tools-
desktop for consistency with upstream.
* Revamping package descriptions.
* Renaming open-vm-dkms to open-vm-tools-dkms for consistent package
namespace.
* Merging upstream version 9.2.3-1031360.
* Removing procps.patch, not needed anymore.
* Renumbering patches.
* Adding patch from Mathias Krause <minipli@googlemail.com> to fix
kernel stack memory leack in vsock module [CVE-2013-3237] (Closes:
#706557).
* Removing purely cosmetical 'sleep 1' leftover in initscript (Closes:
#686200).
* Removing all references to my old email address.
* Updating to standards version 3.9.4.
* Shortening build-depends on procps again.
* Updating year in copyright file.
* Prefixing patches with 4 digits for consistency.
* Tightening diff headers in patches.
* Adding dpkg-source local-options to abort on upstream changes.
* Dropping dpkg-source compression levels.
* Removing init order to network also on start (Closes: #695845).
* Correcting daemon name in stop section of the initscript (Closes:
#696056).
* Removing init order to network (Closes: #695845).
* Correcting version number (Closes: #695912).
* Don't check for vm on stop in initscript (Closes: #695993).
[ Daniel Baumann ]
* Switching to xz compression again for jessie.
* Loading modules through kmod instead of initscript again for jessie.
* Adding sleep during restart in initscript again for jessie.
* Removing old dpkg trigger for update-initramfs again for jessie.
* Updating of GPL boilerplate in copyright file again for jessie.
* Adding bugnumber to previous changelog entries regarding wheezy
unblocks.
* Merging upstream version 9.2.2-893683.
* Adding remote_fs dependency in initscript (Closes: #695845).
[ Bernd Zeimetz ]
* Handling binNMU/nmu/backports version numbers in rules.
[ Daniel Baumann ]
* Using suggested start-stop-daemon handling in initscript from Bernd
Zeimetz <bernd@bzed.de> (Closes: #686200).
* Adding changelog for 8.8.0+2012.05.21-724730-1+nmu1 (Closes: #687205).
* Correcting architecture fields in control.
* Keeping vmware-user-suid-wrapper completely in vmware-tools rather
than partially in vmware-toolbox (Closes: #686202).
* Reverting switch to xz compression to ease wheezy unblock (#683299).
* Reverting to load modules through kmod instead of initscript to ease
wheezy unblock (#683299).
* Reverting added sleep during restart in initscript to ease wheezy
unblock (#683299).
* Reverting removing old dpkg trigger for update-initramfs to ease
wheezy unblock (#683299).
* Reverting update of GPL boilerplate in copyright file to ease wheezy
unblock (#683299).
[ Thijs Kinkhorst ]
* Updating dkms.conf to make modules build again, thanks to H.A.J.
Koster (Closes: #679886).
* Switching to xz compression.
* Loading modules through kmod instead of initscript.
* Adding sleep during restart in initscript.
* Removing old dpkg trigger for update-initramfs.
* Updating GPL boilerplate in copyright file.
* Calling dh_dkms with version argument (Closes: #677503).
[ Bernd Zeimetz ]
* Non-maintainer upload to ensure open-vm-tools will
be shipped with Wheezy.
* Ensure upgrades to not fail due to the broken init script
(Closes: #686200)
- Fix open-vm-tools init script to stop vmtoolsd properly.
- Handle upgrades from a version with broken init script.
Try to stop again, just in case. Ignore errors as we don't know
how successful the old buggy script was.
* Remove the duplicate vmware-suid-wrapper from open-vm-toolbox.
The better way would be to ship it in open-vm-toolbox instead of
open-vm-tools, but to avoid moving config files from one package
into another we will keep it this way for Wheezy. Partly addresses
#686202.
* Handle binNMU/nmu/backports/... version numbers.
The old way to parse the version string from debian/changelog fails
on binNMU/nmu/security/... version numbers. Fixing this.
(Closes: #686582)
[ Daniel Baumann ]
* Updating GPL boilerplate in copyright file.
* Calling dh_dkms with version argument (Closes: #677503).
[ Thijs Kinkhorst ]
* Updating dkms.conf to make modules build again,
thanks to H.A.J. Koster (Closes: #679886).
* Merging upstream version 8.8.0+2012.05.21-724730.
[ Michael Dorrington ]
* Changed Build-Depends to libprocps0-dev to fix libproc-dev removal
(Closes: #659595).
[ Daniel Baumann ]
* Merging upstream version 8.8.0+2012.03.13-651368:
- compatible with linux 3.2 and 3.3 (Closes: #656618).
* Updating to debhelper version 9.
* Updating to standards version 3.9.3.
* Updating copyright file machine-readable format version 1.0.
* Building with debhelper dkms support (Closes: #651779, #654249).
* Updating procps patch for newest procps library name.
* Building without multiarch paths for now.
* Merging upstream version 8.8.0+2011.12.20-562307.
* Adding patch to correct typo in upstreams dkms configuration
(Closes: #651778).
* Merging upstream version 8.8.0+2011.11.20-535097.
* Adding patch to update build-system for procps-ng.
* Merging upstream version 8.8.0+2011.10.26-514583.
* Correcting typo in example fstab line of vmhgfs manpage.
* Sorting overrides in rules alphabetically.
* Compacting copyright file.
* Adding udev rule to set timeout for vmware scsi devices (Closes:
#609001).
* Adding doxygen to build-depends for api documentation.
* Adding libcunit1-dev to build-depends for test suites.
* Adding dmks package again, it had to be dropped right before the
squeeze release (Closes: #632220).
* Removing open-vm-source in favour of open-vm-dkms (Closes: #518014).
* Minimizing rules file.
* Adding open-vm-tools-dev package, containing only the api
documentation for now.
* Moving package back to main as it is in the same category as
xserver-xorg-video-vmware where it was in the first place.
* Marking binary architecture-dependend packages as linux and kfreebsd
only.
* Removing legacy symlink for vmware-user desktop file in vmware-
toolbox (Closes: #639811).
* Merging upstream version 8.8.0+2011.09.23-491607:
- works with binutils-gold (Closes: #556756).
* Removing liburiparser-dev from build-depends as upstream dropped
unity support.
* Building with libproc-dev on amd64 again.
* Dropping disabling of dnet support (Closes: #639767).
* Merging upstream version 8.4.2+2011.08.21-471295 (Closes: #608823):
- building against newer libnotify (Closes: #636344).
- works with current kernels (Closes: #614292, #617536, #629980).
* Updating maintainer and uploaders fields.
* Removing vcs fields.
* Removing references to my old email address.
* Updating years in copyright file.
* Updating to standards version 3.9.2.
* Updating to debhelper version 8.
* Switching to source format 3.0 (quilt).
* Removing manual chrpath setting.
* Removing exclusion from plugins from debhelper shlibs.
* Rediffing kvers.patch.
* Updating packaging for new upstream version.
* Merging upstream version 8.4.2-261024.
* Re-enabling vmmemctl (Closes: #606327).
* Re-enabling pvscsi.
* Re-enabling vmxnet3.
* Rediffing kvers.patch.
* Updating modules to standards version 3.9.1.
* Removing dkms package, doesn't work with 8.4.2 yet.
* Excluding plugins from shlibdeps.
* Setting rpath for plugins.
* Updating local Makefile to inject symvers files to fix vmhgfs and
vsock modules, thanks to Joe Gooch <mrwizard@k12system.com> (Closes:
#579721).
* Updating standards version to 3.9.1.
* Removing vmmemctl fom initscript (Closes: #588356).
* Merging upstream version 2010.06.16-268169.
* Updating standards version to 3.9.0.
* Updating README.source.
* Rediffing kvers.patch.
* Dropping procps.patch, not required anymore.
* Updating packaging for upstreams vmmemctl module removal.
* Dropping la files.
* Updating rules for pvscsi removal (Closes: #581160).
* Merging upstream version 2010.04.25-253928.
* Updating packaging for upstreams pvscsi module removal.
* Removing remote_fs from initscript again (Closes: #577163).
* Updating lintian overrides for open-vm-tools.
* Updating date and version in manpage headers.
* Adding manpage for vmxnet3.
* Adding manpage for vmci.
* Fixing spelling typo in vmsync manpage.
* Adding manpage for vmsock.
* Update formating of newly added manpages.
* Adding vmware-toolbox-cmd manpage.
* Adding guestlib manpage.
* Adding libvmtools manpage.
* Renaming guestlib manpage to libguestlib.
* Including vmware-toolbox-cmd manpage in open-vm-tools package.
* Updating initscript start/stop declarations (Closes: #576843,
#577163).
* Adding misc depends.
* Running open-vm-dkms postinst script with set -e.
* Adding remote_fs to init depends.
* Avoid including license files in open-vm-dkms.
* Marking makefiles in open-vm-dkms executable to please lintian.
* Adding make to open-vm-dkms depends.
* Also stopping in runlevel 1.
* Addding dkms support based on the work of Evan Broder
<broder@mit.edu> on the ubuntu package (Closes: #516251).
* Simplyfing initramfs triggers (Closes: #516355).
* Merging upstream version 2010.03.20-243334.
* Moving local Makefile to subdirectory.
* Adding build-depends to libfuse-dev.
* Updating to standards 3.8.4.
* Merging upstream version 2010.02.23-236320.
* Updating year in copyright file.
* Merging upstream version 2010.01.19-226760.
* Correcting plugins handling (Closes: #564069).
* Updating packaging for upstreams vmxnet3 module removal.
* Updating packaging for upstreams test plugin removal.
* Adding explicit debian source version 1.0 until switch to 3.0.
* Merging upstream version 2009.12.16-217847.
* Rediffing kvers.patch.
* Rediffing procps.patch.
* Merging upstream version 2009.11.16-210370.
* Moving vmusr plugins from open-vm-tools to open-vm-toolbox (Closes:
#539282, #557215).
* Correcting plugin location (Closes: #545222, #549044).
* Dropping la files (Closes: #551626).
* Adding open-vm-toolbox lintian overrides.
* Removing test plugin.
* Removing unused plugin symlinks.
* Merging upstream version 2009.10.15-201664.
* Adding maintainer homepage field in control.
* Adding README.source.
* Updating, sorting and wrapping depends.
* Merging upstream version 2009.09.18-193784.
* Moving maintainer homepage from control to copyright.
* Updating README.source.
* Merging upstream version 2009.08.24-187411.
* Updating maintainer field.
* Updating vcs fields.
* Updating package to standards version 3.8.3.
* Temporarily building without dumbnet, the recently uploaded
new dumbnet upstream version broke down (Closes: #539006).
* Using more common name to store local debian additions.
* Merging upstream version 2009.07.22-179896.
* Adding libnotify-dev to build-depends.
* Adding symlinks for plugins.
* Updating vmtoolsd call in init script.
* Adding missing files to module source, thanks to Brian Kroth
<bpkroth@gmail.com> (Closes: #525816, #531936, #532293).
* Building binary modules with neither module-assistant nor kernel-
package is not supported by upstream (Closes: #518014).
* Cleaning up module source by removing unecessary files.
* Correcting typo in rules for setting configure flags on amd64
(Closes: #531414).
* Merging upstream version 2009.06.18-172495.
* Updating to standards 3.8.2.
* Updating year in copyright file.
* Correcting vcs fields in modules control file.
* Building without procps on amd64 as a temporary workaround (Closes:
#531429).
* Adding procps to build-depends (Closes: #531414).
* Adding patch for configure to not hardcode procps version.
* Merging upstream version 2009.05.22-167859.
* Merging upstream version 2009.04.23-162451.
* Removing vmware-guestd manpage, dropped by upstream and not included
anymore.
* Using correct rfc-2822 date formats in changelog.
* Correcting patch system depends (Closes: #520493).
* Updating section of debug packages.
* Merging upstream version 2009.03.18-154848.
* Updating debian files to match vmware-guestd to vmtoolsd migration.
* Using quilt rather than dpatch.
* Renaming debian manpages subdirectory for consistency reasons.
* Updating standards to 3.8.1.
* Manually handling modprobe file rename from lenny to squeeze
(Closes: #519935).
* Updating kvers.dpatch.
* Using debhelper to install vmxnet modprobe file.
* Merging upstream version 2009.02.18-148847.
* Enabling unity support, uriparser 0.7 is finally available.
* Adding libgtkmm-2.4-dev to build-depends.
* Always prefering vmxnet over pcnet32 through modprobe and initramfs
configuration (Closes: #502365).
* Merging upstream version 2009.01.21-142982.
* Merging upstream version 2008.12.23-137496.
* Also unload vmxnet module in initscript when starting as a workaround of
having vmxnet already loaded at initramfs stage. Thanks to Russ Allbery
<rra@debian.org> (Closes: #510935).
* Replacing obsolete dh_clean -k with dh_prep.
* Merging upstream version 2008.11.18-130226.
* Updating debian directory for addition of pvscsi and vmxnet3 modules.
* Correcting typo in dh_installinit call.
* Downgrading depends on module-assistant to recommends.
* Using patch-stamp rather than patch in rules file.
* Merging upstream version 2008.10.10-123053.
* Updating kvers.dpatch.
* Updating kvers.dpatch (Closes: #498620).
* Updating initscript to correctly handle vmxnet (Closes: #479090, #488810).
* Merging upstream version 2008.09.03-114782.
* Updating rules to new location of the config.guess and config.sub files.
* Updating vcs fields in control file.
* Removing destdir.dpatch, not needed anymore.
* Adjusting rules to upstream changes with respect to the pixmap files.
* Disabling unity, uiparser is too old (see #493073).
* Adding build-depends to liburiparser-dev for new unity feature.
* Adding build-depends to libxss-dev for new unity feature.
* Updating to add new vmci and vsock modules.
* Merging upstream version 2008.08.08-109361.
* Replacing /lib64 with /lib in /etc/pam.d/vmware-guestd-x64.
* Fixing FTBFS on amd64 by renaming /etc/pam.d/vmware-guestd-x64 to
/etc/pam.d/vmware-guestd.
* Adding manpages.
* Stop removing setuid from /sbin/mount.vmhgfs.
* Extending vmxnet_needed() in initscript to also check for availability of
vmxnet.ko for the running kernel, otherwise don't attempt to load vmxnet
(Closes: #488810).
* Adding suggests to xdg-utils in open-vm-toolbox.
* Using modprobe -r rather than rmmod in initscript.
* Starting initscript at position 20, which is before networking comes up
(Closes: #479090).
* Adding vmware-user symlink to xdg autostart.
* Adding symlink from mount.vmhgfs to old vmware-hgfsmounter name.
* Removing executable bit for /etc/pam.d/vmware-guestd file.
* Merging upstream version 2008.07.01-102166.
* Dropping autobuild patch in favour for upstreams new --without-
kernel-modules configure switch.
* Merging upstream version 2008.06.20-100027.
* Adding debug package.
* Splitting open-vm-tools into open-vm-tools (CLI tools) and open-vm-
toolbox (GUI tools) (Closes: #467042).
* Updating rules file for upstream version 2008.06.03-96374.
* Adding patch to make build-system respect again.
* Adding xauth to recommends of open-vm-tools (Closes: #487088).
* Adding patch to avoid building kernel modules in this new upstream version.
* Merging upstream version 2008.06.03-96374 (Closes: #484242).
* Updating to standards 3.8.0.
* Updating location of vmware-checkvm in init script (Closes: #483056).
* Correcting typo in mount.vmhgfs symlink (Closes: #474694).
* Moving mount.vmhgfs from /usr/sbin to /sbin, thanks to Lea Wiemann
<lewiemann@gmail.com> (Closes: #474694).
* Also loading and unloading vmsync module in init script, thanks to
Lea Wiemann <lewiemann@gmail.com> (Closes: #481001).
* Moving vmware-checkvm from /usr/sbin to /usr/bin, thanks to Lea
Wiemann <lewiemann@gmail.com> (Closes: #481004).
* Using lintian debhelper to install lintian overrides.
* Correcting manpage section of module-assistant in README.Debian.
* Removing debian todo file.
* Merging upstream version 2008.05.15-93241.
* Adding libicu-dev to build-depends.
* Merging upstream version 2008.05.02-90473.
* Correcting wrong email address in changelog file.
* Including vmware support scripts (Closes: #469160).
* Correcting symlink for vmware-hgfsmounter (Closes: #474694).
* Updating rules to cover new component xferlogs.
* Adding libdumbnet-dev to build-depends.
* Adding libproc-dev to build-depends.
* Merging upstream version 2008.04.14-87182.
* Adding open-vm-source to open-vm-tools recommends (Closes: #471784).
* Adding zerofree to open-vm-tools suggests, thanks to Thibaut Paumard
<paumard@users.sourceforge.net> (Closes: #472799).
* Updating vcs fields in control.
* Updating package to debhelper 7.
* Rewriting copyright in machine-interpretable format.
* Cleaned up copyright.
* Fixing pathes and binary names in init script (Closes: #469146).
* Adding upstream version 2008.02.13-77928.
* Adding vcs fields in control.
* Removing watch file.
* Correcting wrong manpage section of module-assistant in
README.Debian.
* Correcting wrong filename of module-source tarball in README.Debian.
* Updating formating of README.Debian.
* Removing config.guess and config.sub from the debian diff.
* Reverting config.guess and config.sub to upstream.
* Adding vmware-guestd init script (Closes: #465276).
* New upstream release.
* Fixing manpage section in README.Debian.
* Bumping package to debhelper 6.
* Bumping package to policy 3.7.3.
* Also removing user/ in clean target of rules.
* Adding open-vm-source package for module source.
* Upload to unstable.
* New upstream release.
* Moving package to contrib (Closes: #445439).
* Limiting architectures to amd64 and i386 (Closes: #445374).
* Initial release (Closes: #441905).
==== openssh: 1:8.9p1-3 => 1:8.9p1-3ubuntu0.1 ====
==== openssh-client openssh-server openssh-sftp-server
* d/p/fix-poll-spin.patch: Fix poll(2) spin when a channel's output
fd closes without data in the channel buffer.
(LP: #1986521)
==== openssl: 3.0.2-0ubuntu1.7 => 3.0.2-0ubuntu1.8 ====
==== libssl3:amd64 openssl
* SECURITY UPDATE: X.509 Name Constraints Read Buffer Overflow
- debian/patches/CVE-2022-4203-1.patch: fix type confusion in
nc_match_single() in crypto/x509/v3_ncons.c.
- debian/patches/CVE-2022-4203-2.patch: add testcase for
nc_match_single type confusion in test/*.
- CVE-2022-4203
* SECURITY UPDATE: Timing Oracle in RSA Decryption
- debian/patches/CVE-2022-4304.patch: fix timing oracle in
crypto/bn/bn_blind.c, crypto/bn/bn_local.h, crypto/bn/build.info,
crypto/bn/rsa_sup_mul.c, crypto/rsa/rsa_ossl.c, include/crypto/bn.h.
- CVE-2022-4304
* SECURITY UPDATE: Double free after calling PEM_read_bio_ex
- debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header
and data params for PEM_read_bio_ex in crypto/pem/pem_lib.c.
- debian/patches/CVE-2022-4450-2.patch: add a test in test/pemtest.c.
- CVE-2022-4450
* SECURITY UPDATE: Use-after-free following BIO_new_NDEF
- debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug
in BIO_new_NDEF in crypto/asn1/bio_ndef.c.
- debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO
setup with -stream is handled correctly in
test/recipes/80-test_cms.t, test/smime-certs/badrsa.pem.
- CVE-2023-0215
* SECURITY UPDATE: Invalid pointer dereference in d2i_PKCS7 functions
- debian/patches/CVE-2023-0216-1.patch: do not dereference PKCS7 object
data if not set in crypto/pkcs7/pk7_lib.c.
- debian/patches/CVE-2023-0216-2.patch: add test for d2i_PKCS7 NULL
dereference in test/recipes/25-test_pkcs7.t,
test/recipes/25-test_pkcs7_data/malformed.pkcs7.
- CVE-2023-0216
* SECURITY UPDATE: NULL dereference validating DSA public key
- debian/patches/CVE-2023-0217-1.patch: fix NULL deference when
validating FFC public key in crypto/ffc/ffc_key_validate.c,
include/internal/ffc.h, test/ffc_internal_test.c.
- debian/patches/CVE-2023-0217-2.patch: prevent creating DSA and DH
keys without parameters through import in
providers/implementations/keymgmt/dh_kmgmt.c,
providers/implementations/keymgmt/dsa_kmgmt.c.
- debian/patches/CVE-2023-0217-3.patch: do not create DSA keys without
parameters by decoder in crypto/x509/x_pubkey.c,
include/crypto/x509.h,
providers/implementations/encode_decode/decode_der2key.c.
- CVE-2023-0217
* SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName
- debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for
x400Address in crypto/x509/v3_genn.c, include/openssl/x509v3.h.in,
test/v3nametest.c.
- CVE-2023-0286
* SECURITY UPDATE: NULL dereference during PKCS7 data verification
- debian/patches/CVE-2023-0401-1.patch: check return of BIO_set_md()
calls in crypto/pkcs7/pk7_doit.c.
- debian/patches/CVE-2023-0401-2.patch: add testcase for missing return
check of BIO_set_md() calls in test/recipes/80-test_cms.t,
test/recipes/80-test_cms_data/pkcs7-md4.pem.
- CVE-2023-0401
==== pam: 1.4.0-11ubuntu2 => 1.4.0-11ubuntu2.3 ====
==== libpam-modules-bin libpam-modules:amd64 libpam-runtime libpam0g:amd64
* SECURITY REGRESSION: fix CVE-2022-28321 patch location
- debian/patches-applied/CVE-2022-28321.patch: pam_access: handle
hostnames in access.conf
- CVE-2022-28321
* SECURITY UPDATE: authentication bypass vulnerability
- debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in
access.conf
- CVE-2022-28321
==== python-apt: 2.3.0ubuntu2.1 => 2.4.0 ====
==== python-apt-common python3-apt
[ Julian Andres Klode ]
* 2.4.0 marks this as a stable upstream release series.
* AcquireFile: Handle large files (LP: #1998265)
* .gitlab-ci.yml: Test in jammy and fix mypy version to jammy
* Update mirror lists
* debian/gbp.conf: Point at 2.4.y branch
* d/t/control: Add missing binutils test dependency
[ Michael Vogt ]
* apt: fix mypy in apt.progress.text.AcquireProgress (LP: #1998488)
==== setuptools: 59.6.0-1.2 => 59.6.0-1.2ubuntu0.22.04.1 ====
==== python3-pkg-resources python3-setuptools
* SECURITY UPDATE: ReDOS in package_index.py
- debian/patches/CVE-2022-40897.patch: Limit the amount of
whitespace to search/backtrack in setuptools/package_index.py.
- CVE-2022-40897
==== snapd: 2.57.5+22.04ubuntu0.1 => 2.58+22.04 ====
==== snapd
* New upstream release, LP: #1998462
- many: Use /tmp/snap-private-tmp for per-snap private tmps
- data: Add systemd-tmpfiles configuration to create private tmp dir
- cmd/snap: test allowed and forbidden refresh hold values
- cmd/snap: be more consistent in --hold help and err messages
- cmd/snap: error on refresh holds that are negative or too short
- o/homedirs: make sure we do not write to /var on build time
- image: make sure file customizations happen also when we have
defaultscause
- tests/fde-on-classic: set ubuntu-seed label in seed partitions
- gadget: system-seed-null should also have fs label ubuntu-seed
- many: gadget.HasRole, ubuntu-seed can come also from system-seed-
null
- o/devicestate: fix paths for retrieving recovery key on classic
- cmd/snap-confine: do not discard const qualifier
- interfaces: allow python3.10+ in the default template
- o/restart: fix PendingForSystemRestart
- interfaces: allow wayland slot snaps to access shm files created
by Firefox
- o/assertstate: add Sequence() to val set tracking
- o/assertstate: set val set 'Current' to pinned sequence
- tests: tweak the libvirt interface test to work on 22.10
- tests: use system-seed-null role on classic with modes tests
- boot: add directory for data on install
- o/devicestate: change some names from esp to seed/seed-null
- gadget: add system-seed-null role
- o/devicestate: really add error to new error message
- restart,snapstate: implement reboot-required notifications on
classic
- many: avoid automatic system restarts on classic through new
overlord/restart logic
- release: Fix WSL detection in LXD
- o/state: introduce WaitStatus
- interfaces: Fix desktop interface rules for document portal
- client: remove classic check for `snap recovery --show-
keys`
- many: create snapd.mounts targets to schedule mount units
- image: enable sysfs overlay for UC preseeding
- i/b/network-control: add permissions for using AF_XDP
- i/apparmor: move mocking of home and overlay conditions to osutil
- tests/main/degraded: ignore man-db update failures in CentOS
- cmd/snap: fix panic when running snap w/ flag but w/o subcommand
- tests: save snaps generated during image preaparation
- tests: skip building snapd based on new env var
- client: remove misleading comments in ValidateApplyOptions
- boot/seal: add debug traces for bootchains
- bootloader/assets: fix grub.cfg when there are no labels
- cmd/snap: improve refresh hold's output
- packaging: enable BPF in RHEL9
- packaging: do not traverse filesystems in postrm script
- tests: get microk8s from another branch
- bootloader: do not specify Core version in grub entry
- many: refresh --hold follow-up
- many: support refresh hold/unhold to API and CLI
- many: expand fully handling links mapping in all components, in
the API and in snap info
- snap/system_usernames,tests: Azure IoT Edge system usernames
- interface: Allow access to
org.freedesktop.DBus.ListActivatableNames via system-observe
interface
- o/devicestate,daemon: use the expiration date from the assertion
in user-state and REST api (user-removal 4/n)
- gadget: add unit tests for new install functions for FDE on
classic
- cmd/snap-seccomp: fix typo in AF_XDP value
- tests/connected-after-reboot-revert: run also on UC16
- kvm: allow read of AMD-SEV parameters
- data: tweak apt integration config var
- o/c/configcore: add faillock configuration
- tests: use dbus-daemon instead of dbus-launch
- packaging: remove unclean debian-sid patch
- asserts: add keyword 'user-presence' keyword in system-user
assertion (auto-removal 3/n)
- interfaces: steam-support allow pivot /run/media and /etc/nvidia
mount
- aspects: initial code
- overlord: process auto-import assertion at first boot
- release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
- tests: fix lxd-mount-units in ubuntu kinetic
- tests: new variable used to configure the kernel command line in
nested tests
- go.mod: update to newer secboot/uc22 branch
- autopkgtests: fix running autopkgtest on kinetic
- tests: remove squashfs leftovers in fakeinstaller
- tests: create partition table in fakeinstaller
- o/ifacestate: introduce DebugAutoConnectCheck hook
- tests: use test-snapd-swtpm instead of swtpm-mvo snap in nested
helper
- interfaces/polkit: do not require polkit directory if no file is
needed
- o/snapstate: be consistent not creating per-snap save dirs for
classic models
- inhibit: use hintFile()
- tests: use `snap prepare-image` in fde-on-classic mk-image.sh
- interfaces: add microceph interface
- seccomp: allow opening XDP sockets
- interfaces: allow access to icon subdirectories
- tests: add minimal-smoke test for UC22 and increase minimal RAM
- overlord: introduce hold levels in the snapstate.Hold* API
- o/devicestate: support mounting ubuntu-save also on classic with
modes
- interfaces: steam-support allow additional mounts
- fakeinstaller: format SystemDetails result with %+v
- cmd/libsnap-confine-private: do not panic on chmod failure
- tests: ensure that fakeinstaller put the seed into the right place
- many: add stub services for prompting
- tests: add libfwupd and libfwupdplugin5 to openSUSE dependencies
- o/snapstate: fix snaps-hold pruning/reset in the presence of
system holding
- many: add support for setting up encryption from installer
- many: support classic snaps in the context of classic and extended
models
- cmd/snap,daemon: allow zero values from client to daemon for
journal rate limit
- boot,o/devicestate: extend HasFDESetupHook to consider unrelated
kernels
- cmd/snap: validation set refresh-enforce CLI support + spread test
- many: fix filenames written in modeenv for base/gadget plus drive-
by TODO
- seed: fix seed test to use a pseudo-random byte sequence
- cmd/snap-confine: remove setuid calls from cgroup init code
- boot,o/devicestate: introduce and use MakeRunnableStandaloneSystem
- devicestate,boot,tests: make `fakeinstaller` test work
- store: send Snap-Device-Location header with cloud information
- overlord: fix unit tests after merging master in
- o/auth: move HasUserExpired into UserState and name it HasExpired,
and add unit tests for this
- o/auth: rename NewUserData to NewUserParams
- many: implementation of finish install step handlers
- overlord: auto-resolve validation set enforcement constraints
- i/backends,o/ifacestate: cleanup backends.All
- cmd/snap-confine: move bind-mount setup into separate function
- tests/main/mount-ns: update namespace for 18.04
- o/state: Hold pseudo-error for explicit holding, concept of
pending changes in prune logic
- many: support extended classic models that omit kernel/gadget
- data/selinux: allow snapd to detect WSL
- overlord: add code to remove users that has an expiration date set
- wrappers,snap/quota: clear LogsDirectory= in the service unit for
journal namespaces
- daemon: move user add, remove operations to overlord device state
- gadget: implement write content from gadget information
- {device,snap}state: fix ineffectual assignments
- daemon: support validation set refresh+enforce in API
- many: rename AddAffected* to RegisterAffected*, add
Change|State.Has, fix a comment
- many: reset store session when setting proxy.store
- overlord/ifacestate: fix conflict detection of auto-connection
- interfaces: added read/write access to /proc/self/coredump_filter
for process-control
- interfaces: add read access to /proc/cgroups and
/proc/sys/vm/swappiness to system-observe
- fde: run fde-reveal-key with `DefaultDependencies=no`
- many: don't concatenate non-constant format strings
- o/devicestate: fix non-compiling test
- release, snapd-apparmor: fixed outdated WSL detection
- many: add todos discussed in the review in
tests/nested/manual/fde-on-classic, snapstate cleanups
- overlord: run install-device hook during factory reset
- i/b/mount-control: add optional `/` to umount rules
- gadget/install: split Run in several functions
- o/devicestate: refactor some methods as preparation for install
steps implementation
- tests: fix how snaps are cached in uc22
- tests/main/cgroup-tracking-failure: fix rare failure in Xenial and
Bionic
- many: make {Install,Initramfs}{{,Host},Writable}Dir a function
- tests/nested/manual/core20: fix manual test after changes to
'tests.nested exec'
- tests: move the unit tests system to 22.04 in github actions
workflow
- tests: fix nested errors uc20
- boot: rewrite switch in SnapTypeParticipatesInBoot()
- gadget: refactor to allow usage from the installer
- overlord/devicestate: support for mounting ubuntu-save before the
install-device hook
- many: allow to install/update kernels/gadgets on classic with
modes
- tests: fix issues related to dbus session and localtime in uc18
- many: support home dirs located deeper under /home
- many: refactor tests to use explicit strings instead of
boot.Install{Initramfs,Host}{Writable,FDEData}Dir
- boot: add factory-reset cases for boot-flags
- tests: disable quota tests on arm devices using ubuntu core
- tests: fix unbound SPREAD_PATH variable on nested debug session
- overlord: start turning restart into a full state manager
- boot: apply boot logic also for classic with modes boot snaps
- tests: fix snap-env test on debug section when no var files were
created
- overlord,daemon: allow returning errors when requesting a restart
- interfaces: login-session-control: add further D-Bus interfaces
- snapdenv: added wsl to userAgent
- o/snapstate: support running multiple ops transactionally
- store: use typed valset keys in store package
- daemon: add `ensureStateSoon()` when calling systems POST api
- gadget: add rules for validating classic with modes gadget.yaml
files
- wrappers: journal namespaces did not honor journal.persistent
- many: stub devicestate.Install{Finish,SetupStorageEncryption}()
- sandbox/cgroup: don't check V1 cgroup if V2 is active
- seed: add support to load auto import assertion
- tests: fix preseed tests for arm systems
- include/lk: update LK recovery environment definition to include
device lock state used by bootloader
- daemon: return `storage-encryption` in /systems/<label> reply
- tests: start using remote tools from snapd-testing-tools project
in nested tests
- tests: fix non mountable filesystem error in interfaces-udisks2
- client: clarify what InstallStep{SetupStorageEncryption,Finish} do
- client: prepare InstallSystemOptions for real use
- usersession: Remove duplicated struct
- o/snapstate: support specific revisions in UpdateMany/InstallMany
- i/b/system_packages_doc: restore access to Libreoffice
documentation
- snap/quota,wrappers: allow using 0 values for the journal rate
limit
- tests: add kinetic images to the gce bucket for preseed test
- multiple: clear up naming convention for thread quota
- daemon: implement stub `"action": "install"`
- tests/main/snap-quota-{install/journal}: fix unstable spread tests
- tests: remove code for old systems not supported anymore
- tests: third part of the nested helper cleanup
- image: clean snapd mount after preseeding
- tests: use the new ubuntu kinetic image
- i/b/system_observe: honour root dir when checking for
/boot/config-*
- tests: restore microk8s test on 16.04
- tests: run spread tests on arm64 instances in google cloud
- tests: skip interfaces-udisks2 in fedora
- asserts,boot,secboot: switch to a secboot version measuring
classic
- client: add API for GET /systems/<label>
- overlord: frontend for --quota-group support (2/2)
- daemon: add GET support for `/systems/<seed-label>`
- i/b/system-observe: allow reading processes security label
- many: support '--purge' when removing multiple snaps
- snap-confine: remove obsolete code
- interfaces: rework logic of unclashMountEntries
- data/systemd/Makefile: add comment warning about "snapd." prefix
- interfaces: grant access to speech-dispatcher socket (bug 1787245)
- overlord/servicestate: disallow removal of quota group with any
limits set
- data: include snapd/mounts in preseeded blob
- many: Set SNAPD_APPARMOR_REEXEC=1
- store/tooling,tests: support UBUNTU_STORE_URL override env var
- multiple: clear up naming convention for cpu-set quota
- tests: improve and standardize debug section on tests
- device: add new DeviceManager.encryptionSupportInfo()
- tests: check snap download with snapcraft v7+ export-login auth
data
- cmd/snap-bootstrap: changes to be able to boot classic rootfs
- tests: fix debug section for test uc20-create-partitions
- overlord: --quota-group support (1/2)
- asserts,cmd/snap-repair: drop not pursued
AuthorityDelegation/signatory-id
- snap-bootstrap: add CVM mode* snap-bootstrap: add classic runmode
- interfaces: make polkit implicit on core if /usr/libexec/polkitd
exists
- multiple: move arguments for auth.NewUser into a struct (auto-
removal 1/n)
- overlord: track security profiles for non-active snaps
- tests: remove NESTED_IMAGE_ID from nested manual tests
- tests: add extra space to ubuntu bionic
- store/tooling: support using snapcraft v7+ base64-encoded auth
data
- overlord: allow seeding in the case of classic with modes system
- packaging/*/tests/integrationtests: reload ssh.service, not
sshd.service
- tests: rework snap-logs-journal test and add missing cleanup
- tests: add spread test for journal quotas
- tests: run spread tests in ubuntu kinetic
- o/snapstate: extend support for holding refreshes
- devicestate: return an error in checkEncryption() if KernelInfo
fails
- tests: fix sbuild test on debian sid
- o/devicestate: do not run tests in this folder twice
- sandbox/apparmor: remove duplicate hook into testing package
- many: refactor store code to be able to use simpler form of auth
creds
- snap,store: drop support/consideration for anonymous download urls
- data/selinux: allow snaps to read certificates
- many: add Is{Core,Classic}Boot() to DeviceContext
- o/assertstate: don't refresh enforced validation sets during check
- go.mod: replace maze.io/x/crypto with local repo
- many: fix unnecessary use of fmt.Sprintf
- bootloader,systemd: fix `don't use Yoda conditions (ST1017)`
- HACKING.md: extend guidelines with common review comments
- many: progress bars should use the overridable stdouts
- tests: remove ubuntu 21.10 from sru validation
- tests: import remote tools
- daemon,usersession: switch from HeaderMap to Header in tests
- asserts: add some missing `c.Check()` in the asserts test
- strutil: fix VersionCompare() to allow multiple `-` in the version
- testutil: remove unneeded `fmt.Sprintf`
- boot: remove some unneeded `fmt.Sprintf()` calls
- tests: implement prepare_gadget and prepare_base and unify all the
version
- o/snapstate: refactor managed refresh schedule logic
- o/assertstate, snapasserts: implementation of
assertstate.TryEnforceValidationSets function
- interfaces: add kconfig paths to system-observe
- dbusutil: move debian patch into dbustest
- many: change name and input of CheckProvenance to clarify usage
- tests: Fix a missing parameter in command to wait for device
- tests: Work-around non-functional --wait on systemctl
- tests: unify the way the snapd/core and kernel are repacked in
nested helper
- tests: skip interfaces-ufisks2 on centos-9
- i/b/mount-control: allow custom filesystem types
- interfaces,metautil: make error handling in getPaths() more
targeted
- cmd/snap-update-ns: handle mountpoint removal failures with EBUSY
- tests: fix pc-kernel repacking
- systemd: add `WantedBy=default.target` to snap mount units
- tests: disable microk8s test on 16.04
* SECURITY UPDATE: Local privilege escalation
- snap-confine: Fix race condition in snap-confine when preparing a
private tmp mount namespace for a snap
- CVE-2022-3328
* New upstream release, LP: #1983035
- image: clean snapd mount after preseeding
- wrappers,snap/quota: clear LogsDirectory= in the service unit
for journal namespaces
- cmd/snap,daemon: allow zero values from client to daemon for
journal rate-limit
- interfaces: steam-support allow pivot /run/media and /etc/nvidia
mount
- o/ifacestate: introduce DebugAutoConnectCheck hook
- release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
- autopkgtests: fix running autopkgtest on kinetic
- interfaces: add microceph interface
- interfaces: steam-support allow additional mounts
- many: add stub services
- interfaces: add kconfig paths to system-observe
- i/b/system_observe: honour root dir when checking for
/boot/config-*
- interfaces: grant access to speech-dispatcher socket
- interfaces: rework logic of unclashMountEntries
* New upstream release, LP: #1983035
- release, snapd-apparmor: fixed outdated WSL detection
- overlord/ifacestate: fix conflict detection of auto-connection
- overlord: run install-device hook during factory reset
- image/preseed/preseed_linux: add missing new line
- boot: add factory-reset cases for boot-flags.
- interfaces: added read/write access to /proc/self/coredump_filter
for process-control
- interfaces: add read access to /proc/cgroups and
/proc/sys/vm/swappiness to system-observe
- fde: run fde-reveal-key with `DefaultDependencies=no`
- snapdenv: added wsl to userAgent
- tests: fix restore section for persistent-journal-namespace
- i/b/mount-control: add optional `/` to umount rules
- cmd/snap-bootstrap: changes to be able to boot classic rootfs
- cmd/snap-bootstrap: add CVM mode
* New upstream release, LP: #1983035
- wrappers: journal namespaces did not honor journal.persistent
- snap/quota,wrappers: allow using 0 values for the journal rate to
override the system default values
- multiple: clear up naming convention for cpu-set quota
- i/b/mount-control: allow custom filesystem types
- i/b/system-observe: allow reading processes security label
- sandbox/cgroup: don't check V1 cgroup if V2 is active
- asserts,boot,secboot: switch to a secboot version measuring
classic
* New upstream release, LP: #1983035
- store/tooling,tests: support UBUNTU_STORE_URL override env var
- packaging/*/tests/integrationtests: reload ssh.service, not
sshd.service
- tests: check snap download with snapcraft v7+ export-login auth
data
- store/tooling: support using snapcraft v7+ base64-encoded auth
data
- many: progress bars should use the overridable stdouts
- many: refactor store code to be able to use simpler form of auth
creds
- snap,store: drop support/consideration for anonymous download urls
- data: include snapd/mounts in preseeded blob
- many: Set SNAPD_APPARMOR_REEXEC=1
- overlord: track security profiles for non-active snaps
* New upstream release, LP: #1983035
- cmd/snap-update-ns: handle mountpoint removal failures with EBUSY
- cmd/snap-update-ns: print current mount entries
- cmd/snap-update-ns: check the unused mounts with a cleaned path
- snap-confine: disable -Werror=array-bounds in __overflow tests to
fix build error on Ubuntu 22.10
- systemd: add `WantedBy=default.target` to snap mount units
(LP: #1983528)
* New upstream release, LP: #1983035
- tests: Fix calls to systemctl is-system-running
- osutil/disks: handle GPT for 4k disk and too small tables
- packaging: import change from the 2.54.3-1.1 upload
- many: revert "features: disable refresh-app-awarness by default
again"
- tests: improve robustness of preparation for regression/lp-1803542
- tests: get the ubuntu-image binary built with test keys
- tests: remove commented code from lxd test
- interfaces/builtin: add more permissions for steam-support
- tests: skip interfaces-network-control on i386
- tests: tweak the "tests/nested/manual/connections" test
- interfaces: posix-mq: allow specifying message queue paths as an
array
- bootloader/assets: add ttyS0,115200n8 to grub.cfg
- i/b/desktop,unity7: remove name= specification on D-Bus signals
- tests: ensure that microk8s does not produce DENIED messages
- many: support non-default provenance snap-revisions in
DeriveSideInfo
- tests: fix `core20-new-snapd-does-not-break-old-initrd` test
- many: device and provenance revision authority cross checks
- tests: fix nested save-data test on 22.04
- sandbox/cgroup: ignore container slices when tracking snaps
- tests: improve 'ignore-running' spread test
- tests: add `debug:` section to `tests/nested/manual/connections`
- tests: remove leaking `pc-kernel.snap` in `repack_kernel_snap`
- many: preparations for revision authority cross checks including
device scope
- daemon,overlord/servicestate: followup changes from PR #11960 to
snap logs
- cmd/snap: fix visual representation of 'AxB%' cpu quota modifier.
- many: expose and support provenance from snap.yaml metadata
- overlord,snap: add support for per-snap storage on ubuntu-save
- nested: fix core-early-config nested test
- tests: revert lxd change to support nested lxd launch
- tests: add invariant check for leftover cgroup scopes
- daemon,systemd: introduce support for namespaces in 'snap logs'
- cmd/snap: do not track apps that wish to stay outside of the life-
cycle system
- asserts: allow classic + snaps models and add distribution to
model
- cmd/snap: add snap debug connections/connection commands
- data: start snapd after time-set.target
- tests: remove ubuntu 21.10 from spread tests due to end of life
- tests: Update the whitebox word to avoid inclusive naming issues
- many: mount gadget in run folder
- interfaces/hardware-observe: clean up reading access to sysfs
- tests: use overlayfs for interfaces-opengl-nvidia test
- tests: update fake-netplan-apply test for 22.04
- tests: add executions for ubuntu 22.04
- tests: enable centos-9
- tests: make more robust the files check in preseed-core20 test
- bootloader/assets: add fallback entry to grub.cfg
- interfaces/apparmor: add permissions for per-snap directory on
ubuntu-save partition
- devicestate: add more path to `fixupWritableDefaultDirs()`
- boot,secboot: reset DA lockout counter after successful boot
- many: Revert "overlord,snap: add support for per-snap storage on
ubuntu-save"
- overlord,snap: add support for per-snap storage on ubuntu-save
- tests: exclude centos-7 from kernel-module-load test
- dirs: remove unused SnapAppArmorAdditionalDir
- boot,device: extract SealedKey helpers from boot to device
- boot,gadget: add new `device.TpmLockoutAuthUnder()` and use it
- interfaces/display-control: allow changing brightness value
- asserts: add more context to key expiry error
- many: introduce IsUndo flag in LinkContext
- i/apparmor: allow calling which.debianutils
- tests: new profile id for apparmor in test preseed-core20
- tests: detect 403 in apt-hooks and skip test in this case
- overlord/servicestate: restart the relevant journald service when
a journal quota group is modified
- client,cmd/snap: add journal quota frontend (5/n)
- gadget/device: introduce package which provides helpers for
locations of things
- features: disable refresh-app-awarness by default again
- many: install bash completion files in writable directory
- image: fix handling of var/lib/extrausers when preseeding
uc20
- tests: force version 2.48.3 on xenial ESM
- tests: fix snap-network-erros on uc16
- cmd/snap-confine: be compatible with a snap rootfs built as a
tmpfs
- o/snapstate: allow install of unasserted gadget/kernel on
dangerous models
- interfaces: dynamic loading of kernel modules
- many: add optional primary key provenance to snap-revision, allow
delegating via snap-declaration revision-authority
- tests: fix boringcripto errors in centos7
- tests: fix snap-validate-enforce in opensuse-tumbleweed
- test: print User-Agent on failed checks
- interfaces: add memory stats to system_observe
- interfaces/pwm: Remove implicitOnCore/implicitOnClassic
- spread: add openSUSE Leap 15.4
- tests: disable core20-to-core22 nested test
- tests: fix nested/manual/connections test
- tests: add spread test for migrate-home command
- overlord/servicestate: refresh security profiles when services are
affected by quotas
- interfaces/apparmor: add missing apparmor rules for journal
namespaces
- tests: add nested test variant that adds 4k sector size
- cmd/snap: fix test failing due to timezone differences
- build-aux/snap: build against the snappy-dev/image PPA
- daemon: implement api handler for refresh with enforced validation
sets
- preseed: suggest to install "qemu-user-static"
- many: add migrate-home debug command
- o/snapstate: support passing validation sets to storehelpers via
RevisionOptions
- cmd/snapd-apparmor: fix unit tests on distros which do not support
reexec
- o/devicestate: post factory reset ensure, spread test update
- tests/core/basic20: Enable on uc22
- packaging/arch: install snapd-apparmor
- o/snapstate: support migrating snap home as change
- tests: enable snapd.apparmor service in all the opensuse systems
- snapd-apparmor: add more integration-ish tests
- asserts: store required revisions for missing snaps in
CheckInstalledSnaps
- overlord/ifacestate: fix path for journal redirect
- o/devicestate: factory reset with encryption
- cmd/snapd-apparmor: reimplement snapd-apparmor in Go
- squashfs: improve error reporting when `unsquashfs` fails
- o/assertstate: support multiple extra validation sets in
EnforcedValidationSets
- tests: enable mount-order-regression test for arm devices
- tests: fix interfaces network control
- interfaces: update AppArmor template to allow read the memory
- cmd/snap-update-ns: add /run/systemd to unrestricted paths
- wrappers: fix LogNamespace being written to the wrong file
- boot: release the new PCR handles when sealing for factory reset
- tests: add support fof uc22 in test uboot-unpacked-assets
- boot: post factory reset cleanup
- tests: add support for uc22 in listing test
- spread.yaml: add ubuntu-22.04-06 to qemu-nested
- gadget: check also mbr type when testing for implicit data
partition
- interfaces/system-packages-doc: allow read-only access to
/usr/share/cups/doc-root/ and /usr/share/gimp/2.0/help/
- tests/nested/manual/core20-early-config: revert changes that
disable netplan checks
- o/ifacestate: warn if the snapd.apparmor service is disabled
- tests: add spread execution for fedora 36
- overlord/hookstate/ctlcmd: fix timestamp coming out of sync in
unit tests
- gadget/install: do not assume dm device has same block size as
disk
- interfaces: update network-control interface with permissions
required by resolvectl
- secboot: stage and transition encryption keys
- secboot, boot: support and use alternative PCR handles during
factory reset
- overlord/ifacestate: add journal bind-mount snap layout when snap
is in a journal quota group (4/n)
- secboot/keymgr, cmd/snap-fde-keymgr: two step encryption key
change
- cmd/snap: cleanup and make the code a bit easier to read/maintain
for quota options
- overlord/hookstate/ctlcmd: add 'snapctl model' command (3/3)
- cmd/snap-repair: fix snap-repair tests silently failing
- spread: drop openSUSE Leap 15.2
- interfaces/builtin: remove the name=org.freedesktop.DBus
restriction in cups-control AppArmor rules
- wrappers: write journald config files for quota groups with
journal quotas (3/n)
- o/assertstate: auto aliases for apps that exist
- o/state: use more detailed NoStateError in state
- tests/main/interfaces-browser-support: verify jupyter notebooks
access
- o/snapstate: exclude services from refresh app awareness hard
running check
- tests/main/nfs-support: be robust against umount failures
- tests: update centos images and add new centos 9 image
- many: print valid/invalid status on snap validate --monitor
- secboot, boot: TPM provisioning mode enum, introduce
reprovisioning
- tests: allow to re-execute aborted tests
- cmd/snapd-apparmor: add explicit WSL detection to
is_container_with_internal_policy
- tests: avoid launching lxd inside lxd on cloud images
- interfaces: extra htop apparmor rules
- gadget/install: encrypted system factory reset support
- secboot: helpers for dealing with PCR handles and TPM resources
- systemd: improve error handling for systemd-sysctl command
- boot, secboot: separate the TPM provisioning and key sealing
- o/snapstate: fix validation sets restoring and snap revert on
failed refresh
- interfaces/builtin/system-observe: extend access for htop
- cmd/snap: support custom apparmor features dir with snap prepare-
image
- interfaces/mount-observe: Allow read access to /run/mount/utab
- cmd/snap: add help strings for set-quota options
- interfaces/builtin: add README file
- cmd/snap-confine: mount support cleanups
- overlord: execute snapshot cleanup in task
- i/b/accounts_service: fix path of introspectable objects
- interfaces/opengl: update allowed PCI accesses for RPi
- configcore: add core.system.ctrl-alt-del-action config option
- many: structured startup timings
- spread: switch back to building ubuntu-image from source
- many: optional recovery keys
- tests/lib/nested: fix unbound variable
- run-checks: fail on equality checks w/ ErrNoState
- snap-bootstrap: Mount as private
- tests: Test for gadget connections
- tests: set `br54.dhcp4=false` in the netplan-cfg test
- tests: core20 preseed/nested spread test
- systemd: remove the systemctl stop timeout handling
- interfaces/shared-memory: Update AppArmor permissions for
mmap+link
- many: replace ErrNoState equality checks w/ errors.Is()
- cmd/snap: exit w/ non-zero code on missing snap
- systemd: fix snapd systemd-unit stop progress notifications
- .github: Trigger daily riscv64 snapd edge builds
- interfaces/serial-port: add ttyGS to serial port allow list
- interfaces/modem-manager: Don't generate DBus plug policy
- tests: add spread test to test upgrade from release snapd to
current
- wrappers: refactor EnsureSnapServices
- testutil: add ErrorIs test checker
- tests: import spread shellcheck changes
- cmd/snap-fde-keymgr: best effort idempotency of add-recovery-key
- interfaces/udev: refactor handling of udevadm triggers for input
- secboot: support for changing encryption keys via keymgr
* New upstream release, LP: #1974147
- devicestate: add more path to `fixupWritableDefaultDirs()`
- many: introduce IsUndo flag in LinkContext
- i/apparmor: allow calling which.debianutils
- interfaces: update AppArmor template to allow reading snap's
memory statistics
- interfaces: add memory stats to system_observe
- i/b/{mount,system}-observe: extend access for htop
- features: disable refresh-app-awarness by default again
- image: fix handling of var/lib/extrausers when preseeding
uc20
- interfaces/modem-manager: Don't generate DBus policy for plugs
- interfaces/modem-manager: Only generate DBus plug policy on
Core
- interfaces/serial_port_test: fix static-checks errors
- interfaces/serial-port: add USB gadget serial devices (ttyGSX) to
allowed list
- interface/serial_port_test: adjust variable IDs
* New upstream release, LP: #1974147
- o/snapstate: exclude services from refresh app awareness hard
running check
- cmd/snap: support custom apparmor features dir with snap
prepare-image
* New upstream release, LP: #1974147
- gadget/install: do not assume dm device has same block size as
disk
- gadget: check also mbr type when testing for implicit data
partition
- interfaces: update network-control interface with permissions
required by resolvectl
- interfaces/builtin: remove the name=org.freedesktop.DBus
restriction in cups-control AppArmor rules
- many: print valid/invalid status on snap validate --monitor ...
- o/snapstate: fix validation sets restoring and snap revert on
failed refresh
- interfaces/opengl: update allowed PCI accesses for RPi
- interfaces/shared-memory: Update AppArmor permissions for
mmap+linkpaths
* New upstream release, LP: #1974147
- portal-info: Add CommonID Field
- asserts/info,mkversion.sh: capture max assertion formats in
snapd/info
- tests: improve the unit testing workflow to run in parallel
- interfaces: allow map and execute permissions for files on
removable media
- tests: add spread test to verify that connections are preserved if
snap refresh fails
- tests: Apparmor sandbox profile mocking
- cmd/snap-fde-keymgr: support for multiple devices and
authorizations for add/remove recovery key
- cmd/snap-bootstrap: Listen to keyboard added after start and
handle switch root
- interfaces,overlord: add support for adding extra mount layouts
- cmd/snap: replace existing code for 'snap model' to use shared
code in clientutil (2/3)
- interfaces: fix opengl interface on RISC-V
- interfaces: allow access to the file locking for cryptosetup in
the dm-crypt interface
- interfaces: network-manager: add AppArmor rule for configuring
bridges
- i/b/hardware-observe.go: add access to the thermal sysfs
- interfaces: opengl: add rules for NXP i.MX GPU drivers
- i/b/mount_control: add an optional "/" to the mount target rule
- snap/quota: add values for journal quotas (journal quota 2/n)
- tests: spread test for uc20 preseeding covering snap prepare-image
- o/snapstate: remove deadcode breaking static checks
- secboot/keymgr: extend unit tests, add helper for identify keyslot
used error
- tests: use new snaps.name and snaps.cleanup tools
- interfaces: tweak getPath() slightly and add some more tests
- tests: update snapd testing tools
- client/clientutil: add shared code for printing model assertions
as yaml or json (1/3)
- debug-tools: list all snaps
- cmd/snap: join search terms passed in the command line
- osutil/disks: partition UUID lookup
- o/snapshotstate: refactor snapshot read/write logic
- interfaces: Allow locking in block-devices
- daemon: /v2/system-recovery-keys remove API
- snapstate: do not auto-migrate to ~/Snap for core22 just yet
- tests: run failed tests by default
- o/snapshotstate: check installed snaps before running 'save' tasks
- secboot/keymgr: remove recovery key, authorize with existing key
- deps: bump libseccomp to include build fixes, run unit tests using
CC=clang
- cmd/snap-seccomp: only compare the bottom 32-bits of the flags arg
of copy_file_range
- osutil/disks: helper for obtaining the UUID of a partition which
is a mount point source
- image/preseed: umount the base snap last after writable paths
- tests: new set of nested tests for uc22
- tests: run failed tests on nested suite
- interfaces: posix-mq: add new interface
- tests/main/user-session-env: remove openSUSE-specific tweaks
- tests: skip external backend in mem-cgroup-disabled test
- snap/quota: change the journal quota period to be a time.Duration
- interfaces/apparmor: allow executing /usr/bin/numfmt in the base
template
- tests: add lz4 dependency for jammy to avoid issues repacking
kernel
- snap-bootstrap, o/devicestate: use seed parallelism
- cmd/snap-update-ns: correctly set sticky bit on created
directories where applicable
- tests: install snapd while restoring in snap-mgmt
- .github: skip misspell and ineffassign on go 1.13
- many: use UC20+/pre-UC20 in user messages as needed
- o/devicestate: use snap handler for copying and checksuming
preseeded snaps
- image, cmd/snap-preseed: allow passing custom apparmor features
path
- o/assertstate: fix handling of validation set tracking update in
enforcing mode
- packaging: restart our units only after the upgrade
- interfaces: add a steam-support interface
- gadget/install, o/devicestate: do not create recovery and
reinstall keys during installation
- many: move recovery key responsibility to devicestate/secboot,
prepare for a future with just optional recovery key
- tests: do not run mem-cgroup-disabled on external backends
- snap: implement "star" developers
- o/devicestate: fix install tests on systems with
/var/lib/snapd/snap
- cmd/snap-fde-keymgr, secboot: followup cleanups
- seed: let SnapHandler provided a different final path for snaps
- o/devicestate: implement maybeApplyPreseededData function to apply
preseed artifact
- tests/lib/tools: add piboot to boot_path()
- interfaces/builtin: shared-memory drop plugs allow-installation:
true
- tests/main/user-session-env: for for opensuse
- cmd/snap-fde-keymgr, secboot: add a tiny FDE key manager
- tests: re-execute the failed tests when "Run failed" label is set
in the PR
- interfaces/builtin/custom-device: fix unit tests on hosts with
different libexecdir
- sandbox: move profile load/unload to sandbox/apparmor
- cmd/snap: handler call verifications for cmd_quota_tests
- secboot/keys: introduce a package for secboot key types, use the
package throughout the code base
- snap/quota: add journal quotas to resources.go
- many: let provide a SnapHandler to Seed.Load*Meta*
- osutil: allow setting desired mtime on the AtomicFile, preserve
mtime on copy
- systemd: add systemd.Run() wrapper for systemd-run
- tests: test fresh install of core22-based snap (#11696)
- tests: initial set of tests to uc22 nested execution
- o/snapstate: migration overwrites existing snap dir
- tests: fix interfaces-location-control tests leaking provider.py
process
- tests/nested: fix custom-device test
- tests: test migration w/ revert, refresh and XDG dir creation
- asserts,store: complete support for optional primary key headers
for assertions
- seed: support parallelism when loading/verifying snap metadata
- image/preseed, cmd/snap-preseed: create and sign preseed assertion
- tests: Initial changes to run nested tests on uc22
- o/snapstate: fix TestSnapdRefreshTasks test after two r-a-a PRs
- interfaces: add ACRN hypervisor support
- o/snapstate: exclude TypeSnapd and TypeOS snaps from refresh-app-
awareness
- features: enable refresh-app-awareness by default
- libsnap-confine-private: show proper error when aa_change_onexec()
fails
- i/apparmor: remove leftover comment
- gadget: drop unused code in unit tests
- image, store: move ToolingStore to store/tooling package
- HACKING: update info for snapcraft remote build
- seed: return all essential snaps found if no types are given to
LoadEssentialMeta
- i/b/custom_device: fix generation of udev rules
- tests/nested/manual/core20-early-config: disable netplan checks
- bootloader/assets, tests: add factory-reset mode, test non-
encrypted factory-reset
- interfaces/modem-manager: add support for Cinterion modules
- gadget: fully support multi-volume gadget asset updates in
Update() on UC20+
- i/b/content: use slot.Lookup() as suggested by TODO comment
- tests: install linux-tools-gcp on jammy to avoid bpftool
dependency error
- tests/main: add spread tests for new cpu and thread quotas
- snap-debug-info: print validation sets and validation set
assertions
- many: renaming related to inclusive language part 2
- c/snap-seccomp: update syscalls to match libseccomp 2657109
- github: cancel workflows when pushing to pull request branches
- .github: use reviewdog action from woke tool
- interfaces/system-packages-doc: allow read-only access to
/usr/share/gtk-doc
- interfaces: add max_map_count to system-observe
- o/snapstate: print pids of running processes on BusySnapError
- .github: run woke tool on PR's
- snapshots: follow-up on exclusions PR
- cmd/snap: add check switch for snap debug state
- tests: do not run mount-order-regression test on i386
- interfaces/system-packages-doc: allow read-only access to
/usr/share/xubuntu-docs
- interfaces/hardware_observe: add read access for various devices
- packaging: use latest go to build spread
- tests: Enable more tests for UC22
- interfaces/builtin/network-control: also allow for mstp and bchat
devices too
- interfaces/builtin: update apparmor profile to allow creating
mimic over /usr/share*
- data/selinux: allow snap-update-ns to mount on top of /var/snap
inside the mount ns
- interfaces/cpu-control: fix apparmor rules of paths with CPU ID
- tests: remove the file that configures nm as default
- tests: fix the change done for netplan-cfg test
- tests: disable netplan-cfg test
- cmd/snap-update-ns: apply content mounts before layouts
- overlord/state: add a helper to detect cyclic dependencies between
tasks in change
- packaging/ubuntu-16.04/control: recommend `fuse3 | fuse`
- many: change "transactional" flag to a "transaction" option
- b/piboot.go: check EEPROM version for RPi4
- snap/quota,spread: raise lower memory quota limit to 640kb
- boot,bootloader: add missing grub.cfg assets mocks in some tests
- many: support --ignore-running with refresh many
- tests: skip the test interfaces-many-snap-provided in
trusty
- o/snapstate: rename XDG dirs during HOME migration
- cmd/snap,wrappers: fix wrong implementation of zero count cpu
quota
- i/b/kernel_module_load: expand $SNAP_COMMON in module options
- interfaces/u2f-devices: add Solo V2
- overlord: add missing grub.cfg assets mocks in manager_tests.go
- asserts: extend optional primary keys support to the in-memory
backend
- tests: update the lxd-no-fuse test
- many: fix failing golangci checks
- seed,many: allow to limit LoadMeta to snaps of a precise mode
- tests: allow ubuntu-image to be built with a compatible snapd tree
- o/snapstate: account for repeat migration in ~/Snap undo
- asserts: start supporting optional primary keys in fs backend,
assemble and signing
- b/a: do not set console in kernel command line for arm64
- tests/main/snap-quota-groups: fix spread test
- sandbox,quota: ensure cgroup is available when creating mem
quotas
- tests: add debug output what keeps `/home` busy
- sanity: rename "sanity.Check" to "syscheck.CheckSystem"
- interfaces: add pkcs11 interface
- o/snapstate: undo migration on 'snap revert'
- overlord: snapshot exclusions
- interfaces: add private /dev/shm support to shared-memory
interface
- gadget/install: implement factory reset for unencrypted system
- packaging: install Go snap from 1.17 channel in the integration
tests
- snap-exec: fix detection if `cups` interface is connected
- tests: extend gadget-config-defaults test with refresh.retain
- cmd/snap,strutil: move lineWrap to WordWrapPadded
- bootloader/piboot: add support for armhf
- snap,wrappers: add `sigint{,-all}` to supported stop-modes
- packaging/ubuntu-16.04/control: depend on fuse3 | fuse
- interfaces/system-packages-doc: allow read-only access to
/usr/share/libreoffice/help
- daemon: add a /v2/accessories/changes/{ID} endpoint
- interfaces/appstream-metadata: Re-create app-info links to
swcatalog
- debug-tools: add script to help debugging GCE instances which fail
to boot
- gadget/install, kernel: more ICE helpers/support
- asserts: exclude empty snap id from duplicates lookup with preseed
assert
- cmd/snap, signtool: move key-manager related helpers to signtool
package
- tests/main/snap-quota-groups: add 219 as possible exit code
- store: set validation-sets on actions when refreshing
- github/workflows: update golangci-lint version
- run-check: use go install instead of go get
- tests: set as manual the interfaces-cups-control test
- interfaces/appstream-metadata: Support new swcatalog directory
names
- image/preseed: migrate tests from cmd/snap-preseed
- tests/main/uc20-create-partitions: update the test for new Go
versions
- strutil: move wrapGeneric function to strutil as WordWrap
- many: small inconsequential tweaks
- quota: detect/error if cpu-set is used with cgroup v1
- tests: moving ubuntu-image to candidate to fix uc16 tests
- image: integrate UC20 preseeding with image.Prepare
- cmd/snap,client: frontend for cpu/thread quotas
- quota: add test for `Resource.clone()`
- many: replace use of "sanity" with more inclusive naming (part 2)
- tests: switch to "test-snapd-swtpm"
- i/b/network-manager: split rule with more than one peers
- tests: fix restore of the BUILD_DIR in failover test on uc18
- cmd/snap/debug: sort changes by their spawn times
- asserts,interfaces/policy: slot-snap-id allow-installation
constraints
- o/devicestate: factory reset mode, no encryption
- debug-tools/snap-debug-info.sh: print message if no gadget snap
found
- overlord/devicestate: install system cleanups
- cmd/snap-bootstrap: support booting into factory-reset mode
- o/snapstate, ifacestate: pass preseeding flag to
AddSnapdSnapServices
- o/devicestate: restore device key and serial when assertion is
found
- data: add static preseed.json file
- sandbox: improve error message from `ProbeCgroupVersion()`
- tests: fix the nested remodel tests
- quota: add some more unit tests around Resource.Change()
- debug-tools/snap-debug-info.sh: add debug script
- tests: workaround lxd issue lp:10079 (function not implemented) on
prep-snapd-in-lxd
- osutil/disks: blockdev need not be available in the PATH
- cmd/snap-preseed: address deadcode linter
- tests/lib/fakestore/store: return snap base in details
- tests/lib/nested.sh: rm core18 snap after download
- systemd: do not reload system when enabling/disabling services
- i/b/kubernetes_support: add access to Java certificates
* New upstream release, LP: #1965808
- snapstate: do not auto-migrate to ~/Snap for core22 just yet
- cmd/snap-seccomp: add copy_file_range to
syscallsWithNegArgsMaskHi32
- cmd/snap-update-ns: correctly set sticky bit on created
directories where applicable
- .github: Skip misspell and ineffassign on go 1.13
- tests: add lz4 dependency for jammy to avoid issues repacking
kernel
- interfaces: posix-mq: add new interface
* New upstream release, LP: #1965808
- tests: do not run mount-order-regression test on i386
- c/snap-seccomp: update syscalls
- o/snapstate: overwrite ~/.snap subdir when migrating
- o/assertstate: fix handling of validation set tracking update in
enforcing mode
- packaging: restart our units only after the upgrade
- interfaces: add a steam-support interface
- features: enable refresh-app-awareness by default
- i/b/custom_device: fix generation of udev rules
- interfaces/system-packages-doc: allow read-only access to
/usr/share/gtk-doc
- interfaces/system-packages-doc: allow read-only access to
/usr/share/xubuntu-docs
- interfaces/builtin/network-control: also allow for mstp and bchat
devices too
- interfaces/builtin: update apparmor profile to allow creating
mimic over /usr/share
- data/selinux: allow snap-update-ns to mount on top of /var/snap
inside the mount ns
- interfaces/cpu-control: fix apparmor rules of paths with CPU ID
* New upstream release, LP: #1965808
- cmd/snap-update-ns: apply content mounts before layouts
- many: change "transactional" flag to a "transaction" option
- b/piboot.go: check EEPROM version for RPi4
- snap/quota,spread: raise lower memory quota limit to 640kb
- boot,bootloader: add missing grub.cfg assets mocks in some
tests
- many: support --ignore-running with refresh many
- cmd/snap,wrappers: fix wrong implementation of zero count cpu
quota
- quota: add some more unit tests around Resource.Change()
- quota: detect/error if cpu-set is used with cgroup v1
- quota: add test for `Resource.clone()
- cmd/snap,client: frontend for cpu/thread quotas
- tests: update spread test to check right XDG dirs
- snap: set XDG env vars to new dirs
- o/snapstate: initialize XDG dirs in HOME migration
- i/b/kernel_module_load: expand $SNAP_COMMON in module options
- overlord: add missing grub.cfg assets mocks in manager_tests.go
- o/snapstate: account for repeat migration in ~/Snap undo
- b/a: do not set console in kernel command line for arm64
- sandbox: improve error message from `ProbeCgroupVersion()`
- tests/main/snap-quota-groups: fix spread test
- interfaces: add pkcs11 interface
- o/snapstate: undo migration on 'snap revert'
- overlord: snapshot exclusions
- interfaces: add private /dev/shm support to shared-memory
interface
- packaging: install Go snap from 1.17 channel in the integration
tests
- snap-exec: fix detection if `cups` interface is connected
- bootloader/piboot: add support for armhf
- interfaces/system-packages-doc: allow read-only access to
/usr/share/libreoffice/help
- daemon: add a /v2/accessories/changes/{ID} endpoint
- interfaces/appstream-metadata: Re-create app-info links to
swcatalog
- tests/main/snap-quota-groups: add 219 as possible exit code
- store: set validation-sets on actions when refreshing
- interfaces/appstream-metadata: Support new swcatalog directory
names
- asserts,interfaces/policy: slot-snap-id allow-installation
constraints
- i/b/network-manager: change rule for ResolveAddress to check only
label
- cmd/snap-bootstrap: support booting into factory-reset mode
- systemd: do not reload system when enabling/disabling services
* New upstream release, LP: #1965808
- cmd/snap-update-ns: actually use entirely non-existent dirs
* New upstream release, LP: #1965808
- cmd/snap-update-ns/change_test.go: use non-exist name foo-runtime
instead
* New upstream release, LP: #1965808
- kernel/fde: add PartitionName to various structs
- osutil/disks: calculate the last usable LBA instead of reading it
- snap/quota: additional validation in resources.go
- o/snapstate: avoid setting up single reboot when update includes
base, kernel and gadget
- overlord/state: add helper for aborting unready lanes
- snap-bootstrap: Partially revert simplifications of mount
dependencies
- cmd/snap-update-ns/change.go: sort needed, desired and not reused
mount entries
- cmd/snap-preseed, image: move preseeding code to image/preseed
- interfaces/docker-support: make generic rules not conflict with
snap-confine
- i/b/modem-manager: provide access to ObjectManager
- i/b/network_{control,manager}.go: add more access to resolved
- overlord/state: drop unused lanes field
- cmd/snap: make 1.18 vet happy
- o/snapstate: allow installing the snapd-desktop-integration snap
even if the user-daemons feature is otherwise disabled
- snap/quota: fix bug in quota group tree validation code
- o/snapstate: make sure that snapd is a prerequisite for updating
base snaps
- bootloader: add support for piboot
- i/seccomp/template.go: add close_range to the allowed syscalls
- snap: add new cpu quotas
- boot: support factory-reset when sealing and resealing
- tests: fix test to avoid editing the test-snapd-tools snap.yaml
file
- dirs: remove unused SnapMetaDir variable
- overlord: extend single reboot test to include a non-base, non-
kernel snap
- github: replace "sanity check" with "quick check" in workflow
- fde: add new DeviceUnlock() call
- many: replace use of "sanity" with more inclusive naming in
comments
- asserts: minimal changes to disable authority-delegation before
full revert
- tests: updating the test-snapd-cups-control-consumer snap to
core20 based
- many: replace use of "sanity" for interface implementation checks
- cmd/snap-preseed: support for core20 preseeding
- cmd: set core22 migration related env vars and update spread test
- interface/opengl: allow read on
/proc/sys/dev/i915/perf_stream_paranoid
- tests/lib/tools/report-mongodb: fix typo in help text
- tests: Include the source github url as part of the mongo db
issues
- o/devicestate: split mocks to separate calls for creating a model
and a gadget
- snap: Add missing zlib
- cmd/snap: add support for rebooting to factory-reset
- interfaces/apparmor: Update base template for systemd-machined
- i/a/template.go: add ld path for jammy
- o/devicestate, daemon: introduce factory-reset mode, allow
switching
- o/state: fix undo with independent tasks in same change and lane
- tests: validate tests tools just on google and qemu backends
- tests/lib/external/snapd-testing-tools: update from upstream
- tests: skip interfaces-cups-control from debian-sid
- Increase the times in snapd-sigterm for arm devices
- interfaces/browser-support: allow RealtimeKit's
MakeThreadRealtimeWithPID
- cmd: misc analyzer fixes
- interfaces/builtin/account-control: allow to execute pam_tally2
- tests/main/user-session-env: special case bash profile on
Tumbleweed
- o/snapstate: implement transactional lanes for prereqs
- o/snapstate: add core22 migration logic
- tests/main/mount-ns: unmount /run/qemu
- release: 2.54.4 changelog to master
- gadget: add buildVolumeStructureToLocation,
volumeStructureToLocationMap
- interfaces/apparmor: add missing unit tests for special devmode
rules/behavior
- cmd/snap-confine: coverity fixes
- interfaces/systemd: use batch systemd operations
- tests: small adjustments to fix vuln spread tests
- osutil/disks: trigger udev on the partition device node
- interfaces/network-control: add D-Bus rules for resolved too
- interfaces/cpu-control: add extra idleruntime data/reset files to
cpu-control
- packaging/ubuntu-16.04/rules: don't run unit tests on riscv64
- data/selinux: allow the snap command to run systemctl
- boot: mock amd64 arch for mabootable 20 suite
- testutil: add Backup helper to save/restore values, usually for
mocking
- tests/nested/core/core20-reinstall-partitions: update test summary
- asserts: return an explicit error when key cannot be found
- interfaces: custom-device
- Fix snap-run-gdbserver test by retrying the check
- overlord, boot: fix unit tests on arches other than amd64
- Get lxd snap from candidate channel
- bootloader: allow different names for the grub binary in different
archs
- cmd/snap-mgmt, packaging: trigger daemon reload after purging unit
files
- tests: add test to ensure consecutive refreshes do garbage
collection of old revs
- o/snapstate: deal with potentially invalid type of refresh.retain
value due to lax validation
- seed,image: changes necessary for ubuntu-image to support
preseeding extra snaps in classic images
- tests: add debugging to snap-confine-tmp-mount
- o/snapstate: add ~/Snap init related to backend
- data/env: cosmetic tweak for fish
- tests: include new testing tools and utils
- wrappers: do not reload the deamon or restart snapd services when
preseeding on core
- Fix smoke/install test for other architectures than pc
- tests: skip boot loader check during testing preparation on s390x
- t/m/interfaces-network-manager: use different channel depending on
system
- o/devicestate: pick system from seed systems/ for preseeding (1/N)
- asserts: add preseed assertion type
- data/env: more workarounds for even older fish shells, provide
reasonable defaults
- tests/main/snap-run-devmode-classic: reinstall snapcraft to clean
up
- gadget/update.go: add buildNewVolumeToDeviceMapping for existing
devices
- tests: allow run spread tests using a private ppaTo validate it
- interfaces/{cpu,power}-control: add more accesses for commercial
device tuning
- gadget: add searchForVolumeWithTraits + tests
- gadget/install: measure and save disk volume traits during
install.Run()
- tests: fix "undo purging" step in snap-run-devmode-classic
- many: move call to shutdown to the boot package
- spread.yaml: add core22 version of rsync to skip
- overlord, o/snapstate: fix mocking on systems without /snap
- many: move boot.Device to snap.Device
- tests: smoke test support for core22
- tests/nested/snapd-removes-vulnerable-snap-confine-revs: use newer
snaps
- snapstate: make "remove vulnerable version" message more
friendly
- o/devicestate/firstboot_preseed_test.go: remove deadcode
- o/devicestate: preseeding test cleanup
- gadget: refactor StructureEncryption to have a concrete type
instead of map
- tests: add created_at timestamp to mongo issues
- tests: fix security-udev-input-subsystem test
- o/devicestate/handlers_install.go: use --all to get binary data
too for logs
- o/snapstate: rename "corecore" -> "core"
- o/snapstate: implement transactional flag
- tests: skip ~/.snap migration test on openSUSE
- asserts,interfaces/policy: move and prepare DeviceScopeConstraint
for reuse
- asserts: fetching code should fetch authority-delegation
assertions with signing keys as needed
- tests: prepare and restore nested tests
- asserts: first-class support for formatting/encoding signatory-id
- asserts: remove unused function, fix for linter
- gadget: identify/match encryption parts, include in traits info
- asserts,cmd/snap-repair: support delegation when validating
signatures
- many: fix leftover empty snap dirs
- libsnap-confine-private: string functions simplification
- tests/nested/manual/core20-cloud-init-maas-signed-seed-data: add
gadget variant
- interfaces/u2f-devices: add U2F-TOKEN
- tests/core/mem-cgroup-disabled: minor fixups
- data/env: fix fish env for all versions of fish, unexport local
vars, export XDG_DATA_DIRS
- tests: reboot test running remodel
- Add extra disk space to nested images to "avoid No space left on
device" error
- tests: add regression tests for disabled memory cgroup operation
- many: fix issues flagged by golangci and configure it to fail
build
- docs: fix incorrect link
- cmd/snap: rename the verbose logging flag in snap run
- docs: cosmetic cleanups
- cmd/snap-confine: build const data structures at compile-
time
- o/snapstate: reduce maxInhibition for raa by 1s to avoid confusing
notification
- snap-bootstrap: Cleanup dependencies in systemd mounts
- interfaces/seccomp: Add rseq to base seccomp template
- cmd/snap-confine: remove mention of "legacy mode" from comment
- gadget/gadget_test.go: fix variable type
- gadget/gadget.go: add AllDiskVolumeDeviceTraits
- spread: non-functional cleanup of go1.6 legacy
- cmd/snap-confine: update ambiguous comment
- o/snapstate: revert migration on refresh if flag is disabled
- packaging/fedora: sync with downstream, packaging improvements
- tests: updated the documentation to run spread tests using
external backend
- osutil/mkfs: Expose more fakeroot flags
- interfaces/cups: add cups-socket-directory attr, use to specify
mount rules in backend
- tests/main/snap-system-key: reset-failed snapd and snapd.socket
- gadget/install: add unit tests for install.Run()
- tests/nested/manual/remodel-cross-store,remodel-simple: wait for
serial
- vscode: added integrated support for MS VSCODE
- cmd/snap/auto-import: use osutil.LoadMountInfo impl instead
- gadget/install: add unit tests for makeFilesystem, allow mocking
mkfs.Make()
- systemd: batched operations
- gadget/install/partition.go: include DiskIndex in synthesized
OnDiskStructure
- gadget/install: rm unused support for writing non-filesystem
structures
- cmd/snap: close refresh notifications after trying to run a snap
while inhibited
- o/servicestate: revert #11003 checking for memory cgroup being
disabled
- tests/core/failover: verify failover handling with the kernel snap
- snap-confine: allow numbers in hook security tag
- cmd/snap-confine: mount bpffs under /sys/fs/bpf if needed
- spread: switch to CentOS 8 Stream image
- overlord/servicestate: disallow mixing snaps and subgroups.
- cmd/snap: add --debug to snap run
- gadget: mv modelCharateristics to gadgettest.ModelCharacteristics
- cmd/snap: remove use of zenity, use notifications for snap run
inhibition
- o/devicestate: verify that the new model is self contained before
remodeling
- usersession/userd: query xdg-mime to check for fallback handlers
of a given scheme
- gadget, gadgettest: reimplement tests to use new gadgettest
examples.go file
- asserts: start implementing authority-delegationTODO in later PRs:
- overlord: skip manager tests on riscv for now
- o/servicestate: quota group error should be more explanative when
memory cgroup is disabled
- i/builtin: allow modem-manager interface to access some files in
sysfs
- tests: ensure that interface hook works with hotplug plug
- tests: fix repair test failure when run in a loop
- o/snapstate: re-write state after undo migration
- interfaces/opengl: add support for ARM Mali
- tests: enable snap-userd-reexec on ubuntu and debian
- tests: skip bind mount in snapd-snap test when the core snap in
not repacked
- many: add transactional flag to snapd API
- tests: new Jammy image for testing
- asserts: start generalizing attrMatcherGeneralization is along
- tests: ensure the ca-certificates package is installed
- devicestate: ensure permissions of /var/lib/snapd/void are
correct
- many: add altlinux support
- cmd/snap-update-ns: convert some unexpected decimal file mode
constants to octal.
- tests: use system ubuntu-21.10-64 in nested tests
- tests: skip version check on lp-1871652 for sru validation
- snap/quota: add positive tests for the quota.Resources logic
- asserts: start splitting out attrMatcher for reuse to
constraint.go
- systemd: actually test the function passed as a parameter
- tests: fix snaps-state test for sru validation
- many: add Transactional to snapstate.Flags
- gadget: rename DiskVolume...Opts to DiskVolume...Options
- tests: Handle PPAs being served from ppa.launchpadcontent.net
- tests/main/cgroup-tracking-failure: Make it pass when run alone
- tests: skip migration test on centOS
- tests: add back systemd-timesyncd to newer debian distros
- many: add conversion for interface attribute values
- many: unit test fix when SNAPD_DEBUG=1 is set
- gadget/install/partition.go: use device rescan trick only when
gadget says to
- osutil: refactoring the code exporting mocking APIs to other
packages
- mkversion: check that snapd is a git source tree before guessing
the version
- overlord: small refactoring of group quota implementation in
preparation of multiple quota values
- tests: drop 21.04 tests (it's EOL)
- osutil/mkfs: Expose option for --lib flag in fakeroot call
- cmd/snapd-apparmor: fix bad variable initialization
- packaging, systemd: fix socket (re-)start race
- tests: fix running tests.invariant on testflinger systems
- tests: spread test snap dir migration
- interfaces/shared-memory: support single wild-cards in the
read/write paths
- tests: cross store remodel
- packaging,tests: fix running autopkgtest
- spread-shellcheck: add a caching layer
- tests: add jammy to spread executions
- osutils: deal with ENOENT in UserMaybeSudoUser()
- packaging/ubuntu-16.04/control: adjust libfuse3 dependency as
suggested
- gadget/update.go: add DiskTraitsFromDeviceAndValidate
- tests/lib/prepare.sh: add debug kernel command line params via
gadget on UC20
- check-commit-email: do not fail when current dir is not under git
- configcore: implement netplan write support via dbus
- run-checks, check-commit-email.py: check commit email addresses
for validity
- tests: setup snapd remodel testing bits
- cmd/snap: adjust /cmd to migration changes
- systemd: enable batched calls for systemd calls operation on units
- o/ifacestate: add convenience Active() method to ConnectionState
struct
- o/snapstate: migrate to hidden dir on refresh/install
- store: fix flaky test
- i/builtin/xilinx-dma: add interface for Xilinx DMA driver
- go.mod: tidy up
- overlord/h/c/umount: remove handling of required parameter
- systemd: add NeedDaemonReload to the unit state
- mount-control: step 3
- tests/nested/manual/minimal-smoke: bump mem to 512 for unencrypted
case too
- gadget: fix typo with filesystem message
- gadget: misc helper fixes for implicit system-data role handling
- tests: fix uses of fakestore new-snap-declaration
- spread-shellcheck: use safe_load rather than load with a loder
- interfaces: allow access to new at-spi socket location in desktop-
legacy
- cmd/snap: setup tracking cgroup when invoking a service directly
as a user
- tests/main/snap-info: use yaml.safe_load rather than yaml.load
- cmd/snap: rm unnecessary validation
- tests: fix `tests/core/create-user` on testflinger pi3
- tests: fix parallel-install-basic on external UC16 devices
- tests: ubuntu-image 2.0 compatibility fixes
- tests/lib/prepare-restore: use go install rather than go get
- cmd/snap, daemon: add debug command for getting OnDiskVolume
dump
- gadget: resolve index ambiguity between OnDiskStructure and
LaidOutStructuretype: bare structures).
- tests: workaround missing bluez snap
- HACKING.md: add dbus-x11 to packages needed to run unit tests
- spread.yaml: add debian-{10,11}, drop debian-9
- cmd/snap/quota: fix typo in the help message
- gadget: allow gadget struct with unspecified filesystem to match
part with fs
- tests: re-enable kernel-module-load tests on arm
- tests/lib/uc20-create-partitions/main.go: setup a logger for
messages
- cmd: support installing multiple local snaps
- usersession: implement method to close notifications via
usersession REST API
- data/env: treat XDG_DATA_DIRS like PATH for fish
- cmd/snap, cmd/snap-confine: extend manpage, update links
- tests: fix fwupd interface test in debian sid
- tests: do not run k8s smoke test on 32 bit systems
- tests: fix testing in trusty qemu
- packaging: merge 2.54.2 changelog back to master
- overlord: fix issue with concurrent execution of two snapd
processes
- interfaces: add a polkit interface
- gadget/install/partition.go: wait for udev settle when creating
partitions too
- tests: exclude interfaces-kernel-module load on arm
- tests: ensure that test-snapd-kernel-module-load is
removed
- tests: do not test microk8s-smoke on arm
- packaging, bloader, github: restore cleanliness of snapd info
file; check in GA workflow
- tests/lib/tools/tests.invariant: simplify check
- tests/nested/manual/core20-to-core22: wait for device to be
initialized before starting a remodel
- build-aux/snap/snapcraft.yaml: use build-packages, don't fail
dirty builds
- tests/lib/tools/tests.invariant: add invariant for detecting
broken snaps
- tests/core/failover: replace boot-state with snap debug boot-vars
- tests: fix remodel-kernel test when running on external devices
- data/selinux: allow poking /proc/xen
- gadget: do not crash if gadget.yaml has an empty Volumes section
- i/b/mount-control: support creating tmpfs mounts
- packaging: Update openSUSE spec file with apparmor-parser and
datadir for fish
- cmd/snap-device-helper: fix variable name typo in the unit tests
- tests: fixed an issue with retrieval of the squashfuse repo
- release: 2.54.1
- tests: tidy up the top-level of ubuntu-seed during tests
- build-aux: detect/fix dirty git revisions while snapcraft
building
- release: 2.54
* New upstream release, LP: #1955137
- t/m/interfaces-network-manager: use different channel depending on
system
- many: backport attrer interface changes to 2.54
- tests: skip version check on lp-1871652 for sru validation
- i/builtin: allow modem-manager interface to access some files in
sysfs
- snapstate: make "remove vulnerable version" message more
friendly
- tests: fix "undo purging" step in snap-run-devmode-classic
- o/snapstate: deal with potentially invalid type of refresh.retain
value due to lax validation
- interfaces: custom-device
- packaging/ubuntu-16.04/control: adjust libfuse3 dependency
- data/env: fix fish env for all versions of fish
- packaging/ubuntu-16.04/snapd.postinst: start socket and service
first
- interfaces/u2f-devices: add U2F-TOKEN
- interfaces/seccomp: Add rseq to base seccomp template
- tests: remove disabled snaps before calling save_snapd_state
- overlord: skip manager tests on riscv for now
- interfaces/opengl: add support for ARM Mali
- devicestate: ensure permissions of /var/lib/snapd/void are
correct
- cmd/snap-update-ns: convert some unexpected decimal file mode
constants to octal.
- interfaces/shared-memory: support single wild-cards in the
read/write paths
- packaging: fix running autopkgtest
- i/builtin/xilinx-dma-host: add interface for Xilinx DMA driver
- tests: fix `tests/core/create-user` on testflinger pi3
- tests: fix parallel-install-basic on external UC16 devices
- tests: re-enable kernel-module-load tests on arm
- tests: do not run k8s smoke test on 32 bit systems
* SECURITY UPDATE: Local privilege escalation
- snap-confine: Add validations of the location of the snap-confine
binary within snapd.
- snap-confine: Fix race condition in snap-confine when preparing a
private mount namespace for a snap.
- CVE-2021-44730
- CVE-2021-44731
* SECURITY UPDATE: Data injection from malicious snaps
- interfaces: Add validations of snap content interface and layout
paths in snapd.
- CVE-2021-4120
- LP: #1949368
* New upstream release, LP: #1955137
- tests: exclude interfaces-kernel-module load on arm
- tests: ensure that test-snapd-kernel-module-load is
removed
- tests: do not test microk8s-smoke on arm
- tests/core/failover: replace boot-state with snap debug boot-vars
- tests: use snap info|awk to extract tracking channel
- tests: fix remodel-kernel test when running on external devices
- .github/workflows/test.yaml: also check internal snapd version for
cleanliness
- packaging/ubuntu-16.04/rules: eliminate seccomp modification
- bootloader/assets/grub_*cfg_asset.go: update Copyright
- build-aux/snap/snapcraft.yaml: adjust comment about get-version
- .github/workflows/test.yaml: add check in github actions for dirty
snapd snaps
- build-aux/snap/snapcraft.yaml: use build-packages, don't fail
dirty builds
- data/selinux: allow poking /proc/xen
* New upstream release, LP: #1955137
- buid-aux: set version before calling ./generate-packaging-dir
This fixes the "dirty" suffix in the auto-generated version
* New upstream release, LP: #1955137
- interfaces/builtin/opengl.go: add boot_vga sys/devices file
- o/configstate/configcore: add tmpfs.size option
- tests: moving to manual opensuse 15.2
- cmd/snap-device-helper: bring back the device type identification
behavior, but for remove action fallback only
- cmd/snap-failure: use snapd from the snapd snap if core is not
present
- tests/core/failover: enable the test on core18
- o/devicestate: ensure proper order when remodel does a simple
switch-snap-channel
- builtin/interfaces: add shared memory interface
- overlord: extend kernel/base success and failover with bootenv
checks
- o/snapstate: check disk space w/o store if possible
- snap-bootstrap: Mount snaps read only
- gadget/install: do not re-create partitions using OnDiskVolume
after deletion
- many: fix formatting w/ latest go version
- devicestate,timeutil: improve logging of NTP sync
- tests/main/security-device-cgroups-helper: more debugs
- cmd/snap: print a placeholder for version of broken snaps
- o/snapstate: mock system with classic confinement support
- cmd: Fixup .clangd to use correct syntax
- tests: run spread tests in fedora-35
- data/selinux: allow snapd to access /etc/modprobe.d
- mount-control: step 2
- daemon: add multiple snap sideload to API
- tests/lib/pkgdb: install dbus-user-session during prepare, drop
dbus-x11
- systemd: provide more detailed errors for unimplemented method in
emulation mode
- tests: avoid checking TRUST_TEST_KEYS on restore on remodel-base
test
- tests: retry umounting /var/lib/snapd/seed on uc20 on fsck-on-boot
test
- o/snapstate: add hide/expose snap data to backend
- interfaces: kernel-module-load
- snap: add support for `snap watch
--last={revert,enable,disable,switch}`
- tests/main/security-udev-input-subsystem: drop info from udev
- tests/core/kernel-and-base-single-reboot-failover,
tests/lib/fakestore: verify failover scenario
- tests/main/security-device-cgroups-helper: collect some debug info
when the test fails
- tests/nested/manual/core20-remodel: wait for device to have a
serial before starting a remodel
- tests/main/generic-unregister: test re-registration if not blocked
- o/snapstate, assertsate: validation sets/undo on partial failure
- tests: ensure snapd can be downloaded as a module
- snapdtool, many: support additional key/value flags in info file
- data/env: improve fish shell env setup
- usersession/client: provide a way for client to send messages to a
subset of users
- tests: verify that simultaneous refresh of kernel and base
triggers a single reboot only
- devicestate: Unregister deletes the device key pair as well
- daemon,tests: support forgetting device serial via API
- asserts: change behavior of alternative attribute matcher
- configcore: relax validation rules for hostname
- cmd/snap-confine: do not include libglvnd libraries from the host
system
- overlord, tests: add managers and a spread test for UC20 to UC22
remodel
- HACKING.md: adjust again for building the snapd snap
- systemd: add support for systemd unit alias names
- o/snapstate: add InstallPathMany
- gadget: allow EnsureLayoutCompatibility to ensure disk has all
laid out structsnow reject/fail:
- packaging/ubuntu, packaging/debian: depend on dbus-session-bus
provider (#11111)
- interfaces/interfaces/scsi_generic: add interface for scsi generic
de (#10936)
- osutil/disks/mockdisk.go: add MockDevicePathToDiskMapping
- interfaces/microstack-support: set controlsDeviceCgroup to true
- network-setup-control: add netplan generate D-Bus rules
- interface/builtin/log_observe: allow to access /dev/kmsg
- .github/workflows/test.yaml: restore failing of spread tests on
errors (nested)
- gadget: tweaks to DiskStructureDeviceTraits + expand test cases
- tests/lib/nested.sh: allow tests to use their own core18 in extra-
snaps-path
- interfaces/browser-support: Update rules for Edge
- o/devicestate: during remodel first check pending download tasks
for snaps
- polkit: add a package to validate polkit policy files
- HACKING.md: document building the snapd snap and splicing it into
the core snap
- interfaces/udev: fix installing snaps inside lxd in 21.10
- o/snapstate: refactor disk space checks
- tests: add (strict) microk8s smoke test
- osutil/strace: try to enable strace on more arches
- cmd/libsnap-confine-private: fix snap-device-helper device allow
list modification on cgroup v2
- tests/main/snapd-reexec-snapd-snap: improve debugging
- daemon: write formdata file parts to snaps dir
- systemd: add support for .target units
- tests: run snap-disconnect on uc16
- many: add experimental setting to allow using ~/.snap/data instead
of ~/snap
- overlord/snapstate: perform a single reboot when updating boot
base and kernel
- kernel/fde: add DeviceUnlockKernelHookDeviceMapperBackResolver,
use w/ disks pkg
- o/devicestate: introduce DeviceManager.Unregister
- interfaces: allow receiving PropertiesChanged on the mpris plug
- tests: new tool used to retrieve data from mongo db
- daemon: amend ssh keys coming from the store
- tests: Include the tools from snapd-testing-tools project in
"$TESTSTOOLS"
- tests: new workflow step used to report spread error to mongodb
- interfaces/builtin/dsp: update proc files for ambarella flavor
- gadget: replace ondisk implementation with disks package, refactor
part calcs
- tests: Revert "tests: disable flaky uc18 tests until systemd is
fixed"
- Revert: "many: Vendor apparmor-3.0.3 into the snapd snap"
- asserts: rename "white box" to "clear box" (woke checker)
- many: Vendor apparmor-3.0.3 into the snapd snap
- tests: reorganize the debug-each on the spread.yaml
- packaging: sync with downstream packaging in Fedora and openSUSE
- tests: disable flaky uc18 tests until systemd is fixed
- data/env: provide profile setup for fish shell
- tests: use ubuntu-image 1.11 from stable channel
- gadget/gadget.go: include disk schema in the disk device volume
traits too
- tests/main/security-device-cgroups-strict-enforced: extend the
comments
- README.md: point at bugs.launchpad.net/snapd instead of snappy
project
- osutil/disks: introduce RegisterDeviceMapperBackResolver + use for
crypt-luks2
- packaging: make postrm script robust against `rm` failures
- tests: print extra debug on auto-refresh-gating test failure
- o/assertstate, api: move enforcing/monitoring from api to
assertstate, save history
- tests: skip the test-snapd-timedate-control-consumer.date to avoid
NTP sync error
- gadget/install: use disks functions to implement deviceFromRole,
also rename
- tests: the `lxd` test is failing right now on 21.10
- o/snapstate: account for deleted revs when undoing install
- interfaces/builtin/block_devices: allow blkid to print block
device attributes
- gadget: include size + sector-size in DiskVolumeDeviceTraits
- cmd/libsnap-confine-private: do not deny all devices when reusing
the device cgroup
- interfaces/builtin/time-control: allow pps access
- o/snapstate/handlers: propagate read errors on "copy-snap-data"
- osutil/disks: add more fields to Partition, populate them during
discovery
- interfaces/u2f-devices: add Trezor and Trezor v2 keys
- interfaces: timezone-control, add permission for ListTimezones
DBus call
- o/snapstate: remove repeated test assertions
- tests: skip `snap advise-command` test if the store is overloaded
- cmd: create ~/snap dir with 0700 perms
- interfaces/apparmor/template.go: allow udevadm from merged usr
systems
- github: leave a comment documenting reasons for pipefail
- github: enable pipefail when running spread
- osutil/disks: add DiskFromPartitionDeviceNode
- gadget, many: add model param to Update()
- cmd/snap-seccomp: add riscv64 support
- o/snapstate: maintain a RevertStatus map in SnapState
- tests: enable lxd tests on impish system
- tests: (partially) revert the memory limits PR#r10241
- o/assertstate: functions for handling validation sets tracking
history
- tests: some improvements for the spread log parser
- interfaces/network-manager-observe: Update for libnm / dart
clients
- tests: add ntp related debug around "auto-refresh" test
- boot: expand on the fact that reseal taking modeenv is very
intentional
- cmd/snap-seccomp/syscalls: update syscalls to match libseccomp
abad8a8f4
- data/selinux: update the policy to allow snapd to talk to
org.freedesktop.timedate1
- o/snapstate: keep old revision if install doesn't add new one
- overlord/state: add a unit test for a kernel+base refresh like
sequence
- desktop, usersession: observe notifications
- osutil/disks: add AllPhysicalDisks()
- timeutil,deviceutil: fix unit tests on systems without dbus or
without ntp-sync
- cmd/snap-bootstrap/README: explain all the things (well most of
them anyways)
- docs: add run-checks dependency install instruction
- o/snapstate: do not prune refresh-candidates if gate-auto-refresh-
hook feature is not enabled
- o/snapstate: test relink remodel helpers do a proper subset of
doInstall and rework the verify*Tasks helpers
- tests/main/mount-ns: make the test run early
- tests: add `--debug` to netplan apply
- many: wait for up to 10min for NTP synchronization before
autorefresh
- tests: initialize CHANGE_ID in _wait_autorefresh
- sandbox/cgroup: freeze and thaw cgroups related to services and
scopes only
- tests: add more debug around qemu-nbd
- o/hookstate: print cohort with snapctl refresh --pending (#10985)
- tests: misc robustness changes
- o/snapstate: improve install/update tests (#10850)
- tests: clean up test tools
- spread.yaml: show `journalctl -e` for all suites on debug
- tests: give interfaces-udisks2 more time for the loop device to
appear
- tests: set memory limit for snapd
- tests: increase timeout/add debug around nbd0 mounting (up, see
LP:#1949513)
- snapstate: add debug message where a snap is mounted
- tests: give nbd0 more time to show up in preseed-lxd
- interfaces/dsp: add more ambarella things
- cmd/snap: improve snap disconnect arg parsing and err msg
- tests: disable nested lxd snapd testing
- tests: disable flaky "interfaces-udisks2" on ubuntu-18.04-32
- o/snapstate: avoid validationSetsSuite repeating snapmgrTestSuite
- sandbox/cgroup: wait for start transient unit job to finish
- o/snapstate: fix task order, tweak errors, add unit tests for
remodel helpers
- osutil/disks: re-org methods for end of usable region, size
information
- build-aux: ensure that debian packaging matches build-base
- docs: update HACKING.md instructions for snapd 2.52 and later
- spread: run lxd tests with version from latest/edge
- interfaces: suppress denial of sys_module capability
- osutil/disks: add methods to replace gadget/ondisk functions
- tests: split test tools - part 1
- tests: fix nested tests on uc20
- data/selinux: allow snap-confine to read udev's database
- i/b/common_test: refactor AppArmor features test
- tests: run spread tests on debian 11
- o/devicestate: copy timesyncd clock timestamp during install
- interfaces/builtin: do not probe parser features when apparmor
isn't available
- interface/modem-manager: allow connecting to the mbim/qmi proxy
- tests: fix error message in run-checks
- tests: spread test for validation sets enforcing
- cmd/snap-confine: lazy set up of device cgroup, only when devices
were assigned
- o/snapstate: deduplicate snap names in remove/install/update
- tests/main/selinux-data-context: use session when performing
actions as test user
- packaging/opensuse: sync with openSUSE packaging, enable AppArmor
on 15.3+
- interfaces: skip connection of netlink interface on older
systems
- asserts, o/snapstate: honor IgnoreValidation flag when checking
installed snaps
- tests/main/apparmor-batch-reload: fix fake apparmor_parser to
handle --preprocess
- sandbox/apparmor, interfaces/apparmor: detect bpf capability,
generate snippet for s-c
- release-tools/repack-debian-tarball.sh: fix c-vendor dir
- tests: test for enforcing with prerequisites
- tests/main/snapd-sigterm: fix race conditions
- spread: run lxd tests with version from latest/stable
- run-checks: remove --spread from help message
- secboot: use latest secboot with tpm legacy platform and v2 fully
optional
- tests/lib/pkgdb: install strace on Debian 11 and Sid
- tests: ensure systemd-timesyncd is installed on debian
- interfaces/u2f-devices: add Nitrokey 3
- tests: update the ubuntu-image channel to candidate
- osutil/disks/labels: simplify decoding algorithm
- tests: not testing lxd snap anymore on i386 architecture
- o/snapstate, hookstate: print remaining hold time on snapctl
--hold
- cmd/snap: support --ignore-validation with snap install client
command
- tests/snapd-sigterm: be more robust against service restart
- tests: simplify mock script for apparmor_parser
- o/devicestate, o/servicestate: update gadget assets and cmdline
when remodeling
- tests/nested/manual/refresh-revert-fundamentals: re-enable
encryption
- osutil/disks: fix bug in BlkIDEncodeLabel, add BlkIDDecodeLabel
- gadget, osutil/disks: fix some bugs from prior PR'sin the dir.
- secboot: revert move to new version (revert #10715)
- cmd/snap-confine: die when snap process is outside of snap
specific cgroup
- many: mv MockDeviceNameDisksToPartitionMapping ->
MockDeviceNameToDiskMapping
- interfaces/builtin: Add '/com/canonical/dbusmenu' path access to
'unity7' interface
- interfaces/builtin/hardware-observer: add /proc/bus/input/devices
too
- osutil/disks, many: switch to defining Partitions directly for
MockDiskMapping
- tests: remove extra-snaps-assertions test
- interface/modem-manager: add accept for MBIM/QMI proxy clients
- tests/nested/core/core20-create-recovery: fix passing of data to
curl
- daemon: allow enabling enforce mode
- daemon: use the syscall connection to get the socket credentials
- i/builtin/kubernetes_support: add access to Calico lock file
- osutil: ensure parent dir is opened and sync'd
- tests: using test-snapd-curl snap instead of http snap
- overlord: add managers unit test demonstrating cyclic dependency
between gadget and kernel updates
- gadget/ondisk.go: include the filesystem UUID in the returned
OnDiskVolume
- packaging: fixes for building on openSUSE
- o/configcore: allow hostnames up to 253 characters, with dot-
delimited elements
- gadget/ondisk.go: add listBlockDevices() to get all block devices
on a system
- gadget: add mapping trait types + functions to save/load
- interfaces: add polkit security backend
- cmd/snap-confine/snap-confine.apparmor.in: update ld rule for
s390x impish
- tests: merge coverage results
- tests: remove "features" from fde-setup.go example
- fde: add new device-setup support to fde-setup
- gadget: add `encryptedDevice` and add encryptedDeviceLUKS
- spread: use `bios: uefi` for uc20
- client: fail fast on non-retryable errors
- tests: support running all spread tests with experimental features
- tests: check that a snap that doesn't have gate-auto-refresh hook
can call --proceed
- o/snapstate: support ignore-validation flag when updating to a
specific snap revision
- o/snapstate: test prereq update if started by old version
- tests/main: disable cgroup-devices-v1 and freezer tests on 21.10
- tests/main/interfaces-many: run both variants on all possible
Ubuntu systems
- gadget: mv ensureLayoutCompatibility to gadget proper, add
gadgettest pkg
- many: replace state.State restart support with overlord/restart
- overlord: fix generated snap-revision assertions in remodel unit
tests
* New upstream release, LP: #1929842
- devicestate: mock devicestate.MockTimeutilIsNTPSynchronized to
avoid host env leaking into tests
- timeutil: return NoTimedate1Error if it can't connect to the
system bus
* New upstream release, LP: #1929842
- devicestate: Unregister deletes the device key pair as well
- daemon,tests: support forgetting device serial via API
- configcore: relax validation rules for hostname
- o/devicestate: introduce DeviceManager.Unregister
- packaging/ubuntu, packaging/debian: depend on dbus-session-bus
provider
- many: wait for up to 10min for NTP synchronization before
autorefresh
- interfaces/interfaces/scsi_generic: add interface for scsi generic
devices
- interfaces/microstack-support: set controlsDeviceCgroup to true
- interface/builtin/log_observe: allow to access /dev/kmsg
- daemon: write formdata file parts to snaps dir
- spread: run lxd tests with version from latest/edge
- cmd/libsnap-confine-private: fix snap-device-helper device allow
list modification on cgroup v2
- interfaces/builtin/dsp: add proc files for monitoring Ambarella
DSP firmware
- interfaces/builtin/dsp: update proc file accordingly
* New upstream release, LP: #1946127
- interfaces/builtin/block_devices: allow blkid to print block
device attributes/run/udev/data/b{major}:{minor}
- cmd/libsnap-confine-private: do not deny all devices when reusing
the device cgroup
- interfaces/builtin/time-control: allow pps access
- interfaces/u2f-devices: add Trezor and Trezor v2 keys
- interfaces: timezone-control, add permission for ListTimezones
DBus call
- interfaces/apparmor/template.go: allow udevadm from merged usr
systems
- interface/modem-manager: allow connecting to the mbim/qmi proxy
- interfaces/network-manager-observe: Update for libnm client
library
- cmd/snap-seccomp/syscalls: update syscalls to match libseccomp
abad8a8f4
- sandbox/cgroup: freeze and thaw cgroups related to services and
scopes only
- o/hookstate: print cohort with snapctl refresh --pending
- cmd/snap-confine: lazy set up of device cgroup, only when devices
were assigned
- tests: ensure systemd-timesyncd is installed on debian
- tests/lib/pkgdb: install strace on Debian 11 and Sid
- tests/main/snapd-sigterm: flush, use retry
- tests/main/snapd-sigterm: fix race conditions
- release-tools/repack-debian-tarball.sh: fix c-vendor dir
- data/selinux: allow snap-confine to read udev's database
- interfaces/dsp: add more ambarella things* interfaces/dsp: add
more ambarella things
* New upstream release, LP: #1946127
- spread: run lxd tests with version from latest/stable
- secboot: use latest secboot with tpm legacy platform and v2 fully
optional (#10946)
- cmd/snap-confine: die when snap process is outside of snap
specific cgroup (2.53)
- interfaces/u2f-devices: add Nitrokey 3
- Update the ubuntu-image channel to candidate
- Allow hostnames up to 253 characters, with dot-delimited elements
(as suggested by man 7 hostname).
- Disable i386 until it is possible to build snapd using lxd
- o/snapstate, hookstate: print remaining hold time on snapctl
--hold
- tests/snapd-sigterm: be more robust against service restart
- tests: add a regression test for snapd hanging on SIGTERM
- daemon: use the syscall connection to get the socket
credentials
- interfaces/builtin/hardware-observer: add /proc/bus/input/devices
too
- cmd/snap-confine/snap-confine.apparmor.in: update ld rule for
s390x impish
- interface/modem-manager: add accept for MBIM/QMI proxy clients
- secboot: revert move to new version
* New upstream release, LP: #1946127
- overlord: fix generated snap-revision assertions in remodel unit
tests
- snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
- interfaces/modem-manager: add access to PCIe modems
- overlord/devicestate: record recovery capable system on a
successful remodel
- o/snapstate: use device ctx in prerequisite install/update
- osutil/disks: support filtering by mount opts in
MountPointsForPartitionRoot
- many: support an API flag system-restart-immediate to make snap
ops proceed immediately with system restarts
- osutil/disks: add RootMountPointsForPartition
- overlord/devicestate, tests: enable UC20 remodel, add spread tests
- cmd/snap: improve snap run help message
- o/snapstate: support ignore validation flag on install/update
- osutil/disks: add Disk.FindMatchingPartitionWith{Fs,Part}Label
- desktop: implement gtk notification backend and provide minimal
notification api
- tests: use the latest cpu family for nested tests execution
- osutil/disks: add Partition struct and Disks.Partitions()
- o/snapstate: prevent install hang if prereq install fails
- osutil/disks: add Disk.KernelDevice{Node,Path} methods
- disks: add `Size(path)` helper
- tests: reset some mount units failing on ubuntu impish
- osutil/disks: add DiskFromDevicePath, other misc changes
- interfaces/apparmor: do not fail during initialization when there
is no AppArmor profile for snap-confine
- daemon: implement access checkers for themes API
- interfaces/seccomp: add clone3 to default template
- interfaces/u2f-devices: add GoTrust Idem Key
- o/snapstate: validation sets enforcing on update
- o/ifacestate: don't fail remove if disconnect hook fails
- tests: fix error trying to create the extra-snaps dir which
already exists
- devicestate: use EncryptionType
- cmd/libsnap-confine-private: workaround BPF memory accounting,
update apparmor profile
- tests: skip system-usernames-microk8s when TRUST_TEST_KEYS is
false
- interfaces/dsp: add a usb rule to the ambarella flavor
- interfaces/apparmor/template.go: allow inspection of dbus
mediation level
- tests/main/security-device-cgroups: fix when both variants run on
the same host
- cmd/snap-confine: update s-c apparmor profile to allow versioned
ld.so
- many: rename systemd.Kind to Backend for a bit more clarity
- cmd/libsnap-confine-private: fix set but unused variable in the
unit tests
- tests: fix netplan test on i386 architecture
- tests: fix lxd-mount-units test which is based on core20 in ubuntu
focal system
- osutil/disks: add new `CreateLinearMapperDevice` helper
- cmd/snap: wait while inhibition file is present
- tests: cleanup the job workspace as first step of the actions
workflow
- tests: use our own image for ubuntu impish
- o/snapstate: update default provider if missing required content
- o/assertstate, api: update validation set assertions only when
updating all snaps
- fde: add HasDeviceUnlock() helper
- secboot: move to new version
- o/ifacestate: don't lose connections if snaps are broken
- spread: display information about current device cgroup in debug
dump
- sysconfig: set TMPDIR in tests to avoid cluttering the real /tmp
- tests, interfaces/builtin: introduce 21.10 cgroupv2 variant, tweak
tests for cgroupv2, update builtin interfaces
- sysconfig/cloud-init: filter MAAS c-i config from ubuntu-seed on
grade signed
- usersession/client: refactor doMany() method
- interfaces/builtin/opengl.go: add libOpenGL.so* too
- o/assertstate: check installed snaps when refreshing validation
set assertions
- osutil: helper for injecting run time faults in snapd
- tests: update test nested tool part 2
- libsnap-confine: use the pid parameter
- gadget/gadget.go: LaidOutSystemVolumeFromGadget ->
LaidOutVolumesFromGadget
- tests: update the time tolerance to fix the snapd-state test
- .github/workflows/test.yaml: revert #10809
- tests: rename interfaces-hooks-misbehaving spread test to install-
hook-misbehaving
- data/selinux: update the policy to allow s-c to manipulate BPF map
and programs
- overlord/devicestate: make settle wait longer in remodel tests
- kernel/fde: mock systemd-run in unit test
- o/ifacestate: do not create stray task in batchConnectTasks if
there are no connections
- gadget: add VolumeName to Volume and VolumeStructure
- cmd/libsnap-confine-private: use root when necessary for BPF
related operations
- .github/workflows/test.yaml: bump action-build to 1.0.9
- o/snapstate: enforce validation sets/enforce on InstallMany
- asserts, snapstate: return full validation set keys from
CheckPresenceRequired and CheckPresenceInvalid
- cmd/snap: only log translation warnings in debug/testing
- tests/main/preseed: update for new base snap of the lxd snap
- tests/nested/manual: use loop for checking for initialize-system
task done
- tests: add a local snap variant to testing prepare-image gating
support
- tests/main/security-device-cgroups-strict-enforced: demonstrate
device cgroup being enforced
- store: one more tweak for the test action timeout
- github: do not fail when codecov upload fails
- o/devicestate: fix flaky test remodel clash
- o/snapstate: add ChangeID to conflict error
- tests: fix regex of TestSnapActionTimeout test
- tests: fix tests for 21.10
- tests: add test for store.SnapAction() request timeout
- tests: print user sessions info on debug-each
- packaging: backports of golang-go 1.13 are good enough
- sysconfig/cloudinit: add cloudDatasourcesInUseForDir
- cmd: build gdb shims as static binaries
- packaging/ubuntu: pass GO111MODULE to dh_auto_test
- cmd/libsnap-confine-private, tests, sandbox: remove warnings about
cgroup v2, drop forced devmode
- tests: increase memory quota in quota-groups-systemd-accounting
- tests: be more robust against a new day stepping in
- usersession/xdgopenproxy: move PortalLauncher class to own package
- interfaces/builtin: fix microstack unit tests on distros using
/usr/libexec
- cmd/snap-confine: handle CURRENT_TAGS on systems that support it
- cmd/libsnap-confine-private: device cgroup v2 support
- o/servicestate: Update task summary for restart action
- packaging, tests/lib/prepare-restore: build packages without
network access, fix building debs with go modules
- systemd: add AtLeast() method, add mocking in systemdtest
- systemd: use text.template to generate mount unit
- o/hookstate/ctlcmd: Implement snapctl refresh --show-lock command
- o/snapstate: optimize conflicts around snaps stored on
conditional-auto-refresh task
- tests/lib/prepare.sh: download core20 for UC20 runs via
BASE_CHANNEL
- mount-control: step 1
- go: update go.mod dependencies
- o/snapstate: enforce validation sets on snap install
- tests: revert revert manual lxd removal
- tests: pre-cache snaps in classic and core systems
- tests/lib/nested.sh: split out additional helper for adding files
to VM imgs
- tests: update nested tool - part1
- image/image_linux.go: add newline
- interfaces/block-devices: support to access the state of block
devices
- o/hookstate: require snap-refresh-control interface for snapctl
refresh --proceed
- build-aux: stage libgcc1 library into snapd snap
- configcore: add read-only netplan support
- tests: fix fakedevicesvc service already exists
- tests: fix interfaces-libvirt test
- tests: remove travis leftovers
- spread: bump delta ref to 2.52
- packaging: ship the `snapd.apparmor.service` unit in debian
- packaging: remove duplicated `golang-go` build-dependency
- boot: record recovery capable systems in recovery bootenv
- tests: skip overlord tests on riscv64 due to timeouts.
- overlord/ifacestate: fix arguments in unit tests
- ifacestate: undo repository connection if doConnect fails
- many: remove unused parameters
- tests: failure of prereqs on content interface doesn't prevent
install
- tests/nested/manual/refresh-revert-fundamentals: fix variable use
- strutil: add Intersection()
- o/ifacestate: special-case system-files and force refreshing its
static attributes
- interface/builtin: add qualcomm-ipc-router interface for
AF_QIPCRTR socket protocol
- tests: new snapd-state tool
- codecov: fix files pathnames
- systemd: add mock systemd helper
- tests/nested/core/extra-snaps-assertions: fix the match pattern
- image,c/snap,tests: support enforcing validations in prepare-image
via --customize JSON validation enforce(|ignore)
- o/snapstate: enforce validation sets assertions when removing
snaps
- many: update deps
- interfaces/network-control: additional ethernet rule
- tests: use host-scaled settle timeout for hookstate tests
- many: move to go modules
- interfaces: no need for snapRefreshControlInterface struct
- interfaces: introduce snap-refresh-control interface
- tests: move interfaces-libvirt test back to 16.04
- tests: bump the number of retries when waiting for /dev/nbd0p1
- tests: add more space on ubuntu xenial
- spread: add 21.10 to qemu, remove 20.10 (EOL)
- packaging: add libfuse3-dev build dependency
- interfaces: add microstack-support interface
- wrappers: fix a bunch of duplicated service definitions in tests
- tests: use host-scaled timeout to avoid riscv64 test failure
- many: fix run-checks gofmt check
- tests: spread test for snapctl refresh --pending/--proceed from
the snap
- o/assertstate,daemon: refresh validation sets assertions with snap
declarations
- tests: migrate tests that are only executed on xenial to bionic
- tests: remove opensuse-15.1 and add opensuse-15.3 from spread runs
- packaging: update master changelog for 2.51.7
- sysconfig/cloudinit: fix bug around error state of cloud-init
- interfaces, o/snapstate: introduce AffectsPlugOnRefresh flag
- interfaces/interfaces/ion-memory-control: add: add interface for
ion buf
- interfaces/dsp: add /dev/ambad into dsp interface
- tests: new spread log parser
- tests: check files and dirs are cleaned for each test
- o/hookstate/ctlcmd: unify the error message when context is
missing
- o/hookstate: support snapctl refresh --pending from snap
- many: remove unused/dead code
- cmd/libsnap-confine-private: add BPF support helpers
- interfaces/hardware-observe: add some dmi properties
- snapstate: abort kernel refresh if no gadget update can be found
- many: shellcheck fixes
- cmd/snap: add Size column to refresh --list
- packaging: build without dwarf debugging data
- snapstate: fix misleading `assumes` error message
- tests: fix restore in snapfuse spread tests
- o/assertstate: fix missing 'scheduled' header when auto refreshing
assertions
- o/snapstate: fail remove with invalid snap names
- o/hookstate/ctlcmd: correct err message if missing root
- .github/workflows/test.yaml: fix logic
- o/snapstate: don't hold some snaps if not all snaps can be held by
the given gating snap
- c-vendor.c: new c-vendor subdir
- store: make sure expectedZeroFields in tests gets updated
- overlord: add manager test for "assumes" checking
- store: deal correctly with "assumes" from the store raw yaml
- sysconfig/cloudinit.go: add functions for filtering cloud-init
config
- cgroup-support: allow to hide cgroupv2 warning via ENV
- gadget: Export mkfs functions for use in ubuntu-image
- tests: set to 10 minutes the kill timeout for tests failing on
slow boards
- .github/workflows/test.yaml: test github.events key
- i18n/xgettext-go: preserve already escaped quotes
- cmd/snap-seccomp/syscalls: update syscalls list to libseccomp
v2.2.0-428-g5c22d4b
- github: do not try to upload coverage when working with cached run
- tests/main/services-install-hook-can-run-svcs: shellcheck issue
fix
- interfaces/u2f-devices: add Nitrokey FIDO2
- testutil: add DeepUnsortedMatches Checker
- cmd, packaging: import BPF headers from kernel, detect whether
host headers are usable
- tests: fix services-refresh-mode test
- tests: clean snaps.sh helper
- tests: fix timing issue on security-dev-input-event-denied test
- tests: update systems for sru validation
- .github/workflows: add codedov again
- secboot: remove duplicate import
- tests: stop the service when is active in test interfaces-
firewall-control test
- packaging: remove TEST_GITHUB_AUTOPKGTEST support
- packaging: merge 2.51.6 changelog back to master
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
- tests: remove the test user just when it was installed on create-
user-2 test
- spread: temporarily fix the ownership of /home/ubuntu/.ssh on
21.10
- daemon, o/snapstate: handle IgnoreValidation flag on install (2/3)
- usersession/agent: refactor common JSON validation into own
function
- o/hookstate: allow snapctl refresh --proceed from snaps
- cmd/libsnap-confine-private: fix issues identified by coverity
- cmd/snap: print logs in local timezone
- packaging: changelog for 2.51.5 to master
- build-aux: build with go-1.13 in the snapcraft build too
- config: rename "virtual" config to "external" config
- devicestate: add `snap debug timings --ensure=install-system`
- interfaces/builtin/raw_usb: fix platform typo, fix access to usb
devices accessible through platform
- o/snapstate: remove commented out code
- cmd/snap-device-helper: reimplement snap-device-helper
- cmd/libsnap-confine-private: fix coverity issues in tests, tweak
uses of g_assert()
- o/devicestate/handlers_install.go: add workaround to create dirs
for install
- o/assertstate: implement ValidationSetAssertionForEnforce helper
- clang-format: stop breaking my includes
- o/snapstate: allow auto-refresh limited to snaps affected by a
specific gating snap
- tests: fix core-early-config test to use tests.nested tool
- sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init
datasource
- c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags
to snap/snapctl
- corecfg: add "system.hostname" setting to the system settings
- wrappers: measure time to enable services in StartServices()
- configcore: fix early config timezone handling
- tests/nested/manual: enable serial assertions on testkeys nested
VM's
- configcore: fix a bunch of incorrect error returns
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
- packaging: merge 2.51.4 changelog back to master
- {device,snap}state: skip kernel extraction in seeding
- vendor: move to snapshot-4c814e1 branch and set fixed KDF options
- tests: use bigger storage on ubuntu 21.10
- snap: support links map in snap.yaml (and later from the store
API)
- o/snapstate: add AffectedByRefreshCandidates helper
- configcore: register virtual config for timezone reading
- cmd/libsnap-confine-private: move device cgroup files, add helper
to deny a device
- tests: fix cached-results condition in github actions workflow
- interfaces/tee: add support for Qualcomm qseecom device node
- packaging: fix build failure on bionic and simplify rules
- o/snapstate: affectedByRefresh tweaks
- tests: update nested wait for snapd command
- interfaces/builtin: allow access to per-user GTK CSS overrides
- tests/main/snapd-snap: install 4.x snapcraft to build the snapd
snap
- snap/squashfs: handle squashfs-tools 4.5+
- asserts/snapasserts: CheckPresenceInvalid and
CheckPresenceRequired methods
- cmd/snap-confine: refactor device cgroup handling to enable easier
v2 integration
- tests: skip udp protocol on latest ubuntus
- cmd/libsnap-confine-private: g_spawn_check_exit_status is
deprecated since glib 2.69
- interfaces: s/specifc/specific/
- github: enable gofmt for Go 1.13 jobs
- overlord/devicestate: UC20 specific set-model, managers tests
- o/devicestate, sysconfig: refactor cloud-init config permission
handling
- config: add "virtual" config via config.RegisterVirtualConfig
- packaging: switch ubuntu to use golang-1.13
- snap: change `snap login --help` to not mention "buy"
- tests: removing Ubuntu 20.10, adding 21.04 nested in spread
- tests/many: remove lxd systemd unit to prevent unexpected
leftovers
- tests/main/services-install-hook-can-run-svcs: make variants more
obvious
- tests: force snapd-session-agent.socket to be re-generated
* New upstream release, LP: #1942646
- snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
for the disk (if not present already)
- many: support an API flag system-restart-immediate to make snap
ops proceed immediately with system restarts
- cmd/libsnap-confine-private: g_spawn_check_exit_status is
deprecated since glib 2.69
- interfaces/seccomp: add clone3 to default template
- interfaces/apparmor/template.go: allow inspection of dbus
mediation level
- interfaces/dsp: add a usb rule to the ambarella flavor
- cmd/snap-confine: update s-c apparmor profile to allow versioned
ld.so
- o/ifacestate: don't lose connections if snaps are broken
- interfaces/builtin/opengl.go: add libOpenGL.so* too
- interfaces/hardware-observe: add some dmi properties
- build-aux: stage libgcc1 library into snapd snap
- interfaces/block-devices: support to access the state of block
devices
- packaging: ship the `snapd.apparmor.service` unit in debian
* New upstream release, LP: #1942646
- interface/builtin: add qualcomm-ipc-router interface for
AF_QIPCRTR socket protocol
- o/ifacestate: special-case system-files and force refreshing its
static attributes
- interfaces/network-control: additional ethernet rule
- packaging: update 2.52 changelog with 2.51.7
- interfaces/interfaces/ion-memory-control: add: add interface for
ion buf
- packaging: merge 2.51.6 changelog back to 2.52
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
- many: merge release/2.51 change to release/2.52
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
- o/servicestate: use snap app names for ExplicitServices of
ServiceAction
- tests/main/services-install-hook-can-run-svcs: add variant w/o
--enable
- o/servicestate: revert only start enabled services
- tests: adding Ubuntu 21.10 to spread test suite
- interface/modem-manager: add support for MBIM/QMI proxy clients
- cmd/snap/model: support storage-safety and snaps headers too
- o/assertstate: Implement EnforcedValidationSets helper
- tests: using retry tool for nested tests
- gadget: check for system-save with multi volumes if encrypting
correctly
- interfaces: make the service naming entirely internal to systemd
BE
- tests/lib/reset.sh: fix removing disabled snaps
- store/store_download.go: use system snap provided xdelta3 priority
+ fallback
- packaging: merge changelog from 2.51.3 back to master
- overlord: only start enabled services
- interfaces/builtin: add sd-control interface
- tests/nested/cloud-init-{never-used,nocloud}-not-vuln: fix tests,
use 2.45
- tests/lib/reset.sh: add workaround from refresh-vs-services tests
for all tests
- o/assertstate: check for conflicts when refreshing and committing
validation set asserts
- devicestate: add support to save timings from install mode
- tests: new tests.nested commands copy and wait-for
- install: add a bunch of nested timings
- tests: drop any-python wrapper
- store: set ResponseHeaderTimeout on the default transport
- tests: fix test-snapd-user-service-sockets test removing snap
- tests: moving nested_exec to nested.tests exec
- tests: add tests about services vs snapd refreshes
- client, cmd/snap, daemon: refactor REST API for quotas to match
CLI org
- c/snap,asserts: create/delete-key external keypair manager
interaction
- tests: revert disable of the delta download tests
- tests/main/system-usernames-microk8s: disable on centos 7 too
- boot: support device change
- o/snapstate: remove unused refreshSchedule argument for
isRefreshHeld helper
- daemon/api_quotas.go: handle conflicts, returning conflict
response
- tests: test for gate-auto-refresh hook error resulting in hold
- release: 2.51.2
- snapstate/check_snap: add snap_microk8s to shared system-
usernames
- snapstate: remove temporary snap file for local revisions early
- interface: allows reading sd cards internal info from block-
devices interface
- tests: Renaming tool nested-state to tests.nested
- testutil: fix typo in json checker unit tests
- tests: ack assertions by default, add --noack option
- overlord/devicestate: try to pick alternative recovery labels
during remodel
- bootloader/assets: update recovery grub to allow system labels
generated by snapd
- tests: print serial log just once for nested tests
- tests: remove xenial 32 bits
- sandbox/cgroup: do not be so eager to fail when paths do not exist
- tests: run spread tests in ubuntu bionic 32bits
- c/snap,asserts: start supporting ExternalKeypairManager in the
snap key-related commands
- tests: refresh control spread test
- cmd/libsnap-confine-private: do not fail on ENOENT, better getline
error handling
- tests: disable delta download tests for now until the store is
fixed
- tests/nested/manual/preseed: fix for cloud images that ship
without core18
- boot: properly handle tried system model
- tests/lib/store.sh: revert #10470
- boot, seed/seedtest: tweak test helpers
- o/servicestate: TODO and fix preexisting typo
- o/servicestate: detect conflicts for quota group operations
- cmd/snap/quotas: adjust help texts for quota commands
- many/quotas: little adjustments
- tests: add spread test for classic snaps content slots
- o/snapstate: fix check-rerefresh task summary when refresh control
is used
- many: use changes + tasks for quota group operations
- tests: fix test snap-quota-groups when checking file
cgroupProcsFile
- asserts: introduce ExternalKeypairManager
- o/ifacestate: do not visit same halt tasks in waitChainSearch to
avoid cycles
- tests/lib/store.sh: fix make_snap_installable_with_id()
- overlord/devicestate, overlord/assertstate: use a temporary DB
when creating recovery systems
- corecfg: allow using `# snapd-edit: no` header to disable pi-
config# snapd-edit: no
- tests/main/interfaces-ssh-keys: tweak checks for openSUSE
Tumbleweed
- cmd/snap: prevent cycles in waitChainSearch with snap debug state
- o/snapstate: fix populating of affectedSnapInfo.AffectingSnaps for
marking self as affecting
- tests: new parameter used by retry tool to set env vars
- tests: support parameters for match-log on journal-state tool
- configcore: ignore system.pi-config.* setting on measured kernels
- sandbox/cgroup: support freezing groups with unified
hierarchy
- tests: fix preseed test to used core20 snap on latest systems
- testutil: introduce a checker which compares the type after having
passed them through a JSON marshaller
- store: tweak error message when store.Sections() download fails
- o/servicestate: stop setting DoneStatus prematurely for quota-
control
- cmd/libsnap-confine-private: bump max depth of groups hierarchy to
32
- many: turn Contact into an accessor
- store: make the log with download size a debug one
- cmd/snap-update-ns: Revert "cmd/snap-update-ns: add SRCDIR to
include search path"
- o/devicestate: move SystemMode method before first usage
- tests: skip tests when the sections cannot be retrieved
- boot: support resealing with a try model
- o/hookstate: dedicated handler for gate-auto-refresh hook
- tests: make sure the /root/snap dir is backed up on test snap-
user-dir-perms-fixed
- cmd/snap-confine: make mount ns use check cgroup v2 compatible
- snap: fix TestInstallNoPATH unit test failure when SUDO_UID is set
- cmd/libsnap-confine-private/cgroup-support.c: Fix typo
- cmd/snap-confine, cmd/snapd-generator: fix issues identified by
sparse
- o/snapstate: make conditional-auto-refresh conflict with other
tasks via affected snaps
- many: pass device/model info to configcore via sysconfig.Device
interface
- o/hookstate: return bool flag from Error function of hook handler
to ignore hook errors
- cmd/snap-update-ns: add SRCDIR to include search path
- tests: fix for tests/main/lxd-mount-units test and enable
ubuntu-21.04
- overlord, o/devicestate: use a single test helper for resetting to
a post boot state
- HACKING.md: update instructions for go1.16+
- tests: fix restore for security-dev-input-event-denied test
- o/servicestate: move SetStatus to doQuotaControl
- tests: fix classic-prepare-image test
- o/snapstate: prune gating information and refresh-candidates on
snap removal
- o/svcstate/svcstatetest, daemon/api_quotas: fix some tests, add
mock helper
- cmd: a bunch of tweaks and updates
- o/servicestate: refactor meter handling, eliminate some common
parameters
- o/hookstate/ctlcmd: allow snapctl refresh --pending --proceed
syntax.
- o/snapstate: prune refresh candidates in check-rerefresh
- osutil: pass --extrausers option to groupdel
- o/snapstate: remove refreshed snap from snaps-hold in
snapstate.doInstall
- tests/nested: add spread test for uc20 cloud.conf from gadgets
- boot: drop model from resealing and boostate
- o/servicestate, snap/quota: eliminate workaround for buggy
systemds, add spread test
- o/servicestate: introduce internal and servicestatetest
- o/servicestate/quota_control.go: enforce minimum of 4K for quota
groups
- overlord/servicestate: avoid unnecessary computation of disabled
services
- o/hookstate/ctlcmd: do not call ProceedWithRefresh immediately
from snapctl
- o/snapstate: prune hold state during autoRefreshPhase1
- wrappers/services.go: do not restart disabled or inactive
services
- sysconfig/cloudinit.go: allow installing both gadget + ubuntu-seed
config
- spread: switch LXD back to latest/candidate channel
- interfaces/opengl: add support for Imagination PowerVR
- boot: decouple model from seal/reseal handling via an auxiliary
type
- spread, tests/main/lxd: no longer manual, switch to latest/stable
- github: try out golangci-lint
- tests: set lxd test to manual until failures are fixed
- tests: connect 30% of the interfaces on test interfaces-many-core-
provided
- packaging/debian-sid: update snap-seccomp patches for latest
master
- many: fix imports order (according to gci)
- o/snapstate: consider held snaps in autoRefreshPhase2
- o/snapstate: unlock the state before calling backend in
undoStartSnapServices
- tests: replace "not MATCH" by NOMATCH in tests
- README.md: refer to new IRC server
- cmd/snap-preseed: provide more error info if snap-preseed fails
early on mount
- daemon: add a Daemon argument to AccessChecker.CheckAccess
- c/snap-bootstrap: add bind option with tests
- interfaces/builtin/netlink_driver_test.go: add test snippet
- overlord/devicestate: set up recovery system tasks when attempting
a remodel
- osutil,strutil,testutil: fix imports order (according to gci)
- release: merge 2.51.1 changelog
- cmd: fix imports order (according to gci)
- tests/lib/snaps/test-snapd-policy-app-consumer: remove dsp-control
interface
- o/servicestate: move handlers tests to quota_handlers_test.go file
instead
- interfaces: add netlink-driver interface
- interfaces: remove leftover debug print
- systemd: refactor property parsers for int values in
CurrentTasksCount, etc.
- tests: fix debug section for postrm-purge test
- tests/many: change all cloud-init passwords for ubuntu to use
plain_test_passwd
- asserts,interfaces,snap: fix imports order (according to gci)
- o/servicestate/quota_control_test.go: test the handlers directly
- tests: fix issue when checking the udev tag on test security-
device-cgroups
- many: introduce Store.SnapExists and use it in
/v2/accessories/themes
- o/snapstate: update LastRefreshTime in doLinkSnap handler
- o/hookstate: handle snapctl refresh --proceed and --hold
- boot: fix model inconsistency check in modeenv, extend unit tests
- overlord/servicestate: improve test robustness with locking
- tests: first part of the cleanup
- tests: new note in HACKING file to clarify about
yamlordereddictloader dependency
- daemon: make CheckAccess return an apiError
- overlord: fix imports ordering (according to gci)
- o/servicestate: add quotastate handlers
- boot: track model's sign key ID, prepare infra for tracking
candidate model
- daemon: have apiBaseSuite.errorReq return *apiError directly
- o/servicestate/service_control.go: add comment about
ExplicitServices
- interfaces: builtin: add dm-crypt interface to support external
storage encryption
- daemon: split out error response code from response*.go to
errors*.go
- interfaces/dsp: fix typo in udev rule
- daemon,o/devicestate: have DeviceManager.SystemMode take an
expectation on the system
- o/snapstate: add helpers for setting and querying holding time for
snaps
- many: fix quota groups for centos 7, amazon linux 2 w/ workaround
for buggy systemd
- overlord/servicestate: mv ensureSnapServicesForGroup to new file
- overlord/snapstate: lock the mutex before returning from stop snap
services undo
- daemon: drop resp completely in favor of using respJSON
consistently
- overlord/devicestate: support for snap downloads in recovery
system handlers
- daemon: introduce a separate findResponse, simplify SyncRespone
and drop Meta
- overlord/snapstate, overlord/devicestate: exclusive change
conflict check
- wrappers, packaging, snap-mgmt: handle removing slices on purge
too
- services: remember if acting on the entire snap
- store: extend context and action objects of SnapAction with
validation-sets
- o/snapstate: refresh control - autorefresh phase2
- cmd/snap/quota: refactor quota CLI as per new design
- interfaces: opengl: change path for Xilinx zocl driver
- tests: update spread images for ubuntu-core-20 and ubuntu-21.04
- o/servicestate/quota_control_test.go: change helper escaping
- o/configstate/configcore: support snap set system swap.size=...
- o/devicestate: require serial assertion before remodeling can be
started
- systemd: improve systemctl error reporting
- tests/core/remodel: use model assertions signed with valid keys
- daemon: use apiError for more of the code
- store: fix typo in snapActionResult struct json tag
- userd: mock `systemd --version` in privilegedDesktopLauncherSuite
- packaging/fedora: sync with downstream packaging
- daemon/api_quotas.go: include current memory usage information in
results
- daemon: introduce StructuredResponse and apiError
- o/patch: check if we have snapd snap with correct snap type
already in snapstate
- tests/main/snapd-snap: build the snapd snap on all platforms with
lxd
- tests: new commands for snaps-state tool
- tests/main/snap-quota-groups: add functional spread test for quota
groups
- interfaces/dsp: add /dev/cavalry into dsp interface
- cmd/snap/cmd_info_test.go: make test robust against TZ changes
- tests: moving to tests directories snaps built locally - part 2
- usersession/userd: fix unit tests on systems using /var/lib/snapd
- sandbox/cgroup: wait for pid to be moved to the desired cgroup
- tests: fix snap-user-dir-perms-fixed vs format checks
- interfaces/desktop-launch: support confined snaps launching other
snaps
- features: enable dbus-activation by default
- usersession/autostart: change ~/snap perms to 0700 on startup
- cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-data nosuid
- tests: new test static checker
- release-tool/changelog.py: misc fixes from real world usage
- release-tools/changelog.py: add function to generate github
release template
- spread, tests: Fedora 32 is EOL, drop it
- o/snapstate: bump max postponement from 60 to 95 days
- interfaces/apparmor: limit the number of jobs when running with a
single CPU
- packaging/fedora/snapd.spec: correct date format in changelog
- packaging: merge 2.51 changelog back to master
- packaging/ubuntu-16.04/changelog: add 2.50 and 2.50.1 changelogs,
placeholder for 2.51
- interfaces: allow read access to /proc/tty/drivers to modem-
manager and ppp/dev/tty
* New upstream release, LP: #1929842
- cmd/snap-seccomp/syscalls: update syscalls list to libseccomp
v2.2.0-428-g5c22d4b1
- tests: cherry-pick shellcheck fix `bd730fd4`
- interfaces/dsp: add /dev/ambad into dsp interface
- many: shellcheck fixes
- snapstate: abort kernel refresh if no gadget update can be found
- overlord: add manager test for "assumes" checking
- store: deal correctly with "assumes" from the store raw yaml
* New upstream release, LP: #1929842
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
* New upstream release, LP: #1929842
- snap/squashfs: handle squashfs-tools 4.5+
- tests/core20-install-device-file-install-via-hook-hack: adjust
test for 2.51
- o/devicestate/handlers_install.go: add workaround to create dirs
for install
- tests: fix linter warning
- tests: update other spread tests for new behaviour
- tests: ack assertions by default, add --noack option
- release-tools/changelog.py: also fix opensuse changelog date
format
- release-tools/changelog.py: fix typo in function name
- release-tools/changelog.py: fix fedora date format
- release-tools/changelog.py: handle case where we don't have a TZ
- release-tools/changelog.py: fix line length check
- release-tools/changelog.py: specify the LP bug for the release as
an arg too
- interface/modem-manager: add support for MBIM/QMI proxy
clients
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
* New upstream release, LP: #1929842
- {device,snap}state: skip kernel extraction in seeding
- vendor: move to snapshot-4c814e1 branch and set fixed KDF options
- tests/interfaces/tee: fix HasLen check for udev snippets
- interfaces/tee: add support for Qualcomm qseecom device node
- gadget: check for system-save with multi volumes if encrypting
correctly
- gadget: drive-by: drop unnecessary/supported passthrough in test
gadget.yaml
* New upstream release, LP: #1929842
- interfaces/builtin: add sd-control interface
- store: set ResponseHeaderTimeout on the default transport
* New upstream release, LP: #1929842
- snapstate: remove temporary snap file for local revisions early
- interface: allows reading sd cards internal info from block-
devices interface
- o/ifacestate: do not visit same halt tasks in waitChainSearch to
avoid slow convergence (or unlikely cycles)
- corecfg: allow using `# snapd-edit: no` header to disable pi-
config
- configcore: ignore system.pi-config.* setting on measured kernels
- many: pass device/model info to configcore via sysconfig.Device
interface
- o/configstate/configcore: support snap set system swap.size=...
- store: make the log with download size a debug one
- interfaces/opengl: add support for Imagination PowerVR
* New upstream release, LP: #1929842
- interfaces: add netlink-driver interface
- interfaces: builtin: add dm-crypt interface to support external
storage encryption
- interfaces/dsp: fix typo in udev rule
- overlord/snapstate: lock the mutex before returning from stop
snap services undo
- interfaces: opengl: change path for Xilinx zocl driver
- interfaces/dsp: add /dev/cavalry into dsp interface
- packaging/fedora/snapd.spec: correct date format in changelog
* New upstream release, LP: #1929842
- cmd/snap: stacktraces debug endpoint
- secboot: deactivate volume again when model checker fails
- store: extra log message, a few minor cleanups
- packaging/debian-sid: update systemd patch
- snapstate: adjust update-gadget-assets user visible message
- tests/nested/core/core20-create-recovery: verify that recovery
system can be created at runtime
- gadget: support creating vfat partitions during bootstrap
- daemon/api_quotas.go: support updating quotas with ensure action
- daemon: tighten access to a couple of POST endpoints that should
be really be root-only
- seed/seedtest, overlord/devicestate: move seed validation helper
to seedtest
- overlord/hookstate/ctlcmd: remove unneeded parameter
- snap/quota: add CurrentMemoryUsage for current memory usage of a
quota group
- systemd: add CurrentMemoryUsage to get current memory usage for a
unit
- o/snapstate: introduce minimalInstallInfo interface
- o/hookstate: print pending info (ready, inhibited or none)
- osutil: a helper to find out the total amount of memory in the
system
- overlord, overlord/devicestate: allow for reloading modeenv in
devicemgr when testing
- daemon: refine access testing
- spread: disable unattended-upgrades on debian
- tests/lib/reset: make nc exit after a while when connection is
idle
- daemon: replace access control flags on commands with access
checkers
- release-tools/changelog.py: refactor regexp + file reading/writing
- packaging/debian-sid: update locale patch for the latest master
- overlord/devicestate: tasks for creating recovery systems at
runtime
- release-tools/changelog.py: implement script to update all the
changelog files
- tests: change machine type used for nested testsPrices:
- cmd/snap: include locale when linting description being lower case
- o/servicestate: add RemoveSnapFromQuota
- interfaces/serial-port: add Qualcomm serial port devices to
allowed list
- packaging: merge 2.50.1 changelog back
- interfaces/builtin: introduce raw-input interface
- tests: remove tests.cleanup prepare from nested test
- cmd/snap-update-ns: fix linter errors
- asserts: fix errors reported by linter
- o/hookstate/ctlcmd: allow system-mode for non-root
- overlord/devicestate: comment why explicit system mode check is
needed in ensuring tried recovery systems (#10275)
- overlord/devicesate: observe snap writes when creating recovery
systems
- packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1
- tests: moving to tests directories snaps built locally - part 1
- seed/seedwriter: fail early when system seed directory exists
- o/snapstate: autorefresh phase1 for refresh-control
- c/snap: more precise message for ErrorKindSystemRestart op !=
reboot
- tests: simplify the tests.cleanup tool
- boot: helpers for manipulating current and good recovery systems
list
- o/hookstate, o/snapstate: print revision, version, channel with
snapctl --pending
- overlord: unit test tweaks, use well known snap IDs, setup snap
declarations for most common snaps
- tests/nested/manual: add test for install-device + snapctl reboot
- o/servicestate: restart slices + services on modifications
- tests: update mount-ns test to support changes in the distro
- interfaces: fix linter issues
- overlord: mock logger in managers unit tests
- tests: adding support for fedora-34
- tests: adding support for debian 10 on gce
- boot: reseal given keys when the respective boot chain has changed
- secboot: switch encryption key size to 32 byte (thanks to Chris)
- interfaces/dbus: allow claiming 'well-known' D-Bus names with a
wildcard suffix
- spread: bump delta reference version
- interfaces: builtin: update permitted paths to be compatible with
UC20
- overlord: fix errors reported by linter
- tests: remove old fedora systems from tests
- tests: update spread url
- interfaces/camera: allow devices in /sys/devices/platform/**/usb*
- interfaces/udisks2: Allow access to the login manager via dbus
- cmd/snap: exit normally if "snap changes" has no changes
(LP #1823974)
- tests: more fixes for spread suite on openSUSE
- tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed
- daemon: fix linter errors
- spread: add Fedora 34, leave a TODO about dropping Fedora 32
- interfaces: fix linter errors
- tests: use op.paths tools instead of dirs.sh helper - part 2
- client: Fix linter errors
- cmd/snap: Fix errors reported by linter
- cmd/snap-repair: fix linter issues
- cmd/snap-bootstrap: Fix linter errors
- tests: update permission denied message for test-snapd-event on
ubuntu 2104
- cmd/snap: small tweaks based on previous reviews
- snap/snaptest: helper that mocks both the squashfs file and a snap
directory
- overlord/devicestate: tweak comment about creating recovery
systems, formatting tweaks
- overlord/devicestate: move devicemgr base suite helpers closer to
test suite struct
- overlord/devicestate: keep track of tried recovery system
- seed/seedwriter: clarify in the diagram when SetInfo is called
- overlord/devicestate: add helper for creating recovery systems at
runtime
- snap-seccomp: update syscalls.go list
- boot,image: support image.Customizations.BootFlags
- overlord: support snapctl --halt|--poweroff in gadget install-
device
- features,servicestate: add experimental.quota-groups flag
- o/servicestate: address comments from previous PR
- tests: basic spread test for snap quota commands
- tests: moving the snaps which are not locally built to the store
directory
- image,c/snap: implement prepare-image --customize
- daemon: implement REST API for quota groups (create / list / get)
- cmd/snap, client: snap quotas command
- o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods
and snapctl system-mode
- o/servicestate/quota_control.go: introduce (very) basic group
manipulation methods
- cmd/snap, client: snap remove-quota command
- wrappers, quota: implement quota groups slice generation
- snap/quotas: followups from previous PR
- cmd/snap: introduce 'snap quota' command
- o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in
uc20 run mode
- o/servicestate: test has internal ordering issues, consider both
cases
- o/servicestate/quotas: add functions for getting and setting
quotas in state
- tests: new buckets for snapd-spread project on gce
- spread.yaml: update the gce project to start using snapd-spread
- quota: new package for managing resource groups
- many: bind and check keys against models when using FDE hooks v2
- many: move responsibilities down seboot -> kernel/fde and boot ->
secboot
- packaging: add placeholder changelog
- o/configstate/configcore/vitality: fix RequireMountedSnapdSnap
bug
- overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
Core system
- many: hide EncryptionKey size and refactors for fde hook v2 next
steps
- tests: adding debug info for create user tests
- o/hookstate: add "refresh" command to snapctl (hidden, not
complete yet)
- systemd: wait for zfs mounts (LP #1922293)
- testutil: support referencing files in FileEquals checker
- many: refactor to kernel/fde and allow `fde-setup initial-setup`
to return json
- o/snapstate: store refresh-candidates in the state
- o/snapstate: helper for creating gate-auto-refresh hooks
- bootloader/bootloadertest: provide interface implementation as
mixins, provide a mock for recovery-aware-trusted-asses bootloader
- tests/lib/nested: do not compress images, return early when
restored from pristine image
- boot: split out a helper for making recovery system bootable
- tests: update os.query check to match new bullseye codename used
on sid images
- o/snapstate: helper for getting snaps affected by refresh, define
new hook
- wrappers: support in EnsureSnapServices a callback to observe
changes (#10176)
- gadget: multi line support in gadget's cmdline file
- daemon: test that requesting restart from (early) Ensure works
- tests: use op.paths tools instead of dirs.sh helper - part 1
- tests: add new command to snaps-state to get current core, kernel
and gadget
- boot, gadget: move opening the snap container into the gadget
helper
- tests, overlord: extend unit tests, extend spread tests to cover
full command line support
- interfaces/builtin: introduce dsp interface
- boot, bootloader, bootloader/assets: support for full command line
override from gadget
- overlord/devicestate, overlord/snapstate: add task for updating
kernel command lines from gadget
- o/snapstate: remove unused DeviceCtx argument of
ensureInstallPreconditions
- tests/lib/nested: proper status return for tpm/secure boot checks
- cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars
- wrappers/services.go: refactor helper lambda function to separate
function
- boot/flags.go: add HostUbuntuDataForMode
- boot: handle updating of components that contribute to kernel
command line
- tests: add 20.04 to systems for nested/core
- daemon: add new accessChecker implementations
- boot, overlord/devicestate: consider gadget command lines when
updating boot config
- tests: fix prepare-image-grub-core18 for arm devices
- tests: fix gadget-kernel-refs-update-pc test on arm and when
$TRUST_TEST_KEY is false
- tests: enable help test for all the systems
- boot: set extra command line arguments when preparing run mode
- boot: load bits of kernel command line from gadget snaps
- tests: update layout for tests - part 2
- tests: update layout for tests - part 1
- tests: remove the snap profiler from the test suite
- boot: drop gadget snap yaml which is already defined elsewhere in
the tests
- boot: set extra kernel command line arguments when making a
recovery system bootable
- boot: pass gadget path to command line helpers, load gadget from
seed
- tests: new os.paths tool
- daemon: make ucrednetGet() return a *ucrednet structure
- boot: derive boot variables for kernel command lines
- cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from
initramfs
* New upstream release, LP: #1926005
- interfaces: update permitted /lib/.. paths to be compatible with
UC20
- interfaces: builtin: update permitted paths to be compatible with
UC20
- interfaces/greengrass-support: delete white spaces at the end of
lines
- snap-seccomp: update syscalls.go list
- many: backport kernel command line for 2.50
- interfaces/dbus: allow claiming 'well-known' D-Bus names with a
wildcard suffix
- interfaces/camera: allow devices in /sys/devices/platform/**/usb*
- interfaces/builtin: introduce dsp interface
* New upstream release, LP: #1926005
- overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
Core system
- o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug
- o/servicestate/servicemgr.go: add ensure loop for snap service
units
- wrappers/services.go: introduce EnsureSnapServices()
- snapstate: add "kernel-assets" to featureSet
- systemd: wait for zfs mounts
- overlord: make servicestate responsible to compute
SnapServiceOptions
- boot,tests: move where we write boot-flags one level up
- o/configstate: don't pass --root=/ when
masking/unmasking/enabling/disabling services
- cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to
/run
- gadget: be more flexible with kernel content resolving
- boot, cmd/snap: include extra cmdline args in debug boot-vars
output
- boot: support read/writing boot-flags from userspace/initramfs
- interfaces/pwm: add PWM interface
- tests/lib/prepare-restore.sh: clean out snapd changes and snaps
before purging
- systemd: enrich UnitStatus returned by systemd.Status() with
Installed flag
- tests: updated restore phase of spread tests - part 1
- gadget: add support for kernel command line provided by the gadget
- tests: Using GO111MODULE: "off" in spread.yaml
- features: add gate-auto-refresh-hook feature flag
- spread: ignore linux kernel upgrade in early stages for arch
preparation
- tests: use snaps-state commands and remove them from the snaps
helper
- o/configstate: fix panic with a sequence of config unset ops over
same path
- api: provide meaningful error message on connect/disconnect for
non-installed snap
- interfaces/u2f-devices: add HyperFIDO Pro
- tests: add simple sanity check for systemctl show
--property=UnitFileState for unknown service
- tests: use tests.session tool on interfaces-desktop-document-
portal test
- wrappers: install D-Bus service activation files for snapd session
tools on core
- many: add x-gvfs-hide option to mount units
- interfaces/builtin/gpio_test.go: actually test the generated gpio
apparmor
- spread: tentative workaround for arch failure caused by libc
upgrade and cgroups v2
- tests: add spread test for snap validate against store assertions
- tests: remove snaps which are not used in any test
- ci: set the accept-existing-contributors parameter for the cla-
check action
- daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and
some apiBaseSuite cosmetics)
- o/devicestate/devicemgr: register install-device hook, run if
present in install
- o/configstate/configcore: simple refactors in preparation for new
function
- tests: unifying the core20 nested suite with the core nested suite
- tests: uboot-unpacked-assets updated to reflect the real path used
to find the kernel
- daemon: switch api_test.go to daemon_test and various other
cleanups
- o/configstate/configcore/picfg.go: add hdmi_cvt support
- interfaces/apparmor: followup cleanups, comments and tweaks
- boot: cmd/snap-bootstrap: handle a candidate recovery system v2
- overlord/snapstate: skip catalog refresh when snappy testing is
enabled
- overlord/snapstate, overlord/ifacestate: move late security
profile removal to ifacestate
- snap-seccomp: fix seccomp test on ppc64el
- interfaces, interfaces/apparmor, overlord/snapstate: late removal
of snap-confine apparmor profiles
- cmd/snap-bootstrap/initramfs-mounts: move time forward using
assertion times
- tests: reset the system while preparing the test suite
- tests: fix snap-advise-command check for 429
- gadget: policy for gadget/kernel refreshes
- o/configstate: deal with no longer valid refresh.timer=managed
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- cla-check: Use has-signed-canonical-cla GitHub Action
- tests: validation sets spread test
- tests: simplify the reset.sh logic by removing not needed command
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20
- tests/lib/fde-setup-hook: also verify that fde-reveal-key key data
is base64
- o/devicestate: split off ensuring next boot goes to run mode into
new task
- tests: fix cgroup-tracking test
- boot: export helper for clearing tried system state, add tests
- cmd/snap: use less aggressive client timeouts in unit tests
- daemon: fix signing key validity timestamp in unit tests
- o/{device,hook}state: encode fde-setup-request key as base64
string
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- cmd/snap/pack: unhide the compression option
- boot: extend set try recovery system unit tests
- cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use
secboot's implicit fallback
- o/configstate/configcore: add hdmi_timings to pi-config
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- interfaces/tee: add TEE/OPTEE interface
- o/snapstate: update validation sets assertions with auto-refresh
- vendor: update go-tpm2/secboot to latest version
- seed: ReadSystemEssentialAndBetterEarliestTime
- tests: replace while commands with the retry tool
- interfaces/builtin: update unit tests to use proper distro's
libexecdir
- tests: run the reset.sh helper and check test invariants while the
test is restored
- daemon: switch preexisting daemon_test tests to apiBaseSuite and
.req
- boot, o/devicestate: split makeBootable20 into two parts
- interfaces/docker-support: add autobind unix rules to docker-
support
- interfaces/apparmor: allow reading
/proc/sys/kernel/random/entropy_avail
- tests: use retry tool instead a loops
- tests/main/uc20-create-partitions: fix tests cleanup
- asserts: mode where Database only assumes cur time >= earliest
time
- daemon: validation sets/api tests cleanup
- tests: improve tests self documentation for nested test suite
- api: local assertion fallback when it's not in the store
- api: validation sets monitor mode
- tests: use fs-state tool in interfaces tests
- daemon: move out /v2/login|logout and errToResponse tests from
api_test.go
- boot: helper for inspecting the outcome of a recovery system try
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- tests: update documentation and checks for interfaces tests
- snap-seccomp: add new `close_range` syscall
- boot: revert #10009
- gadget: remove `device-tree{,-origin}` from gadget tests
- boot: simplify systems test setup
- image: write resolved-content from snap prepare-image
- boot: reseal the run key for all recovery systems, but recovery
keys only for the good ones
- interfaces/builtin/network-setup-{control,observe}: allow using
netplan directly
- tests: improve sections prepare and restore - part 1
- tests: update details on task.yaml files
- tests: revert os.query usage in spread.yaml
- boot: export bootAssetsMap as AssetsMap
- tests/lib/prepare: fix repacking of the UC20 kernel snap for with
ubuntu-core-initramfs 40
- client: protect against reading too much data from stdin
- tests: improve tests documentation - part 2
- boot: helper for setting up a try recover system
- tests: improve tests documentation - part 1
- tests/unit/go: use tests.session wrapper for running tests as a
user
- tests: improvements for snap-seccomp-syscalls
- gadget: simplify filterUpdate (thanks to Maciej)
- tests/lib/prepare.sh: use /etc/group and friends from the core20
snap
- tests: fix tumbleweed spread tests part 2
- tests: use new commands of os.query tool on tests
- o/snapshotstate: create snapshots directory on import
- tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list
- packaging: drop 99-snapd.conf via dpkg-maintscript-helper
- osutil: add SetTime() w/ 32-bit and 64-bit implementations
- interfaces/wayland: rm Xwayland Xauth file access from wayland
slot
- packaging/ubuntu-16.04/rules: turn modules off explicitly
- gadget,devicestate: perform kernel asset update for $kernel: style
refs
- cmd/recovery: small fix for `snap recovery` tab output
- bootloader/lkenv: add recovery systems related variables
- tests: fix new tumbleweed image
- boot: fix typo, should be systems
- o/devicestate: test that users.create.automatic is configured
early
- asserts: use Fetcher in AddSequenceToUpdate
- daemon,o/c/configcore: introduce users.create.automatic
- client, o/servicestate: expose enabled state of user daemons
- boot: helper for checking and marking tried recovery system status
from initramfs
- asserts: pool changes for validation-sets (#9930)
- daemon: move the last api_foo_test.go to daemon_test
- asserts: include the assertion timestamp in error message when
outside of signing key validity range
- ovelord/snapshotstate: keep a few of the last line tar prints
before failing
- gadget/many: rm, delay sector size + structure size checks to
runtime
- cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
- interfaces: add allegro-vcu and media-control interfaces
- interfaces: opengl: add Xilinx zocl bits
- mkversion: check that version from changelog is set before
overriding the output version
- many: fix new ineffassign warnings
- .github/workflows/labeler.yaml: try work-around to not sync
labels
- cmd/snap, boot: add debug set-boot-vars
- interfaces: allow reading the Xauthority file KDE Plasma writes
for Wayland sessions
- tests/main/snap-repair: test running repair assertion w/ fakestore
- tests: disable lxd tests for 21.04 until the lxd images are
published for the system
- tests/regression/lp-1910456: cleanup the /snap symlink when done
- daemon: move single snap querying and ops to api_snaps.go
- tests: fix for preseed and dbus tests on 21.04
- overlord/snapshotstate: include the last message printed by tar in
the error
- interfaces/system-observe: Allow reading /proc/zoneinfo
- interfaces: remove apparmor downgrade feature
- snap: fix unit tests on Go 1.16
- spread: disable Go modules support in environment
- tests: use new path to find kernel.img in uc20 for arm devices
- tests: find files before using cat command when checking broadcom-
asic-control interface
- boot: introduce good recovery systems, provide compatibility
handling
- overlord: add manager gadget refresh test
- tests/lib/fakestore: support repair assertions too
- github: temporarily disable action labeler due to issues with
labels being removed
- o/devicestate,many: introduce DeviceManager.preloadGadget for
EarlyConfig
- tests: enable ubuntu 21.04 for spread tests
- snap: provide a useful error message if gdbserver is not installed
- data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1
- tests/lib/prepare.sh: split reflash.sh into two parts
- packaging/opensuse: sync with openSUSE packaging
- packaging: disable Go modules in snapd.mk
- snap: add deprecation noticed to "snap run --gdb"
- daemon: add API for checking and installing available theme snaps
- tests: using labeler action to add automatically a label to run
nested tests
- gadget: improve error handling around resolving content sources
- asserts: repeat the authority cross-check in CheckSignature as
well
- interfaces/seccomp/template.go: allow copy_file_range
- o/snapstate/check_snap.go: add support for many subversions in
assumes snapdX..
- daemon: move postSnap and inst.dispatch tests to api_snaps_test.go
- wrappers: use proper paths for mocked mount units in tests
- snap: rename gdbserver option to `snap run --gdbserver`
- store: support validation sets with fetch-assertions action
- snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky
- packaging/fedora: sync with downstream packaging in Fedora
- many: add Delegate=true to generated systemd units for special
interfaces (master)
- boot: use a common helper for mocking boot assets in cache
- api: validate snaps against validation set assert from the store
- wrappers: don't generate an [Install] section for timer or dbus
activated services
- tests/nested/core20/boot-config-update: skip when snapd was not
built with test features
- o/configstate,o/devicestate: introduce devicestate.EarlyConfig
implemented by configstate.EarlyConfig
- cmd/snap-bootstrap/initramfs-mounts: fix typo in func name
- interfaces/builtin: mock distribution in fontconfig cache unit
tests
- tests/lib/prepare.sh: add another console= to the reflash magic
grub entry
- overlord/servicestate: expose dbus activators of a service
- desktop/notification: test against a real session bus and
notification server implementation
- cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
recover+install
- HACKING.md: explain how to run UC20 spread tests with QEMU
- asserts: introduce AtSequence
- overlord/devicestate: task for updating boot configs, spread test
- gadget: fix documentation/typos
- gadget: cleanup MountedFilesystem{Writer,Updater}
- gadget: use ResolvedSource in MountedFilesystemWriter
- snap/info.go: add doc-comment for SortServices
- interfaces: add an optional mount-host-font-cache plug attribute
to the desktop interface
- osutil: skip TestReadBuildGo inside sbuild
- o/hookstate/ctlcmd: add optional --pid and --apparmor-label
arguments to "snapctl is-connected"
- data/env/snapd: use quoting in case PATH contains spaces
- boot: do not observe successful boot assets if not in run mode
- tests: fix umount for snapd snap on fsck-on-boot testumount:
/run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount
- misc: little tweaks
- snap/info.go: ignore unknown daemons in SortSnapServices
- devicestate: keep log from install-mode on installed system
- seed: add LoadEssentialMeta to seed16 and allow all of its
implementations to be called multiple times
- cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
seeds
- tests/core/uc20-recovery: move recover mode helpers to generic
testslib script
- interfaces/fwupd: allow any distros to access fw files via fwupd
- store: method for fetching validation set assertion
- store: switch to v2/assertions api
- gadget: add new ResolvedContent and populate from LayoutVolume()
- spread: use full format when listing processes
- osutil/many: make all test pkgs osutil_test instead of "osutil"
- tests/unit/go: drop unused environment variables, skip coverage
- OpenGL interface: Support more Tegra libs
- gadget,overlord: pass kernelRoot to install.Run()
- tests: run unit tests in Focal instead of Xenial
- interfaces/browser-support: allow sched_setaffinity with browser-
sandbox: true
- daemon: move query /snaps/<name> tests to api_snaps_test.go
- cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair
runner
- systemd/systemd.go: support journald JSON messages with arrays for
values
- cmd: make string/error code more robust against errno leaking
- github, run-checks: do not collect coverage data on subsequent
test runs
- boot: boot config update & reseal
- o/snapshotstate: handle conflicts between snapshot forget, export
and import
- osutil/stat.go: add RegularFileExists
- cmd/snapd-generator: don't create mount overrides for snap-try
snaps inside lxc
- gadget/gadget.go: rename ubuntu-* to system-* in doc-comment
- tests: use 6 spread workers for centos8
- bootloader/assets: support injecting bootloader assets in testing
builds of snapd
- gadget: enable multi-volume uc20 gadgets in
LaidOutSystemVolumeFromGadget; rename too
- overlord/devicestate, sysconfig: do nothing when cloud-init is not
present
- cmd/snap-repair: filter repair assertions based on bases + modes
- snap-confine: make host /etc/ssl available for snaps on classic
* New upstream release, LP: #1915248
- interfaces/tee: add TEE/OPTEE interface
- o/configstate/configcore: add hdmi_timings to pi-config
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- snap-seccomp: fix seccomp test on ppc64el
- interfaces{,/apparmor}, overlord/snapstate:
late removal of snap-confine apparmor profiles
- overlord/snapstate, wrappers: add dependency on usr-lib-
snapd.mount for services on core with snapd snap
- o/configstate: deal with no longer valid refresh.timer=managed
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- o/{device,hook}state: encode fde-setup-request key as base64
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- tests/main/uc20-create-partitions: fix tests cleanup
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- snap-seccomp: add new `close_range` syscall
* New upstream release, LP: #1915248
- tests: turn modules off explicitly in spread go unti test
- o/snapshotstate: create snapshots directory on import
- cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
- interfaces: add allegro-vcu and media-control interfaces
- interfaces: opengl: add Xilinx zocl bits
- many: fix new ineffassign warnings
- interfaces/seccomp/template.go: allow copy_file_range
- interfaces: allow reading the Xauthority file KDE Plasma writes
for Wayland sessions
- data/selinux: allow system dbus to watch
/var/lib/snapd/dbus-1
- Remove apparmor downgrade feature
- Support tmp and log dirs on Yocto/Poky
* New upstream release, LP: #1915248
- many: add Delegate=true to generated systemd units for special
interfaces
- cmd/snap-bootstrap: rename ModeenvFromModel to
EphemeralModeenvForModel
- cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
recover+install
- osutil: skip TestReadBuildGo inside sbuild
- tests: fix umount for snapd snap on fsck-on-boot test
- snap/info_test.go: add unit test cases for bug
- tests/main/services-after-before: add regression spread test
- snap/info.go: ignore unknown daemons in SortSnapServices
- cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
seeds
- OpenGL interface: Support more Tegra libs
- interfaces/browser-support: allow sched_setaffinity with browser-
sandbox: true
- cmd: make string/error code more robust against errno leaking
- o/snapshotstate: handle conflicts between snapshot forget, export
and import
- cmd/snapd-generator: don't create mount overrides for snap-try
snaps inside lxc
- tests: update test pkg for fedora and centos
- gadget: pass sector size in to mkfs family of functions, use to
select block sz
- o/snapshotstate: fix returning of snap names when duplicated
snapshot is detected
- tests/main/snap-network-errors: skip flushing dns cache on
centos-7
- interfaces/builtin: Allow DBus property access on
org.freedesktop.Notifications
- cgroup-support.c: fix link to CGROUP DELEGATION
- osutil: update go-udev package
- packaging: fix arch-indep build on debian-sid
- {,sec}boot: pass "key-name" to the FDE hooks
- asserts: sort by revision with Sort interface
- gadget: add gadget.ResolveContentPaths()
- cmd/snap-repair: save base snap and mode in device info; other
misc cleanups
- tests: cleanup the run-checks script
- asserts: snapasserts method to validate installed snaps against
validation sets
- tests: normalize test tools - part 1
- snapshotstate: detect duplicated snapshot imports
- interfaces/builtin: fix unit test expecting snap-device-helper at
/usr/lib/snapd
- tests: apply workaround done for snap-advise-command to apt-hooks
test
- tests: skip main part of snap-advise test if 429 error is
encountered
- many: clarify gadget role-usage consistency checks for UC16/18 vs
UC20
- sandbox/cgroup, tess/main: fix unit tests on v2 system, disable
broken tests on sid
- interfaces/builtin: more drive by fixes, import ordering, removing
dead code
- tests: skip interfaces-openvswitch spread test on debian sid
- interfaces/apparmor: drive by comment fix
- cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree
usage
- cmd/libsnap-confine-private: make unit tests execute happily in a
container
- interfaces, wrappers: misc comment fixes, etc.
- asserts/repair.go: add "bases" and "modes" support to the repair
assertion
- interfaces/opengl: allow RPi MMAL video decoding
- snap: skip help output tests for go-flags v1.4.0
- gadget: add validation for "$kernel:ref" style content
- packaging/deb, tests/main/lxd-postrm-purge: fix purge inside
containers
- spdx: update to SPDX license list version: 3.11 2020-11-25
- tests: improve hotplug test setup on classic
- tests: update check to verify is the current system is arm
- tests: use os-query tool to check debian, trusty and tumbleweed
- daemon: start moving implementation to api_snaps.go
- tests/main/snap-validate-basic: disable test on Fedora due to go-
flags panics
- tests: fix library path used for tests.pkgs
- tests/main/cohorts: replace yq with a Python snippet
- run-checks: update to match new argument syntax of ineffassign
- tests: use apiBaseSuite for snapshots tests, fix import endpoint
path
- many: separate consistency/content validation into
gadget.Validate|Content
- o/{device,snap}state: enable devmode snaps with dangerous model
assertions
secboot: add test for when systemd-run does not honor
RuntimeMaxSec
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- o/daemon: validation sets api and basic spread test
- gadget: move BuildPartitionList to install and make it unexported
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- tests: add os query commands for subsystems and architectures
- o/snapshotstate: don't set auto flag in the snapshot file
- tests: use os.query tool instead of comparing the system var
- testutil: use the original environment when calling shellcheck
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and
instead set the implicit labels when loading the yaml
- secboot: add new LockSealedKeys() that uses either TPM/fde-reveal-
key
- gadget/quantity: introduce Offset, start using it for offset
related fields in the gadget
- gadget: use "sealed-keys" to determine what method to use for
reseal
- tests/main/fake-netplan-apply: disable test on xenial for now
- daemon: start splitting snaps op tests out of api_test.go
- testutil: make DBusTest use a custom bus configuration file
- tests: replace pkgdb.sh (library) with tests.pkgs (program)
- gadget: prepare gadget kernel refs (0/N)
- interfaces/builtin/docker-support: allow /run/containerd/s/...
- cmd/snap-preseed: reset run inhibit locks on --reset.
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- daemon: reorg snap.go and split out sections and icons support
from api.go
- sandbox/seccomp: use snap-seccomp's stdout for getting version
info
- daemon: split find support to its own api_*.go files and move some
helpers
- tests: move snapstate config defaults tests to a separate file.
- bootloader/{lk,lkenv}: followups from #9695
- daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite
- gadget,o/devicestate: set implicit values for schema and role
directly instead of relying on Effective* accessors
- daemon: split aliases support to its own api_*.go files
- gadget: start separating rule/convention validation from basic
soundness
- cmd/snap-update-ns: add better unit test for overname sorting
- secboot: use `fde-reveal-key` if available to unseal key
- tests: fix lp-1899664 test when snapd_x1 is not installed in the
system
- tests: fix the scenario when the "$SRC".orig file does not exist
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- devicestate: add runFDESetupHook() helper
- bootloader/lk: add support for UC20 lk bootloader with V2 lkenv
structs
- daemon: split unsupported buy implementation to its own api_*.go
files
- tests: download timeout spread test
- gadget,o/devicestate: hybrid 18->20 ready volume setups should be
valid
- o/devicestate: save model with serial in the device save db
- bootloader: add check for prepare-image time and more tests
validating options
- interfaces/builtin/log_observe.go: allow controlling apparmor
audit levels
- hookstate: refactor around EphemeralRunHook
- cmd/snap: implement 'snap validate' command
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- boot: observe successful command line update, provide a default
- tests: New queries for the os tools
- bootloader/lkenv: specify backup file as arg to NewEnv(), use ""
as path+"bak"
- osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk
iface
- daemon: split out snapctl support and snap configuration support
to their own api_*.go files
- snapshotstate: improve handling of multiple errors
- tests: sign new nested-18|20* models to allow for generic serials
- bootloader: remove installableBootloader interface and methods
- seed: cleanup/drop some no longer valid TODOS, clarify some other
points
- boot: set kernel command line in modeenv during install
- many: rename disks.FindMatching... to FindMatching...WithFsLabel
and err type
- cmd/snap: suppress a case of spurious stdout logging from tests
- hookstate: add new HookManager.EphemeralRunHook()
- daemon: move some more api tests from daemon to daemon_test
- daemon: split apps and logs endpoints to api_apps.go and tests
- interfaces/utf: Add Ledger to U2F devices
- seed/seedwriter: consider modes when checking for deps
availability
- o/devicestate,daemon: fix reboot system action to not require a
system label
- cmd/snap-repair,store: increase initial retry time intervals,
stalling TODOs
- daemon: split interfacesCmd to api_interfaces.go
- github: run nested suite when commit is pushed to release branch
- client: reduce again the /v2/system-info timeout
- tests: reset fakestore unit status
- update-pot: fix typo in plural keyword spec
- tests: remove workarounds that add "ubuntu-save" if missing
- tests: add unit test for auto-refresh with validate-snap failure
- osutil: add helper for getting the kernel command line
- tests/main/uc20-create-partitions: verify ubuntu-save encryption
keys, tweak not MATCH
- boot: add kernel command lines to the modeenv file
- spread: bump delta ref, tweak repacking to make smaller delta
archives
- bootloader/lkenv: add v2 struct + support using it
- snapshotstate: add cleanup of abandonded snapshot imports
- tests: fix uc20-create-parition-* tests for updated gadget
- daemon: split out /v2/interfaces tests to api_interfaces_test.go
- hookstate: implement snapctl fde-setup-{request,result}
- wrappers, o/devicestate: remove EnableSnapServices
- tests: enable nested on 20.10
- daemon: simplify test helpers Get|PostReq into Req
- daemon: move general api to api_general*.go
- devicestate: make checkEncryption fde-setup hook aware
- client/snapctl, store: fix typos
- tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files
before doing apt ops
- cmd/snap-bootstrap: update model cross-check considerations
- client,snapctl: add naive support for "stdin"
- many: add new "install-mode: disable" option
- osutil/disks: allow building on mac os
- data/selinux: update the policy to allow operations on non-tmpfs
/tmp
- boot: add helper for generating candidate kernel lines for
recovery system
- wrappers: generate D-Bus service activation files
- bootloader/many: rm ConfigFile, add Present for indicating
presence of bloader
- osutil/disks: allow mocking DiskFromDeviceName
- daemon: start cleaning up api tests
- packaging/arch: sync with AUR packaging
- bootloader: indicate when boot config was updated
- tests: Fix snap-debug-bootvars test to make it work on arm devices
and core18
- tests/nested/manual/core20-save: verify handling of ubuntu-save
with different system variants
- snap: use the boot-base for kernel hooks
- devicestate: support "storage-safety" defaults during install
- bootloader/lkenv: mv v1 to separate file,
include/lk/snappy_boot_v1.h: little fixups
- interfaces/fpga: add fpga interface
- store: download timeout
- vendor: update secboot repo to avoid including secboot.test binary
- osutil: add KernelCommandLineKeyValue
- gadget/gadget.go: allow system-recovery-{image,select} as roles in
gadget.yaml
- devicestate: implement boot.HasFDESetupHook
- osutil/disks: add DiskFromName to get a disk using a udev name
- usersession/agent: have session agent connect to the D-Bus session
bus
- o/servicestate: preserve order of services on snap restart
- o/servicestate: unlock state before calling wrappers in
doServiceControl
- spread: disable unattended-upgrades on ubuntu
- tests: testing new fedora 33 image
- tests: fix fsck on boot on arm devices
- tests: skip boot state test on arm devices
- tests: updated the systems to run prepare-image-grub test
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- tests: unmount /boot/efi in fsck-on-boot test
- strutil/shlex,osutil/udev/netlink: minimally import go-check
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- tests/many: enable some uc20 tests, delete old unneeded tests or
TODOs
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- tests: migrate test from boot.sh helper to boot-state tool
- asserts: implement "storage-safety" in uc20 model assertion
- bootloader: use ForGadget when installing boot config
- spread: UC20 no longer needs 2GB of mem
- cmd/snap-confine: implement snap-device-helper internally
- bootloader/grub: replace old reference to Managed...Blr... with
Trusted...Blr...
- cmd/snap-bootstrap: add readme for snap-bootstrap + real state
diagram
- interfaces: fix greengrass attr namingThe flavor attribute names
are now as follows:
- tests/lib/nested: poke the API to get the snap revisions
- tests: compare options of mount units created by snapd and snapd-
generator
- o/snapstate,servicestate: use service-control task for service
actions
- sandbox: track applications unconditionally
- interfaces/greengrass-support: add additional "process" flavor for
1.11 update
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
* New upstream release, LP: #1906690
- tests: sign new nested-18|20* models to allow for generic serials
- secboot: add extra paranoia when waiting for that fde-reveal-key
- tests: backport netplan workarounds from #9785
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- secboot: add new LockSealedKeys() that uses either TPM or
fde-reveal-key
- gadget: use "sealed-keys" to determine what method to use for
reseal
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- secboot: use `fde-reveal-key` if available to unseal key
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- o/devicestate: save model with serial in the device save db
- devicestate: add runFDESetupHook() helper
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- hookstate: add new HookManager.EphemeralRunHook()
- update-pot: fix typo in plural keyword spec
- store,cmd/snap-repair: increase initial expontential time
intervals
- o/devicestate,daemon: fix reboot system action to not require a
system label
- github: run nested suite when commit is pushed to release branch
- tests: reset fakestore unit status
- tests: fix uc20-create-parition-* tests for updated gadget
- hookstate: implement snapctl fde-setup-{request,result}
- devicestate: make checkEncryption fde-setup hook aware
- client,snapctl: add naive support for "stdin"
- devicestate: support "storage-safety" defaults during install
- snap: use the boot-base for kernel hooks
- vendor: update secboot repo to avoid including secboot.test binary
* New upstream release, LP: #1906690
- gadget: disable ubuntu-boot role validation check
* New upstream release, LP: #1904098
- osutil: add KernelCommandLineKeyValue
- devicestate: implement boot.HasFDESetupHook
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- bootloader: use ForGadget when installing boot config
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- boot: add scaffolding for "fde-setup" hook support for sealing
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- snap: add new "fde-setup" hooktype
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
- secboot,cmd/snap-bootstrap: fix degraded mode cases with better
device handling
- boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
messiness
- tests/nested/manual/refresh-revert-fundamentals: temporarily
disable secure boot
- snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
boot modes
- many: address degraded recover mode feedback, cleanups
- tests: Use systemd-run on tests part2
- tests: set the opensuse tumbleweed system as manual in spread.yaml
- secboot: call BlockPCRProtectionPolicies even if the TPM is
disabled
- vendor: update to current secboot
- cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
save
- spread.yaml: increase number of workers on 20.10
- snap: add new `snap recovery --show-keys` option
- tests: minor test tweaks suggested in the review of 9607
- snapd-generator: set standard snapfuse options when generating
units for containers
- tests: enable lxd test on ubuntu-core-20 and 16.04-32
- interfaces: share /tmp/.X11-unix/ from host or provider
- tests: enable main lxd test on 20.10
- cmd/s-b/initramfs-mounts: refactor recover mode to implement
degraded mode
- gadget/install: add progress logging
- packaging: keep secboot/encrypt_dummy.go in debian
- interfaces/udev: use distro specific path to snap-device-helper
- o/devistate: fix chaining of tasks related to regular snaps when
preseeding
- gadget, overlord/devicestate: validate that system supports
encrypted data before install
- interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
ESP layout
- many: add /v2/system-recovery-keys API and client
- secboot, many: return UnlockMethod from Unlock* methods for future
usage
- many: mv keys to ubuntu-boot, move model file, rename keyring
prefix for secboot
- tests: using systemd-run instead of manually create a systemd unit
- part 1
- secboot, cmd/snap-bootstrap: enable or disable activation with
recovery key
- secboot: refactor Unlock...IfEncrypted to take keyfile + check
disks first
- secboot: add LockTPMSealedKeys() to lock access to keys
independently
- gadget: correct sfdisk arguments
- bootloader/assets/grub: adjust fwsetup menuentry label
- tests: new boot state tool
- spread: use the official image for Ubuntu 20.10, no longer an
unstable system
- tests/lib/nested: enable snapd logging to console for core18
- osutil/disks: re-implement partition searching for disk w/ non-
adjacent parts
- tests: using the nested-state tool in nested tests
- many: seal a fallback object to the recovery boot chain
- gadget, gadget/install: move helpers to install package, refactor
unit tests
- dirs: add "gentoo" to altDirDistros
- update-pot: include file locations in translation template, and
extract strings from desktop files
- gadget/many: drop usage of gpt attr 59 for indicating creation of
partitions
- gadget/quantity: tweak test name
- snap: fix failing unittest for quantity.FormatDuration()
- gadget/quantity: introduce a new package that captures quantities
- o/devicestate,a/sysdb: make a backup of the device serial to save
- tests: fix rare interaction of tests.session and specific tests
- features: enable classic-preserves-xdg-runtime-dir
- tests/nested/core20/save: check the bind mount and size bump
- o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
- tests: rename hasHooks to hasInterfaceHooks in the ifacestate
tests
- o/devicestate: unit test tweaks
- boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
- testutil, cmd/snap/version: fix misc little errors
- overlord/devicestate: bind mount ubuntu-save under
/var/lib/snapd/save on startup
- gadget/internal: tune ext4 setting for smaller filesystems
- tests/nested/core20/save: a test that verifies ubuntu-save is
present and set up
- tests: update google sru backend to support groovy
- o/ifacestate: handle interface hooks when preseeding
- tests: re-enable the apt hooks test
- interfaces,snap: use correct type: {os,snapd} for test data
- secboot: set metadata and keyslots sizes when formatting LUKS2
volumes
- tests: improve uc20-create-partitions-reinstall test
- client, daemon, cmd/snap: cleanups from #9489 + more unit tests
- cmd/snap-bootstrap: mount ubuntu-save during boot if present
- secboot: fix doc comment on helper for unlocking volume with key
- tests: add spread test for refreshing from an old snapd and core18
- o/snapstate: generate snapd snap wrappers again after restart on
refresh
- secboot: version bump, unlock volume with key
- tests/snap-advise-command: re-enable test
- cmd/snap, snapmgr, tests: cleanups after #9418
- interfaces: deny connected x11 plugs access to ICE
- daemon,client: write and read a maintenance.json file for when
snapd is shut down
- many: update to secboot v1 (part 1)
- osutil/disks/mockdisk: panic if same mountpoint shows up again
with diff opts
- tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
reseal tests
- many: implement snap routine console-conf-start for synchronizing
auto-refreshes
- dirs, boot: add ubuntu-save directories and related locations
- usersession: fix typo in test name
- overlord/snapstate: refactor ihibitRefresh
- overlord/snapstate: stop warning about inhibited refreshes
- cmd/snap: do not hardcode snapshot age value
- overlord,usersession: initial notifications of pending refreshes
- tests: add a unit test for UpdateMany where a single snap fails
- o/snapstate/catalogrefresh.go: don't refresh catalog in install
mode uc20
- tests: also check snapst.Current in undo-unlink tests
- tests: new nested tool
- o/snapstate: implement undo handler for unlink-snap
- tests: clean systems.sh helper and migrate last set of tests
- tests: moving the lib section from systems.sh helper to os.query
tool
- tests/uc20-create-partitions: don't check for grub.cfg
- packaging: make sure that static binaries are indeed static, fix
openSUSE
- many: have install return encryption keys for data and save,
improve tests
- overlord: add link participant for linkage transitions
- tests: lxd smoke test
- tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
seed too
- tests: moving main suite from systems.sh to os.query tool
- tests: moving the core test suite from systems.sh to os.query tool
- cmd/snap-confine: mask host's apparmor config
- o/snapstate: move setting updated SnapState after error paths
- tests: add value to INSTANCE_KEY/regular
- spread, tests: tweaks for openSUSE
- cmd/snap-confine: update path to snap-device-helper in AppArmor
profile
- tests: new os.query tool
- overlord/snapshotstate/backend: specify tar format for snapshots
- tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
UC20
- client,daemon,snap: auto-import does not error on managed devices
- interfaces: PTP hardware clock interface
- tests: use tests.backup tool
- many: verify that unit tests work with nosecboot tag and without
secboot package
- wrappers: do not error out on read-only /etc/dbus-1/session.d
filesystem on core18
- snapshots: import of a snapshot set
- tests: more output for sbuild test
- o/snapstate: re-order remove tasks for individual snap revisions
to remove current last
- boot: skip some unit tests when running as root
- o/assertstate: introduce
ValidationTrackingKey/ValidationSetTracking and basic methods
- many: allow ignoring running apps for specific request
- tests: allow the searching test to fail under load
- overlord/snapstate: inhibit startup while unlinked
- seed/seedwriter/writer.go: check DevModeConfinement for dangerous
features
- tests/main/sudo-env: snap bin is available on Fedora
- boot, overlord/devicestate: list trusted and managed assets
upfront
- gadget, gadget/install: support for ubuntu-save, create one during
install if needed
- spread-shellcheck: temporary workaround for deadlock, drop
unnecessary test
- snap: support different exit-code in the snap command
- logger: use strutil.KernelCommandLineSplit in
debugEnabledOnKernelCmdline
- logger: fix snapd.debug=1 parsing
- overlord: increase refresh postpone limit to 14 days
- spread-shellcheck: use single thread pool executor
- gadget/install,secboot: add debug messages
- spread-shellcheck: speed up spread-shellcheck even more
- spread-shellcheck: process paths from arguments in parallel
- tests: tweak error from tests.cleanup
- spread: remove workaround for openSUSE go issue
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- tests: new tests.backup tool
- tests: add tests.cleanup pop sub-command
- tests: migration of the main suite to snaps-state tool part 6
- tests: fix journal-state test
- cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
recover files
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- boot, gadget, bootloader: observer preserves managed bootloader
configs
- tests/nested/manual: add uc20 grade signed cloud-init test
- o/snapstate/autorefresh.go: eliminate race when launching
autorefresh
- daemon,snapshotstate: do not return "size" from Import()
- daemon: limit reading from snapshot import to Content-Length
- many: set/expect Content-Length header when importing snapshots
- github: switch from ::set-env command to environment file
- tests: migration of the main suite to snaps-state tool part 5
- client: cleanup the Client.raw* and Client.do* method families
- tests: moving main suite to snaps-state tool part 4
- client,daemon,snap: use constant for snapshot content-type
- many: fix typos and repeated "the"
- secboot: fix tpm connection leak when it's not enabled
- many: scaffolding for snapshots import API
- run-checks: run spread-shellcheck too
- interfaces: update network-manager interface to allow
ObjectManager access from unconfined clients
- tests: move core and regression suites to snaps-state tool
- tests: moving interfaces tests to snaps-state tool
- gadget: preserve files when indicated by content change observer
- tests: moving smoke test suite and some tests from main suite to
snaps-state tool
- o/snapshotstate: pass set id to backend.Open, update tests
- asserts/snapasserts: introduce ValidationSets
- o/snapshotstate: improve allocation of new set IDs
- boot: look at the gadget for run mode bootloader when making the
system bootable
- cmd/snap: allow snap help vs --all to diverge purposefully
- usersession/userd: separate bus name ownership from defining
interfaces
- o/snapshotstate: set snapshot set id from its filename
- o/snapstate: move remove-related tests to snapstate_remove_test.go
- desktop/notification: switch ExpireTimeout to time.Duration
- desktop/notification: add unit tests
- snap: snap help output refresh
- tests/nested/manual/preseed: include a system-usernames snap when
preseeding
- tests: fix sudo-env test
- tests: fix nested core20 shellcheck bug
- tests/lib: move to new directory when restoring PWD, cleanup
unpacked unpacked snap directories
- desktop/notification: add bindings for FDO notifications
- dbustest: fix stale comment references
- many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
drop former
- snap-repair: add uc20 support
- tests: print all the serial logs for the nested test
- o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
bug in test
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
as Unknown*
- asserts: deserialize grouping only once in Pool.AddBatch if needed
- gadget: allow content observer to have opinions about a change
- tests: new snaps-state command - part1
- o/assertstate: support refreshing any number of snap-declarations
- boot: use test helpers
- tests/core/snap-debug-bootvars: also check snap_mode
- many/apparmor: adjust rules for reading profile/ execing new
profiles for new kernel
- tests/core/snap-debug-bootvars: spread test for snap debug boot-
vars
- tests/lib/nested.sh: more little tweaks
- tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- overlord: explicitly set refresh-app-awareness in tests
- kernel: remove "edition" from kernel.yaml and add "update"
- spread: drop vendor from the packed project archive
- boot: fix debug bootloader variables dump on UC20 systems
- wrappers, systemd: allow empty root dir and conditionally do not
pass --root to systemctl
- tests/nested/manual: add test for grades above signed booting with
testkeys
- tests/nested: misc robustness fixes
- o/assertstate,asserts: use bulk refresh to refresh snap-
declarations
- tests/lib/prepare.sh: stop patching the uc20 initrd since it has
been updated now
- tests/nested/manual/refresh-revert-fundamentals: re-enable test
- update-pot: ignore .go files inside .git when running xgettext-go
- tests: disable part of the lxd test completely on 16.04.
- o/snapshotstate: tweak comment regarding snapshot filename
- o/snapstate: improve snapshot iteration
- bootloader: lk cleanups
- tests: update to support nested kvm without reboots on UC20
- tests/nested/manual/preseed: disable system-key check for 20.04
image
- spread.yaml: add ubuntu-20.10-64 to qemu
- store: handle v2 error when fetching assertions
- gadget: resolve device mapper devices for fallback device lookup
- tests/nested/cloud-init-many: simplify tests and unify
helpers/seed inputs
- tests: copy /usr/lib/snapd/info to correct directory
- check-pr-title.py * : allow "*" in the first part of the title
- many: typos and small test tweak
- tests/main/lxd: disable cgroup combination for 16.04 that is
failing a lot
- tests: make nested signing helpers less confusing
- tests: misc nested changes
- tests/nested/manual/refresh-revert-fundamentals: disable
temporarily
- tests/lib/cla_check: default to Python 3, tweaks, formatting
- tests/lib/cl_check.py: use python3 compatible code
* New upstream release, LP: #1895929
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- cmd/snap: allow snap help vs --all to diverge purposefully
- snap: snap help output refresh
* New upstream release, LP: #1895929
- tests: fix nested core20 shellcheck bug
- many/apparmor: adjust rule for reading apparmor profile for new
kernel
- snap-repair: add uc20 support
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- gadget: resolve device mapper devices for fallback device lookup
- secboot: add boot manager profile to pcr protection profile
- sysconfig,o/devicestate: mv DisableNoCloud to
DisableAfterLocalDatasourcesRun
- tests: make gadget-reseal more robust
- tests: skip nested images pre-configuration by default
- tests: fix for basic20 test running on external backend and rpi
- tests: improve kernel reseal test
- boot: adjust comments, naming, log success around reseal
- tests/nested, fakestore: changes necessary to run nested uc20
signed/secured tests
- tests: add nested core20 gadget reseal test
- boot/modeenv: track unknown keys in Read and put back into modeenv
during Write
- interfaces/process-control: add sched_setattr to seccomp
- boot: with unasserted kernels reseal if there's a hint modeenv
changed
- client: bump the default request timeout to 120s
- configcore: do not error in console-conf.disable for install mode
- boot: streamline bootstate20.go reseal and tests changes
- boot: reseal when changing kernel
- cmd/snap/model: specify grade in the model command output
- tests: simplify
repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks
- test: improve logging in nested tests
- nested: add support to telnet to serial port in nested VM
- secboot: use the snapcore/secboot native recovery key type
- tests/lib/nested.sh: use more focused cloud-init config for uc20
- tests/lib/nested.sh: wait for the tpm socket to exist
- spread.yaml, tests/nested: misc changes
- tests: add more checks to disk space awareness spread test
- tests: disk space awareness spread test
- boot: make MockUC20Device use a model and MockDevice more
realistic
- boot,many: reseal only when meaningful and necessary
- tests/nested/core20/kernel-failover: add test for failed refresh
of uc20 kernel
- tests: fix nested to work with qemu and kvm
- boot: reseal when updating boot assets
- tests: fix snap-routime-portal-info test
- boot: verify boot chain file in seal and reseal tests
- tests: use full path to test-snapd-refresh.version binary
- boot: store boot chains during install, helper for checking
whether reseal is needed
- boot: add call to reseal an existing key
- boot: consider boot chains with unrevisioned kernels incomparable
- overlord: assorted typos and miscellaneous changes
- boot: group SealKeyModelParams by model, improve testing
- secboot: adjust parameters to buildPCRProtectionProfile
- strutil: add SortedListsUniqueMergefrom the doc comment:
- snap/naming: upgrade TODO to TODO:UC20
- secboot: add call to reseal an existing key
- boot: in seal.go adjust error message and function names
- o/snapstate: check available disk space in RemoveMany
- boot: build bootchains data for sealing
- tests: remove "set -e" from function only shell libs
- o/snapstate: disk space check on UpdateMany
- o/snapstate: disk space check with snap update
- snap: implement new `snap reboot` command
- boot: do not reorder boot assets when generating predictable boot
chains and other small tweaks
- tests: some fixes and improvements for nested execution
- tests/core/uc20-recovery: fix check for at least specific calls to
mock-shutdown
- boot: be consistent using bootloader.Role* consts instead of
strings
- boot: helper for generating secboot load chains from a given boot
asset sequence
- boot: tweak boot chains to support a list of kernel command lines,
keep track of model and kernel boot file
- boot,secboot: switch to expose and use snapcore/secboot load event
trees
- tests: use `nested_exec` in core{20,}-early-config test
- devicestate: enable cloud-init on uc20 for grade signed and
secured
- boot: add "rootdir" to baseBootenvSuite and use in tests
- tests/lib/cla_check.py: don't allow users.noreply.github.com
commits to pass CLA
- boot: represent boot chains, helpers for marshalling and
equivalence checks
- boot: mark successful with boot assets
- client, api: handle insufficient space error
- o/snapstate: disk space check with single snap install
- configcore: "service.console-conf.disable" is gadget defaults only
- packaging/opensuse: fix for /usr/libexec on TW, do not hardcode
AppArmor profile path
- tests: skip udp protocol in nfs-support test on ubuntu-20.10
- packaging/debian-sid: tweak code preparing _build tree
- many: move seal code from gadget/install to boot
- tests: remove workaround for cups on ubuntu-20.10
- client: implement RebootToSystem
- many: seed.Model panics now if called before LoadAssertions
- daemon: add /v2/systems "reboot" action API
- github: run tests also on push to release branches
- interfaces/bluez: let slot access audio streams
- seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with
new seed.ReadSystemEssential
- interfaces: allow snap-update-ns to read /proc/cmdline
- tests: new organization for nested tests
- o/snapstate, features: add feature flags for disk space awareness
- tests: workaround for cups issue on 20.10 where default printer is
not configured.
- interfaces: update cups-control and add cups for providing snaps
- boot: keep track of the original asset when observing updates
- tests: simplify and fix tests for disk space checks on snap remove
- sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for
cloud.conf
- tests/main: mv core specific tests to core suite
- tests/lib/nested.sh: reset the TPM when we create the uc20 vm
- devicestate: rename "mockLogger" to "logbuf"
- many: introduce ContentChange for tracking gadget content in
observers
- many: fix partion vs partition typo
- bootloader: retrieve boot chains from bootloader
- devicestate: add tests around logging in RequestSystemAction
- boot: handle canceled update
- bootloader: tweak doc comments (thanks Samuele)
- seed/seedwriter: test local asserted snaps with UC20 grade signed
- sysconfig/cloudinit.go: add DisableNoCloud to
CloudInitRestrictOptions
- many: use BootFile type in load sequences
- boot,bootloader: clarifications after the changes to introduce
bootloader.Options.Role
- boot,bootloader,gadget: apply new bootloader.Options.Role
- o/snapstate, features: add feature flag for disk space check on
remove
- testutil: add checkers for symbolic link target
- many: refactor tpm seal parameter setting
- boot/bootstate20: reboot to rollback to previous kernel
- boot: add unit test helpers
- boot: observe update & rollback of trusted assets
- interfaces/utf: Add MIRKey to u2f devices
- o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20
cloud-init tests
- many: check that users of BaseTest don't forget to consume
cleanups
- tests/nested/core20/tpm: verify trusted boot assets tracking
- github: run macOS job with Go 1.14
- many: misc doc-comment changes and typo fixes
- o/snapstate: disk space check with InstallMany
- many: cloud-init cleanups from previous PR's
- tests: running tests on opensuse leap 15.2
- run-checks: check for dirty build tree too
- vendor: run ./get-deps.sh to update the secboot hash
- tests: update listing test for "-dirty" versions
- overlord/devicestate: do not release the state lock when updating
gadget assets
- secboot: read kernel efi image from snap file
- snap: add size to the random access file return interface
- daemon: correctly parse Content-Type HTTP header.
- tests: account for apt-get on core18
- cmd/snap-bootstrap/initramfs-mounts: compute string outside of
loop
- mkversion.sh: simple hack to include dirty in version if the tree
is dirty
- cgroup,snap: track hooks on system bus only
- interfaces/systemd: compare dereferenced Service
- run-checks: only check files in git for misspelling
- osutil: add a package doc comment (via doc.go)
- boot: complain about reused asset name during initial install
- snapstate: installSize helper that calculates total size of snaps
and their prerequisites
- snapshots: export of snapshots
- boot/initramfs_test.go: reset boot vars on the bootloader for each
iteration
* New upstream release, LP: #1891134
- interfaces: allow snap-update-ns to read
/proc/cmdline
- github: run macOS job with Go 1.14
- o/snapstate, features: add feature flag for disk space check on
remove
- tests: account for apt-get on core18
- mkversion.sh: include dirty in version if the tree
is dirty
- interfaces/systemd: compare dereferenced Service
- vendor.json: update mysterious secboot SHA again
* New upstream release, LP: #1891134
- logger: add support for setting snapd.debug=1 on kernel cmdline
- o/snapstate: check disk space before creating automatic snapshot
on remove
- boot, o/devicestate: observe existing recovery bootloader trusted
boot assets
- many: use transient scope for tracking apps and hooks
- features: add HiddenSnapFolder feature flag
- tests/lib/nested.sh: fix partition typo, unmount the image on uc20
too
- runinhibit: open the lock file in read-only mode in IsLocked
- cmd/s-b/initramfs-mounts: make recover -> run mode transition
automatic
- tests: update spread test for unknown plug/slot with snapctl is-
connected
- osutil: add OpenExistingLockForReading
- kernel: add kernel.Validate()
- interfaces: add vcio interface
- interfaces/{docker,kubernetes}-support: load overlay and support
systemd cgroup driver
- tests/lib/nested.sh: use more robust code for finding what loop
dev we mounted
- cmd/snap-update-ns: detach all bind-mounted file
- snap/snapenv: set SNAP_REAL_HOME
- packaging: umount /snap on purge in containers
- interfaces: misc policy updates xlvi
- secboot,cmd/snap-bootstrap: cross-check partitions before
unlocking, mounting
- boot: copy boot assets cache to new root
- gadget,kernel: add new kernel.{Info,Asset} struct and helpers
- o/hookstate/ctlcmd: make is-connected check whether the plug or
slot exists
- tests: find -ignore_readdir_race when scanning cgroups
- interfaces/many: deny arbitrary desktop files and misc from
/usr/share
- tests: use "set -ex" in prep-snapd-in-lxd.sh
- tests: re-enable udisks test on debian-sid
- cmd/snapd-generator: use PATH fallback if PATH is not set
- tests: disable udisks2 test on arch linux
- github: use latest/stable go, not latest/edge
- tests: remove support for ubuntu 19.10 from spread tests
- tests: fix lxd test wrongly tracking 'latest'
- secboot: document exported functions
- cmd: compile snap gdbserver shim correctly
- many: correctly calculate the desktop file prefix everywhere
- interfaces: add kernel-crypto-api interface
- corecfg: add "system.timezone" setting to the system settings
- cmd/snapd-generator: generate drop-in to use fuse in container
- cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments
from previous PR
- interfaces/many: miscellaneous updates for strict microk8s
- secboot,cmd/snap-bootstrap: don't import boot package from secboot
- cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of
the-tool
- tests: work around broken update of systemd-networkd
- tests/main/install-fontconfig-cache-gen: enhance test by
verifying, add fonts to test
- o/devicestate: wrap asset update observer error
- boot: refactor such that bootStateUpdate20 mainly carries Modeenv
- mkversion.sh: disallow changelog versions that have git in it, if
we also have git version
- interfaces/many: miscellaneous updates for strict microk8s
- snap: fix repeated "cannot list recovery system" and add test
- boot: track trusted assets during initial install, assets cache
- vendor: update secboot to fix key data validation
- tests: unmount FUSE file-systems from XDG runtime dir
- overlord/devicestate: workaround non-nil interface with nil struct
- sandbox/cgroup: remove temporary workaround for multiple cgroup
writers
- sandbox/cgroup: detect dangling v2 cgroup
- bootloader: add helper for creating a bootloader based on gadget
- tests: support different images on nested execution
- many: reorg cmd/snapinfo.go into snap and new client/clientutil
- packaging/arch: use external linker when building statically
- tests: cope with ghost cgroupv2
- tests: fix issues related to restarting systemd-logind.service
- boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to
gadget updates
- vendor: update github.com/kr/pretty to fix diffs of values with
pointer cycles
- boot: move bootloaderKernelState20 impls to separate file
- .github/workflows: move snap building to test.yaml as separate
cached job
- tests/nested/manual/minimal-smoke: run core smoke tests in a VM
meeting minimal requirements
- osutil: add CommitAs to atomic file
- gadget: introduce content update observer
- bootloader: introduce TrustedAssetsBootloader, implement for grub
- o/snapshotstate: helpers for calculating disk space needed for an
automatic snapshot
- gadget/install: retrieve command lines from bootloader
- boot/bootstate20: unify commit method impls, rm
bootState20MarkSuccessful
- tests: add system information and image information when debug
info is displayed
- tests/main/cgroup-tracking: try to collect some information about
cgroups
- boot: introduce current_boot_assets and
current_recovery_boot_assets to modeenv
- tests: fix for timing issues on journal-state test
- many: remove usage and creation of hijacked pid cgroup
- tests: port regression-home-snap-root-owned to tests.session
- tests: run as hightest via tests.session
- github: run CLA checks on self-hosted workers
- github: remove Ubuntu 19.10 from actions workflow
- tests: remove End-Of-Life opensuse/fedora releases
- tests: remove End-Of-Life releases from spread.yaml
- tests: fix debug section of appstream-id test
- interfaces: check !b.preseed earlier
- tests: work around bug in systemd/debian
- boot: add deepEqual, Copy helpers for Modeenv to simplify
bootstate20 refactor
- cmd: add new "snap recovery" command
- interfaces/systemd: use emulation mode when preseeding
- interfaces/kmod: don't load kernel modules in kmod backend when
preseeding
- interfaces/udev: do not reload udevadm rules when preseeding
- cmd/snap-preseed: use snapd from the deb if newer than from seeds
- boot: fancy marshaller for modeenv values
- gadget, osutil: use atomic file copy, adjust tests
- overlord: use new tracking cgroup for refresh app awareness
- github: do not skip gofmt with Go 1.9/1.10
- many: introduce content write observer, install mode glue, initial
seal stubs
- daemon,many: switch to use client.ErrorKind and drop the local
errorKind...
- tests: new parameters for nested execution
- client: move all error kinds into errors.go and add doc strings
- cmd/snap: display the error in snap debug seeding if seeding is in
error
- cmd/snap/debug/seeding: use unicode for proper yaml
- tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty
recovery_mode
- osutil/disks: add mock disk and tests for happy path of mock disks
- tests: refresh/revert snapd in uc20
- osutil/disks: use a dedicated error to indicate a fs label wasn't
found
- interfaces/system-key: in WriteSystemKey during tests, don't call
ParserFeatures
- boot: add current recovery systems to modeenv
- bootloader: extend managed assets bootloader interface to compose
a candidate command line
- interfaces: make the unmarshal test match more the comment
- daemon/api: use pointers to time.Time for debug seeding aspect
- o/ifacestate: update security profiles in connect undo handler
- interfaces: add uinput interface
- cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit
tests
- o/devicestate: save seeding/preseeding times for use with debug
seeding api
- cmd/snap/debug: add "snap debug seeding" command for preseeding
debugging
- tests/main/selinux-clean: workaround SELinux denials triggered by
linger setup on Centos8
- bootloader: compose command line with mode and extra arguments
- cmd/snap, daemon: detect and bail purge on multi-snap
- o/ifacestate: fix bug in snapsWithSecurityProfiles
- interfaces/builtin/multipass: replace U+00A0 no-break space with
simple space
- bootloader/assets: generate bootloader assets from files
- many/tests/preseed: reset the preseeded images before preseeding
them
- tests: drop accidental accents from e
- secboot: improve key sealing tests
- tests: replace _wait_for_file_change with retry
- tests: new fs-state which replaces the files.sh helper
- sysconfig/cloudinit_test.go: add test for initramfs case, rm "/"
from path
- cmd/snap: track started apps and hooks
- tests/main/interfaces-pulseaudio: disable start limit checking for
pulseaudio service
- api: seeding debug api
- .github/workflows/snap-build.yaml: build the snapd snap via GH
Actions too
- tests: moving journalctl.sh to a new journal-state tool
- tests/nested/manual: add spread tests for cloud-init vuln
- bootloader/assets: helpers for registering per-edition snippets,
register snippets for grub
- data,packaging,wrappers: extend D-Bus service activation search
path
- spread: add opensuse 15.2 and tumbleweed for qemu
- overlord,o/devicestate: restrict cloud-init on Ubuntu Core
- sysconfig/cloudinit: add RestrictCloudInit
- cmd/snap-preseed: check that target path exists and is a directory
on --reset
- tests: check for pids correctly
- gadget,gadget/install: refactor partition table update
- sysconfig/cloudinit: add CloudInitStatus func + CloudInitState
type
- interface/fwupd: add more policies for making fwupd upstream
strict
- tests: new to-one-line tool which replaces the strings.sh helper
- interfaces: new helpers to get and compare system key, for use
with seeding debug api
- osutil, many: add helper for checking whether the process is a go
test binary
- cmd/snap-seccomp/syscalls: add faccessat2
- tests: adjust xdg-open after launcher changes
- tests: new core config helper
- usersession/userd: do not modify XDG_DATA_DIRS when calling xdg-
open
- cmd/snap-preseed: handle relative chroot path
- snapshotstate: move sizer to osutil.Sizer()
- tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref
kernel tests
- gadget/install,secboot: use snapcore/secboot luks2 api
- boot/initramfs_test.go: add Commentf to more Assert()'s
- tests/lib: account for changes in arch package file name extension
- bootloader/bootloadertest: fix comment typo
- bootloader: add helper for getting recovery system environment
variables
- tests: preinstall shellcheck and run tests on focal
- strutil: add a helper for parsing kernel command line
- osutil: add CheckFreeSpace helper
- secboot: update tpm connection error handling
- packaging, cmd/snap-mgmt, tests: remove modules files on purge
- tests: add tests.cleanup helper
- packaging: add "ca-certificates" to build-depends
- tests: more checks in core20 early config spread test
- tests: fix some snapstate tests to use pointers for
snapmgrTestSuite
- boot: better naming of helpers for obtaining kernel command line
- many: use more specific check for unit test mocking
- systemd/escape: fix issues with "" and "\t" handling
- asserts: small improvements and corrections for sequence-forming
assertions' support
- boot, bootloader: query kernel command line of run mod and
recovery mode systems
- snap/validate.go: disallow snap layouts with new top-level
directories
- tests: allow to add a new label to run nested tests as part of PR
validation
- tests/core/gadget-update-pc: port to UC20
- tests: improve nested tests flexibility
- asserts: integer headers: disallow prefix zeros and make parsing
more uniform
- asserts: implement Database.FindSequence
- asserts: introduce SequenceMemberAfter in the asserts backstores
- spread.yaml: remove tests/lib/tools from PATH
- overlord: refuse to install snaps whose activatable D-Bus services
conflict with installed snaps
- tests: shorten lxd-state undo-mount-changes
- snap-confine: don't die if a device from sysfs path cannot be
found by udev
- tests: fix argument handling of apt-state
- tests: rename lxd-tool to lxd-state
- tests: rename user-tool to user-state, fix --help
- interfaces: add gconf interface
- sandbox/cgroup: avoid parsing security tags twice
- tests: rename version-tool to version-compare
- cmd/snap-update-ns: handle anomalies better
- tests: fix call to apt.Package.mark_install(auto_inst=True)
- tests: rename mountinfo-tool to mountinfo.query
- tests: rename memory-tool to memory-observe-do
- tests: rename invariant-tool to tests.invariant
- tests: rename apt-tool to apt-state
- many: managed boot config during run mode setup
- asserts: introduce the concept of sequence-forming assertion types
- tests: tweak comments/output in uc20-recovery test
- tests/lib/pkgdb: do not use quiet when purging debs
- interfaces/apparmor: allow snap-specific /run/lock
- interfaces: add system-source-code for access to /usr/src
- sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data
- gadget/install: move udev trigger to gadget/install
- many: make nested spread tests more reliable
- tests/core/uc20-recovery: apply hack to get gopath in recover mode
w/ external backend
- tests: enable tests on uc20 which now work with the real model
assertion
- tests: enable system-snap-refresh test on uc20
- gadget, bootloader: preserve managed boot assets during gadget
updates
- tests: fix leaked dbus-daemon in selinux-clean
- tests: add servicestate.Control tests
- tests: fix "restart.service"
- wrappers: helper for enabling services - extract and move enabling
of services into a helper
- tests: new test to validate refresh and revert of kernel and
gadget on uc20
- tests/lib/prepare-restore: collect debug info when prepare purge
fails
- bootloader: allow managed bootloader to update its boot config
- tests: Remove unity test from nightly test suite
- o/devicestate: set mark-seeded to done in the task itself
- tests: add spread test for disconnect undo caused by failing
disconnect hook
- sandbox/cgroup: allow discovering PIDs of given snap
- osutil/disks: support IsDecryptedDevice for mountpoints which are
dm devices
- osutil: detect autofs mounted in /home
- spread.yaml: allow amazon-linux-2-64 qemu with
ec2-user/ec2-user
- usersession: support additional zoom URL schemes
- overlord: mock timings.DurationThreshold in TestNewWithGoodState
- sandbox/cgroup: add tracking helpers
- tests: detect stray dbus-daemon
- overlord: refuse to install snaps providing user daemons on Ubuntu
14.04
- many: move encryption and installer from snap-boostrap to gadget
- o/ifacestate: fix connect undo handler
- interfaces: optimize rules of multiple connected iio/i2c/spi plugs
- bootloader: introduce managed bootloader, implement for grub
- tests: fix incorrect check in smoke/remove test
- asserts,seed: split handling of essential/not essential model
snaps
- gadget: fix typo in mounted filesystem updater
- gadget: do only one mount point lookup in mounted fs updater
- tests/core/snap-auto-mount: try to make the test more robust
- tests: adding ubuntu-20.04 to google-sru backend
- o/servicestate: add updateSnapstateServices helper
- bootloader: pull recovery grub config from internal assets
- tests/lib/tools: apply linger workaround when needed
- overlord/snapstate: graceful handling of denied "managed" refresh
schedule
- snapstate: fix autorefresh from classic->strict
- overlord/configstate: add system.kernel.printk.console-loglevel
option
- tests: fix assertion disk handling for nested UC systems
- snapstate: use testutil.HostScaledTimeout() in snapstate tests
- tests: extra worker for google-nested backend to avoid timeout
error on uc20
- snapdtool: helper to check whether the current binary is reexeced
from a snap
- tests: mock servicestate in api tests to avoid systemctl checks
- many: rename back snap.Info.GetType to Type
- tests/lib/cla_check: expect explicit commit range
- osutil/disks: refactor diskFromMountPointImpl a bit
- o/snapstate: service-control task handler
- osutil: add disks pkg for associating mountpoints with
disks/partitions
- gadget,cmd/snap-bootstrap: move partitioning to gadget
- seed: fix LoadEssentialMeta when gadget is not loaded
- cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo
secure_path
- asserts: introduce new assertion validation-set
- asserts,daemon: add support for "serials" field in system-user
assertion
- data/sudo: drop a failed sudo secure_path workaround
- gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat
- boot, snap-bootstrap: move initramfs-mounts logic to boot pkg
- spread.yaml: update secure boot attribute name
- interfaces/block_devices: add NVMe subsystem devices, support
multipath paths
- tests: use the "jq" snap from the edge channel
- tests: simplify the tpm test by removing the test-snapd-mokutil
snap
- boot/bootstate16.go: clean snap_try_* vars when not in Trying
status too
- tests/main/sudo-env: check snap path under sudo
- tests/main/lxd: add test for snaps inside nested lxd containers
not working
- asserts/internal: expand errors about invalid serialized grouping
labels
- usersession/userd: add msteams url support
- tests/lib/prepare.sh: adjust comment about sgdisk
- tests: fix how gadget pc is detected when the snap does not exist
and ls fails
- tests: move a few more tests to snapstate_update_test.go
- tests/main: add spread test for running svc from install hook
- tests/lib/prepare: increase the size of the uc16/uc18 partitions
- tests/special-home-can-run-classic-snaps: re-enable
- workflow: test PR title as part of the static checks again
- tests/main/xdg-open-compat: backup and restore original xdg-open
- tests: move update-related tests to snapstate_update_test.go
- cmd,many: move Version and bits related to snapd tools to
snapdtool, merge cmdutil
- tests/prepare-restore.sh: reset-failed systemd-journald before
restarting
- interfaces: misc small interface updates
- spread: use find rather than recursive ls, skip mounted snaps
- tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls
/var/lib/snapd
- tests: enable snap-auto-mount test on core20
- cmd/snap: do not show $PATH warning when executing under sudo on a
known distro
- asserts/internal: add some iteration benchmarks
- sandbox/cgroup: improve pid parsing code
- snap: add new `snap run --experimental-gdbserver` option
- asserts/internal: limit Grouping size switching to a bitset
representationWe don't always use the bit-set representation
because:
- snap: add an activates-on property to apps for D-Bus activation
- dirs: delete unused Cloud var, fix typo
- sysconfig/cloudinit: make callers of DisableCloudInit use
WritableDefaultsDir
- tests: fix classic ubuntu core transition auth
- tests: fail in setup_reflash_magic() if there is snapd state left
- tests: port interfaces-many-core-provided to tests.session
- tests: wait after creating partitions with sfdisk
- bootloader: introduce bootloarder assets, import grub.cfg with an
edition marker
- riscv64: bump timeouts
- gadget: drop dead code, hide exports that are not used externally
- tests: port 2 uc20 part1
- tests: fix bug waiting for snap command to be ready
- tests: move try-related tests to snapstate_try_test.go
- tests: add debug for 20.04 prepare failure
- travis.yml: removed, all our checks run in GH actions now
- tests: clean up up the use of configcoreSuite in the configcore
tests
- sandbox/cgroup: remove redundant pathOfProcPidCgroup
- sandbox/cgroup: add tests for ParsePids
- tests: fix the basic20 test for uc20 on external backend
- tests: use configcoreSuite in journalSuite and remove some
duplicated code
- tests: move a few more tests to snapstate_install_test
- tests: assorted small patches
- dbusutil/dbustest: separate license from package
- interfaces/builtin/time-control: allow POSIX clock API
- usersession/userd: add "slack" to the white list of URL schemes
handled by xdg-open
- tests: check that host settings like hostname are settable on core
- tests: port xdg-settings test to tests.session
- tests: port snap-handle-link test to tests.session
- arch: add riscv64
- tests: core20 early defaults spread test
- tests: move install tests from snapstate_test.go to
snapstate_install_test.go
- github: port macOS sanity checks from travis
- data/selinux: allow checking /var/cache/app-info
- o/devicestate: core20 early config from gadget defaults
- tests: autoremove after removing lxd in preseed-lxd test
- secboot,cmd/snap-bootstrap: add tpm sealing support to secboot
- sandbox/cgroup: move FreezerCgroupDir from dirs.go
- tests: update the file used to detect the boot path on uc20
- spread.yaml: show /var/lib/snapd in debug
- cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock +
netplan files
- snap/naming: add helpers to parse app and hook security tags
- tests: modernize retry tool
- tests: fix and trim debug section in xdg-open-portal
- tests: modernize and use snapd.tool
- vendor: update to latest github.com/snapcore/bolt for riscv64
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellaneous policy updates xlv
- interfaces/system-packages-doc: fix typo in variable names
- tests: port interfaces-calendar-service to tests.session
- tests: install/run the lzo test snap too
- snap: (small) refactor of `snap download` code for
testing/extending
- data: fix shellcheck warnings in snapd.sh.in
- packaging: disable buildmode=pie for riscv64
- tests: install test-snapd-rsync snap from edge channel
- tests: modernize tests.session and port everything using it
- tests: add ubuntu 20.10 to spread tests
- cmd/snap/remove: mention snap restore/automatic snapshots
- dbusutil: move all D-Bus helpers and D-Bus test helpers
- wrappers: pass 'disable' flag to StopServices wrapper
- osutil: enable riscv64 build
- snap/naming: add ParseSecurityTag and friends
- tests: port document-portal-activation to session-tool
- bootloader: rename test helpers to reflect we are mocking EFI boot
locations
- tests: disable test of nfs v3 with udp proto on debian-sid
- tests: plan to improve the naming and uniformity of utilities
- tests: move *-tool tests to their own suite
- snap-bootstrap: remove sealed key file on reinstall
- bootloader/ubootenv: don't panic with an empty uboot env
- systemd: rename actualFsTypeAndMountOptions to
hostFsTypeAndMountOptions
- daemon: fix filtering of service-control changes for snap.app
- tests: spread test for preseeding in lxd container
- tests: fix broken snapd.session agent.socket
- wrappers: add RestartServices function and ReloadOrRestart to
systemd
- o/cmdstate: handle ignore flag on exec-command tasks
- gadget: make ext4 filesystems with or without metadata checksum
- tests: update statx test to run on all LTS releases
- configcore: show better error when disabling services
- interfaces: add hugepages-control
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- tests: run ubuntu-20.04-* tests on all ubuntu-2* releases
- tests: skip interfaces-openvswitch for centos 8 in nightly suite
- tests: reload systemd --user for root, if present
- tests: reload systemd after editing /etc/fstab
- tests: add missing dependencies needed for sbuild test on debian
- tests: reload systemd after removing pulseaudio
- image, tests: core18 early config.
- interfaces: add system-packages-doc interface
- cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when
preseeding
- interfaces/fwupd: allow bind mount to /boot on core
- tests: improve oom-vitality tests
- tests: add fedora 32 to spread.yaml
- config: apply vitality-hint immediately when the config changes
- tests: port snap-routine-portal-info to session-tool
- configcore: add "service.console-conf.disable" config option
- tests: port xdg-open to session-tool
- tests: port xdg-open-compat to session-tool
- tests: port interfaces-desktop-* to session-tool
- spread.yaml: apply yaml formatter/linter
- tests: port interfaces-wayland to session-tool
- o/devicestate: refactor current system handling
- snap-mgmt: perform cleanup of user services
- snap/snapfile,squashfs: followups from 8729
- boot, many: require mode in modeenv
- data/selinux: update policy to allow forked processes to call
getpw*()
- tests: log stderr from dbus-monitor
- packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers
tag
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- data/selinux: allow snapd to remove/create the its socket
- testutil/exec.go: set PATH after running shellcheck
- tests: silence stderr from dbus-monitor
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- github: remove workaround for bug 133 in actions/cache
- tests: remove dbus.sh
- cmd/snap-preseed: improve mountpoint checks of the preseeded
chroot
- spread.yaml: add ps aux to debug section
- github: run all spread systems in a single go with cached results
- test: session-tool cli tweaks
- asserts: rest of the Pool API
- tests: port interfaces-network-status-classic to session-tool
- packaging: remove obsolete 16.10,17.04 symlinks
- tests: setup portals before starting user session
- o/devicestate: typo fix
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- cmd/snap/model: support store, system-user-authority keys in
--verbose
- o/devicestate: raise conflict when requesting system action while
seeding
- tests: detect signs of crashed snap-confine
- tests: sign kernel and gadget to run nested tests using current
snapd code
- tests: remove gnome-online-accounts we install
- tests: fix the issue where all the tests were executed on secboot
system
- tests: port interfaces-accounts-service to session-tool
- interfaces/network-control: bring /var/lib/dhcp from host
- image,cmd/snap,tests: add support for store-wide cohort keys
- configcore: add nomanagers buildtag for conditional build
- tests: port interfaces-password-manager-service to session-tool
- o/devicestate: cleanup system actions supported by recover mode
- snap-bootstrap: remove create-partitions and update tests
- tests: fix nested tests
- packaging/arch: update PKGBUILD to match one in AUR
- tests: port interfaces-location-control to session-tool
- tests: port interfaces-contacts-service to session-tool
- state: log task errors in the journal too
- o/devicestate: change how current system is reported for different
modes
- devicestate: do not report "ErrNoState" for seeded up
- tests: add a note about broken test sequence
- tests: port interfaces-autopilot-introspection to session-tool
- tests: port interfaces-dbus to session-tool
- packaging: update sid packaging to match 16.04+
- tests: enable degraded test on uc20
- c/snaplock/runinhibit: add run inhibition operations
- tests: detect and report root-owned files in /home
- tests: reload root's systemd --user after snapd tests
- tests: test registration with serial-authority: [generic]
- cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon-
key in recover
- tests/mount-ns: stop binfmt_misc mount unit
- cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition
uuid if available
- daemon, tests: indicate system mode, test switching to recovery
and back to run
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- tests/mount-ns: update to reflect new UEFI boot mode
- usersession,tests: clean ups for userd/settings.go and move
xdgopenproxy under usersession
- tests: disable mount-ns test
- tests: test user belongs to systemd-journald, on core20
- tests: run core/snap-set-core-config on uc20 too
- tests: remove generated session-agent units
- sysconfig: use new _writable_defaults dir to create cloud config
- cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for
future work
- asserts: make clearer that with label we mean a serialized label
- cmd/snap-bootstrap: tweak recovery trigger log messages
- asserts: introduce PoolTo
- userd: allow setting default-url-scheme-handler
- secboot: append uuid to ubuntu-data when decrypting
- o/configcore: pass extra options to FileSystemOnlyApply
- tests: add dbus-user-session to bionic and reorder package names
- boot, bootloader: adjust comments, expand tests
- tests: improve debugging of user session agent tests
- packaging: add the inhibit directory
- many: add core.resiliance.vitality-hint config setting
- tests: test adjustments and fixes for recently published images
- cmd/snap: coldplug auto-import assertions from all removable
devices
- secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to
secboot
- tests: not fail when boot dir cannot be determined
- tests: new directory used to store the cloud images on gce
- tests: inject snapd from edge into seeds of the image in manual
preseed test
- usersession/agent,wrappers: fix races between Shutdown and Serve
- tests: add dependency needed for next upgrade of bionic
- tests: new test user is used for external backend
- cmd/snap: fix the order of positional parameters in help output
- tests: don't create root-owned things in ~test
- tests/lib/prepare.sh: delete patching of the initrd
- cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
as well
- progress: tweak multibyte label unit test data
- o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline
- gadget: fix fallback device lookup for 'mbr' type structures
- configcore: only reload journald if systemd is new enough
- cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data
- wrappers: allow user mode systemd daemons
- progress: fix progress bar with multibyte duration units
- tests: fix raciness in pulseaudio test
- asserts/internal: introduce Grouping and Groupings
- tests: remove user.sh
- tests: pair of follow-ups from earlier reviews
- overlord/snapstate: warn of refresh/postpone events
- configcore,tests: use daemon-reexec to apply watchdog config
- c/snap-bootstrap: check mount states via initramfsMountStates
- store: implement DownloadAssertions
- tests: run smoke test with different bases
- tests: port user-mounts test to session-tool
- store: handle error-list in fetch-assertions results
- tests: port interfaces-audio-playback-record to session-tool
- data/completion: add `snap` command completion for zsh
- tests/degraded: ignore failure in systemd-vconsole-setup.service
- image: stub implementation of image.Prepare for darwin
- tests: session-tool --restore -u stops user-$UID.slice
- o/ifacestate/handlers.go: fix typo
- tests: port pulseaudio test to session-tool
- tests: port user-session-env to session-tool
- tests: work around journald bug in core16
- tests: add debug to core-persistent-journal test
- tests: port selinux-clean to session-tool
- tests: port portals test to session-tool, fix portal tests on sid
- tests: adding option --no-install-recommends option also when
install all the deps
- tests: add session-tool --has-systemd-and-dbus
- packaging/debian-sid: add gcc-multilib to build deps
- osutil: expand FileLock to support shared locks and more
- packaging: stop depending on python-docutils
- store,asserts,many: support the new action fetch-assertions
- tests: port snap-session-agent-* to session-tool
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- tests: fix for preseeding failures
* New upstream release, LP: #1875071
- o/ifacestate: fix bug in snapsWithSecurityProfiles
- tests/main/selinux-clean: workaround SELinux denials triggered by
linger setup on Centos8
* New upstream release, LP: #1875071
- many: backport _writable_defaults dir changes
- tests: fix incorrect check in smoke/remove test
- cmd/snap-bootstrap,seed: backport of uc20 PRs
- tests: avoid exit when nested type var is not defined
- cmd/snap-preseed: backport fixes
- interfaces: optimize rules of multiple connected iio/i2c/spi plugs
- many: cherry-picks for 2.45, gh-action, test fixes
- tests/lib: account for changes in arch package file name extension
- postrm, snap-mgmt: cleanup modules and other cherry-picks
- snap-confine: don't die if a device from sysfs path cannot be
found by udev
- data/selinux: update policy to allow forked processes to call
getpw*()
- tests/main/interfaces-time-control: exercise setting time via date
- interfaces/builtin/time-control: allow POSIX clock API
- usersession/userd: add "slack" to the white list of URL schemes
handled by xdg-open
* SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
implementation
- usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
variable modification when calling the system xdg-open. Patch
thanks to James Henstridge
- packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
restarted. Patch thanks to Michael Vogt
- CVE-2020-11934
- LP: #1880085
* SECURITY UPDATE: arbitrary code execution vulnerability on core
devices with access to physical removable media
- devicestate: Disable/restrict cloud-init after seeding.
- CVE-2020-11933
- LP: #1879530
* New upstream release, LP: #1875071
- data/selinux: allow checking /var/cache/app-info
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellaneous policy updates xlv
- snap-bootstrap: remove sealed key file on reinstall
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- gadget: make ext4 filesystems with or without metadata checksum
- interfaces/fwupd: allow bind mount to /boot on core
- tests: cherry-pick test fixes from master
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- data/completion, packaging: cherry-pick zsh completion
- state: log task errors in the journal too
- devicestate: do not report "ErrNoState" for seeded up
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- packaging: stop depending on python-docutils
* New upstream release, LP: #1875071
- o/devicestate: support doing system action reboots from recover
mode
- vendor: update to latest secboot
- tests: not fail when boot dir cannot be determined
- configcore: only reload journald if systemd is new enough
- cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data
when decrypting
- tests/lib/prepare.sh: delete patching of the initrd
- cmd/snap: coldplug auto-import assertions from all removable
devices
- cmd/snap: fix the order of positional parameters in help output
- c/snap-bootstrap: port mount state mocking to the new style on
master
- cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
as well
- o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline,
unlock in recover mode initramfs
- progress: tweak multibyte label unit test data
- gadget: fix fallback device lookup for 'mbr' type structures
- progress: fix progress bar with multibyte duration units
- many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20
- many: put the sealed keys in a directory on seed for tidiness
- cmd/snap-bootstrap: measure epoch and model before unlocking
encrypted data
- o/configstate: core config handler for persistent journal
- bootloader/uboot: use secondary ubootenv file boot.sel for uc20
- packaging: add "$TAGS" to dh_auto_test for debian packaging
- tests: ensure $cache_dir is actually available
- secboot,cmd/snap-bootstrap: add model to pcr protection profile
- devicestate: do not use snap-boostrap in devicestate to install
- tests: fix a typo in nested.sh helper
- devicestate: add support for cloud.cfg.d config from the gadget
- cmd/snap-bootstrap: cleanups, naming tweaks
- testutil: add NewDBusTestConn
- snap-bootstrap: lock access to sealed keys
- overlord/devicestate: preserve the current model inside ubuntu-
boot
- interfaces/apparmor: use differently templated policy for non-core
bases
- seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
syscalls
- cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first,
other misc changes
- o/snapstate: tweak "waiting for restart" message
- boot: store model model and grade information in modeenv
- interfaces/firewall-control: allow -legacy and -nft for core20
- boot: enable makeBootable20RunMode for EnvRefExtractedKernel
bootloaders
- boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20
implementation
- daemon: fix error message from `snap remove-user foo` on classic
- overlord: have a variant of Mock that can take a state.State
- tests: 16.04 and 18.04 now have mediating pulseaudio (again)
- seed: clearer errors for missing essential snapd or core snap
- cmd/snap-bootstrap/initramfs-mounts: support
EnvRefExtractedKernelBootloader's
- gadget, cmd/snap-bootstrap: MBR schema support
- image: improve/adjust DownloadSnap doc comment
- asserts: introduce ModelGrade.Code
- tests: ignore user-12345 slice and service
- image,seed/seedwriter: support redirect channel aka default
tracks
- bootloader: use binary.Read/Write
- tests: uc20 nested suite part II
- tests/boot: refactor to make it easier for new
bootloaderKernelState20 impl
- interfaces/openvswitch: support use of ovs-appctl
- snap-bootstrap: copy auth data from real ubuntu-data in recovery
mode
- snap-bootstrap: seal and unseal encryption key using tpm
- tests: disable special-home-can-run-classic-snaps due to jenkins
repo issue
- packaging: fix build on Centos8 to support BUILDTAGS
- boot/bootstate20: small changes to bootloaderKernelState20
- cmd/snap: Implement a "snap routine file-access" command
- spread.yaml: switch back to latest/candidate for lxd snap
- boot/bootstate20: re-factor kernel methods to use new interface
for state
- spread.yaml,tests/many: use global env var for lxd channel
- boot/bootstate20: fix bug in try-kernel cleanup
- config: add system.store-certs.[a-zA-Z0-9] support
- secboot: key sealing also depends on secure boot enabled
- httputil: fix client timeout retry tests
- cmd/snap-update-ns: handle EBUSY when unlinking files
- cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20
vars
- secboot: add tpm support helpers
- tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for
kernel and gadget
- cmd/snap-bootstrap: switch to a 64-byte key for unlocking
- tests: preserve size for centos images on spread.yaml
- github: partition the github action workflows
- run-checks: use consistent "Checking ..." style messages
- bootloader: add efi pkg for reading efi variables
- data/systemd: do not run snapd.system-shutdown if finalrd is
available
- overlord: update tests to work with latest go
- cmd/snap: do not hide debug boot-vars on core
- cmd/snap-bootstrap: no error when not input devices are found
- snap-bootstrap: fix partition numbering in create-partitions
- httputil/client_test.go: add two TLS version tests
- tests: ignore user@12345.service hierarchy
- bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things
- tests: rewrite timeserver-control test
- tests: fix racy pulseaudio tests
- many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
- tests: update snap-preseed --reset logic to accommodate for 2.44
change
- cmd/snap: don't wait for system key when stopping
- sandbox/cgroup: avoid making arrays we don't use
- osutil: mock proc/self/mountinfo properly everywhere
- selinux: export MockIsEnforcing; systemd: use in tests
- tests: add 32 bit machine to GH actions
- tests/session-tool: kill cron session, if any
- asserts: it should be possible to omit many snap-ids if allowed,
fix
- boot: cleanup more things, simplify code
- github: skip spread jobs when corresponding label is set
- dirs: don't depend on osutil anymore, mv apparmor vars to apparmor
pkg
- tests/session-tool: add session-tool --dump
- github: allow cached debian downloads to restore
- tests/session-tool: session ordering is non-deterministic
- tests: enable unit tests on debian-sid again
- github: move spread to self-hosted workers
- secboot: import secboot on ubuntu, provide dummy on !ubuntu
- overlord/devicestate: support for recover and run modes
- snap/naming: add validator for snap security tag
- interfaces: add case for rootWritableOverlay + NFS
- tests/main/uc20-create-partitions: tweaks, renames, switch to
20.04
- github: port CLA check to Github Actions
- interfaces/many: miscellaneous policy updates xliv
- configcore,tests: fix setting watchdog options on UC18/20
- tests/session-tool: collect information about services on startup
- tests/main/uc20-snap-recovery: unbreak, rename to uc20-create-
partitions
- state: add state.CopyState() helper
- tests/session-tool: stop anacron.service in prepare
- interfaces: don't use the owner modifier for files shared via
document portal
- systemd: move the doc comments to the interface so they are
visible
- cmd/snap-recovery-chooser: tweaks
- interfaces/docker-support: add overlayfs file access
- packaging: use debian/not-installed to ignore snap-preseed
- travis.yml: disable unit tests on travis
- store: start splitting store.go and store_test.go into subtopic
files
- tests/session-tool: stop cron/anacron from meddling
- github: disable fail-fast as spread cannot be interrupted
- github: move static checks and spread over
- tests: skip "/etc/machine-id" in "writablepaths" test
- snap-bootstrap: store encrypted partition recovery key
- httputil: increase testRetryStrategy max timelimit to 5s
- tests/session-tool: kill leaking closing session
- interfaces: allow raw access to USB printers
- tests/session-tool: reset failed session-tool units
- httputil: increase httpclient timeout in
TestRetryRequestTimeoutHandling
- usersession: extend timerange in TestExitOnIdle
- client: increase timeout in client tests to 100ms
- many: disentagle release and snapdenv from sandbox/*
- boot: simplify modeenv mocking to always write a modeenv
- snap-bootstrap: expand data partition on install
- o/configstate: add backlight option for core config
- cmd/snap-recovery-chooser: add recovery chooser
- features: enable robust mount ns updates
- snap: improve TestWaitRecovers test
- sandbox/cgroup: add ProcessPathInTrackingCgroup
- interfaces/policy: fix comment in recent new test
- tests: make session tool way more robust
- interfaces/seccomp: allow passing an address to setgroups
- o/configcore: introduce core config handlers (3/N)
- interfaces: updates to login-session-observe, network-manager and
modem-manager interfaces
- interfaces/policy/policy_test.go: add more tests'allow-
installation: false' and we grant based on interface attributes
- packaging: detect/disable broken seed in the postinst
- cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia
library
- tests: remove google-tpm backend from spread.yaml
- tests: install dependencies with apt using --no-install-recommends
- usersession/userd: add zoommtg url support
- snap-bootstrap: fix disk layout sanity check
- snap: add `snap debug state --is-seeded` helper
- devicestate: generate warning if seeding fails
- config, features: move and rename config.GetFeatureFlag helper to
features.Flag
- boot, overlord/devicestate, daemon: implement requesting boot
into a given recovery system
- xdgopenproxy: forward requests to the desktop portal
- many: support immediate reboot
- store: search v2 tweaks
- tests: fix cross build tests when installing dependencies
- daemon: make POST /v2/systems/<label> root only
- tests/lib/prepare.sh: use only initrd from the kernel snap
- cmd/snap,seed: validate full seeds (UC 16/18)
- tests/main/user-session-env: stop the user session before deleting
the test-zsh user
- overlord/devicestate, daemon: record the seed current system was
installed from
- gadget: SystemDefaults helper function to convert system defaults
config into a flattened map suitable for FilesystemOnlyApply.
- many: comment or avoid cryptic snap-ids in tests
- tests: add LXD_CHANNEL environment
- store: support for search API v2
- .github: register a problem matcher to detect spread failures
- seed: add Info() method for seed.Snap
- github: always run the "Discard spread workers" step, even if the
job fails
- github: offload self-hosted workers
- cmd/snap: the model command needs just a client, no waitMixin
- github: combine tests into one workflow
- github: fix order of go get caches
- tests: adding more workers for ubuntu 20.04
- boot,overlord: rename operating mode to system mode
- config: add new Transaction.GetPristine{,Maybe}() function
- o/devicestate: rename readMaybe* to maybeRead*
- github: cache Debian dependencies for unit tests
- wrappers: respect pre-seeding in error path
- seed: validate UC20 seed system label
- client, daemon, overlord/devicestate: request system action API
and stubs
- asserts,o/devicestate: support model specified alternative serial-
authority
- many: introduce naming.WellKnownSnapID
- o/configcore: FilesystemOnlyApply method for early configuration
of core (1/N)
- github: run C unit tests
- github: run spread tests on PRs only
- interfaces/docker-support: make containerd abstract socket more
generic
- tests: cleanup security-private-tmp properly
- overlord/devicestate,boot: do not hold to the originally read
modeenv
- dirs: rm RunMnt; boot: add vars for early boot env layout;
sysconfig: take targetdir arg
- cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over
s.runMnt
- tests: add regression test for MAAS refresh bug
- errtracker: add missing mocks
- github: apt-get update before installing build-deps
- github: don't fail-fast
- github: run spread via github actions
- boot,many: add modeenv.WriteTo, make Write take no args
- wrappers: fix timer schedules that are days only
- tests/main/snap-seccomp-syscalls: install gperf
- github: always checkout to snapcore/snapd
- github: add prototype workflow running unit tests
- many: improve comments, naming, a possible TODO
- client: use Assert when checking for error
- tests: ensure sockets target is ready in session agent spread
tests
- osutil: do not leave processes behind after the test run
- tests: update proxy-no-core to match latest CDN changes
- devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade:
dangerous
- cmd/snap-failure,tests: try to make snap-failure more robust
- many: fix packages having mistakenly their copyright as doc
- many: enumerate system seeds, return them on the /v2/systems API
endpoint
- randutil: don't consume kernel entropy at init, just mix more info
to try to avoid fleet collisions
- snap-bootstrap: add creationSupported predicate for partition
types
- tests: umount partitions which are not umounted after remount
gadget
- snap: run gofmt -s
- many: improve environment handling, fixing duplicate entries
- boot_test: add many boot robustness tests for UC20 kernel
MarkBootSuccessul and SetNextBoot
- overlord: remove unneeded overlord.MockPruneInterval() mocks
- interfaces/greengrass-support: fix typo
- overlord,timings,daemon: separate timings from overlord/state
- tests: enable nested on core20 and test current branch
- snap-bootstrap: remove created partitions on reinstall
- boot: apply Go 1.10 formatting
- apparmor: use rw for uuidd request to default and remove from
elsewhere
- packaging: add README.source for debian
- tests: cleanup various uc20 boot tests from previous PR
- devicestate: disable cloud-init by default on uc20
- run-checks: tweak formatting checks
- packaging,tests: ensure debian-sid builds without vendor/
- travis.yml: run unit tests with go/master as well* travis.yml: run
unit tests with go/master as well
- seed: make Brand() part of the Seed interface
- cmd/snap-update-ns: ignore EROFS from rmdir/unlink
- daemon: do a forceful server shutdown if we hit a deadline
- tests/many: don't use StartLimitInterval anymore, unify snapd-
failover variants, build snapd snap for UC16 tests
- snap-seccomp: robustness improvements
- run-tests: disable -v for go test to avoid spaming the logs
- snap: whitelist lzo as support compression for snap pack
- snap: tweak comment in Install() for overlayfs detection
- many: introduce snapdenv.Preseeding instead of release.PreseedMode
- client, daemon, overlord/devicestate: structures and stubs for
systems API
- o/devicestate: delay the creation of mark-seeded task until
asserts are loaded
- data/selinux, tests/main/selinux: cleanup tmpfs operations in the
policy, updates
- interfaces/greengrass-support: add new 1.9 access
- snap: do not hardlink on overlayfs
- boot,image: ARM kernel extract prepare image
- interfaces: make gpio robust against not-existing gpios in /sys
- cmd/snap-preseed: handle --reset flag
- many: introduce snapdenv to present common snapd env options
- interfaces/kubernetes-support: allow autobind to journald socket
- snap-seccomp: allow mprotect() to unblock the tests
- tests/lib/reset: workaround unicode dot in systemctl output
- interfaces/udisks2: also allow Introspection on
/org/freedesktop/UDisks/**
- snap: introduce Container.RandomAccessFile
- o/ifacestate, api: implementation of snap disconnect --forget
- cmd/snap: make the portal-info command search for the network-
status interface
- interfaces: work around apparmor_parser slowness affecting uio
- tests: fix/improve failing spread tests
- many: clean separation of bootenv mocking vs mock bootloader kinds
- tests: mock prune ticker in overlord tests to reduce wait times
- travis: disable arm64 again
- httputil: add support for extra snapd certs
- travis.yml: run unit tests on arm64 as well
- many: fix a pair of ineffectual assignments
- tests: add uc20 kernel snap upgrade managers test, fix
bootloadertest bugs
- o/snapstate: set base in SnapSetup on snap revert
- interfaces/{docker,kubernetes}-support: updates for lastest k8s
- cmd/snap-exec: add test case for LP bug 1860369
- interfaces: make the network-status interface implicit on
classic
- interfaces: power control interfaceIt is documented in the
kernel
- interfaces: miscellaneous policy updates
- cmd/snap: add a "snap routine portal-info" command
- usersession/userd: add "apt" to the white list of URL schemes
handled by xdg-open
- interfaces/desktop: allow access to system prompter interface
- devicestate: allow encryption regardless of grade
- tests: run ipv6 network-retry test too
- tests: test that after "remove-user" the system is unmanaged
- snap-confine: unconditionally add /dev/net/tun to the device
cgroup
- snapcraft.yaml: use sudo -E and remove workaround
- interfaces/audio_playback: Fix pulseaudio config access
- ovelord/snapstate: update only system wide fonts cache
- wrappers: import /etc/environment in all services
- interfaces/u2f: Add Titan USB-C key
- overlord, taskrunner: exit on task/ensure error when preseeding
- tests: add session-tool, a su / sudo replacement
- wrappers: add mount unit dependency for snapd services on core
devices
- tests: just remove user when the system is not managed on create-
user-2 test
- snap-preseed: support for preseeding of snapd and core18
- boot: misc UC20 changes
- tests: adding arch-linux execution
- packaging: revert "work around review-tools and snap-confine"
- netlink: fix panic on arm64 with the new rawsockstop codewith a
nil Timeval panics
- spread, data/selinux: add CentOS 8, update policy
- tests: updating checks to new test account for snapd-test snaps
- spread.yaml: mv opensuse 15.1 to unstable
- cmd/snap-bootstrap,seed: verify only in-play snaps
- tests: use ipv4 in retry-network to unblock failing master
- data/systemd: improve the description
- client: add "Resume" to DownloadOptions and new test
- tests: enable snapd-failover on uc20
- tests: add more debug output to the snapd-failure handling
- o/devicestate: unset recovery_system when done seeding
* New upstream release, LP: #1864808
- spread.yaml: adding more workers for ubuntu 20.04
- packaging: stop depending on python-docutils on opensuse
- spread.yaml: do not run ubuntu-core-20-64 with snapd 2.44, snapd
is not recent enough to drive ubuntu-core-20
- spread.yaml: Preserve size for centos images on spread.yaml
- spread.yaml: use non-uefi enabled image for uc20
- tests: ensure $cache_dir is actually available
- tests: disable preseed tests, they work in master but require too
much cherry-picking here
- travis.yml: remove go/master unit tests from 2.44
* New upstream release, LP: #1864808
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- interfaces/firewall-control: allow -legacy and -nft for core20
- seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
syscalls
- tests: 16.04 and 18.04 now have mediating pulseaudio
- tests: ignore user@12345.service hierarchy
* New upstream release, LP: #1864808
- tests: fix racy pulseaudio tests
- many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
- tests: update snap-preseed --reset logic
- tests: backport partition fixes
- cmd/snap: don't wait for system key when stopping
- interfaces/many: miscellaneous policy updates xliv
- tests/main/uc20-snap-recovery: use 20.04 system
- tests: skip "/etc/machine-id" in "writablepaths
- interfaces/docker-support: add overlays file access
* New upstream release, LP: #1864808
- packaging: detect/disable broken seeds in the postinst
- cmd/snap,seed: validate full seeds (UC 16/18)
- snap: add `snap debug state --is-seeded` helper
- devicestate: generate warning if seeding fails
- store: support for search API v2
- cmd/snap-seccomp/syscalls: update the list of known syscalls
- snap/cmd: the model command needs just a client, no waitMixin
- tests: cleanup security-private-tmp properly
- wrappers: fix timer schedules that are days only
- tests: update proxy-no-core to match latest CDN changes
- cmd/snap-failure,tests: make snap-failure more robust
- tests, many: don't use StartLimitInterval anymore, unify snapd-
failover variants, build snapd snap for UC16 tests
* New upstream release, LP: #1864808
- randutil: switch back to setting up seed with lower entropy data
- interfaces/greengrass-support: fix typo
- packaging,tests: ensure debian-sid builds without vendor/
- travis.yml: run unit tests with go/master as well
- cmd/snap-update-ns: ignore EROFS from rmdir/unlink
* New upstream release, LP: #1864808
- daemon: do a forceful serer shutdown if we hit a deadline
- snap: whitelist lzo as support compression for snap pack
- data/selinux: update policy to allow more ops
- interfaces/greengrass-support: add new 1.9 access
- snap: do not hardlink on overlayfs
- cmd/snap-preseed: handle --reset flag
- interfaces/kubernetes-support: allow autobind to journald socket
- snap-seccomp: allow mprotect() to unblock the tests
- tests/lib/reset: workaround unicode dot in systemctl output
- interfaces: work around apparmor_parser slowness affecting uio
- interfaces/udisks2: also allow Introspection on
/org/freedesktop/UDisks2/**
- tests: mock prune ticker in overlord tests to reduce wait times
- interfaces/{docker,kubernetes}-support: updates for lastest k8s
- interfaces: miscellaneous policy updates
- interfaces/audio_playback: Fix pulseaudio config access
- overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
- ovelord/snapstate: update only system wide fonts cache
- wrappers: import /etc/environment in all services
- interfaces/u2f: Add Titan USB-C key
- overlord, taskrunner: exit on task/ensure error when preseeding
- overlord/snapstate/backend: update snapd services contents in unit
tests
- wrappers: add mount unit dependency for snapd services on core
devices
- Revert "tests: remove /tmp/snap.* left over by other tests"
- Revert "packaging: work around review-tools and snap-confine"
- netlink: fix panic on arm64 with the new rawsockstop code
- spread, data/selinux: add CentOS 8, update policy
- spread.yaml: mv opensuse tumbleweed to unstable too
- spread.yaml: mv opensuse 15.1 to unstable
- tests: use ipv4 in retry-network to unblock failing master
- data/systemd: improve the description
- tests/lib/prepare.sh: simplify, combine code paths
- tests/main/user-session-env: add test verifying environment
variables inside the user session
- spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
- run-checks: SKIP_GMFMT really skips formatting checks
- tests: enable more tests for UC20/UC18
- tests: remove tmp dir for snap not-test-snapd-sh on security-
private-tmp test
- seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
simplify bootstrap code
- snapstate: do not restart in undoLinkSnap unless on first install
- cmd/snap-bootstrap: subcommand to detect UC chooser trigger
- cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
mode too
- cmd/libsnap, tests: fix C unit tests failing as non-root
- cmd/snap-bootstrap: verify kernel snap is in modeenv before
mounting it
- tests: adding amazon linux to google backend
- cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
status
- client: add support for "ResumeToken", "HeaderPeek" to download
- build: enable type: snapd
- tests: rm -rf /tmp/snap.* in restore
- cmd/snap-confine: deny snap-confine to load nss libs
- snapcraft.yaml: add comments, rename snapd part to snapd-deb
- boot: write current_kernels in bootstate20, makebootable
- packaging: work around review-tools and snap-confine
- tests: skipping interfaces-openvswitch on centos due to package is
not available
- packaging,snap-confine: stop being setgid root
- cmd/snap-confine: bring /var/lib/dhcp from host, if present
- store: rely on CommandFromSystemSnap to find xdelta3
- tests: bump sleep time of the new overlord tests
- cmd/snap-preseed: snapd version check for the target
- netlink: fix/support stopping goroutines reading netlink raw
sockets
- tests: reset PS1 before possibly interactive dash
- overlord, state: don't abort changes if spawn time before
StartOfOperationTime (2/2)
- snapcraft.yaml: add python3-apt, tzdata as build-deps for the
snapd snap
- tests: ask tar to speak English
- tests: using google storage when downloading ubuntu cloud images
from gce
- Coverity produces false positives for code like this:
- many: maybe restart & security backend options
- o/standby: add SNAPD_STANDBY_WAIT to control standby in
development
- snap: use the actual staging snap-id for snapd
- cmd/snap-bootstrap: create a new parser instance
- snapcraft.yaml: use build-base and adopt-info, rm builddeb
plugin
- tests: set StartLimitInterval in snapd failover test
- tests: disable archlinux system
- tests: add preseed test for classic
- many, tests: integrate all preseed bits and add spread tests
- daemon: support resuming downloads
- tests: use Filename() instead of filepath.Base(sn.MountFile())
- tests/core: add swapfiles test
- interfaces/cpu-control: allow to control cpufreq tunables
- interfaces: use commonInteface for desktopInterface
- interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
location
- snap/info: add Filename
- bootloader: make uboot a RecoveryAwareBootloader
- gadget: skip update when mounted filesystem content is identical
- systemd: improve is-active check for 'failed' services
- boot: add current_kernels to modeenv
- o/devicestate: StartOfOperationTime helper for Prune (1/2)
- tests: detect LXD launching i386 containers
- tests: move main/ubuntu-core-* tests to core/ suite
- tests: remove snapd in ubuntu-core-snapd
- boot: enable base snap updates in bootstate20
- tests: Fix core revert channel after 2.43 has been released to
stable
- data/selinux: unify tabs/spaces
- o/ifacestate: move ResolveDisconnect to ifacestate
- spread: move centos to stable systems
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use in serial
acquire
- store: detect if server does not support http range headers
- test/lib/user: add helper lib for doing things for and as a user
- overlord/snapstate, wrappers: undo of snapd on core
- tests/main/interfaces-pulseaudio: use custom pulseaudio script,
set kill timeout
- store: add support for resume in DownloadStream
- cmd/snap: implement 'snap remove-user'
- overlord/devicestate: fix preseed unit tests on systems not using
/snap
- tests/main/static: ldd in glibc 2.31 logs to stderr now
- run-checks, travis: allow skipping spread jobs by adding a label
- tests: add new backend which includes images with tpm support
- boot: use constants for boot status values
- tests: add "core" suite for UC specific tests
- tests/lib/prepare: use a local copy of uc20 initramfs skeleton
- tests: retry mounting the udisk2 device due to timing issue
- usersession/client: add a client library for the user session
agent
- o/devicestate: Handle preseed mode in the firstboot mode (core16
only for now).
- boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
- cmd/snap-confine: detect base transitions on core16
- boot: don't use "kernel" from the modeenv anymore
- interfaces: add uio interface
- tests: repack the initramfs + kernel snap for UC20 spread tests
- interfaces/greengrass-support: add /dev/null ->
/proc/latency_stats mount
- httputil: remove workaround for redirect handling in go1.7
- httputil: remove go1.6 transport workaround
- snap: add `snap pack --compression=<comp>` options
- tests/lib/prepare: fix hardcoded loopback device names for UC
images
- timeutil: add a unit test case for trivial schedule
- randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
introduction
- dirs: variable with distros using alternate snap mount
- many,randutil: centralize and streamline our random value
generation
- tests/lib/prepare-restore: Revert "Continue on errors updating or
installing dependencies"
- daemon: Allow clients to call /v2/logout via Polkit
- dirs: manjaro-arm is like manjaro
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
- daemon, store: better expose single action errors
- tests: switch mount-ns test to differential data set
- snapstate: refactor things to add the re-refresh task last
- daemon: drop support for the DELETE method
- client: move to /v2/users; implement RemoveUser
- boot: enable UC20 kernel extraction and bootState20 handling
- interfaces/policy: enforce plug-names/slot-names constraints
- asserts: parse plug-names/slot-names constraints
- daemon: make users result more consistent
- cmd/snap-confine,tests: support x.y.z nvidia version
- dirs: fixlet for XdgRuntimeDirGlob
- boot: add bootloader options to coreKernel
- o/auth,daemon: do not remove unknown user
- tests: tweak and enable tests on ubuntu 20.04
- daemon: implement user removal
- cmd/snap-confine: allow snap-confine to link to libpcre2
- interfaces/builtin: Allow NotificationReplied signal on
org.freedesktop.Notifications
- overlord/auth: add RemoveUserByName
- client: move user-related things to their own files
- boot: tweak kernel cmdline helper docstring
- osutil: implement deluser
- gadget: skip update when raw structure content is unchanged
- boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
detection to boot
- tests: fix revisions leaking from snapd-refresh test
- daemon: refactor create-user to a user action & hide behind a flag
- osutil/tests: check there are no leftover symlinks with
AtomicSymlink
- grub: support atomically renaming kernel symlinks
- osutil: add helpers for creating symlinks and renaming in an
atomic manner
- tests: add marker tag for core 20 test failure
- tests: fix gadget-update-pc test leaking snaps
- tests: remove revision leaking from ubuntu-core-refresh
- tests: remove revision leaking from remodel-kernel
- tests: disable system-usernames test on core20
- travis, tests, run-checks: skip nakedret
- tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
- tests: update mount-ns test tables
- snap: disable auto-import in uc20 install-mode
- tests: add a command-chain service test
- tests: use test-snapd-upower instead of upower
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- spread.yaml: fix ubuntu 19.10 and 20.04 names
- debian: check embedded keys for snap-{bootstrap,preseed} too
- interfaces/apparmor: fix doc-comments, unnecessary code
- o/ifacestate,o/devicestatate: merge gadget-connect logic into
auto-connect
- bootloader: add ExtractedRunKernelImageBootloader interface,
implement in grub
- tests: add spread test for hook permissions
- cmd/snap-bootstrap: check device size before boostrapping and
produce a meaningful error
- cmd/snap: add ability to register "snap routine" commands
- tests: add a test demonstrating that snaps can't access the
session agent socket
- api: don't return connections referring to non-existing
plugs/slots
- interfaces: refactor path() from raw-volume into utils with
comments for old
- gitignore: ignore snap files
- tests: skip interfaces-network-manager on arm devices
- o/devicestate: do not create perfTimings if not needed inside
ensureSeed/Operational
- tests: add ubuntu 20.04 to the tests execution and remove
tumbleweed from unstable
- usersession: add systemd user instance service control to user
session agent
- cmd/snap: print full channel in 'snap list', 'snap info'
- tests: remove execution of ubuntu 19.04 from google backend
- cmd/snap-boostrap: add mocking for fakeroot
- tests/core18/snapd-failover: collect more debug info
- many: run black formatter on all python files
- overlord: increase settle timeout for slow machines
- httputil: use shorter timeout in TestRetryRequestTimeoutHandling
- store, o/snapstate: send default-tracks header, use
RedirectChannel
- overlord/standby: fix possible deadlock in standby test
- cmd/snap-discard-ns: fix pattern for .info files
- boot: add HasModeenv to Device
- devicestate: do not allow remodel between core20 models
- bootloader,snap: misc tweaks
- store, overlord/snapstate, etc: SnapAction now returns a []Result
- snap-bootstrap: create encrypted partition
- snap: remove "host" output from `snap version`
- tests: use snap remove --purge flag in most of the spread tests
- data/selinux, test/main/selinux-clean: update the test to cover
more scenarios
- many: drop NameAndRevision, use snap.PlaceInfo instead
- boot: split MakeBootable tests into their own file
- travis-ci: add go import path
- boot: split MakeBootable implementations into their own file
- tests: enable a lot of the tests of main on uc20
- packaging, tests: stop services in prerm
- tests: enable regression suite on core20
- overlord/snapstate: improve snapd snap backend link unit tests
- boot: implement SetNextBoot in terms of bootState.setNext
- wrappers: write and undo snapd services on core
- boot,o/devicestate: refactor MarkBootSuccessful over bootState
- snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
- snap-bootstrap: refactor partition creation
- tests: use new snapd.spread-tests-run-mode-tweaks.service unit
- tests: add core20 tests
- boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
use the information
- tests/main/snap-sign: add test for non-stdin signing
- snap-bootstrap: trigger udev after filesystem creation
- boot,overlord: introduce internal abstraction bootState and use it
for InUse/GetCurrentBoot
- overlord/snapstate: tracks are now sticky
- cmd: sign: add filename param
- tests: remove "test-snapd-tools" in smoke/sandbox on restore
- cmd/snap, daemon: stop over-normalising channels
- tests: fix classic-ubuntu-core-transition-two-cores after refactor
of MATCH -v
- packaging: ship var/lib/snapd/desktop/applications in the pkg
- spread: drop copr repo with F30 build dependencies
- tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
- tests: fix partition creation test
- tests: unify/rename services-related spread tests to start with
services- prefix
- test: extract code that modifies "writable" for test prep
- systemd: handle preseed mode
- snap-bootstrap: read only stdout when parsing the sfdisk json
- interfaces/browser-support: add more product/vendor paths
- boot: write compat UC16 bootvars in makeBootable20RunMode
- devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
- devicestate: request reboot after successful doSetupRunSystem()
- snapd.core-fixup.sh: do not run on UC20 at all
- tests: unmount automounted snap-bootstrap devices
- devicestate: run boot.MakeBootable in doSetupRunSystem
- boot: copy kernel/base to data partition in makeBootable20RunMode
- tests: also check nested lxd container
- run-checks: complain about MATCH -v
- boot: always return the trivial boot participant in ephemeral mode
- o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
- snap-bootstrap: append new partitions
- snap-bootstrap: mount filesystems after creation
- snapstate: do not try to detect rollback in ephemeral modes
- snap-bootstrap: trigger udev for new partitions
- cmd/snap-bootstrap: xxx todos about kernel cross-checks
- tests: avoid mask rsyslog service in case is not enabled on the
system
- tests: fix use of MATCH -v
- cmd/snap-preseed: update help strings
- cmd/snap-bootstrap: actually parse snapd_recovery_system label
- bootstrap: reduce runmode mounts from 5 to 2 steps.
- lkenv.go: adjust for new location of include file
- snap: improve squashfs.ReadFile() error
- systemd: fix uc20 shutdown
- boot: write modeenv when creating the run mode
- boot,image: add skeleton boot.makeBootable20RunMode
- cmd/snap-preseed: add snap-preseed executable
- overlord,boot: follow ups to #7889 and #7899
- interfaces/wayland: Add access to Xwayland's shm files
- o/hookstate/ctlcmd: fix command name in snapctl -h
- daemon,snap: remove screenshot deprecation notice
- overlord,o/snapstate: make sure we never leave config behind
- many: pass consistently boot.Device state to boot methods
- run-checks: check multiline string blocks in
restore/prepare/execute sections of spread tests
- intrefaces: login-session-control - added missing dbus commands
- tests/main/parallel-install-remove-after: parallel installs should
not break removal
- overlord/snapstate: tweak assumes error hint
- overlord: replace DeviceContext.OldModel with GroundContext
- devicestate: use httputil.ShouldRetryError() in
prepareSerialRequest
- tests: replace "test-snapd-base-bare" with real "bare" base snap
- many: pass a Model to the gadget info reading functions
- snapstate: relax gadget constraints in ConfigDefaults Et al.
- devicestate: only run ensureBootOk() in "run" mode
- tests/many: quiet lxc launching, file pushing
- tests: disable apt-hooks test until it can be properly fixed
- tests: 16.04 and 18.04 now have mediating pulseaudio
* New upstream release, LP: #1856159
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use
in serial acquire
- interfaces: add uio interface
- interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to
start due to apparmor deny on mounting of "/proc/latency_stats".
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
* New upstream release, LP: #1856159
- cmd/snap-confine: Revert #7421 (unmount /writable from snap view)
- overlord/snapstate: fix for re-refresh bug
- tests, run-checks, many: fix nakedret issues
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- tests: use test-snapd-upower instead of upower
- overlord: increase overall settle timeout for slow arm boards
* New upstream release, LP: #1856159
- devicestate: use httputil.ShouldRetryError() in prepareSerialRequest
- overlord/standby: fix possible deadlock in standby test
- cmd/snap-discard-ns: fix pattern for .info files
- overlord,o/snapstate: make sure we never leave config behind
- data/selinux: update policy to cover more cases
- snap: remove "host" output from `snap version`
* New upstream release, LP: #1856159
- snap: default to "--direct" in `snap known`
- packaging: ship var/lib/snapd/desktop/applications in the
pkg
- tests: cherry-pick fixes for snap-set-core-config/ubuntu-core-
config-defaults-once
- tests: use test-snapd-sh snap instead of test-snapd-tools
- tests: rename "test-snapd-sh" in smoke test to test-snapd-sandbox
- tests: fix partition creation test
- packaging: fix incorrect changelog entry
- Revert "tests: 16.04 and 18.04 now have mediating pulseaudio"
- tests: 16.04 and 18.04 now have mediating pulseaudio
- interfaces: include hooks in plug/slot apparmor label
- interfaces: add raw-volume interface for access to partitions
- image: set recovery system label when creating the image
- cmd/snapd-generator: fix unit name for non /snap mount locations
- boot,bootloader: setup the snap recovery system bootenv
- seed: support ModeSnaps(mode) for mode != "run"
- seed: fix seed location of local but asserted snaps
- doc: HACKING.md change autopkgtest-trusty-amd64.img name
- interfaces/seccomp: parallelize seccomp backend setup
- cmd/snap-bootstrap: mount ubuntu-data tmpfs, in one go with kernel
& base
- interfaces: add audio-playback/record and pulseaudio spread tests
- apparmor: allow 'r'
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size
- cmd/snap-mgmt, packaging/postrm: stop and remove socket units when
purging
- tests: use test-snapd-sh snap instead of test-snapd-tools
- snap-confine: raise egid before calling setup_private_mount()
- tests: fix fwupd version regular expression
- snap-bootstrap: parse seed if either kernel or base are not
mounted
- tests: check for SELinux denials in interfaces-kvm spread test
- tests: run snap-set-core-config on all core devices
- selinux: update policy to allow modifications related to kmod
backend
- o/hookstate/ctlcmd: snapctl is-connected command
- devicestate: add missing test for failing task setup-run-system
- gadget: add missing test for duplicate detection of roles
- tests/cmd/snapctl: unset SNAP_CONTEXT for the suite
- snap/pack, cmd_pack: 'snap pack --check-skeleton' checks
interfaces
- gitignore: ignore visual studio code directory
- snap-bootstrap: implement "run" mode in snap-bootstrap initramfs-
mounts
- interfaces/apparmor: handle pre-seeding mode
- devicestate: implement creating partitions in "install" mode
- seed: support extra snaps on top of Core 20 dangerous models
- tests: cache snaps also for ubuntu core and add new snaps to cache
- snap-bootstrap: support auto-detect device in create-partitions
- tests: fix partitioning test debug message
- tests: prevent partitioning test errors
- cmd/snap-bootstrap: stub out snap.SanitizePlugsSlots for real
- gadget: extract and export new DiskFromPartition() helper
- snap-bootstrap: force partition table operations
- HACKING.md: add nvidia options to configure example
- tests: move the watchdog timeout to 2s to make the tests work in
rpi
- tests: demand silence from check_journalctl_log
- tests: fix the channels checks done on nested tests
- tests: reduce the complexity of the test-snapd-sh snap
- snap/squashfs, osutil: verify files/dirs can be accessed by
mksquashfs when building a snap
- boot: add boot.Modeenv.Kernel support
- devicestate: ensure system installation
- tests: apply change on permissions to serial port on hotplug test
- cmd/snap-update-ns: adjust debugging output for usability
- devicestate: add reading of modeenv to uc20 firstboot code
- tests/lib/prepare: drop workarounds for rpmbuild rewriting /bin/sh
- cmd/snap-bootstrap: write /var/lib/snapd/modeenv to the right
place
- boot: add boot.Modeenv.Base support
- overlord/snapstate: install task edges
- cmd/snap-bootstrap: some small naming and code org tweaks
- snap-bootstrap: remove SNAPPY_TESTING check, we use it for real
now
- interfaces: remove leftover reservedForOS
- snap-bootstrap: write /run/mnt/ubuntu-data/var/lib/snapd/modeenv
- osutil/mount: optimize flagOptSearch some more
- devicestate: read modeenv early and store in devicestate
- interfaces: add login-session-observe for who, {fail,last}log and
loginctl
- tests: add Ubuntu Eoan to google-sru backend
- osutil/mount: de-duplicate code to use a list
- interfaces: remove reservedForOS from commonInterface
- interfaces/browser-support: allow reading status of huge pages
- interfaces: update system-backup tests to not check for sanitize
errors related to os
- interfaces: add system-backup interface
- osutil/mount: add {Unm,M}outFlagsToOpts helpers
- snap-bootstrap: make cmdline parsing robust
- overlord/patch: normalize tracking channel in state
- boot: add boot.Modeenv that can read/write the UC20 modeenv files
- bootloader: add new bootloader.InstallBootConfig()
- many: share single implementation to list needed default-providers
- snap-bootstrap: implement "snap-bootstrap initramfs-mounts"
- seccomp: allow chown 'snap_daemon:root' and 'root:snap_daemon'
- osutil: handle "rw" mount flag in ParseMountEntry
- overlord/ifacestate: report bad plug/slots with warnings on snap
install
- po: sync translations from launchpad
- tests: cleanup most test snaps icons, they were anyway in the
wrong place
- seed: fix confusing pre snapd dates in tests
- many: make ValidateBasesAndProviders signature simpler/canonical
- snap-bootstrap: set expected filesystem labels
- testutil, many: make MockCommand() create prefix of absolute paths
- tests: improve TestDoPrereqRetryWhenBaseInFlight to fix occasional
flakiness.
- seed: proper support for optional snaps for Core 20 models
- many: test various kinds of overriding for the snapd snap in Core
20
- cmd/snap-failure: passthrough snapd logs, add informational
logging
- cmd/snap-failure: fallback to snapd from core, extend tests
- configcore: fix missing error propagation
- devicestate: rename ensureSeedYaml -> ensureSeeded
- tests: adding fedora 31
- tests: restart the snapd service in the snapd-failover test
- seed: Core 20 seeds channel overrides support for grade dangerous
- cmd: fix the get command help message
- tests: enable degraded test on arch linux after latest image
updates
- overlord/snapstate: don't re-enable and start disabled services on
refresh, etc.
- seed: support in Core 20 seeds local unasserted snaps for model
snaps
- snap-bootstrap: add go-flags cmdline parsing and tests
- gadget: skip fakeroot if not needed
- overlord/state: panic in MarkEdge() if task is nil
- spread: fix typo in spread suite
- overlord: mock device serial in gadget remodel unit tests
- tests: fix spread shellcheck and degraded tests to unbreak master
- spread, tests: openSUSE Tumbleweed to unstable systems, update
system-usernames on Amazon Linux 2
- snap: extract printInstallHint in cmd_download.go
- cmd: fix a pair of typos
- release: preseed mode flag
- cmd/snap-confine: tracking processes with classic confinement
- overlord/ifacestate: remove automatic connections if plug/slot
missing
- o/ifacestate,interfaces,interfaces/policy: slots-per-plug: *
- tests/lib/state: snapshot and restore /var/snap during the tests
- overlord: add base->base remodel undo tests and fixes
- seed: test and improve Core 20 seed handling errors
- asserts: add "snapd" type to valid types in the model assertion
- snap-bootstrap: check gadget versus disk partitions
- devicestate: add support for gadget->gadget remodel
- snap/snapenv: preserve XDG_RUNTIME_DIR for classic confinement
- daemon: parse and reject invalid channels in snap ops
- overlord: add kernel remodel undo tests and fix undo
- cmd/snap: support (but warn) using deprecated multi-slash channel
- overlord: refactor mgrsSuite and extract kernelSuite
- tests/docker-smoke: add minimal docker smoke test
- interfaces: extend the fwupd slot to be implicit on classic
- cmd/snap: make 'snap list' shorten latest/$RISK to $RISK
- tests: fix for journalctl which is failing to restart
- cmd/snap,image: initial support for Core 20 in prepare-image with
test
- cmd/snap-confine: add support for parallel instances of classic
snaps, global mount ns initialization
- overlord: add kernel rollback across reboots manager test and
fixes
- o/devicestate: the basics of Core 20 firstboot support with test
- asserts: support and parsing for slots-per-plug/plugs-per-slotSee
https://forum.snapcraft.io/t/plug-slot-declaration-rules-greedy-
plugs/12438
- parts/plugins: don't xz-compress a deb we're going to discard
- cmd/snap: make completion skip hidden commands (unless overridden)
- many: load/consume Core 20 seeds (aka recovery systems)
- tests: add netplan test on ubuntu core
- seed/internal: doc comment fix and drop handled TODOs
- o/ifacestate: unify code into
autoConnectChecker.addAutoConnectionsneed to change to support
slots-per-plugs: *
- many: changes to testing in preparation of Core 20 seed consuming
code
- snapstate,devicestate: make OldModel() available in DeviceContext
- tests: opensuse tumbleweed has similar issue than arch linux with
snap --strace
- client,daemon: pass sha3-384 in /v2/download to the client
- builtin/browser_support.go: allow monitoring process memory
utilization (used by chromium)
- overlord/ifacestate: use SetupMany in setupSecurityByBackend
- tests: add 14.04 canonical-livepatch test
- snap: make `snap known --remote` use snapd if available
- seed: share auxInfo20 and makeSystemSnap via internal
- spread: disable secondary compression for deltas
- interfaces/content: workaround for renamed target
- tests/lib/gendevmodel: helper tool for generating developer model
assertions
- tests: tweak wording in mount-ns test
- tests: don't depend on GNU time
- o/snapstate, etc: SnapState.Channel -> TrackingChannel, and a
setter
- seed/seedwriter: support writing Core 20 seeds (aka recovery
systems)
- snap-recovery: rename to "snap-bootstrap"
- managers: add remodel undo test for new required snaps case
- client: add xerrors and wrap errors coming from "client"
- tests: verify host is not affected by mount-ns tests
- tests: configure the journald service for core systems
- cmd/snap, store: include snapcraft.io page URL in snap info output
- cmd/cmdutil: version helper
- spread: enable bboozzoo/snapd-devel-deps COPR repo for getting
golang-x-xerrors
- interfaces: simplify AddUpdateNS and emit
- interfaces/policy: expand cstrs/cstrs1 to
altConstraints/constraints
- overlord/devicestate: check snap handler for gadget remodel
compatibility
- snap-recovery: deploy gadget content when creating partitions
- gadget: skip structures with MBR role during remodel
- tests: do not use lsblk in uc20-snap-recovery test
- overlord/snapstate: add LastActiveDisabledServices,
missingDisabledServices
- overlord/devicestate: refactor and split into per-functionality
files, drop dead code
- tests: update mount-ns after addition of /etc/systemd/user
- interfaces/pulseaudio: adjust to manually connect by default
- interfaces/u2f-devices: add OnlyKey to devices list
- interfaces: emit update-ns snippets to function
- interfaces/net-setup-{observe,control}: add Info D-Bus method
accesses
- tests: moving ubuntu-19.10-64 from google-unstable to google
backend
- gadget: rename existing and add new helpers for checking
filesystem/partition presence
- gadget, overlord/devicestate: add support for customized update
policy, add remodel policy
- snap-recovery: create filesystems as defined in the gadget
- tests: ignore directories for go modules
- policy: implement CanRemove policy for the snapd type
- overlord/snapstate: skip catalog refresh if unseeded
- strutil: add OrderedSet
- snap-recovery: add minimal binary so that we can use spread on it
- gadget, snap/pack: perform extended validation of gadget metadata
and contents
- timeutil: fix schedules with ambiguous nth weekday spans
- interfaces/many: allow k8s/systemd-run to mount volume subPaths
plus cleanups
- client: add KnownOptions to Know() and support remote assertions
- tests: check the apparmor_parser when the file exists on snap-
confine test
- gadget: helper for volume compatibility checks
- tests: update snap logs to match for multiple lines for "running"
- overlord: add checks for bootvars in
TestRemodelSwitchToDifferentKernel
- snap-install: add ext4,vfat creation support
- snap-recovery: remove "usedPartitions" from sfdisk.Create()
- image,seed: hide Seed16/Snap16, use seed.Open in image_test.go
- cmd/snap: Sort tasks in snap debug timings output by lanes and
ready-time.
- snap-confine.apparmor.in: harden pivot_root until we have full
mediation
- gadget: refactor ensureVolumeConsistency
- gadget: add a public helper for parsing gadget metadata
- many: address issues related to explicit/implicit channels for
image building
- overlord/many: switch order of check snap parameters
- cmd/snap-confine: remove leftover condition from capability world
- overlord: set fake serial in TestRemodelSwitchToDifferentKernel
- overlord/many: extend check snap callback to take snap container
- recovery-tool: add sfdisk wrapper
- tests: launch the lxd images following the pattern
ubuntu:${VERSION_ID}
- sandbox/cgroup: move freeze/thaw code
- gadget: accept system-seed role and ubuntu-data label
- test/lib/names.sh: make backslash escaping explicit
- spread: generate delta when using google backend
- cmd/snap-confine: remove loads of dead code
- boot,dirs,image: various refinements in the prepare-image code
switched to seedwriter
- spread: include mounts list in task debug output
- .gitignore: pair of trivial changes
- image,seed/seedwriter: switch image to use seedwriter.Writer
- asserts: introduce explicit support for grade for Core 20 models
- usersession: drive by fixes for things flagged by unused or
gosimple
- spread.yaml: exclude vendor dir
- sandbox/cgroup, overlord/snapstate: move helper for listing pids
in group to the cgroup package
- sandbox/cgroup: refactor process cgroup helper to support v2 and
named hierarchies
- snap-repair: error if run as non-root
- snap: when running `snap repair` without arguments, show hint
- interfaces: add cgroup-version to system-key
- snap-repair: add missing check in TestRepairBasicRun
- tests: use `snap model` instead of `snap known model` in tests
- daemon: make /v2/download take snapRevisionOptions
- snap-repair: add additional comment about trust in runner.Verify()
- client: add support to use the new "download" API
- interfaces: bump system-key version (and keep on bumping)
- interfaces/mount: account for cgroup version when reporting
supported features
- tests: change regex to validate access to cdn during snap
download
- daemon: change /v2/download API to take "snap-name" as input
- release: make forced dev mode look at cgroupv2 support
- seed/seedwriter: support for extra snaps
- wrappers/services.go: add disabled svc list arg to AddSnapServices
- overlord/snapstate: add SetTaskSnapSetup helper + unit tests
- cmd/libsnap: use cgroup.procs instead of tasks
- tests: fix snapd-failover test for core18 tests on boards
- overlord/snapstate/policy, etc: introduce policy, move canRemove
to it
- seed/seedwriter: cleanups and small left over todos* drive-by: use
testutil.FilePresent consistently
- cmd/snap: update 'snap find' help because it's no longer narrow
- seed/seedwriter,snap/naming: support classic models
- cmd/snap-confine: unmount /writable from snap view
- spread.yaml: exclude automake cacheThe error message is looks like
this:dpkg-source: info: local changes detected, the modified files
are:
- interfaces/openvswitch: allow access to other openvswitch sockets
- cmd/model: don't show model with display-name inline w/ opts
- daemon: add a 'prune' debug action
- client: add doTimeout to http.Client{Timeout}
- interfaces/seccomp: query apparmor sandbox helper rather than
aggregate info
- sandbox/cgroup: avoid dependency on dirs
- seed/seedwriter,snap: support local snaps
- overlord/snapstate: fix undo on firstboot seeding.
- usersession: track connections to session agent for exit on idle
and peer credential checks
- tests: fix ubuntu-core-device-reg test for arm devices on core18
- sandbox/seccomp: move the remaining sandbox bits to a
corresponding sandbox package
- osutil: generalize SyncDir with FileState interface
- daemon, client, cmd/snap: include architecture in 'snap version'
- daemon: allow /v2/assertions/{assertType} to query store
- gadget: do not fail the update when old gadget snap is missing
bare content
- sandbox/selinux: move SELinux related bits from 'release' to
'sandbox/selinux'
- tests: add unit test for gadget defaults with a multiline string
- overlord/snapstate: have more context in the errors about
prerequisites
- httputil: set user agent for CONNECT
- seed/seedwriter: resolve channels using channel.Resolve* for snaps
- run-checks: allow overriding gofmt binary, show gofmt diff
- asserts,seed/seedwriter: follow snap type sorting in the model
assertion snap listings
- daemon: return "snapname_rev.snap" style when using /v2/download
- tests: when the backend is external skip the loop waiting for snap
version
- many: move AppArmor probing code under sandbox/apparmor
- cmd: add `snap debug boot-vars` that dumps the current bootvars
- tests: skip the ubuntu-core-upgrade on arm devices on core18
- seed/seedwriter: implement WriteMeta and tree16 corresponding code
- interfaces/docker-support,kubernetes-support: misc updates for
strict k8s
- tests: restart the journald service while preparing the test
- tests/cmd/debug_state: make the test output TZ independent
- interfaces/kubernetes-support: allow use of /run/flannel
- seed/seedwriter: start of Writer and internal policy16/tree16
- sandbox/cgroup, usersession/userd: move cgroup related helper to a
dedicated package
- tests: move "centos-7" to unstable systems
- snapstate: add missing tests for checkGadgetOrKernel
- docs: Update README.md
- snapcraft: set license to GPL-3.0
- interfaces/wayland: allow a confined server running in a user
session to work with Qt, GTK3 & SDL2 clients
- selinux: move the package under sandbox/selinux
- interfaces/udev: account for cgroup version when reporting
supported features
- store, ..., client: add a "website" field
- sanity: sanity check cgroup probing
- snapstate: increase settleTimeout in
TestRemodelSwitchToDifferentKernel
- packaging: remove obsolete usr.lib.snapd.snap-confine in postinst
- data/selinux: allow snapd/snap to do statfs() on the cgroup
mountpoint
- usersession/userd: make sure to export DBus interfaces before
requesting a name
- data/selinux: allow snapd to issue sigkill to journalctl
- docs: Add Code of Conduct
- store: download propagates options to delta download
- tests/main/listing: account for dots in ~pre suffix
* New upstream release, LP: #1853244
- snap-confine: revert, with comment, explicit unix deny for nested
lxd
- Disable mount-ns test on 16.04. It is too flaky currently.
* New upstream release, LP: #1853244
- overlord/snapstate: make sure configuration defaults are applied
only once
* New upstream release, LP: #1853244
- overlord/snapstate: pick up system defaults when seeding the snapd
snap
- cmd/snap-update-ns: fix overlapping, nested writable mimic
handling
- interfaces: misc updates for u2f-devices, browser-support,
hardware-observe, et al
- tests: reset failing "fwupd-refresh.service" if needed
- tests/main/gadget-update-pc: use a program to modify gadget yaml
- snap-confine: suppress noisy classic snap file_inherit denials
* New upstream release, LP: #1853244
- interfaces/lxd-support: Fix on core18
- tests/main/system-usernames: Amazon Linux 2 comes with libseccomp
2.4.1 now
- snap-seccomp: add missing clock_getres_time64
- cmd/snap-seccomp/syscalls: update the list of known
syscalls
- sandbox/seccomp: accept build ID generated by Go toolchain
- interfaces: allow access to ovs bridge sockets
* New upstream release, LP: #1846181
- interfaces: de-duplicate emitted update-ns profiles
- packaging: tweak handling of usr.lib.snapd.snap-confine
- interfaces: allow introspecting network-manager on core
- tests/main/interfaces-contacts-service: disable on openSUSE
Tumbleweed
- tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
- snap: fix default-provider in seed validation
- tests: update system-usernames test now that opensuse-15.1 works
- overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
- gadget: rename "boot{select,img}" -> system-boot-{select,image}
- tests: listing test, make accepted snapd/core versions consistent
* New upstream release, LP: #1846181
- tests: disable {contacts,calendar}-service tests on debian-sid
- tests/main/snap-run: disable strace test cases on Arch
- cmd/system-shutdown: include correct prototype for die
- snap/naming: add test for hook name connect-plug-i2c
- cmd/snap-confine: allow digits in hook names
- gadget: do not fail the update when old gadget snap is missing
bare content
- tests: disable {contacts,calendar}-service tests on Arch Linux
- tests: move "centos-7" to unstable systems
- interfaces/docker-support,kubernetes-support: misc updates for
strict k8s
- packaging: remove obsolete usr.lib.snapd.snap-confine in
postinst
- tests: add test that ensures our snapfuse binary actually works
- packaging: use snapfuse_ll to speed up snapfuse performance
- usersession/userd: make sure to export DBus interfaces before
requesting a name
- data/selinux: allow snapd to issue sigkill to journalctl
- store: download propagates options to delta download
- wrappers: allow snaps to install icon theme icons
- debug: state-inspect debugging utility
- sandbox/cgroup: introduce cgroup wrappers package
- snap-confine: fix return value checks for udev functions
- cmd/model: output tweaks, add'l tests
- wrappers/services: add ServicesEnableState + unit tests
- tests: fix newline and wrong test name pointed out in previous PRs
- tests: extend mount-ns test to handle mimics
- run-checks, tests/main/go: allow gofmt checks to be skipped on
19.10
- tests/main/interfaces-{calendar,contacts}-service: disable on
19.10
- tests: part3 making tests work on ubuntu-core-18
- tests: fix interfaces-timeserver-control on 19.10
- overlord/snapstate: config revision code cleanup and extra tests
- devicestate: allow remodel to different kernels
- overlord,daemon: adjust startup timeout via EXTEND_TIMEOUT_USEC
using an estimate
- tests/main/many: increase kill-timeout to 5m
- interfaces/kubernetes-support: allow systemd-run to ptrace read
unconfined
- snapstate: auto transition on experimental.snapd-snap=true
- tests: retry checking until the written file on desktop-portal-
filechooser
- tests: unit test for a refresh failing on configure hook
- tests: remove mount_id and parent_id from mount-ns test data
- tests: move classic-ubuntu-core-transition* to nightly
- tests/mountinfo-tool: proper formatting of opt_fields
- overlord/configstate: special-case "null" in transaction Changes()
- snap-confine: fallback gracefully on a cgroup v2 only system
- tests: debian sid now ships new seccomp, adjust tests
- tests: explicitly restore after using LXD
- snapstate: make progress reporting less granular
- bootloader: little kernel support
- fixme: rename ubuntu*architectures to dpkg*architectures
- tests: run dbus-launch inside a systemd unit
- channel: introduce Resolve and ResolveLocked
- tests: run failing tests on ubuntu eoan due to is now set as
unstable
- systemd: detach rather than unmount .mount units
- cmd/snap-confine: add unit tests for sc_invocation, cleanup memory
leaks in tests
- boot,dirs,image: introduce boot.MakeBootable, use it in image
instead of ad hoc code
- cmd/snap-update-ns: clarify sharing comment
- tests/overlord/snapstate: refactor for cleaner test failures
- cmd/snap-update-ns: don't propagate detaching changes
- interfaces: allow reading mutter Xauthority file
- cmd/snap-confine: fix /snap duplication in legacy mode
- tests: fix mountinfo-tool filtering when used with rewriting
- seed,image,o/devicestate: extract seed loading to seed/seed16.go
- many: pass the rootdir and options to bootloader.Find
- tests: part5 making tests work on ubuntu-core-18
- cmd/snap-confine: keep track of snap instance name and the snap
name
- cmd: unify die() across C programs
- tests: add functions to make an abstraction for the snaps
- packaging/fedora, tests/lib/prepare-restore: helper tool for
packing sources for RPM
- cmd/snap: improve help and error msg for snapshot commands
- hookstate/ctlcmd: fix snapctl set help message
- cmd/snap: don't append / to snap name just because a dir exists
- tests: support fastly-global.cdn.snapcraft.io url on proxy-no-core
test
- tests: add --quiet switch to retry-tool
- tests: add unstable stage for travis execution
- tests: disable interfaces-timeserver-control on 19.10
- tests: don't guess in is_classic_confinement_supported
- boot, etc: simplify BootParticipant (etc) usage
- tests: verify retry-tool not retrying missing commands
- tests: rewrite "retry" command as retry-tool
- tests: move debug section after restore
- cmd/libsnap-confine-private, cmd/s-c: use constants for
snap/instance name lengths
- tests: measure behavior of the device cgroup
- boot, bootloader, o/devicestate: boot env manip goes in boot
- tests: enabling ubuntu 19.10-64 on spread.yaml
- tests: fix ephemeral mount table in left over by prepare
- tests: add version-tool for comparing versions
- cmd/libsnap: make feature flag enum 1<<N style
- many: refactor boot/boottest and move to bootloader/bootloadertest
- tests/cross/go-build: use go list rather than shell trickery
- HACKING.md: clarify where "make fmt" is needed
- osutil: make flock test more robust
- features, overlord: make parallel-installs exported, export flags
on startup
- overlord/devicestate: support the device service returning a
stream of assertions
- many: add snap model command, add /v2/model, /v2/model/serial REST
APIs
- debian: set GOCACHE dir during build to fix FTBFS on eoan
- boot, etc.: refactor boot to have a lookup with different imps
- many: add the start of Core 20 extensions support to the model
assertion
- overlord/snapstate: revert track-risk behavior change and
validation on install
- cmd/snap,image,seed: move image.ValidateSeed to
seed.ValidateFromYaml
- image,o/devicestate,seed: oops, make sure to clear seedtest
helpers
- tests/main/snap-info: update check.py for test-snapd-tools 2.0
- tests: moving tests to nightly suite
- overlord/devicestate,seed: small step, introduce
seed.LoadAssertions and use it from firstboot
- snapstate: add comment to checkVersion vs strutil.VersionCompare
- tests: add unit tests for cmd_whoami
- tests: add debug section to interfaces-contacts-service
- many: introduce package seed and seedtest
- interfaces/bluez: enable communication between bluetoothd and
meshd via dbus
- cmd/snap: fix snap switch message
- overlord/snapstate: check channel names on install
- tests: check snap_daemon user and group on system-usernames-
illegal test are not created
- cmd/snap-confine: fix group and permission of .info files
- gadget: do not error on gadget refreshes with multiple volumes
- snap: use deterministic paths to find the built deb
- tests: just build snapd commands on go-build test
- tests: re-enable mount-ns test on classic
- tests: rename fuse_support to fuse-support
- tests: move restore-project-each code to existing function
- tests: simplify interfaces-account-control test
- i18n, vendor, packaging: drop github.com/ojii/gettext.go, use
github.com/snapcore/go-gettext
- tests: always say 'restore: |'
- tests: new test to check the output after refreshing/reverting
core
- snapstate: validate all system-usernames before creating them
- tests: fix system version check on listing test for external
backend
- tests: add check for snap_daemon user/group
- tests: don't look for lxcfs in mountinfo
- tests: adding support for arm devices on ubuntu-core-device-reg
test
- snap: explicitly forbid trying to parallel install from seed
- tests: remove trailing spaces from shell scripts
- tests: remove locally installed revisions of core
- tests: fix removal of snaps on ubuntu-core
- interfaces: support Tegra display drivers
- tests: move interfaces-contacts-service to /tmp
- interfaces/network-manager: allow using
org.freedesktop.DBus.ObjectManager
- tests: restore dpkg selections after upgrade-from-2.15 test
- tests: pass --remove to userdel on core
- snap/naming: simplify SnapSet somewhat
- devicestate/firstboot: check for missing bases early
- httputil: rework protocol error detection
- tests: unmount fuse connections only if not initially mounted
- snap: prevent duplicated snap name and snap files when parsing
seed.yaml
- tests: re-implement user tool in python
- image: improve/tweak some warning/error messages
- cmd/libsnap-confine-private: add checks for parallel instances
feature flag
- tests: wait_for_service shows status after actual first minute
- sanity: report proper errror when fuse is needed but not available
- snap/naming: introduce SnapRef, Snap, and SnapSet
- image: support prepare-image --classic for snapd snap only
imagesConsequently:
- tests/main/mount-ns: account for clone_children in cpuset cgroup
on 18.04
- many: merging asserts.Batch Precheck with CommitTo and other
clarifications
- devicestate: add missing test for remodeling possibly removing
required flag
- tests: use user-tool to remove test user in the non-home test
- overlord/configstate: sort patch keys to have deterministic order
with snap set
- many: generalize assertstate.Batch to asserts.Batch, have
assertstate.AddBatch
- gadget, overlord/devicestate: rename Position/Layout
- store, image, cmd: make 'snap download' leave partials
- httputil: improve http2 PROTOCOL_ERROR detection
- tests: add new "user-tool" helper and use in system-user tests
- tests: clean up after NFS tests
- ifacestate: optimize auto-connect by setting profiles once after
all connects
- hookstate/ctlcmd: snapctl unset command
- tests: allow test user XDG_RUNTIME_DIR to phase out
- tests: cleanup "snap_daemon" user in system-usernames-install-
twice
- cmd/snap-mgmt: set +x on startup
- interfaces/wayland,x11: allow reading an Xwayland Xauth file
- many: move channel parsing to snap/channel
- check-pr-title.py: allow {} in pr prefix
- tests: spam test logs less while waiting for systemd unit to stop
- tests: remove redundant activation check for snapd.socket
snapd.service
- tests: trivial snapctl test cleanup
- tests: ubuntu 18.10 removed from the google-sru backend on the
spread.yaml
- tests: add new cases into arch_test
- tests: clean user and group for test system-usernames-install-
twice
- interfaces: k8s worker node updates
- asserts: move Model to its own model.go
- tests: unmount binfmt_misc on cleanup
- tests: restore nsdelegate clobbered by LXD
- cmd/snap: fix snap unset help string
- tests: unmount fusectl after testing
- cmd/snap: fix remote snap info for parallel installed snaps
* New upstream release, LP: #1840740
- overlord/snapstate: revert track-risk behavior
- tests: fix snap info test
- httputil: rework protocol error detection
- gadget: do not error on gadget refreshes with multiple volumes
- i18n, vendor, packaging: drop github.com/ojii/gettext.go, use
github.com/snapcore/go-gettext
- snapstate: validate all system-usernames before creating them
- mkversion.sh: fix version from git checkouts
- interfaces/network-{control,manager}: allow 'k' on
/run/resolvconf/**
- interfaces/wayland,x11: allow reading an Xwayland Xauth file
- interfaces: k8s worker node updates
- debian: re-enable systemd environment generator
- many: create system-usernames user/group if both don't exist
- packaging: fix symlink for snapd.session-agent.socket
- tests: change cgroups so that LXD doesn't have to
- interfaces/network-setup-control: allow dbus netplan apply
messages
- tests: add /var/cache/snapd to the snapd state to prevent error on
the store
- tests: add test for services disabled during refresh hook
- many: simpler access to snap-seccomp version-info
- snap: cleanup some tests, clarify some errorsThis is a follow up
from work on system usernames:
- osutil: add osutil.Find{Uid,Gid}
- tests: use a different archive based on the spread backend on go-
build test
- cmd/snap-update-ns: fix pair of bugs affecting refresh of snap
with layouts
- overlord/devicestate: detect clashing concurrent (ongoing, just
finished) remodels or changes
- interfaces/docker-support: declare controls-device-cgroup
- packaging: fix removal of old apparmor profile
- store: use track/risk for "channel" name when parsing store
details
- many: allow 'system-usernames' with libseccomp > 2.4 and golang-
seccomp > 0.9.0
- overlord/devicestate, tests: use gadget.Update() proper, spread
test
- overlord/configstate/configcore: allow setting start_x=1 to enable
CSI camera on RPi
- interfaces: remove BeforePrepareSlot from commonInterface
- many: support system-usernames for 'snap_daemon' user
- overlord/devicestate,o/snapstate: queue service commands before
mark-seeded and other final tasks
- interfaces/mount: discard mount ns on backend Remove
- packaging/fedora: build on RHEL8
- overlord/devicestate: support seeding a classic system with the
snapd snap and no core
- interfaces: fix test failure in gpio_control_test
- interfaces, policy: remove sanitize helpers and use minimal policy
check
- packaging: use %systemd_user_* macros to enable session agent
socket according to presets
- snapstate, store: handle 429s on catalog refresh a little bit
better
- tests: part4 making tests work on ubuntu-core-18
- many: drop snap.ReadGadgetInfo wrapper
- xdgopenproxy: update test API to match upstream
- tests: show why sbuild failed
- data/selinux: allow mandb_t to search /var/lib/snapd
- tests: be less verbose when checking service status
- tests: set sbuild test as manual
- overlord: DeviceCtx must find the remodel context for a remodel
change
- tests: use snap info --verbose to check for base
- sanity: unmount squashfs with --lazy
- overlord/snapstate: keep current track if only risk is specified
- interfaces/firewall-control: support nft routing expressions and
device groups
- gadget: support for writing symlinks
- tests: mountinfo-tool fail if there are no matches
- tests: sync journal log before start the test
- cmd/snap, data/completion: improve completion for 'snap debug'
- httputil: retry for http2 PROTOCOL_ERROR
- Errata commit: pulseaudio still auto-connects on classic
- interfaces/misc: updates for k8s 1.15 (and greengrass test)
- tests: set GOTRACEBACK=1 when running tests
- cmd/libsnap: don't leak memory in sc_die_on_error
- tests: improve how the system is restored when the upgrade-
from-2.15 test fails
- interfaces/bluetooth-control: add udev rules for BT_chrdev devices
- interfaces: add audio-playback/audio-record and make pulseaudio
manually connect
- tests: split the sbuild test in 2 depending on the type of build
- interfaces: add an interface granting access to AppStream metadata
- gadget: ensure filesystem labels are unique
- usersession/agent: use background context when stopping the agent
- HACKING.md: update spread section, other updates
- data/selinux: allow snap-confine to read entries on nsfs
- tests: respect SPREAD_DEBUG_EACH on the main suite
- packaging/debian-sid: set GOCACHE to a known writable location
- interfaces: add gpio-control interface
- cmd/snap: use showDone helper with 'snap switch'
- gadget: effective structure role fallback, extra tests
- many: fix unit tests getting stuck
- tests: remove installed snap on restore
- daemon: do not modify test data in user suite
- data/selinux: allow read on sysfs
- packaging/debian: don't md5sum absent files
- tests: remove test-snapd-curl
- tests: remove test-snapd-snapctl-core18 in restore
- tests: remove installed snap in the restore section
- tests: remove installed test snap
- tests: correctly escape mount unit path
- cmd/Makefile.am: support building with the go snap
- tests: work around classic snap affecting the host
- tests: fix typo "current"
- overlord/assertstate: add Batch.Precheck to check for the full
validity of the batch before Commit
- tests: restore cpuset clone_children clobbered by lxd
- usersession: move userd package to usersession/userd
- tests: reformat and fix markdown in snapd-state.md
- gadget: select the right updater for given structure
- tests: show stderr only if it exists
- sessionagent: add a REST interface with socket activation
- tests: remove locally installed core in more tests
- tests: remove local revision of core
- packaging/debian-sid: use correct apparmor Depends for Debian
- packaging/debian-sid: merge debian upload changes back into master
- cmd/snap-repair: make sure the goroutine doesn't stick around on
timeout
- packaging/fedora: github.com/cheggaaa/pb is no longer used
- configstate/config: fix crash in purgeNulls
- boot, o/snapst, o/devicest: limit knowledge of boot vars to boot
- client,cmd/snap: stop depending on status/status-code in the JSON
responses in client
- tests: unmount leftover /run/netns
- tests: switch mount-ns test to manual
- overlord,daemon,cmd/snapd: move expensive startup to dedicated
StartUp methods
- osutil: add EnsureTreeState helper
- tests: measure properties of various mount namespaces
- tests: part2 making tests work on ubuntu-core-18
- interfaces/policy: minimal policy check for replacing
sanitizeReservedFor helpers (1/2)
- interfaces: add an interface that grants access to the PackageKit
service
- overlord/devicestate: update gadget update handlers and mocks
- tests: add mountinfo-tool --ref-x1000
- tests: remove lxd / lxcfs if pre-installed
- tests: removing support for ubuntu cosmic on spread test suite
- tests: don't leak /run/netns mount
- image: clean up the validateSuite
- bootloader: remove "Dir()" from Bootloader interface
- many: retry to reboot if snapd gets restarted before expected
reboot
- overlord: implement re-registration remodeling
- cmd: revert PR#6933 (tweak of GOMAXPROCS)
- cmd/snap: add snap unset command
- many: add Client-User-Agent to "SnapAction" install API call
- tests: first part making tests run on ubuntu-core-18
- hookstate/ctlcmd: support hidden commands in snapctl
- many: replace snapd snap name checks with type checks (3/4)
- overlord: mostly stop needing Kernel/CoreInfo, make GadgetInfo
consider a DeviceContext
- snapctl: handle unsetting of config options with "!"
- tests: move core migration snaps to tests/lib/snaps dir
- cmd/snap: handle unsetting of config options with "!"
- cmd/snap, etc: add health to 'snap list' and 'snap info'
- gadget: use struct field names when intializing data in mounted
updater unit tests
- cmd/snap-confine: bring /lib/firmware from the host
- snap: set snapd snap type (1/4)
- snap: add checks in validate-seed for missing base/default-
provider
- daemon: replace shutdownServer with net/http's native shutdown
support
- interfaces/builtin: add exec "/bin/runc" to docker-support
- gadget: mounted filesystem updater
- overlord/patch: simplify conditions for re-applying sublevel
patches for level 6
- seccomp/compiler: adjust test case names and comment for later
changes
- tests: fix error doing snap pack running failover test
- tests: don't preserve size= when rewriting mount tables
- tests: allow reordering of rewrite operations
- gadget: main update routine
- overlord/config: normalize nulls to support config unsetting
semantics
- snap-userd-autostart: don't list as a startup application on the
GUI
- tests: renumber snap revisions as seen via writable
- tests: change allocation for mount options
- tests: re-enable ns-re-associate test
- tests: mountinfo-tool allow many --refs
- overlord/devicestate: implement reregRemodelContext with the
essential re-registration logic
- tests: replace various numeric mount options
- gadget: filesystem image writer
- tests: add more unit tests for mountinfo-tool
- tests: introduce mountinfo-tool --ref feature
- tests: refactor mountinfo-tool rewrite state
- tests: allow renumbering mount namespace identifiers
- snap: refactor and explain layout blacklisting
- tests: renumber snap revisions as seen via hostfs
- daemon, interfaces, travis: workaround build ID with Go 1.9, use
1.9 for travis tests
- cmd/libsnap: add sc_error_init_{simple,api_misuse}
- gadget: make raw updater handle shifted structures
- tests/lib/nested: create WORK_DIR before accessing it
- cmd/libsnap: rename SC_LIBSNAP_ERROR to SC_LIBSNAP_DOMAIN
- cmd,tests: forcibly discard mount namespace when bases change
- many: introduce healthstate, run check-health
post-(install/refresh/try/revert)
- interfaces/optical-drive: add scsi-generic type 4 and 5 support
- cmd/snap-confine: exit from helper when parent dies
* New upstream release, LP: #1836327
- overlord/patch: simplify conditions for re-applying sublevel
patches for level 6
- cmd,tests: forcibly discard mount namespace when bases change
- cmd/snap-confine: handle device cgroup before pivot
- cmd/snap-apparmor-service: quit if there are no profiles
- cmd/snap, image: add --target-directory and --basename to 'snap
download'
- interfaces: add jack1 implicit classic interface
- interfaces: miscellaneous policy updates
- daemon: classic confinement is not supported on core
- interfaces: bluetooth-control: add mtk BT device node
- cmd/snap-seccomp: initial support for negative arguments with
uid/gid caching
- snap-confine: move seccomp load after permanent privilege drop
- tests: new profiler snap used to track cpu and memory for snapd
and snap commands
- debian: make maintainer scripts do nothing on powerpc
- gadget: mounted filesystem writer
- cmd/snap: use padded checkers for snapshot output
- bootloader: switch to bootloader_test style testing
- gadget: add a wrapper for generating partitioned images with
sfdisk
- tests/main/snap-seccomp-syscalls: add description
- tests: continue executing on errors either updating the repo db or
installing dependencies
- cmd/snap-seccomp/syscalls: add io_uring syscalls
- systemd: add InstanceMode enumeration to control which systemd
instance to control
- netutil: extract socket activation helpers from daemon package.
- interfaces: spi: update regex rules to accept spi nodes like
spidev12345.0
- gadget: fallback device lookup
- many: add strutil.ElliptLeft, use it for shortening cohorts
- wrappers: allow sockets under $XDG_RUNTIME_DIR
- gadget: add wrapper for creating and populating filesystems
- gadget: add writer for offset-write
- gadget: support relative symlinks in device lookup
- snap, snapstate: additional validation of base field
- many: fix some races and missing locking, make sure UDevMonitor is
stopped
- boot: move ExtractKernelAssets
- daemon, snap: screenshots _only_ shows the deprecation notice,
from 2.39
- osutil: add a workaround for overlayfs apparmor as it is used on
Manjaro
- snap: introduce GetType() function for snap.Info
- tests: update systems to be used for during sru validation
- daemon: increase `shutdownTimeout` to 25s to deal with slow
HW
- interfaces/network-manager: move deny ptrace to the connected slot
- interfaces: allow locking of pppd files
- cmd/snap-exec: fix snap completion for classic snaps with non
/usr/lib/snapd libexecdir
- daemon: expose pprof endpoints
- travis: disable snap pack on OSX
- client, cmd/snap: expose the new cohort options for snap ops
- overlord/snapstate: tweak switch summaries
- tests: reuse the image created initially for nested tests
execution
- tests/lib/nested: tweak assert disk prepare step
- daemon, overlord/snapstate: support leave-cohort
- tests/main/appstream-id: collect debug info
- store,daemon: add client-user-agent support to store.SnapInfo
- tests: add check for invalid PR titles in the static checks
- tests: add snap-tool for easier access to internal tools
- daemon: unexport file{Response,Stream}
- devicestate: make TestUpdateGadgetOnClassicErrorsOut less racy
- tests: fix test desktop-portal-filechooser
- tests: sort commands from DumpCommands in the dumpDbHook
- cmd/snap: add unit test for "advise-snap --dump-db".
- bootloader: remove extra mock bootloader implementation
- daemon: tweak for "add api endpoint for download" PR
- packaging: fix reproducible build error
- tests: synchronize journal logs before check logs
- tests: fix snap service watchdog test
- tests: use more readable test directory names
- tests/regression/lp-1805485: update test description
- overlord: make changes conflict with remodel
- tests: make sure the snapshot unit test uses a snapshot time
relative to Now()
- tests: revert "tests: stop catalog-update/apt-hooks test for now"
- tests: mountinfo-tool --one prints matches on failure
- data/selinux: fix policy for snaps with bases and classic snaps
- debian: fix building on eoan by tweaking golang build-deps
- packaging/debian-sid: update required golang version to 1.10
- httputil: handle "no such host" error explicitly and do not retry
it
- overlord/snapstate, & fallout: give Install a *RevisionOptions
- cmd/snap: don't run install on 'snap --help install'
- gadget: raw/bare structure writer and updater
- daemon, client, cmd/snap: show cohort key in snap info --verbose
- overlord/snapstate: add update-gadget task when needed, block
other changes
- image: turn a missing default content provider into an error
- overlord/devicestate: update-gadget-assets task handler with
stubbed gadget callbacks
- interface: builtin: avahi-observe/control: update label for
implicit slot
- tests/lib/nested: fix multi argument copy_remote
- tests/lib/nested: have mkfs.ext4 use a rootdir instead of mounting
an image
- packaging: fix permissions powerpc docs dir
- overlord: mock store to avoid net requests
- debian: rework how we run autopkgtests
- interface: builtin: avahi-observe/control: allow slots
implementation also by app snap on classic system
- interfaces: builtin: utils: add helper function to identify system
slots
- interfaces: add missing adjtimex to time-control
- overlord/snapstate, snap: support base = "none"
- daemon, overlord/snapstate: give RevisionOptions a CohortKey
- data/selinux: permit init_t to remount snappy_snap_t
- cmd/snap: test for a friendly error on 'okay' without 'warnings'
- cmd/snap: support snap debug timings --startup=.. and measure
loadState time
- advise-snap: add --dump-db which dumps the command database
- interfaces/docker-support: support overlayfs on ubuntu core
- cmd/okay: Remove err message when warning file not exist
- devicestate: disallow removal of snaps used in booting early
- packaging: fix build-depends on powerpc
- tests: run spread tests on opensuse leap 15.1
- strutil/shlex: fix ineffassign
- cmd/snapd: ensure GOMAXPROCS is at least 2
- cmd/snap-update-ns: detach unused mount points
- gadget: record gadget root directory used during positioning
- tests: force removal to prevent restore fails when directory
doesn't exist on lp-1801955 test
- overlord: implement store switch remodeling
- tests: stop using ! for naive negation in shell scripts
- snap,store,daemon,client: send new "Snap-Client-User-Agent" header
in Search()
- osutil: now that we require golang-1.10, use user.LookupGroup()
- spread.yaml,tests: change MATCH and REBOOT to cmds
- packaging/fedora: force external linker to ensure static linking
and -extldflags use
- timings: tweak the conditional for ensure timings
- timings: always store ensure timings as long as they have an
associated change
- cmd/snap: tweak the output of snap debug timings --ensure=...
- overlord/devicestate: introduce remodel kinds and
contextsregistrationContext:
- snaptest: add helper for mocking snap with contents
- snapstate: allow removal of non-model kernels
- tests: change strace parameters on snap-run test to avoid the test
gets stuck
- gadget: keep track of the index where structure content was
defined
- cmd/snap-update-ns: rename leftover ctx to upCtx
- tests: add "not" command
- spread.yaml: use "snap connections" in debug
- tests: fix how strings are matched on auto-refresh-retry test
- spread-shellcheck: add support for variants and environment
- gadget: helper for shifting structure start position
- cmd/snap-update-ns: add several TODO comments
- cmd/snap-update-ns: rename ctx to upCtx
- spread.yaml: make HOST: usage shellcheck-clean
- overlord/snapstate, daemon: snapstate.Switch now takes a
RevisionOption
- tests: add mountinfo-tool
- many: make snapstate.Update take *RevisionOptions instead of chan,
rev
- tests/unit/spread-shellcheck: temporary workaround for SC2251
- daemon: refactor user ops to api_users
- cmd/snap, tests: refactor info to unify handling of 'direct' snaps
- cmd/snap-confine: combine sc_make_slave_mount_ns into caller
- cmd/snap-update-ns: use "none" for propagation changes
- cmd/snap-confine: don't pass MS_SLAVE along with MS_BIND
- cmd/snap, api, snapstate: implement "snap remove --purge"
- tests: new hotplug test executed on ubuntu core
- tests: running tests on fedora 30
- gadget: offset-write: fix validation, calculate absolute position
- data/selinux: allow snap-confine to do search on snappy_var_t
directories
- daemon, o/snapstate, store: support for installing from cohorts
- cmd/snap-confine: do not mount over non files/directories
- tests: validates snapd from ppa
- overlord/configstate: don't panic on invalid configuration
- gadget: improve device lookup, add helper for mount point lookup
- cmd/snap-update-ns: add tests for executeMountProfileUpdate
- overlord/hookstate: don't run handler unless hooksup.Always
- cmd/snap-update-ns: allow changing mount propagation
- systemd: workaround systemctl show quirks on older systemd
versions
- cmd/snap: allow option descriptions to start with the command
- many: introduce a gadget helper for locating device matching given
structure
- cmd/snap-update-ns: fix golint complaints about variable names
- cmd/snap: unit tests for debug timings
- testutil: support sharing-related mount flags
- packaging/fedora: Merge changes from Fedora Dist-Git and drop EOL
Fedora releases
- cmd/snap: support for --ensure argument for snap debug timings
- cmd,sandbox: tweak seccomp version info handling
- gadget: record sector size in positioned volume
- tests: make create-user test support managed devices
- packaging: build empty package on powerpc
- overlord/snapstate: perform hard refresh check
- gadget: add volume level update checks
- cmd/snap: mangle descriptions that have indent > terminal width
- cmd/snap-update-ns: rename applyFstab to executeMountProfileUpdate
- cmd/snap-confine: unshare per-user mount ns once
- tests: retry govendor sync
- tests: avoid removing snaps which are cached to speed up the
prepare on boards
- tests: fix how the base snap are deleted when there are multiple
to deleted on reset
- cmd/snap-update-ns: merge apply functions
- many: introduce assertstest.SigningAccounts and AddMany test
helpers
- interfaces: special-case "snapd" in sanitizeSlotReservedForOS*
helpers
- cmd/snap-update-ns: make apply{User,System}Fstab identical
- gadget: introduce checkers for sanitizing structure updates
- cmd/snap-update-ns: move apply{Profile,{User,System}Fstab} to same
file
- overlord/devicestate: introduce registrationContext
- cmd/snap-update-ns: add no-op load/save current user profile logic
- devicestate: set "new-model" on the remodel change
- devicestate: use deviceCtx in checkGadgetOrKernel
- many: use a fake assertion model in the device contexts for tests
- gadget: fix handling of positioning constrains for structures of
MBR role
- snap-confine: improve error when running on a not /home homedir
- devicestate: make Remodel() return a state.Change
- many: make which store to use contextualThis reworks
snapstate.Store instead of relying solely on DeviceContext,
because:
- tests: enable tests on centos 7 again
- interfaces: add login-session-control interface
- tests: extra debug for snapshot-basic test
- overlord,overlord/devicestate: do without GadgetInfo/KernelInfo in
devicestate
- gadget: more validation checks for legacy MBR structure type &
role
- osutil: fix TestReadBuildGo test in sbuild
- data: update XDG_DATA_DIRS via the systemd environment.d mechanism
too
- many: do without device state/assertions accessors based on state
only outside of devicestate/tests
- interfaces/dbus: fix unit tests when default snap mount dir is not
/snap
- tests: add security-seccomp to verify seccomp with arg filtering
- snapshotstate: disable automatic snapshots on core for now
- snapstate: auto-install snapd when needed
- overlord/ifacestate: update static attributes of "content"
interface
- interfaces: add support for the snapd snap in the dbus backend*
- overlord/snapstate: tweak autorefresh logic if network is not
available
- snapcraft: also include ld.so.conf from libc in the snapcraft.yml
- snapcraft.yaml: fix links ld-linux-x86-64.so.2/ld64.so.2
- overlord: pass a DeviceContext to the checkSnap implementations
- daemon: add RootOnly flag to commands
- many: make access to the device model assertion etc contextual
via a DeviceCtx hook/DeviceContext interface
- snapcraft.yaml: include libc6 in snapd
- tests: reduce snapcraft leftovers from PROJECT_PATH, temp disable
centos
- overlord: make the store context composably backed by separate
backends for device asserts/info etc.
- snapstate: revert "overlord/snapstate: remove PlugsOnly"
- osutil,cmdutil: move CommandFromCore and make it use the snapd
snap (if available)
- travis: bump Go version to 1.10.x
- cmd/snap-update-ns: remove instanceName argument from applyProfile
- gadget: embed volume in positioned volume, rename fields
- osutil: use go build-id when no gnu build-id is available
- snap-seccomp: add 4th field to version-info for golang-seccomp
features
- cmd/snap-update-ns: merge computeAndSaveSystemChanges into
applySystemFstab
- cmd/snap, client, daemon, store: create-cohort
- tests: give more time until nc returns on appstream test
- tests: run spread tests on ubuntu 19.04
- gadget: layout, smaller fixes
- overlord: update static attrs when reloading connections
- daemon: verify snap instructions for multi-snap requests
- overlord/corecfg: make expiration of automatic snapshots
configurable (4/4)
- cmd/snap-update-ns: pass MountProfileUpdate to
apply{System,User}Fstab
- snap: fix interface bindings on implicit hooks
- tests: improve how snaps are cached
- cmd/snap-update-ns: formatting tweaks
- data/selinux: policy tweaks
- cmd/snap-update-ns: move locking to the common layer
- overlord: use private YAML inside several tests
- cmd/snap, store, image: support for cohorts in "snap download"
- overlord/snapstate: add timings to critical task handlers and the
backend
- cmd: add `snap debug validate-seed <path>` cmd
- state: add possible error return to TaskSet.Edge()
- snap-seccomp: use username regex as defined in osutil/user.go
- osutil: make IsValidUsername public and fix regex
- store: serialize the acquisition of device sessions
- interfaces/builtin/desktop: fonconfig v6/v7 cache handling on
Fedora
- many: move Device/SetDevice to devicestate, start of making them
pluggable in storecontext
- overlord/snapstate: remove PlugsOnly
- interfaces/apparmor: allow running /usr/bin/od
- spread: add qemu:fedora-29-64
- tests: make test parallel-install-interfaces work for boards with
pre-installed snaps
- interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern
- spread.yaml: add qemu:centos-7-64
- overlord/devicestate: extra measurements related to
populateStateFromSeed
- cmd/snap-update-ns: move Assumption to {System,User}ProfileUpdate
- cmd/libsnap: remove fringe error function
- gadget: add validation of cross structure overlap and offset
writes
- cmd/snap-update-ns: refactor of profile application (3/N)
- data/selinux: tweak the policy for runuser and s-c, interpret
audit entries
- tests: fix spaces issue in the base snaps names to remove during
reset phase
- tests: wait for man db cache is updated before after install snapd
on Fedora
- tests: extend timeout of sbuild test
* New upstream release, LP: #1827495
- daemon: increase `shutdownTimeout` to 25s to deal with slow HW
- spread: run tests against openSUSE 15.1
- data/selinux: fix policy for snaps with bases and classic snaps
* New upstream release, LP: #1827495
- debian: rework how we run autopkgtests
- interfaces/docker-support: add overlayfs accesses for ubuntu core
- data/selinux: permit init_t to remount snappy_snap_t
- strutil/shlex: fix ineffassign
- packaging: fix build-depends on powerpc
* New upstream release, LP: #1827495
- spread: enable Fedora 30
- cmd/snap-confine, data/selinux: cherry pick Fedora 30 fixes
- tests/unit/spread-shellcheck: temporary workaround for SC2251
- packaging: build empty package on powerpc
- interfaces: special-case "snapd" in sanitizeSlotReservedForOS*
helper
- cmd/snap: mangle descriptions that have indent > terminal width
- cmd/snap-confine: unshare per-user mount ns once
- tests: avoid adding spaces to the base snaps names
- systemd: workaround systemctl show quirks on older systemd
versions
* New upstream release, LP: #1827495
- overlord/ifacestate: update static attributes of "content"
interface
- data/selinux: tweak the policy for runuser and s-c, interpret
audit entries
- snapshotstate: disable automatic snapshots on core for now
- overlord/corecfg: make expiration of automatic snapshots
configurable
- snapstate: auto-install snapd when needed
- interfaces: add support for the snapd snap in the dbus backend
- overlord/snapstate: tweak autorefresh logic if network is not
available
- interfaces/apparmor: allow running /usr/bin/od
- osutil,cmdutil: move CommandFromCore and make it use the snapd
snap (if available)
- daemon: also verify snap instructions for multi-snap requests
- data/selinux: allow snap-confine to mount on top of bin
- data/selinux: auto transition /var/snap to snappy_var_t
- cmd: add `snap debug validate-seed <path>` cmd
- interfaces/builtin/desktop: fonconfig v6/v7 cache handling on
Fedora
- interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern
- tests: make snap-connections test work on boards with snaps pre-
installed
- tests: check for /snap/core16/current in core16-provided-by-core
- tests: run livepatch test on 18.04 as well
- devicestate: deal correctly with the "required" flag on Remodel
- snapstate,state: add TaskSet.AddAllWithEdges() and use in doUpdate
- snapstate: add new NoReRefresh flag and use in Remodel()
- many: allow core as a fallback for core16
- snapcraft: build static fontconfig in the snapd snap
- cmd/snap-confine: remove unused sc_open_snap_{update,discard}_ns
- data/selinux: allow snapd to execute runuser under snappy_t
- spread, tests: do not leave mislabeled files in restorecon test,
attempt to catch similar files
- interfaces: cleanup internal tool lookup in system-key
- many: move auth.AuthContext to store.DeviceAndAuthContext, the
implemention to a separate storecontext packageThis:
- overlord/devicestate: measurements around ensure and related tasks
- cmd: tweak internal tool lookup to accept more possible locations
- overlord/snapstate,snapshotstate: create snapshot on snap removal
- tests: run smoke tests on (almost) pristine systems
- tests: system disable ssh for config defaults in gadget
- cmd/debug: integrate new task timings with "snap debug timings"
- tests/upgrade/basic, packaging/fedoar: restore SELinux context of
/var/cache/fontconfig, patch pre-2.39 mount units
- image: simplify prefer local logic and fixes
- tests/main/selinux-lxd: make sure LXD from snaps works cleanly
with enforcing SELinux
- tests: deny ioctl - TIOCSTI with garbage in high bits
- overlord: factor out mocking of device service and gadget w.
prepare-device for registration tests
- data/selinux, tests/main/selinux-clean: fine tune the policy, make
sure that no denials are raised
- cmd/libsnap,osutil: fix parsing of mountinfo
- ubuntu: disable -buildmode=pie on armhf to fix memory issue
- overlord/snapstate: inhibit refresh for up to a week
- cmd/snap-confine: prevent cwd restore permission bypass
- overlord/ifacestate: introduce HotplugKey type use short key in
change summaries
- many: make Remodel() download everything first before installing
- tests: fixes discovered debugging refresh-app-awareness
- overlord/snapstate: track time of postponed refreshes
- snap-confine: set rootfs_dir in sc_invocation struct
- tests: run create-user on core devices
- boot: add flag file "meta/force-kernel-extraction"
- tests: add regression test for systemctl race fix
- overlord/snapshotstate: helpers for snapshot expirations
- overlord,tests: perform soft refresh check in doInstall
- tests: enable tests that write /etc/{hostname,timezone} on core18
- overlord/ifacestate: implement String() method of
HotplugDeviceInfo for better logs/messages
- cmd/snap-confine: move ubuntu-core fallback checks
- testutil: fix MockCmd for shellcheck 0.5
- snap, gadget: move gadget read/validation into separate package,
tweak naming
- tests: split travis spread execution in 2 jobs for ubuntu and non
ubuntu systems
- testutil: make mocked command work with shellcheck from snaps
- packaging/fedora, tests/upgrade/basic: patch existing mount units
with SELinux context on upgrade
- metautil, snap: extract yaml value normalization to a helper
package
- tests: use apt via eatmydata
- dirs,overlord/snapstate: add Soft and Hard refresh checks
- cmd/snap-confine: allow using tools from snapd snap
- cmd,interfaces: replace local helpers with cmd.InternalToolPath
- tweak: fix "make hack" on Fedora
- snap: add validation of gadget.yaml
- cmd/snap-update-ns: refactor of profile application
- cmd/snap,client,daemon,store: layout and sanity tweaks for
find/search options
- tests: add workaround for missing cache reset on older snapd
- interfaces: deal with the snapd snap correctly for apparmor 2.13
- release-tools: add debian-package-builder
- tests: enable opensuse 15 and add force-resolution installing
packages
- timings: AddTag helper
- testutil: run mocked commands through shellcheck
- overlord/snapshotstate: support auto flag
- client, daemon, store: search by common-id
- tests: all the systems for google backend with 6 workers
- interfaces: hotplug nested vm test, updated serial-port interface
for hotplug.
- sanity: use proper SELinux context when mounting squashfs
- cmd/libsnap: neuter variables in cleanup functions
- interfaces/adb-support: account for hubs on sysfs path
- interfaces/seccomp: regenerate changed profiles only
- snap: reject layouts to /lib/{firmware,modules}
- cmd/snap-confine, packaging: support SELinux
- selinux, systemd: support mount contexts for snap images
- interfaces/builtin/opengl: allow access to Tegra X1
- cmd/snap: make 'snap warnings' output yamlish
- tests: add check to detect a broken snap on reset
- interfaces: add one-plus devices to adb-support
- cmd: prevent umask from breaking snap-run chain
- tests/lib/pkgdb: allow downgrade when installing packages in
openSUSE
- cmd/snap-confine: use fixed private tmp directory
- snap: tweak parsing errors of gadget updates
- overlord/ifacemgr: basic measurements
- spread: refresh metadata on openSUSE
- cmd/snap-confine: pass sc_invocation instead of numerous args
around
- snap/gadget: introduce volume update info
- partition,bootloader: rename 'partition' package to 'bootloader'
- interfaces/builtin: add dev/pts/ptmx access to docker_support
- tests: restore sbuild test
- strutil: make SplitUnit public, allow negative numbers
- overlord/snapstate,: retry less for auto-stuff
- interfaces/builtin: add add exec "/" to docker-support
- cmd/snap: fix regression of snap saved command
- cmd/libsnap: rename C enum for feature flag
- cmd: typedef mountinfo structures
- tests/main/remodel: clean up before reverting the state
- cmd/snap-confine: umount scratch dir using UMOUNT_NOFOLLOW
- timings: add new helpers, Measurer interface and DurationThreshold
- cmd/snap-seccomp: version-info subcommand
- errortracker: fix panic in Report if db cannot be opened
- sandbox/seccomp: a helper package wrapping calls to snap-seccomp
- many: add /v2/model API, `snap remodel` CLI and spread test
- tests: enable opensuse tumbleweed back
- overlord/snapstate, store: set a header when auto-refreshing
- data/selinux, tests: refactor SELinux policy, add minimal tests
- spread: restore SELinux context when we mess with system files
- daemon/api: filter connections with hotplug-gone=true
- daemon: support returning assertion information as JSON with the
"json" query parameter
- cmd/snap: hide 'interfaces' command, show deprecation notice
- timings: base API for recording timings in state
- cmd/snap-confine: drop unused dependency on libseccomp
- interfaces/apparmor: factor out test boilerplate
- daemon: extract assertions api endpoint implementation into
api_asserts.go
- spread.yaml: bump delta reference
- cmd/snap-confine: track per-app and per-hook processes
- cmd/snap-confine: make sc_args helpers const-correct
- daemon: move a function that was between an other struct and its
methods
- overlord/snapstate: fix restoring of "old-current" revision config
in undoLinkSnap
- cmd/snap, client, daemon, ifacestate: show a leading attribute of
a connection
- cmd/snap-confine: call sc_should_use_normal_mode once
- cmd/snap-confine: populate enter_non_classic_execution_environment
- daemon: allow downloading snaps blobs via .../file
- cmd/snap-confine: introduce sc_invocation
- devicestate: add initial Remodel support
- snap: remove obsolete license-* fields in the yaml
- cmd/libsnap: add cgroup-pids-support module
- overlord/snapstate/backend: make LinkSnap clean up more
- snapstate: only keep 2 snaps on classic
- ctlcmd/tests: tests tweaks (followup to #6322)
* New upstream release, LP: #1824394
- tests: add workaround for missing cache reset on older snapd
- ubuntu: disable -buildmode=pie on armhf to fix memory issue
* New upstream release, LP: #1818648
- overlord/snapstate,: retry less for auto-stuff
- cmd/snap: fix regression of snap saved command
- interfaces/builtin: add dev/pts/ptmx access to docker_support
- overlord/snapstate, store: set a header when auto-refreshing
- interfaces/builtin: add add exec "/" to docker-support
- cmd/snap, client, daemon, ifacestate: show a leading attribute of
a connection
- interface: avahi-observe: Fixing socket permissions on 4.15
kernels
- tests: check that apt works before using it
- apparmor: support AppArmor 2.13
- snapstate: restart into the snapd snap on classic
- overlord/snapstate: during refresh, re-refresh on epoch bump
- cmd, daemon: split out the common bits of mapLocal and mapRemote
- cmd/snap-confine: chown private /tmp to root.root
- cmd/snap-confine: drop uid from random /tmp name
- overlord/hookstate: apply pending transaction changes onto
temporary configuration for snapctl get
- cmd/snap: `snap connections` command
- interfaces/greengrass_support: update accesses for GGC 1.8
- cmd/snap, daemon: make the connectivity check use GET
- interfaces/builtin,/udev: add spec support to disable udev +
device cgroup and use it for greengrass
- interfaces/intel-mei: small follow up tweaks
- ifacestate/tests: fix/improve udev mon test
- interfaces: add multipass-support interface
- tests/main/high-user-handling: fix the test for Go 1.12
- interfaces: add new intel-mei interface
- systemd: decrease the checker counter before unlocking otherwise
we can get spurious panics
- daemon/tests: fix race in the disconnect conflict test
- cmd/snap-confine: allow moving tasks to pids cgroup
- tests: enable opensuse tumbleweed on spread
- cmd/snap: fix `snap services` completion
- ifacestate/hotplug: integration with udev monitor
- packaging: build snapctl as a static binary
- packaging/opensuse: move most logic to snapd.mk
- overlord: fix ensure before slowness on Retry
- overlord/ifacestate: fix migration of connections on upgrade from
ubuntu-core
- daemon, client, cmd/snap: debug GETs ask aspects, not actions
- tests/main/desktop-portal-*: fix handling of python dependencies
- interfaces/wayland: allow wayland server snaps function on classic
too
- daemon, client, cmd/snap: snap debug base-declaration
- tests: run tests on opensuse leap 15.0 instead of 42.3
- cmd/snap: fix error messages for snapshots commands if ID is not
uint
- interfaces/seccomp: increase filter precision
- interfaces/network-manager: no peer label check for hostname1
- tests: add a tests for xdg-desktop-portal integration
- tests: not checking 'tracking channel' after refresh core on
nested execution
- tests: remove snapweb from tests
- snap, wrappers: support StartTimeout
- wrappers: Add an X-SnapInstanceName field to desktop files
- cmd/snap: produce better output for help on subcommands
- tests/main/nfs-support: use archive mode for creating fstab backup
- many: collect time each task runs and display it with `snap debug
timings <id>`
- tests: add attribution to helper script
- daemon: make ucrednetGet not loop
- squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
- features,cmd/libsnap: add new feature "refresh-app-awareness"
- overlord: fix random typos
- interfaces/seccomp: generate global seccomp profile
- daemon/api: fix error case for disconnect conflict
- overlord/snapstate: add some randomness to the catalog refresh
- tests: disable trusty-proposed for now
- tests: fix upgrade-from-2.15 with kernel 4.15
- interfaces/apparmor: allow sending and receiving signals from
ourselves
- tests: split the test interfaces-many in 2 and remove snaps on
restore
- tests: use snap which takes 15 seconds to install on retryable-
error test
- packaging: avoid race in snapd.postinst
- overlord/snapstate: discard mount namespace when undoing 1st link
snap
- cmd/snap-confine: allow writes to /var/lib/**
- tests: stop catalog-update test for now
- tests/main/auto-refresh-private: make sure to actually download
with the expired macaroon
- many: save media info when installing, show it when listing
- userd: handle help urls which requires prepending XDG_DATA_DIRS
- tests: fix NFS home mocking
- tests: improve snaps-system-env test
- tests: pre-cache core on core18 systems
- interfaces/hotplug: renamed RequestedSlotSpec to ProposedSlot,
removed Specification
- debian: ensure leftover usr.lib.snapd.snap-confine is gone
- image,cmd/snap,tests: introduce support for modern prepare-image
--snap <snap>[=<channel>]
- overlord/ifacestate: tweak logic for generating unique slot names
- packaging: import debian salsa packaging work, add sbuild test and
use in spead
- overlord/ifacestate: hotplug-add-slot handler
- image,cmd/snap: simplify --classic-arch to --arch, expose
prepare-image
- tests: run test snap as user in the smoke test
- cmd/snap: tweak man output to have no doubled up .TP lines
- cmd/snap, overlord/snapstate: silently ignore classic flag when a
snap is strictly confined
- snap-confine: remove special handling of /var/lib/jenkins
- cmd/snap-confine: handle death of helper process
- packaging: disable systemd environment generator on 18.04
- snap-confine: fix classic snaps for users with /var/lib/* homedirs
- tests/prepare: prevent console-conf from running
- image: bootstrapToRootDir => setupSeed
- image,cmd/snap,tests: introduce prepare-image --classic
- tests: update smoke/sandbox test for armhf
- client, daemon: introduce helper for querying snapd API for the
list of slot/plug connections
- cmd/snap-confine: refactor and cleanup of seccomp loading
- snapstate, snap: allow update/switch requests with risk only
channel to DTRT
- interfaces: add network-manager-observe interface
- snap-confine: increase locking timeout to 30s
- snap-confine: fix incorrect "sanity timeout 3s" message
- snap-confine: provide proper error message on sc_sanity_timeout
- snapd,state: improve error message on state reading failure
- interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
- snap: fix reexec from the snapd snap for classic snaps
- snap: fix hook autodiscovery for parallel installed snaps
- overlord/snapstate: format the refresh time for the log
- cmd/snap-confine: add special case for Jenkins
- snapcraft.yaml: fix XBuildDeb PATH for go-1.10
- overlord/snapstate: validate instance names early
- overlord/ifacestate: handler for hotplug-update-slot tasks
- polkit: cast pid to uint32 to keep polkit happy for now
- snap/naming: move various name validation helpers to separate
package
- tests: iterate getting journal logs to support delay on boards on
daemon-notify test
- cmd/snap: fix typo in cmd_wait.go
- snap/channel: improve channel parsing
- daemon, polkit: pid_t is signed
- daemon: introduce /v2/connections snapd API endpoint
- cmd/snap: small refactor of cmd_info's channel handling
- overlord/snapstate: use an ad-hoc error when no results
- cmd/snap: wrap "summary" better
- tests: workaround missing go dependencies in debian-9
- daemon: try to tidy up the icon stuff a little
- interfaces: add display-control interface
- snapcraft.yaml: fix snap building in launchpad
- tests: update fedora 29 workers to speed up the whole testing time
- interfaces: add u2f-devices interface and allow reading udev
+power_supply:* in hardware-observe
- cmd/snap-update-ns: save errno from strtoul
- tests: interfaces tests normalization
- many: cleanup golang.org/x/net/context
- tests: add spread test for system dbus interface
- tests: remove -o pipefail
- interfaces: add block-devices interface
- spread: enable upgrade suite on fedora
- tests/main/searching: video section got renamed to photo-and-video
- interfaces/home: use dac_read_search instead of dac_override with
'read: all'
- snap: really run the RunSuite
- interfaces/camera: allow reading vendor/etc info from
/run/udev/data/+usb:*
- interfaces/dbus: be less strict about alternations for well-known
names
- interfaces/home: allow dac_override with 'read:
all'
- interfaces/pulseaudio: allow reading subdirectories of
/etc/pulse
- interfaces/system-observe: allow read on
/proc/locks
- run-checks: ensure we use go-1.10 if available
- tests: get test-snapd-dbus-{provider,consumer} from the beta
channel
- interfaces/apparmor: mock presence of overlayfs root
- spread: increase default kill-timeout to 30min
- tests: simplify interfaces-contacts-service test
- packaging/ubuntu: build with golang 1.10
- ifacestate/tests: extra test for hotplug-connect handler
- packaging: make sure that /var/lib/snapd/lib/glvnd is accounted
for
- overlord/snapstate/backend: call fontconfig helpers from the new
'current'
- kvm: load required kernel modules if necessary
- cmd/snap: use a fake user for 'run' tests
- tests: update systems for google sru backend
- tests: fix install-snaps test by changing the snap info regex
- interfaces: helpers for sorting plug/slot/connection refs
- tests: moving core-snap-refresh-on-core test from main to nested
suite
- tests: fix daemon-notify test checking denials considering all the
log lines
- tests: skip lp-1802591 on "official" images
- tests: fix listing tests to match "snap list --unicode=never"
- debian: fix silly typo in the spread test invocation
- interface: raw-usb: Adding ttyACM ttyACA permissions
- tests: fix enable-disable-unit-gpio test on external boards
- overlord/ifacestate: helper API to obtain the state of connections
- tests: define new "tests/smoke" suite and use that for
autopkgtests
- cmd/snap-update-ns: explicitly check for return value from
parse_arg_u
- interfaces/builtin/opengl: allow access to NVIDIA VDPAU library
- tests: auto-clean the test directory
- cmd/snap: further tweak messaging; add a test
- overlord/ifacestate: handler for hotplug-connect task
- cmd/snap-confine: join freezer only after setting up user mount
- cmd/snap-confine: don't preemptively create .mnt files
- cmd/snap-update-ns: manually implement isspace
- cmd/snap-update-ns: let the go parser know we are parsing -u
- cmd/snap-discard-ns: fix name of user fstab files
- snapshotstate: don't task.Log without the lock
- tests: exclude some more slow tests from runs in autopkgtest
- many: remove .user-fstab files from /run/snapd/ns
- cmd/libsnap: pass --from-snap-confine when calling snap-update-ns
as user
- cmd/snap-update-ns: make freezer mockable
- cmd/snap-update-ns: move XDG code to dedicated file
- osutil: add helper for loading fstab from string
- cmd/snap-update-ns: move existing code around, renaming some
functions
- overlord/configstate/configcore: support - and _ in cloud init
field names
- * cmd/snap-confine: use makedev instead of MKDEV
- tests: review/fix the autopkgtest failures in disco
- overlord: drop old v1 store api support from managers test
- tests: new test for snapshots with more than 1 user
* New upstream release, LP: #1817949
- squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
- overlord/ifacestate: fix migration of connections on upgrade from
ubuntu-core
- tests: fix upgrade-from-2.15 with kernel 4.15
- interfaces/seccomp: increase filter precision
- tests: remove snapweb from tests
* New upstream release, LP: #1811233
- interfaces/seccomp: generate global seccomp profile
- overlord/snapstate: add some randomness to the catalog refresh
- tests: add upgrade test from 2.15.2ubuntu1 -> current snapd
- snap-confine: fix fallback to ubuntu-core
- packaging: avoid race in snapd.postinst
- overlord/snapstate: discard mount namespace when undoing 1st link
snap
- cmd/snap-confine: allow writes to /var/lib/** again
- tests: stop catalog-update/apt-hooks test until the catlog refresh
is randomized
- debian: ensure leftover usr.lib.snapd.snap-confine is gone
* New upstream release, LP: #1811233
- cmd/snap, overlord/snapstate: silently ignore classic flag when a
snap is strictly confined
- snap-confine: remove special handling of /var/lib/jenkins
- cmd/snap-confine: handle death of helper process gracefully
- snap-confine: fix classic snaps for users with /var/lib/* homedirs
like jenkins/postgres
- packaging: disable systemd environment generator on 18.04
- tests: update smoke/sandbox test for armhf
- cmd/snap-confine: refactor and cleanup of seccomp loading
- snap-confine: increase locking timeout to 30s
- snap-confine: fix incorrect "sanity timeout 3s" message
- snap: fix hook autodiscovery for parallel installed snaps
- tests: iterate getting journal logs to support delay on boards on
daemon-notify test
- interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
- interfaces: add u2f-devices interface
* New upstream release, LP: #1811233
- cmd/snap-confine: add special case for Jenkins
- tests: workaround missing go dependencies in debian-9
- daemon, polkit: pid_t is signed
- interfaces: add display-control interface
- interfaces: add block-devices interface
- tests/main/searching: video section got renamed to photo-and-video
- interfaces/camera: allow reading vendor/etc info from
/run/udev/data/+usb
- interfaces/dbus: be less strict about alternations for well-known
names
- interfaces/home: allow dac_read_search with 'read: all'
- interfaces/pulseaudio: allow reading subdirectories of
/etc/pulse
- interfaces/system-observe: allow read on
/proc/locks
- tests: get test-snapd-dbus-{provider,consumer} from the beta
channel
- interfaces/apparmor: mock presence of overlayfs root
- packaging/{fedora,opensuse,ubuntu}: add /var/lib/snapd/lib/glvnd
* New upstream release, LP: #1811233
- snapd: fix race in TestSanityFailGoesIntoDegradedMode test
- cmd: fix snap-device-helper to deal correctly with hooks
- tests: various fixes for external backend
- interface: raw-usb: Adding ttyACM[0-9]* as many serial devices
have device node /dev/ttyACM[0-9]
- tests: fix enable-disable-unit-gpio test on external boards
- tests: define new "tests/smoke" suite and use that for
autopkgtests
- interfaces/builtin/opengl: allow access to NVIDIA VDPAU
library
- snapshotstate: don't task.Log without the lock
- overlord/configstate/configcore: support - and _ in cloud init
field names
- cmd/snap-confine: use makedev instead of MKDEV
- tests: review/fix the autopkgtest failures in disco
- systemd: allow only a single daemon-reload at the same time
- cmd/snap: only auto-enable unicode to a tty
- cmd/snap: right-align revision and size in info's channel map
- dirs, interfaces/builtin/desktop: system fontconfig cache path is
different on Fedora
- tests: fix "No space left on device" issue on amazon-linux
- store: undo workaround for timezone-less released-at
- store, snap, cmd/snap: channels have released-at
- snap-confine: fix incorrect use "src" var in mount-support.c
- release: support probing SELinux state
- release-tools: display self-help
- interface: add new `{personal,system}-files` interface
- snap: give Epoch an Equal method
- many: remove unused interface code
- interfaces/many: use 'unsafe' with docker-support change_profile
rules
- run-checks: stop running HEAD of staticcheck
- release: use sync.Once around lazy intialized state
- overlord/ifacestate: include interface name in the hotplug-
disconnect task summary
- spread: show free space in debug output
- cmd/snap: attempt to restore SELinux context of snap user
directories
- image: do not write empty etc/cloud
- tests: skip snapd snap on reset for core systems
- cmd/snap-discard-ns: fix umount(2) typo
- overlord/ifacestate: hotplug-remove-slot task handler
- overlord/ifacestate: handler for hotplug-disconnect task
- ifacestate/hotplug: updateDevice helper
- tests: reset snapd state on tests restore
- interfaces: return security setup errors
- overlord: make InstallMany work like UpdateMany, issuing a single
request to get candidates
- systemd/systemd.go: add missing tests for systemd.IsActive
- overlord/ifacestate: addHotplugSeqWaitTask helper
- cmd/snap-confine: refactor call to snap-update-ns --user-mounts
- tests: new backend used to run upgrade test suite
- travis: short circuit failures in static and unit tests travis job
- cmd: automatically fix localized <option>s to <option>
- overlord/configstate,features: expose features to snapd tools
- selinux: package to query SELinux status and verify/restore file
contexts
- wrappers: use new systemd.IsActive in core18 early boot
- cmd: add tests for lintArg and lintDesc
- httputil: retry on temporary net errors
- cmd/snap-confine: remove unused sc_discard_preserved_mount_ns
- wrappers: only restart service in core18 when they are active
- overlord/ifacestate: helpers for serializing hotplug changes
- packaging/{fedora,opensuse}: own /var/lib/snapd/cookie
- systemd: start snapd.autoimport.service in --no-block mode
- data/selinux: fix syntax error in definition of snappy_admin
interface
- snap/info: bind global plugs/slots to implicit hooks
- cmd/snap-confine: remove SC_NS_MNT_FILE
- spread: record each tests/upgrade job
- osutil: do not import dirs
- cmd/snap-confine: fix typo "a pipe"
- tests: make security-device-cgroups-{devmode,jailmode} work on arm
devices
- tests: force test-snapd-daemon-notify exit 0 when the interface is
not connected
- overlord/snapstate: run 'remove' hook before 'auto-disconnect'
- centos: enable SELinux support on CentOS 7
- apparmor: allow hard link to snap-specific semaphore files
- tests/lib/pkgdb: disable weak deps on Fedora
- release: detect too old apparmor_parser
- tests: improve how the log is checked to see if the system is
waiting for a reboot
- cmd, dirs, interfaces/apparmor: update distro identification to
support ID="archlinux"
- spread, tests: add Fedora 29
- cmd/snap-confine: refactor calling snapd tools into helper module
- apparmor: allow snap-update-ns access to common devices
- cmd/snap-confine: capture initialized per-user mount ns
- tests: reduce verbosity around package installation
- data: set KillMode=process for snapd
- cmd/snap: handle DNS error gracefully
- spread, tests: use checkpoints when dumping audit log
- tests/lib/prepare: make sure that SELinux context of repacked core
snap is controlled
- testutils: split checkers, tweak tests
- tests: fix for tests test-*-cgroup
- spread: show AVC audits when debugging, start auditd on Fedora
- spread: drop Fedora 27, add Fedora 29
- tests/lib/reset: restore context of removed snapd directories
- testutil: add File{Present,Absent} checkers
- snap: add new `snap run --trace-exec`
- tests: fix for failover test on how logs are checked
- snapctl: add "services"
- overlord/snapstate: use file timestamp to initialize timer
- cmd/libsnap: introduce and use sc_strdup
- interfaces: let NM access ifindex/ifupdown files
- overlord/snapstate: on refresh, check new rev can read current
- client, store: don't use store from client (use client from store)
- tests/main/parallel-install-store: verify installation of more
than one instance at a time
- overlord: don't write system key if security setup fails
- packaging/fedora/snapd.spec: fix bogus date in changelog
- snapstate: update fontconfig caches on install
- interfaces/apparmor/backend.go:411:38: regular expression does not
contain any meta characters (SA6004)
- asserts/header_checks.go:199:35: regular expression does not
contain any meta characters (SA6004)
- run staticcheck every time :-)
- tests/lib/systemd-escape/main.go:46:14: printf-style function with
dynamic first argument and no further arguments should use print-
style function instead (SA1006)
- tests/lib/fakestore/cmd/fakestore/cmd_run.go:66:15: the channel
used with signal.Notify should be buffered (SA1017)
- tests/lib/fakedevicesvc/main.go:55:15: the channel used with
signal.Notify should be buffered (SA1017)
- spdx/parser.go:30:1: only the first constant has an explicit type
(SA9004)
- overlord/snapstate/snapmgr.go:553:21: printf-style function with
dynamic first argument and no further arguments should use print-
style function instead (SA1006)
- overlord/patch/patch3.go:44:70: printf-style function with dynamic
first argument and no further arguments should use print-style
function instead (SA1006)
- cmd/snap/cmd_advise.go:200:2: empty branch (SA9003)
- osutil/udev/netlink/conn.go:120:5: ineffective break statement.
Did you mean to break out of the outer loop? (SA4011)
- daemon/api.go:992:22: printf-style function with dynamic first
argument and no further arguments should use print-style function
instead (SA1006)
- cmd/snapd/main.go:94:5: ineffective break statement. Did you mean
to break out of the outer loop? (SA4011)
- cmd/snap/cmd_userd.go:73:15: the channel used with signal.Notify
should be buffered (SA1017)
- cmd/snap/cmd_help.go:102:7: io.Writer.Write must not modify the
provided buffer, not even temporarily (SA1023)
- release: probe apparmor features lazily
- overlord,daemon: mock security backends for testing
- cmd/libsnap: move apparmor-support to libsnap
- cmd: drop cruft from snap-discard-ns build rules
- cmd/snap-confine: use snap-discard-ns ns to discard stale
namespaces
- cmd/snap-confine: handle mounted shared /run/snapd/ns
- many: fix composite literals with unkeyed fields
- dirs, wrappers, overlord/snapstate: make completion + bases work
- tests: revert "tests: restore in restore, not prepare"
- many: validate title
- snap: make description maximum in runes, not bytes
- tests: discard mount namespaces in reset.sh
- tests/lib: sync cla check back from snapcraft
- Revert "cmd/snap, tests/main/snap-info: highlight the current
channel"
- daemon: remove enableInternalInterfaceActions
- mkversion: use "test -n" rather than "! test -z"
- run-checks: assorted fixes
- tests: restore in restore, not in prepare
- cmd/snap: fix missing newline in "snap keys" error message
- snap: epoch lists must contain no duplicate entries
- interfaces/avahi_observe: Fix typo in comment
- tests: add SPREAD_JOB to the description of
systemd_create_and_start_unit
- daemon, vendor: bump github.com/coreos/go-systemd/activation,
handle API changes
- Revert "cmd/snap-confine: don't allow mapping lib{uuid,blkid}"
- packaging/fedora: use %_sysctldir macro
- cmd/snap-confine: remove unneeded unshare
- sanity: extend the kernel version check to cover CentOS/RHEL
kernels
- wrappers: remove all desktop files from a snap on removal
- snap: add an explicit check for `epoch: null` loading
- snap: check max description length in validate
- spread, tests: add CentOS support
- cmd/snap-confine: allow mapping more libc shards
- cmd/snap-discard-ns: add support for --from-snap-confine
- tests: make tinyproxy support systemd notify
- tests: fix shellcheck
- snap, store: rename `snap.Epoch`'s `Unset` to `IsZero`
- store: add a test for a non-zero epoch refresh (with epoch bump)
- store: v1 search doesn't send epoch, stop pretending it does
- snap: make any "0" epoch be Unset, and marshalled to {[0],[0]}
- overlord/snapstate: amend test should send local revision
- tests: use mock-gpio.py in enable-disable-units-gpio test
- snap: enforce minimal snap name len of 2
- cmd/libsnap: add sc_verify_snap_lock
- cmd/snap-update-ns: extra debugging of trespassing events
- userd: force zenity width if the text displayed is long
- overlord/snapstate, store: always send epochs
- cmd/snap-confine,snap-update-ns: discard quirks
- cmd/snap: add nanosleep to blacklisted syscalls when running with
--strace
- cmd/snap-update-ns, tests: clean trespassing paths
- nvidia, interfaces/builtin: OpenCL fixes
- ifacestate/hotplug: removeDevice helper
- cmd: install snap-discard-ns in "make hack"
- overlord/ifacestate: setup security backends phased by backends
first
- ifacestate/helpers: added SystemSnapName mapper helper method
- overlord/ifacestate: set hotplug-key of the connection when
connecting hotplug slots
- snapd: allow snap-update-ns to read /proc/version
- cmd: handle tumbleweed and leap in autogen.sh
- interfaces/tests: MockHotplugSlot test helper
- store,daemon: make UserInfo,LoginUser part of the store interface
- overlord/ifacestate: use remapper when checking if system snap is
installed
- tests: fix how pinentry is prepared for new gpg v 2.1 and 2.2
- packaging/arch: fix bash completions path
- interfaces/builtin: add device-buttons interface for accessing
events
- tests, fakestore: extend refresh tests with parallel installed
snaps
- snap, store, overlord/snapshotstate: drop epoch pointers
- snap: make Epoch default to {[0],[0]} on load from yaml
- data/completion: pass documented arguments to completion functions
- tests: skip opensuse from interfaces-openvswitch-support test
- tests: simple reproducer for snap try and hooks bug
- snapstate: do not allow classic mode for strict snaps
- snap: make Epoch's MarshalJSON not simplify
- store: remove unused currentSnap and currentSnapJSON
- many: some small doc comment fixes in recent hotplug code
- ifacestate/udevmonitor: added callback to signal end of
enumeration
- cmd/libsnap: add simplified feature flag checker
- interfaces/opengl: add additional accesses for cuda
- tests: add core18 only hooks test and fix running core18 only on
classic
- sanity, release, cmd/snap: refuse to try to do things on WSL.
- cmd: make coreSupportsReExec faster
- overlord/ifacestate: don't remove the dash when generating unique
slot name
- cmd/snap-seccomp: add full complement of ptrace constants
- cmd: update autogen.sh for opensuse
- interfaces/apparmor: allow access to /run/snap.$SNAP_INSTANCE_NAME
- spread.yaml: add more systems to the autopkgtest and qemu backends
- daemon: spool sideloaded snap into blob dir
overlord/snapstate: address review feedback
- packaging/opensuse: stop using golang-packaging
- overlord/snapshots: survive an unknown user
- wrappers: fix generating of service units with multiple `before`
dependencies
- data: run snapd.autoimport.service only after seeding
- cmd/snap: unhide --name parameter to snap install, tweak help
message
- packaging/fedora: Merge changes from Fedora Dist-Git
- tests/main/snap-service-after-before-install: verify after/before
in snap install
- overlord/ifacestate: mark connections disconnected by hotplug with
hotplug-gone
- ifacestate/ifacemgr: don't reload hotplug-gone connections on
startup
- tests: install dependencies during prepare
- tests,store,daemon: ensure proxy settings are honored in
auth/userinfo too
- tests: core 18 does not support classic confinement
- tests: add debug output for degraded test
- strutil: make VersionCompare faster
- overlord/snapshotstate/backend: survive missing directories
- overlord/ifacestate: use map[string]*connState when passing conns
around
- tests: move fedora 28 to manual
- overlord/snapshotstate/backend: be more verbose when
SNAPPY_TESTING=1
- tests: removing fedora 26 system from spread.yaml
- tests: linode execution is not needed anymore
- tests/lib: adjust to changed systemctl behaviour on debian-9
- tests: fixes and new backend for tests on nested suite
- strutil: let MatchCounter work with a nil regexp
- ifacestate/helpers: findConnsForHotplugKey helper
- many: move regexp.(Must)Compile out of non-init functions into
variables
- store: also make snaps downloaded via deltas 0600
- snap: use Lstat to determine snap size, remove
ReadSnapInfoExceptSize
- interfaces/builtin: add adb-support interface
- tests: fail if install_snap_local fails
- strutil: add extra test to CommaSeparatedList as suggested by
mborzecki
- cmd/snap, daemon, strutil: use CommaSeparatedList to split a CSL
- ifacestate: optimize disconnect hooks
- cmd/snap-update-ns: parse the -u <uid> command line option
- cmd/snap, tests: snapshots for all
- client, cmd/daemon: allow disabling keepalive, improve degraded
mode unit tests
- snap: only show "next" refresh time if its after the hold time
- overlord/snapstate: run tests for classic snaps even on systems
that don't support classic
- overlord/standby: fix a race between standby goroutine and stop
- cmd/snap-exec: don't fail on some try mode snaps
- cmd/snap, userd, testutil: tweak DBus tests to use private session
bus connection
- cmd: remove remnants of sc_should_populate_mount_ns
- client, daemon, cmd/snap: indicate that services are socket/timer
activated
- cmd/snap-seccomp: only look for PTRACE_GETFPX?REGS where available
- cmd/snap-confine: remove SC_NS_FAIL_GRACEFULLY
- snap/pack, cmd/snap: allow specifying the filename of 'snap pack'
- cmd/snap-discard-ns: add support for per-user mount namespaces
- cmd/snap-confine: remove stale mount profile along stale namespace
- data/apt: close stderr when calling snap in the apt install hook.
- tests/main: fixes for the new shellcheck
- testutil, cmd/snap: introduce and use testutil.EqualsWrapped and
fly
- tests: initial setup for testing current branch on nested vm and
hotplug management
- cmd: refactor IPC and lifecycle of the helper process
- tests/main/parallel-install-store: the store has caught up, do not
expect failures
- overlord/snapstate, snap, wrappers: start services in the right
order during install
- interfaces/browser-support, cmd/snap-seccomp: Allow read-only
ptrace, for the Breakpad crash reporter
- snap,client: use a different exit code for retryable errors
- overlord/ifacestate: don't conflict on own discard-snap tasks when
refreshing & doing garbage collection
- cmd/snap: tweak `snap services` output when there is no services
- interfaces/many: updates to support k8s worker nodes
- cmd/snap: gnome-software install via snap:// handler
- overlord/many: cleanup use of snapName vs. instanceName
- snapstate: add command-chain to supported featureset
- daemon, snap: mark screenshots as deprecated
- interfaces: fix decoding of json numbers for static/dynamic
attributes* ifstate: fix decoding of json numbers
- cmd/snap: try not to panic on error from "snap try"
- tests: new cosmic image for spread tests on gce
- interfaces/system-key: add parser mtime and only discover features
on write
- overlord/snapshotstate/backend: detect path to tar in unit tests
- tests/unit/gccgo: drop gccgo unit tests
- cmd: use relative file names in locking APIs
- interfaces: fix NormalizeInterfaceAttributes, add tests
- overlord/snapshotstate/backend: fall back on sudo when no runuser
- cmd/snap-confine: reduce verbosity of debug and error messages
- systemd: extend Status() to work for socket and timer units
- interfaces: typo 'allows' for consistency with other ifaces
- systemd,wrappers: don't start disabled services
- ifacestate: simplify task chaining in ifacestate.Connect
- tests: ensure that goa-daemon is off
- snap/pack, snap/squashfs: remove extra copy before mksquashfs
- cmd/snap: block 'snap help <cmd> --all'
- asserts, image: ensure kernel, gadget, base and required-snaps use
valid snap names
- apparmor: add unit test for probeAppArmorParser and simplify code
- interfaces/apparmor: conditionally add explicit deny rules for
ptrace
- po: sync translations from launchpad
- osutil: tweak handling of error adduser errors
- cmd: rename ns_group to mount_ns
- tests/main/interfaces-accounts-service: more debugging
- snap/pack, snap/squashfs: use type to determine mksquashfs args
- data/systemd, wrappers: tweak system-shutdown helper for core18
- tests: show list of processes when ifaces-accounts-service fails
- tests: do not run degraded test in autopkgtest env
- snap: overhaul validation error messages
- ifacestate/hooks: only create interface hook tasks if hooks exist
- osutil: workaround overlayfs on ubuntu 18.10
- interfaces/home: don't allow snaps to write to $HOME/bin
- interfaces: improve Attr error further
- snapstate: tweak GetFeatureFlagBool() to have a default argument
- many: cleanup remaining parallel installs TODOs
- image: improve validation of extra snaps
* New upstream release, LP: #1795590
- wrappers: use new systemd.IsActive in core18 early boot
- httputil: retry on temporary net errors
- wrappers: only restart service in core18 when they are active
- systemd: start snapd.autoimport.service in --no-block mode
- data/selinux: fix syntax error in definition of snappy_admin
interfacewhen installing selinux-policy-devel package.
- centos: enable SELinux support on CentOS 7
- cmd, dirs, interfaces/apparmor: update distro identification to
support ID="archlinux"
- apparmor: allow hard link to snap-specific semaphore files
- overlord,apparmor: new syskey behaviour + non-ignored snap-confine
profile errors
- snap: add new `snap run --trace-exec` call
- interfaces/backends: detect too old apparmor_parser
* New upstream release, LP: #1795590
- daemon, vendor: bump github.com/coreos/go-systemd/activation,
handle API changes
- snapstate: update fontconfig caches on install
- overlord,daemon: mock security backends for testing
- sanity, spread, tests: add CentOS
- Revert "cmd/snap, tests/main/snap-info: highlight the current
channel"
- cmd/snap: add nanosleep to blacklisted syscalls when running with
--strace
- tests: add regression test for LP #1803535
- snap-update-ns: fix trailing slash bug on trespassing error
- interfaces/builtin/opengl: allow reading /etc/OpenCL/vendors
- cmd/snap-confine: nvidia: pick up libnvidia-opencl.so
- interfaces/opengl: add additional accesses for cuda
* New upstream release, LP: #1795590
- tests,snap-confine: add core18 only hooks test and fix running
core18 only hooks on classic
- interfaces/apparmor: allow access to
/run/snap.$SNAP_INSTANCE_NAME
- spread.yaml: add more systems to the autopkgtest and qemu backends
- daemon: spool sideloaded snap into blob dir
- wrappers: fix generating of service units with multiple `before`
dependencies
- data: run snapd.autoimport.service only after seeding
- tests,store,daemon: ensure proxy settings are honored in
auth/userinfo too
- packaging/fedora: Merge changes from Fedora Dist-Git
- tests/lib: adjust to changed systemctl behaviour on debian-9
- tests/main/interfces-accounts-service: switch to busctl, more
debugging
- store: also make snaps downloaded via deltas 0600
- cmd/snap-exec: don't fail on some try mode snaps
- cmd/snap, userd, testutil: tweak DBus tests to use private session
bus connection
- tests/main: fixes for the new shellcheck
- cmd/snap-confine: remove stale mount profile along stale namespace
- data/apt: close stderr when calling snap in the apt install hook
* New upstream release, LP: #1795590
- overlord/snapstate, snap, wrappers: start services in the right
order during install
- tests: the store has caught up, drop gccgo test, update cosmic
image
- cmd/snap: try not to panic on error from "snap try"`--devmode`
- overlord/ifacestate: don't conflict on own discard-snap tasks when
refreshing & doing garbage collection
- snapstate: add command-chain to supported featureset
- daemon, snap: mark screenshots as deprecated
- interfaces: fix decoding of json numbers for static/dynamic
attributes
- data/systemd, wrappers: tweak system-shutdown helper for core18
- interfaces/system-key: add parser mtime and only discover features
on write
- interfaces: fix NormalizeInterfaceAttributes, add tests
- systemd,wrappers: don't start disabled services
- ifacestate/hooks: only create interface hook tasks if hooks exist
- tests: do not run degraded test in autopkgtest env
- osutil: workaround overlayfs on ubuntu 18.10
- interfaces: include invalid type in Attr error
- many: enable layouts by default
- interfaces/default: don't scrub with change_profile with classic
- cmd/snap: speed up unit tests
- vendor, cmd/snap: refactor to accommodate the new less buggy go-
flags
- daemon: expose snapshots to the API
- interfaces: updates for default, screen-inhibit-control, tpm,
{hardware,system,network}-observe
- interfaces/hotplug: rename HotplugDeviceKey method to HotplugKey,
update test interface
- interfaces/tests: use TestInterface instead of a custom local
helper
- overlord/snapstate: export getFeatureFlagBool.
- osutil,asserts,daemon: support force password change in system-
user assertion
- snap, wrappers: support restart-delay, generate RestartSec=<value>
in service units
- tests/ifacestate: moved asserts-related mocking into helper
- image: fetch device store assertion if available
- many: enable AppArmor on Arch
- interfaces/repo: two helper methods for hotplug
- overlord/ifacestate: add hotplug slots with implicit slots
- interfaces/hotplug: helpers and struct updates
- tests: run the snapd tests on Ubuntu 18.10
- snapstate: only report errors if there is an actual error
- store: speedup unit tests
- spread-shellcheck: fix interleaved error messages, tweaks
- apparmor: create SnapAppArmorDir in setupSnapConfineReexec
- ifacestate: implementation of defaultDeviceKey function for
hotplug
- cmd/snap-update-ns: remove empty placeholders used for mounting
- snapshotstate: restore to current revision
- tests/lib: rework the CLA checker
- many: support and consider store friendly-stores when checking
device scope constraints
- overlord/snapstate: block parallel installs of snapd, core, base,
kernel, gadget snaps
- overlord/patch: patch for static plug/slot attributes
- interfaces: honor static attributes when reloading conns
- osutils: unit tests speedup; introduce run-checks --short-
unit.
- systemd, wrappers: speed up wrappers unit tests
- client: speedup unit tests
- spread-shellcheck: use threads to parallelise
- snap: validate plug and slot names
- osutil, interfaces/apparmor: add and use of osutil.UnlinkMany
- wrappers: do not depend on network.taget in socket units, tweak
generated units
- interfaces/apparmor: (un)load profiles in one apparmor_parser call
- store: gracefully handle unexpected errors in 'action'
response
- cmd: put our manpages in section 8
- overlord: don't make become-operational interfere with user
requests
- store: tweak unmatched refresh result error log
- snap, client, daemon, store: use and expose "media" more
- tests,cmd/snap-update-ns: add test showing mount update bug
cmd/snap-update-ns: better detection of snapd-made tmpfs
- tests: spread tests for aliases with parallel installed snaps
- interfaces/seccomp: allow using statx by default
- store: gracefully handle unexpected errors in 'action' response
- overlord/snapshotstate: chown the tempdir
- cmd/snap: attempt to start the document portal if running with a
session bus
- snap: detect layouts vs layout in snap.yaml
- interfaces/apparmor: handle overlayfs snippet for snap-update-ns
- snapcraft.yaml: set grade to stable
- tests: shellchecks, final round
- interfaces/apparmor: handle overlayfs snippet for snap-update-ns
- snap: detect layouts vs layout in snap.yaml
- overlord/snapshotstate: store epoch in snapshot, check on restore
- cmd/snap: tweak UX of snap refresh --list
- overlord/snapstate: improve consistency, use validateInfoAndFlags
also in InstallPath
- snap: give Epoch a CanRead helper
- overlord/snapshotstate: small refactor of internal helpers
- interfaces/builtin: adding missing permission to create
/run/wpa_supplicant directory
- interfaces/builtin: avahi interface update
- client, daemon: support passing of 'unaliased' option when
installing from local files
- selftest: rename selftest.Run() to sanity.Check()
- interfaces/apparmor: report apparmor support level and policy
- ifacestate: helpers for generating slot names for hotplug
- overlord/ifacestate: make sure to pass in the Model assertion when
enforcing policies
- overlord/snapshotstate: store the SnapID in snapshot, block
restore if changed
- interfaces: generalize writable mimic profile
- asserts,interfaces/policy: add support for on-store/on-brand/on-
model plug/slot rule constraints
- many: fetch the device store assertion together and in the context
of interpreting snap-declarations
- tests: disable gccgo tests on 18.04 for now, until dh-golang vs
gccgo is fixed
- tests/main/parallel-install-services: add spread test for snaps
with services
- tests/main/snap-env: extend to cover parallel installations of
snaps
- tests/main/parallel-install-local: rename from *-sideload, extend
to run snaps
- cmd/snapd,daemon,overlord: without snaps, stop and wait for socket
- cmd/snap: tame the help zoo
- tests/main/parallel-install-store: run installed snap
- cmd/snap: add a bunch of TRANSLATORS notes (and a little more
i18n)
- cmd: fix C formatting
- tests: remove unneeded cleanup from layout tests
- image: warn on missing default-providers
- selftest: add test to ensure selftest.checks is up-to-date
- interfaces/apparmor, interfaces/builtin: tweaks for parallel snap
installs
- userd: extend the list of supported XDG Desktop properties when
autostarting user applications
- cmd/snap-update-ns: enforce trespassing checks
- selftest: actually run the kernel version selftest
- snapd: go into degraded mode when the selftest fails
- tests: add test that runs snapctl with a core18 snap
- tests: add snap install hook with base: core18
- overlord/{snapstate,assertstate}: parallel instances and
refresh validation
- interfaces/docker-support: add rules to read apparmor macros
- tests: make nfs test available for more systems
- tests: cleanup copy/paste dup in interfaces-network-setup-control
- tests: using single sh snap in interface tests
- overlord/snapstate: improve cleaup in mount-snap handler
- tests: don't fail interfaces-bluez test if bluez is already
installed
- tests: find snaps just for edge and beta channels
- daemon, snapstate: consistent snap list [--all] output with broken
snaps
- tests: fix listing to allow extra things in the notes column
- cmd/snap: improve UX when removing specific snap revision
- cmd/snap, tests/main/snap-info: highlight the current channel
- interfaces/testiface: added TestHotplugInterface
- snap: tweak commands
- interfaces/hotplug: hotplug spec takes one slot definition
- overlord/snapstate, snap: handle shared snap directories when
installing/remove snaps with instance key
- interfaces/opengl: misc accesses for VA-API
- client, cmd/snap: expose warnings to the world
- cmd/snap-update-ns: introduce trespassing state tracking
- cmd/snap: commands no longer build their own client
- tests: try to build cmd/snap for darwin
- daemon: make error responders not printf when called with 1
argument
- many: return real snap name in API response
- overlord/state: return latest LastAdded time in WarningsSummary
- many: mount namespace mapping for parallel installs of snaps
- ifacestate/autoconnect: do not self-conflict on setup-profiles if
core-phase-2
- client, cmd/snap: on !linux, exit when the client tries to Do
something
- tests: refactor for nested suite and tests fixed
- tests: use lxd's waitready instead of polling lxd socket
- ifacestate: don't initialize udev monitor until we have a system
snap
- interfaces: extra argument for static attrs in
NewConnectedPlug/NewConnectedSlot
- packaging/arch: sync packaging with AUR
- snapstate/tests: serialize all appends in fake backend
- snap-confine: make /lib/modules optional
- cmd/snap: handle "snap interfaces core" better
- store: move download tests into downloadSuite
- tests,interfaces: run interfaces-account-control on UC18
- tests: fix install snaps test by adding link to /snap
- tests: fix for nested test suite
- daemon: fix snap list --all with parallel snap instances
- snapstate: refactor tests to use SetModel*
- wrappers: fix snap services order in tests
- many: provide salt for generating instance-key in store requests
- ifacestate: fix hang when retrying content providers
- snapd-env-generator: fix when PATH is empty or unset
- overlord/assertstate: propagate TaskSnapSetup error
- client: catch and expose logs errors
- overlord: integrate device enumeration with udev monitor
- daemon, overlord/state: warnings pipeline
- tests: add publisher regex to fix the snap-info test pass on sru
- cmd: use systemdsystemgeneratorsdir, cleanup automake complaints,
tweaks
- cmd/snap-update-ns: remove the unused Secure type
- osutil, o/snapshotstate, o/sss/backend: quick fixes
- tests: update the listing expression to support core from
different channels
- store: use stable instance key in store refresh requests
- cmd/snap-update-ns: detach Mk{Prefix,{File,Dir,Symlink{,All}}}
- overlord/patch: support for sublevel patches
- tests: update prepare/restore for nightly suite
- cmd/snap-update-ns: detach BindMount from the Secure type
- cmd/snap-update-ns: re-factor pair of helpers to call fstatfs once
- ifacestate: retry on "discard-snap" in autoconnect conflict check
- cmd/snap-update-ns: separate OpenPath from the Secure struct
- wrappers: remove Wants=network-online.target
- tests: add new core16-base test
- store: refactor tests so that they work as store_test package
- many: add refresh.rate-limit core option
- tests: run account-control test with different bases
- tests: port proxy test to use python tinyproxy
- overlord: introduce snapshotstate.
- testutil: allow Fstatfs results to vary over time
- snap-update-ns: add comments about the "deadcode" in bootstrap.go
- overlord: add chg.Err() in testUpdateWithAutoconnectRetry
- many: remove deadcode
- tests: also run unit/gccgo in 18.04
- tests: introduce a helper for installing local snaps with --name
- tests: avoid removing core snap on reset
- snap: use snap.SideInfo in test to fix build with gccgo
- partition: remove unused runCommand
- image: fix incorrect error when using local bases
- overlord/snapstate: fix format
- cmd: fix format
- tests: setting "storage: preserve-size" just for amazon-linux
system
- tests: test for the hostname interface
- interfaces/modem-manager: allow access to more USB strings
- overlord: instantiate UDevMonitor
- interfaces/apparmor: tweak naming, rename to AddLayout()
- interfaces: take instance name in ifacetest.InstallSnap
- snapcraft: do not use --dirty in mkversion
- cmd: add systemd environment generator
- devicestate: support getting (http) proxy from core config
- many: rename ClientOpts to ClientOptions
- prepare-image-grub-core18: remove image root in restore
- overlord/ifacestate: remove "old-conn" from connect/undo connect
handlers
- packaging/fedora: Merge changes from Fedora Dist-Git
- image: handle errors when downloadedSnapsInfoForBootConfig has no
data
- tests: use official core18 model assertion in tests
- snap-confine: map /var/lib/extrausers into snaps mount-namespace
- overlord,store: support proxy settings internally too
- cmd/snap: bring back 'snap version'
- interfaces/mount: tweak naming of things
- strutil: fix MatchCounter to also work with buffer reuse
- cmd,interfaces,tests: add /mnt to removable-media interface
- systemd: do not run "snapd.snap-repair.service.in on firstboot
bootstrap
- snap/snapenv: drop some instance specific variables, use instance-
specific ones for user locations
- firstboot: sort by type when installing the firstboot snaps
- cmd, cmd/snap: better support for non-linux
- strutil: add new ParseByteSize
- image: detect and error if bases are missing
- interfaces/apparmor: do not downgrade confinement on arch with
linux-hardened 4.17.4+
- daemon: add pokeStateLock helper to the daemon tests
- snap/squashfs: improve error message from Build on mksquashfs
failure
- tests: remove /etc/alternatives from dirs-not-shared-with-host
- cmd: support re-exec into the "snapd" snap
- spdx: remove "Other Open Source" from the support licenses
- snap: add new type "TypeSnapd" and attach to the snapd snap
- interfaces: retain order of inserted security backends
- tests: spread test for parallel-installs desktop file handling
- overlord/devicestate: use OpenSSL's PEM format when generating
keys
- cmd: remove --skip-command-chain from snap run and snap-exec
- selftest: detect if apparmor is unusable and error
- snap,snap-exec: support command-chain for hooks
- tests: significantly reduce execution time for managers test
- snapstate: use new "snap.ByType" sorting
- overlord/snapstate: fix UpdateMany() to work with parallel
instances
- testutil: have File* checker produce more useful error output
- overlord/ifacestate: introduce connectOpts
- interfaces: parallel instances support, extend unit tests
- tests: normalize tests
- snapstate: make InstallPath() return *snap.Info too
- snap: add ByType sorting
- interfaces: add cifs-mount interface
- tests: use file based markers in snap-service-stop-mode
- osutil: reorg and stub out things to get it building on darwin
- tests/main/layout: cleanup after the test
- osutil/sys: small tweaks to let it build on darwin
- daemon, overlord/snapstate: set instance name when installing from
snap file
- many: move Uname to osutil, for more DRY and easier porting.
- cmd/snap: create snap user directory when running parallel
installed snaps
- cmd/snap-confine: switch to validation of SNAP_INSTANCE_NAME
- tests: basic test for parallel installs from the store
- image: download the gadget from the model.GadgetTrack()
- snapstate: add support for gadget tracks in model assertion
- image: add support for "gadget=track"
- overlord: handle sigterm during shutdown better
- tests: add the original function to fix the errors on new kernels
- tests/main/lxd: pull lxd from candidate; renable i386
- wayland: add extra sockets that are used by older toolkits (e.g.
gtk3)
- asserts: add support for gadget tracks in the model assertion
- overlord/snapstate: improve feature flag validation
- tests/main/lxd: run ubuntu-16.04 only on 64 bit variant
- interfaces: workaround for activated services and newer DBus
- tests: get the linux-image-extra available for the current kernel
- interfaces: add new "sysfs-name" to i2c interfaces code
- interfaces: disconnect hooks
- cmd/libsnap: unify detection of core/classic with go
- tests: fix autopkgtest failures in cosmic
- snap: fix advice json
- overlord/snapstate: parallel snap install
- store: backward compatible instance-key handling for non-instance
snaps
- interfaces: add screencast-legacy for video and audio recording
- tests: skip unsupported architectures for fedora-base-smoke test
- tests: avoid using the journalctl cursor when it has not been
created yet
- snapstate: ensure normal snaps wait for the "snapd" snap on
refresh
- tests: enable lxd again everywhere
- tests: new test for udisks2 interface
- interfaces: add cpu-control for setting CPU tunables
- overlord/devicestate: fix tests, set seeded in registration
through proxy tests
- debian: add missing breaks on cosmic
- devicestate: only run device-hook when fully seeded
- seccomp: conditionally add socketcall() based on system and base
- tests: new test for juju client observe interface
- overlord/devicestate: DTRT w/a snap proxy to reach a serial vault
- snapcraft: set version information for the snapd snap
- cmd/snap, daemon: error out if trying to install a snap using
empty name
- hookstate: simplify some hook tests
- cmd/snap-confine: extend security tag validation to cover instance
names
- snap: fix mocking of systemkey in snap-run tests
- packaging/opensuse: fix static build of snap-update-ns and snap-
exec
- interfaces/builtin: addtl network-manager resolved DBus fix
- udev: skip TestParseUdevEvent on ppc
- interfaces: miscellaneous policy updates
- debian: add tzdata to build-dep to ensure snapd builds correctly
- cmd/libsnap-confine-private: intoduce helpers for validating snap
instance name and instance key
- snap,snap-exec: support command-chain for app
- interfaces/builtin: network-manager resolved DBus changes
- snap: tweak `snap wait` command
- cmd/snap-update-ns: introduce validation of snap instance names
- cmd/snap: fix some corner-case test setup weirdness
- cmd,dirs: fix various issues discovered by a Fedora base snap
- tests/lib/prepare: fix extra snaps test
* New upstream release, LP: #1786438
- interfaces/home: don't allow snaps to write to $HOME/bin
- osutil: workaround overlayfs on ubuntu 18.10
* New upstream release, LP: #1786438
- wrappers: do not depend on network.taget in socket units, tweak
generated units
* New upstream release, LP: #1786438
- overlord: don't make become-operational interfere with user
requests
- docker_support.go: add rules to read apparmor macros
- interfaces/apparmor: handle overlayfs snippet for snap-update-
nsFixes:
- snapcraft.yaml: add workaround to fix snapcraft build
- interfaces/opengl: misc accesses for VA-API
* New upstream release, LP: #1786438
- cmd,overlord/snapstate: go 1.11 format fixes
- ifacestate: fix hang when retrying content providers
- snap-env-generator: do nothing when PATH is unset
- interfaces/modem-manager: allow access to more USB strings
* New upstream release, LP: #1786438
- packaging/fedora: Merge changes from Fedora Dist-Git
- snapcraft: do not use --diry in mkversion.sh
- cmd: add systemd environment generator
- snap-confine: map /var/lib/extrausers into snaps mount-namespace
- tests: cherry-pick test fixes from master for 2.35
- systemd: do not run "snapd.snap-repair.service.in on firstboot
bootstrap
- interfaces: retain order of inserted security backends
- selftest: detect if apparmor is unusable and error
* New upstream release, LP: #1786438
- snapstate: add support for gadget tracks in model assertion
- image: add support for "gadget=track"
- asserts: add support for gadget tracks in the model assertion
- interfaces: add new "sysfs-name" to i2c interfaces code
- overlord: handle sigterm during shutdown better
- wayland: add extra sockets that are used by older toolkits
- snap: fix advice json
- tests: fix autopkgtest failures in cosmic
- store: backward compatible instance-key handling for non-instance
snaps
- snapstate: ensure normal snaps wait for the "snapd" snap on
refresh
- interfaces: add cpu-control for setting CPU tunables
- debian: add missing breaks on comisc
- overlord/devicestate: DTRT w/a snap proxy to reach a serial vault
- devicestate: only run device-hook when fully seeded
- seccomp: conditionally add socketcall() based on system and base
- interfaces/builtin: addtl network-manager resolved DBus fix
- hookstate: simplify some hook tests
- udev: skip TestParseUdevEvent on ppc
- interfaces: miscellaneous policy updates
- debian: add tzdata to build-dep to ensure snapd builds correctly
- interfaces/builtin: network-manager resolved DBus changes
- tests: add spread test for fedora29 base snap
- cmd/libsnap: treat distributions with VARIANT_ID=snappy as "core"
- dirs: fix SnapMountDir inside a Fedora base snap
- tests: fix snapd-failover for core18 with external backend
- overlord/snapstate: always clean SnapState when doing Get()
- overlod/ifacestate: always use a new SnapState when fetching the
snap state
- overlord/devicestate: have the serial request talk to the proxy if
set
- interfaces/hotplug: udevadm output parser
- tests: New test for daemon-notify interface
- image: ensure "core" is ordered early if base: and core is used
- cmd/snap-confine: snap-device-helper parallel installs support
- tests: enable interfaces-framebuffer everywhere
- tests: reduce nc wait time from 2 to 1 second
- snap/snapenv: add snap instance specific variables
- cmd/snap-confine: add minimal test for snap-device-helper
- tests: enable snapctl test on core18
- overlord: added UDevMonitor for future hotplug support
- wrappers: do not glob when removing desktop files
- tests: add dbus monitor log to interfaces-accounts-service
- tests: add core-18 systems to external backend
- wrappers: account for changed app wrapper in parallel installed
snaps
- wrappers: make sure that the tests pass on non-Ubuntu too
- many: add snapd snap failure handling
- tests: new test for dvb interface
- configstate: accept refresh.timer=managed
- tests: new test for snap logs command
- wrapper: generate all the snapd unit files when generating
wrappers
- store: keep all files with link-count > 1 in the cache
- store: be less verbose in the common refresh case of "no updates"
- snap-confine: update snappy-app-dev path
- debian: ensure dependency on fixed apt on 18.04
- snapd: add initial software watchdog for snapd
- daemon, systemd: change journalctl -n=all to --no-tail
- systemd: fix snapd.apparmor.service.in dependencies
- snapstate: refuse to remove bases or core if snaps need them
- snap: introduce package-level helpers for building snap related
directory/file paths
- overlord/devicestate: deny parallel install of kernel or gadget
snaps
- store: clean up parallel-install TODOs in store tests
- timeutil: fix first weekday of the month schedule
- interfaces: match all possible tty but console
- tests: shellchecks part 5
- cmd/snap-confine: allow ptrace read for 4.18 kernels
- advise: make the bolt database do the atomic rename dance
- tests/main/apt-hooks: debug dump of commands.db
- tests/lib/prepare-restore: update Arch Linux kernel LOCALVERSION
handling
- snap: validate instance name as part of Validate()
- daemon: if a snap is inactive, don't ask systemd about its
services.
- udev: skip TestParseUdevEvent on s390x
- tests: switch core-amd64-18 to use `kernel: pc-kernel=18`
- asserts,image: add support for new kernel=track syntax
- tests: new gce image for fedora 27
- interfaces/apparmor: use the cache in mtime-resilient way
- store, overlord/snapstate: introduce instance name in store APIs
- tests: drive-by cleanup of redudant pkgname matching
- tests: ensure apt-hook is only run after catalog update ran
- tests: use pkill instead of kilall
- tests/main: another bunch of updates for Amazon Linux 2
- tests/lib/snaps: avoid using relative command paths that go up in
the directory tree
- tests: disable/fix more tests for Amazon Linux 2
- overlord: introduce InstanceKey to SnapState and SnapSetup,
renames
- daemon: make sure most change generating handlers can produce
errors with kinds
- tests/main/interfaces-calendar-service: skip the test on AMZN2
- tests/lib/snaps: avoid using relative command paths that go up in
the directory tree
- cmd/snap: add a green check mark to verified publishers
- cmd/snap: fix two issues in the cmd/snap unit tests
- packaging/fedora: fix target path of /snap symlink
- cmd/snap: support `--last=<type>?` to mean "no error on empty"
- cmd/snap-confine: (nvidia) pick up libnvidia-glvkspirv.so
- strutil: detect and bail out of Unmarshal on duplicate key
- packaging/fedora(amzn2): disable SELinux, drop dependency on
squashfuse for AMZN2
- spread, tests: add support for Amazon Linux 2
- packaging/fedora: Add Amazon Linux 2 support
- many: make Wait/Stop optional on StateManagers
- snap/squashfs: stop printing unsquashfs info to stderr
- snap: add support for `snap advise-snap --from-apt`
- overlord/ifacestate: ignore connect if already connected
- tests: change the service snap used instead of network-bind-
consumer
- interfaces/network-control: update for wpa-supplicant and ifupdown
- tests: fix raciness in stop mode tests
- logger: try to not have double dates
- debian: use deb-systemd-invoke instead of systemctl directly
- tests: run all main tests on core18
- many: finish sharing a single TaskRunner with all the managers
- interfaces/repo: added AllHotplugInterfaces helper
- snapstate: ensure kernel-track is honored on switch/refresh
- overlord/ifacestate: support implicit slots on snapd
- image: add support for "kernel-track" in `snap prepare-image`
- tests: add test that ensures we do not boot any system in degraded
state
- tests: update tests to work on core18
- cmd/snap: check for typographic dashes in command
- tests: fix tests expecting old email address
- client: add some existing error kinds that were not listed in
client.go
- tests: add missing slots in classic and core provider test snaps
- overlord,daemon,cmd: re-map snap names around the edges of snapd
- tests: use install_local in snap-run-hooks
- coreconfig: add support for `snap set system network.disable-
ipv6`
- overlord/snapstate: dedupe default content providers
- osutil/udev: sync with upstream
- debian: do not ship snapd.apparmor.service on ubuntu
- overlord: have SnapManager use a passed in TaskRunner created by
Overlord
- many: streamline the generic conflict check mechanisms
- tests: remove unneeded setup code in snap-run-symlink
- cmd/snap: print unset license as "unset", instead of "unknown"
- asserts: add (optional) kernel-track to model assertion
- snap/squashfs, tests: pass -n[o-progress] to {mk,un}squashfs
- interfaces/pulseaudio: be clear that the interface allows playback
and record
- snap: support hook environment
- interfaces: fix typo "daemonNotify" (add missing "n")
- interfaces: tweak tests of daemon-notify, use common naming
- interfaces: allow invoking systemd-notify when daemon-notify is
connected
- store: make snap blobs be 0600
- interfaces,daemon: move JSON types to the daemon
- tests: prepare needs to handle bin/snapctl being a symlink
- tests: do not mask errors in interfaces-timezone-control (#5405)
- packaging: put snapctl into /usr/lib/snapd and symlink in usr/bin
- tests: add basic integration test for spread hold
- overlord/snapstate: improve PlugsOnly comment
- many: assorted shellcheck fixes
- store, daemon, client, cmd/snap: expose "scope", default to wide
- snapstate: allow setting "refresh.timer=managed"
- cmd/snap: display a link to data privacy notice for interactive
snap login
- client, cmd/snap: pass snap instance name when installing from
file
- cmd/snap: add 'debug paths' command
- snapstate: make sure all *link-*snap tasks carry a snap type and
further hints
- devicestate: fix race when refreshing a snap with snapd-control
- tests: fix tests on arch
- tests: start active system units on reset
- tests: new test for joystick interface
- tests: moving install of dependencies to pkgdb helper
- tests: enable new fedora image with test dependencies installed
- tests: start using the new opensuse image with test dependencies
- tests: check catalog refresh before and after restart snapd
- tests: stop restarting journald service on prepare
- interfaces: make core-support a no-op interface
- interfaces: prefer "snapd" when resolving implicit connections
- interfaces/hotplug: add hotplug Specification and
HotplugDeviceInfo
- many: lessen the use of core-support
- tests: fixes for the autopkgtest failures in cosmic
- tests: remove extra ' which breaks interfaces-bluetooth-control
test
- dirs: fix antergos typo
- tests: use grep to avoid non-matching messages from MATCH
- dirs: improve distro detection for Antegros
- vendor: switch to latest bson
- interfaces/builtin: create can-bus interface
- tests: "snap connect" is idempotent so just connect
- many: use extra "releases" information on store "revision-not-
found" errors to produce better errors
- interfaces: treat "snapd" snap as type:os
- interfaces: tweak tests to have less repetition of "core" and
"ubuntu
- tests: simplify econnreset test
- snap: add helper for renaming slots
- devicestate: fix panic in firstboot code when no snaps are seeded
- tests: add artful for sru validation on google backend
- snap,interfaces: move interface name validation to snap
- overlord/snapstate: introduce path to fake backend ops
- cmd/snap-confine: fix snaps running on core18
- many: expose publisher's validation throughout the API
* New upstream release, LP: #1779403
- interfaces/apparmor: use the cache in mtime-resilient way
- cmd/snap-confine: (nvidia) pick up libnvidia-glvkspirv.so
- snapstate: allow setting "refresh.timer=managed"
- spread: switch Fedora and openSUSE images
* New upstream release, LP: #1779403
- packaging: fix bogus date in fedora snapd.spec
- tests: fix tests expecting old email address
* New upstream release, LP: #1779403
- tests: cherry-pick test fixes from master for 2.34
- coreconfig: add support for `snap set system network.disable-
ipv6`
- debian: do not ship snapd.apparmor.service on ubuntu
- overlord/snapstate: dedupe default content providers
- interfaces/builtin: create can-bus interface
* New upstream release, LP: #1779403
- store, daemon, client, cmd/snap: expose "scope", default to wide*
- tests: fix arch tests
- snapstate: make sure all *link-*snap tasks carry a snap type and
further hints
- snapstate: allow setting "refresh.timer=managed"
- cmd/snap: display a link to data privacy notice for interactive
snap login
- devicestate: fix race when refreshing a snap with snapd-control
- tests: skip interfaces-framebuffer when no /dev/fb0 is found
- tests: run interfaces-contacts-service only where test-snapd-eds
is available
- many: expose publisher's validation throughout the API
- many: use extra "releases" information on store "revision-not-
found" errors to produce better errors
- dirs: improve distro detection for Antegros
- Revert "dirs: improve identification of Arch Linux like systems"
- devicestate: fix panic in firstboot code when no snaps are seeded
- i18n: use xgettext-go --files-from to avoid running into cmdline
size limits
- interfaces: move ValidateName helper to utils
- snapstate,ifstate: wait for pending restarts before auto-
connecting
- snap: account for parallel installs in wrappers, place info and
tests
- configcore: fix incorrect handling of keys with numbers (like
gpu_mem_512)
- tests: fix tests when no keyboard input detected
- overlord/configstate: add watchdog options
- snap-mgmt: fix for non-existent dbus system policy dir,
shellchecks
- tests/main/snapd-notify: use systemd's service properties rater
than the journal
- snapstate: allow removal of snap.TypeOS when using a model with a
base
- interfaces: make findSnapdPath smarter
- tests: run "arp" tests only if arp is available
- spread: increase the number of auto retries for package downloads
in opensuse
- cmd/snap-confine: fix nvidia support under lxd
- corecfg: added experimental.hotplug feature flag
- image: block installation of parallel snap instances
- interfaces: moved normalize method to interfaces/utils and made it
public
- api/snapctl: allow -h and --help for regular users.
- interfaces/udisks2: also implement implicit classic slot
- cmd/snap-confine: include CUDA runtime libraries
- tests: disable auto-refresh test on core18
- many: switch to account validation: unproven|verified
- overlord/ifacestate: get/set connection state only via helpers
- tests: adding extra check to validate journalctl is showing
current test data
- data: add systemd environment configuration
- i18n: handle write errors in xgettext-go
- snap: helper for validating snap instance names
- snap{/snaptest}: set instance key based on snap name
- userd: fix running unit tests on KDE
- tests/main/econnreset: limit ingress traffic to 512kB/s
- snap: introduce a struct Channel to represent store channels, and
helpers to work with it
- tests: add fedora to distro_clean_package_cache function
- many: rename snap.Info.StoreName() to snap.Info.SnapName()
- tests: add spread test to ensure snapd/core18 are not removable
- tests: tweaks for running the main tests on core18
- overlord/{config,snap}state: introduce experimental.parallel-
instances feature flag
- strutil: support iteration over almost clean paths
- strutil: add PathIterator.Rewind
- tests: update interfaces-timeserver-control to core18
- tests: add halt-timeout to google backend
- tests: skip security-udev-input-subsystem without /dev/input/by-
path
- snap: introduce the instance key field
- packaging/opensuse: remaining packaging updates for 2.33.1
- overlord/snapstate: disallow installing snapd on baseless models
- tests: disable core tests on all core systems (16 and 18)
- dirs: improve identification of Arch Linux like systems
- many: expose full publisher info over the snapd API
- tests: disable core tests on all core systems (16 and 18)
- tests/main/xdg-open: restore or clean up xdg-open
- tests/main/interfaces-firewall-control: shellcheck fix
- snapstate: sort "snapd" first
- systemd: require snapd.socket in snapd.seeded.service; make sure
snapd.seeded
- spread-shellcheck: use the latest shellcheck available from snaps
- tests: use "ss" instead of "netstat" (netstat is not available in
core18)
- data/complete: fix three out of four shellcheck warnings in
data/complete
- packaging/opensuse: fix typo, missing assignment
- tests: initial core18 spread image building
- overlord: introduce a gadget-connect task and use it at first boot
- data/completion: fix inconsistency in +x and shebang
- firstboot: mark essential snaps as "Required" in the state
- spread-shellcheck: use a whitelist of files that are allowed to
fail validation
- packaging/opensuse: build position-independent binaries
- ifacestate: prevent running interface hooks twice when self-
connecting on autoconnect
- data: remove /bin/sh from snapd.sh
- tests: fix shellcheck 0.5.0 warnings
- packaging/opensuse: snap-confine should be 06755
- packaging/opensuse: ship apparmor integration if enabled
- interfaces/udev,misc: only trigger udev events on input subsystem
as needed
- packaging/opensuse: add missing bits for snapd.seeded.service
- packaging/opensuse: don't use %-macros in comments
- tests: shellchecks part 4
- many: rename snap.Info.Name() to snap.Info.InstanceName(), leave
parallel-install TODOs
- store: drop unused: channel map types, and details fixture.
- store: have a basic test about the unmarshalling of /search
results
- tests: show executed tests on current system when a test fails
- tests: fix for the download of the big snap
- interfaces/apparmor: add chopTree
- tests: remove double debug: | entry in tests and add more checks
- cmd/snap-update-ns: introduce mimicRequired helper
- interfaces: move assertions around for better failure line number
- store: log a nice clear "download succeeded" message
- snap: run snap-confine from the re-exec location
- snapstate: support restarting snapd from the snapd snap on core18
- tests: show status of the partial test-snapd-huge snap in
econnreset test
- tests: fix interfaces-calendar-service test when gvfsd-metadata
loks the xdg dirctory
- store: switch store.SnapInfo to use the new v2/info endpoint
- interfaces: add Repository.AllInterfaces
- snapstate: stop using evolving SnapSpec internally, use an
internal-only snapSpec instead
- cmd/libsnap-confine-private: introduce a helper for splitting snap
name
- tests: econnreset/retry tweaks
- store, et al: kill dead code that uses the bulk endpoint
- tests/lib/prepare-restore: fix upgrade/reboot handling on arch
- cmd/snap-update-ns,strutil: move PathIterator to strutil, add
Depth helper
- data/systemd/snapd.run-from-snap: ensure snapd tooling is
available
- store: switch connectivity check to use v2/info
- devicestate: support seeding from a base snap instead of core
- snapstate,ifacestate: remove core-phase-2 handling
- interfaces/docker-support: update for docker 18.05
- tests: enable fedora 28 again
- overlord/ifacestate: simplify checkConnectConflicts and also
connect signature
- snap: parse connect instructions in gadget.yaml
- tests: fix snapd-repair.timer on ubuntu-core-snapd-run- from-snap
test
- interfaces/apparmor: allow killing snap-update-ns
- tests: skip "try" test on s390x
- store, image: have 'snap download' use v2/refresh action=download
- interfaces/policy: test that base policy can be parsed
- tests: publish test-snapd-appstreamid for any architecture
- snap: don't include newline in hook environment
- cmd/snap-update-ns: use RCall with SyscallsEqual
- cmd/snap-update-ns: add IsSnapdCreatedPrivateTmpfs and tests
- tests: skip security-dev-input-event-denied on s390x/arm64
- interfaces: add the dvb interface
- daemon: paging is not a thing.
- cmd/snap-mgmt: remove system key on purge
- testutil: syscall sequence checker
- cmd/snap-update-ns: fix a leaking file descriptor in MkSymlink
- packaging: use official bolt in the errtracker on fedora
- many: add `snap debug connectivity` command* many: add `snap debug
connectivity` command
- configstate: deny configuration of base snaps and for the "snapd"
snap
- interfaces/raw-usb: also allow usb serial devices
- snap: reject more layout locations
- errtracker: do not send duplicated reports
- httputil: extra debug if an error is not retried
- cmd/snap-update-ns: improve wording in many errors
- cmd/snap: use snaptest.MockSnapCurrent in `snap run` tests
- cmd/snap-update-ns: add helper for checking for read-only
filesystems
- interfaces/builtin/docker: use commonInterface over specific
struct
- testutil: add test support for Fstatfs
- cmd/snap-update-ns: discard the concept of segments
- cmd/libsnap-confine-private: helper for extracting store snap name
from local-name
- tests: fix flaky test for hooks undo
- interfaces: add {contacts,calendar}-service interfaces
- tests: retry 'restarting into..' match in the snap-confine-from-
core test
- systemd: adjust TestWriteMountUnitForDirs() to use
squashfs.MockUseFuse(false)
- data: add helper that can generate/start/stop the snapd service
- sefltest: advise reboot into 4.4 on trusty running 3.13
- selftest: add new selftest package that tests squashfs mounting
- store, jsonutil: move store.getStructFields to
jsonutil.StructFields
- ifacestate: improved conflict and error handling when creating
autoconnect tasks
- cmd/snap-confine: applied make fmt
- interfaces/udev: call 'udevadm settle --timeout=10' after
triggering events
- tests: wait more time until snap start to be downloaded on
econnreset test
- snapstate: ensure fakestore returns TypeOS for the core snap
- tests: fix lxd test which hangs on restore
- cmd/snap-update-ns: add PathIterator
- asserts,image: add support for models with bases
- tests: shellchecks part 3
- overlord/hookstate: support undo for hooks
- interfaces/tpm: Allow access to the kernel resource manager
- tests: skip appstream-id test for core systems 32 bits
- interfaces/home: remove redundant common interface assignment
- tests: reprioritise a few tests that are known to be slow
- cmd/snap: small help tweaks and fixes
- tests: add test to ensure /dev/input/event* for non-joysticks is
denied
- spread-shellcheck: silly fix & pep8
- spread: switch fedora 28 to manual
- client,cmd/snap,daemon,tests: expose base of a snap over API, show
it in snap info --verbose
- tests: fix lxd test - --auto now sets up networking
- tests: adding fedora-28 to spread.yaml
- interfaces: add juju-client-observe interface
- client, daemon: add a "mounted-from" entry to local snaps' JSON
- image: set model.DisplayName() in bootenv as "snap_menuentry"
- packaging/opensuse: Refactor packaging to support all openSUSE
targets
- interfaces/joystick: force use of the device cgroup with joystick
interface
- interfaces/hardware-observe: allow access to /etc/sensors* for
libsensors
- interfaces: remove Plug/Slot types
- interface hooks: update old AutoConnect methods
- snapcraft: run with DEB_BUILD_OPTIONS=nocheck
- overlord/{config,snap}state: the number of inactive revisions is
config
- cmd/snap: check with snapd for unknown sections
- tests: moving test helpers from sh to bash
- data/systemd: add snapd.apparmor.service
- many: expose AppStream IDs (AKA common ID)
- many: hold refresh when on metered connections
- interfaces/joystick: also support modern evdev joysticks and
gamepads
- xdgopenproxy: skip TestOpenUnreadableFile when run as root
- snapcraft: use dpkg-buildpackage options that work in xenial
- spread: openSUSE LEAP 42.2 was EOLd in January, remove it
- get-deps: work with an unset GOPATH too
- interfaces/apparmor: use strict template on openSUSE tumbleweed
- packaging: filter out verbose flags from "dh-golang"
- packaging: fix description
- snapcraft.yaml: add minimal snapcraft.yaml with custom build
* New upstream release, LP: #1773118
- many: improve udev trigger on refresh experience
- systemd: require snapd.socket in snapd.seeded.service
- snap: don't include newline in hook environment
- interfaces/apparmor: allow killing snap-update-ns
- tests: skip "try" test on s390x
- tests: skip security-dev-input-event-denied when /dev/input/by-
path/ is missing
- tests: skip security-dev-input-event-denied on s390x/arm64
* New upstream release, LP: #1773118
- packaging: use official bolt in the errtracker on fedora
- many: add `snap debug connectivity` command
- interfaces/raw-usb: also allow usb serial devices
- errtracker: do not send duplicated reports
- selftest: add new selftest package that tests squashfs mounting
- tests: backport lxd force stop and econnreset fixes
- tests: add test to ensure /dev/input/event* for non-joysticks is
denied
- interfaces/joystick: support modern evdev joysticks
- interfaces: add juju-client-observe
- interfaces/hardware-observe: allow access to /etc/sensors* for
libsensors
- many: holding refresh on metered connections
- many: expose AppStream IDs (AKA common ID)
- tests: speed up save/restore snapd state for all-snap systems
during tests execution
- interfaces/apparmor: use helper to load stray profile
- tests: ubuntu core abstraction
- overlord/snapstate:don't panic in a corner case interaction of
cleanup tasks and pruning
- interfaces/apparmor: add 'mediate_deleted' profile flag for all
snaps
- tests: new parameter for the journalctl rate limit
- spread-shellcheck: port to python
- interfaces/home: add 'read' attribute to allow non-owner read to
@{HOME}
- testutil: import check.v1 differently to workaround gccgo error
- interfaces/many: miscellaneous updates for default, desktop,
desktop-legacy, system-observe, hardware-observe, opengl and gpg-
keys
- snapstate/hooks: reorder autoconnect and reconnect hooks
- daemon: update unit tests to match current master
- overlord/snapshotstate/backend: introducing the snapshot backend
- many: support 'system' nickname in interfaces
- userd: add the "snap" scheme to the whitelist
- many: make rebooting of core on refresh immediate, refactor logic
around it
- tests/main/snap-service-timer: account for service timer being in
the 'running' state
- interfaces/builtin: allow access to libGLESv* too for opengl
interface
- daemon: fix unit tests on arch
- interfaces/default,process-control: miscellaneous signal policy
fixes
- interfaces/bulitin: add write permission to optical-drive
- configstate: validate known core.* options
- snap, wrappers: systemd WatchdogSec support
- ifacestate: do not auto-connect manually disconnected interfaces
- systemd: mock useFuse() so testsuite passes in container via lxd
snap
- snap/env: fix env duplication logic
- snap: some doc comments fixes and additions
- cmd/snap-confine, interfaces/opengl: allow access to glvnd EGL
vendor files
- ifacestate: unify reconnect and autoconnect methods
- tests: fix user mounts test for external systems
- overlord/snapstate,overlord/auth,store: coalesce no auth user
refresh requests
- boot,partition: improve tests/docs around SetNextBoot()
- many: improve `snap wait` command
- snap: fix `snap interface --attrs` output when numbers are used
- cmd/snap-update-ns: poke holes when creating source paths for
layouts
- snapstate: support getting new bases/default-providers on refresh
- ifacemgr: remove stale connections on startup
- asserts: use Attrer in policy checks
- testutil: record system call errors / return values
- tests: increase timeouts to make tests reliable on slow boards
- repo: pass and return ConnRef via pointers
- interfaces: add xdg-document-portal support to desktop interface
- debian: add a zenity|kdialog suggests
- snapstate: make TestDoPrereqRetryWhenBaseInFlight less brittle
- tests: go must be installed as a classic snap
- tests: use journalctl cursors instead rotating logs
- daemon: add confinement-options to /v2/system-info
daemon: refactor classic support flag to be more structured
- tests: build spread in the autopkgtests with a more recent go
- cmd/snap: fix the message when snap.channel != snap.tracking
- overlord/snapstate: allow core defaults configuration via 'system'
key
- many: add "snap debug sandbox-features" and needed bits
- interfaces: interface hooks for refresh
- snapd.core-fixup.sh: add workaround for corrupted uboot.env
- boot: clear "snap_mode" when needed
- many: add wait command and `snapd.seeded` service
- interfaces: move host font update-ns AppArmor rules to desktop
interface
- jsonutil/safejson: introducing safejson.String &
safejson.Paragraph
- cmd/snap-update-ns: use Secure.BindMount to bind mount files
- cmd/snap-update-ns,tests: mimic the mode and ownership of
directories
- cmd/snap-update-ns: add support for ignoring mounts with missing
source/target
- interfaces: interface hooks implementation
- cmd/libsnap: fix compile error on more restrictive gcc
cmd/libsnap: fix compilation errors on gcc 8
- interfaces/apparmor: allow bash and dash to be in /usr/bin/
- cmd/snap-confine: allow any base snap to provide /etc/alternatives
- tests: fix interfaces-network test for systems with partial
confinement
- spread.yaml: add cosmic (18.10) to autopkgtest/qemu
- tests: ubuntu 18.04 or higher does not need linux-image-extra-
- configcore: validate experimental.layouts option
- interfaces:minor autoconnect cleanup
- HACKING: fix typos
- spread: add adt for ubuntu 18.10
- tests: skip test lp-1721518 for arch, snapd is failing to start
after reboot
- interfaces/x11: allow X11 slot implementations
- tests: checking interfaces declaring the specific interface
- snap: improve error for snaps not available in the given context
- cmdstate: add missing test for default timeout handling
- tests: shellcheck spread tasks
- cmd/snap: update install/refresh help vs --revision
- cmd/snap-confine: add support for per-user mounts
- snap: do not use overly short timeout in `snap
{start,stop,restart}`
- tests: adding google-sru backend replacing linode-sur
- interfaces/apparmor: fix incorrect apparmor profile glob
- systemd: replace ancient paths with 16.04+ standards
- overlord,systemd: store snap revision in mount units
- testutil: add test helper for SysLstat
- testutil,cmd: rename test helper of Lstat to OsLstat
- testutil: document all fake syscall/os functions
- osutil,interfaces,cmd: use less hardcoded strings
- testutil: rename UNMOUNT_NOFOLLOW to umountNoFollow
- testutil: don't dot-import check.v1
- store: getStructFields takes pointers now
- tests: drop `linux-image-extra-$(uname -r)` install in 18.04
- many: fix false negatives reported by vet
- osutil,interfaces: use uint32 for uid, gid
- many: fix various issues reported by shellcheck
- tests: add pending shutdown detection
- image: support refreshing soft-expired user macaroons in tooling
- interfaces/builtin, daemon: cleanup mocked builtin interfaces in
daemon tests
- interfaces/builtin: add support for software-watchdog interface
- spread: auto accept key changes when calling dnf
- snap,overlord/snapstate: introduce and use BrokenSnapError
- tests: detect kernel oops during tests and abort tests in this
case
- tests: bring back one missing test in snap-service-stop-mode
- debian: update LP bug for the 2.32.5 SRU
- userd: set up journal logging streams for autostarted apps
- snap,tests : don't fail if we cannot stat MountFile
- tests: smaller fixes for Arch tests
- tests: run interfaces-broadcom-asic-control early
- client: support for snapshot sets, snapshots, and snapshot actions
- tests: skip interfaces-content test on core devices
- cmd: generalize locking to global, snap and per-user locks
- release-tools: handle the snapd-x.y.z version
- packaging: fix incorrectly auto-generated changelog entry for
2.32.5
- tests: add arch to CI
- systemd: add helper for opening stream file descriptors to the
journal
- cmd/snap: handle distros with no version ID
- many: add "stop-mode: sig{term,hup,usr[12]}{,-all}" instead of
conflating that with refresh-mode
- tests: removing linode-sru backend
- tests: updating bionic version for spread tests on google
- overlord/snapstate: poll for up to 10s if a snap is unexpectedly
not mounted in doMountSnap
- overlord/snapstate: allow to get an error from readInfo instead of
a broken stub, use it in doMountSnap
- snap: snap.AppInfo is now a fmt.Stringer
- tests: move fedora 27 to google backend
- many: add `core.problem-reports.disabled` option
- cmd/snap-update-ns: remove the need for stash directory in secure
bind mount implementation
- errtracker: check for whoopsie.service instead of reading
/etc/whoopsie
- cmd/snap: user session application autostart v3
- tests: add test to ensure `snap refresh --amend` works with
different channels
- tests: add check for OOM error after each test
- cmd/snap-seccomp: graceful handling of non-multilib host
- interfaces/shutdown: allow calling SetWallMessage
- cmd/snap-update-ns: add secure bind mount implementation for use
with user mounts
- snap: fix `snap advise-snap --command` output to match spec
- overlord/snapstate: on multi-snap refresh make sure bases and core
are finished before dependent snaps
- overlord/snapstate: introduce envvars to control the channels for
based and prereqs
- cmd/snap-confine: ignore missing cgroups in snap-device-helper
- debian: add gbp.conf script to build snapd via `gbp buildpackage`
- daemon,overlord/hookstate: stop/wait for running hooks before
closing the snapctl socket
- advisor: use json for package database
- interfaces/hostname-control: allow setting the hostname via
syscall and systemd
- tests/main/interfaces-opengl-nvidia: verify access to 32bit
libraries
- interfaces: misc updates for default, firewall-control, fuse-
support and process-control
- data/selinux: Give snapd access to more aspects of the system
- many: use the new install/refresh API by switching snapstate to
use store.SnapAction
- errtracker: make TestJournalErrorSilentError work on gccgo
- ifacestate: add to the repo also snaps that are pending being
activated but have a done setup-profiles
- snapstate, ifacestate: inject auto-connect tasks try 2
- cmd/snap-confine: allow creating missing gl32, gl, vulkan dirs
- errtracker: add more fields to aid debugging
- interfaces: make system-key more robust against invalid fstab
entries
- overlord,interfaces: be more vocal about broken snaps and read
errors
- ifacestate: injectTasks helper
- osutil: fix fstab parser to allow for # in field values
- cmd/snap-mgmt: remove timers, udev rules, dbus policy files
- release-tools: add repack-debian-tarball.sh
- daemon,client: add build-id to /v2/system-info
- cmd: make fmt (indent 2.2.11)
- interfaces/content: add rule so slot can access writable files at
plug's mountpoint
- interfaces: add /var/lib/snapd/snap to @{INSTALL_DIR}
- ifacestate: don't surface errors from stale connections
- cmd/snap-update-ns: convert Secure* family of functions into
methods
- tests: adjust canonical-livepatch test on GCE
- tests: fix quoting issues in econnreset test
- cmd/snap-confine: make /run/media an alias of /media
- cmd/snap-update-ns: rename i to segNum
- interfaces/serial: change pattern not to exclude /dev/ttymxc*
- spread: disable StartLimitInterval option on opensuse-42.3
- configstate: give a chance to immediately recompute the next
refresh time when schedules are set
- cmd/snap-confine: attempt to detect if multiarch host uses
arch triplets
- store: add Store.SnapAction to support the new install/refresh API
endpoint
- tests: adding test for removable-media interface
- tests: update interface tests to remove extra checks and normalize
tests
- timeutil: in Human, count days with fingers
- vendor: update gopkg.in/yaml.v2 to the latest version
- cmd/snap-confine: fix Archlinux compatibility
- cmd/snapd: make sure signal handlers are established during early
daemon startup
- cmd/snap-confine: apparmor: allow creating prefix path for
gl/vulkan
- osutil: use tilde suffix for temporary files used for atomic
replacement
- tests: copy or sanity check core users using usernames
- tests: disentangle etc vs extrausers in core tests
- tests: fix snap-run tests when snapd is not running
- overlord/configstate: change how ssh is stopped/started
- snap: make `snap run` look at the system-key for security profiles
- strutil, cmd/snap: drop strutil.WordWrap, first pass at
replacement
- tests: adding opensuse-42.3 to google
- cmd/snap: fix one issue with noWait error handling logic, add
tests plus other cleanups
- cmd/snap-confine: nvidia: preserve globbed file prefix
- advisor: add comment why osutil.FileExists(dirs.SnapCommandsDB) is
needed
- interfaces,release: probe seccomp features lazily
- tests: change debug for layout test
- advisor: deal with missing commands.db file
- interfaces/apparmor: simplify UpdateNS internals
- polkit: Pass caller uid to PolicyKit authority
- tests: moving debian 9 from linode to google backend
- cmd/snap-confine: nvidia: add tls/libnvidia-tls.so* glob
- po: specify charset in po/snappy.pot
- interfaces: harden snap-update-ns profile
- snap: Call SanitizePlugsSlots from InfoFromSnapYaml
- tests: update tests to deal with s390x quirks
- debian: run snap.mount upgrade fixup *before* debhelper
- tests: move xenial i386 to google backend
- snapstate: add compat mode for default-provider
- tests: a bunch of test fixes for s390x from looking at the
autopkgtest logs
- packaging: recommend "gnupg" instead of "gnupg1 | gnupg"
- interfaces/builtin: let MM change qmi device attributes
- tests: add workaround for s390x failure
- snap/pack, cmd/snap: add `snap pack --check-skeleton`
- daemon: support 'system' as nickname of the core snap
- cmd/snap-update-ns: use x-snapd.{synthetic,needed-by} in practice
- devicestate: add DeviceManager.Registered returning a channel
closed when the device is known to be registered
- store: Sections and WriteCatalogs need to strictly send device
auth only if the device has a custom store
- tests: add bionic system to google backend
- many: fix shellcheck warnings in bionic
- cmd/snap-update-ns: don't fail on existing symlinks
- tests: make autopkgtest tests more targeted
- cmd/snap-update-ns: fix creation of layout symlinks
- spread,tests: move suite-level prepare/restore to central script
- many: propagate contexts enough to be able to mark store
operations done from the Ensure loop
- snap: don't create empty Change with "Hold" state on disconnect
- snap: unify snap name validation w/python; enforce length limit.
- cmd/snap: use shlex when parsing `snap run --strace` arguments
- osutil,testutil: add symlinkat(2) and readlinkat(2)
- tests: autopkgtest may have non edge core too
- tests: adding checks before stopping snapd service to avoid job
canceled on ubuntu 14.04
- errtracker: respect the /etc/whoopsie configuration
- overlord/snapstate: hold refreshes for 2h after seeding on
classic
- cmd/snap: tweak and polish help strings
- snapstate: put layout feature behind feature flag
- tests: force profile re-generation via system-key
- snap/squashfs: when installing from seed, try symlink before cp
- wrappers: services which are socket or timer activated should not
be started during boot
- many: go vet cleanups
- tests: define MATCH from spread
- packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
fix
- cmd/snap: use timeutil.Human to show times in `snap refresh
--time`
- cmd/snap: in changes and tasks, default to human-friendly times
- many: support holding refreshes by setting refresh.hold
- Revert "cmd/snap: use timeutil.Human to show times in `snap
refresh --time`"
- cmd/snap: use timeutil.Human to show times in `snap refresh
--time`
- tests/main/snap-service-refresh-mode: refactor the test to rely on
comparing PIDs
- tests/main/media-sharing: improve the test to cover /media and
/run/media
- store: enable deltas for core devices too
- cmd/snap: unhide --no-wait; make wait use go via waitMixin
- strutil/shlex: import github.com/google/shlex into the tree
- vendor: update github.com/mvo5/libseccomp-golang
- overlord/snapstate: block install of "system"
- cmd/snap: "current""installed"; "refreshed""refresh-date"
- many: add the snapd-generator
- cmd/snap-seccomp: Cancel the atomic file on error, not just Close
- polkit: ensure error is properly set if dialog is dismissed
- snap-confine, snap-seccomp: utilize new seccomp logging features
- progress: tweak ansimeter cvvis use to no longer confuse minicom
- xdgopenproxy: integrate xdg-open implementation into snapctl
- tests: avoid removing preinstalled snaps on core
- tests: chroot into core to run xdg-open there
- userd: add an OpenFile method for launching local files with xdg-
open
- tests: moving ubuntu core from linode to google backend
- run-checks: remove accidental bashism
- i18n: simplify NG usage by doing the modulo math in-package.
- snap/squashfs: set timezone when calling unsquashfs to get the
build date
- timeutil: timeutil.Human(t) gives a human-friendly string for t
- snap: add autostart app property
- tests: add support for external backend executions on listing test
- tests: make interface-broadcom-asic-control test work on rpi
- configstate: when disable "ssh" we must disable the "sshd" service
- interfaces/apparmor,system-key: add upperdir snippets for strict
snaps on livecd
- snap/squashfs: add BuildDate
- store: parse the JSON format used by the coming new store API to
convey snap information
- many: remove snapd.refresh.{timer,service}
- tests: adding ubuntu-14.04-64 to the google backend
- interfaces: add xdg-desktop-portal support to desktop interface
- packaging/arch: sync with snapd/snapd-git from AUR
- wrappers, tests/main/snap-service-timer: restore missing commit,
add spread test for timer services
- store: don't ask for snap_yaml_raw except on the details endpoint
- many: generate and use per-snap snap-update-ns profile
- tests: add debug for layout test
- wrappers: detect whether systemd-analyze can be used in unit tests
- osutil: allow creating strings out of MountInfoEntry
- servicestate: use systemctl enable+start and disable+stop instead
of --now flag
- osutil: handle file being matched by multiple patterns
- daemon, snap: fix InstallDate, make a method of *snap.Info
- wrappers: timer services
- wrappers: generator for systemd OnCalendar schedules
- asserts: fix flaky storeSuite.TestCheckAuthority
- tests: fix dependency for ubuntu artful
- spread: start moving towards google backend
- tests: add a spread test for layouts
- ifacestate: be consistent passing Retry.After as named field
- cmd/snap-update-ns: use recursive bind mounts for writable mimic
- testutil: allow mocking syscall.Fstat
- overlord/snapstate: verify that default schedule is randomized and
is not a single time
- many: simplify mocking of home-on-NFS
- cmd/snap-update-ns: use syscall.Symlink instead of os.Symlink
- store: move infoFromRemote into details.go close to snapDetails
- userd/tests: Test kdialog calls and mock kdialog too to make tests
work in KDE
- cmd/snap: tweaks to 'snap info' (feat. installed->current rename)
- cmd/snap: add self-strace to `snap run`
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- update-pot: Force xgettext() to return true
- store: cleanup test naming, dropping remoteRepo and
UbuntuStore(Repository)? references
- store: reorg auth refresh
* New upstream release, LP: #1767833
- tests: run all spread tests inside GCE
- tests: build spread in the autopkgtests with a more recent go
* New upstream release, LP: #1767833
- snapd.core-fixup.sh: fix workaround for corrupted uboot.env
and add tests
* New upstream release, LP: #1767833
- many: add wait command and seeded target (2
- snapd.core-fixup.sh: add workaround for corrupted uboot.env
- boot: clear "snap_mode" when needed
- cmd/libsnap: fix compile error on more restrictive gcc
- tests: cherry-pick commits to move spread to google backend
- spread.yaml: add cosmic (18.10) to autopkgtest/qemu
- userd: set up journal logging streams for autostarted apps
* New upstream release, LP: #1767833
- snap: do not use overly short timeout in `snap
{start,stop,restart}`
- interfaces/apparmor: fix incorrect apparmor profile glob
- tests: detect kernel oops during tests and abort tests in this
case
- tests: run interfaces-boradcom-asic-control early
- tests: skip interfaces-content test on core devices
* New upstream release, LP: #1765090
- many: add "stop-mode: sig{term,hup,usr[12]}{,-all}" instead of
conflating that with refresh-mode
- overlord/snapstate: poll for up to 10s if a snap is unexpectedly
not mounted in doMountSnap
- daemon: support 'system' as nickname of the core snap
* New upstream release, LP: #1756173
- cmd/snap: user session application autostart
- overlord/snapstate: introduce envvars to control the channels for
bases and prereqs
- overlord/snapstate: on multi-snap refresh make sure bases and core
are finished before dependent snaps
- many: use the new install/refresh /v2/snaps/refresh store API
* New upstream release, LP: #1756173
- errtracker: make TestJournalErrorSilentError work on
gccgo
- errtracker: check for whoopsie.service instead of reading
/etc/whoopsie
* New upstream release, LP: #1756173
- debian: add gbp.conf script to build snapd via `gbp
buildpackage`
- tests: add check for OOM error after each test
- cmd/snap-seccomp: graceful handling of non-multilib host
- interfaces/shutdown: allow calling SetWallMessage
- data/selinux: Give snapd access to more aspects of the system
- daemon,overlord/hookstate: stop/wait for running hooks before
closing the snapctl socket
- cmd/snap-confine: ignore missing cgroups in snap-device-helper
- interfaces: misc updates for default, firewall-control, fuse-
support and process-control
- overlord: test fix, address corner case
* New upstream release, LP: #1756173
- ifacestate: add to the repo also snaps that are pending being
activated but have a done setup-profiles
- snapstate: inject autoconnect tasks in doLinkSnap for regular
snaps
- cmd/snap-confine: allow creating missing gl32, gl, vulkan dirs
- errtracker: add more fields to aid debugging
- interfaces: make system-key more robust against invalid fstab
entries
- cmd/snap-mgmt: remove timers, udev rules, dbus policy files
- overlord,interfaces: be more vocal about broken snaps and read
errors
- osutil: fix fstab parser to allow for # in field values
* New upstream release, LP: #1756173
- interfaces/content: add rule so slot can access writable files at
plug's mountpoint
- tests: adjust canonical-livepatch test on GCE
- interfaces/serial: change pattern not to exclude /dev/ttymxc
- spread.yaml: switch Fedora 27 tests to manual
- store: Sections and WriteCatalogs need to strictly send device
auth only if the device has a custom store
- configstate: give a chance to immediately recompute the next
refresh time when schedules are set
- cmd/snap-confine: attempt to detect if multiarch host uses arch
triplets
- vendor: update gopkg.in/yaml.v2 to the latest version (#4945)
* New upstream release, LP: #1756173
- cmd/snapd: make sure signal handlers are established during early
daemon startup
- osutil: use tilde suffix for temporary files used for atomic
replacement
- cmd/snap-confine: apparmor: allow creating prefix path for
gl/vulkan
- tests: disentangle etc vs extrausers in core tests
- packaging: fix changelogs' typo
* New upstream release, LP: #1756173
- snap: make `snap run` look at the system-key for security profiles
- overlord/configstate: change how ssh is stopped/started
- cmd/snap-confine: nvidia: preserve globbed file prefix
- advisor: deal with missing commands.db file
- interfaces,release: probe seccomp features lazily
- interfaces: harden snap-update-ns profile
- polkit: Pass caller uid to PolicyKit authority
- tests: change debug for layout test
- cmd/snap-confine: don't use per-snap s-u-n profile
- many: backported fixes for layouts and symlinks
- cmd/snap-confine: nvidia: add tls/libnvidia-tls.so* glob
- cmd/snap-update-ns: use x-snapd.{synthetic,needed-by} in practice
- snap: Call SanitizePlugsSlots from InfoFromSnapYaml
- cmd/snap-confine: fix ptrace rule with snap-confine peer
- tests: update tests to deal with s390x quirks
- snapstate: add compat mode for default-provider"snapname:ifname"
- snap-confine: fallback to /lib/udev/snappy-app-dev if the core is
older
- tests: a bunch of test fixes for s390x from looking at the
autopkgtest logs
- packaging: recommend "gnupg" instead of "gnupg1 | gnupg"
- interfaces/builtin: let MM change qmi device attributes
- debian: undo snap.mount system unit removal
- snap: don't create empty Change with "Hold" state on disconnect
- tests: add workaround for s390x failure
- tests: make autopkgtest tests more targeted
- many: propagate contexts enough to be able to mark store
operations done from the Ensure loop
- store: cleanup test naming, dropping remoteRepo and
UbuntuStore(Repository)? references
- store: reorg auth refresh
- tests: autopkgtest may have non edge core too
- data: translate polkit strings
- snapstate: put layout feature behind feature flag
- errtracker: respect the /etc/whoopsie configuration
- overlord/snapstate: hold refreshes for 2h after seeding on classic
- many: cherry-pick relevant `go vet` 1.10 fixes to 2.32
- snap/squashfs: when installing from seed, try symlink before cp
- wrappers: services which are socket or timer activated should not
be started during boot
- many: generate and use per-snap snap-update-ns profile
- many: support holding refreshes by setting refresh.hold
- snap-confine, snap-seccomp: utilize new seccomp logging features
- many: remove snapd.refresh.{timer,service}
- many: add the snapd-generator
- polkit: do not shadow dbus errors, avoid panic in case of errors
- polkit: ensure error is properly set if dialog is dismissed
- xdgopenproxy: integrate xdg-open implementation into snapctl
- userd: add an OpenFile method for launching local files with xdg-
open
- asserts: use a timestamp for the assertion after the signing key
has been created
- ifacestate: be consistent passing Retry.After as named field
- interfaces/apparmor,system-key: add upperdir snippets for strict
snaps on livecd
interfaces/apparmor,system-key: add upperdir snippets for strict
snaps
- configstate: when disable "ssh" we must disable the "sshd"
service
- store: don't ask for snap_yaml_raw except on the details endpoint
- osutil: handle file being matched by multiple patterns
- cmd/snap-update-ns: use recursive bind mounts for writable mimic
- cmd/snap-update-ns: use syscall.Symlink instead of os.Symlink
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- interfaces/network-status: fix use of '/' in interface in DBus
rule
- interfaces/screen-inhibit-control: fix use of '.' in path in DBus
rule
- overlord/snapstate: fix task iteration order in
TestDoPrereqRetryWhenBaseInFlight
- interfaces: add an interface for gnome-online-accounts D-Bus
service
- snap: pass full timer spec in `snap run --timer`
- cmd/snap: introduce `snap run --timer`
- snapstate: auto install default-providers for content snaps
- hooks/strutil: limit the number of data read from the hooks to
avoid oom
- osutil: aggregate mockable symbols
- tests: make sure snapd is running before attempting to remove
leftover snaps
- timeutil: account for 24h wrap when flattening clock spans
- many: send new Snap-CDN header with none or with cloud instance
placement info as needed
- cmd/snap-update-ns,testutil: move syscall testing helpers
- tests: disable interfaces-location-control on s390x
- tests: new spread test for gpio-memory-control interface
- tests: spread test for broadcom-asic-control interface
- tests: make restore of interfaces-password-manager-service more
robust
- tests/lib/prepare-restore: sync journal before rotating and
vacuuming
- overlord/snapstate: use spread in the default refresh schedule
- tests: fixes for autopkgtest in bionic
- timeutil: introduce helpers for checking it time falls inside the
schedule
- cmd/snap-repair,httputil: set snap-repair User-Agent on requests
- vendor: resync formatting of vendor.json
- snapstate/ifacestate: auto-connect tasks
- cmd/snap: also include tracking channel in list output.
- interfaces/apparmor: use snap revision with surrounding '.' when
replacing in glob
- debian,vendor: import github.com/snapcore/squashfs and use
- many: implement "refresh-mode: {restart,endure,...}" for services
- daemon: make the ast-inspecting test smarter; drop 'exceptions'
- tests: new spread test for kvm interface
- cmd/snap: tweaks to 'snap info' output
- snap: remove underscore from version validator regexp
- testutil: add File{Matches,Equals,Contains} checkers.
- snap: improve the version validator's error messages.
- osutil: refactor EnsureFileState to separate out the comparator
- timeutil: fix scheduling on nth weekday of the month
- cmd/snap-update-ns: small refactor for upcoming per-user mounts
- many: rename snappy-app-dev to snap-device-helper
- systemd: add default target for timers
- interfaces: miscellaneous policy updates for home, opengl, time-
control, network, et al
- cmd/snap: linter cleanups
- interfaces/mount: generate per-user mount profiles
- cmd/snap: use proper help strings for `snap userd --help`
- packaging: provide a compat symlink for snappy-app-dev
- interfaces/time-control,netlink-audit: adjust for util-linux
compiled with libaudit
- tests: adding new test to validate the raw-usb interface
- snap: add support for `snap run --gdb`
- interfaces/builtin: allow MM to access login1
- packaging: fix build on sbuild
- store: revert PR#4532 and do not display displayname
- interfaces/mount: add support for per-user mount entries
- cmd/system-shutdown: move sync to be even more pessimistic
- osutil: reimplement IsMounted with LoadMountInfo
- tests/main/ubuntu-core-services: enable snapd.refresh.timer for
the test
- many: don't allow layout construction to silently fail
- interfaces/apparmor: ensure snap-confine profile for reexec is
current
- interfaces/apparmor: generalize apparmor load and unload helpers
- tests: removing packages which are not needed anymore to generate
random data
- snap: improve `snap run` comments/naming
- snap: allow options for --strace, e.g. `snap run --strace="-tt"`
- tests: fix spread test failures on 18.04
- systemd: update comment on SocketsTarget
- osutil: add and update docstrings
- osutil: parse mount entries without options field
- interfaces: mock away real mountinfo/fstab
- many: move /lib/udev/snappy-app-dev to /usr/lib/snapd/snappy-app-
dev
- overlord/snapstate/backend: perform cleanup if snap setup fails
- tests/lib/prepare: disable snapd.refresh.timer
- daemon: remove redundant UserOK markings from api commands
- snap: introduce timer service data types and validation
- cmd/snap: fix UX of snap services
- daemon: allow `snapctl get` from any uid
- debian, snap: only static link libseccomp in snap-seccomp on
ubuntu
- all: snap versions are now validated
- many: add nfs-home flag to system-key
- snap: disallow layouts in various special directories
- cmd/snap: add help for service commands.
- devicestate: fix autopkgtest failure in
TestDoRequestSerialErrorsOnNoHost
- snap,interfaces: allow using bind-file layouts
- many: move mount code to osutil
- snap: understand directories in layout blacklist
- snap: use custom unsquashfsStderrWriter for unsquashfs error
detection
- tests/main/user-data-handling: get rid of ordering bug
- snap: exclude `gettimeofday` from `snap run --strace`
- tests: check if snapd.socket is active before stoping it
- snap: sort layout elements before validating
- strutil: introducing MatchCounter
- snap: detect unsquashfs write failures
- spread: add missing ubuntu-18.04-arm64 to available autopkgtest
machines
- cmd/snap-confine: allow mounting anywhere, effectively
- daemon: improve ucrednet code for the snap.socket
- release, interfaces: add new release.AppArmorFeatures helper
- snap: apply some golint suggestions
- many: add interfaces.SystemKey() helper
- tests: new snaps to test installs nightly
- tests: skip alsa interface test when the system does not have any
audio devices
- debian/rules: workaround for
https://github.com/golang/go/issues/23721
- interfaces/apparmor: early support for snap-update-ns snippets
- wrappers: cleanup enabled service sockets
- cmd/snap-update-ns: large refactor / update of unit tests
- interfaces/apparmor: remove leaked future layout code
- many: allow constructing layouts (phase 1)
- data/systemd: for debugging/testing use /etc/environment also for
snap-repair runs
- cmd/snap-confine: create lib/{gl,gl32,vulkan} under /var/lib/snapd
and chown as root:root
- overlord/configstate/config: make [GS]etSnapConfig use *RawMessage
- daemon: refactor snapFooMany helpers a little
- cmd/snap-confine: allow snap-update-ns to chown things
- interfaces/apparmor: use a helper to set the scope
- overlord/configstate/config: make SetSnapConfig delete on empty
- osutil: make MkdirAllChown clean the path passed in
- many: at seeding try to capture cloud information into core config
under "cloud"
- cmd/snap: add completion conversion helper to increase DRY
- many: remove "content" argument from snaptest.MockSnap()
- osutil: allow using many globs in EnsureDirState
- cmd/snap-confine: fix read-only filesystem when mounting nvidia
files in biarch
- tests: use root path to /home/test/tmp to avoid lack of space
issue
- packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
packaging
- tests: update kill-timeout focused on making tests pass on boards
- advisor: ensure commands.db has mode 0644 and add test
- snap: improve validation of snap layouts
- tests: ensure disabled services are masked
- interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
- systemd, wrappers: start all snap services in one systemctl call
- mir: software clients need access to shared memory /dev/shm/#*
- snap: add support for `snap advise-snap pkgName`
- snap: fix command-not-found on core devices
- tests: new spead test for openvswitch-support interface
- tests: add integration for local snap licenses
- config: add (Get|Set)SnapConfig to do bulk config e.g. from
snapshots
- cmd/snap: display snap license information
- tests: enable content sharing test for $SNAP
- osutil: add ContextWriter and RunWithContext helpers.
- osutil: add DirExists and IsDirNotExist
* New upstream release, LP: #1745217
- many: add the snapd-generator
- polkit: ensure error is properly set if dialog is dismissed
- xdgopenproxy: integrate xdg-open implementation into snapctl
- userd: add an OpenFile method for launching local files with xdg-
open
- configstate: when disable "ssh" we must disable the "sshd"
service
- many: remove snapd.refresh.{timer,service}
- interfaces/builtin: allow MM to access login1
- timeutil: account for 24h wrap when flattening clock spans
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- systemd, wrappers: start all snap services in one systemctl
call
- tests: disable interfaces-location-control on s390x
* New upstream release, LP: #1745217
- tests: multiple autopkgtest related fixes for 18.04
- overlord/snapstate: use spread in the default refresh schedule
- timeutil: fix scheduling on nth weekday of the month
- interfaces: miscellaneous policy updates for home, opengl, time-
control, network, et al
- cmd/snap: use proper help strings for `snap userd --help`
- interfaces/time-control,netlink-audit: adjust for util-linux
compiled with libaudit
- rules: do not static link on powerpc
- packaging: revert LDFLAGS rewrite again after building snap-
seccomp
- store: revert PR#4532 and do not display displayname
- daemon: allow `snapctl get` from any uid
- debian, snap: only static link libseccomp in snap-seccomp on
ubuntu
- daemon: improve ucrednet code for the snap.socket
* New upstream release, LP: #1745217
- cmd/snap-confine: allow snap-update-ns to chown things
- cmd/snap-confine: fix read-only filesystem when mounting nvidia
files in biarch
- packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
packaging
- advisor: ensure commands.db has mode 0644 and add test
- interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
- snap: improve validation of snap layoutsRules for validating
layouts:
- snap: fix command-not-found on core devices
- cmd/snap: display snap license information
- tests: enable content sharing test for $SNAP
- userd: add support for a simple UI that can be used from userd
- snap-confine/nvidia: Support legacy biarch trees for GLVND systems
- tests: generic detection of gadget and kernel snaps
- cmd/snap-update-ns: refactor and improve Change.Perform to handle
EROFS
- cmd/snap: improve output when snaps were found in a section or the
section is invalid
- cmd/snap-confine,tests: hide message about stale base snap
- cmd/snap-mgmt: fix out of source tree build
- strutil/quantity: new package that exports formatFoo (from
progress)
- cmd/snap: snap refresh --time with new and legacy schedules
- state: unknown tasks handler
- cmd/snap-confine,data/systemd: fix removal of snaps inside LXD
- snap: add io.snapcraft.Settings to `snap userd`
- spread: remove more EOLed releases
- snap: tidy up top-level help output
- snap: fix race in `snap run --strace`
- tests: update "searching" test to match store changes
- store: use the "publisher" when populating the "publisher" field
- snap: make `snap find --section` show all sections
- tests: new test to validate location control interface
- many: add new `snap refresh --amend <snap>` command
- tests/main/kernel-snap-refresh-on-core: skip the whole test if
edge and stable are the same version
- tests: set test kernel-snap-refresh-on-core to manual
- tests: new spread test for interface gpg-keys
- packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
fix
- interfaces: miscellaneous policy updates
- interfaces/builtin: Replace Solus support with GLVND support
- tests/main/kernel-snap-refresh-on-core: do not fail if edge and
stable kernels are the same version
- snap: add `snap run --strace` to be able to strace snap apps
- tests: new spread test for ssh-keys interface
- errtracker: include detected virtualisation
- tests: add new kernel refresh/revert test for spread-cron
- interfaces/builtin: blacklist zigbee dongle
- cmd/snap-confine: discard stale mount namespaces
- cmd: remove unused execArg0/execEnv
- snap,interfaces/mount: disallow nobody/nogroup
- cmd/snap: improve `snap aliases` output when no aliases are
defined
- tests/lib/snaps/test-snapd-service: refactor service reload
- tests: new spread test for gpg-public-keys interface
- tests: new spread test for ssh-public-keys interface
- spread: setup machine creation on Linode
- interfaces/builtin: allow introspecting UDisks2
- interfaces/builtin: add support for content "source" section
- tests: new spread test for netlink-audit interface
- daemon: avoid panic'ing building an error response w/no snaps
given
- interfaces/mount,snap: early support for snap layouts
- daemon: unlock state even if RefreshSchedule() fails
- arch: add "armv8l" to ubuntuArchFromKernelArch table
- tests: fix for test interface-netlink-connector
- data/dbus: add AssumedAppArmorLabel=unconfined
- advisor: use forked bolt to make it work on ppc
- overlord/snapstate: record the 'kind' of conflicting change
- dirs: fix snap mount dir on Manjaro
- overlord/{snapstate,configstate}, daemon: introduce refresh.timer,
fallback to refresh.schedule
- config: add support for `snap set core proxy.no_proxy=...`
- snap-mgmt: extend spread tests, stop, disable and cleanup snap
services
- spread.yaml: add fedora 27
- cmd/snap-confine: allow snap-update-ns to poke writable holes in
$SNAP
- packaging/14.04: move linux-generic-lts-xenial to recommends
- osutil/sys: ppc has 32-bit getuid already
- snapstate: make no autorefresh message clearer
- spread: try to enable Fedora once more
- overlord/snapstate: do a minimal sanity check on containers
- configcore: ensure config.txt has a final newline
- cmd/libsnap-confine-private: print failed mount/umount regardless
of SNAP_CONFINE_DEBUG
- debian/tests: add missing autopkgtest test dependencies for debian
- image: port ini handling to goconfigparser
- tests/main/snap-service-after-before: add test for after/before
service ordering
- tests: enabling opensuse for tests
- tests: update auto-refresh-private to match messages from current
master
- dirs: check if distro 'is like' fedora when picking path to
libexecdir
- tests: fix "job canceled" issue and improve cleanup for snaps
- cmd/libsnap-confine-private: add debug build of libsnap-confine-
private.a, link it into snap-confine-debug
- vendor: remove x/sys/unix to fix builds on arm64 and powerpc
- image: let consume snapcraft export-login files from tooling
- interfaces/mir: allow Wayland socket and non-root sockets
- interfaces/builtin: use snap.{Plug,Slot}Info over
interfaces.{Plug,Slot}
- tests: add simple snap-mgmt test
- wrappers: autogenerate After/Before in systemd's service files for
apps
- snap: add usage hints in `snap download`
- snap: provide more meaningful errors for installMany and friends
- cmd/snap: show header/footer when `snap find` is used without
arguments
- overlord/snapstate: for Enable's tasks refer to the first task
with snap-setup, do not duplicate
- tests: add hard-coded fully expired macaroons to run related tests
- cmd/snap-update-ns: new test features
- cmd/snap-update-ns: we don't want to bind mount symlinks
- interfaces/mount: test OptsToCommonFlags, filter out x-snapd.
options
- cmd/snap-update-ns: untangle upcoming cyclic initialization
- client, daemon: update user's email when logging in with new
account
- tests: ensure snap-confine apparmor profile is parsable
- snap: do not leak internal errors on install/refresh etc
- snap: fix missing error check when multiple snaps are refreshed
- spread: trying to re-enable tests on Fedora
- snap: fix gadget.yaml parsing for multi volume gadgets
- snap: give the snap.Container interface a Walk method
- snap: rename `snap advise-command` to `snap advise-snap --command`
- overlord/snapstate: no refresh just for hints if there was a
recent regular full refresh
- progress: switch ansimeter's Spin() to use a spinner
- snap: support `command-not-found` symlink for `snap advise-
command`
- daemon: store email, ID and macaroon when creating a new user
- snap: app startup after/before validation
- timeutil: refresh timer take 2
- store, daemon/api: Rename MyAppsServer, point to
dashboard.snapcraft.io instead
- tests: use "quiet" helper instead of "dnf -q" to get errors on
failures
- cmd/snap-update-ns: improve mocking for tests
- many: implement the advisor backend, populate it from the store
- tests: make less calls to the package manager
- tests/main/confinement-classic: enable the test on Fedora
- snap: do not leak internal network errors to the user
- snap: use stdout instead of stderr for "fetching" message
- tests: fix test whoami, share successful_login.exp
- many: refresh with appropriate creds
- snap: add new `snap advice-command` skeleton
- tests: add test that ensures we never parse versions as numbers
- overlord/snapstate: override Snapstate.UserID in refresh if the
installing user is gone
- interfaces: allow socket "shutdown" syscall in default profile
- snap: print friendly message if `snap keys` is empty
- cmd/snap-update-ns: add execWritableMimic
- snap: make `snap info invalid-snap` output more user friendly
- cmd/snap, tests/main/classic-confinement: fix snap-exec path when
running under classic confinement
- overlord/ifacestate: fix disable/enable cycle to setup security
- snap: fix snap find " " output
- daemon: add new polkit action to manage interfaces
- packaging/arch: disable services when removing
- asserts/signtool: support for building tools on top that fill-
in/compute some headers
- cmd: clarify "This leaves %s tracking %s." message
- daemon: return "bad-query" error kind for store.ErrBadQuery
- taskrunner/many: KnownTaskKinds helper
- tests/main/interfaces-fuse_support: fix confinement, allow
unmount, fix spread tests
- snap: use the -no-fragments mksquashfs option
- data/selinux: allow messages from policykit
- tests: fix catalog-update wait loop
- tests/lib/prepare-restore: disable rate limiting in journald
- tests: change interfaces-fuse_support to be debug friendly
- tests/main/postrm-purge: stop snapd before purge
- This is an example of test log:https://paste.ubuntu.com/26215170/
- tests/main/interfaces-fuse_support: dump more debugging
information
- interfaces/dbus: adjust slot policy for listen, accept and accept4
syscalls
- tests: save the snapd-state without compression
- tests/main/searching: handle changes in featured snaps list
- overlord/snapstate: fix auto-refresh summary for 2 snaps
- overlord/auth,daemon: introduce an explicit auth.ErrInvalidUser
- interfaces: add /proc/partitions to system-observe (This addresses
LP#1708527.)
- tests/lib: introduce helpers for setting up /dev/random using
/dev/urandom in project prepare
- tests: new test for interface network status
- interfaces: interfaces: also add an app/hook-specific udev RUN
rule for hotplugging
- tests: fix external backend for tests that need DEBUG output
- tests: do not disable refresh timer on external backend
- client: send all snap related bool json fields
- interfaces/desktop,unity7: allow status/activate/lock of
screensavers
- tests/main: source mkpinentry.sh
- tests: fix security-device-cgroups-serial-port test for rpi and db
- cmd/snap-mgmt: add more directories for cleanup and refactor
purge() code
- snap: YAML and data structures for app before/after ordering
- tests: set TRUST_TEST_KEYS=false for all the external backends
- packaging/arch: install snap-mgmt tool
- tests: add support on tests for cm3 gadget
- interfaces/removable-media: also allow 'k' (lock)
- interfaces: use ConnectedPlug/ConnectedSlot types (step 2)
- interfaces: rename sanitize methods
- devicestate: fix misbehaving test when using systemd-resolved
- interfaces: added Ref() helpers, restored more detailed error
message on spi iface
- debian: make "gnupg" a recommends
- interfaces/many: misc updates for default, browser-support,
opengl, desktop, unity7, x11
- interfaces: PlugInfo/SlotInfo/ConnectedPlug/ConnectedSlot
attribute helpers
- interfaces: update fixme comments
- tests: make interfaces-snapd-control-with-manage more robust
- userd: generalize dbusInterface
- interfaces: use ConnectedPlug/ConnectedSlot types (step 1)
- hookstate: add compat "configure-snapd" task.
- config, overlord/snapstate, timeutil: rename ParseSchedule to
ParseLegacySchedule
- tests: adding tests for time*-control interfaces
- tests: new test to check interfaces after reboot the system
- cmd/snap-mgmt: fixes
- packaging/opensuse-42.2: package and use snap-mgmt
- corecfg: also "mask" services when disabling them
- cmd/snap-mgmt: introduce snap-mgmt tool
- configstate: simplify ConfigManager
- interfaces: add gpio-memory-control interface
- cmd: disable check-syntax-c
- packaging/arch: add bash-completion as optional dependency
- corecfg: rename package to overlord/configstate/configcore
- wrappers: fix unit tests to use dirs.SnapMountDir
- osutil/sys: reimplement getuid and chown with the right int type
- interfaces-netlink-connector: fix sourcing snaps.sh
* New upstream release, LP: #1735344
- tests: set TRUST_TEST_KEYS=false for all the external backends
- tests: fix external backend for tests that need DEBUG output
- tests: do not disable refresh timer on external backend
- client: send all snap related bool json fields
- interfaces: interfaces: also add an app/hook-specific udev RUN
rule for hotplugging
- interfaces/desktop,unity7: allow status/activate/lock of
screensavers
- tests/main: source mkpinentry.sh
- devicestate: use a different nowhere domain
- interfaces: add ssh-keys, ssh-public-keys, gpg-keys and gpg-public
keys interfaces
- interfaces/many: misc updates for default, browser-support, opengl,
desktop, unity7, x11
- devicestate: fix misbehaving test when using systemd-resolved
- interfaces/removable-media: also allow 'k' (lock)
- interfaces/many: misc updates for default, browser-support,
opengl, desktop, unity7, x11
- corecfg: also "mask" services when disabling them
- tests: add support for autopkgtests on s390x
- snapstate: support for pre-refresh hook
- many: allow to configure core before it is installed
- devicestate: fix unkeyed fields error
- snap-confine: create mount target for lib32,vulkan on demand
- snapstate: add support for refresh.schedule=managed
- cmd/snap-update-ns: teach update logic to handle synthetic changes
- many: remove configure-snapd task again and handle internally
- snap: fix TestDirAndFileMethods() test to work with gccgo
- debian: ensure /var/lib/snapd/lib/vulkan is available
- cmd/snap-confine: use #include instead of bare include
- snapstate: store userID in snapstate
- snapd.dirs: add var/lib/snapd/lib/gl32
- timeutil, overlod/snapstate: cleanup remaining pieces of timeutil
weekday support
- packaging/arch: install missing directories, manpages and version
info
- snapstate,store: store if a snap is a paid snap in the sideinfo
- packaging/arch: pre-create snapd directories when packaging
- tests/main/manpages: set LC_ALL=C as man may complain if the
locale is unset or unsupported
- repo: ConnectedPlug and ConnectedSlot types
- snapd: fix handling of undo in the taskrunner
- store: fix download caching and add integration test
- snapstate: move autorefresh code into autoRefresh helper
- snapctl: don't error out on start/stop/restart from configure hook
during install or refresh
- cmd/snap-update-ns: add planWritableMimic
- deamon: don't omit responses, even if null
- tests: add test for frame buffer interface
- tests/lib: fix shellcheck errors
- apparmor: generate the snap-confine re-exec profile for
AppArmor{Partial,Full}
- tests: remove obsolete workaround
- snap: use existing files in `snap download` if digest/size matches
- tests: merge pepare-project.sh into prepare-restore.sh
- tests: cache snaps to $TESTSLIB/cache
- tests: set -e, -o pipefail in prepare-restore.sh
- apparmor: generate the snap-confine re-exec profile for
AppArmor{Partial,Full}
- cmd/snap-seccomp: fix uid/gid restrictions tests on Arch
- tests: document and slightly refactor prepare/restore code
- snapstate: ensure RefreshSchedule() gives accurate results
- snapstate: add new refresh-hints helper and use it
- spread.yaml,tests: move most of project-wide prepare/restore to
separate file
- timeutil: introduce helpers for weekdays and TimeOfDay
- tests: adding new test for uhid interface
- cmd/libsnap: fix parsing of empty mountinfo fields
- overlord/devicestate: best effort to go to early full retries for
registration on the like of DNS no host
- spread.yaml: bump delta ref to 2.29
- tests: adding test to test physical memory observe interface
- cmd, errtracker: get rid of SNAP_DID_REEXEC environment
- timeutil: remove support to parse weekday schedules
- snap-confine: add workaround for snap-confine on 4.13/upstream
- store: do not log the http body for catalog updates
- snapstate: move catalogRefresh into its own helper
- spread.yaml: fix shellcheck issues and trivial refactor
- spread.yaml: move prepare-each closer to restore-each
- spread.yaml: increase workers for opensuse to 3
- tests: force delete when tests are restore to avoid suite failure
- test: ignore /snap/README
- interfaces/opengl: also allow read on 'revision' in
/sys/devices/pci...
- interfaces/screen-inhibit-control: fix case in screen inhibit
control
- asserts/sysdb: panic early if pointed to staging but staging keys
are not compiled-in
- interfaces: allow /bin/chown and fchownat to root:root
- timeutil: include test input in error message in
TestParseSchedule()
- interfaces/browser-support: adjust base declaration for auto-
connection
- snap-confine: fix snap-confine under lxd
- store: bit less aggressive retry strategy
- tests: add new `fakestore new-snap-{declaration,revision}` helpers
- cmd/snap-update-ns: add secureMkfileAll
- snap: use field names when initializing composite literals
- HACKING: fix path in snap install
- store: add support for flags in ListRefresh()
- interfaces: remove invalid plugs/slots from SnapInfo on
sanitization.
- debian: add missing udev dependency
- snap/validate: extend socket validation tests
- interfaces: add "refresh-schedule" attribute to snapd-control
- interfaces/builtin/account_control: use gid owning /etc/shadow to
setup seccomp rules
- cmd/snap-update-ns: tweak changePerform
- interfaces,tests: skip unknown plug/slot interfaces
- tests: disable interfaces-network-control-tuntap
- cmd: use a preinit_array function rather than parsing
/proc/self/cmdline
- interfaces/time*_control: explicitly deny noisy read on
/proc/1/environ
- cmd/snap-update-ns: misc cleanups
- snapd: allow hooks to have slots
- fakestore: add go-flags to prepare for `new-snap-declaration` cmd
- interfaces/browser-support: add shm path for nwjs
- many: add magic /snap/README file
- overlord/snapstate: support completion for command aliases
- tests: re-enable tun/tap test on Debian
- snap,wrappers: add support for socket activation
- repo: use PlugInfo and SlotInfo for permanent plugs/slots
- tests/interfaces-network-control-tuntap: disable on debian-
unstable for now
- cmd/snap-confine: Loosen the NVIDIA Vulkan ICD glob
- cmd/snap-update-ns: detect and report read-only filesystems
- cmd/snap-update-ns: re-factor secureMkdirAll into
secureMk{Prefix,Dir}
- run-checks, tests/lib/snaps/: shellcheck fixes
- corecfg: validate refresh.schedule when it is applied
- tests: adjust test to match stderr
- snapd: fix snap cookie bugs
- packaging/arch: do not quote MAKEFLAGS
- state: add change.LaneTasks helper
- cmd/snap-update-ns: do not assume 'nogroup' exists
- tests/lib: handle distro specific grub-editenv naming
- cmd/snap-confine: Add missing bi-arch NVIDIA filesthe
`/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl/vdpau` paths within
- cmd: Support exposing NVIDIA Vulkan ICD files to the snaps
- cmd/snap-confine: Implement full 32-bit NVIDIA driver support
- packaging/arch: packaging update
- cmd/snap-confine: Support bash as base runtime entry
- wrappers: do not error on incorrect Exec= lines
- interfaces: fix udev tagging for hooks
- tests/set-proxy-store: exclude ubuntu-core-16 via systems: key
- tests: new tests for network setup control and observe interfaces
- osutil: add helper for obtaining group ID of given file path
- daemon,overlord/snapstate: return snap-not-installed error in more
cases
- interfaces/builtin/lxd_support: allow discovering of host's os-
release
- configstate: add support for configure-snapd for
snapstate.IgnoreHookError
- tests: add a spread test for proxy.store setting together with
store assertion
- cmd/snap-seccomp: do not use group 'shadow' in tests
- asserts/assertstest: fix use of hardcoded value when the passed
or default keys should be used
- interfaces/many: misc policy updates for browser-support, cups-
control and network-status
- tests: fix xdg-open-compat
- daemon: for /v2/logs, 404 when no services are found
- packaging/fedora: Merge changes from Fedora Dist-Git
- cmd/snap-update-ns: add new helpers for mount entries
- cmd/snap-confine: Respect biarch nature of libdirs
- cmd/snap-confine: Ensure snap-confine is allowed to access os-
release
- cmd: fix re-exec bug with classic confinement for host snapd <
2.28
- interfaces/kmod: simplify loadModules now that errors are ignored
- tests: disable xdg-open-compat test
- tests: add test that checks core reverts on core devices
- dirs: use alt root when checking classic confinement support
without
- interfaces/kmod: treat failure to load module as non-fatal
- cmd/snap-update-ns: fix golint and some stale comments
- corecfg: support setting proxy.store if there's a matching store
assertion
- overlord/snapstate: toggle ignore-validation as needed as we do
for channel
- tests: fix security-device-cgroup* tests on devices with
framebuffer
- interfaces/raw-usb: match on SUBSYSTEM, not SUBSYSTEMS
- interfaces: add USB interface number attribute in udev rule for
serial-port interface
- overlord/devicestate: switch to the new endpoints for registration
- snap-update-ns: add missing unit test for desired/current profile
handling
- cmd/{snap-confine,libsnap-confine-private,snap-shutdown}: cleanup
low-level C bits
- ifacestate: make interfaces.Repository available via state cache
- overlord/snapstate: cleanups around switch-snap*
- cmd/snapd,client,daemon: display ignore-validation flag through
the notes mechanism
- cmd/snap-update-ns: add logging to snap-update-ns
- many: have a timestamp on store assertions
- many: lookup and use the URL from a store assertion if one is set
for use
- tests/test-snapd-service: fix shellcheck issues
- tests: new test for hardware-random-control interface
- tests: use `snap change --last=install` in snapd-reexec test
- repo, daemon: use PlugInfo, SlotInfo
- many: handle core configuration internally instead of using the
core configure hook
- tests: refactor and expand content interface test
- snap-seccomp: skip in-kernel bpf tests for socket() in trusty/i386
- cmd/snap-update-ns: allow Change.Perform to return changes
- snap-confine: Support biarch Linux distribution confinement
- partition/ubootenv: don't panic when uboot.env is missing the eof
marker
- cmd/snap-update-ns: allow fault injection to provide dynamic
result
- interfaces/mount: exspose mount.{Escape,Unescape}
- snapctl: added long help to stop/start/restart command
- cmd/snap-update-ns: create missing mount points automatically.
- cmd: downgrade log message in InternalToolPath to Debugf()
- tests: wait for service status change & file update in the test to
avoid races
- daemon, store: forward SSO invalid credentials errors as 401
Unauthorized responses
- spdx: fix for WITH syntax, require a license name before the
operator
- many: reorg things in preparation to make handling of the base url
in store dynamic
- hooks/configure: queue service restarts
- cmd/snap: warn when a snap is not from the tracking channel
- interfaces/mount: add support for parsing x-snapd.{mode,uid,gid}=
- cmd/snap-confine: add detection of stale mount namespace
- interfaces: add plugRef/slotRef helpers for PlugInfo/SlotInfo
- tests: check for invalid udev files during all tests
- daemon: use newChange() in changeAliases for consistency
- servicestate: use taskset
- many: add support for /home on NFS
- packaging,spread: fix and re-enable opensuse builds
* New upstream release, LP: #1726258
- tests: more debug info for classic-ubuntu-core-transition
- packaging: fix typo that causes error in the misspell test
* New upstream release, LP: #1726258
- snap-confine: fix snap-confine under lxd
- tests: disable classic-ubuntu-core-transition on i386 temporarily
- many: reject bad plugs/slots
- interfaces,tests: skip unknown plug/slot interfaces
- store: enable "base" field from the store
- packaging/fedora: Merge changes from Fedora Dist-Git
* New upstream release, LP: #1726258
- daemon: cherry-picked /v2/logs fixes
- cmd/snap-confine: Respect biarch nature of libdirs
- cmd/snap-confine: Ensure snap-confine is allowed to access os-
release
- interfaces: fix udev tagging for hooks
- cmd: fix re-exec bug with classic confinement for host snapd
- tests: disable xdg-open-compat test
- cmd/snap-confine: add slave PTYs and let devpts newinstance
perform mediation
- interfaces/many: misc policy updates for browser-support, cups-
control and network-status
- interfaces/raw-usb: match on SUBSYSTEM, not SUBSYSTEMS
- tests: fix security-device-cgroup* tests on devices with
framebuffer
* New upstream release, LP: #1726258
- snapctl: disable stop/start/restart (2.29)
- cmd/snap-update-ns: fix collection of changes made
* New upstream release, LP: #1726258
- interfaces: fix incorrect signature of ofono DBusPermanentSlot
- interfaces/serial-port: udev tag plugged slots that have just
'path' via KERNEL
- interfaces/hidraw: udev tag plugged slots that have just 'path'
via KERNEL
- interfaces/uhid: unconditionally add existing uhid device to the
device cgroup
- cmd/snap-update-ns: fix mount rules for font sharing
- tests: disable refresh-undo test on trusty for now
- tests: use `snap change --last=install` in snapd-reexec test
- Revert " wrappers: fail install if exec-line cannot be re-written
- interfaces: don't udev tag devmode or classic snaps
- many: make ignore-validation sticky and send the flag with refresh
requests
* New upstream release, LP: #1726258
- interfaces/many: miscellaneous updates based on feedback from the
field
- snap-confine: allow reading uevents from any where in /sys
- spread: add bionic beaver
- debian: make packaging/ubuntu-14.04/copyright a real file again
- tests: cherry pick the fix for services test into 2.29
- cmd/snap-update-ns: initialize logger
- hooks/configure: queue service restarts
- snap-{confine,seccomp}: make @unrestricted fully unrestricted
- interfaces: clean system apparmor cache on core device
- debian: do not build static snap-exec on powerpc
- snap-confine: increase sanity_timeout to 6s
- snapctl: cherry pick service commands changes
- cmd/snap: tell translators about arg names and descs req's
- systemd: run all mount units before snapd.service to avoid race
- store: add a test to show auth failures are forwarded by doRequest
- daemon: convert ErrInvalidCredentials to a 401 Unauthorized error.
- store: forward on INVALID_CREDENTIALS error as
ErrInvalidCredentials
- daemon: generate a forbidden response message if polkit dialog is
dismissed
- daemon: Allow Polkit authorization to cancel changes.
- travis: switch to container based test runs
- interfaces: reduce duplicated code in interface tests mocks
- tests: improve revert related testing
- interfaces: sanitize plugs and slots early in ReadInfo
- store: add download caching
- preserve TMPDIR and HOSTALIASES across snap-confine invocation
- snap-confine: init all arrays with `= {0,}`
- tests: adding test for network-manager interface
- interfaces/mount: don't generate legacy per-hook/per-app mount
profiles
- snap: introduce structured epochs
- tests: fix interfaces-cups-control test for cups-2.2.5
- snap-confine: cleanup incorrectly created nvidia udev tags
- cmd/snap-confine: update valid security tag regexp
- cmd/libsnap: enable two stranded tests
- cmd,packaging: enable apparmor on openSUSE
- overlord/ifacestate: refresh all security backends on startup
- interfaces/dbus: drop unneeded check for
release.ReleaseInfo.ForceDevMode
- dbus: ensure io.snapcraft.Launcher.service is created on re-
exec
- overlord/auth: continue for now supporting UBUNTU_STORE_ID if the
model is generic-classic
- snap-confine: add support for handling /dev/nvidia-modeset
- interfaces/network-control: remove incorrect rules for tun
- spread: allow setting SPREAD_DEBUG_EACH=0 to disable debug-each
section
- packaging: remove .mnt files on removal
- tests: fix econnreset scenario when the iptables rule was not
created
- tests: add test for lxd interface
- run-checks: use nakedret static checker to check for naked
returns on long functions
- progress: be more flexible in testing ansimeter
- interfaces: fix udev rules for tun
- many: implement our own ANSI-escape-using progress indicator
- snap-exec: update tests to follow main_test pattern
- snap: support "command: foo $ENV_STRING"
- packaging: update nvidia configure options
- snap: add new `snap pack` and use in tests
- cmd: correctly name the "Ubuntu" and "Arch" NVIDIA methods
- cmd: add autogen case for solus
- tests: do not use http://canihazip.com/ which appears to be down
- hooks: commands for controlling own services from snapctl
- snap: refactor cmdGet.Execute()
- interfaces/mount: make Change.Perform testable and test it
- interfaces/mount,cmd/snap-update-ns: move change code
- snap-confine: is_running_on_classic_distribution() looks into os-
release
- interfaces: misc updates for default, browser-support, home and
system-observe
- interfaces: deny lttng by default
- interfaces/lxd: lxd slot implementation can also be an app snap
- release,cmd,dirs: Redo the distro checks to take into account
distribution families
- cmd/snap: completion for alias and unalias
- snap-confine: add new SC_CLEANUP and use it
- snap: refrain from running filepath.Base on random strings
- cmd/snap-confine: put processes into freezer hierarchy
- wrappers: fail install if exec-line cannot be re-written
- cmd/snap-seccomp,osutil: make user/group lookup functions public
- snapstate: deal with snap user data in the /root/ directory
- interfaces: Enhance full-confinement support for biarch
distributions
- snap-confine: Only attempt to copy/mount NVIDIA libs when NVIDIA
is used
- packaging/fedora: Add Fedora 26, 27, and Rawhide symlinks
- overlord/snapstate: prefer a smaller corner case for doing the
wrong thing
- cmd/snap-repair: set user agent for snap-repair http requests
- packaging: bring down the delta between 14.04 and 16.04
- snap-confine: Ensure lib64 biarch directory is respected
- snap-confine: update apparmor rules for fedora based base snaps
- tests: Increase SNAPD_CONFIGURE_HOOK_TIMEOUT to 3 minutes to
install real snaps
- daemon: use client.Snap instead of map[string]interface{} for
snaps.
- hooks: rename refresh hook to post-refresh
- git: make the .gitingore file a bit more targeted
- interfaces/opengl: don't udev tag nvidia devices and use snap-
confine instead
- cmd/snap-{confine,update-ns}: apply mount profiles using snap-
update-ns
- cmd: update "make hack"
- interfaces/system-observe: allow clients to enumerate DBus
connection names
- snap-repair: implement `snap-repair {list,show}`
- dirs,interfaces: create snap-confine.d on demand when re-executing
- snap-confine: fix base snaps on core
- cmd/snap-repair: fix tests when running as root
- interfaces: add Connection type
- cmd/snap-repair: skip disabled repairs
- cmd/snap-repair: prefer leaking unmanaged fds on test failure over
closing random ones
- snap-repair: make `repair` binary available for repair scripts
- snap-repair: fix missing Close() in TestStatusHappy
- cmd/snap-confine,packaging: import snapd-generated policy
- cmd/snap: return empty document if snap has no configuration
- snap-seccomp: run secondary-arch tests via gcc-multilib
- snap: implement `snap {repair,repairs}` and pass-through to snap-
repair
- interfaces/builtin: allow receiving dbus messages
- snap-repair: implement `snap-repair {done,skip,retry}`
- data/completion: small tweak to snap completion snippet
- dirs: fix classic support detection
- cmd/snap-repair: integrate root public keys for repairs
- tests: fix ubuntu core services
- tests: add new test that checks that the compat snapd-xdg-open
works
- snap-confine: improve error message if core/u-core cannot be found
- tests: only run tests/regression/nmcli on amd64
- interfaces: mount host system fonts in desktop interface
- interfaces: enable partial apparmor support
- snapstate: auto-install missing base snaps
- spread: work around temporary packaging issue in debian sid
- asserts,cmd/snap-repair: introduce a mandatory summary for repairs
- asserts,cmd/snap-repair: represent RepairID internally as an int
- tests: test the real "xdg-open" from the core snap
- many: implement fetching sections and package names periodically.
- interfaces/network: allow using netcat as client
- snap-seccomp, osutil: use osutil.AtomicFile in snap-seccomp
- snap-seccomp: skip mknod syscall on arm64
- tests: add trivial canonical-livepatch test
- tests: add test that ensures that all core services are working
- many: add logger.MockLogger() and use it in the tests
- snap-repair: fix test failure in TestRepairHitsTimeout
- asserts: add empty values check in HeadersFromPrimaryKey
- daemon: remove unused installSnap var in test
- daemon: reach for Overlord.Loop less thanks to overlord.Mock
- snap-seccomp: manually resolve socket() call in tests
- tests: change regex used to validate installed ubuntu core snap
- cmd/snapctl: allow snapctl -h without a context (regression fix).
- many: use snapcore/snapd/i18n instead of i18n/dumb
- many: introduce asserts.NotFoundError replacing both ErrNotFound
and store.AssertionNotFoundError
- packaging: don't include any marcos in comments
- overlord: use overlord.Mock in more tests, make sure we check the
outcome of Settle
- tests: try to fix staging tests
- store: simplify api base url config
- systemd: add systemd.MockJournalctl()
- many: provide systemd.MockSystemctl() helper
- tests: improve the listing test to not fail for e.g. 2.28~rc2
- snapstate: give snapmgrTestSuite.settle() more time to settle
- tests: fix regex to check core version on snap list
- debian: update trusted account-keys check on 14.04 packaging
- interfaces: add udev netlink support to hardware-observe
- overlord: introduce Mock which enables to use Overlord.Settle for
settle in many more places
- snap-repair: execute the repair and capture logs/status
- tests: run the tests/unit/go everywhere
- daemon, snapstate: move ensureCore from daemon/api.go into
snapstate.go
- cmd/snap: get keys or root document
- spread.yaml: turn suse to manual given that it's breaking master
- many: configure store from state, reconfigure store at runtime
- osutil: AtomicWriter (an io.Writer), and io.Reader versions of
AtomicWrite*
- tests: check for negative syscalls in runBpf() and skip those
tests
- docs: use abolute path in PULL_REQUEST_TEMPLATE.md
- store: move device auth endpoint uris to config (#3831)
* New upstream release, LP: #1714984
- snap-confine: cleanup broken nvidia udev tags
- cmd/snap-confine: update valid security tag regexp
- overlord/ifacestate: refresh udev backend on startup
- dbus: ensure io.snapcraft.Launcher.service is created on re-
exec
- snap-confine: add support for handling /dev/nvidia-modeset
- interfaces/network-control: remove incorrect rules for tun
* New upstream release, LP: #1714984
- interfaces/opengl: don't udev tag nvidia devices and use snap-
confine instead
- debian: fix replaces/breaks for snap-xdg-open (thanks to apw!)
* New upstream release, LP: #1714984
- interfaces/lxd: lxd slot implementation can also be an app
snap
* New upstream release, LP: #1714984
- interfaces: fix udev rules for tun
- release,cmd,dirs: Redo the distro checks to take into account
distribution families
* New upstream release, LP: #1714984
- snap-confine: update apparmor rules for fedora based basesnaps
- snapstate: rename refresh hook to post-refresh for consistency
* New upstream release, LP: #1714984
- hooks: rename refresh to after-refresh
- snap-confine: bind mount /usr/lib/snapd relative to snap-confine
- cmd,dirs: treat "liri" the same way as "arch"
- snap-confine: fix base snaps on core
- hooks: substitute env vars when executing hooks
- interfaces: updates for default, browser-support, desktop, opengl,
upower and stub-resolv.conf
- cmd,dirs: treat manjaro the same as arch
- systemd: do not run auto-import and repair services on classic
- packaging/fedora: Ensure vendor/ is empty for builds and fix spec
to build current master
- many: fix TestSetConfNumber missing an Unlock and other fragility
improvements
- osutil: adjust StreamCommand tests for golang 1.9
- daemon: allow polkit authorisation to install/remove snaps
- tests: make TestCmdWatch more robust
- debian: improve package description
- interfaces: add netlink kobject uevent to hardware observe
- debian: update trusted account-keys check on 14.04 packaging
- interfaces/network-{control,observe}: allow receiving
kobject_uevent() messages
- tests: fix lxd test for external backend
- snap-confine,snap-update-ns: add -no-pie to fix FTBFS on
go1.7,ppc64
- corecfg: mock "systemctl" in all corecfg tests
- tests: fix unit tests on Ubuntu 14.04
- debian: add missing flags when building static snap-exec
- many: end-to-end support for the bare base snap
- overlord/snapstate: SetRootDir from SetUpTest, not in just some
tests
- store: have an ad-hoc method on cfg to get its list of uris for
tests
- daemon: let client decide whether to allow interactive auth via
polkit
- client,daemon,snap,store: add license field
- overlord/snapstate: rename HasCurrent to IsInstalled, remove
superfluous/misleading check from All
- cmd/snap: SetRootDir from SetUpTest, not in just some individual
tests.
- systemd: rename snap-repair.{service,timer} to snapd.snap-
repair.{service,timer}
- snap-seccomp: remove use of x/net/bpf from tests
- httputil: more naive per go version way to recreate a default
transport for tls reconfig
- cmd/snap-seccomp/main_test.go: add one more syscall for arm64
- interfaces/opengl: use == to compare, not =
- cmd/snap-seccomp/main_test.go: add syscalls for armhf and arm64
- cmd/snap-repair: track and use a lower bound for the time for
TLSchecks
- interfaces: expose bluez interface on classic OS
- snap-seccomp: add in-kernel bpf tests
- overlord: always try to get a serial, lazily on classic
- tests: add nmcli regression test
- tests: deal with __PNR_chown on aarch64 to fix FTBFS on arm64
- tests: add autopilot-introspection interface test
- vendor: fix artifact from manually editing vendor/vendor.json
- tests: rename complexion to test-snapd-complexion
- interfaces: add desktop and desktop-legacy
interfaces/desktop: add new 'desktop' interface for modern DEs
interfaces/builtin/desktop_test.go: use modern testing techniques
interfaces/wayland: allow read on /etc/drirc for Plasma desktop
interfaces/desktop-legacy: add new 'legacy' interface (currently
for a11y and input)
- tests: fix race in snap userd test
- devices/iio: add read/write for missing sysfs entries
- spread: don't set HTTPS?_PROXY for linode
- cmd/snap-repair: check signatures of repairs from Next
- env: set XDG_DATA_DIRS for wayland et.al.
- interfaces/{default,account-control}: Use username/group instead
of uid/gid
- interfaces/builtin: use udev tagging more broadly
- tests: add basic lxd test
- wrappers: ensure bash completion snaps install on core
- vendor: use old golang.org/x/crypto/ssh/terminal to build on
powerpc again
- docs: add PULL_REQUEST_TEMPLATE.md
- interfaces: fix network-manager plug
- hooks: do not error out when hook is optional and no hook handler
is registered
- cmd/snap: add userd command to replace snapd-xdg-open
- tests: new regex used to validate the core version on extra snaps
ass...
- snap: add new `snap switch` command
- tests: wait more and more debug info about fakestore start issues
- apparmor,release: add better apparmor detection/mocking code
- interfaces/i2c: adjust sysfs rule for alternate paths
- interfaces/apparmor: add missing call to dirs.SetRootDir
- cmd: "make hack" now also installs snap-update-ns
- tests: copy files with less verbosity
- cmd/snap-confine: allow using additional libraries required by
openSUSE
- packaging/fedora: Merge changes from Fedora Dist-Git
- snapstate: improve the error message when classic confinement is
not supported
- tests: add test to ensure amd64 can run i386 syscall binaries
- tests: adding extra info for fakestore when fails to start
- tests: install most important snaps
- cmd/snap-repair: more test coverage of filtering
- squashfs: remove runCommand/runCommandWithOutput as we do not need
it
- cmd/snap-repair: ignore superseded revisions, filter on arch and
models
- hooks: support for refresh hook
- Partial revert "overlord/devicestate, store: update device auth
endpoints URLs"
- cmd/snap-confine: allow reading /proc/filesystems
- cmd/snap-confine: genearlize apparmor profile for various lib
layout
- corecfg: fix proxy.* writing and add integration test
- corecfg: deal with system.power-key-action="" correctly
- vendor: update vendor.json after (presumed) manual edits
- cmd/snap: in `snap info`, don't print a newline between tracks
- daemon: add polkit support to /v2/login
- snapd,snapctl: decode json using Number
- client: fix go vet 1.7 errors
- tests: make 17.04 shellcheck clean
- tests: remove TestInterfacesHelp as it breaks when go-flags
changes
- snapstate: undo a daemon restart on classic if needed
- cmd/snap-repair: recover brand/model from
/var/lib/snapd/seed/assertions checking signatures and brand
account
- spread: opt into unsafe IO during spread tests
- snap-repair: update snap-repair/runner_test.go for API change in
makeMockServer
- cmd/snap-repair: skeleton code around actually running a repair
- tests: wait until the port is listening after start the fake store
- corecfg: fix typo in tests
- cmd/snap-repair: test that redirects works during fetching
- osutil: honor SNAPD_UNSAFE_IO for testing
- vendor: explode and make more precise our golang.go/x/crypto deps,
use same version as Debian unstable
- many: sanitize NewStoreStack signature, have shared default store
test private keys
- systemd: disable `Nice=-5` to fix error when running inside lxd
- spread.yaml: update delta ref to 2.27
- cmd/snap-repair: use E-Tags when refetching a repair to retry
- interfaces/many: updates based on chromium and mrrescue denials
- cmd/snap-repair: implement most logic to get the next repair to
run/retry in a brand sequence
- asserts/assertstest: copy headers in SigningDB.Sign
- interfaces: convert uhid to common interface and test cases
improvement for time_control and opengl
- many tests: move all panicing fake store methods to a common place
- asserts: add store assertion type
- interfaces: don't crash if content slot has no attributes
- debian: do not build with -buildmode=pie on i386
- wrappers: symlink completion snippets when symlinking binaries
- tests: adding more debug information for the interfaces-cups-
control
- apparmor: pass --quiet to parser on load unless SNAPD_DEBUG is set
- many: allow and support serials signed by the 'generic' authority
instead of the brand
- corecfg: add proxy configuration via `snap set core
proxy.{http,https,ftp}=...`
- interfaces: a bunch of interfaces test improvement
- tests: enable regression and completion suites for opensuse
- tests: installing snapd for nested test suite
- interfaces: convert lxd_support to common iface
- interfaces: add missing test for camera interface.
- snap: add support for parsing snap layout section
- cmd/snap-repair: like for downloads we cannot have a timeout (at
least for now), less aggressive retry strategies
- overlord: rely on more conservative ensure interval
- overlord,store: no piles of return args for methods gathering
device session request params
- overlord,store: send model assertion when setting up device
sessions
- interfaces/misc: updates for unity7/x11, browser-
support, network-control and mount-observe
interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
interfaces/browser-support: update sysfs reads for
newer browser versions, interfaces/network-control: rw for
ieee80211 advanced wireless interfaces/mount-observe: allow read
on sysfs entries for block devices
- tests: use dnf --refresh install to avert stale cache
- osutil: ensure TestLockUnlockWorks uses supported flock
- interfaces: convert lxd to common iface
- tests: restart snapd to ensure re-exec settings are applied
- tests: fix interfaces-cups-control test
- interfaces: improve and tweak bunch of interfaces test cases.
- tests: adding extra worker for fedora
- asserts,overlord/devicestate: support predefined assertions that
don't establish foundational trust
- interfaces: convert two hardware_random interfaces to common iface
- interfaces: convert io_ports_control to common iface
- tests: fix for upgrade test on fedora
- daemon, client, cmd/snap: implement snap start/stop/restart
- cmd/snap-confine: set _FILE_OFFSET_BITS to 64
- interfaces: covert framebuffer to commonInterface
- interfaces: convert joystick to common iface
- interfaces/builtin: add the spi interface
- wrappers, overlord/snapstate/backend: make link-snap clean up on
failure.
- interfaces/wayland: add wayland interface
- interfaces: convert kvm to common iface
- tests: extend upower-observe test to cover snaps providing slots
- tests: enable main suite for opensuse
- interfaces: convert physical_memory_observe to common iface
- interfaces: add missing test for optical_drive interface.
- interfaces: convert physical_memory_control to common iface
- interfaces: convert ppp to common iface
- interfaces: convert time-control to common iface
- tests: fix failover test
- interfaces/builtin: rework for avahi interface
- interfaces: convert broadcom-asic-control to common iface
- snap/snapenv: document the use of CoreSnapMountDir for SNAP
- packaging/arch: drop patches merged into master
- cmd: fix mustUnsetenv docstring (thanks to Chipaca)
- release: remove default from VERSION_ID
- tests: enable regression, upgrade and completion test suites for
fedora
- tests: restore interfaces-account-control properly
- overlord/devicestate, store: update device auth endpoints URLs
- tests: fix install-hook test failure
- tests: download core and ubuntu-core at most once
- interfaces: add common support for udev
- overlord/devicestate: fix, don't assume that the serial is backed
by a 1-key chain
- cmd/snap-confine: don't share /etc/nsswitch from host
- store: do not resume a download when we already have the whole
thing
- many: implement "snap logs"
- store: don't call useDeltas() twice in quick succession
- interfaces/builtin: add kvm interface
- snap/snapenv: always expect /snap for $SNAP
- cmd: mark arch as non-reexecing distro
- cmd: fix tests that assume /snap mount
- gitignore: ignore more build artefacts
- packaging: add current arch packaging
- interfaces/unity7: allow receiving media key events in (at least)
gnome-shell
- interfaces/many, cmd/snap-confine: miscellaneous policy updates
- interfaces/builtin: implement broadcom-asic-control interface
- interfaces/builtin: reduce duplication and remove cruft in
Sanitize{Plug,Slot}
- tests: apply underscore convention for SNAPMOUNTDIR variable
- interfaces/greengrass-support: adjust accesses now that have
working snap
- daemon, client, cmd/snap: implement "snap services"
- tests: fix refresh tests not stopping fake store for fedora
- many: add the interface command
- overlord/snapstate/backend: some copydata improvements
- many: support querying and completing assertion type names
- interfaces/builtin: discard empty Validate{Plug,Slot}
- cmd/snap-repair: start of Runner, implement first pass of Peek
and Fetch
- tests: enable main suite on fedora
- snap: do not always quote the snap info summary
- vendor: update go-flags to address crash in "snap debug"
- interfaces: opengl support pci device and vendor
- many: start implenting "base" snap type on the snapd side
- arch,release: map armv6 correctly
- many: expose service status in 'snap info'
- tests: add browser-support interface test
- tests: disable snapd-notify for the external backend
- interfaces: Add /run/uuid/request to openvswitch
- interfaces: add password-manager-service implicit classic
interface
- cmd: rework reexec detection
- cmd: fix re-exec bug when starting from snapd 2.21
- tests: dependency packages installed during prepare-project
- tests: remove unneeded check for re-exec in InternalToolPath()
- cmd,tests: fix classic confinement confusing re-execution code
- store: configurable base api
- tests: fix how package lists are updated for opensuse and fedora
* New upstream release, LP: #1703798:
- interfaces: add udev netlink support to hardware-observe
- interfaces/network-{control,observe}: allow receiving
kobject_uevent() messages
* New upstream release, LP: #1703798:
- interfaces: fix network-manager plug regression
- hooks: do not error when hook handler is not registered
- interfaces/alsa,pulseaudio: allow read on udev data for sound
- interfaces/optical-drive: read access to udev data for /dev/scd*
- interfaces/browser-support: read on /proc/vmstat and misc udev
data
* New upstream release, LP: #1703798:
- snap-seccomp: add secondary arch for unrestricted snaps as well
* New upstream release, LP: #1703798:
- systemd: disable `Nice=-5` to fix error when running inside lxdSee
https://bugs.launchpad.net/snapd/+bug/1709536
* New upstream release, LP: #1703798:
- tests: remove TestInterfacesHelp as it breaks when go-flags
changes
- interfaces: don't crash if content slot has no attributes
- debian: do not build with -buildmode=pie on i386
- interfaces: backport broadcom-asic-control interface
- interfaces: allow /usr/bin/xdg-open in unity7
- store: do not resume a download when we already have the whole
thing
* New upstream release, LP: #1703798:
- tests: use dnf --refresh install to avert stale cache
- tests: fix test failure on 14.04 due to old version of
flock
- updates for unity7/x11, browser-support, network-control,
mount-observe
- interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
- interfaces/browser-support: update sysfs reads for
newer browser versions
- interfaces/network-control: rw for ieee80211 advanced wireless
- interfaces/mount-observe: allow read on sysfs entries for block
devices
* New upstream release, LP: #1703798
- fix build failure on 32bit fedora
- interfaces: add password-manager-service implicit classic interface
- interfaces/greengrass-support: adjust accesses now that have working
snap
- interfaces/many, cmd/snap-confine: miscellaneous policy updates
- interfaces/unity7: allow receiving media key events in (at least)
gnome-shell
- cmd: fix re-exec bug when starting from snapd 2.21
- tests: restore interfaces-account-control properly
- cmd: fix tests that assume /snap mount
- cmd: mark arch as non-reexecing distro
- snap-confine: don't share /etc/nsswitch from host
- store: talk to api.snapcraft.io for purchases
- hooks: support for install and remove hooks
- packaging: fix Fedora support
- tests: add bluetooth-control interface test
- store: talk to api.snapcraft.io for assertions
- tests: remove snapd before building from branch
- tests: add avahi-observe interface test
- store: orders API now checks if customer is ready
- cmd/snap: snap find only searches stable
- interfaces: updates default, mir, optical-observe, system-observe,
screen-inhibit-control and unity7
- tests: speedup prepare statement part 1
- store: do not send empty refresh requests
- asserts: fix error handling in snap-developer consistency check
- systemd: add explicit sync to snapd.core-fixup.sh
- snapd: generate snap cookies on startup
- cmd,client,daemon: expose "force devmode" in sysinfo
- many: introduce and use strutil.ListContains and also
strutil.SortedListContains
- assserts,overlord/assertstate: test we don't accept chains of
assertions founded on a self-signed key coming externally
- interfaces: enable access to bridge settings
- interfaces: fix copy-pasted iio vs io in io-ports-control
- cmd/snap-confine: various small fixes and tweaks to seccomp
support code
- interfaces: bring back seccomp argument filtering
- systemd, osutil: rework systemd logs in preparation for services
commands
- tests: store /etc/systemd/system/snap-*core*.mount in snapd-
state.tar.gz
- tests: shellcheck improvements for tests/main tasks - first set of
tests
- cmd/snap: `--last` for abort and watch, and aliases
(searchfind, changetasks)
- tests: shellcheck improvements for tests/lib scripts
- tests: create ramdisk if it's not present
- tests: shellcheck improvements for nightly upgrade and regressions
tests
- snapd: fix for snapctl get panic on null config values.
- tests: fix for rng-tools service not restarting
- systemd: add snapd.core-fixup.service unit
- cmd: avoid using current symlink in InternalToolPath
- tests: fix timeout issue for test refresh core with hanging
- intefaces: control bridged vlan/ppoe-tagged traffic
- cmd/snap: include snap type in notes
- overlord/state: Abort() only visits each task once
- tests: extend find-private test to cover more cases
- snap-seccomp: skip socket() tests on systems that use socketcall()
instead of socket()
- many: support snap title as localized/title-cased name
- snap-seccomp: deal with mknod on aarch64 in the seccomp tests
- interfaces: put base policy fragments inside each interface
- asserts: introduce NewDecoderWithTypeMaxBodySize
- tests: fix snapd-notify when it takes more time to restart
- snap-seccomp: fix snap-seccomp tests in artful
- tests: fix for create-key task to avoid rng-tools service ramains
alive
- snap-seccomp: make sure snap-seccomp writes the bpf file
atomically
- tests: do not disable ipv6 on core systems
- arch: the kernel architecture name is armv7l instead of armv7
- snap-confine: ensure snap-confine waits some seconds for seccomp
security profiles
- tests: shellcheck improvements for tests/nested tasks
- wrappers: add SyslogIdentifier to the service unit files.
- tests: shellcheck improvements for unit tasks
- asserts: implement FindManyTrusted as well
- asserts: open up and optimize Encoder to help avoiding unnecessary
copying
- interfaces: simplify snap-confine by just loading pre-generated
bpf code
- tests: restart rng-tools services after few seconds
- interfaces, tests: add mising dbus abstraction to system-observe
and extend spread test
- store: change main store host to api.snapcraft.io
- overlord/cmdstate: new package for running commands as tasks.
- spread: help libapt resolve installing libudev-dev
- tests: show the IP from .travis.yaml
- tests/main: use pkgdb function in more test cases
- cmd,daemon: add debug command for displaying the base policy
- tests: prevent quoting error on opensuse
- tests: fix nightly suite
- tests: add linode-sru backend
- snap-confine: validate SNAP_NAME against security tag
- tests: fix ipv6 disable for ubuntu-core
- tests: extend core-revert test to cover bluez issues
- interfaces/greengrass-support: add support for Amazon Greengrass
as a snap
- asserts: support timestamp and optional disabled header on repair
- tests: reboot after upgrading to snapd on the -proposed pocket
- many: fix test cases to work with different DistroLibExecDir
- tests: reenable help test on ubuntu and debian systems
- packaging/{opensuse,fedora}: allow package build with testkeys
included
- tests/lib: generalize RPM build support
- interfaces/builtin: sync connected slot and permanent slot snippet
- tests: fix snap create-key by restarting automatically rng-tools
- many: switch to use http numeric statuses as agreed
- debian: add missing Type=notify in 14.04 packaging
- tests: mark interfaces-openvswitch as manual due to prepare errors
- debian: unify built_using between the 14.04 and 16.04 packaging
branch
- tests: pull from urandom when real entropy is not enough
- tests/main/manpages: install missing man package
- tests: add refresh --time output check
- debian: add missing "make -C data/systemd clean"
- tests: fix for upgrade test when it is repeated
- tests/main: use dir abstraction in a few more test cases
- tests/main: check for confinement in a few more interface tests
- spread: add fedora snap bin dir to global PATH
- tests: check that locale-control is not present on core
- many: snapctl outside hooks
- tests: add whoami check
- interfaces: compose the base declaration from interfaces
- tests: fix spread flaky tests linode
- tests,packaging: add package build support for openSUSE
- many: slight improvement of some snap error messaging
- errtracker: Include /etc/apparmor.d/usr.lib.snap-confine md5sum in
err reports
- tests: fix for the test postrm-purge
- tests: restoring the /etc/environment and service units config for
each test
- daemon: make snapd a "Type=notify" daemon and notify when startup
is done
- cmd/snap-confine: add support for --base snap
- many: derive implicit slots from interface meta-data
- tests: add core revert test
- tests,packaging: add package build support for Fedora for our
spread setup
- interfaces: move base declaration to the policy sub-package
- tests: fix for snapd-reexec test cheking for restart info on debug
log
- tests: show available entropy on error
- tests: clean journalctl logs on trusty
- tests: fix econnreset on staging
- tests: modify core before calling set
- tests: add snap-confine privilege test
- tests: add staging snap-id
- interfaces/builtin: silence ptrace denial for network-manager
- tests: add alsa interface spread test
- tests: prefer ipv4 over ipv6
- tests: fix for econnreset test checking that the download already
started
- httputil,store: extract retry code to httputil, reorg usages
- errtracker: report if snapd did re-execute itself
- errtracker: include bits of snap-confine apparmor profile
- tests: take into account staging snap-ids for snap-info
- cmd: add stub new snap-repair command and add timer
- many: stop "snap refresh $x --channel invalid" from working
- interfaces: revert "interfaces: re-add reverted ioctl and quotactl
- snapstate: consider connect/disconnect tasks in
CheckChangeConflict.
- interfaces: disable "mknod |N" in the default seccomp template
again
- interfaces,overlord/ifacestate: make sure installing slots after
plugs works similarly to plugs after slots
- interfaces/seccomp: add bind() syscall for forced-devmode systems
- packaging/fedora: Sync packaging from Fedora Dist-Git
- tests: move static and unit tests to spread task
- many: error types should be called FooError, not ErrFoo.
- partition: add directory sync to the save uboot.env file code
- cmd: test everything (100% coverage \o/)
- many: make shell scripts shellcheck-clean
- tests: remove additional setup for docker on core
- interfaces: add summary to each interface
- many: remove interface meta-data from list of connections
- logger (& many more, to accommodate): drop explicit syslog.
- packaging: import packaging bits for opensuse
- snapstate,many: implement snap install --unaliased
- tests/lib: abstract build dependency installation a bit more
- interfaces, osutil: move flock code from interfaces/mount to
osutil
- cmd: auto import assertions only from ext4,vfat file systems
- many: refactor in preparation for 'snap start'
- overlord/snapstate: have an explicit code path last-refresh
unset/zero => immediately refresh try
- tests: fixes for executions using the staging store
- tests: use pollinate to seed the rng
- cmd/snap,tests: show the sha3-384 of the snap for snap info
--verbose SNAP-FILE
- asserts: simplify and adjust repair assertion definition
- cmd/snap,tests: show the snap id if available in snap info
- daemon,overlord/auth: store from model assertion wins
- cmd/snap,tests/main: add confinement switch instead of spread
system blacklisting
- many: cleanup MockCommands and don't leave a process around after
hookstate tests
- tests: update listing test to the core version number schema
- interfaces: allow snaps to use the timedatectl utility
- packaging: Add Fedora packaging files
- tests/libs: add distro_auto_remove_packages function
- cmd/snap: correct devmode note for anomalous state
- tests/main/snap-info: use proper pkgdb functions to install distro
packages
- tests/lib: use mktemp instead of tempfile to work cross-distro
- tests: abstract common dirs which differ on distributions
- many: model and expose interface meta-data.
- overlord: make config defaults from gadget work also at first boot
- interfaces/log-observe: allow using journalctl from hostfs for
classic distro
- partition,snap: add support for android boot
- errtracker: small simplification around readMachineID
- snap-confine: move rm_rf_tmp to test-utils.
- tests/lib: introduce pkgdb helper library
- errtracker: try multiple paths to read machine-id
- overlord/hooks: make sure only one hook for given snap is executed
at a time.
- cmd/snap-confine: use SNAP_MOUNT_DIR to setup /snap inside the
confinement env
- tests: bump kill-timeout and remove quiet call on build
- tests/lib/snaps: add a test store snap with a passthrough
configure hook
- daemon: teach the daemon to wait on active connections when
shutting down
- tests: remove unit tests task
- tests/main/completion: source from /usr/share/bash-completion
- assertions: add "repair" assertion
- interfaces/seccomp: document Backend.NewSpecification
- wrappers: make StartSnapServices cleanup any services that were
added if a later one fails
- overlord/snapstate: avoid creating command aliases for daemons
- vendor: remove unused packages
- vendor,partition: fix panics from uenv
- cmd,interfaces/mount: run snap-update-ns and snap-discard-ns from
core if possible
- daemon: do not allow to install ubuntu-core anymore
- wrappers: service start/stop were inconsistent
- tests: fix failing tests (snap core version, syslog changes)
- cmd/snap-update-ns: add actual implementation
- tests: improve entropy also for ubuntu
- cmd/snap-confine: use /etc/ssl from the core snap
- wrappers: don't convert between []byte and string needlessly.
- hooks: default timeout
- overlord/snapstate: Enable() was ignoring the flags from the
snap's state, resulting in losing "devmode" on disable/enable.
- difs,interfaces/mount: add support for locking namespaces
- interfaces/mount: keep track of kept mount entries
- tests/main: move a bunch of greps over to MATCH
- interfaces/builtin: make all interfaces private
- interfaces/mount: spell unmount correctly
- tests: allow 16-X.Y.Z version of core snap
- the timezone_control interface only allows changing /etc/timezone
and /etc/writable/timezone. systemd-timedated also updated the
link of /etc/localtime and /etc/writable/localtime ... allow
access to this file too
- cmd/snap-confine: aggregate operations holding global lock
- api, ifacestate: resolve disconnect early
- interfaces/builtin: ensure we don't register interfaces twice
* New upstream release, LP: #1690083
- cmd: fix incorrect re-exec when starting from snapd 2.21
* New upstream release, LP: #1690083
- cmd,tests: fix classic confinement confusing re-execution code
- cmd: fix incorrect check check for re-exec in InternalToolPath()
- snap-seccomp: add secondary arch for unrestricted snaps as well
* New upstream release, LP: #1690083
- Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
* New upstream release, LP: #1690083
- statically link libseccomp in snap-seccomp to fix refresh issue
on trusty
* New upstream release, LP: #1690083
- Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
- add snapd.core-fixup.service unit
- ensure re-exec uses the right internal tools
* New upstream release, LP: #1690083
- interfaces: allow snaps to use the timedatectl utility in
time-control
* New upstream release, LP: #1690083
- backport of seccomp-bpf branch to the 2.26 release to ensure snap
revert with new seccomp syntax works correctly
* New upstream release, LP: #1690083
- partly revert aace15ab53 to unbreak core reverts
- Revert "interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)"
- Disable "mknod |N" in the default seccomp template
reasons outline in https://forum.snapcraft.io/t/snapd-2-25-blocked-because-of-revert-race-condition
- errtracker: include bits of snap-confine apparmor profile
- errtracker: report if snapd did re-execute itself
* New upstream release, LP: #1690083
- cherry pick test fixes f0103a6, 9de5c8a, d7725a7 to make
sure the image tests are updated for the changes in the
`snap info core` output and the removal of the rsyslog
package from core.
* New upstream release, LP: #1690083
- cherry pick d444728 to make the uboot.env file parsing more
robust
* New upstream release, LP: #1690083
- store: fix panic error in auth
- tests: the new ubuntu-image snap needs classic confinement, adjust
tests
- cmd/snap-confine: don't fail on pre 3.8 kernel
* New upstream release, LP: #1690083
- timeutil: avoid panicking when the window is very small
- image: fix go vet issue
- overlord/ifacestate: don't spam logs with harmless auto-connect
messages
- interfaces/builtin: add network-status interface
- interfaces/builtin: add online-accounts-service interface
- interfaces/builtin: distribute code of touching allInterfaces
- interfaces: API additions for interface hooks
- interfaces/builtin: add storage-framework-service interface
- tests: disable create-key test on ppc64el for artful (expect not
working)
- snap: make `snap prepare-image --extra-snaps` derive side info
- tests: unify tests/{main/completion,completion}/lib.exp0
- cmd/snap: tweak info channels output
- interfaces: ensure that legacy interface methods are unused
- packaging: cleanup how built-using is generated
- tests: extend kernel-module-control interface test
- interfaces/network: workaround Go's need for NETLINK_ROUTE with
'net'.
- cmd/snap-confine: use defensive argument parser
- tests: add test for empty snap name on revert
- overlord/hookstate: remove unused Context.timeout
- tests: additional setup in docker test for core systems
- configstate: return error if patch is invalid
- interfaces: add random interface
- store, daemon, client, cmd/snap: handle PASSWORD_POLICY_ERROR
- cmd/snap, client: add "whoami" command
- cmd/snap: iterate interface tab completion
- snap: move locale-control to only be present on classic
- interfaces/browser-support: deny read on squashfs backing files
and LVM vg names
- tests: wait for the docker socket to be listening
- snap: add `snap refresh --time` option
- tests: re-enable and moderninze /media sharing test
- cmd: make rst2man optional
- tests: remove quoting from [[ ]] when globs
- interfaces: allow plugging DBus clients to introspect the slot
service
- packaging/ubuntu*/changelog: drop extra dash
- snap-confine: init the ENTRY variable, coverity is unhappy
otherwise
- cmd/snap-confine/spread-tests: discard useless --version test
- spread: add spread target qemu:debian-9-64
- interfaces: mediate netlink sockets via seccomp
- tests,cmd/snap-confine: port older snapd-discard-ns tests
- cmd/snap-confine/tests: fix shellcheck on recently added files
- tests/upgrade: force install core snap from beta for debian
- overlord/snapstate/backend,interfaces/mount: move ns management
code.
- tests: extend network-control spread test to cope with network
namespaces
- tests: fail early in the spread suite if trying to run it inside a
container
- tests: set ownership of $PROJECT_PATH for the external backend
- tests: specify the auto-refreshable snap being tested
- many: fix tests with go1.8 / artful
- fix for tests: debian does not have /snap/bin in secure_path so
sudo
- snap: support for snap tasks --last=...
- cmd/snap-confine: remove obsolete debug message
- address review feedback, add a lot of comments :-), call
shellcheck on the completion scripts, fix a bug in compopt
* New upstream release, LP: #1686713
- interfaces/default: allow mknod for regular files, pipes and
sockets
- many: use "SNAP.APP as ALIAS" instead of => when listing
added/removed aliases
- cmd/snap-confine: write current mount profile
- cmd/snap-discard-ns: remove current profile when cleaning up
- many: support debian in our CI
- tests: tweak time for econnreset test a bit more
- cmd/snap-confine: re-enable re-assciate fix for CE
- many: aliases v2 cleanups
- cmd/snap-confine: don't use apparmor if it is disabled on boot
- many: implement `snap prefer <snap>` (aliases v2)
- many: adjust /aliases and "snap aliases" to aliases v2, also some
cleanup
- snapstate: normalize gadget defaults
- many: allow core refresh.schedule setting
- many: show alias changes on snap alias/unalias (aliases v2)
- client,cmd/snap: improve messaging on --devmode and --classic
- many: implement `snap unalias <alias-or-snap>` (aliases v2)
- store: retry on connection reset
- interfaces/mount: add Change.Perform
- tests: add openvswitch interface spread test
- interfaces/i2c: allow modifying device-specific sysfs entries
- interfaces: allow writing to /run/systemd/journal/stdout by
default
- tests: ensure travis fails early if static checks fail
- store,daemon: make store interpret channel="" as stable in most
cases
- overlord/snapstate: make UpdateAliases idempotent, simplify the
backend interface bits for aliases not used anymore (aliases v2)
- many: implement snap alias <snap.app> <alias> (aliases v2)
- snap-confine: add code to ensure that / or /snap is mounted
"shared"
- many: show available "tracks" in `snap info`
- cmd/snap: make users Xauthority file available in snap environment
- interfaces/mount: write current fstab files with mode 0644
- overlord: switch to aliases v2 tasks for install/refresh etc ops
plus transition
- tests: parameterize gadget snap channel (#3117)
- tests: copy .real profile as .real
- tests: add empty initrd failover test
- many: mount squashfs as read-only
- cmd: make locking around namespaces explicit
- tests: address review comments from #3186
- tests: add dbus interface spread test
- interfaces/mount: add ReadMountInfo and LoadMountInfo
- snap: require snap name for 'revert'
- overlord: maintain per-revision snapshots of snap configuration
- tests: relax network-bind interface regexps
- interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)
- store: retry once on hashsum mismatches in a Download()
- interfaces/builtin: don't panic if content plug has nil attrs
- interfaces/mount: pass mount.Profile to mount.NeededChanges
- packaging: add `built-using` header for 16.04 packaging
- interfaces: add media-hub interface
- interfaces/builtin: allow full access to properties iface of the
udisks service
- tests: handle case when both .real and plain are present
- interfaces/mount: add Change.String for readable output
- tests: ensure we mock force dev mode as well to fix FTBFS in
sbuild
- store: add more logs around retry in download
- interfaces/mount: add stub Change.{Needed,Perform}
- tests: allow installing snapd from -proposed for SRU validation
- interfaces/mount: parse mount options to map[string]string
- snap: added tasks subcommand
- tests: copy snap-confine apparmor profile into testbed
- interfaces/mount: improve go identifier names of mountinfo, parse
optional fields
- Arch Linux wants to respect FHS
(https://bugs.archlinux.org/task/53656),
- daemon: do not set RemoveSnapPath flag when doing a try
- debian: add maintscript helper to remove usr.lib.snapd.snap-
confine in snap-confine
- cmd/snap-confine: don't use plain "classic" term
- cmd/snap-confine: set TMPDIR and TEMPDIR each time
- many: fixes for `go vet` in go 1.7
- tests: add kernel-module-control interface test
- overlord/snapstate: introduce tasks for aliases v2 semantics with
temporary names for now (aliases v2)
- overlord/devicestate: switch to ssh-keygen for device key
generation
- snap: skip /dev/ram from auto-import assertions to make it less
noisy (#3010)
- interfaces: add kubernetes-support interface and adjust related
interfaces (LP: #1664638)
- tests: download previous snapd package from published versions
instead of specific PPA
- snap: run snap-confine from core if snap is also running from core
- overlord/ifacestate: automatically rename connections on core snap
- many: break the /aliases mutation API with a clean 400 (aliases
v2)
- interfaces/builting: allow read-only access to /sys/module
- tests: add extra test after the core transition for snap get/set
core
- store: misc cleanups in tests
- interfaces/mount: add parser for mountinfo entries
- store: tests for unexpected EOF
- tests: fix unity test
- interfaces,overlord: log interface auto-connection failures
- cmd/snap-update-ns: add C preamble for setns
- interfaces: validate plug/slot uniqueness
* New upstream release, LP: #1681799:
- fix autopkgtest failures with stable core snap
- ensure the snap-confine transitional package cleans up
the no-longer-used apparmor profile to fix the kernels
autopkgtest failures
* New upstream release, LP: #1681799:
- interfaces/mount: add InfoEntry type
- many: fix plug auto-connect during core transition
- interfaces: fold network bind into core support with tests
- .travis.yml: add option to make raw log less noisy
- interfaces: adjust shm accesses to use 'm' for updated mmap kernel
mediation
- many: rename two core plugs that clash with slot names
- snap-confine,browser-support: /dev/tty for snap-confine, misc
browser-support for gnome-shell
- store: add download test with EOF in the middle
- tests: adjust to look for network-bind-plug
- store: make hash error message more accurate
- overlord/snapstate: simplify AliasesStatus down to just an
AutoAliasesDisabled bool flag (aliases v2)
- errtracker: never send errtracker reports when running under
SNAPPY_TESTING
- interfaces/repo: validate slot/plug names
- daemon: Give the snap directories via GET /v2/system-info
- interfaces/unity7: support unity messaging menu
- interfaces/mount: add high-level Profile functions
- git: ignore only the cmd/Makefile{,.in}
- cmd: explicitly set _GNU_SOURCE and _FILE_OFFSET_BITS for xfs
support
- daemon: add desktop file location for app to the API
- overlord,release: disable classic snap support when not possible
- overlord: fix TestEnsureLoopPrune not to be so racy
- many: abstract path to /bin/{true,false}
- data/systemd: tweak data/systemd/Makefile to be slightly simpler
- store: handle EOF via url.Error check
- packaging: use templates for relevant systemd units
- tests: run gccgo only on ubuntu-16.04-64
- .travis.yml: remove travis matrix and do a single sequential run
- overlord/state: make sure that setting to nil a state key is
equivalent to deleting it
- tests: fix incorrect shell expression
- interfaces/mount: add OptsToFlags for converting arguments to
syscall
- interfaces: add a joystick interface
- tests: enable docker test for more ubuntu-core systems
- tests: download and install additional dependencies when using
prepackaged snapd
- many: add support for partially static builds
- interfaces: allow slot to introspect dbus-daemon in dbus
interface, allow /usr/bin/arch by default
- interfaces/mount: fix golint issues
- interfaces/mount: add function for saving fstab-like file
- osutil: introducing GetenvInt64, like GetenvBool but Int64er.
- interfaces: drop udev tagging from framebuffer interface
- snapstate: more helpers to work with aliases state (aliases
v2)
- interfaces/mount: add function for parsing fstab-like file
- cmd: disable the re-associate fix as requested by jdstrand
- overlord/snapstate: unlock/relock the state less, especially not
across mutating the SnapState of a snap
- interfaces: allow executing ld.so (needed with new AppArmor base
abstraction)
- interfaces/mount: add function for parsing mount entries
- cmd: rework header check for xfs/xqm.h
- cmd: add poky to the list of distros which don't support reexec
- overlord: finish reorg, revert "be more conservative until we have
cut 2.23.x"
- cmd: select what socket to use in cmd/snap{,ctl}
- overlord: remove snap config values when snap is removed
- snapstate: introduce helper to apply to disk a alias states change
for a snap (aliases v2)
- configstate,hookstate: timeout the configure hook after 5 mins,
report failures to the errtracker
- interfaces/seccomp: add bind as part of the default seccomp policy
for hooks
- cmd: discard the C implementation of snap-update-ns
- tests: remove stale apt proxy leftover from cloud-init
- tests: move unity test to nightly suite
- interfaces: add support for location-observe for
dbus::ObjectManager session paths
- boot: log error in KernelOrOsRebootRequired
- interfaces: remove old API
- interfaces: use udev spec
- interfaces: convert systemd backend to new APIs
- osutil: add BootID
- tests: move docker test to new nightly suite
- interfaces/mount: compute mount changes required to transition
mount profiles
- data/selinux: add context definition for snapctl
- overlord: clean up organization under state packages
- overlord: make sure all managers packages have *state.go with the
main state manipulation/query APIs
- interfaces: use spec in the dbus backend
- store: download from authenticated URL if there is a device
session set
- tests: remove core_name variable
- interfaces: rename thumbnailer to thumbnailer-service
- interfaces: add chroot to base templates
- asserts: remove some unused things
- systemd: mount the squashfs with nodev
- overlord: when shutting down assume errors might be due to
cancellation so retry
- cmd: rename all unit tests to $command/unit-test
- cmd/snap: fix help string for version command
- asserts: don't allow revocations with other items for the same
developer
- tests: skip lp-1644439 test on older kernels
- interfaces: allow "sync" to be used by core support
- assertstate,snapstate: have assertstate.AutoAliases use the
"aliases" header
- interfaces: allow writing config.txt.tmp in the core-support
interface
- tests: adjust network-bind test
- interfaces: dbus backend spec
- asserts: introduce a snap-declaration "aliases" header to list
auto aliases with explicit targets
- cmd: enable large file support
- cmd/snap: handle missing snap-confine
- cmd/snap-confine: re-associate with pid-1 mount namespace if
required
- cmd/libsnap: make mountinfo structures public
- tests: fix interfaces-cups-control for zesty
- misc: revert "Log if the system goes into ForceDevMode"
- interfaces: seccomp tests cleanup
- cmd: validate SNAP_NAME
- interfaces: log if the system goes into ForceDevMode
- tests: fix classic-ubuntu-core-transition race
- interfaces: use apparmor spec in the apparmor backend
- interfaces: alphabetize framebuffer in base decl and add it to
all_test.go
- tests: add ubuntu-core-16-32 system to the external backend and
fix docker test
- cmd/libsnap: simplify sc_string_quote default case
- osutil: fix double expand in environment map code and add test
- interfaces: extend location-control out-of-process provider
support
- cmd/snap-update-ns: use bidirectional lists for mount entries
- tests: prevent automatic transition before setting the initial
state of the test
- release: detect if we are in ForcedDevMode by inspecting the
kernel
- tests: add core-snap-refresh test
- interfaces: add maliit input method interface
- interfaces: seccomp spec API tweaks for better tests
- interfaces: updates for mir-kiosk in browser-support, mir, opengl,
unity7
- testutils: address review feedback from PR#2997
- tests: specify the core version to be unsquashfs'ed in the
failover tests
- interfaces: use MockInfo in tests
- cmd/libsnap: add sc_quote_string
- cmd/snap-confine: use sc_do_umount everywhere
- interfaces: add unity8 plug permissions
- timeutil: a few helpers for the recurring events
- asserts: implement snap-developer type
- partition: deal with grub{,2}-editenv in tests
- many: add new (hidden) `snap debug ensure-state-soon` command and
use in tests
- interfaces/builtin: small refactor of dbus tests
- packaging, tests: use "systemctl list-unit-files --full"
everywhere
- many: some opensuse patches that are ready to go into master
- packaging: add opensuse permissions files
- client, daemon: move "snap list" name filtering into snapd.
- interfaces: use seccomp specs
- overlord/snapstate: small cleanup of
ensureForceDevmodeDropsDevmodeFromState
- interfaces/builtin/alsa: add read access to alsa state dir
- interfaces: use spec in kmod backend, updated firewall_control,
openvswitch_support, ppp
- cmd/snap-confine: use sc_do_mount everywhere
- tests: remove workaround for docker again, snap-declaration is
fixed now
- interfaces: interface to allow autopilot introspection
* New upstream release, LP: #1673568
- cmd: use the most appropriate snap/snapctl sockets
- tests: fix interfaces-cups-control for zesty
- configstate,hookstate: timeout the configure hook after 5 mins,
report failures
- packaging: rename the file shipping snap-confine AA profile to
workaround dpkg bug #858004
- many: ignore configure hook failures on core refresh to ensure
upgrades are always possible
- snapstate: restart as needed if we undid unlinking aka relinked
core or kernel snap
* New upstream release, LP: #1673568
- allow "sync" in core-support
* New upstream release, LP: #1673568
- fix core-support interface for the new pi-config options
* FTBFS due to missing files in vendor/
* New upstream release, LP: #1673568
- cmd/snap: handle missing snap-confine (#3041)
* New upstream release, LP: #1665608
- packaging, tests: use "systemctl list-unit-files --full"
everywhere
- interfaces: fix default content attribute value
- tests: do not nuke the entire snapd.conf.d dir when changing
store settings
- hookstate: run the right "snap" command in the hookmanager
- snapstate: revert PR#2958, run configure hook again everywhere
* New upstream release, LP: #1665608
- overlord: phase 2 with 2nd setup-profiles and hook done after
restart for core installation
- data: re-add snapd.refresh.{timer,service} with weekly schedule
- interfaces: allow 'getent' by default with some missing dbs to
various interfaces
- overlord/snapstate: drop forced devmode
- snapstate: disable running the configure hook on classic for the
core snap
- ifacestate: re-generate apparmor in InterfaceManager.initialize()
- daemon: DevModeDistro does not imply snapstate.Flags{DevMode:true}
- interfaces/bluez,network-manager: implement ConnectedSlot policy
- cmd: add helpers for mounting / unmounting
- snapstate: error in LinkSnap() if revision is unset
- release: add linuxmint 18 to the non-devmode distros
- cmd: fixes to run correctly on opensuse
- interfaces: consistently use 'const' instead of 'var' for security
policy
- interfaces: miscellaneous policy updates for unity7, udisks2 and
browser-support
- interfaces/apparmor: compensate for kernel behavior change
- many: only tweak core config if hook exists
- overlord/hookstate: don't report a run hook output error without
any context
- cmd/snap-update-ns: move test data and helpers to new module
- vet: fix vet error on mount test.
- tests: empty init (systemd) failover test
- cmd: add .indent.pro file to the tree
- interfaces: specs for apparmor, seccomp, udev
- wrappers/services: RemainAfterExit=yes for oneshot daemons w/ stop
cmds
- tests: several improvements to the nested suite
- tests: do not use core for "All snaps up to date" check
- cmd/snap-update-ns: add function for sorting mount entries
- httputil: copy some headers over redirects
- data/selinux: merge SELinux policy module
- kmod: added Specification for kmod security backend
- tests: failover test for rc.local crash
- debian/tests: map snapd deb pockets to core snap channels for
autopkgtest
- many: switch channels on refresh if needed
- interfaces/builtin: add /boot/uboot/config.txt access to core-
support
- release: assume higher version of supported distros will still
work
- cmd/snap-update-ns: add compare function for mount entries
- tests: enable docker test
- tests: bail out if core snap is not installed
- interfaces: use mount.Entry instead of string snippets.
- osutil: trivial tweaks to build ID support
- many: display kernel version in 'snap version'
- osutil: add package for reading Build-ID
- snap: error when `snap list foo` is run and no snap is installed
- cmd/snap-confine: don't crash if nvidia module is loaded but
drivers are not available
- tests: update listing test for latest core snap version update
- overlord/hookstate/ctlcmd: helper function for creating a deep
copy of interface attributes
- interfaces: add a linux framebuffer interface
- cmd/snap, store: change error messages to reflect latest UX doc
- interfaces: initial unity8 interface
- asserts: improved information about assertions format in the
Decode doc comment
- snapstate: ensure snapstate.CanAutoRefresh is nil in tests
- mkversion.sh: Add support for taking the version as a parameter
- interfaces: add an interface for use by thumbnailer
- cmd/snap-confine: ensure that hostfs is root owned.
- screen-inhibit-control: add methods for delaying screensavers
- overlord: optional device registration and gadget support on
classic
- overlord: make seeding work also on classic, optionally
- image,cmd/snap: refactoring and initial envvar support to use
stores needing auth
- tests: add libvirt interface spread test
- cmd/libsnap: add helper for dropping permissions
- interfaces: misc updates for network-control, firewall-control,
unity7 and default policy
- interfaces: allow recv* and send* by default, accept4 with accept
and other cleanups
- interfaces/builtin: add classic-support interface
- store: use xdelta3 from core if available and not on the regular
system
- snap: add contact: line in `snap info`
- interfaces/builtin: add network-setup-control which allows rw
access to netplan
- unity7: support missing signals and methods for status icons
- cmd: autoconf for RHEL
- cmd/snap-confine: look for PROCFS_SUPER_MAGIC
- dirs: use the right snap mount dir for the distribution
- many: differentiate between "distro" and "core" libexecdir
- cmd: don't reexec on RHEL family
- config: make helpers reusable
- snap-exec: support nested environment variables in environment
- release: add galliumos support
- interfaces/builtin: more path options for serial
- i18n: look into core snaps when checking for translations
- tests: nested image testing
- tests: add basic test for docker
- hookstate,ifacestate: support snapctl set/get slot and plug attrs
(step 3)
- cmd/snap: add shell completion to connect
- cmd: add functions to load/save fstab-like files
- snap run: create "current" symlink in user data dir
- cmd: autoconf for centos
- tests: add more debug if ubuntu-core-upgrade fails
- tests: increase service retries
- packaging/ubuntu-14.04: inform user how to extend PATH with
/snap/bin.
- cmd: add helpers for working with mount/umount commands
- overlord/snapstate: prepare for using snap-update-ns
- cmd: use per-snap mount profile to populate the mount namespace
- overlord/ifacestate: setup seccomp security on startup
- interface/seccomp: sort combined snippets
- release: don't force devmode on LinuxMint "serena"
- tests: filter ubuntu-core systems for authenticated find-private
test
- interfaces/builtin/core-support: Allow modifying logind
configuration from the core snap
- tests: fix "snap managed" output check and suppress output from
expect in the authenticated login tests
- interfaces: shutdown: also allow shutdown/reboot/suspend via
logind
- cmd/snap-confine-tests: reformat test to pass shellcheck
- cmd: add sc_is_debug_enabled
- interfaces/mount: add dedicated mount entry type
- interfaces/core-support: allow modifying systemd-timesyncd and
sysctl configuration
- snap: improve message after `snap refresh pkg1 pkg2`
- tests: improve snap-env test
- interfaces/io-ports-control: use /dev/port, not /dev/ports
- interfaces/mount-observe: add quotactl with arg filtering (LP:
#1626359)
- interfaces/mount: generate per-snap mount profile
- tests: add spread test for delta downloads
- daemon: show "$snapname (delta)" in progress when downloading
deltas
- cmd: use safer functions in sc_mount_opt2str
- asserts: introduce a variant of model assertions for classic
systems
- interfaces/core-support: allow modifying snap rsyslog
configuration
- interfaces: remove some syscalls already in the default policy
plus comment cleanups
- interfaces: miscellaneous updates for hardware-observe, kernel-
module-control, unity7 and default
- snap-confine: add the key for which hsearch_r fails
- snap: improve the error message for `snap try`
- tests: fix pattern and use MATCH in find-private
- tests: stop tying setting up staging store access to the setup of
the state tarball
- tests: add regression spread test for #1660941
- interfaces/default: don't allow TIOCSTI ioctl
- interfaces: allow nice/setpriority to 0-19 values for calling
process by default
- tests: improve debug when the core transition test hangs
- tests: disable ubuntu-core->core transition on ppc64el (its just
too slow)
- snapstate: move refresh from a systemd timer to the internal
snapstate Ensure()
- tests/lib/fakestore/refresh: some more info when we fail to copy
asserts
- overlord/devicestate: backoff between retries if the server seems
to have refused the serial-request
- image: check kernel/gadget publisher vs model brand, warn on store
disconnected snaps
- vendor: move gettext.go back to github.com/ojii/gettext.go
- store: retry on 502 http response as well
- tests: increase snap-service kill-timeout
- store,osutil: use new osutil.ExecutableExists(exe) check to only
use deltas if xdelta3 is present
- cmd: fix autogen.sh on fedora
- overlord/devicemgr: fix test: setup account-key before using the
key for signing
- cmd: add /usr/local/* to PATH
- cmd: add sc_string_append
- asserts: support for correctly suggesting format 2 for snap-
declaration
- interfaces: port mount backend to new APIs, unify content of per
app/hook profiles
- overlord/devicestate: implement policy about gadget and kernel
matching the model
- interfaces: allow sched_setscheduler again by default
- debian: update breaks/replaces for snap-confine->snapd
- debian: move the snap-confine packaging into snapd
- 14.04/integrationtests: rely on upstart to restart ssh.
- store: enable download deltas on classic by default
- spread: add unit suite
- snapctl: add config in client to disable auth and use it in
snapctl
- overlord/ifacestate: register all security backends with the
repository
- overlord,tests: have enable/disable affect security profiles
- tests: install ubuntu-core from the same channel as core
- overlord: move configstate.Transaction into config package
- seccomp-support.c: add PF_* domains which can be used instead of
AF_*
- store: always log retry summary when SNAPD_DEBUG is set
- tests: parameterize kernel snap channel
- snapenv: do not append ":" to the SNAP_LIBRARY_PATH
- interfaces/builtin: refine the content interface rules using $SLOT
- asserts,interfaces/policy: add support for
$SLOT()/$PLUG()/$MISSING in *-attributes constraintsThis adds
support for $SLOT(arg), $PLUG(arg) and $MISSING attribute
constraints in plugs and slots rules in snap-declarations:
- cmd/snap-confine: add snap-confine command line parser module
- tests: remove (some) garbage files found by restore cleanup
analysis
- cmd: fix issues uncovered by valgrind
- tests: fix typo in systems name
- cmd: collect string utilities in one module, add missing tests
- cmd: rename mountinfo to sc_mountinfo
- tests: allow to install snapd debs from a ppa instead of building
them
- spread: remove state tar on project restore
* New upstream release:
- errtracker,overlord/snapstate: more info in errtracker reports
- interfaces/apparmor: compensate for kernel behavior change
* New upstream release, LP: #1667105
- overlord/ifacestate: don't fail if affected snap is gone
- revert #2910: osutil: add package for reading Build-ID (#2918)
- errtracker: include the build-id of host and core snapd (#2912)
- errtracker: include the number of ubuntu-core -> core retries
(#2915)
- snapstate: retry ubuntu-core -> core transition every 6h (#2914)
- osutil: add package for reading Build-ID (#2910)
- errtracker: include kernel version in error reports (#2905)
- release: return "unknown" if uname fails
- many: rebased uname branch for 2.22
- errtracker: include snapd version in err reports
- overlord/ifacestate: don't unconditionally retry stuff (#2906)
- snapstate: fix incorrect cut of the timestamps for the error
reports (#2908)
- tests: update listing test for latest core snap version update
* Fix FTBFS due to machine-id file
* New bugfix release:
- errtracker: add support for error reporting via daisy.ubuntu.com
- snapstate: allow for 6 retries for the core transition
- httputils: ensure User-Agent works across redirects
* New bugfix release, LP: #1665729:
- Limit the number of retries for the ubuntu-core -> core
transition to fix possible store overload.
* New upstream release, LP: #1659522
- cherry pick fix for sched_setscheduler regression
(LP: #1661265)
* New upstream release, LP: #1659522
- cherry pick fix for snapctl auth.json handling
* New upstream release, LP: #1659522
- many: make ubuntu-core-launcher mostly go
- interfaces/builtin: add account-control interface
- interfaces/builtin: add missing syscalls to core-support needed
for systemctl
- interfaces/builtin: rework core-support to only allow full access
to systemctl
- debian/tests: drop stale autopkgtest dependencies.
- tests: make the debugging of c-unit-tests more useful
- store: retry auth-related requests
- tests: integration test for system reload
- snap: be more helpful in the `snap install <already-installed>`
error message
- tests: set SNAPPY_USE_STAGING_STORE in su call
- tests: use test snap
- spread: set SNAPD_DEBUG=1 in the core snap as well
- tests: add extra debugging to security-setuid-root test
- cmd,snap,wrappers: systemd reload command support
- interfaces: builtin: mir: Allow recv and send
- overlord/ifacestate: use ParseConnRef
- overlord/snapstate,overlord/ifacestate: add automatic ubuntu-core
-> core transition
- debian: remove aliases as well in snapd.postrm
- many: change interfaces.ParseID to return value
- interfaces/opengl: allow access to the nvidia abstract socket
- overlord, daemon: flag failures feature fancy forms.
- many: add --classic support to try and revert, and make missing
these things a little harder
- interfaces: allow reading non-PCI-attached usb devices via raw-usb
- many: rename snap-alter-ns to snap-update-ns
- interfaces/builtin: add core-support
- store: increase the retry.LimitTime()
- debian: move the packaging out into package/$id-$version_id
- overlord/stapstate: don't use unkeyed fields
- many: add stub implementation of snap-alter-ns
- asserts: improve error message when key is not valid at the given
time
- snapstate, ifacestate: add snapstate.CheckChangeConflict() to
ifacestate.{Connect,Disconnect}
- debian: remove trusty specific bits
- docs: Add a note about building snapd.
- interfaces: miscellaneous updates for default and network-control
- daemon: bubble out store.ErrSnapNotFound in the findOne codepath
- store: add retry logging into download as well
- snap: show price in `snap info`
- cmd: add fault injection support code
- interfaces: network-manager: allow rw access to /etc/netplan
- debian: move systemd files out of ./debian and into ./data/systemd
- asserts: implement SuggestFormat to help avoid specifying the
wrong format iteration for an assertion
- many: detect potentially insecure use of snap-confine
- interfaces: allow querying added security backends
- cmd: ensure that all .c files have a -test.c file
- asserts: don't use 'context' for the path of attributes, want to
reuse the concept for something else
- interfaces: abbreviate ConnRef construction
- tests: ensure systemd override directory is available before using
it
- cmd: more build system cleanups and a small fix
- tests: increase retries for service up
- cmd: move seccomp cleanup function to seccomp-support
- many: auto-connect plugs and slots symmetrically
- overlord: use a ticker for the pruning
- interfaces/builtin: add uhid interface
- cmd/snap-confine: add shutdown helper
- tests: fix path used when debugging
- cmd: switch to non-recursive make
- overlord/ifacestate: setup security of snaps affected by auto-
connection
- spread: refresh apt cache before first install
- overlord: allow max 500 changes in "ready" state to avoid growing
changes for 24h
- snap: add {Plug,Slot}Info.SecurityTags
- cmd: move snap-discard-ns to dedicated directory
- tests: skip i18n test when no "snappy.mo" file is available
- interfaces,overlord/ifacestate: small refactor around reference
methods
- tests: remove the snapd dirs last (should fix random test errors)
- interfaces: mm: permissions for protocol proxies
- interfaces/builtin: add evolution interfaces
- many: extract the logging http client and user-agent handling for
use in devicestate
- interfaces: unity8-download-manager is the chosen name for this
interface.
- tests: add "quiet" wrapper function that only prints output on
failure
- tests: fix failing snapd-reexec test
- docs: simplify HACKING.md that snapd itself supports setting up
the sockets
- overlord: flag required-snaps from model as required and prevent
removing them
- spread: exclude .o and .a files
- tests: parameterize remote store
- cmd: fix hardcoded paths to rst2man and support rst2man.py
- tests: improve debug output when reexec is used
- tests: disable ipv6 before unpacking delta
- interfaces: add new interface API
- tests: change TRUST_TEST_KEYS to be controlled from the host
- spread: add boilerplate for Linode delta uploads
- wrappers: add support for the X-Ayatana-Desktop-Shortcuts=
extension
- partition: add support for native grubenv read/write and use it
- tests: add test ensuring manual pages are shipped
* New upstream release, LP: #1656382
- daemon: re-enable reexec
- interfaces: allow reading installed files from previous revisions
by default
- daemon: make activation optional
- tests: run all snap-confine tests in c-unit-tests task
- many: fix abbreviated forms of disconnect
- tests: switch more tests to MATCH
- store: export userAgent. daemon: print store.UserAgent() on
startup.
- tests: test classic confinement `snap list` and `snap info`
output
- debian: skip snap-confine unit tests on nocheck
- overlord/snapstate: share code between Update and UpdateMany, so
that it deals with auto-aliases correctly
- interfaces: upower-observe: refactor to allow snaps to provide a
slot
- tests: add end-to-end store test for classic confinement
- overlord,overlord/snapstate: have UpdateMany retire/enable auto-
aliases even without new revision
- interfaces/browser-support: add @{PROC}/@{pid}/fd/[0-9] w and misc
/run/udev
- interfaces/builtin: add physical-memory-* and io-ports-control
- interfaces: allow getsockopt by default since it is so commonly
used
- cmd/snap, daemon, overlord/snapstate: tests and fixes for "snap
refresh" of a classic snap
- interfaces: allow read/write access of real-time clock with time-
control interface
- store: request no CDN via a header using SNAPPY_STORE_NO_CDN
envvar
- snap: add information about tracking channel (not just actual
channel)
- interfaces: use fewer dot imports
- overlord/snapstate: remove restrictions on ResetAliases
- overlord, store: move confinement filtering to the overlord (from
The Store)
- many: move interface test helpers to ifacetest package
- many: implement 'snap aliases'
- vet: fix for unkeyed fields error on aliases_test.go
- interfaces: miscellaneous policy updates for network-control,
unity7, pulseaudio, default and home
- tests: test for auto-aliases
- interface hooks: connect plug slot hooks (step 2)
- cmd/snap: fix internal naming in snap connect
- snap: use "size" as the json tag in snap.ChannelSnapInfo
- tests: restore the missing initialization of iface manager causing
race
- snap: fix missing sizes in `snap info <remote-snap>`
- tests: improve cleanup for c-unit-tests
- cmd/snap-confine: build non-installed libsnap-confine-private.a
- cmd/snap-confine: small tweaks to seccomp support code
- interfaces/docker-support: allow /run/shm/aufs.xeno for 14.04
- many: obtain installed snaps developer/publisher username through
assertions
- store: setting of fields for details endpoint
- cmd/snap-confine: check for rst2man on configure
- snap: show `snap --help` output when just running `snap`
- interface/builtin: drop the obsolete checks in udisks2
SanitizeSlot
- cmd/snap: remove currency switch following UX review
- spread: find top-level directory before running generate-
packaging-dir
- interface hooks: prepare plug slot hooks (step 1)
- i18n: use github.com/mvo5/gettext.go (pure go) for i18n to avoid
cgo
- many: put a marker in the User-Agent sent by snapd/snap when under
testingThe User-Agent will look like:
- tests: fix -reuse and -resend when govendor is missing
- snap: provide friendlier `snap find` message when no snaps are
found
- tests: fix mkversions.sh failure on zesty
- spread: install build-essential unconditionally
- spread: improve qemu ubuntu-14.04-{32,64} support
- overlord/snapstate,daemon: implement GET /v2/aliases handling
- store: retry user info request
- tests: port more snap-confine regression tests
- tests: cancel the scheduled reboot on ubuntu-core-upgrade-no-gc
and restore state
- tests: debug zesty autopkgtest failures
- overlord/snapstate: use keyed fields on literals
- tests: use MATCH in install-remove-multi
- tests: increase wait time for service to be up
- tests: make debug-each succeed if DENIED doesn't match
- tests: skip packaging dir generation for non-git based autopkgtest
runs
- tests: port refresh-all-undo to MATCH
- tests: improve snap connect test
- tests: port additional snap-confine regression tests
- tests: show --version when it matches unknown
- tests: optionally use apt proxy for qemu
- tests: add hello-classic test
- many: behave more consistently when pointed to staging and
possibly the fake store
- overlord/ifacestate: remove stale comments
- interfaces/apparmor: ignore snippets in classic confinement
- tests: port first regression test from snap-confine
- cmd/snap-confine: disable old tests
* New upstream release, LP: #1648520
- tests: enable the ppc64el tests again
- tests: add classic confinement test
- tests: run snap confine tests in debian/rules already
* New upstream release, LP: #1648520
- many: implement "snap alias --reset" using snapstate.ResetAliases
- debian: use a packaging branch for 14.04
- store: retry downloads on io.Copy errors and sha3 checksum errors
- snap: show apps in `snap info`
- store: send an explicit X-Ubuntu-Classic header to the store
- overlord/snapstate: implement snapstate.ResetAliases
- interfaces/builtin: add dbus interface
- tests: fix tests on 17.04
- store: use mocked retry strategy to make store tests faster
- overlord: apply auto-aliases information from the snap-declaration
on install or refresh
- many: prepare landing on trusty
- many: implement snap unalias using snapstate.Unalias
- overlord/snapstate: fixing the placement/grouping of some
functions
- interfaces: support network namespaces via 'ip netns' in network-
control
- interfaces/builtin: fix pulseaudio apparmor rules
- interfaces/builtin: add iio interface
- tests: update custom core snap with the freshly build snap-confine
- interfaces: use sysd.{Disable,Stop} instead of sysd.DisableNow()
- overlord,overlord/snapstate: implement snapstate.Unalias by
generalizing the "alias" task
- interfaces: misc openstack snap enablement
- cmd/snap: mock terminal.ReadPassword instead of using /dev/ptmx
- notifications, daemon: kill the unsupported events endpoint
- client: only allow Dangerous option in InstallPath
- overlord/ifacestate: no interface checks if no snap id
- many: implement alias command
- snap: tweak snap install output as designed by Mark
- debian: fix Pre-Depends on dpkg
- tests: check if snap-confine --version is unknown
- cmd/snap-confine: allow content interface mounts
- tests: remove ppa:snappy-dev/image again
- interfaces/apparmor: allow access to core snap
- tests: remove snap-confine/ubuntu-core-launcher after the tests
- overlord,overlord/snapstate: implement snapstate.Alias
- cmd/snap: reject "snap disconnect foo"
- debian: add split ubuntu-core-launcher and snap-confine packages
- cmd: fix mkversion.sh and add regression test
- overlord/snapstate: setup/remove aliases as we link/unlink snaps
- cmd/snap,tests: alias support in snap run
- snap/snapenv: don't obscure HOME if snap uses classic confinement
- store: decode response.Body json inside retry loops
- cmd/snap-confine: fix compilation on platforms with gcc < 4.9.0
- vendor: update tomb package fixing context support
* New upstream release, LP: #1648520
- cmd/snap-confine: disable support for XDG_RUNTIME_DIR
- cmd/snap-confine/tests: fix stale path after move to snapd
- cmd/snap-confine: don't use __attribute__((nonull))
- snap: add description to `snap info`
- snap: show last refresh time
- store: switch default delta format from xdelta to xdelta3
- interfaces: fix system-observe interface to work with ps_mem
- debian: add missing ca-certificates dependency
- cmd/snap-confine: add support for classic confinement
- snapstate/backend: add backend methods to manage aliases
- tests: re-enable snap-confine unit tests via spread
- many: merge snap-confine into snapd
- many: add support for classic confinement
- snap: abort install with ctrl+c
- cmd/snap: change terms accept URL following UX review
- interfaces/apparmor: use distinct apparmor template for classic
- snap: add snap size to `snap info`
- interfaces: add unconfined access to modem-manager
- snap: support for parsing and exposing on snap.Info aliases
- debian: disable autopkgtests on ppc64el
- snap: disable support for socket activation
- tests: fix incorrect restore of the current symlink
- asserts: introduce auto-aliases header in snap-declaration
- interfaces/seccomp: add support for classic confinement
- tests: do not use external snaps
- daemon: close the dup()ed file descriptor to not leak it
- overlord, daemon, progress: enable building snapd without CGO
- daemon, store: let snap info find things in any channel
- store: retry tweaks and logging
- snap: Improve `snap --help` output as designed by Mark
- interfaces/builtin: fix incorrect udev rule in i2c
- overlord: increase test timeout and improve failure message
- snap: remove unused experimental command
- debian: remove unneeded conflict against the "snappy" package
- daemon, strutil: move daemon.quotedNames to strutil.Quoted
- docs: document SNAP_DEBUG_HTTP in HACKING.md
- cmd/snap: have some completers
- snap: support "daemon: notify" in snap.yaml
- snap: fix try command when daemon linie is added
- interfaces: apparmor support for classic confinement
- debian/rules: build with -buildoptions=pie
- tests: include /boot in saved state (including bootenv and any
kernels)
- daemon: ensure `snap try` installs core if it's missing
- tests: save/restore /snap/core/current symlink
- tests: decrease the number of expected featured apps
- tests: add set -e to the prepare ssh script
- cmd/snap: add tests for section completion; fix bugs.
- cmd/snap: document 'snap list --all'
* New upstream release, LP: #1644625
- daemon: fix crash when `snap refresh` contains a single update
- fix unhandled error from io.Copy() in download()
- interfaces/builtin: fix incorrect udev rule in i2c
* New upstream release, LP: #1644625
- store: retry on io.EOF
- tests: skip pty tests on ppc64el and powerpc
- client, cmd/snap: introducing "snap info"
- snap: do exit 0 on install/remove if that snap is already
installed or already removed
- snap: add `snap watch <change-id>` to attach to a running change
- store: retry downloads using retry loop
- snap: try doesn't require snap-dir when run in snap's directory
- daemon: show what will change in the "refresh-all" changes
- tests: disable autorefresh for the external backend
- snap: add `snap list -a` to show all snaps (even inactive ones)
- many: unify boolean env var handling
- overlord/ifacestate: don't setup jailmode snaps with devmode
confinement
- snapstate: do not garbage collect the snaps used by the bootenv
- debian: drop hard xdelta dependency for now
- snap: make `snap login` ask for email if not given as argument
- osutil: fix build on armhf (arm in go-arch) and powerpc (ppc in
go-arch)
- many: rename DevmodeConfinement to DevModeConfinement
- store: resp.Body.Close() missing in ReadyToBuy
- many: use ConfinementOptions instead of ConfinementType
- snap, daemon, store: fake the channel map in the REST API
- misc: run github.com/gordonklaus/ineffassign as part of the static
checks
- docs: add goreportcard badge and remove coveralls badge
- tests: force gofmt -s in static checks
- many: run gofmt -s -w on all the code
- store: DRY actual retry code
- many: fix various errors uncovered by goreportcard.com
- interfaces/builtin: allow additional shared memory for webkit
- many: some more missing snapState->snapst
- asserts: introduce an optional freeform display-name for model
- interfaces/builtin: rename usb-raw to raw-usb
- progress: init pbar with correct total value
- daemon/api.go: add quotedNames() helper
- interfaces: add ConfinementOptions type
- tests: add a test about the extra bits that prepare-device can
specify for device registration
- tests: check that gpio device nodes are exported after reboot
- tests: parameterize core channel with env var for classic too
- many: rename variable "ss" to "snapsup" or "snapst" or "st"
(depending on context)
- tests: do not use external snaps in spread
- store: retry buy request
- store: retry store.Find
- store: retry assertion store call
- store: retry call for snap details
- many: use snap.ConfinementType rather than bool devmode
- daemon: if a bad snap is posted it is not an internal error but a
bad request
- client: add "Snap.Screenshots" to the client API
- interfaces: update base declaration documentation and policy for
on-classic and snap-type
- store: check payment method before TOS for a better UX
- interfaces: allow sched_setaffinity in process-control
- tests: parameterize core channel with env var
- tests: ensure that the XDG_ env contains at least XDG_RUNTIME_DIR
- interfaces: fcitx also listens on the session bus for Qt apps
- store: retry ListRefresh
- snap: use "Password of <email>:" in the `snap login`
- many: reshuffle how we load/inject tests keys so image doesn't
need assertstate anymore
- store: use range requests if we have a local file already
- dirs,interfaces,overlord,snap,snapenv,test: export per-snap
XDG_RUNTIME_DIR per user
- osutil: make RealUser only look at SUDO_USER when uid==0
- tests: do not use the ppa:snappy-dev/image in the tests
- store: retry readyToBuy request
- tests: increase `expect` timeouts
- static tests: add spell check
- tests: add debug to all flaky expect tests
- systemd: correct the mount arguments when mounting with squashfuse
- interfaces: add avahi-observe
- store: bring delta downloads back
- interfaces: add alsa
- interfaces/builtin: fix a broken test that snuck into master
- osutil: add chattr funcs
- image: init "snap_mode" on image creation time to avoid ugly
messages
- tests: test-snapd-fuse-consumer needs python-fuse as a build-
package
- interfaces/builtin: add i2c interface
- interfaces: add ofono interface
- tests: do not use hello-world in our tests
- snap: add support for classic confinement
- interfaces: remove LegacyAutoConnect() from the interfaces
- interfaces: miscellaneous policy updates
- tests: run autopkgtests in the autopkgtest.ubuntu.com
infrastructure
- Implement lxd-client interface exposing the lxd snap
- asserts: validate optional account username
- many: remove unnecessary snap name parameter from buying endpoint
- tests: do not hardcode the size of /dev/ram0
- tests: add test that ensures the right content for /etc/os-release
- spread tests: fix snap mode check
- docs: fix path for source files location in HACKING.md
- interfaces/builtin/mir: allow slot to make recvfrom syscalls
- store: sections/featured snaps store support
* New upstream release, LP: #1637215:
- release: os-release on core has changed
- tests: /dev/ptmx does not work on powerpc, skip here
- docs: moved to github.com/snapcore/snapd/wiki (#2258)
- debian: golang is not installable on powerpc, use golang-any
* New upstream release, LP: #1637215:
- overlord/ifacestate: add unit tests for undo of setup-snap-
security (#2243)
- daemon,overlord,snap,tests: download to .partial in final dir
(#2237)
- overlord/state: marshaling tests for lanes (#2245)
- overlord/state: introduce state lanes (#2241)
- overlord/snapstate: fix revert+refresh (#2224)
- interfaces/sytemd: enable/disable generated service units (#2229)
- many: fix incorrect security files generation on undo
- overlord/snapstate: add dynamic snapdX.Y assumes (#2227)
- interfaces: network-manager: give slot full read-write access to
/run/NetworkManager
- docs: update the name of the command for the cross-build
- overlord/snapstate: fix missing argument to Noticef
- snapstate: ensure gadget/core/kernel can not be disabled (#2218)
- asserts: limit to 1y only if len(models) == 0 (#2219)
- debian: only install share/locale if available (missing on
powerpc)
- overlrod/snapstate: fix revert followed by refresh to old-current
(#2214)
- interfaces/builtin: network-manager and bluez can change hostname
(#2204)
- snap: switch the auto-import dir to /run/snapd/auto-import
- docs: less details about cloud.cfg as requested in trello (#2206)
- spread.yaml: Ensure ubuntu user has passwordless sudo for
autopkgtests (#2201)
- interfaces/builtin: add dcdbas-control interface
- boot: do not set boot to try mode if the revision is unchanged
- interfaces: add shutdown interface (#2162)
- interfaces: add system-power-control interface
- many: use the new systemd backend for configuring GPIOs
- overlord/ifacestate: setup security for slots before plugs
- snap: spool assertion candidates if snapd is not up yet
- store,daemon,overlord: download things to a partials dir
- asserts,daemon: implement system-user-authority header/concept
- interfaces/builtin: home base declaration rule using on-classic
for its policy
- interfaces/builtin: finish decl based checks
- asserts: bump snap-declaration to allow signing with new-style
plugs and slots
- overlord: checks for kernel installation/refresh based on model
assertion and previous kernel
- tests/lib/fakestore: fix logic to distinguish assertion not found
errors
- client: add a few explicit error types (around the request cycle)
- tests/lib/fakestore/cmd/fakestore: make it log, and fix a typo
- overlord/snapstate: two bugs for one
- snappy: disable auto-import of assertions on classic (#2122)
- overlord/snapstate: move trash cleanup to a cleanup handler
(#2173)
- daemon: make create-user --known fail on classic without --force-
managed (#2123)
- asserts,interfaces/policy: implement on-classic plug/slot
constraints
- overlord: check that the first installed gadget matches the model
assertion
- tests: use the snapd-control-consumer snap from the store
- cmd/snap: make snap run not talk to snapd for finding the revision
- snap/squashfs: try to hard link instead of copying. Also, switch
to osutil.CopyFile for cp invocation.
- store: send supported max-format when retrieving assertions
- snapstate, devicestate: do not remove seed
- boot,image,overlord,partition: read/write boot variables in single
operation
- tests: reenable ubuntu-core tests on qemu
- asserts,interfaces/policy: allow OR-ing of subrule constraints in
plug/slot rules
- many: move from flags as ints to flags as structs-of-bools (#2156)
- many: add supports for keeping and finding assertions with
different format iterations
- snap: stop using ubuntu-core-launcher, use snap-confine
- many: introduce an assertion format iteration concept, refuse to
add unsupported assertion
- interfaces: tweak wording and comment
- spread.yaml: dump apparmor denials on spread failure
- tests: unflake ubuntu-core-reboot (#2150)
- cmd/snap: tweak unknown command error message (#2139)
- client,daemon,cmd: add payment-declined error kind (#2107)
- cmd/snap: update remove command help (#2145)
- many: removed frameworks target and fixed service files (#2138)
- asserts,snap: validate attributes to a JSON-compatible type subset
(#2140)
- asserts: remove unused serial-proof type
- tests: skip auto-import tests on systems without test keys (#2142)
- overlord/devicestate: don't spam the debug log on classic (#2141)
- cmd/snap: simplify auto-import mountinfo parsing (#2135)
- tests: run ubuntu-core upgrades on isolated machine (#2137)
- overlord/devicestate: recover seeding from old external approach
(#2134)
- overlord: merge overlord/boot pkg into overlord/devicestate
(#2118)
- daemon: add postCreateUserSuite test suite (#2124)
- tests: abort tests if an update process is scheduled (#2119)
- snapstate: avoid reboots if nothing in the boot setup has changed
(#2117)
- cmd/snap: do not auto-import from loop or non-dev devices (#2121)
- tests: add spread test for `snap auto-import` (#2126)
- tests: add test for auto-mount assertion import (#2127)
- osutil: add missing unit tests for IsMounted (#2133)
- tests: check for failure creating user on managed ubuntu-core
systems (#2096)
- snap: ignore /dev/loop addings from udev (#2111)
- tests: remove snapd.boot-ok reference (#2109)
- tests: enable tests related to the home interface in all-snaps
(#2106)
- snapstate: only import defaults from gadget on install (#2105)
- many: move firstboot code into the snapd daemon (#2033)
- store: send correct JSON type of string for expected payment
amount (#2103)
- cmd/snap: rename is-managed to managed and tune (#2102)
- interfaces,overlord/ifacestate: initial cleaning up of no arg
AutoConnect related bits (#2090)
- client, cmd: prompt for password when buying (#2086)
- snapstate: fix hanging `snap remove` if snap is no longer mounted
- image: support gadget specific cloud.conf file (#2101)
- cmd/snap,ctlcmd: fix behavior of snap(ctl) get (#2093)
- store: local users download from the anonymous url (#2100)
- docs/hooks.md: fix typos (#2099)
- many: check installation of slots and plugs against declarations
- docs: fix missing "=" in the systemd-active docs
- store: do not set store auth for local users (#2092)
- interfaces,overlord/ifacestate: use declaration-based checking for
auto-connect (#2071)
- overlord, daemon, snap: support gadget config defaults (#2082)The
main semantic changes are:
- tests: fix snap-disconnect tests after core rename (#2088)
- client,daemon,overlord,cmd: add /v2/users and create-user on auto-
import (#2074)
- many: abbreviated forms of disconnect (#2066)
- asserts: require lowercase model until insensitive matching is
ready (#2076)
- cmd/snap: add version command, same as --version (#2075)
- all: use "core" by default but allow "ubuntu-core" still (#2070)
- overlord/devicestate, docs/hooks.md: nest prepare-device
configuration options
- daemon: fix login API to return local macaroons (#2078)
- daemon: do not hardcode UID in userLookup (#2080)
- client, cmd: connect fixes (#2026)
- many: preparations for switching most of autoconnect to use the
declarationsfor now:
- overlord/auth: update CheckMacaroon to verify local snapd
macaroons (#2069)
- cmd/snap: trivial auto-import and download tweaks (#2067)
- interfaces: add repo.ResolveConnect that handles name resolution
- interfaces/policy: introduce InstallCandidate and its checks
- interfaces/policy,overlord: check connection requests against the
declarations in ifacestate
- many: setup snapd macaroon for local users (#2051)Next step: do
snapd macaroons verification.
- interfaces/policy: implement snap-id/publisher-id checks
- many: change Connect to take ConnRef instead of strings (#2060)
- snap: auto mount block devices and import assertions (#2047)
- daemon: add `snap create-user --force-managed` support (#2041)
- docs: remove references to removed buying features (#2057)
- interfaces,docs: allow sharing SNAP{,_DATA,_COMMON} via content
iface (#2063)
- interfaces: add Plug/Slot/Connection reference helpers (#2056)
- client,daemon,cmd/snap: improve create-user APIs (#2054)
- many: introduce snap refresh --ignore-validation <snap> to
override refresh validation (#2052)
- daemon: add support for `snap create-user --known` (#2040)
- interfaces/policy: start of interface policy checking code based
on declarations (#2050)
- overlord/configstate: support nested configuration (#2039)
- asserts,interfaces/builtin,overlord/assertstate: introduce base-
declaration (#2037)
- interfaces: builtin: Allow writing DHCP lease files to
/run/NetworkManager/dhcp (#2049)
- many: remove all traces of the /v2/buy/methods endpoint (#2045)
- tests: add external spread backend (#1918)
- asserts: parse the slot rules in snap-declarations (#2035)
- interfaces: allow read of /etc/ld.so.preload by default for armhf
on series 16 (#2048)
- store: change purchase to order and store clean up first pass
(#2043)
- daemon, store: switch to new store APIs in snapd (#2036)
- many: add email to UserState (#2038)
- asserts: support parsing the plugs stanza i.e. plug rules in snap-
declarations (#2027)
- store: apply deltas if explicitly enabled (#2031)
- tests: fix create-key/snap-sign test isolation (#2032)
- snap/implicit: don't restrict the camera iface to classic (#2025)
- client, cmd: change buy command to match UX document (#2011)
- coreconfig: nuke it. Also, ignore po/snappy.pot. (#2030)
- store: download deltas if explicitly enabled (#2017)
- many: allow use of the system user assertion with create-user
(#1990)
- asserts,overlord,snap: add prepare-device hook for device
registration (#2005)
- debian: adjust packaging for trusty/deputy systemd (#2003)
- asserts: introduce AttributeConstraints (#2015)
- interface/builtin: access system bus on screen-inhibit-control
- tests: add firewall-control interface test (#2009)
- snapstate: pass errors from ListRefresh in updateInfo (#2018)
- README: add links to IRC, mailing list and social media (#2022)
- docs: add `configure` hook to hooks list (#2024)LP: #1596629
- cmd/snap,configstate: rename apply-config variables to configure.
(#2023)
- store: retry download on 500 (#2019)
- interfaces/builtin: support time and date settings via
'org.freedesktop.timedate1 (#1832)
* New upstream release, LP: #1628425
- overlord/state: prune old empty changes
- interfaces: ppp: load needed kernel module (#2007)
- interfaces/builtin: add missing rule to allow run-parts to
execute all resolvconf scripts
- many: rename apply-config hook to configure
- tests: use new spread `debug` feature
- many: finish `snap set` API.
- overlord: fix and simplify configstate.Transaction
- assertions: add system-user assertion
- snap: add `snap known --remote`
- tests: replace systemd-run with on-the-fly generation of units.
- overlord/boot: switch to using assertstate.Batch
- snap, daemon, store: pass through screenshots from store
- image: add meta/gadget.yaml infrastructure
- tests: add test benchmark script
- daemon: add the actual ssh keys that got added to the create-user
response
- daemon: add REST API behind `snap get`
- debian: re-add golang-github-gosexy-gettext-dev
- tests: added install_local function
- interfaces/builtin: fix resolvconf permissions for network-manager
interface
- tests: use apt as compatible with trusty
- many: discard preserved namespace after removing snap
- daemon, overlord, store: add ReadyToBuy API to snapd
- many: add support for installing/removing multiple snaps
- progress: use New64 and fix output newline
- interfaces/builtin: allow network-manager to access netplan conf
files
- tests: build once and install test snap from cache
- overlord/state: introduce cleanup support
- snap: move/clarify Info.Broken
- ctlcmd: add snapctl get.
- overlord,store: clean up serial-proof plumbing code
- interfaces/builtin: add network-setup-observe interface
- daemon,overlord/assertstate: support streams of assertions with
snap ack
- snapd: kmod backend
- tests: ensure HOME is also set correctly
- configstate,hookstate: add snapctl set
- tests: disable broken create-key test
- interfaces: adjust bluetooth-control to allow getsockopt (LP:
#1613572)
- tests: add a test for core about device initialization and device
registration and auth
- many: show snap name before the download progress bar
- interfaces/builtin: add rcvfrom for client connected plugs to mir
interface
- asserts: support for maps in assertions
- tests: increase timeout for key generation in create-key test
- many: validate refreshes against validation assertions by gating
snaps
- interfaces/apparmor: allow 'm' in default policy for snap-exec
- many: avoid snap.InfoFromSnapYaml in tests
- interfaces/builtin: allow /dev/net/tun with network-control
- tests: add spread test for snap create-key/snap sign
- tests: add missing quotes in security-device-cgroups/task.yaml
- interfaces: drop ErrUnknownSecurity
- store: add "ready to buy" method
- snap/snapenv, tests: use root's data dirs when running via sudo
- interfaces/builtin: add initial docker interface
- snap: remove extra newline after progress is done
- docs: fix formating of HACKING.md "Testing snapd"
- store : add requestOptions.ExtraHeaders so that individual
requests can customise headers.
- many: use unique plug/slot names in tests
- tests: add tests for the classic dimension
- many: add vendoring of dependencies by default
- tests: use in-tree snap{ctl,-exec} for all tests
- many: support snapctl -h
- tests: adjust regex after changes in stat output
- store,snap: initial support for delta downloads
- interfaces/builtin: add run/udev/data paths to mir interface
- snap: lessen annoyance of implicit interface tests
- tests: ensure http{,s}_proxy is defined inside the fake-store
- interfaces: allow xdg-open in unity7, unity7 cleanups
- daemon,store: move store login user logic to store
- tests: replace realpath with readlink -f for trusty support.
- tests: add https_proxy into environment as well
- interfaces/builtin: allow mmaping pulseaudio buffers
* New upstream release, LP: #1623579
- snap/snapenv, tests: use root's data dirs when running via sudo
(cherry pick PR: #1857)
- tests: add https_proxy into environment
(cherry pick PR: #1926)
- interfaces: allow xdg-open in unity7, unity7 cleanups
(cherry pick PR: #1946)
- tests: ensure http{,s}_proxy is defined inside the fake-store
(cherry pick PR: #1949)
* New upstream release, LP: #1623579
- asserts: define a bit less terse Ref.String
- interfaces: disable auto-connect in libvirt interface
- asserts: check that validation assertions are signed by the
publisher of the gating snap
* New upstream release, LP: #1623579
- image: ensure local snaps are put last in seed.yaml
- asserts: revert change that made the account-key's name mandatory.
- many: refresh all snap decls
- interfaces/apparmor: allow reading /etc/environment
* New upstream release, LP: #1623579
- tests: disable prepare-image-grub test in autopkgtest
- interfaces: allow special casing for auto-connect until we have
assertions
- docs: add a little documentation on hooks.
- hookstate,daemon: don't mock HookRunner, mock command.
- tests: add http_proxy to /etc/environment in the autopkgtest
environment
- backends: first bits of kernel-module security backend
- tests: ensure openssh-server is installed in autopkgtest
- tests: make ubuntu-core tests more robust
- many: mostly work to support ABA upgrades
- cmd/snap: do runtime linting of descriptions
- spread.yaml: don't assume LANG is set
- snap: fix SNAP* environment merging in `snap run`
- CONTRIBUTING.md: remove integration-tests, include spread
- store: don't discard error body from request device session call
- docs: add create-user documentation
- cmd/snap: match UX document for message when buying without login
- firstboot: do not overwrite any existing netplan config
- tests: add debug output to ubuntu-core-update-rollback-
stresstest:
- tests/lib/prepare.sh: test that classic does not setting bootvars
- snap: run all tests with gpg2
- asserts: basic support for validation assertion and refresh-
control
- interfaces: miscellaneous policy updates for default, browser-
support and camera
- snap: (re)add --force-dangerous compat option
- tests: ensure SUDO_{USER,GID} is unset in the spread tests
- many: clean out left over references to integration tests
- overlord/auth,store: fix raciness in updating device/user in state
through authcontext and other issuesbonus fixes:
- tests: fix spread tests on yakkety
- store: refactor auth/refresh tests
- asserts: use gpg --fixed-list-mode to be compatible with both gpg1
and gpg2
- cmd/snap: i18n option descriptions
- asserts: required account key name header
- tests: add yakkety test host
- packaging: make sure debhelper-generated snippet is invoked on
postrm
- snap,store: capture newest digest from the store, make it
DownloadInfo only
- tests: add upower-observe spread test
- Merge github.com:snapcore/snapd
- tests: fixes to actually run the spread tests inside autopkgtest
- cmd/snap: make "snap find" error nicer.
- tests: get the gadget name from snap list
- cmd/snap: tweak help of 'snap download'
- cmd/snap,image: teach snap download to download also assertions
- interfaces/builtin: tweak opengl interface
- interfaces: serial-port use udevUsbDeviceSnippet
- store: ensure the payment methods method handles auth failure
- overlord/snapstate: support revert flags
- many: add snap configuration to REST API
- tests: use ubuntu-image for the ubuntu-core-16 image creation
- cmd/snap: serialise empty keys list as [] rather than null
- cmd/snap,client: add snap set and snap get commands
- asserts: update trusted account-key asserts with names
- overlord/snapstate: misc fixes/tweaks/cleanups
- image: have prepare-image set devmode correctly
- overlord/boot: have firstboot support assertion files with
multiple assertions
- daemon: bail from enable and disable if revision given, and from
multi-op if unsupported optons given
- osutil: call sync after cp if
requested.overlord/snapstate/backend: switch to use osutil instead
of another buggy call to cp
- cmd/snap: generate account-key-request "since" header in UTC
- many: use symlinks instead of wrappers
- tests: remove silly [Service] entry from snapd.socket.d/local.conf
- store: switch device session to use device-session-request
assertion
- snap: ensure that plug and slot names are unique
- cmd/snap: fix test suite (no Exit(0) on tests!)
- interfaces: add interface for hidraw devices
- tests: use the real model assertion when creating the core test
image
- interfaces/builtin: add udisks2 and removable-media interfaces
- interface: network_manager: enable resolvconf
- interfaces/builtin: usb serial-port support via udev
- interfaces/udev: support noneSecurityTag keyed snippets
- snap: switch to the new agreed regexp for snap names
- tests: adjust test setup after ubuntu user removal
- many: start services only after the snap is fully ready (link-snap
was run)
- asserts: don't have Add/Check panic in the face of unsupported no-
authority assertions
- asserts: initial support to generate/sign snap-build assertions
- asserts: support checking account-key-request assertions
- overlord: introduce AuthContext.DeviceSessionRequest with support
in devicestate
- overlord/state: fix for reloaded task/change crashing on Set if
checkpointed w. no custom data yet
- snapd.refresh.service: require snap.socket and /snap/*/current.
- many: spell --force-dangerous as just --dangerous, devmode should
imply it
- overlord/devicestate: try to fetch/refresh the signing key of
serial (also in case is not there yet)
- image,overlord/boot,snap: metadata from asserts for image snaps
- many: automatically restart all-snap devices after os/kernel
updates
- interfaces: modem-manager: ignore camera
- firstboot: only configure en* and eth* interfaces by default
- interfaces: fix interface handling on no-app snaps
- snap: set user variables even if HOME is unset (like with systemd
services)
* New upstream release: LP: #1618095
- tests: use the spread tests with the adhoc interface inside
autopkgtest
- interfaces: add fwupd interface
- asserts,cmd/snap: add "name" header to account-key(-request)
- client,cmd/snap: display os-release data only on classic
- asserts/tool,cmd/snap: introduce hidden "snap sign"
- many: when installing snap file derive metadata from assertions
unless --force-dangerous
- osutil: tweak the createUserTests a bit and extract common code
- debian: umount --lazy before rm on snapd.postrm
- interfaces: updates to default policy, browser-support, and x11
- store: set initial device session
- interfaces: add upower-observe interface (LP: #1595813)
- tests: use beta u-d-f in test by default
- interfaces/builtin: allow writing on /dev/vhci in bluetooth-
control
- interfaces/builtin: allow /dev/vhci on bluetooth-control
- tests: port integration tests to spread
- snapstate: use umount --lazy when removing the mount units
- spread: enable halt-timeout, tweak image selection
- tests: fix firstboot-assertions to actually be runnable on classic
again
- asserts: introduce device-session-request
- interfaces: add screen-inhibit-control interface (LP: #1604880)
- firstboot: change location of netplan config
- overlord/devicestate: some cleanups and solving a couple todos
- daemon,overlord: add subcommand handling to snapctl
* New upstream release: LP: #1618095
- snap-exec: add support for commands with internal args in snap-
exec
- store: refresh expired device sessions
- debian: re-add ubuntu-core-snapd-units as a transitional package
- image: snap assertions into image
- overlord/assertstate,asserts/snapasserts: give snap assertions
helpers a package, introduce ReconstructSideInfo
- docs/interfaces: Add empty line after lxd-support title
- README: cover the new /run/snapd-snap.socket
- daemon: make socket split backward-compatible.
* New upstream release: LP: #1618095
- cmd: enable SNAP_REEXEC only if it is set to SNAP_REEXEC=1
- osutil: fix create-user on classic
- firstboot: disable firstboot on classic for now
- cmd/snap: add export-key --account= option
- many: split public snapd REST API into separate socket.
- many: drop ubuntu-core-snapd-units package, use release.OnClassic
instead
- tests: add content-shareing binary test that excersises snap-
confine
- snap: use "up to date" instead of "up-to-date"
- asserts: add an account-key-request assertion
- asserts: fix GPG key generation parameters
- tests, integration-tests: implement the cups-control manual test
as a spread test
- many: clarify/tie down model assertion
- cmd/snap: add "snap download" command
- integration-tests: remove them in favour of the spread tests
- tests: test all snap ubuntu core upgrade
- many: support install and remove by revision
- overlord/state: prevent change ready => unready
- tests: fixes to make the ubuntu-core-16 image usable with
-keep/-reuse
- asserts: authority-id and brand-id of serial must match
- firstboot: generate netplan config rather than ifupdown
- store: request device session macaroon from store
- tests: add workaround for u-d-f to unblock all-snap image tests
- tests: the stable ubuntu-core snap has snap run support now
- many: use make StripGlobalRootDir public
- asserts: add some stricter checks around format
- many: have AuthContext expose device store-id, serial and serial-
proof signing to the store
- tests: fix "tests/main/ack" to not break if asserts are alreay
there
- tests/main/ack: fix test/style
- snap: add key management commands
- firstboot: add firstboot assertions importing
* New upstream release: LP: #1616157
- many: respect dirs.SnapSnapsDir in tests
- tests: update listing test for latest stable image
- many: hook in start of code to fetch/check assertions when
installing snap from store
- boot: add missing udevadm mock to fix FTBFS
- interfaces: add lxd-support interface
- dirs,snap: handle empty root directory in SetRootDir
- dirs,snap: define methods for SNAP_USER_DATA and SNAP_USER_COMMON
- tests: spread all-snap test cleanup
- tests: add all-snap spread image tests
- store,tests: have just one envvar SNAPPY_USE_STAGING_STORE to
control talking to staging
- overlord/hookstate: use snap run posix parameters.
- interfaces/builtin: allow bind in the network interface
- asserts,overlord/devicestate: simplify private key/key pairs APIs,
they take just key ids
- dependencies: update godeps
- boot: add support for "devmode: {true,false}" in seed.yaml
- many: teach prepare-image to copy the model assertion (and
prereqs) into the seed area of the image
- tests: start teaching the fakestore about assertions
- asserts/sysdb: embed the new format official root/trusted
assertions
- overlord/devicestate: first pass at device registration logic
- tests: add process-control interface spread test
- tests: disable unity test
- tests: adapt to new spread version
- asserts: add serial-proof device assertion
- client, cmd/snap: use the new multi-refresh endpoint
- many: preparations for image code to fetch model prereqs
- debian: add extra checks when debian/snapd.postrm purge is run
- overlord/snapstate, daemon: support for multi-snap refresh
- tests: do not leave "squashfs-root" around
- snap-exec: Fix broken `snap run --shell` and add test
- overlord/snapstate: check changes to SnapState for conflicts also.
- docs/interfaces: change snappy command to snap
- tests: test `snap run --hook` using in-tree snap-exec.
- partition: ensure that snap_{kernel,core} is not overridden with an
empty value
- asserts,overlord/assertstate: introduce an assertstate task
handler to fetch snap assertions
- spread: disable re-exec to always test development tree.
- interfaces: implement a fuse interface
- interfaces/hardware-observe.go: re-add /run/udev/data
- overlord/assertstate,daemon: reorg how the assert manager exposes
the assertion db and adding to it
- release: Remove "UBUNTU_CODENAME" from the test data
- many: implement snapctl command.
- interfaces: mpris updates (fix unconfined introspection, add name
attribute)
- asserts: export DecodePublicKey
- asserts: introduce support for assertions with no authority,
implement serial-request
- interfaces: bluez: add a few more tests to verify interface
connection works
- interfaces: bluez: add missing mount security snippet case
- interfaces: add kernel-module interface for module insertion.
- integration-tests: look for ubuntu-device-flash on PATH before
calling sudo
- client, cmd, daemon, osutil: support --yaml and --sudoer flags for
create-user
- spread: use snap-confine from ppa:snappy-dev/image for the tests
- many: move to purely hash based key lookup and to new
key/signature format (v1)
- spread: Use /home/gopath in spread.yaml
- tests: base security spread tests
* New upstream release: LP: #1612362
- many: do not require root for `snap prepare-image`
- tests: prevent restore error on test failure
- osutil: change escaping for create-user's sudoers
- docs: private flag doesn't exist on /v2/find (it's select)
- snap: do not sort the result of `snap find`
- interfaces/builtin: add gpio interface
- partition: fix cleaning of the boot variables on the second good
boot
- tests: add udev rules spread test
- docs: fix references to refresh action
- interfaces/udev,osutil: avoid doubled rules and put all in a per
snap file
- store: minor store improvements from previous reviews
- many: support interactive payments in snapd, filter from command
line
- docs/interfaces.md: improve interfaces documentation
- overlord,store: set store device authorization header
- store: add device nonce API support
- many: various fixes around the `create-user` command
- client, osutil: chown the auth file
- interfaces/builtin: add transitional browser-support interface
- snap: don't load unsupported implicit hooks.
- cmd/snap,cmd/snap-exec: support hooks again.
- interfaces/builtin: improve pulseaudio interface
- asserts: make account-key's `until` optional to represent a never-
expiring key
- store: refactor newRequest/doRequest to take requestOptions
- tests: allow-downgrades on upgrade test to prevent version errors
- daemon: stop using group membership as succedaneous of running
things with sudo
- interfaces: add bluetooth-control interfaces
- many: remove integration-test coverage metrics
- daemon,docs: drop license docs and error kind
- tests: add network-control interface spread test
- tests: add hardware-observe spread test
- interfaces: add system-trace interface LP: #1600085
- boot: use `cp -aLv` instead of `cp -a` (no symlinks on vfat)
- store: soft-refresh discharge macaroon from store when required
- partition: clear snap_try_{kernel,core} on success
- tests: add snapd-control interface spread test
- tests: add locale-control write spread test
- store: fix buy method after some refactoring broke it
- interfaces/builtin: read perms for network devices in network-
observe
- interfaces: also allow rfkill in network_control
- snapstate: remove artifacts from a snap try dir that vanished
- client, cmd/snap: better errors for empty snap list result
- wrappers: set BAMF_DESKTOP_FILE_HINT for unity
- many: cleanup/update rest.md; improve auth errors
- interfaces: miscelleneous policy updates for default, log-observe,
mount-observe, opengl, pulseaudio, system-observe and unity7
- interfaces: add process-control interface (LP: #1598225)
- osutil: support both "nobody" and "nogroup" for grpnam tests
- cmd: support defaulting to the user's preferred payment method
- overlord: actually run hooks.
- overlord/state,overlord/ifacestate: define basic infrastructure
for and then setting up serialising of interface mgr tasks
- asserts: add Assertion.Prerequisites and SigningKey, Ref and
FindTrusted
- overlord/snapstate: ensure calls to store are done without the
state lock held
- asserts,client: switch snap-build and snap-revision to be indexed
by snap-sha3-384
- many: make seed.yaml on firstboot mandatory and include sideInfo
- asserts,many: start supporting structured headers using the new
parseHeaders
- many: update code for the new snap_mode
- tests: added spread find private test
- store: deal with 404 froms the SSO store properly
- snap: remove meta/kernel.yaml again
- daemon: always mock release info in tests
- snapstate: drop revisions after "current" on refresh
- asserts: introduce new parseHeadersThis introduces the new
parseHeaders returning map[string]interface{} and capable of
accepting:
- asserts: remove/disable comma separated lists and their uses
* New upstream release: LP: #1605303
- increase version number to reflect the nature of the update
better
- store, daemon, client, cmd/snap, docs/rest.md: adieu search
grammar
- debian: move snapd.refresh.timer into timers.target
- snapstate: add daemon-reload to fix autopkgtest on yakkety
- Interfaces: hardware-observe
- snap: rework the output after a snap operation
- daemon, cmd/snap: refresh --devmode
- store, daemon, client, cmd/snap: implement `snap find --private`
- tests: add network-observe interface spread test
- interfaces/builtin: allow getsockopt for connected x11 plugs
- osutil: check for nogrup instead of adm
- store: small cleanups (more needed)
- snap/squashfs: fix test not to hardcode snap size
- client,cmd/snap: cleanup cmd/snap test suite, add extra args
testThis cleans up the cmd/snap test suite:
- wrappers: map "never" restart condition to "no."
- wrappers: run update-desktop-database after add/remove of desktop
files
- release: work around elementary mistake
- many: remove all traces of channel from the buying codepath
- store: kill setUbuntuStoreHeaders
- docs: add payment methods documentation
- many: present user with a choice of payment backends
- asserts: add cross checks for snap asserts
- cmd/snap,cmd/snap-exec: support running hooks via snap-exec.
- tests: improve snap run symlink tests
- tests: add content sharing interface spread test
- store & many: a mechanical branch shortening store names
- snappy: remove old snappy pkg
- overlord/snapstate: kill flagscompat
- overlord/snapstate, daemon, client, cmd/snap: devmode override
(aka confined)
- tests: extend refresh test to talk to the staging and production
stores
- asserts,daemon: cross checks for account and account-key
assertions
- client: existing JSON fixtures uses tabs for indentation
- snap-exec: add proper integration test for snap-exec
- spread.yaml, tests: replace hello-world with test-snapd-tools
- tests: add locale-control interface spread test
- tests: add mount-observe interface spread test
- tests: add system-observe interface spread test
- many: add AuthContext to mediate user updates to the state
- store/auth: add helper for the macaroon refresh endpoint
- cmd: add buy command
- overlord: switch snapstate.Update to use ListRefresh (aka
/snaps/metadata)
- snap-exec: fix silly off-by-one error
- tests: stop using hello-world.echo in the tests
- tests: add env command to test-snapd-tools
- classic: remove (most of) "classic" mode, this is implemented as a
snap now
- many: remove snapstate.Candidate and other cleanups
- many: removed authenticator, store gets a user instead
- asserts: fix minor doc comment typo
- snap: ensure unknown arguments to `snap run` are ignored
- overlord/auth: add Device/SetDevice to persist device identity in
state
- overlord: make SyncBoot work again
- tests: add -y flag to apt autoremove command in unity task restore
- many: migrate SnapSetup and SideInfo to use RealName
- daemon: drop auther()
- client: improve error from client.do() on json decode failures
- tests: readd the fake store tests
- many: allow removal of broken snaps, add spread test
- overlord: implement &Retry{After: duration} support for handlers
- interface: add new interfaces.all.SecurityBackends
- integration-tests: remove login tests
- cmd,interfaces,snap: implement hook whitelist.
- daemon,overlord/auth,store: update macaroon authentication to use
the new endpoints
- daemon, overlord: add buy endpoint to REST API
- tests: use systemd-run for starting and stopping the unity app
- tests, integration-tests: port systemd service check test to
spread
- store: switch search to new snap-specific endpoint
- store, many: start using the new details endpoint
- tests, integration-tests: port unity test to spread
- tests: add spread test for tried snaps removal
- tests, integration-tests: port auth errors test to spread
- snapstate: rename OfficialName to RealName in the new tests
- many: rename SideInfo.OfficialName to SideInfo.RealName
- snapstate: use snapstate.Type in backend.RemoveSnapFiles
- many: add `snap enable/disable` commands
- tests, integration-tests: port refresh all test to spread
- snap: add `snap run --shell`
- tests: set yaml indentation to 4 spaces
- snapstate: cleanup downloaded temp snap files
- overlord: make patch1_test more robust
- debian: add snapd.postrm that purges
- integration-tests: drop already covered refresh app test
- many: add concept of "broken" snaps
- tests, integration-tests: port remove errors tests to spread
- tests, integration-tests: port revert test to spread
- debian: fix snapbuild path
- overlord: fix access to the state without lock in firstboot.go and
add test
- snapstate: add very simple garbage collection on upgrade
- asserts: introduce assertstest with helpers to test code involving
assertions
- tests, integration tests: port undone failed install test to
spread
- snap,store: switch to the new snaps/metadata endpoint, introduce
and start capturing DeveloperID
- tests, integration-tests: port the op remove retry test to spread
- po: remove snappy.pot from git, it will be generated at build time
- many: add some missing tests, clarify some things and nitpicks as
follow up to `snap revert`
- snapstate: when doing snapsate.Update|Install, talk to the store
early
- tests, integration-tests: port the op remove test to spread
- interfaces: allow /usr/bin/locale in default policy
- many: add `snap revert`
- overlord/auth,store: add macaroon serialization/deserialization
helpers
- many: embed main store trusted assertions in snapd, way to have
test ones, spread tests for ack and known
- overlord/snapstate,daemon: clarify active vs current, add
SnapState.HasCurrent,CurrentInfo
- tests: do not search for a specific snap (we hit 100 items) and
pagination kicks in
- tests: use printf instead of echo where we need portability
- tests: rename and generalize basic-binaries to test-snapd-tools
* New upstream release: LP: #1597329
- interfaces: also allow @{PROC}/@{pid}/mountinfo and
@{PROC}/@{pid}/mountstats
- interfaces: allow read access to /etc/machine-id and
@{PROC}/@{pid}/smaps
- interfaces: miscelleneous policy updates for default, log-observe
and system-observe
- snapstate: add logging after a successful doLinkSnap
- tests, integration-tests: port try tests to spread
- store, cmd/snapd: send a basic user-agent to the store
- store: add buy method
- client: retry on failed GETs
- tests: actual refresh test
- docs: REST API update
- interfaces: add mount support for hooks.
- interfaces: add udev support for hooks.
- interfaces: add dbus support for hooks.
- tests, integration-tests: port refresh test to spread
- tests, integration-tests: port change errors test to spread
- overlord/ifacestate: don't retry snap security setup
- integration-tests: remove unused file
- tests: manage the socket unit when reseting state
- overlord: improve organization of state patches
- tests: wait for snapd listening after reset
- interfaces/builtin: allow other sr*/scd* optical devices
- systemd: add support for squashfuse
- snap: make snaps vanishing less fatal for the system
- snap-exec: os.Exec() needs argv0 in the args[] slice too
- many: add new `create-user` command
- interfaces: auto-connect content interfaces with the same content
and developer
- snapstate: add Current revision to SnapState
- readme: tweak readme blurb
- integration-tests: wait for listening port instead of active
service reported by systemd
- many: rename Current -> {CurrentSideInfo,CurrentInfo}
- spread: fix home interface test after suite move
- many: name unversioned data.
- interfaces: add "content" interface
- overlord/snapstate: defaultBackend can go away now
- debian: comment to remember why the timer is setup like it is
- tests,spread.yaml: introduce an upgrade test, support/split into
two suites for this
- overlord,overlord/snapstate: ensure we keep snap type in snapstate
of each snap
- many: rework the firstboot support
- integration-tests: fix test failure
- spread: keep core on suite restore
- tests: temporary fix for state reset
- overlord: add infrastructure for simple state format/content
migrations
- interfaces: add seccomp support for hooks.
- interfaces: allow gvfs shares in home and temporarily allow
socketcall by default (LP: #1592901, LP: #1594675)
- tests, integration-tests: port network-bind interface tests to
spread
- snap,snap/snaptest: use PopulateDir/MakeTestSnapWithFiles directly
and remove MockSnapWithHooks
- interfaces: add mpris interface
- tests: enable `snap run` on i386
- tests, integration-tests: port network interface test to spread
- tests, integration-tests: port interfaces cli to spread
- tests, integration-tests: port leftover install tests to spread
- interfaces: add apparmor support for hooks.
- tests, integration-tests: port log-observe interface tests to
spread
- asserts: improve Decode doc comment about assertion format
- tests: moved snaps to lib
- many: add the camera interface
- many: add optical-drive interface
- interfaces: auto-connect home if running on classic
- spread: bump gccgo test timeout
- interfaces: use security tags to index security snippets.
- daemon, overlord/snapstate, store: send confinement header to the
store for install
- spread: run tests on 16.04 i386 concurrently
- tests,integration-tests: port install error tests to spread
- interfaces: add a serial-port interface
- tests, integration-tests, debian: port sideload install tests to
spread
- interfaces: add new bind security backend and refactor
backendtests
- snap: load and validate implicit hooks.
- tests: add a build/run test for gccgo in spread
- cmd/snap/cmd_login: Adjust message after adding support for wheel
group
- tests, integration-tests: ported install from store tests to
spread
- snap: make `snap change <taskid>` show task progress
- tests, integration-tests: port search tests to spread
- overlord/state,daemon: make abort proceed immediately, fix doc
comment, improve tests
- daemon: extend privileged access to users in "wheel" group
- snap: tweak `snap refresh` and `snap refresh --list` outputTiny
branch that does three things:
- interfaces: refactor auto-connection candidate check
- snap: add support for snap {install,refresh}
--{edge,beta,candidate,stable}
- release: don't force KDE Neon into devmode.
* New upstream release: LP: #1593201
- snap: add the magic redirect part of `snap run`
- tests, integration-tests: port server related tests to spread
- overlord/snapstate: log restarting in the task
- daemon: test restart wiring, fix setup/teardown
- cmd: don't show the price if a snap has already been purchased
- tests, integration-tests: port listing tests to spread
- integration-tests: do not try to kill ubuntu-clock-app.clock (no
longer a process)
- several: tie up overlord's restart handler into daemon; adjust
snap to cope
- tests, integration-tests: port abort tests to spread
- integration-tests: fix flaky TestRemoveBusyRetries
- testutils: refactor/mock exec
- snap,cmd: add hook support to snap run.
- overlord/snapstate: remove Download from backend
- store: use a custom logging transport
- overlord/hookstate: implement basic HookManager.
- spread: move the suite restore to restore-each
- asserts: turn model os into model core field, making it also more
like the kernel and gadget fields
- asserts: / is not allowed in primary key headers, follow the store
in this
- release: enable full confinement on Elementary 0.4
- integration-tests: fix another i386 autopkgtest failure.
- cmd/snap: create SNAP_USER_DATA and common dirs in `snap run`
- many: have the installation of the core snap request a restart (on
classic)
- asserts: allow to load also account assertions into the trusted
set
- many: install snaps in devmode on distributions without complete
apparmor and seccomp support
- spread: run on travis
- snapenv: do not hardcode amd64 in tests
- spread: initial harness and first test
- interfaces: miscelleneous policy updates for chromium, x86,
opengl, etc
- integration-tests: remove daemon to use the log-observe interface
- client: remove client.Revision and import snap.Revision instead
- integration-tests: wait for network-bind service in try test
- many: move over from snappy to snapstate/backend SetupSnap and
related code
- integration-tests: add interfaces cli tests
- snapenv: cleanup snapenv.{Basic,User}
- cmd/snap: also print slots that connect to the wanted snap (LP:
#1590704)
- asserts: error style, use "cannot" instead of "failed to"
following the main decided style
- integration-tests: wait until the network-bind service is up
before testing
- many: add new `snap run` command
- snappy: unexport snappy.Install and snappy.Overlord.{Un,}Install
- many: add some shared testing helpers to snap/snaptest and to
boot/boottest
- rest-api: support to send apps per snap (LP: #1564076)
* New upstream release
- Cherry pick four commits that show snaps as installed in devmode on
distributions without full confinement dependencies available:
25634d3364a46b5e9147e4466932c59b1b572d35
53f2e8d5f1b2d7ce13f5b50be4c09fa1de8cf1e0
38771f4cc324ad9dd4aa48b03108d13a2c361aad
c46e069351c61e45c338c98ab12689a319790bd5
* New upstream release: LP: #1589534
- debian: make `snap refresh` times more random (LP: #1537793)
- cmd: ExecInCoreSnap looks in "core" snap first, and only in
"ubuntu-core" snap if rev>125.
- cmd/snap: have 'snap list' display helper message on stderr
(LP: #1587445)
- snap: make app names more restrictive.
* New upstream release: LP: #1589534
- debian: do not ship /etc/ld.so.conf.d/snappy.conf (LP: #1589006)
- debian: fix snapd.refresh.service install and usage (LP: #1588977)
- ovlerlord/state: actually support task setting themself as
done/undone
- snap: do not use "." import in revision_test.go, as this breaks
gccgo-6 (fix build failure on powerpc)
- interfaces: add fcitx and mozc input methods to unity7
- interfaces: add global gsettings interfaces
- interfaces: autoconnect home and doc updates (LP: #1588886)
- integration-tests: remove
abortSuite.TestAbortWithValidIdInDoingStatus
- many: adding backward compatible code to upgrade SnapSetup.Flags
- overlord/snapstate: handle sideloading over an old sideloaded snap
without panicing
- interfaces: add socketcall() to the network/network-bind
interfaces (LP: #1588100)
- overlord/snapstate,snappy: move over CanRemoveThis moves over the
CanRemove check to snapstate itself.overlord/snapstate
- snappy: move over CanRemove
- overlord/snapstate,snappy: move over CopyData and Remove*Data code
* New upstream release: LP: #1588052:
- many: repository moved to snapcore/snapd
- debian: add transitional pkg for the github location change
- snap: ensure `snap try` work with relative paths
- debian: drop run/build dependency on lsb-release
- asserts/tool: gpg key pair manager
- many: add new snap-exec
- many: implement `snap refresh --list` and `snap refresh`
- snap: add parsing support for hooks.
- many: add the cups interface
- interfaces: misc policy fixes (LP: #1583794)
- many: add `snap try`
- interfaces: allow using sysctl and scmp_sys_resolver for parsing
kernel logs
- debian: make snapd get its environ from /etc/environment
- daemon,client,snap: revisions are now strings
- interfaces: allow access to new ibus abstract socket path
LP: #1580463
- integration-tests: add remove tests
- asserts: stronger crypto choices and follow better latest designs
- snappy,daemon: hollow out more of snappy (either removing or not
exporting stuff on its way out), snappy/gadget.go is gone
- asserts: rename device-serial to serial
- asserts: rename identity to account (and username access)
- integration-tests: add changes tests
- backend: add tests for environment wrapper generation
- interfaces/builtin: add location-control interface
- overlord/snapstate: move over check snap logic from snappy
- release: use os-release instead of lsb-release for cross-distro
use
- asserts: allow empty snap-name for snap-declaration
- interfaces/builtin,docs,snap: add the pulseaudio interface
- many: add support for an environment map inside snap.yaml
- overlord/snapstate: increase robustness of doLinkSnap/undoLinkSnap
with sanity unit tests
- snap: parse epoch property
- snappy: do nothing in SetNextBoot when running on classic
- snap: validate snap type
- integration-tests: extend find command tests
- asserts: extend tests to cover mandatory and empty headers
- tests: stop the update-pot check in run-checks
- snap: parse confinement property.
- store: change applyUbuntuStoreHeaders to not take accept, and to
take a channel
- many: struct-based revisions, new representation
- interfaces: remove 'audit deny' rules from network_control.go
- interfaces: add com.canonical.UrlLauncher.XdgOpen to unity7
interface
- interfaces: firewall-control can access xtables lock file
- interfaces: allow unity7 AppMenu
- interfaces: allow unity7 launcher API
- interfaces/builtin: add location-observe interface
- snap: fixed snap empty list text LP: #1587445
* New upstream release: LP: #1583085
- interfaces: add dbusmenu, freedesktop and kde notifications to
unity7 (LP: #1573188)
- daemon: make localSnapInfo return SnapState
- cmd: make snap list with no snaps not special
- debian: workaround for XDG_DATA_DIRS issues
- cmd,po: fix conflicts, apply review from #1154
- snap,store: load and store the private flag sent by the store in
SideInfo
- interfaces/apparmor/template.go: adjust /dev/shm to be more usable
- store: use purchase decorator in Snap and FindSnaps
- interfaces: first version of the networkmanager interface
- snap, snappy: implement the new (minmimal) kernel spec
- cmd/snap, debian: move manpage generation to depend on an environ
key; also, fix completion
* New upstream release:
- interfaces: cleanup explicit denies
- integration-tests: remove the ancient integration daemon tests
- integration-tests: add network-bind interface test
- integration-tests: add actual checks for undoing install
- integration-tests: add store login test
- snap: add certain implicit slots only on classic
- integration-tests: add coverage flags to snapd.service ExecStart
setting when building from branch
- integration-tests: remove the tests for features removed in 16.04.
- daemon, overlord/snapstate: "(de)activate" is no longer a thing
- docs: update meta.md and security.md for current snappy
- debian: always start snapd
- integration-tests: add test for undoing failed install
- overlord: handle ensureNext being in the past
- overlord/snapstate,overlord/snapstate/backend,snappy: start
backend porting LinkSnap and UnlinkSnap
- debian/tests: add reboot capability to autopkgtest and execute
snapPersistsSuite
- daemon,snappy,progress: drop license agreement broken logic
- daemon,client,cmd/snap: nice access denied message
(LP: #1574829)
- daemon: add user parameter to all commands
- snap, store: rework purchase methods into decorators
- many: simplify release package and add OnClassic
- interfaces: miscellaneous policy updates
- snappy,wrappers: move desktop files handling to wrappers
- snappy: remove some obviously dead code
- interfaces/builtin: quote apparmor label
- many: remove the gadget yaml support from snappy
- snappy,systemd,wrappers: move service units generation to wrappers
- store: add method to determine if a snap must be bought
- store: add methods to read purchases from the store
- wrappers,snappy: move binary wrapper generation to new package
wrappers
- snap: add `snap help` command
- integration-tests: remove framework-test data and avoid using
config-snap for now
- add integration test to verify fix for LP: #1571721
* New upstream micro release:
- integration-tests, debian/tests: add unity snap autopkg test
- snappy: introduce first feature flag for assumes: common-data-dir
- timeout,snap: add YAML unmarshal function for timeout.Timeout
- many: go into state.Retry state when unmounting a snap fails.
(LP: #1571721, #1575399)
- daemon,client,cmd/snap: improve output after snap
install/refresh/remove (LP: #1574830)
- integration-tests, debian/tests: add test for home interface
- interfaces,overlord: support unversioned data
- interfaces/builtin: improve the bluez interface
- cmd: don't include the unit tests when building with go test -c
for integration tests
- integration-tests: teach some new trick to the fake store,
reenable the app refresh test
- many: move with some simplifications test snap building to
snap/snaptest
- asserts: define type for revision related errors
- snap/snaptest,daemon,overlord/ifacestate,overlord/snapstate: unify
mocking snaps behind MockSnap
- snappy: fix openSnapFile's handling of sideInfo
- daemon: improve snap sideload form handling
- snap: add short and long description to the man-page
(LP: #1570280)
- snappy: remove unused SetProperty
- snappy: use more accurate test data
- integration-tests: add a integration test about remove removing
all revisions
- overlord/snapstate: make "snap remove" remove all revisions of a
snap (LP: #1571710)
- integration-tests: re-enable a bunch of integration tests
- snappy: remove unused dbus code
- overlord/ifacestate: fix setup-profiles to use new snap revision
for setup (LP: #1572463)
- integration-tests: add regression test for auth bug LP:#1571491
- client, snap: remove obsolete TypeCore which was used in the old
SystemImage days
- integration-tests: add apparmor test
- cmd: don't perform type assertion when we know error to be nil
- client: list correct snap types
- intefaces/builtin: allow getsockname on connected x11 plugs
(LP: #1574526)
- daemon,overlord/snapstate: read name out of sideloaded snap early,
improved change summary
- overlord: keep tasks unlinked from a change hidden, prune them
- integration-tests: snap list on fresh boot is good again
- integration-tests: add partial term to the find test
- integration-tests: changed default release to 16
- integration-tests: add regression test for snaps not present after
reboot
- integration-tests: network interface
- integration-tests: add proxy related environment variables to
snapd env file
- README.md: snappy => snap
- etc: trivial typo fix (LP:#1569892)
- debian: remove unneeded /var/lib/snapd/apparmor/additional
directory (LP: #1569577)
- builtin/unity7.go: allow using gmenu. LP: #1576287
* New upstream release:
- systemd: add multi-user.target (LP: #1572125)
- release: our series is 16
- integration-tests: fix snapd binary path for mounting the daemon
built from branch
- overlord,snap: add firstboot state sync
* client,daemon,overlord: fix authentication:
- fix incorrect authenication check (LP: #1571491)
* New upstream release:
- debian: put snapd in /usr/lib/snapd/
- cmd/snap: minor polishing
- cmd,client,daemon: add snap abort command
- overlord: don't hold locks when callling backends
- release,store,daemon: no more default-channel, release=>series
- many: drop support for deprecated environment variables
(SNAP_APP_*)
- many: support individual ids in changes cmd
- overlord/state: use numeric change and task ids
- overlord/auth,daemon,client,cmd/snap: logout
- daemon: don't install ubuntu-core twice
- daemon,client,overlord/state,cmd: add changes command
- interfaces/dbus: drop superfluous backslash from template
- daemon, overlord/snapstate: updates are users too!
- cmd/snap,daemon,overlord/ifacestate: add support for developer
mode
- daemon,overlord/snapstate: on refresh use the remembered channel,
default to stable channel otherwise
- cmd/snap: improve UX of snap interfaces when there are no results
- overlord/state: include time in task log messages
- overlord: prune and abort old changes and tasks
- overlord/ifacestate: add implicit slots in setup-profiles
- daemon,overlord: setup authentication for store downloads
- daemon: macaroon-authed users are like root, and sudoers can login
- daemon,client,docs: send install options to daemon
* New upstream release:
- etc: fix desktop file location
- overlord/snapstate: stop an update once download sees the revision
is already installed
- overlord: make SnapState.DevMode a method, store flags
- snappy: no more snapYaml in snappy.Snap
- daemon,cmd,dirs,lockfile: drop all lockfiles
- debian: use sudo in setup of the proxy environment
- snap/snapenv,snappy,systemd: expose SNAP_REVISION to app
environment
- snap: validate similarly to what we did with old snapYaml info
from squashfs snaps
- daemon,store: plug in authentication for store search/details
- overlord/snapstate: fix JSON name of SnapState.Candidate
- overlord/snapstate: start using revisions higher than 100000 for
local installs (sideloads)
- interfaces,overlorf/ifacestate: honor user choice and don't auto-
connect disconnected plugs
- overlord/auth,daemon,client: hide user ids again
- daemon,overlord/snapstate: back /snaps (and so snap list) using
state
- daemon,client,overlord/auth: rework state auth data
- overlord/snapstate: disable Activate and Deactivate
- debian: fix silly typo in autopkgtest setup
- overlord/ifacestate: remove connection state with discard-conns
task, on the removal of last snap
- daemon,client: rename API update action to refresh
- cmd/snap: rework login to be more resilient
- overlord/snapstate: deny two changes on one snap
- snappy: fix crash on certain snap.yaml
- systemd: use native systemctl enable instead of our own
implementation
- store: add workaround for misbehaving store
- debian: make autopkgtest use the right env vars
- state: log do/undo status too when a task is run
- docs: update rest.md with price information
- daemon: only include price property if the snap is non-free
- daemon, client, cmd/snap: connect/disconnect now async
- snap,snappy: allow snaps to require system features
- integration-tests: fix report of skips in SetUpTest method
- snappy: clean out major bits (still using Installed) now
unreferenced as cmd/snappy is gone
- daemon/api,overlord/auth: add helper to get UserState from a
client request
* New upstream release:
- many: prepare for opengl support on classic
- interfaces/apparmor: load all apparmor profiles on snap setup
- daemon,client: move async resource to change in meta
- debian: disable autopilot
- snap: add basic progress reporting
- client,cmd,daemon,snap,store: show the price of snaps in the cli
- state: add minimal taskrunner logging
- daemon,snap,overlord/snapstate: in the API get the snap icon using
state
- client,daemon,overlord: don't guess snap file vs. name
- overlord/ifacestate: reload snap connections when setting up
security for a given snap
- snappy: remove cmd/snappy (superseded in favour of cmd/snap)
- interfaecs/apparmor: remove all traces of old-security from
apparmor backend
- interfaces/builtin: add bluez interface
- overlord/ifacestate: don't crash if connection cannot be reloaded
- debian: add searchSuite to autopkgtest
- client, daemon, cmd/snap: no more tasks; everything is changes
- client: send authorization header in client requests
- client, daemon: marshal suggested currency over REST
- docs, snap: enumerate snap types correctly in docs and comments
- many: add store authenticator parameter
- overlord/ifacestate,daemon: setup security on conect and
disconnect
- interfaces/apparmor: remove unused apparmor variables
- snapstate: add missing "TaskProgressAdapter.Write()" for working
progress reporting
- many: clean out snap config related code not for OS
- daemon,client,cmd: return snap list from /v2/snaps
- docs: update `/v2/snaps` endpoint documentation
- interfaces: rename developerMode to devMode
- daemon,client,overlord: progress current => done
- daemon,client,cmd/snap: move query metadata to top-level doc
- interfaces: add TestSecurityBackend
- many: replace typographic quotes with ASCII
- client, daemon: rework rest changes to export "ready" and "err"
- overlord/snapstate,snap,store: track snap-id in side-info and
therefore in state
- daemon: improve mocking of interfaces API tests
- integration-tests: remove origins in default snap names for udf
call
- integration-test: use "snap list" in GetCurrentVersion
- many: almost no more NewInstalledSnap reading manifest from
snapstate and backend
- daemon: auto install ubuntu-core if missing
- oauth,store: remove OAuth authentication logic
- overlord/ifacestate: simplify some tests with implicit manager
initialization
- store, snappy: move away from hitting details directly
- overlord/ifacestate: reload connections when restarting the
manager
- overlord/ifacestate: increase flexibility of unit tests
- overlord: use state to discover all installed snaps
- overlord/ifacestate: track connections in the state
- many: separate copy-data from unlinking of current snap
- overlord/auth,store/auth: add macaroon authenticator to UserState
- client: support for /v2/changes and /v2/changes/{id}
- daemon/api,overlord/auth: rework authenticated users information
in state
* New upstream release:
- cmd/snap,daemon,store: rework login command to use daemon login
API
- store: cache suggested currency from the store
- overlord/ifacestate: modularize and extend tests
- integration-tests: reenable failure tests
- daemon: include progress in rest changes
- daemon, overlord/state: expose individual changes
- overlord/ifacestate: drop duplicate package comment
- overlord/ifacestate: allow tests to override security backends
- cmd/snap: install *.snap and *.snap.* as files too
- interfaces/apparmor: replace /var/lib/snap with /var/snap
- daemon,overlord/ifacestate: connect REST API to interfaces in the
overlord
- debian: remove unneeded dependencies from snapd
- overlord/state: checkpoint on final progress only
- osutil: introduce IsUIDInAny
- overlord/snapstate: rename GetSnapState to Get, SetSnapState to
Set
- daemon: add id to changes json
- overlord/snapstate: SetSnapState() needs locks
- overlord: fix broken tests
- overlord/snapstate,overlord/ifacestate: reimplement SnapInfo (as
Info) actually using the state
* debian/tests/control:
- add git to make autopkgtest work
* Add warning about installing ubuntu-core-snapd-units on Desktop systems.
* Add ${misc:Depends} to ubuntu-core-snapd-units.
* interfaces,overlord: add support for auto-connecting plugs on
install
* fix sideloading snaps and (re)add tests for this
* add `ca-certificates` to the test-dependencies to fix autopkgtest
failure on armhf
* rename source and binary package to "snapd"
* update directory layout to final 16.04 layout
* use `snap` command instead of the previous `snappy`
* use `interface` based security
* use new state engine for install/update/remove
- debian: update versionized ubuntu-core-launcher dependency
- debian: tweak desktop file dir, ship Xsession.d snip for seamless
integration
- snappy: fix hw-assign to work with per-app udev tags
- snappy: use $snap.$app as per-app udev tag
- snap,snappy,systemd: %s/\<SNAP_ORIGIN\>/SNAP_DEVELOPER/g
- snappy: add mksquashfs --no-xattrs parameter
- snap,snappy,systemd: kill SNAP_FULLNAME
- snappy,snap: move icon under meta/gui/
- debian: add snap.8 manpage
- debian: move snapd to /usr/lib/snappy/snapd
- snap,snappy,systemd: remove TMPDIR, TEMPDIR, SNAP_APP_TMPDIR
- snappy,dirs: add support to use desktop files from inside snaps
- daemon: snapd API events endpoint redux
- interfaces/builtin: add "network" interface
- overlord/state: do small fixes (typo, id clashes paranoia)
- overlord: add first pass of the logic in StateEngine itself
- overlord/state: introduce Status/SetStatus on Change
- interfaces: support permanent security snippets
- overlord/state: introduce Status/SetStatus and
Progress/SetProgress on Task
- overlord/state: introduce Task and Change.NewTask
- many: selectively swap semantics of plugs and slots
- client,cmd/snap: remove useless indirection in Interfaces
- interfaces: maintain Plug and Slot connection details
- client,daemon,cmd/snap: change POST /2.0/interfaces to work with
lists
- overlord/state: introduce Change and NewChange on state to create
them
- snappy: bugfix for snap.yaml parsing to be more consistent with
the spec
- snappy,systemd: remove "ports" from snap.yaml
* rename:
debian/golang-snappy-dev.install ->
debian/golang-github-ubuntu-core-snappy-dev.install:
* really fix typo in dependency name
* fix typo in dependency name
- debian: update build-depends for MIR
- many: implement new REST API: GET /2.0/interfaces
- integration-tests: properly stop snapd from branch
- cmd/snap: update tests for go-flags changes
- overlord/state: implement Lock/Unlock with implicit checkpointing
- overlord: split out the managers and State to their own
subpackages of overlord
- snappy: rename "migration-skill" to "old-security" and use new
interface names instead of skills
- client,cmd/snap: clarify name ambiguity in Plug or Slot
- overlord: start working on state engine along spec v2, have the
main skeleton follow that
- classic, oauth: update tests for change in MakeRandomString()
- client,cmd/snap: s/add/install/:-(
- interfaces,daemon: specialize Name to either Plug or Slot
- interfaces,interfaces/types: unify security snippet functions
- snapd: close the listener on Stop, to force the http.Serve loop to
exit
- snappy,daemon,snap/lightweight,cmd/snappy,docs/rest.md: expose
explicit channel selection to rest api
- interfaces,daemon: rename package holding built-in interfaces
- integration-tests: add the first classic dimension tests
- client,deaemon,docs: rename skills to interfaces on the wire
- asserts: add identity assertion type
- integration-tests: add the no_proxy env var
- debian: update build-depends for new package names
- oauth: fix oauth & quoting in the oauth_signature
- integration-tests: remove unused field
- integration-tests: add the http proxy argument
- interfaces,interfaces/types,deamon: mass internal rename to
interfaces
- client,cmd/snap: rename skills to interfaces (part 2)
- arch: fix missing mapping for powerpc
- integration-tests: always use the built snapd when compiling
binaries from branch
- cmd/snap: rename skills to interfaces
- testutil,skills/types,skills,daemon: tweak discovery of know skill
types
- docs: add docs for arm64 cross building
- overlord: implement basic ReadState/WriteState
- overlord: implement Get/Set/Copy on State
- integration-tests: fix dd output check
- integration-tests: add fromBranch config field
- integration-tests: use cli pkg methods in hwAssignSuite
- debian: do not create the snappypkg user, we don't need it anymore
- arch: fix build failure on s390x
- classic: cleanup downloaded lxd tarball
- cmd/snap,client,integration-tests: rename snap subcmds
'assert'=>'ack', 'asserts'=>'known'
- skills: fix broken tests builds
- skills,skills/types: pass slot to SlotSecuritySnippet()
- skills/types: teach bool-file about udev security
* New git snapshot:
- asserts: introduce snap-declaration
- cmd/snap: fix integration tests for the "cmd_asserts"
- integration-tests: fix fanctl output check
- cmd/snap: fix test failure after merging 23a64e6
- cmd/snap: replace skip-help with empty description
- docs: update security.md to match current migration-skill
semantics
- snappy: treat commands with 'daemon' field as services
- asserts: use more consistent names for receivers in
snap_asserts*.go
- debian: add missing golang-websocket-dev build-dependency
- classic: if classic fails to get created, undo the bind mounts
- snappy: never return nil in NewLocalSnapRepository()
- notifications: A simple notification system
- snappy: when using staging, authenticate there instead
- integration-tests/snapd: fix the start of the test snapd socket
- skills/types: use CamelCase for security names
- skills: add support for implicit revoke
- skills: add security layer
- integration-tests: use exec.Command wrapper for updates
- cmd/snap: add 'snap skills'
- cms/snap: add 'snap revoke'
- docs: add docs for skills API
- cmd/snap: add 'snap grant'
- cmd/snappy, coreconfig, daemon, snappy: move config to always be
bytes (in and out)
- overlord: start with a skeleton and stubs for Overlord,
StateEngine, StateJournal and managers
- integration-tests: skip tests affected by LP: #1544507
- skills/types: add bool-file
- po: refresh translation templates
- cmd/snap: add 'snap experimental remove-skill-slot'
- asserts: introduce device assertion
- cmd/snap: implemented add, remove, purge, refresh, rollback,
activate, deactivate
- cmd/snap: add 'snap experimental add-skill-slot'
- cmd/snap: add 'snap experimental remove-skill'
- cmd/snap: add tests for common skills code
- cmd/snap: add 'snap experimental add-skill'
- asserts: make assertion checkers used by db.Check modular and
pluggable
- cmd,client,daemon,caps,docs,po: remove capabilities
- scripts: move the script to get dependencies to a separate file
- asserts: make the disk layout compatible for storing more than one
revision
- cmd/snap: make the assert command options exported
- integration-tests: Remove the target release and channel
- asserts: introduce model assertion
- integration-tests: add exec.Cmd wrapper
- cmd/snap: add client test support methods
- cmd/snap: move key=value attribute parsing to commmon
- cmd/snap: apply new style consistency to "snap" commands.
- cmd/snap: support redirecting the client for testing
- cmd/snap: support testing command output
- snappy,daemon: remove the meta repositories abstractions
- cmd: add support for experimental commands
- cmd/snappy,daemon,snap,snappy: remove SetActive from parts
- cmd/snappy,daemon,snappy,snap: remove config from parts interface
- client: improve test data
- cmd: allow to construct a fresh parser
- cmd: don't treat help as an error
- cmd/snappy,snappy: remove "Details" from the repository interface
- asserts: check that primary keys are set when
Decode()ing/assembling assertions
- snap,snappy: refactor to remove "Install" from the Part interface
- client,cmd: make client.New() configurable
- client: enable retrieving asynchronous operation information with
`Client.Operation`.
* New git snapshot:
- integration-tests: fix the rollback error messages
- integration-test: use the common cli method when trying to install
an unexisting snap
- integration-tests: rename snap find test
- daemon: refactor makeErrorResponder()
- integration: add regression test for LP: #1541317
- integration-tests: reenable TestRollbackMustRebootToOtherVersion
- asserts: introduce "snap asserts" subcmd to show assertions in the
system db
- docs: fix parameter style
- daemon: use underscore in JSON interface
- client: add skills API
- asserts,docs/rest.md: change Encoder not to add extra newlines at
the end of the stream
- integration-tests: "snappy search" is no more, its "snap search"
now
- README, integration-tests/tests: chmod snapd.socket after manual
start.
- snappy: add default security profile if none is specified
- skills,daemon: add REST APIs for skills
- cmd/snap, cmd/snappy: move from `snappy search` to `snap find`.
- The first step towards REST world domination: search is now done
via
- debian: remove obsolete /etc/grub.d/09_snappy on upgrade
- skills: provide different security snippets for skill and slot
side
- osutil: make go vet happy again
- snappy,systemd: use Type field in systemd.ServiceDescription
- skills: add basic grant-revoke methods
- client,daemon,asserts: expose the ability to query assertions in
the system db
- skills: add basic methods for slot handling
- snappy,daemon,snap: move "Uninstall" into overlord
- snappy: move SnapFile.Install() into Overlord.Install()
- integration-tests: re-enable some failover tests
- client: remove snaps
- asserts: uniform searching across trusted (account keys) and main
backstore
- asserts: introduce Decoder to parse streams of assertions and
Encoder to build them
- client: filter snaps with a search query
- client: pass query as well as path in client internals
- skills: provide different security snippets for skill and slot
side
- snappy: refactor snapYaml to remove methods on snapYaml type
- snappy: remove unused variable from test
- skills: add basic methods for skill handing
- snappy: remove support for meta/package.yaml and implement new
meta/snap.yaml
- snappy: add new overlord type responsible for
Installed/Install/Uninstall/SetActive and stub it out
- skills: add basic methods for type handling
- daemon, snappy: add find (aka search)
- client: filter snaps by type
- skills: tweak valid names and error messages
- skills: add special skill type for testing
- cmd/snapd,daemon: filter snaps by type
- partition: remove obsolete uEnv.txt
- skills: add Type interface
- integration-tests: fix the bootloader path
- asserts: introduce a memory backed assertion backstore
- integration-tests: get name of OS snap from bootloader
- cmd/snapd,daemon: filter snaps by source
- asserts,daemon: bump some copyright years for things that have
been touched in the new year
- skills: add the initial Repository type
- skills: add a name validation function
- client: filter snaps by source
- snappy: unmount the squashfs snap again if it fails to install
- snap: make a copy of the search uri before mutating it
Closes: LP#1537005
- cmd/snap,client,daemon,asserts: introduce "assert " snap
subcommand
- cmd/snappy, snappy: fix failover handling of the "active"
kernel/os snap
- daemon, client, docs/rest.md, snapd integration tests: move to the
new error response
- asserts: change Backstore interface, backstores can now access
primary key names from types
- asserts: make AssertionType into a real struct exposing the
metadata Name and PrimaryKey
- caps: improve bool-file sanitization
- asserts: fixup toolbelt to use exposed key ID.
- client: return by reference rather than by value
- asserts: exported filesystem backstores + explicit backstores
* New git snapshot
* New upstream release:
- bin-path integration
- assertions/capability work
- fix squashfs based snap building
* New upstream release:
- fix dependencies
- fix armhf builds
* New upstream release:
- kernel/os snap support
- squashfs snap support
- initial capabilities work
- initial assertitions work
- rest API support
* New upstream release, including the following changes:
- Fix hwaccess for gpio (LP: #1493389, LP: #1488618)
- Fix handleAssets name normalization
- Run boot-ok job late (LP: #1476129)
- Add support for systemd socket files
- Add "snappy service" command
- Documentation improvements
- Many test improvements (unit and integration)
- Override sideload versions
- Go1.5 fixes
- Add i18n
- Add man-page
- Add .snapignore
- Run services that uses external ports only after the network is up
- Bufix in Synbootloader (LP: 1474125)
- Use uboot.env for boot state tracking
* New upstream release, including the following changes:
- Use O_TRUNC when copying files
- Added path redefinition to include test's binaries location
- Don't run update-grub, instead use grub.cfg from the oem
package
- Do network configuration from first boot
- zero size systemd of new partition made executable to
prevent unrecoverable boot failure
- Close downloaded files
* New upstream release, including the following changes:
- Allow to run the integration tests using snappy from branch
- Add CopyFileOverwrite flag and behaviour to helpers.CopyFile
- add a bunch of missing i18n.G() now that we have gettext
- Generate only the translators comments that start with
TRANSLATORS
- Try both clickpkg and snappypkg when dropping privs
* New upstream release, including the following changes:
- gettext support
- use snappypkg user for the installed snaps
- switch to system-image-3.x as the system-image backend
- more reliable developer mode detection
* New upstream release, including the following changes:
- Consider the root directory when installing and removing policies
- In the uboot TestHandleAssetsNoHardwareYaml, patch the cache dir
before creating the partition type
- In the PartitionTestSuite, remove the unnecessary patches for
defaultCacheDir
- Fix the help output of "snappy install -h"
* New upstream release, including the following changes:
- Remove compatibility for click-bin-path in generated exec-wrappers
- Release the readme.md after parsing it
* New upstream release, including the following changes:
- Set all app services to restart on failure
- Fixes the missing oauth quoting and makes the code a bit nicer
- Added integrate() to set Integration to default values needed for
integration
- Moved setActivateClick to be a method of SnapPart
- Make unsetActiveClick a method of SnapPart
- Check the package.yaml for the required fields
- Integrate lp:snappy/selftest branch into snappy itself
- API to record information about the image and to check if the kernel was
sideloaded.
- Factor out update from cmd
- Continue updating when a sideload error is returned
* New wily upload with fix for go 1.4 syscall.Setgid() breakage
* fix symlink unpacking
* fix typo in apparmor rules generation
* 15.04 archive upload
* initial ubuntu archive upload
* new snapshot
* Initial packaging
==== software-properties: 0.99.22.3 => 0.99.22.5 ====
==== python3-software-properties software-properties-common
* Replace Livepatch integration with Ubuntu Pro (lp: #2003527)
* cloudarchive: Enable support for the Antelope Ubuntu Cloud Archive on
22.04 (LP: #1996067).
==== sudo: 1.9.9-1ubuntu2.1 => 1.9.9-1ubuntu2.2 ====
==== sudo
* SECURITY UPDATE: arbitrary file overwrite via sudoedit
- debian/patches/CVE-2023-22809.patch: do not permit editor arguments
to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
plugins/sudoers/visudo.c.
- CVE-2023-22809
* SECURITY UPDATE: DoS via invalid arithmetic shift in Protobuf-c
- debian/patches/CVE-2022-33070.patch: only shift unsigned values in
lib/protobuf-c/protobuf-c.c.
- CVE-2022-33070
==== systemd-hwe: 249.11.1 => 249.11.2 ====
==== systemd-hwe-hwdb
* Add ACCEL_LOCATION=base property for Dell clamshell models (LP: #1999782)
[ Kai-Chuan Hsieh ]
* hwdb: Mark Dell platform accel sensor location to base
[ Andy Chi ]
* hwdb.d: add Dell models that need ACCEL_LOCATION=base
[ Dirk Su ]
* hwdb: Add Dell models that require ACCEL_LOCATION=base
==== tmux: 3.2a-4ubuntu0.1 => 3.2a-4ubuntu0.2 ====
==== tmux
* SECURITY UPDATE: Null dereference
- debian/patches/CVE-2022-47016.patch: adds checks for NULL
returns from bufferevent_new in control.c, file.c, window.c.
- CVE-2022-47016
==== ubuntu-advantage-tools: 27.12~22.04.1 => 27.13.3~22.04.1 ====
==== ubuntu-advantage-tools
* Backport new upstream release: (LP: #2004130 and LP: #2004279) to
jammy
* d/ubuntu-advantage-tools.preinst: (LP: #2004279)
- correct second set of md5sums to continue avoiding a dpkg conf prompt
if the only change to the original config file was to the apt_news flag
- restore correct default uaclient.conf when upgrading from 27.13.X and
the only conf change is apt_news
* esm-cache.service:
- Catch errors when esm.ubuntu.com is unreachable to avoid causing crash
reports and degraded systemd status from this non-critical service
(LP: #2004130)
* d/ubuntu-advantage-tools.{postinst,postrm,preinst}:
- avoid a dpkg conf prompt if the only change to the original config file
was to the apt_news flag (LP: #2003977)
* apt-hook:
- only run the pro client pre-update hook services when the apt update is
executed as root user (LP: #2004057)
* apt: better isolate apt esm cache by only fetching necessary
configuration from the system apt
* d/bash-completion:
- enable autocomplete for the 'pro' command (GH: #2280)
* d/control:
- update the package description
* d/postinst:
- remove unauthenticated esm repos from Xenial systems (LP: #1990378)
* New upstream release 27.13 (LP: #2003018)
- apt:
+ remove logic which added repositories and pinned them to 'never' to
enable access to esm package lists
+ add functionality to create and update a local apt esm cache with
the lists for esm-infra and esm-apps
- apt-hook: update the cpp hook to use the local esm apt cache
- apt-news:
+ fetch and display APT News in apt upgrade
+ show contract expiration notices in the apt news output
- attach: support attaching without being able to install snapd
(LP: #1997514)
- cli:
+ do not show invalid subcommands in autocomplete (GH: #2279)
+ add support for attaching through the web portal, without a token
- config: add apt_news_url option
- docs: reorganize documentation and correct information
- esm-apps: release the service as GA
- jobs:
+ remove the update_status job
+ remove unused job which checks for the system EOL
- messaging: do not fail if the apt-hook executable is not present
(LP: #1994480)
- motd: announce esm-apps as GA
- security-status:
+ use the local esm cache to report updates when the services are
disabled
+ redesign output to properly show support (LP: #2002407)
- services: add new service to update the local esm caches
- ros: release the service as GA
- bug fixes:
+ report reboot_required even if 'livepatch status' fails
+ do not create unexpected environment variables when the autocomplete
script runs
+ contract requests do not cause 'pro status' to fail
+ remove auto-attach motd message if any failure happens
+ log when 'cloud-id' fails
+ always honor the metering job timer config
+ write files atomically
* New upstream release 27.12 (LP: #1996424):
- auto-attach:
+ retry auto-attach for up to one month on Ubuntu Pro cloud instances
+ make a best effort to auto-attach when using the API
- enable: show deduplicated list of supported arches (GH: #917)
- fips: remove cloud package override logic from the client
- messaging: verify contract expiration date on contract server before
outputting expired message on MOTD
- realtime-kernel: make service non-beta
- reboot-required:
+ add API support to show if the system requires a reboot
(u.pro.security.status.reboot_required.v1)
+ add cli command for the functionality (pro system reboot-required)
- security-status:
+ add API support to report standard updates (u.pro.packages.updates.v1)
+ add API support to show CVEs patched by Livepatch
(u.pro.security.status.livepatch_cves.v1)
+ add API support to show packages summary information
(u.pro.packages.summary.v1)
+ list packages in oci manifest format (u.security.package_manifest.v1)
- systemd: do not attempt to auto-attach if a machine-token is present
* New upstream release 27.11.3: (LP: #1993006)
- d/postinst: remove the Ubuntu Pro beta apt message and set up the
configurable flag for "APT news" instead
- collect-logs: do not fail if a file cannot be read (LP: #1991858)
- config: add a flag to disable "APT news" (LP: 1992026)
- messaging: add announcement of "APT news" to apt output
- messaging: only show "APT news" when using apt binary (GH: #2288)
- version: use /run instead of /tmp for version file (GH: #2294)
* New upstream release 27.11.2: (LP: #1991173)
- esm: add the --beta flag back to esm-apps
- messaging: show Ubuntu Pro beta message in apt output
- security-status: don't show esm-apps information when the service is not
enabled
- ros: add the --beta flag back to ros and ros-updates
* New upstream release 27.11.1: (LP: #1990907)
- Fix release upgrade when ESM packages are installed
+ d/postinst: remove series information from the APT preferences template
+ esm: remove series information from the APT preferences file
* d/control:
- Update VCS references
* d/links:
- add usr/bin/pro as an alias to ubuntu-advantage
* d/postinst:
- include root_mode parameter when creating UAConfig instances
- change calls to add_notice to notice_file.add
- create public machine-token file if it does not exist
* New upstream release 27.11 (LP: #1989279)
- api:
+ new `pro api` command to access the public client API
+ 'version' endpoint returning version information
+ 'should auto attach' endpoint informing if a system should run
auto-attach on startup
+ 'full auto attach' endpoint performing auto-attach
+ 'magic attach' endpoints for the Magic Attach flow
- auto-attach:
+ better errors for invalid pro images (GH: #2180, #1833)
+ don't detach on already auto-attached instances
+ no-op when ubuntu-advantage information is present on cloud-init
userdata
+ change systemd unit to run after cloud-config
- cli:
+ cli: better error message on unrecognized flags (GH: #672)
- collect-logs:
+ can now be executed as a non-root user
+ is executed automatically and result is appended when using apport to
report a bug
- docs: now formatted to be built with sphinx, and published in readthedocs
- enable:
+ new access-only flag for usecases where auto-install is undesired
+ fix apt auth line replacement (LP: #1985863)
- esm-apps: generally available as non-beta as part of Ubuntu Pro
- fix: check if livepatch has already fixed a CVE before attempting a fix
- jobs: new timer job to check if the release reached end of support
- pro:
+ Ubuntu Pro is released as a product
+ make `pro` the recommended executable for the client
+ client, apt and motd messages updated/rewritten to show Pro
information
+ base URL changed from /advantage to /pro
+ ESM services renamed as part of Pro
- ros: released as a non-beta entitlement
- security-status
+ does not require the --format flag anymore
+ human readable output added based on ubuntu-security-status
+ machine readable output contains CVEs fixed by Livepatch
+ package counts include all esm-infra and esm-apps repositories
- status:
+ don't show unavailable services by default (GH: #2156, #2159)
+ expiry date formatted based on timezone (GH: #695)
+ non-root users get the current status instead of a cached version
+ --wait flag now working for non-root users
- version: warn about new available versions of the client in CLI command
output and API calls
* apt-hook: Fix missing import warning when compiling
* d/control:
- Drop golang dependencies
* d/rules:
- Only install APT hooks on LTS series
* New upstream release 27.10 (LP: #1980990)
- apt-hook: replace golang with cpp for json-hook
- cli
+ properly sort services for detach/attach (GH: #1831)
+ collect-logs include rotated log files
+ display UA features directly on status
- daemon: do not try enabling daemon during auto-attach (LP: #1980865)
- fix:
+ update ua portal url when asking for attach
+ add --dry-run option
- gcp-pro: better error message for metadata endpoint error
- requests: Add default timeout for web requests
- timer: log when job start running
- security-status: include download size of package updates
* d/rules
- remove trusty specific code
- remove ua-license-check.{timer,service,path}
- install ubuntu-advantage.service
- only on xenial: install ubuntu-advantage-cloud-id-shim.service
* d/tools.preinst: remove old config field to avoid warnings in logs
* d/tools.postinst
- remove trusty specific code
- print warnings if /etc/os-release doesn't have required fields
- hardcode service list instead of exec-ing python3 for old migration
- refactor python to avoid instantiating UAConfig extra times
- refactor python to always use messages module for strings
- rm the old marker file that triggered ua-license-check.path
- remove unnecessary deb-systemd-helper check in ua-messaging cleanup
- clean up old ua-license-check state
- run new cloud-id-shim script
* d/tools/postrm
- clean up ubuntu-advantage-daemon log files
* New upstream release 27.9 (LP: #1973099)
- cli:
+ for json formatted output, include additional_info for some errors
+ new subcommand `ua refresh messages` to update motd and apt messages
- daemon:
+ replace ua-license-check timer with ubuntu-advantage.service daemon
+ detects on-boot if pro license was added and runs auto-attach
+ only runs on gcp and does not continuously long-poll by default for now
- enable:
+ fix error message on wrong service name when unattached
- fips:
+ allow enabling generic fips kernel on azure by default
+ clean up fips reboot message (LP: #1972026)
- fix:
+ handle errors during attach process
+ fix bug where enable or detach during a fix failed (LP: #1969809)
+ fix bug where attempting to fix some CVEs would never finish
- performance:
+ remove unnecessary UAConfig object instantiation (also cleans up logs)
+ cache "apt-cache policy" output to avoid unnecessary subp calls
- proxy:
+ apt_http(s)_proxy renamed to global_apt_http(s)_proxy
+ apt_http(s)_proxy config var names will still work
+ new ua_apt_http(s)_proxy for only ua-related apt traffic (LP: #1956764)
+ global_apt_http(s)_proxy and ua_apt_http(s)_proxy cannot be set at the
same time
- realtime: adjust warning to clarify that a manual revert is possible
- refresh: a normal `ua refresh` will also update motd and apt messages
- security-status: add counts of packages from each archive component
- status: check if contract has updated and notify user to run "ua refresh"
* New upstream release 27.8 (LP: #1969125)
- entitlements: apply overrides from the contract response
- fips:
+ unhold fips packages when enabling fips-updates
+ Automatically disable fips service before enabling fips-updates
+ unhold more packages when enabling fips
- lib: fix upgrade script for unsupported releases (LP: #1968067)
- realtime: add support for realtime kernel beta service on Jammy
* fips:
- make fips service incompatible with fips-updates
- unhold more packages when enabling fips
* d/changelog:
- fix changelog trailer line for 27.4.1
* d/logrotate:
- make new logs world readable
* d/tools.postinst:
- refactor to catch exception from entitlement_factory
- no longer always set log file to only root readable
- when creating log file for the first time, make world readable
- adapt postinst for new messages module
* New upstream release 27.7 (LP: #1964028)
- attach: --attach-config option for customizing auto-enabled services
and supplying token via a file
- auto-attach: fix bug where auto-attach caused a manually attached
machine to detach
- cli:
+ support --format=json for attach
+ support --format=json for detach
+ support --format=json for enable
+ support --format=json for disable
- contract: include activity info when updating contract
- detach: no longer contacts contract server on detach
- fips: allow fips on containers
- fix: support USNs that don't have related CVEs
- logs: make all newly created logs world-readable
- security-status:
+ show already installed esm package counts
+ include APT origin for each potential update
+ bump schema version to "0.1"
+ remove previously required --beta flag
- status:
+ include blocked_by information in service status when format=json
+ --simulate-with-token now reports expired tokens as errors
+ --simulate-with-token now returns errors in the specified format
* New upstream release 27.6 (LP: #1958556)
- cli: only request available resources from contract server when needed
- fips:
+ allow enabling FIPS on focal clouds
+ update prompt messages
- jobs: disable license-check job on GCP after attach
- message: fix how apt and motd messages are updated after ua commands
* d/control:
- Update homepage URL
* d/tools.postinst:
- Refactor to use valid_services
* d/tools.postrm:
- Use a wildcard to remove ua related gpg files
* New upstream release 27.5 (LP: #1956456)
- aws: add support for the IPv6 metadata endpoint
- cis: update URL for the documentation
- cli:
+ add endpoint to simulate the status using a specific contract token
+ fix return code when attaching an already attached machine (GH: #1867)
+ fix security-status to consider all possible origins to show updates
+ include cloud build.info in the collect-logs tarball
+ only show services which exist in the contracts server in ua status
- docs: fix typos and wrong/outdated information
- livepatch: always use the full path in livepatch calls (LP: #1951954)
- logs:
+ improve rules to redact sensitive information from all log files
+ redact sensitive information from older unredacted log files
+ log errors from external software execution, for debugging purposes
- usg:
+ support the presentedAs affordance from the contract server, showing
services in the CLI with the appropriate names
+ replace the CIS entitlement by USG on Focal and onwards
* d/tools.postinst:
- Fix check_service_is_enabled function when the machine is
unattached (LP: #1951705)
* jobs: do not run the status job for unattached users
* d/rules:
- Remove conftest file from the package
* d/tools.postinst:
- hardcode python binary to run python scripts (LP: #1930121)
- undo unnecessary log file creation
* d/tools.prerm:
- hardcode python binary to run python scripts (LP: #1930121)
* New upstream release 27.4 (LP: #1949634)
- cc-eal: remove beta flag
- cli:
+ attach will save machine-id during operation
+ detach won't ask unnecessary questions
+ new security-status subcommand lists potentially available
security and ESM updates (beta)
- fix:
+ exit 0 when fix is successfully applied and completed
+ exit 1 when fix cannot be applied
+ exit 2 when fix requires a reboot to complete
+ check reboot-required.pkgs for better reboot suggestions
- livepatch: allow livepatch and fips-updates at the same time
- metering:
+ update how activity info is parsed
+ update contract response structure
+ enable job by default
- proxy: no_proxy defaults for link-local IMDS routes
- util:
+ cache get_platform_info calls
+ fix machine-id fallback path on get_machine_id
* d/tools.postinst:
- consider cloud to be "none" on any cloud-id error
- purge old ua-messaging.timer/service files
- keep ua-timer.timer disabled if ua-messaging.timer was disabled by
the user
- properly configure both ubuntu-advantage-timer and
ubuntu-advantage-licence-check logs
* d/tools.postrm:
- remove ubuntu-advantage-timer and ubuntu-advantage-license-check logs
during purge
* systemd:
- remove ua-messaging.timer/service
- add new ua-timer.timer that runs every 6 hours
- add new ua-license_check.timer that runs every 5 minutes only if
activated by ua-license-check.path
* New upstream release 27.3 (LP: #1942929)
- ros:
+ add beta support to enable ros and ros-updates
+ add support for "required services" so that esm-infra and esm-apps
get auto-enabled when enabling ros or ros-updates
+ add support for "dependent services" so that user gets prompted to
disable ros/ros-updates if they disable esm-infra/esm-apps
- fips:
+ allow fips on GCP bionic now that optimized kernel is ready
+ disallow enabling fips on focal on clouds until cloud-optimized focal
fips-certified kernel is ready (LP: #1939449, LP: #1939932)
+ print warning about generic fips kernel if cloud-id fails
- cloud:
+ rely only on cloud-id to determine cloud type (LP: #1940131)
+ catch errors when determining cloud type
(LP: #1938207, LP: #1944676) (GH: #1541)
- azure:
+ bump IMDS API version to support Azure published images
- cli:
+ collect-logs command that creates a tar file with debug-relevant logs
and status info (GH: #463)
+ clean locks on exceptions more thoroughly to avoid false "Operation in
progress" status messages
+ retain past service state after detach
+ shows better error message when a port value in a proxy is invalid
- non-unicode locale support:
+ remove unicode-only characters from help file
+ don't print unicode-only characters in ua fix if non-utf8 locale
(GH: #1463)
- logrotate:
+ add logrotate functionality for ubuntu-advantage-timer.log.
+ Fix root:root logrotate permissions.
- ua-timer.timer:
+ introduce a single systemd timer to handle ua recurring jobs
+ timer runs every 2 hours to support most frequent timer job
+ recurring job intervals are configurable in uaclient.conf
+ individual jobs are disabled if their interval is set to 0
- status job:
+ update ua status every 12 hours
- messaging job:
+ update APT/MOTD ESM messaging every 6 hours
- metering job:
+ disabled until infrastructure is ready
+ for attached machines only, periodically update contract server with
status information for proper contract metering
- ua-license-check.timer:
+ only runs on LTS GCP instances that are not attached
+ runs every 5 minutes to check if gcp instance has license required to
auto-attach
- logs:
+ fixes duplicate logging (GH: #553)
- tests and support:
+ remove groovy integration tests
+ various improvements to integration tests
* d/tools.postinst:
- Do not fail in postinst if cloud-init did not run.
This fixes the regression introduced in 27.2.1. (LP: #1936833)
* d/control:
- remove unnecessary distro-info dependency from build-depends
* d/rules:
- pick right version of distro-info based on release
* docs:
+ add information about proxy auth to manpage and readme
* lib:
+ handle missing configStatus key in patch status json script
* d/control:
- add comments to explain complex build-depends
- add version requirement to distro-info (LP: #1932028)
* d/tools.postinst:
- run status.json schema patch script to avoid non-root status errors
* New upstream release 27.2:
- attach: print contract server reason for 403 (GH: #1630)
- cli: add ua config set, unset and show subcommands
- config:
+ add default ua_config setting values
+ only allow some fields to be set by envvar
+ use defaults for contract and security url
- docs:
+ add proxy config options to man page
+ add instructions to generate MOTD messages
+ add support matrix info
+ remove broken api link
- enable: allow downgrading packages during enable (GH: #1659)
- fips:
+ add focal test for fips-updates
+ alert if wrong fips package installed on gov clouds
+ install correct fips package on gov clouds
+ only install conditional_packages if necessary and available
- logs: log env vars that affect config on cli runs
- proxy:
+ add config options to set proxies
+ print message when setting proxy
+ support configuring apt proxies
+ support configuring snap and livepatch proxies
+ support setting proxy for web requests
+ validate urls before setting as proxies
- refresh: support refreshing config and contract separately
- status
+ add config info to json output
+ add env vars to json output
+ do not show unavailable services in json output
+ support yaml format with same content as json format
+ update account info in json output
+ update contract info in json output
+ update root level keys of json output
- refactor:
+ remove side effects from can_enable (GH: #1654, #1571)
+ use DatetimeAwareJSONDecoder to parse date strings
- tests:
+ add additional enable test for incompatible services
+ add flag to enable proposed pocket
+ add test to check and print version being tested
+ drop trusty specific tests
* Cherrypick upstream pr #1681 to unbreak many migrations. LP: #1930741
* d/control:
- specify debianutils min version
* d/changelog:
- fix lintian typos amend and redact incorrect 27.0 entry (GH: #1624)
* lintian:
- override ubuntu-advantage-pro wanted-by-target cloud-init
- override xenial specific errors
- rename package-specific overrides for pro vs tools
* New upstream release 27.1:
- apt-hook:
+ avoid segfault when comparing null Apt file origin to esm
(LP: #1929123)
+ avoid wrapping static message formats at 80 chars
+ update go build flags based on lintian warnings (GH: #1626)
+ only add newlines for MOTD if message file length is non-zero
- attach: do not print contract name if empty
- autocomplete: Do not show beta services in autocomplete (GH: #1594)
- cis:
+ make service non-beta
+ post enable message pointing to docs
+ update cis help url
- docs: update releases.md per SRU review feedback on branch structuring
- enable: correct messaging for beta service (GH: #1588)
- errors: print a more helpful message when ssl fails (GH: #1618)
- fips:
+ Block enabling fips if fips-updates once enabled (GH: #1600)
+ Update output of fips commands (GH: #1631)
- livepatch: alert when snapd does not have wait cmd (LP: #1927329)
- logging: remove tracebacks for UserFacingErrors (GH: #1586)
- messaging:
+ Infra and Apps messaging is mutually exclusive (GH: #1573)
+ point to u.com/16-04 instead of u.com/advantage on ESM (GH: #1584)
+ separate _remove_msg_template. emit no warranty on infra disabled
- pro: obtain AWS IMDSv2 API token before trying to grab pkcs7 doc
(GH: #1608)
- status: do not show info if not on contract (GH: #1592)
- tests:
+ drop trusty specific tests
+ fix mock for handle_message_operations
+ fix motd message for bionic (GH: #1615)
+ integration tests for hirsute and groovy
+ manual test for trusty upgrade to xenial
+ reboot after dist-upgrade for upgrade test
+ test enabling CIS on focal (GH: #1582)
+ update messages in integration tests (GH: #1635)
+ use proposed pocket on xenial upgrade test
- jenkins:
+ add pytest runs for xenial and bionic
+ run focal lxd integration tests
* d/control:
- order build-depends alternatives newer first (LP: #1926949)
- apt-hook: do not attempt to package go APT JSON hook on some
architectures (GH: #1603) (LP: #1927886, LP: #1927795)
* Bug-fix release 27.0.2: build failures on riscv64 and powerpc
- apt-hook: refactor json hook messaging to be dry
- tests: fix subp ls error case for powerpc builds
- jenkinsfile: add --resolve-alternatives for trusty builds
- amend changelog: add omitted apt-hook message for 27.0.1 stanza
* Add .gitignore and cleanup ignored directory .pytest_cache
* apt-hook: mitigate failures with true
* New upstream release 27.0:
- [redacted: actually landed in 27.0.1] apt-hook: mitigate failures with
true
- messages: add optional (s) to apt messaging to include
singular/plural pkgs
- apt-hook: avoid reporting and counting duplicate package
names (GH: #1578)
- fix: don't say reboot required when unnecessary (LP: #1926183)
- test: uncomment additional xenial upgrade tests
* New upstream beta3 release:
- config: avoid tracebacks on invalid features value in uaclient.conf
(GH: #1564)
- apt-hook: new json hook for security update counts
- Remove redundant messaging from uaclient
* d/control:
- add distro-info dependency
- add new debianutils dependency
- add optional dh-systemd | debhelper (>= 13.3) to fallback on hirsute
and later when dh-systemd is not present
* d/rules: enable and start ua-messaging.timer on package install
* d/postinst:
- configure esm on any LTS release avoid beta services
- configure esm-infra when is_active_esm and apps on LTS
- xenial enable unauthenticated apt source for apps/infra
* New upstream release 27.0~beta:
- apt-hook:
+ adapt hook to process separate message templates
+ esm-apps and esm-infra pkg counts not mutually-exclusive
+ print static messages on apt upgrade/dist-upgrade (GH: #1546)
- config: create settings_overrides on config (GH: #1507)
- docs: add entry for uploading new version to ppa
- esm:
+ add pin never when disabling esm-infra/apps on xenial
+ enable infra when EOL LTS and apps on all LTS (GH: #1558)
- fips: add notice when installing over old fips
- fix:
+ add links to ubuntu.com/gcp/aws in messaging when on non-PRO
+ add notice to reboot operation on ua fix
+ do not prompt user for beta services (GH: #1544)
+ notify users if reboot is required (GH: #1476)
+ update how the expired token logic works
+ wrap output greater than 80 chars (GH: #1487)
- lib: fix notice handling on reboot script
- messages
+ provide static message files for use in APT and MOTD
+ update_ua_messages on attach/detach/disable
- mypy: add lib/ dir for coverage
- status: do not remove notices on non-root call (GH: #1518)
- subp: separate % format strings when logging (GH: #1520)
- systemd: add ua-messaging.timer to update ua MOTD and APT msgs
- update-motd.d: add conditional hooks for motd to source ua messages
- util: add is_lts and is_active_esm funtions to support ESM
- test
+ add integration tests asserting esm-apps setup due to postinst
+ manual test script for xenial upgrade
+ trusty and xenial infra and apps disabled in pkg install
- behave: use unaltered cloud images unsetting UACLIENT_BEHAVE_PPA
- jenkins: make lint and style stage run sequentially
* d/*: prefix all the debhelper conf files with the package name
* d/control:
- add Rules-Requires-Root: no
- bump Standards-Version to 4.5.1
- make ubuntu-advantage-pro Architecture: all
* d/lintian-overrides:
- override maintainer-script-calls-service
- package-supports-alternative-init-but-no-init.d-script
* d/postinst: move the u-a-pro note to a config script
* d/ubuntu-advantage-tools.templates: suggest the use of apt
* New upstream release 27.0~beta:
- apt: add retry for apt-helper command (GH: #1431)
- cli: drop subcommand repeated help output, fix enable & refresh
(GH: #1440)
- config:
+ allow parsing yaml delivered from env values
+ environment variable support for feature overrides (GH: #1395)
+ create config to add extra params to security url
- docs:
+ add ppas and fix typos
+ use Ubuntu Pro not Ubuntu PRO
+ add stop "." punctuation to messages (GH: #1320)
- fips: fix FIPS message when disable operation fails
- fix:
+ add basic UASecurityClient to which queries CVE and USNs
+ add security_url to config
+ check if service is enabled during ua fix (GH: #1462)
+ closer representation of cve and usn responses
+ filter usns by cve details (GH: #1470)
+ fix regex to be more permissive and strict
+ get_cve_affected_source_packages_status won't list not-affected
(GH: #1467)
+ handle other package status when running ua fix (GH: #1435)
+ improve error message for ua fix (GH: #1420)
+ install pkg fixes when they are on standard pocket (GH: #1401)
+ move timeout and retries to security client only
+ only prompt for subscription attach for UA-related pkg updates
+ parse all related USNS to a given CVE when fixing
+ parse full API responses for related CVEs and USNs
+ prefer USN.release_packages binary pkg versions to CVE src ver
(GH: #1436)
+ prompt for new ua token when expired one is used (GH: #1475)
+ prompt to emit pro suggestion on pro_clouds if unattached (GH: #1386)
+ prompt to enable service during ua fix (GH: #1455)
+ provide related CVE URLs instead of USNs (GH: #1456)
+ raise errors when source_link is null or unexpected format
+ show packages that were not fixed in the output
+ update output for released packages in ua fix (GH: #1438)
+ update message for invalid issue in ua fix (GH: #1433)
+ use pocket values from USNs (GH: #1439)
- logs: emit error response on API errors and redact sensitive logs
(GH: #1424)
- serviceclient: add 10 second timeout and two retries to API calls
(GH: #1374)
- util:
+ add error prompts on invalid selection
+ add timeout to readurl
- tests:
+ Add disable_auto_attach config to all test PRO vms
+ add merge_usn_released_binary_package_versions tests
+ add unittest coverage for override_usn_release_package_status
+ drop traceback checks on fips integration tests
+ refactor integration tests for ua fix cmd
+ run status wait before detach in PRO tests
+ use ssh to run commands on lxd containers
- jenkins: archiveArtifacts can only reference paths within workspace
* d/control: add new debianutils dependency
* New upstream release 26.3
- util: improve is_container check for chroot
- cli: pass assume_yes param to services on detach (GH: #1530)
* Drop dh-systemd build dependency.
* status: show beta services in status if enabled (GH: #1410)
* New upstream release 26.1
- contract: block detach call to contract if machine-id change
- docs: add readme docs about mastering clean golden images
- fips: add reboot notices for fips operations (GH: #1368)
- livepatch: add retry when running canonical-livepatch status
(GH: #1360)
- util: use lru_cache to avoid re-reading os-release and machine-id
(GH: #1329)
- tests:
+ add disable_auto_attach config to all test PRO vms
+ add more log artifacts during failed integration test
+ check cloudinit status after launching image
+ mock leaking livepatch.application_status for fips test
+ retry package installs on apt exit 100
- jenkins: parameterize build stages to avoid parallel job collision
* auto-attach: fix comparing numeric iid
* New upstream release 26.0:
- auto-attach: systemd unit to run before ua-reboot-cmds.service
- config: remove_notice should remove notices.json when empty
- fips:
+ add notice if running a deactivated FIPS kernel (GH: #1348)
+ block enabling FIPS on clouds using Xenial
+ block enabling fips on GCP instances
+ check /proc/sys/crypto/fips_enable to see if fips is enabled
+ override fips metapackage when on bionic cloud
+ update metapackage override logic on fips
- notices: clear lock file and notice when encountering any exception
(GH: #1326)
- reboot_cmds: retry on lock held errors due to pro auto-attach
- services: allow uaclient to disable services during enable
- status: include beta services in json formatted output with --all
(GH: #1341)
- tests:
+ add FIPS tests to AWS and Azure bionic images
+ add GCP pro test for focal machine
+ add after_step collection of artifacts on failure
+ remove proc file check after disabling fips
+ pro: block auto-attach with cloud-config bootcmd
+ add validation of systemd unit ua-reboot-cmds.service
+ test enabling fips-updates when fips is enabled
- jenkins:
- add deb build stage to assert package builds
- use series-specific sbuild --build-dir avoid races
- use --append-to-version for each sbuild run to avoid races
- presume success when no integration artifacts created
* d/rules:
- add --with systemd to allow reboot init script
- do not remove lib/systemd/system folder
* d/postinst:
- create marker file when reboot script need to run:
- enable livepatch across trusty to xenial upgrade
- update fips on existing fips pro machines
* New upstream release 26.0~beta:
- gcp: add Google Cloud Platform support (GH #1269)
- fips:
+ remove is_beta from fips sevices
+ fips pro: add upgrade support to require reboot to unmark held fips pkgs
+ update origin UbuntuFIPSUpdates
- status:
+ add notice to tabular output
+ held locks emit notice about Operation in progress
- cli: help sort output so trusty ordering matches xenial++
- cis: rename service from cis-audit
- config: provide config notices and add_notice and remove_notice methods
- contract: add resource-machine-access route and datapath
- init: add init script to run commands on reboot
- keys: add ubuntu-advantage-cis keyring
- livepatch: make livepatch react to enableByDefault delta
- log: log when we install pkgs because of contract delta
- make: drop six testdeps target
- pro: do not install pro debs on non-pro instances
- services: Update beta info for services (GH #1220)
- tools: add tox-lxd-runner, that execute the test command in a shell
- tools: refresh-keyrings handles cis keys. drop series-specific keys
- tests:
+ add GCE support for integration tests
+ add cis integration tests for unattached and pro
+ add pytest constraint for mypy tests
+ add unittests for reboot_cmds script
+ fix esm package messages for new update notifier version
+ pin importlib-metadata for mypy tests
+ repo tests for request_resource_machine_access
+ unit tests for config cache clearing and machine-access data
- jenkins:
+ add basic Jenkinsfile for CI runs per PR
+ add jenkins parseable test results
+ add lxc cleanup stage on Jenkinsfile
* Release version 25.0
* New upstream release 25.0~beta3:
- upgrade-lts-conract: noop during do-release-upgrade on unattached
(GH: #1255)
- ua-auto-attach: order systemd unit before cloud-config.service
- Update FIPSUpdates pin origin
- fips: unmark held fips packages for ubuntu pro fips image support
(GH: #1109)
- repo: handle changes to additionalPackages contract deltas
- repo: move package installation to install_packages method
- pro: trigger auto-attach as soon as instance-data.json is available
(GH: #1234)
- Conditionally install packages when enabling FIPS
- fips: allow disable (GH: #1168)
- cli: add trailing newline to argparse errors (GH: #1236)
- Install fips metapacking when enabling service
- integration test improvements:
+ upgrade-test: fix upgrade path restart failures on trusty (GH: #1257)
+ Fix integration test setup scripts (GH: #1253)
+ strict checking for command success on behave
+ Update tests to use new pycloudlib LXD abstraction
+ Add upgrade scenario tests when FIPS is enabled
+ Improve FIPS tests for checking packages
+ Update esm-infra xenial lxd test
+ Fix vm tests as esm-apps is beta service
+ Fix azure generic integration testing
+ Update esm-apps check on staging_commands tests
+ Install pycloudlib for azure jobs only
+ Fix shell condition in run_azure_travis_integration_tests.sh
+ Update azure jobs on travis
+ Update travis url in README
+ Update travis scripts to use ppa only on master
+ Fix cron event type check on travis yaml
* New upstream release 25.0~beta2:
- help: update esm-infra help text (GH: #1212)
- apt-hook: update apt cli messaging for UA Infra: ESM and UA Apps: ESM
product names
- help: update fips help docs (GH: #1213)
- help: revert CIS help doc URL (GH: #1211)
- help: add new fips help URLs to CLI help docs (GH: #1210)
- Show error when enabling service with invalid repo [Lucas Moura]
(GH: #954)
- Update beta info for services (#1220) [Lucas Moura] (GH: #1216)
- Do not enable fips when fips-updates is active [Lucas Moura] (GH: #1209)
- Add vm test commands in tox.ini (#1204) [Lucas Moura]
* Beta bug fix release
- status: fix missing description_override key after upgrade from
trusty (GH: #1201)
- During contract delta processing use _check_application_status_on_cache
instead of live service status
* d/control:
- add po-debconf dependency and fix lintian not-using-po-debconf and
untranslatable-debconf-templates
- add ${misc:Depends} dep to ubuntu-advantage-pro to fix lintian
debhelper-but-no-misc-depends (GH: #1024)
* d/rules:
- drop --with systemd fix build-depends-on-obsolete-package
- set fix lintian warning extra:Depends even if empty
* d/postrm
- Add more gpg keys to be deleted in postrm for Xenial+ support
* d/postinst:
- do not unconfigure non-trusty esm. no series in apt filenames (GH: #1170)
- check if esm is already enabled (GH: #1095)
* New upstream release 25.0:
- Do not uninstall additionalPackages or livepatch when disabling services
- check for issubclass on clean_apt_files
- Add do-release-upgrade support for esm-infra and apps suites (GH: #1169)
- Apply contract deltas during do-release-upgrade operations
- cli: add ua help command
- cli: status add blocking --wait param and lock files for config change
- Fix livepatch behaviour on aws pro focal machine
- travis: drop inapplicable workspaces from specific awsgeneric release
jobs
- Add possible reboot text after enabling/disabling services
- apt-hook: package apt-hook and apt configuration files on all releases
(GH: #1150)
- Fix enable fail bug
- Add uaclient.conf override mechanism for auto-attach, beta services and
machine-token
- Support ESM Apps [Brian Murray] (GH: #930)
- Do not enable services if blocking services is active (GH: #1029)
- contract: handle 401 on invalid token, 403 on expired (GH: #1335)
- Hide beta services from default status output and enable/disable
operations (GH: #1079) (GH: #1091)
- fips: force apt noninteractive prompts during package installs
(GH: #1084)
- tests: add unit tests for aws-gov/aws-china cloud detection
- Add AWS China and GovCloud partitions [Robert Jennings]
- Disable beta services to be show/enabled without flag
- Add missing build_pr command to environment
- Use additionalPackages from service payload
- Add integration testing for Travis runs [patriciadomin] (GH: #856)
(GH: #857) (GH: #853)
* New bug-fix-only release 24.4:
- uaclient.version bump to 24.4
- fips: honor additionalPackage directive from contract for bionic
(GH #1173)
* New bug-fix-only release 24.3:
- uaclient.version bump to 24.3
- fips: add conditional reboot message only if /var/run/reboot-required is
present
- fips: add apt repo key for FIPS and FIPS updates (GH #1026)
* New bug-fix-only release 24.2:
- uaclient.version bump to 24.2
- pro: Add AWS China and GovCloud partitions support (GH #1077)
* New bug-fix-only release 24.1:
- livepatch: run snap wait system snap.seeded before trying to install
(GH: #1049)
- version: return debian/changelog version when git describe fails to
match upstream <major>.<minor> tags for git-ubuntu workflow
(GH: #1058)
* bump version to 24.0 for new versioninig scheme
* New upstream release 20.3:
- ubuntu-pro: automatically reattach across instance id delta
(LP: #1867573)
- integration testing:
+ add behave tests ua subcommands for attached vm
+ add invalid token tests
+ add reuse_container test docs
+ refactor token parameter
* d/templates: add a debconf note on upgrade from pre-ubuntu pro package
* d/control: create a separate ubuntu-advantage-pro package which
delivers the tooling and scripts necessary to auto-attach pro machines
This change breaks/replaces ubuntu-advantage-tools <= 20.1
* d/maintscript: rm_conffile /etc/init/ua-auto-attach.conf from ua-tools pkg
* d/postint: remove stale systemd symlinks which have migrated to ubuntu-pro
* d/rules: only install the apt hook on trusty
* d/rules: provide --no-start to debhelper to avoid auto-attach on pkg install
* Release 20.2:
- ubuntu-pro:
+ azure: fix detection of DatasourceAzureNet as azure on trusty
+ generalize identity_doc to return dict instead of string
+ auto-attach: any 4XX errors during auto-attach are the result of non-Pro
+ auto-attach: handle 403 errors raised by contract server for invalid vms
- attach: persist any status config changes after attach failures
- output: add messaging using a different subscription if attached
* Release 20.1:
- azure-pro, support for azure ubuntu pro auto-attach:
+ add azure auto-attach instance as valid cloud_instance_factory
+ add azure cloud instance module and tests
+ generalize request_aws_contract_token for multiple cloud_types
+ contract: request_auto_attach_contract_token takes an instance param
- constraints: add constraint on pyyaml version in trusty
- auto-attach: move duplicate invalid cloud_type check out of cli
* d/postinst: only configure ESM on supported architectures (LP: #1851858)
[Andreas Hasenack]
* d/postinst: rename existing ubuntu-esm-precise.list file to trusty.
This fixes the upgrade path from precise to trusty and to this client
while esm is enabled (LP: #1850672)
* Release 19.7:
- aws: handle missing SYS_HYPERVISOR_PRODUCT_UUID
- aws-pro: support for aws ubuntu pro auto-attach
- pro: add cloud identity module and fix unit tests
- pro: update systemd service and upstart boot scripts to auto-attach
- pro: esm do not do apt pin never on disable on xenial or bionic
- pro: esm-apps has origin UbuntuESMApps and esm-infra is UbuntuESM
- status: dynamic status available now from refreshed machine-token
- uaclient: update customer visible messages after UX review
- esm-apps: allow unattended security upgrades for esm-apps
- systemd: needs WantedBy=multi-user.target to get pulled into boot
- cli: update docstring to describe errors raised from auto-attach
- keyrings: update ubuntu-advantage-esm-apps.gpg with correct key
- repo: match strict repo url in apt-policy to avoid esm substring matches
- esm: don't disable_apt_auth_only for ESM entitlements
- initial implementation of esm-apps
- repo: don't raise exception in application_status if aptURL missing
- entitlements: rely solely on contract server for repo_url
- cli: exit 0 if already attached
- cli: use decorators for action_attach and action_attach_premium
- cli: add assert_not_attached decorator
- status: custom descriptions for n/a service status
* New upstream release. Main changes:
- drop SSO interactive login support
- d/control: no longer depend on pymacaroons, which was only needed for
the SSO interactive login support
- drop keyrings for services not supported in trusty: cc-eal, fips,
fips-updates, cis audit
- make sure /var/lib/ubuntu-advantage/private has 0700 perms
- rename esm to esm-infra. Also handle upgrades
- don't unecessarily remove config files that are already handled by dpkg
- expand the apt related runtime dependencies
- handle sources.list.d esm snippet when release upgrading from precise
- ua status now reports availability of services even in unattached state
- the "ua status" output was changed, including the json format option
- drop "ua status" call in postinst as it now requires internet access and
that is restricted in LP builders and test runners.
- fix the d/t/usage DEP8 test that was also using status
* d/t/usage: fix dep8 test ("entitlements" was renamed to "services")
* New upstream release (LP: #1832757):
- packaging:
+ d/control: depend on libapt-pkg<ABI_VERSION> to use pin-priority never
+ d/postinst: adjust logfile permissions
+ d/postinst: remove public files and generate status cache on upgrade
+ d/postinst: Remove the old CACHE_DIR in postinst
+ d/postrm: remove log files on package purge
+ d/postrm: remove the ESM pinning file on purge
+ trusty should remove v1 esm key if present after upgrade
+ keyrings: regenerate keyrings on a trusty host
+ refresh keyrings to match current production for fips and cc-eal
- apt:
+ all repo entitlements now call apt-get update on enable
+ enable -updates if -updates from the Ubuntu archive is enabled
+ Add basic i18n (good enough for lang packs)
+ retry apt install and update commands 3 times simple backoff
+ write commented -updates lines instead of omitting them
- attach/detach:
+ added --no-auto-enable option
+ suppress messages from inapplicable default entitlements
+ two-factor auth reprompt only two-factor auth on failed 2fa
+ honour enableByDefault obligations from contract server
+ livepatch: no auto-enable on attach for trusty
+ don't attempt to disable inapplicable entitlements during detach
+ check for root before checking for attach in assert_attached_root
- status:
+ add --json cli formatting option
+ emit a SERVICE header in status output
+ redact technical support and expiry for free contracts
+ unentitled services will report n/a
- cc-eal:
+ add a warning about download size before install
+ change cc to cc-eal in docs, parameters and commandline help
- esm:
+ add esm-v2 gpg keyring, drop old keyring, ignore aptKey directive
+ and livepatch auto enabled on attach where supported
+ on upgrade do not install preferences to pin never if esm enabled
+ remove only the apt auth entry on disable, leaving sources.list
+ use Pin-Priority never apt preference file to disable esm initially
- fips:
+ display as pending when linux-fips is not the running kernel
+ only install/upgrade optional packages that are already on the system
- logs:
+ no longer redact secrets as logfile is root read-only
+ separate console log devel from logfile level
+ remove level from messages to the console
- add subcommand to refresh all contract details
- config: allow contract_url and sso_auth_url to have a trailing slash
- docker: fix persisting generated uuid on images without machine-id files
- environ: allow lowercase ua_<config_option> overrides
- repo: un-comment ESM sources.list lines on repo disable
- updated manpage and help docs
* apt-hook: Add missing headers for APT 1.9
* Drop the self-test assert in the apt-hook, it's making the subiquity
server install fail (LP: #1824523)
* apt-hook: Do not crash/fail if we can't read /proc/self/status
(LP: #1824523)
* Ubuntu Advantage Tools rewrite in Python (LP: #1814157):
- Allow attaching a system to a contract or account
- More complete status output, dropping MOTD updates
- Easily enable and disable services offered
* Have ua status cope with the additional livepatch of running a kernel
that is not supported for livepatches.
* Have an option for enable-livepatch to install a compatible kernel if
needed.
[ Vineetha Kamath ]
* Add support to common criteria EAL2 artifacts installation #144
* New upstream release
- added enable-fips-updates command. This command enables the fips-updates
repository to install updates to FIPS modules. The updated modules from
fips-updates repository are non-certified.
* d/t/update-motd-run: fix path to the esm motd (LP: #1757490)
* Rename motd scripts so they are shown a bit earlier (LP: #1757171)
* Move empty line placement in the livepatch motd to the beginning of the
message to avoid double blank lines.
* New upstream release:
- repositories are only added after credentials are verified
(LP: #1730361)
- Livepatch MOTD script (LP: #1710976)
- better "status" command output formatting (LP: #1719034)
- sources.list.d files no longer contain credentials. The "auth.conf"
facility is used instead. (LP: #1700611)
- enabled Livepatch support for Bionic 18.04 LTS
* New upstream release:
- run tests during package build
* New upstream release:
- revert the latest name changes
- instead of "advantage", add a "ua" symlink pointing at the
ubuntu-advantage script. Likewise for its manpage. (LP: #1721272)
* New upstream release:
- rename the ubuntu-advantage script to advantage, including where it's
mentioned in the documentation. Also provide symlinks pointing at the
previous name. (LP: #1721272)
- slightly reword some of the FIPS messages
* New upstream release with FIPS support (LP: #1718291)
* New upstream release:
- call apt-get with the non-interactive frontend variable set, and tell
dpkg to keep the old config file by default should there be any prompts
about that. (LP: #1715012)
- split the one big test file into multiple smaller files, for better
maintainability.
* Release to artful (LP: #1711369)
* d/control: update package description
* New release version 6. Main changes:
- document return codes on the manpage (Fixes: #33)
- new status command (Fixes: #40)
- restrict esm to precise only (Fixes: #43)
- drop the livepatch motd update, only esm has motd output now
(Fixes: #44)
- skip tests during package building (Fixes #49)
* Only display apt output in the case of errors (Fixes #34).
* Check running kernel version before enabling the Livepatch service
(Fixes #30).
* Add livepatch support:
- New commands:
+ enable-livepatch
+ disable-livepatch
+ is-livepatch-enabled
- new tests
- new manpage
- new help output
- new README.md
- new MOTD
* ubuntu-advantage & /etc/update-motd.d/99-esm now build, run and are quiet
on non-precise release. (LP: #1686183)
* Add simple dep8 tests.
* Also install ca-certificates (LP: #1690270)
* Initial Release. LP: #1686183
==== update-notifier: 3.192.54 => 3.192.54.5 ====
==== update-notifier-common
* po/*.po: do not translate template variable needed for
package-data-downloader script (LP: #2003543)
[ Renan Rodrigo Barbosa]
* Rely on the Pro Client apt esm cache to check for esm updates
(LP: #2002168)
* po/*.po:
- bring translations from launchpad (LP: #1999567)
- update translation files with intltool-update -r
* data/apt_check.py
- Modify ua status call to pro status (LP: #1991030)
- Fix pyflakes autopkgtest errors
* Update the ESM service name and description for the apt_check.py script
(LP: #1980368).
==== vim: 2:8.2.3995-1ubuntu2.1 => 2:8.2.3995-1ubuntu2.3 ====
==== vim vim-common vim-runtime vim-tiny xxd
* SECURITY UPDATE: illegal memory access with bracketed paste in Ex mode
- debian/patches/CVE-2022-0392.patch: reverse space for the trailing NUL
- CVE-2022-0392
* SECURITY UPDATE: retab may cause illegal memory access
- debian/patches/CVE-2022-0417.patch: limit the value of tabstop
- CVE-2022-0417
* Update supported Ubuntu and Debian codenames (LP: #1996087).
--
[1] http://cloud-images.ubuntu.com/releases/jammy/release-20230210/
[2] http://cloud-images.ubuntu.com/releases/jammy/release-20230107/