A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apport: 2.20.9-0ubuntu7.24 => 2.20.9-0ubuntu7.26 * 'assert'=>'ack', 'asserts'=>'known' * base-files: 10.1ubuntu2.10 => 10.1ubuntu2.11 * cpio: 2.12+dfsg-6ubuntu0.18.04.1 => 2.12+dfsg-6ubuntu0.18.04.4 * curl: 7.58.0-2ubuntu3.14 => 7.58.0-2ubuntu3.16 * - daemon,client,overlord: progress current => done * git: 1:2.17.1-1ubuntu0.8 => 1:2.17.1-1ubuntu0.9 * gnutls28: 3.5.18-1ubuntu1.4 => 3.5.18-1ubuntu1.5 * - image: bootstrapToRootDir => setupSeed * libgcrypt20: 1.8.1-4ubuntu1.2 => 1.8.1-4ubuntu1.3 * linux-meta: 4.15.0.156.145 => 4.15.0.158.147 * linux-signed: 4.15.0-156.163 => 4.15.0-158.166 * - many: use "SNAP.APP as ALIAS" instead of => when listing * - overlord/state: prevent change ready => unready * python-apt: 1.6.5ubuntu0.6 => 1.6.5ubuntu0.7 * - README.md: snappy => snap * - release,store,daemon: no more default-channel, release=>series * shim-signed: 1.37~18.04.10+15.4-0ubuntu7 => 1.37~18.04.11+15.4-0ubuntu9 * snapd: 2.49.2+18.04 => 2.51.1+18.04 * squashfs-tools: 1:4.3-6ubuntu0.18.04.3 => 1:4.3-6ubuntu0.18.04.4 * systemd: 237-3ubuntu10.51 => 237-3ubuntu10.52 * ubuntu-release-upgrader: 1:18.04.44 => 1:18.04.45 * unset/zero => immediately refresh try * update-notifier: 3.192.1.11 => 3.192.1.12 The following is a complete changelog for this image. new: {'linux-modules-4.15.0-158-generic': '4.15.0-158.166', 'linux-headers-4.15.0-158-generic': '4.15.0-158.166', 'linux-headers-4.15.0-158': '4.15.0-158.166'} removed: {'linux-headers-4.15.0-156': '4.15.0-156.163', 'linux-modules-4.15.0-156-generic': '4.15.0-156.163', 'linux-headers-4.15.0-156-generic': '4.15.0-156.163'} changed: ['apport', 'base-files', 'cpio', 'curl', 'git', 'git-man', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'libgcrypt20:amd64', 'libgnutls30:amd64', 'libnss-systemd:amd64', 'libpam-systemd:amd64', 'libsystemd0:amd64', 'libudev1:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.15.0-158-generic', 'linux-image-virtual', 'linux-virtual', 'motd-news-config', 'python-apt-common', 'python3-apport', 'python3-apt', 'python3-distupgrade', 'python3-problem-report', 'shim-signed', 'snapd', 'squashfs-tools', 'systemd', 'systemd-sysv', 'ubuntu-release-upgrader-core', 'udev', 'update-notifier-common'] new snaps: {} removed snaps: {} changed snaps: [] ==== apport: 2.20.9-0ubuntu7.24 => 2.20.9-0ubuntu7.26 ==== ==== apport python3-apport python3-problem-report * SECURITY UPDATE: Arbitrary file read (LP: #1934308) - data/general-hooks/ubuntu.py: don't attempt to include emacs byte-compilation logs, they haven't been generated by the emacs packages in a long time. - CVE-2021-3709 * SECURITY UPDATE: Info disclosure via path traversal (LP: #1933832) - apport/hookutils.py, test/test_hookutils.py: detect path traversal attacks, and directory symlinks. - CVE-2021-3710 ==== base-files: 10.1ubuntu2.10 => 10.1ubuntu2.11 ==== ==== base-files motd-news-config * /etc/issue, /etc/issue.net, /etc/lsb-release, /etc/os-release: Bump version number to 18.04.6 in preparation for the extra point release. ==== cpio: 2.12+dfsg-6ubuntu0.18.04.1 => 2.12+dfsg-6ubuntu0.18.04.4 ==== ==== cpio * SECURITY UPDATE: arbitrary code execution via crafted pattern file - debian/patches/CVE-2021-38185.patch: rewrite dynamic string support in src/copyin.c, src/copyout.c, src/copypass.c, src/dstring.c, src/dstring.h, src/util.c. - debian/patches/CVE-2021-38185.2.patch: don't call ds_resize in a loop in src/dstring.c. - debian/patches/CVE-2021-38185.3.patch: fix dynamic string reallocations in src/dstring.c. - CVE-2021-38185 ==== curl: 7.58.0-2ubuntu3.14 => 7.58.0-2ubuntu3.16 ==== ==== curl libcurl3-gnutls:amd64 libcurl4:amd64 * SECURITY REGRESSION: regression in smtp starttls (LP: #1944120) - debian/patches/CVE-2021-22947.patch: fix bad patch backport. * SECURITY UPDATE: Protocol downgrade required TLS bypassed - debian/patches/CVE-2021-22946-pre1.patch: separate FTPS from FTP over HTTPS proxy in lib/ftp.c, lib/urldata.h. - debian/patches/CVE-2021-22946.patch: do not ignore --ssl-reqd in lib/ftp.c, lib/imap.c, lib/pop3.c, tests/data/Makefile.inc, tests/data/test984, tests/data/test985, tests/data/test986. - CVE-2021-22946 * SECURITY UPDATE: STARTTLS protocol injection via MITM - debian/patches/CVE-2021-22947.patch: reject STARTTLS server response pipelining in lib/ftp.c, lib/imap.c, lib/pop3.c, lib/smtp.c, tests/data/Makefile.inc, tests/data/test980, tests/data/test981, tests/data/test982, tests/data/test983. - CVE-2021-22947 ==== git: 1:2.17.1-1ubuntu0.8 => 1:2.17.1-1ubuntu0.9 ==== ==== git git-man * SECURITY UPDATE: cross-protocol request via newline character in repo path - debian/patches/CVE-2021-40330.patch: forbid newline in git:// hosts and repo paths - CVE-2021-40330 ==== gnutls28: 3.5.18-1ubuntu1.4 => 3.5.18-1ubuntu1.5 ==== ==== libgnutls30:amd64 * Backport patches from Upstream/Debian to check validity against system certs. This is to allow correctly validating default letsencrypt chains that now also include a redundant expired certficate. LP: #1928648 ==== libgcrypt20: 1.8.1-4ubuntu1.2 => 1.8.1-4ubuntu1.3 ==== ==== libgcrypt20:amd64 * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing exponent blinding too in cipher/elgamal.c. - CVE-2021-33560 * SECURITY UPDATE: incorrect support of smaller K - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other implementations in cipher/elgamal.c. - CVE-2021-40528 ==== linux-meta: 4.15.0.156.145 => 4.15.0.158.147 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 4.15.0-158 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package * Bump ABI 4.15.0-157 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package ==== linux-signed: 4.15.0-156.163 => 4.15.0-158.166 ==== ==== linux-image-4.15.0-158-generic * Master version: 4.15.0-158.166 * Master version: 4.15.0-157.164 ==== python-apt: 1.6.5ubuntu0.6 => 1.6.5ubuntu0.7 ==== ==== python-apt-common python3-apt * Update mirror lists. ==== shim-signed: 1.37~18.04.10+15.4-0ubuntu7 => 1.37~18.04.11+15.4-0ubuntu9 ==== ==== shim-signed ==== snapd: 2.49.2+18.04 => 2.51.1+18.04 ==== ==== snapd * New upstream release, LP: #1929842 - interfaces: add netlink-driver interface - interfaces: builtin: add dm-crypt interface to support external storage encryption - interfaces/dsp: fix typo in udev rule - overlord/snapstate: lock the mutex before returning from stop snap services undo - interfaces: opengl: change path for Xilinx zocl driver - interfaces/dsp: add /dev/cavalry into dsp interface - packaging/fedora/snapd.spec: correct date format in changelog * New upstream release, LP: #1929842 - cmd/snap: stacktraces debug endpoint - secboot: deactivate volume again when model checker fails - store: extra log message, a few minor cleanups - packaging/debian-sid: update systemd patch - snapstate: adjust update-gadget-assets user visible message - tests/nested/core/core20-create-recovery: verify that recovery system can be created at runtime - gadget: support creating vfat partitions during bootstrap - daemon/api_quotas.go: support updating quotas with ensure action - daemon: tighten access to a couple of POST endpoints that should be really be root-only - seed/seedtest, overlord/devicestate: move seed validation helper to seedtest - overlord/hookstate/ctlcmd: remove unneeded parameter - snap/quota: add CurrentMemoryUsage for current memory usage of a quota group - systemd: add CurrentMemoryUsage to get current memory usage for a unit - o/snapstate: introduce minimalInstallInfo interface - o/hookstate: print pending info (ready, inhibited or none) - osutil: a helper to find out the total amount of memory in the system - overlord, overlord/devicestate: allow for reloading modeenv in devicemgr when testing - daemon: refine access testing - spread: disable unattended-upgrades on debian - tests/lib/reset: make nc exit after a while when connection is idle - daemon: replace access control flags on commands with access checkers - release-tools/changelog.py: refactor regexp + file reading/writing - packaging/debian-sid: update locale patch for the latest master - overlord/devicestate: tasks for creating recovery systems at runtime - release-tools/changelog.py: implement script to update all the changelog files - tests: change machine type used for nested testsPrices: - cmd/snap: include locale when linting description being lower case - o/servicestate: add RemoveSnapFromQuota - interfaces/serial-port: add Qualcomm serial port devices to allowed list - packaging: merge 2.50.1 changelog back - interfaces/builtin: introduce raw-input interface - tests: remove tests.cleanup prepare from nested test - cmd/snap-update-ns: fix linter errors - asserts: fix errors reported by linter - o/hookstate/ctlcmd: allow system-mode for non-root - overlord/devicestate: comment why explicit system mode check is needed in ensuring tried recovery systems (#10275) - overlord/devicesate: observe snap writes when creating recovery systems - packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1 - tests: moving to tests directories snaps built locally - part 1 - seed/seedwriter: fail early when system seed directory exists - o/snapstate: autorefresh phase1 for refresh-control - c/snap: more precise message for ErrorKindSystemRestart op != reboot - tests: simplify the tests.cleanup tool - boot: helpers for manipulating current and good recovery systems list - o/hookstate, o/snapstate: print revision, version, channel with snapctl --pending - overlord: unit test tweaks, use well known snap IDs, setup snap declarations for most common snaps - tests/nested/manual: add test for install-device + snapctl reboot - o/servicestate: restart slices + services on modifications - tests: update mount-ns test to support changes in the distro - interfaces: fix linter issues - overlord: mock logger in managers unit tests - tests: adding support for fedora-34 - tests: adding support for debian 10 on gce - boot: reseal given keys when the respective boot chain has changed - secboot: switch encryption key size to 32 byte (thanks to Chris) - interfaces/dbus: allow claiming 'well-known' D-Bus names with a wildcard suffix - spread: bump delta reference version - interfaces: builtin: update permitted paths to be compatible with UC20 - overlord: fix errors reported by linter - tests: remove old fedora systems from tests - tests: update spread url - interfaces/camera: allow devices in /sys/devices/platform/**/usb* - interfaces/udisks2: Allow access to the login manager via dbus - cmd/snap: exit normally if "snap changes" has no changes (LP #1823974) - tests: more fixes for spread suite on openSUSE - tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed - daemon: fix linter errors - spread: add Fedora 34, leave a TODO about dropping Fedora 32 - interfaces: fix linter errors - tests: use op.paths tools instead of dirs.sh helper - part 2 - client: Fix linter errors - cmd/snap: Fix errors reported by linter - cmd/snap-repair: fix linter issues - cmd/snap-bootstrap: Fix linter errors - tests: update permission denied message for test-snapd-event on ubuntu 2104 - cmd/snap: small tweaks based on previous reviews - snap/snaptest: helper that mocks both the squashfs file and a snap directory - overlord/devicestate: tweak comment about creating recovery systems, formatting tweaks - overlord/devicestate: move devicemgr base suite helpers closer to test suite struct - overlord/devicestate: keep track of tried recovery system - seed/seedwriter: clarify in the diagram when SetInfo is called - overlord/devicestate: add helper for creating recovery systems at runtime - snap-seccomp: update syscalls.go list - boot,image: support image.Customizations.BootFlags - overlord: support snapctl --halt|--poweroff in gadget install- device - features,servicestate: add experimental.quota-groups flag - o/servicestate: address comments from previous PR - tests: basic spread test for snap quota commands - tests: moving the snaps which are not locally built to the store directory - image,c/snap: implement prepare-image --customize - daemon: implement REST API for quota groups (create / list / get) - cmd/snap, client: snap quotas command - o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods and snapctl system-mode - o/servicestate/quota_control.go: introduce (very) basic group manipulation methods - cmd/snap, client: snap remove-quota command - wrappers, quota: implement quota groups slice generation - snap/quotas: followups from previous PR - cmd/snap: introduce 'snap quota' command - o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in uc20 run mode - o/servicestate: test has internal ordering issues, consider both cases - o/servicestate/quotas: add functions for getting and setting quotas in state - tests: new buckets for snapd-spread project on gce - spread.yaml: update the gce project to start using snapd-spread - quota: new package for managing resource groups - many: bind and check keys against models when using FDE hooks v2 - many: move responsibilities down seboot -> kernel/fde and boot -> secboot - packaging: add placeholder changelog - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu Core system - many: hide EncryptionKey size and refactors for fde hook v2 next steps - tests: adding debug info for create user tests - o/hookstate: add "refresh" command to snapctl (hidden, not complete yet) - systemd: wait for zfs mounts (LP #1922293) - testutil: support referencing files in FileEquals checker - many: refactor to kernel/fde and allow `fde-setup initial-setup` to return json - o/snapstate: store refresh-candidates in the state - o/snapstate: helper for creating gate-auto-refresh hooks - bootloader/bootloadertest: provide interface implementation as mixins, provide a mock for recovery-aware-trusted-asses bootloader - tests/lib/nested: do not compress images, return early when restored from pristine image - boot: split out a helper for making recovery system bootable - tests: update os.query check to match new bullseye codename used on sid images - o/snapstate: helper for getting snaps affected by refresh, define new hook - wrappers: support in EnsureSnapServices a callback to observe changes (#10176) - gadget: multi line support in gadget's cmdline file - daemon: test that requesting restart from (early) Ensure works - tests: use op.paths tools instead of dirs.sh helper - part 1 - tests: add new command to snaps-state to get current core, kernel and gadget - boot, gadget: move opening the snap container into the gadget helper - tests, overlord: extend unit tests, extend spread tests to cover full command line support - interfaces/builtin: introduce dsp interface - boot, bootloader, bootloader/assets: support for full command line override from gadget - overlord/devicestate, overlord/snapstate: add task for updating kernel command lines from gadget - o/snapstate: remove unused DeviceCtx argument of ensureInstallPreconditions - tests/lib/nested: proper status return for tpm/secure boot checks - cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars - wrappers/services.go: refactor helper lambda function to separate function - boot/flags.go: add HostUbuntuDataForMode - boot: handle updating of components that contribute to kernel command line - tests: add 20.04 to systems for nested/core - daemon: add new accessChecker implementations - boot, overlord/devicestate: consider gadget command lines when updating boot config - tests: fix prepare-image-grub-core18 for arm devices - tests: fix gadget-kernel-refs-update-pc test on arm and when $TRUST_TEST_KEY is false - tests: enable help test for all the systems - boot: set extra command line arguments when preparing run mode - boot: load bits of kernel command line from gadget snaps - tests: update layout for tests - part 2 - tests: update layout for tests - part 1 - tests: remove the snap profiler from the test suite - boot: drop gadget snap yaml which is already defined elsewhere in the tests - boot: set extra kernel command line arguments when making a recovery system bootable - boot: pass gadget path to command line helpers, load gadget from seed - tests: new os.paths tool - daemon: make ucrednetGet() return a *ucrednet structure - boot: derive boot variables for kernel command lines - cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from initramfs * New upstream release, LP: #1926005 - interfaces: update permitted /lib/.. paths to be compatible with UC20 - interfaces: builtin: update permitted paths to be compatible with UC20 - interfaces/greengrass-support: delete white spaces at the end of lines - snap-seccomp: update syscalls.go list - many: backport kernel command line for 2.50 - interfaces/dbus: allow claiming 'well-known' D-Bus names with a wildcard suffix - interfaces/camera: allow devices in /sys/devices/platform/**/usb* - interfaces/builtin: introduce dsp interface * New upstream release, LP: #1926005 - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu Core system - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug - o/servicestate/servicemgr.go: add ensure loop for snap service units - wrappers/services.go: introduce EnsureSnapServices() - snapstate: add "kernel-assets" to featureSet - systemd: wait for zfs mounts - overlord: make servicestate responsible to compute SnapServiceOptions - boot,tests: move where we write boot-flags one level up - o/configstate: don't pass --root=/ when masking/unmasking/enabling/disabling services - cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to /run - gadget: be more flexible with kernel content resolving - boot, cmd/snap: include extra cmdline args in debug boot-vars output - boot: support read/writing boot-flags from userspace/initramfs - interfaces/pwm: add PWM interface - tests/lib/prepare-restore.sh: clean out snapd changes and snaps before purging - systemd: enrich UnitStatus returned by systemd.Status() with Installed flag - tests: updated restore phase of spread tests - part 1 - gadget: add support for kernel command line provided by the gadget - tests: Using GO111MODULE: "off" in spread.yaml - features: add gate-auto-refresh-hook feature flag - spread: ignore linux kernel upgrade in early stages for arch preparation - tests: use snaps-state commands and remove them from the snaps helper - o/configstate: fix panic with a sequence of config unset ops over same path - api: provide meaningful error message on connect/disconnect for non-installed snap - interfaces/u2f-devices: add HyperFIDO Pro - tests: add simple sanity check for systemctl show --property=UnitFileState for unknown service - tests: use tests.session tool on interfaces-desktop-document- portal test - wrappers: install D-Bus service activation files for snapd session tools on core - many: add x-gvfs-hide option to mount units - interfaces/builtin/gpio_test.go: actually test the generated gpio apparmor - spread: tentative workaround for arch failure caused by libc upgrade and cgroups v2 - tests: add spread test for snap validate against store assertions - tests: remove snaps which are not used in any test - ci: set the accept-existing-contributors parameter for the cla- check action - daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and some apiBaseSuite cosmetics) - o/devicestate/devicemgr: register install-device hook, run if present in install - o/configstate/configcore: simple refactors in preparation for new function - tests: unifying the core20 nested suite with the core nested suite - tests: uboot-unpacked-assets updated to reflect the real path used to find the kernel - daemon: switch api_test.go to daemon_test and various other cleanups - o/configstate/configcore/picfg.go: add hdmi_cvt support - interfaces/apparmor: followup cleanups, comments and tweaks - boot: cmd/snap-bootstrap: handle a candidate recovery system v2 - overlord/snapstate: skip catalog refresh when snappy testing is enabled - overlord/snapstate, overlord/ifacestate: move late security profile removal to ifacestate - snap-seccomp: fix seccomp test on ppc64el - interfaces, interfaces/apparmor, overlord/snapstate: late removal of snap-confine apparmor profiles - cmd/snap-bootstrap/initramfs-mounts: move time forward using assertion times - tests: reset the system while preparing the test suite - tests: fix snap-advise-command check for 429 - gadget: policy for gadget/kernel refreshes - o/configstate: deal with no longer valid refresh.timer=managed - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 - cla-check: Use has-signed-canonical-cla GitHub Action - tests: validation sets spread test - tests: simplify the reset.sh logic by removing not needed command - overlord/snapstate: make sure that snapd current symlink is not removed during refresh - tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20 - tests/lib/fde-setup-hook: also verify that fde-reveal-key key data is base64 - o/devicestate: split off ensuring next boot goes to run mode into new task - tests: fix cgroup-tracking test - boot: export helper for clearing tried system state, add tests - cmd/snap: use less aggressive client timeouts in unit tests - daemon: fix signing key validity timestamp in unit tests - o/{device,hook}state: encode fde-setup-request key as base64 string - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ - cmd/snap/pack: unhide the compression option - boot: extend set try recovery system unit tests - cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use secboot's implicit fallback - o/configstate/configcore: add hdmi_timings to pi-config - snapstate: reduce reRefreshRetryTimeout to 1/2 second - interfaces/tee: add TEE/OPTEE interface - o/snapstate: update validation sets assertions with auto-refresh - vendor: update go-tpm2/secboot to latest version - seed: ReadSystemEssentialAndBetterEarliestTime - tests: replace while commands with the retry tool - interfaces/builtin: update unit tests to use proper distro's libexecdir - tests: run the reset.sh helper and check test invariants while the test is restored - daemon: switch preexisting daemon_test tests to apiBaseSuite and .req - boot, o/devicestate: split makeBootable20 into two parts - interfaces/docker-support: add autobind unix rules to docker- support - interfaces/apparmor: allow reading /proc/sys/kernel/random/entropy_avail - tests: use retry tool instead a loops - tests/main/uc20-create-partitions: fix tests cleanup - asserts: mode where Database only assumes cur time >= earliest time - daemon: validation sets/api tests cleanup - tests: improve tests self documentation for nested test suite - api: local assertion fallback when it's not in the store - api: validation sets monitor mode - tests: use fs-state tool in interfaces tests - daemon: move out /v2/login|logout and errToResponse tests from api_test.go - boot: helper for inspecting the outcome of a recovery system try - o/configstate, o/snapshotstate: fix handling of nil snap config on snapshot restore - tests: update documentation and checks for interfaces tests - snap-seccomp: add new `close_range` syscall - boot: revert #10009 - gadget: remove `device-tree{,-origin}` from gadget tests - boot: simplify systems test setup - image: write resolved-content from snap prepare-image - boot: reseal the run key for all recovery systems, but recovery keys only for the good ones - interfaces/builtin/network-setup-{control,observe}: allow using netplan directly - tests: improve sections prepare and restore - part 1 - tests: update details on task.yaml files - tests: revert os.query usage in spread.yaml - boot: export bootAssetsMap as AssetsMap - tests/lib/prepare: fix repacking of the UC20 kernel snap for with ubuntu-core-initramfs 40 - client: protect against reading too much data from stdin - tests: improve tests documentation - part 2 - boot: helper for setting up a try recover system - tests: improve tests documentation - part 1 - tests/unit/go: use tests.session wrapper for running tests as a user - tests: improvements for snap-seccomp-syscalls - gadget: simplify filterUpdate (thanks to Maciej) - tests/lib/prepare.sh: use /etc/group and friends from the core20 snap - tests: fix tumbleweed spread tests part 2 - tests: use new commands of os.query tool on tests - o/snapshotstate: create snapshots directory on import - tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list - packaging: drop 99-snapd.conf via dpkg-maintscript-helper - osutil: add SetTime() w/ 32-bit and 64-bit implementations - interfaces/wayland: rm Xwayland Xauth file access from wayland slot - packaging/ubuntu-16.04/rules: turn modules off explicitly - gadget,devicestate: perform kernel asset update for $kernel: style refs - cmd/recovery: small fix for `snap recovery` tab output - bootloader/lkenv: add recovery systems related variables - tests: fix new tumbleweed image - boot: fix typo, should be systems - o/devicestate: test that users.create.automatic is configured early - asserts: use Fetcher in AddSequenceToUpdate - daemon,o/c/configcore: introduce users.create.automatic - client, o/servicestate: expose enabled state of user daemons - boot: helper for checking and marking tried recovery system status from initramfs - asserts: pool changes for validation-sets (#9930) - daemon: move the last api_foo_test.go to daemon_test - asserts: include the assertion timestamp in error message when outside of signing key validity range - ovelord/snapshotstate: keep a few of the last line tar prints before failing - gadget/many: rm, delay sector size + structure size checks to runtime - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors - interfaces: add allegro-vcu and media-control interfaces - interfaces: opengl: add Xilinx zocl bits - mkversion: check that version from changelog is set before overriding the output version - many: fix new ineffassign warnings - .github/workflows/labeler.yaml: try work-around to not sync labels - cmd/snap, boot: add debug set-boot-vars - interfaces: allow reading the Xauthority file KDE Plasma writes for Wayland sessions - tests/main/snap-repair: test running repair assertion w/ fakestore - tests: disable lxd tests for 21.04 until the lxd images are published for the system - tests/regression/lp-1910456: cleanup the /snap symlink when done - daemon: move single snap querying and ops to api_snaps.go - tests: fix for preseed and dbus tests on 21.04 - overlord/snapshotstate: include the last message printed by tar in the error - interfaces/system-observe: Allow reading /proc/zoneinfo - interfaces: remove apparmor downgrade feature - snap: fix unit tests on Go 1.16 - spread: disable Go modules support in environment - tests: use new path to find kernel.img in uc20 for arm devices - tests: find files before using cat command when checking broadcom- asic-control interface - boot: introduce good recovery systems, provide compatibility handling - overlord: add manager gadget refresh test - tests/lib/fakestore: support repair assertions too - github: temporarily disable action labeler due to issues with labels being removed - o/devicestate,many: introduce DeviceManager.preloadGadget for EarlyConfig - tests: enable ubuntu 21.04 for spread tests - snap: provide a useful error message if gdbserver is not installed - data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1 - tests/lib/prepare.sh: split reflash.sh into two parts - packaging/opensuse: sync with openSUSE packaging - packaging: disable Go modules in snapd.mk - snap: add deprecation noticed to "snap run --gdb" - daemon: add API for checking and installing available theme snaps - tests: using labeler action to add automatically a label to run nested tests - gadget: improve error handling around resolving content sources - asserts: repeat the authority cross-check in CheckSignature as well - interfaces/seccomp/template.go: allow copy_file_range - o/snapstate/check_snap.go: add support for many subversions in assumes snapdX.. - daemon: move postSnap and inst.dispatch tests to api_snaps_test.go - wrappers: use proper paths for mocked mount units in tests - snap: rename gdbserver option to `snap run --gdbserver` - store: support validation sets with fetch-assertions action - snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky - packaging/fedora: sync with downstream packaging in Fedora - many: add Delegate=true to generated systemd units for special interfaces (master) - boot: use a common helper for mocking boot assets in cache - api: validate snaps against validation set assert from the store - wrappers: don't generate an [Install] section for timer or dbus activated services - tests/nested/core20/boot-config-update: skip when snapd was not built with test features - o/configstate,o/devicestate: introduce devicestate.EarlyConfig implemented by configstate.EarlyConfig - cmd/snap-bootstrap/initramfs-mounts: fix typo in func name - interfaces/builtin: mock distribution in fontconfig cache unit tests - tests/lib/prepare.sh: add another console= to the reflash magic grub entry - overlord/servicestate: expose dbus activators of a service - desktop/notification: test against a real session bus and notification server implementation - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for recover+install - HACKING.md: explain how to run UC20 spread tests with QEMU - asserts: introduce AtSequence - overlord/devicestate: task for updating boot configs, spread test - gadget: fix documentation/typos - gadget: cleanup MountedFilesystem{Writer,Updater} - gadget: use ResolvedSource in MountedFilesystemWriter - snap/info.go: add doc-comment for SortServices - interfaces: add an optional mount-host-font-cache plug attribute to the desktop interface - osutil: skip TestReadBuildGo inside sbuild - o/hookstate/ctlcmd: add optional --pid and --apparmor-label arguments to "snapctl is-connected" - data/env/snapd: use quoting in case PATH contains spaces - boot: do not observe successful boot assets if not in run mode - tests: fix umount for snapd snap on fsck-on-boot testumount: /run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount - misc: little tweaks - snap/info.go: ignore unknown daemons in SortSnapServices - devicestate: keep log from install-mode on installed system - seed: add LoadEssentialMeta to seed16 and allow all of its implementations to be called multiple times - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in seeds - tests/core/uc20-recovery: move recover mode helpers to generic testslib script - interfaces/fwupd: allow any distros to access fw files via fwupd - store: method for fetching validation set assertion - store: switch to v2/assertions api - gadget: add new ResolvedContent and populate from LayoutVolume() - spread: use full format when listing processes - osutil/many: make all test pkgs osutil_test instead of "osutil" - tests/unit/go: drop unused environment variables, skip coverage - OpenGL interface: Support more Tegra libs - gadget,overlord: pass kernelRoot to install.Run() - tests: run unit tests in Focal instead of Xenial - interfaces/browser-support: allow sched_setaffinity with browser- sandbox: true - daemon: move query /snaps/ tests to api_snaps_test.go - cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair runner - systemd/systemd.go: support journald JSON messages with arrays for values - cmd: make string/error code more robust against errno leaking - github, run-checks: do not collect coverage data on subsequent test runs - boot: boot config update & reseal - o/snapshotstate: handle conflicts between snapshot forget, export and import - osutil/stat.go: add RegularFileExists - cmd/snapd-generator: don't create mount overrides for snap-try snaps inside lxc - gadget/gadget.go: rename ubuntu-* to system-* in doc-comment - tests: use 6 spread workers for centos8 - bootloader/assets: support injecting bootloader assets in testing builds of snapd - gadget: enable multi-volume uc20 gadgets in LaidOutSystemVolumeFromGadget; rename too - overlord/devicestate, sysconfig: do nothing when cloud-init is not present - cmd/snap-repair: filter repair assertions based on bases + modes - snap-confine: make host /etc/ssl available for snaps on classic * New upstream release, LP: #1915248 - interfaces/tee: add TEE/OPTEE interface - o/configstate/configcore: add hdmi_timings to pi-config - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 - snap-seccomp: fix seccomp test on ppc64el - interfaces{,/apparmor}, overlord/snapstate: late removal of snap-confine apparmor profiles - overlord/snapstate, wrappers: add dependency on usr-lib- snapd.mount for services on core with snapd snap - o/configstate: deal with no longer valid refresh.timer=managed - overlord/snapstate: make sure that snapd current symlink is not removed during refresh - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ - o/{device,hook}state: encode fde-setup-request key as base64 - snapstate: reduce reRefreshRetryTimeout to 1/2 second - tests/main/uc20-create-partitions: fix tests cleanup - o/configstate, o/snapshotstate: fix handling of nil snap config on snapshot restore - snap-seccomp: add new `close_range` syscall * New upstream release, LP: #1915248 - tests: turn modules off explicitly in spread go unti test - o/snapshotstate: create snapshots directory on import - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors - interfaces: add allegro-vcu and media-control interfaces - interfaces: opengl: add Xilinx zocl bits - many: fix new ineffassign warnings - interfaces/seccomp/template.go: allow copy_file_range - interfaces: allow reading the Xauthority file KDE Plasma writes for Wayland sessions - data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1 - Remove apparmor downgrade feature - Support tmp and log dirs on Yocto/Poky * New upstream release, LP: #1915248 - many: add Delegate=true to generated systemd units for special interfaces - cmd/snap-bootstrap: rename ModeenvFromModel to EphemeralModeenvForModel - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for recover+install - osutil: skip TestReadBuildGo inside sbuild - tests: fix umount for snapd snap on fsck-on-boot test - snap/info_test.go: add unit test cases for bug - tests/main/services-after-before: add regression spread test - snap/info.go: ignore unknown daemons in SortSnapServices - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in seeds - OpenGL interface: Support more Tegra libs - interfaces/browser-support: allow sched_setaffinity with browser- sandbox: true - cmd: make string/error code more robust against errno leaking - o/snapshotstate: handle conflicts between snapshot forget, export and import - cmd/snapd-generator: don't create mount overrides for snap-try snaps inside lxc - tests: update test pkg for fedora and centos - gadget: pass sector size in to mkfs family of functions, use to select block sz - o/snapshotstate: fix returning of snap names when duplicated snapshot is detected - tests/main/snap-network-errors: skip flushing dns cache on centos-7 - interfaces/builtin: Allow DBus property access on org.freedesktop.Notifications - cgroup-support.c: fix link to CGROUP DELEGATION - osutil: update go-udev package - packaging: fix arch-indep build on debian-sid - {,sec}boot: pass "key-name" to the FDE hooks - asserts: sort by revision with Sort interface - gadget: add gadget.ResolveContentPaths() - cmd/snap-repair: save base snap and mode in device info; other misc cleanups - tests: cleanup the run-checks script - asserts: snapasserts method to validate installed snaps against validation sets - tests: normalize test tools - part 1 - snapshotstate: detect duplicated snapshot imports - interfaces/builtin: fix unit test expecting snap-device-helper at /usr/lib/snapd - tests: apply workaround done for snap-advise-command to apt-hooks test - tests: skip main part of snap-advise test if 429 error is encountered - many: clarify gadget role-usage consistency checks for UC16/18 vs UC20 - sandbox/cgroup, tess/main: fix unit tests on v2 system, disable broken tests on sid - interfaces/builtin: more drive by fixes, import ordering, removing dead code - tests: skip interfaces-openvswitch spread test on debian sid - interfaces/apparmor: drive by comment fix - cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree usage - cmd/libsnap-confine-private: make unit tests execute happily in a container - interfaces, wrappers: misc comment fixes, etc. - asserts/repair.go: add "bases" and "modes" support to the repair assertion - interfaces/opengl: allow RPi MMAL video decoding - snap: skip help output tests for go-flags v1.4.0 - gadget: add validation for "$kernel:ref" style content - packaging/deb, tests/main/lxd-postrm-purge: fix purge inside containers - spdx: update to SPDX license list version: 3.11 2020-11-25 - tests: improve hotplug test setup on classic - tests: update check to verify is the current system is arm - tests: use os-query tool to check debian, trusty and tumbleweed - daemon: start moving implementation to api_snaps.go - tests/main/snap-validate-basic: disable test on Fedora due to go- flags panics - tests: fix library path used for tests.pkgs - tests/main/cohorts: replace yq with a Python snippet - run-checks: update to match new argument syntax of ineffassign - tests: use apiBaseSuite for snapshots tests, fix import endpoint path - many: separate consistency/content validation into gadget.Validate|Content - o/{device,snap}state: enable devmode snaps with dangerous model assertions secboot: add test for when systemd-run does not honor RuntimeMaxSec - secboot: add workaround for snapcore/core-initrd issue #13 - devicestate: log checkEncryption errors via logger.Noticef - o/daemon: validation sets api and basic spread test - gadget: move BuildPartitionList to install and make it unexported - tests: add nested spread end-to-end test for fde-hooks - devicestate: implement checkFDEFeatures() - boot: tweak resealing with fde-setup hooks - tests: add os query commands for subsystems and architectures - o/snapshotstate: don't set auto flag in the snapshot file - tests: use os.query tool instead of comparing the system var - testutil: use the original environment when calling shellcheck - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- init restrict file - gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and instead set the implicit labels when loading the yaml - secboot: add new LockSealedKeys() that uses either TPM/fde-reveal- key - gadget/quantity: introduce Offset, start using it for offset related fields in the gadget - gadget: use "sealed-keys" to determine what method to use for reseal - tests/main/fake-netplan-apply: disable test on xenial for now - daemon: start splitting snaps op tests out of api_test.go - testutil: make DBusTest use a custom bus configuration file - tests: replace pkgdb.sh (library) with tests.pkgs (program) - gadget: prepare gadget kernel refs (0/N) - interfaces/builtin/docker-support: allow /run/containerd/s/... - cmd/snap-preseed: reset run inhibit locks on --reset. - boot: add sealKeyToModeenvUsingFdeSetupHook() - daemon: reorg snap.go and split out sections and icons support from api.go - sandbox/seccomp: use snap-seccomp's stdout for getting version info - daemon: split find support to its own api_*.go files and move some helpers - tests: move snapstate config defaults tests to a separate file. - bootloader/{lk,lkenv}: followups from #9695 - daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite - gadget,o/devicestate: set implicit values for schema and role directly instead of relying on Effective* accessors - daemon: split aliases support to its own api_*.go files - gadget: start separating rule/convention validation from basic soundness - cmd/snap-update-ns: add better unit test for overname sorting - secboot: use `fde-reveal-key` if available to unseal key - tests: fix lp-1899664 test when snapd_x1 is not installed in the system - tests: fix the scenario when the "$SRC".orig file does not exist - cmd/snap-update-ns: fix sorting of overname mount entries wrt other entries - devicestate: add runFDESetupHook() helper - bootloader/lk: add support for UC20 lk bootloader with V2 lkenv structs - daemon: split unsupported buy implementation to its own api_*.go files - tests: download timeout spread test - gadget,o/devicestate: hybrid 18->20 ready volume setups should be valid - o/devicestate: save model with serial in the device save db - bootloader: add check for prepare-image time and more tests validating options - interfaces/builtin/log_observe.go: allow controlling apparmor audit levels - hookstate: refactor around EphemeralRunHook - cmd/snap: implement 'snap validate' command - secboot,devicestate: add scaffoling for "fde-reveal-key" support - boot: observe successful command line update, provide a default - tests: New queries for the os tools - bootloader/lkenv: specify backup file as arg to NewEnv(), use "" as path+"bak" - osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk iface - daemon: split out snapctl support and snap configuration support to their own api_*.go files - snapshotstate: improve handling of multiple errors - tests: sign new nested-18|20* models to allow for generic serials - bootloader: remove installableBootloader interface and methods - seed: cleanup/drop some no longer valid TODOS, clarify some other points - boot: set kernel command line in modeenv during install - many: rename disks.FindMatching... to FindMatching...WithFsLabel and err type - cmd/snap: suppress a case of spurious stdout logging from tests - hookstate: add new HookManager.EphemeralRunHook() - daemon: move some more api tests from daemon to daemon_test - daemon: split apps and logs endpoints to api_apps.go and tests - interfaces/utf: Add Ledger to U2F devices - seed/seedwriter: consider modes when checking for deps availability - o/devicestate,daemon: fix reboot system action to not require a system label - cmd/snap-repair,store: increase initial retry time intervals, stalling TODOs - daemon: split interfacesCmd to api_interfaces.go - github: run nested suite when commit is pushed to release branch - client: reduce again the /v2/system-info timeout - tests: reset fakestore unit status - update-pot: fix typo in plural keyword spec - tests: remove workarounds that add "ubuntu-save" if missing - tests: add unit test for auto-refresh with validate-snap failure - osutil: add helper for getting the kernel command line - tests/main/uc20-create-partitions: verify ubuntu-save encryption keys, tweak not MATCH - boot: add kernel command lines to the modeenv file - spread: bump delta ref, tweak repacking to make smaller delta archives - bootloader/lkenv: add v2 struct + support using it - snapshotstate: add cleanup of abandonded snapshot imports - tests: fix uc20-create-parition-* tests for updated gadget - daemon: split out /v2/interfaces tests to api_interfaces_test.go - hookstate: implement snapctl fde-setup-{request,result} - wrappers, o/devicestate: remove EnableSnapServices - tests: enable nested on 20.10 - daemon: simplify test helpers Get|PostReq into Req - daemon: move general api to api_general*.go - devicestate: make checkEncryption fde-setup hook aware - client/snapctl, store: fix typos - tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files before doing apt ops - cmd/snap-bootstrap: update model cross-check considerations - client,snapctl: add naive support for "stdin" - many: add new "install-mode: disable" option - osutil/disks: allow building on mac os - data/selinux: update the policy to allow operations on non-tmpfs /tmp - boot: add helper for generating candidate kernel lines for recovery system - wrappers: generate D-Bus service activation files - bootloader/many: rm ConfigFile, add Present for indicating presence of bloader - osutil/disks: allow mocking DiskFromDeviceName - daemon: start cleaning up api tests - packaging/arch: sync with AUR packaging - bootloader: indicate when boot config was updated - tests: Fix snap-debug-bootvars test to make it work on arm devices and core18 - tests/nested/manual/core20-save: verify handling of ubuntu-save with different system variants - snap: use the boot-base for kernel hooks - devicestate: support "storage-safety" defaults during install - bootloader/lkenv: mv v1 to separate file, include/lk/snappy_boot_v1.h: little fixups - interfaces/fpga: add fpga interface - store: download timeout - vendor: update secboot repo to avoid including secboot.test binary - osutil: add KernelCommandLineKeyValue - gadget/gadget.go: allow system-recovery-{image,select} as roles in gadget.yaml - devicestate: implement boot.HasFDESetupHook - osutil/disks: add DiskFromName to get a disk using a udev name - usersession/agent: have session agent connect to the D-Bus session bus - o/servicestate: preserve order of services on snap restart - o/servicestate: unlock state before calling wrappers in doServiceControl - spread: disable unattended-upgrades on ubuntu - tests: testing new fedora 33 image - tests: fix fsck on boot on arm devices - tests: skip boot state test on arm devices - tests: updated the systems to run prepare-image-grub test - interfaces/raw_usb: allow read access to /proc/tty/drivers - tests: unmount /boot/efi in fsck-on-boot test - strutil/shlex,osutil/udev/netlink: minimally import go-check - tests: fix basic20 test on arm devices - seed: make a shared seed system label validation helper - tests/many: enable some uc20 tests, delete old unneeded tests or TODOs - boot/makebootable.go: set snapd_recovery_mode=install at image- build time - tests: migrate test from boot.sh helper to boot-state tool - asserts: implement "storage-safety" in uc20 model assertion - bootloader: use ForGadget when installing boot config - spread: UC20 no longer needs 2GB of mem - cmd/snap-confine: implement snap-device-helper internally - bootloader/grub: replace old reference to Managed...Blr... with Trusted...Blr... - cmd/snap-bootstrap: add readme for snap-bootstrap + real state diagram - interfaces: fix greengrass attr namingThe flavor attribute names are now as follows: - tests/lib/nested: poke the API to get the snap revisions - tests: compare options of mount units created by snapd and snapd- generator - o/snapstate,servicestate: use service-control task for service actions - sandbox: track applications unconditionally - interfaces/greengrass-support: add additional "process" flavor for 1.11 update - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test * New upstream release, LP: #1906690 - tests: sign new nested-18|20* models to allow for generic serials - secboot: add extra paranoia when waiting for that fde-reveal-key - tests: backport netplan workarounds from #9785 - secboot: add workaround for snapcore/core-initrd issue #13 - devicestate: log checkEncryption errors via logger.Noticef - tests: add nested spread end-to-end test for fde-hooks - devicestate: implement checkFDEFeatures() - boot: tweak resealing with fde-setup hooks - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- init restrict file - secboot: add new LockSealedKeys() that uses either TPM or fde-reveal-key - gadget: use "sealed-keys" to determine what method to use for reseal - boot: add sealKeyToModeenvUsingFdeSetupHook() - secboot: use `fde-reveal-key` if available to unseal key - cmd/snap-update-ns: fix sorting of overname mount entries wrt other entries - o/devicestate: save model with serial in the device save db - devicestate: add runFDESetupHook() helper - secboot,devicestate: add scaffoling for "fde-reveal-key" support - hookstate: add new HookManager.EphemeralRunHook() - update-pot: fix typo in plural keyword spec - store,cmd/snap-repair: increase initial expontential time intervals - o/devicestate,daemon: fix reboot system action to not require a system label - github: run nested suite when commit is pushed to release branch - tests: reset fakestore unit status - tests: fix uc20-create-parition-* tests for updated gadget - hookstate: implement snapctl fde-setup-{request,result} - devicestate: make checkEncryption fde-setup hook aware - client,snapctl: add naive support for "stdin" - devicestate: support "storage-safety" defaults during install - snap: use the boot-base for kernel hooks - vendor: update secboot repo to avoid including secboot.test binary * New upstream release, LP: #1906690 - gadget: disable ubuntu-boot role validation check * New upstream release, LP: #1904098 - osutil: add KernelCommandLineKeyValue - devicestate: implement boot.HasFDESetupHook - boot/makebootable.go: set snapd_recovery_mode=install at image- build time - bootloader: use ForGadget when installing boot config - interfaces/raw_usb: allow read access to /proc/tty/drivers - boot: add scaffolding for "fde-setup" hook support for sealing - tests: fix basic20 test on arm devices - seed: make a shared seed system label validation helper - snap: add new "fde-setup" hooktype - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test - secboot,cmd/snap-bootstrap: fix degraded mode cases with better device handling - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some messiness - tests/nested/manual/refresh-revert-fundamentals: temporarily disable secure boot - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all boot modes - many: address degraded recover mode feedback, cleanups - tests: Use systemd-run on tests part2 - tests: set the opensuse tumbleweed system as manual in spread.yaml - secboot: call BlockPCRProtectionPolicies even if the TPM is disabled - vendor: update to current secboot - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and save - spread.yaml: increase number of workers on 20.10 - snap: add new `snap recovery --show-keys` option - tests: minor test tweaks suggested in the review of 9607 - snapd-generator: set standard snapfuse options when generating units for containers - tests: enable lxd test on ubuntu-core-20 and 16.04-32 - interfaces: share /tmp/.X11-unix/ from host or provider - tests: enable main lxd test on 20.10 - cmd/s-b/initramfs-mounts: refactor recover mode to implement degraded mode - gadget/install: add progress logging - packaging: keep secboot/encrypt_dummy.go in debian - interfaces/udev: use distro specific path to snap-device-helper - o/devistate: fix chaining of tasks related to regular snaps when preseeding - gadget, overlord/devicestate: validate that system supports encrypted data before install - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core ESP layout - many: add /v2/system-recovery-keys API and client - secboot, many: return UnlockMethod from Unlock* methods for future usage - many: mv keys to ubuntu-boot, move model file, rename keyring prefix for secboot - tests: using systemd-run instead of manually create a systemd unit - part 1 - secboot, cmd/snap-bootstrap: enable or disable activation with recovery key - secboot: refactor Unlock...IfEncrypted to take keyfile + check disks first - secboot: add LockTPMSealedKeys() to lock access to keys independently - gadget: correct sfdisk arguments - bootloader/assets/grub: adjust fwsetup menuentry label - tests: new boot state tool - spread: use the official image for Ubuntu 20.10, no longer an unstable system - tests/lib/nested: enable snapd logging to console for core18 - osutil/disks: re-implement partition searching for disk w/ non- adjacent parts - tests: using the nested-state tool in nested tests - many: seal a fallback object to the recovery boot chain - gadget, gadget/install: move helpers to install package, refactor unit tests - dirs: add "gentoo" to altDirDistros - update-pot: include file locations in translation template, and extract strings from desktop files - gadget/many: drop usage of gpt attr 59 for indicating creation of partitions - gadget/quantity: tweak test name - snap: fix failing unittest for quantity.FormatDuration() - gadget/quantity: introduce a new package that captures quantities - o/devicestate,a/sysdb: make a backup of the device serial to save - tests: fix rare interaction of tests.session and specific tests - features: enable classic-preserves-xdg-runtime-dir - tests/nested/core20/save: check the bind mount and size bump - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20 - tests: rename hasHooks to hasInterfaceHooks in the ifacestate tests - o/devicestate: unit test tweaks - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save - testutil, cmd/snap/version: fix misc little errors - overlord/devicestate: bind mount ubuntu-save under /var/lib/snapd/save on startup - gadget/internal: tune ext4 setting for smaller filesystems - tests/nested/core20/save: a test that verifies ubuntu-save is present and set up - tests: update google sru backend to support groovy - o/ifacestate: handle interface hooks when preseeding - tests: re-enable the apt hooks test - interfaces,snap: use correct type: {os,snapd} for test data - secboot: set metadata and keyslots sizes when formatting LUKS2 volumes - tests: improve uc20-create-partitions-reinstall test - client, daemon, cmd/snap: cleanups from #9489 + more unit tests - cmd/snap-bootstrap: mount ubuntu-save during boot if present - secboot: fix doc comment on helper for unlocking volume with key - tests: add spread test for refreshing from an old snapd and core18 - o/snapstate: generate snapd snap wrappers again after restart on refresh - secboot: version bump, unlock volume with key - tests/snap-advise-command: re-enable test - cmd/snap, snapmgr, tests: cleanups after #9418 - interfaces: deny connected x11 plugs access to ICE - daemon,client: write and read a maintenance.json file for when snapd is shut down - many: update to secboot v1 (part 1) - osutil/disks/mockdisk: panic if same mountpoint shows up again with diff opts - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the reseal tests - many: implement snap routine console-conf-start for synchronizing auto-refreshes - dirs, boot: add ubuntu-save directories and related locations - usersession: fix typo in test name - overlord/snapstate: refactor ihibitRefresh - overlord/snapstate: stop warning about inhibited refreshes - cmd/snap: do not hardcode snapshot age value - overlord,usersession: initial notifications of pending refreshes - tests: add a unit test for UpdateMany where a single snap fails - o/snapstate/catalogrefresh.go: don't refresh catalog in install mode uc20 - tests: also check snapst.Current in undo-unlink tests - tests: new nested tool - o/snapstate: implement undo handler for unlink-snap - tests: clean systems.sh helper and migrate last set of tests - tests: moving the lib section from systems.sh helper to os.query tool - tests/uc20-create-partitions: don't check for grub.cfg - packaging: make sure that static binaries are indeed static, fix openSUSE - many: have install return encryption keys for data and save, improve tests - overlord: add link participant for linkage transitions - tests: lxd smoke test - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu- seed too - tests: moving main suite from systems.sh to os.query tool - tests: moving the core test suite from systems.sh to os.query tool - cmd/snap-confine: mask host's apparmor config - o/snapstate: move setting updated SnapState after error paths - tests: add value to INSTANCE_KEY/regular - spread, tests: tweaks for openSUSE - cmd/snap-confine: update path to snap-device-helper in AppArmor profile - tests: new os.query tool - overlord/snapshotstate/backend: specify tar format for snapshots - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested UC20 - client,daemon,snap: auto-import does not error on managed devices - interfaces: PTP hardware clock interface - tests: use tests.backup tool - many: verify that unit tests work with nosecboot tag and without secboot package - wrappers: do not error out on read-only /etc/dbus-1/session.d filesystem on core18 - snapshots: import of a snapshot set - tests: more output for sbuild test - o/snapstate: re-order remove tasks for individual snap revisions to remove current last - boot: skip some unit tests when running as root - o/assertstate: introduce ValidationTrackingKey/ValidationSetTracking and basic methods - many: allow ignoring running apps for specific request - tests: allow the searching test to fail under load - overlord/snapstate: inhibit startup while unlinked - seed/seedwriter/writer.go: check DevModeConfinement for dangerous features - tests/main/sudo-env: snap bin is available on Fedora - boot, overlord/devicestate: list trusted and managed assets upfront - gadget, gadget/install: support for ubuntu-save, create one during install if needed - spread-shellcheck: temporary workaround for deadlock, drop unnecessary test - snap: support different exit-code in the snap command - logger: use strutil.KernelCommandLineSplit in debugEnabledOnKernelCmdline - logger: fix snapd.debug=1 parsing - overlord: increase refresh postpone limit to 14 days - spread-shellcheck: use single thread pool executor - gadget/install,secboot: add debug messages - spread-shellcheck: speed up spread-shellcheck even more - spread-shellcheck: process paths from arguments in parallel - tests: tweak error from tests.cleanup - spread: remove workaround for openSUSE go issue - o/configstate: create /etc/sysctl.d when applying early config defaults - tests: new tests.backup tool - tests: add tests.cleanup pop sub-command - tests: migration of the main suite to snaps-state tool part 6 - tests: fix journal-state test - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc recover files - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for same IP addr - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for building snapd - boot, gadget, bootloader: observer preserves managed bootloader configs - tests/nested/manual: add uc20 grade signed cloud-init test - o/snapstate/autorefresh.go: eliminate race when launching autorefresh - daemon,snapshotstate: do not return "size" from Import() - daemon: limit reading from snapshot import to Content-Length - many: set/expect Content-Length header when importing snapshots - github: switch from ::set-env command to environment file - tests: migration of the main suite to snaps-state tool part 5 - client: cleanup the Client.raw* and Client.do* method families - tests: moving main suite to snaps-state tool part 4 - client,daemon,snap: use constant for snapshot content-type - many: fix typos and repeated "the" - secboot: fix tpm connection leak when it's not enabled - many: scaffolding for snapshots import API - run-checks: run spread-shellcheck too - interfaces: update network-manager interface to allow ObjectManager access from unconfined clients - tests: move core and regression suites to snaps-state tool - tests: moving interfaces tests to snaps-state tool - gadget: preserve files when indicated by content change observer - tests: moving smoke test suite and some tests from main suite to snaps-state tool - o/snapshotstate: pass set id to backend.Open, update tests - asserts/snapasserts: introduce ValidationSets - o/snapshotstate: improve allocation of new set IDs - boot: look at the gadget for run mode bootloader when making the system bootable - cmd/snap: allow snap help vs --all to diverge purposefully - usersession/userd: separate bus name ownership from defining interfaces - o/snapshotstate: set snapshot set id from its filename - o/snapstate: move remove-related tests to snapstate_remove_test.go - desktop/notification: switch ExpireTimeout to time.Duration - desktop/notification: add unit tests - snap: snap help output refresh - tests/nested/manual/preseed: include a system-usernames snap when preseeding - tests: fix sudo-env test - tests: fix nested core20 shellcheck bug - tests/lib: move to new directory when restoring PWD, cleanup unpacked unpacked snap directories - desktop/notification: add bindings for FDO notifications - dbustest: fix stale comment references - many: move ManagedAssetsBootloader into TrustedAssetsBootloader, drop former - snap-repair: add uc20 support - tests: print all the serial logs for the nested test - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid bug in test - cmd/snap/auto-import: stop importing system user assertions from initramfs mnts - osutil/group.go: treat all non-nil errs from user.Lookup{Group,} as Unknown* - asserts: deserialize grouping only once in Pool.AddBatch if needed - gadget: allow content observer to have opinions about a change - tests: new snaps-state command - part1 - o/assertstate: support refreshing any number of snap-declarations - boot: use test helpers - tests/core/snap-debug-bootvars: also check snap_mode - many/apparmor: adjust rules for reading profile/ execing new profiles for new kernel - tests/core/snap-debug-bootvars: spread test for snap debug boot- vars - tests/lib/nested.sh: more little tweaks - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, recover modes - overlord: explicitly set refresh-app-awareness in tests - kernel: remove "edition" from kernel.yaml and add "update" - spread: drop vendor from the packed project archive - boot: fix debug bootloader variables dump on UC20 systems - wrappers, systemd: allow empty root dir and conditionally do not pass --root to systemctl - tests/nested/manual: add test for grades above signed booting with testkeys - tests/nested: misc robustness fixes - o/assertstate,asserts: use bulk refresh to refresh snap- declarations - tests/lib/prepare.sh: stop patching the uc20 initrd since it has been updated now - tests/nested/manual/refresh-revert-fundamentals: re-enable test - update-pot: ignore .go files inside .git when running xgettext-go - tests: disable part of the lxd test completely on 16.04. - o/snapshotstate: tweak comment regarding snapshot filename - o/snapstate: improve snapshot iteration - bootloader: lk cleanups - tests: update to support nested kvm without reboots on UC20 - tests/nested/manual/preseed: disable system-key check for 20.04 image - spread.yaml: add ubuntu-20.10-64 to qemu - store: handle v2 error when fetching assertions - gadget: resolve device mapper devices for fallback device lookup - tests/nested/cloud-init-many: simplify tests and unify helpers/seed inputs - tests: copy /usr/lib/snapd/info to correct directory - check-pr-title.py * : allow "*" in the first part of the title - many: typos and small test tweak - tests/main/lxd: disable cgroup combination for 16.04 that is failing a lot - tests: make nested signing helpers less confusing - tests: misc nested changes - tests/nested/manual/refresh-revert-fundamentals: disable temporarily - tests/lib/cla_check: default to Python 3, tweaks, formatting - tests/lib/cl_check.py: use python3 compatible code * New upstream release, LP: #1895929 - o/configstate: create /etc/sysctl.d when applying early config defaults - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for same IP addr - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for building snapd - cmd/snap: allow snap help vs --all to diverge purposefully - snap: snap help output refresh * New upstream release, LP: #1895929 - tests: fix nested core20 shellcheck bug - many/apparmor: adjust rule for reading apparmor profile for new kernel - snap-repair: add uc20 support - cmd/snap/auto-import: stop importing system user assertions from initramfs mnts - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, recover modes - gadget: resolve device mapper devices for fallback device lookup - secboot: add boot manager profile to pcr protection profile - sysconfig,o/devicestate: mv DisableNoCloud to DisableAfterLocalDatasourcesRun - tests: make gadget-reseal more robust - tests: skip nested images pre-configuration by default - tests: fix for basic20 test running on external backend and rpi - tests: improve kernel reseal test - boot: adjust comments, naming, log success around reseal - tests/nested, fakestore: changes necessary to run nested uc20 signed/secured tests - tests: add nested core20 gadget reseal test - boot/modeenv: track unknown keys in Read and put back into modeenv during Write - interfaces/process-control: add sched_setattr to seccomp - boot: with unasserted kernels reseal if there's a hint modeenv changed - client: bump the default request timeout to 120s - configcore: do not error in console-conf.disable for install mode - boot: streamline bootstate20.go reseal and tests changes - boot: reseal when changing kernel - cmd/snap/model: specify grade in the model command output - tests: simplify repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks - test: improve logging in nested tests - nested: add support to telnet to serial port in nested VM - secboot: use the snapcore/secboot native recovery key type - tests/lib/nested.sh: use more focused cloud-init config for uc20 - tests/lib/nested.sh: wait for the tpm socket to exist - spread.yaml, tests/nested: misc changes - tests: add more checks to disk space awareness spread test - tests: disk space awareness spread test - boot: make MockUC20Device use a model and MockDevice more realistic - boot,many: reseal only when meaningful and necessary - tests/nested/core20/kernel-failover: add test for failed refresh of uc20 kernel - tests: fix nested to work with qemu and kvm - boot: reseal when updating boot assets - tests: fix snap-routime-portal-info test - boot: verify boot chain file in seal and reseal tests - tests: use full path to test-snapd-refresh.version binary - boot: store boot chains during install, helper for checking whether reseal is needed - boot: add call to reseal an existing key - boot: consider boot chains with unrevisioned kernels incomparable - overlord: assorted typos and miscellaneous changes - boot: group SealKeyModelParams by model, improve testing - secboot: adjust parameters to buildPCRProtectionProfile - strutil: add SortedListsUniqueMergefrom the doc comment: - snap/naming: upgrade TODO to TODO:UC20 - secboot: add call to reseal an existing key - boot: in seal.go adjust error message and function names - o/snapstate: check available disk space in RemoveMany - boot: build bootchains data for sealing - tests: remove "set -e" from function only shell libs - o/snapstate: disk space check on UpdateMany - o/snapstate: disk space check with snap update - snap: implement new `snap reboot` command - boot: do not reorder boot assets when generating predictable boot chains and other small tweaks - tests: some fixes and improvements for nested execution - tests/core/uc20-recovery: fix check for at least specific calls to mock-shutdown - boot: be consistent using bootloader.Role* consts instead of strings - boot: helper for generating secboot load chains from a given boot asset sequence - boot: tweak boot chains to support a list of kernel command lines, keep track of model and kernel boot file - boot,secboot: switch to expose and use snapcore/secboot load event trees - tests: use `nested_exec` in core{20,}-early-config test - devicestate: enable cloud-init on uc20 for grade signed and secured - boot: add "rootdir" to baseBootenvSuite and use in tests - tests/lib/cla_check.py: don't allow users.noreply.github.com commits to pass CLA - boot: represent boot chains, helpers for marshalling and equivalence checks - boot: mark successful with boot assets - client, api: handle insufficient space error - o/snapstate: disk space check with single snap install - configcore: "service.console-conf.disable" is gadget defaults only - packaging/opensuse: fix for /usr/libexec on TW, do not hardcode AppArmor profile path - tests: skip udp protocol in nfs-support test on ubuntu-20.10 - packaging/debian-sid: tweak code preparing _build tree - many: move seal code from gadget/install to boot - tests: remove workaround for cups on ubuntu-20.10 - client: implement RebootToSystem - many: seed.Model panics now if called before LoadAssertions - daemon: add /v2/systems "reboot" action API - github: run tests also on push to release branches - interfaces/bluez: let slot access audio streams - seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with new seed.ReadSystemEssential - interfaces: allow snap-update-ns to read /proc/cmdline - tests: new organization for nested tests - o/snapstate, features: add feature flags for disk space awareness - tests: workaround for cups issue on 20.10 where default printer is not configured. - interfaces: update cups-control and add cups for providing snaps - boot: keep track of the original asset when observing updates - tests: simplify and fix tests for disk space checks on snap remove - sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for cloud.conf - tests/main: mv core specific tests to core suite - tests/lib/nested.sh: reset the TPM when we create the uc20 vm - devicestate: rename "mockLogger" to "logbuf" - many: introduce ContentChange for tracking gadget content in observers - many: fix partion vs partition typo - bootloader: retrieve boot chains from bootloader - devicestate: add tests around logging in RequestSystemAction - boot: handle canceled update - bootloader: tweak doc comments (thanks Samuele) - seed/seedwriter: test local asserted snaps with UC20 grade signed - sysconfig/cloudinit.go: add DisableNoCloud to CloudInitRestrictOptions - many: use BootFile type in load sequences - boot,bootloader: clarifications after the changes to introduce bootloader.Options.Role - boot,bootloader,gadget: apply new bootloader.Options.Role - o/snapstate, features: add feature flag for disk space check on remove - testutil: add checkers for symbolic link target - many: refactor tpm seal parameter setting - boot/bootstate20: reboot to rollback to previous kernel - boot: add unit test helpers - boot: observe update & rollback of trusted assets - interfaces/utf: Add MIRKey to u2f devices - o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20 cloud-init tests - many: check that users of BaseTest don't forget to consume cleanups - tests/nested/core20/tpm: verify trusted boot assets tracking - github: run macOS job with Go 1.14 - many: misc doc-comment changes and typo fixes - o/snapstate: disk space check with InstallMany - many: cloud-init cleanups from previous PR's - tests: running tests on opensuse leap 15.2 - run-checks: check for dirty build tree too - vendor: run ./get-deps.sh to update the secboot hash - tests: update listing test for "-dirty" versions - overlord/devicestate: do not release the state lock when updating gadget assets - secboot: read kernel efi image from snap file - snap: add size to the random access file return interface - daemon: correctly parse Content-Type HTTP header. - tests: account for apt-get on core18 - cmd/snap-bootstrap/initramfs-mounts: compute string outside of loop - mkversion.sh: simple hack to include dirty in version if the tree is dirty - cgroup,snap: track hooks on system bus only - interfaces/systemd: compare dereferenced Service - run-checks: only check files in git for misspelling - osutil: add a package doc comment (via doc.go) - boot: complain about reused asset name during initial install - snapstate: installSize helper that calculates total size of snaps and their prerequisites - snapshots: export of snapshots - boot/initramfs_test.go: reset boot vars on the bootloader for each iteration * New upstream release, LP: #1891134 - interfaces: allow snap-update-ns to read /proc/cmdline - github: run macOS job with Go 1.14 - o/snapstate, features: add feature flag for disk space check on remove - tests: account for apt-get on core18 - mkversion.sh: include dirty in version if the tree is dirty - interfaces/systemd: compare dereferenced Service - vendor.json: update mysterious secboot SHA again * New upstream release, LP: #1891134 - logger: add support for setting snapd.debug=1 on kernel cmdline - o/snapstate: check disk space before creating automatic snapshot on remove - boot, o/devicestate: observe existing recovery bootloader trusted boot assets - many: use transient scope for tracking apps and hooks - features: add HiddenSnapFolder feature flag - tests/lib/nested.sh: fix partition typo, unmount the image on uc20 too - runinhibit: open the lock file in read-only mode in IsLocked - cmd/s-b/initramfs-mounts: make recover -> run mode transition automatic - tests: update spread test for unknown plug/slot with snapctl is- connected - osutil: add OpenExistingLockForReading - kernel: add kernel.Validate() - interfaces: add vcio interface - interfaces/{docker,kubernetes}-support: load overlay and support systemd cgroup driver - tests/lib/nested.sh: use more robust code for finding what loop dev we mounted - cmd/snap-update-ns: detach all bind-mounted file - snap/snapenv: set SNAP_REAL_HOME - packaging: umount /snap on purge in containers - interfaces: misc policy updates xlvi - secboot,cmd/snap-bootstrap: cross-check partitions before unlocking, mounting - boot: copy boot assets cache to new root - gadget,kernel: add new kernel.{Info,Asset} struct and helpers - o/hookstate/ctlcmd: make is-connected check whether the plug or slot exists - tests: find -ignore_readdir_race when scanning cgroups - interfaces/many: deny arbitrary desktop files and misc from /usr/share - tests: use "set -ex" in prep-snapd-in-lxd.sh - tests: re-enable udisks test on debian-sid - cmd/snapd-generator: use PATH fallback if PATH is not set - tests: disable udisks2 test on arch linux - github: use latest/stable go, not latest/edge - tests: remove support for ubuntu 19.10 from spread tests - tests: fix lxd test wrongly tracking 'latest' - secboot: document exported functions - cmd: compile snap gdbserver shim correctly - many: correctly calculate the desktop file prefix everywhere - interfaces: add kernel-crypto-api interface - corecfg: add "system.timezone" setting to the system settings - cmd/snapd-generator: generate drop-in to use fuse in container - cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments from previous PR - interfaces/many: miscellaneous updates for strict microk8s - secboot,cmd/snap-bootstrap: don't import boot package from secboot - cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of the-tool - tests: work around broken update of systemd-networkd - tests/main/install-fontconfig-cache-gen: enhance test by verifying, add fonts to test - o/devicestate: wrap asset update observer error - boot: refactor such that bootStateUpdate20 mainly carries Modeenv - mkversion.sh: disallow changelog versions that have git in it, if we also have git version - interfaces/many: miscellaneous updates for strict microk8s - snap: fix repeated "cannot list recovery system" and add test - boot: track trusted assets during initial install, assets cache - vendor: update secboot to fix key data validation - tests: unmount FUSE file-systems from XDG runtime dir - overlord/devicestate: workaround non-nil interface with nil struct - sandbox/cgroup: remove temporary workaround for multiple cgroup writers - sandbox/cgroup: detect dangling v2 cgroup - bootloader: add helper for creating a bootloader based on gadget - tests: support different images on nested execution - many: reorg cmd/snapinfo.go into snap and new client/clientutil - packaging/arch: use external linker when building statically - tests: cope with ghost cgroupv2 - tests: fix issues related to restarting systemd-logind.service - boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to gadget updates - vendor: update github.com/kr/pretty to fix diffs of values with pointer cycles - boot: move bootloaderKernelState20 impls to separate file - .github/workflows: move snap building to test.yaml as separate cached job - tests/nested/manual/minimal-smoke: run core smoke tests in a VM meeting minimal requirements - osutil: add CommitAs to atomic file - gadget: introduce content update observer - bootloader: introduce TrustedAssetsBootloader, implement for grub - o/snapshotstate: helpers for calculating disk space needed for an automatic snapshot - gadget/install: retrieve command lines from bootloader - boot/bootstate20: unify commit method impls, rm bootState20MarkSuccessful - tests: add system information and image information when debug info is displayed - tests/main/cgroup-tracking: try to collect some information about cgroups - boot: introduce current_boot_assets and current_recovery_boot_assets to modeenv - tests: fix for timing issues on journal-state test - many: remove usage and creation of hijacked pid cgroup - tests: port regression-home-snap-root-owned to tests.session - tests: run as hightest via tests.session - github: run CLA checks on self-hosted workers - github: remove Ubuntu 19.10 from actions workflow - tests: remove End-Of-Life opensuse/fedora releases - tests: remove End-Of-Life releases from spread.yaml - tests: fix debug section of appstream-id test - interfaces: check !b.preseed earlier - tests: work around bug in systemd/debian - boot: add deepEqual, Copy helpers for Modeenv to simplify bootstate20 refactor - cmd: add new "snap recovery" command - interfaces/systemd: use emulation mode when preseeding - interfaces/kmod: don't load kernel modules in kmod backend when preseeding - interfaces/udev: do not reload udevadm rules when preseeding - cmd/snap-preseed: use snapd from the deb if newer than from seeds - boot: fancy marshaller for modeenv values - gadget, osutil: use atomic file copy, adjust tests - overlord: use new tracking cgroup for refresh app awareness - github: do not skip gofmt with Go 1.9/1.10 - many: introduce content write observer, install mode glue, initial seal stubs - daemon,many: switch to use client.ErrorKind and drop the local errorKind... - tests: new parameters for nested execution - client: move all error kinds into errors.go and add doc strings - cmd/snap: display the error in snap debug seeding if seeding is in error - cmd/snap/debug/seeding: use unicode for proper yaml - tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty recovery_mode - osutil/disks: add mock disk and tests for happy path of mock disks - tests: refresh/revert snapd in uc20 - osutil/disks: use a dedicated error to indicate a fs label wasn't found - interfaces/system-key: in WriteSystemKey during tests, don't call ParserFeatures - boot: add current recovery systems to modeenv - bootloader: extend managed assets bootloader interface to compose a candidate command line - interfaces: make the unmarshal test match more the comment - daemon/api: use pointers to time.Time for debug seeding aspect - o/ifacestate: update security profiles in connect undo handler - interfaces: add uinput interface - cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit tests - o/devicestate: save seeding/preseeding times for use with debug seeding api - cmd/snap/debug: add "snap debug seeding" command for preseeding debugging - tests/main/selinux-clean: workaround SELinux denials triggered by linger setup on Centos8 - bootloader: compose command line with mode and extra arguments - cmd/snap, daemon: detect and bail purge on multi-snap - o/ifacestate: fix bug in snapsWithSecurityProfiles - interfaces/builtin/multipass: replace U+00A0 no-break space with simple space - bootloader/assets: generate bootloader assets from files - many/tests/preseed: reset the preseeded images before preseeding them - tests: drop accidental accents from e - secboot: improve key sealing tests - tests: replace _wait_for_file_change with retry - tests: new fs-state which replaces the files.sh helper - sysconfig/cloudinit_test.go: add test for initramfs case, rm "/" from path - cmd/snap: track started apps and hooks - tests/main/interfaces-pulseaudio: disable start limit checking for pulseaudio service - api: seeding debug api - .github/workflows/snap-build.yaml: build the snapd snap via GH Actions too - tests: moving journalctl.sh to a new journal-state tool - tests/nested/manual: add spread tests for cloud-init vuln - bootloader/assets: helpers for registering per-edition snippets, register snippets for grub - data,packaging,wrappers: extend D-Bus service activation search path - spread: add opensuse 15.2 and tumbleweed for qemu - overlord,o/devicestate: restrict cloud-init on Ubuntu Core - sysconfig/cloudinit: add RestrictCloudInit - cmd/snap-preseed: check that target path exists and is a directory on --reset - tests: check for pids correctly - gadget,gadget/install: refactor partition table update - sysconfig/cloudinit: add CloudInitStatus func + CloudInitState type - interface/fwupd: add more policies for making fwupd upstream strict - tests: new to-one-line tool which replaces the strings.sh helper - interfaces: new helpers to get and compare system key, for use with seeding debug api - osutil, many: add helper for checking whether the process is a go test binary - cmd/snap-seccomp/syscalls: add faccessat2 - tests: adjust xdg-open after launcher changes - tests: new core config helper - usersession/userd: do not modify XDG_DATA_DIRS when calling xdg- open - cmd/snap-preseed: handle relative chroot path - snapshotstate: move sizer to osutil.Sizer() - tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref kernel tests - gadget/install,secboot: use snapcore/secboot luks2 api - boot/initramfs_test.go: add Commentf to more Assert()'s - tests/lib: account for changes in arch package file name extension - bootloader/bootloadertest: fix comment typo - bootloader: add helper for getting recovery system environment variables - tests: preinstall shellcheck and run tests on focal - strutil: add a helper for parsing kernel command line - osutil: add CheckFreeSpace helper - secboot: update tpm connection error handling - packaging, cmd/snap-mgmt, tests: remove modules files on purge - tests: add tests.cleanup helper - packaging: add "ca-certificates" to build-depends - tests: more checks in core20 early config spread test - tests: fix some snapstate tests to use pointers for snapmgrTestSuite - boot: better naming of helpers for obtaining kernel command line - many: use more specific check for unit test mocking - systemd/escape: fix issues with "" and "\t" handling - asserts: small improvements and corrections for sequence-forming assertions' support - boot, bootloader: query kernel command line of run mod and recovery mode systems - snap/validate.go: disallow snap layouts with new top-level directories - tests: allow to add a new label to run nested tests as part of PR validation - tests/core/gadget-update-pc: port to UC20 - tests: improve nested tests flexibility - asserts: integer headers: disallow prefix zeros and make parsing more uniform - asserts: implement Database.FindSequence - asserts: introduce SequenceMemberAfter in the asserts backstores - spread.yaml: remove tests/lib/tools from PATH - overlord: refuse to install snaps whose activatable D-Bus services conflict with installed snaps - tests: shorten lxd-state undo-mount-changes - snap-confine: don't die if a device from sysfs path cannot be found by udev - tests: fix argument handling of apt-state - tests: rename lxd-tool to lxd-state - tests: rename user-tool to user-state, fix --help - interfaces: add gconf interface - sandbox/cgroup: avoid parsing security tags twice - tests: rename version-tool to version-compare - cmd/snap-update-ns: handle anomalies better - tests: fix call to apt.Package.mark_install(auto_inst=True) - tests: rename mountinfo-tool to mountinfo.query - tests: rename memory-tool to memory-observe-do - tests: rename invariant-tool to tests.invariant - tests: rename apt-tool to apt-state - many: managed boot config during run mode setup - asserts: introduce the concept of sequence-forming assertion types - tests: tweak comments/output in uc20-recovery test - tests/lib/pkgdb: do not use quiet when purging debs - interfaces/apparmor: allow snap-specific /run/lock - interfaces: add system-source-code for access to /usr/src - sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data - gadget/install: move udev trigger to gadget/install - many: make nested spread tests more reliable - tests/core/uc20-recovery: apply hack to get gopath in recover mode w/ external backend - tests: enable tests on uc20 which now work with the real model assertion - tests: enable system-snap-refresh test on uc20 - gadget, bootloader: preserve managed boot assets during gadget updates - tests: fix leaked dbus-daemon in selinux-clean - tests: add servicestate.Control tests - tests: fix "restart.service" - wrappers: helper for enabling services - extract and move enabling of services into a helper - tests: new test to validate refresh and revert of kernel and gadget on uc20 - tests/lib/prepare-restore: collect debug info when prepare purge fails - bootloader: allow managed bootloader to update its boot config - tests: Remove unity test from nightly test suite - o/devicestate: set mark-seeded to done in the task itself - tests: add spread test for disconnect undo caused by failing disconnect hook - sandbox/cgroup: allow discovering PIDs of given snap - osutil/disks: support IsDecryptedDevice for mountpoints which are dm devices - osutil: detect autofs mounted in /home - spread.yaml: allow amazon-linux-2-64 qemu with ec2-user/ec2-user - usersession: support additional zoom URL schemes - overlord: mock timings.DurationThreshold in TestNewWithGoodState - sandbox/cgroup: add tracking helpers - tests: detect stray dbus-daemon - overlord: refuse to install snaps providing user daemons on Ubuntu 14.04 - many: move encryption and installer from snap-boostrap to gadget - o/ifacestate: fix connect undo handler - interfaces: optimize rules of multiple connected iio/i2c/spi plugs - bootloader: introduce managed bootloader, implement for grub - tests: fix incorrect check in smoke/remove test - asserts,seed: split handling of essential/not essential model snaps - gadget: fix typo in mounted filesystem updater - gadget: do only one mount point lookup in mounted fs updater - tests/core/snap-auto-mount: try to make the test more robust - tests: adding ubuntu-20.04 to google-sru backend - o/servicestate: add updateSnapstateServices helper - bootloader: pull recovery grub config from internal assets - tests/lib/tools: apply linger workaround when needed - overlord/snapstate: graceful handling of denied "managed" refresh schedule - snapstate: fix autorefresh from classic->strict - overlord/configstate: add system.kernel.printk.console-loglevel option - tests: fix assertion disk handling for nested UC systems - snapstate: use testutil.HostScaledTimeout() in snapstate tests - tests: extra worker for google-nested backend to avoid timeout error on uc20 - snapdtool: helper to check whether the current binary is reexeced from a snap - tests: mock servicestate in api tests to avoid systemctl checks - many: rename back snap.Info.GetType to Type - tests/lib/cla_check: expect explicit commit range - osutil/disks: refactor diskFromMountPointImpl a bit - o/snapstate: service-control task handler - osutil: add disks pkg for associating mountpoints with disks/partitions - gadget,cmd/snap-bootstrap: move partitioning to gadget - seed: fix LoadEssentialMeta when gadget is not loaded - cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo secure_path - asserts: introduce new assertion validation-set - asserts,daemon: add support for "serials" field in system-user assertion - data/sudo: drop a failed sudo secure_path workaround - gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat - boot, snap-bootstrap: move initramfs-mounts logic to boot pkg - spread.yaml: update secure boot attribute name - interfaces/block_devices: add NVMe subsystem devices, support multipath paths - tests: use the "jq" snap from the edge channel - tests: simplify the tpm test by removing the test-snapd-mokutil snap - boot/bootstate16.go: clean snap_try_* vars when not in Trying status too - tests/main/sudo-env: check snap path under sudo - tests/main/lxd: add test for snaps inside nested lxd containers not working - asserts/internal: expand errors about invalid serialized grouping labels - usersession/userd: add msteams url support - tests/lib/prepare.sh: adjust comment about sgdisk - tests: fix how gadget pc is detected when the snap does not exist and ls fails - tests: move a few more tests to snapstate_update_test.go - tests/main: add spread test for running svc from install hook - tests/lib/prepare: increase the size of the uc16/uc18 partitions - tests/special-home-can-run-classic-snaps: re-enable - workflow: test PR title as part of the static checks again - tests/main/xdg-open-compat: backup and restore original xdg-open - tests: move update-related tests to snapstate_update_test.go - cmd,many: move Version and bits related to snapd tools to snapdtool, merge cmdutil - tests/prepare-restore.sh: reset-failed systemd-journald before restarting - interfaces: misc small interface updates - spread: use find rather than recursive ls, skip mounted snaps - tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls /var/lib/snapd - tests: enable snap-auto-mount test on core20 - cmd/snap: do not show $PATH warning when executing under sudo on a known distro - asserts/internal: add some iteration benchmarks - sandbox/cgroup: improve pid parsing code - snap: add new `snap run --experimental-gdbserver` option - asserts/internal: limit Grouping size switching to a bitset representationWe don't always use the bit-set representation because: - snap: add an activates-on property to apps for D-Bus activation - dirs: delete unused Cloud var, fix typo - sysconfig/cloudinit: make callers of DisableCloudInit use WritableDefaultsDir - tests: fix classic ubuntu core transition auth - tests: fail in setup_reflash_magic() if there is snapd state left - tests: port interfaces-many-core-provided to tests.session - tests: wait after creating partitions with sfdisk - bootloader: introduce bootloarder assets, import grub.cfg with an edition marker - riscv64: bump timeouts - gadget: drop dead code, hide exports that are not used externally - tests: port 2 uc20 part1 - tests: fix bug waiting for snap command to be ready - tests: move try-related tests to snapstate_try_test.go - tests: add debug for 20.04 prepare failure - travis.yml: removed, all our checks run in GH actions now - tests: clean up up the use of configcoreSuite in the configcore tests - sandbox/cgroup: remove redundant pathOfProcPidCgroup - sandbox/cgroup: add tests for ParsePids - tests: fix the basic20 test for uc20 on external backend - tests: use configcoreSuite in journalSuite and remove some duplicated code - tests: move a few more tests to snapstate_install_test - tests: assorted small patches - dbusutil/dbustest: separate license from package - interfaces/builtin/time-control: allow POSIX clock API - usersession/userd: add "slack" to the white list of URL schemes handled by xdg-open - tests: check that host settings like hostname are settable on core - tests: port xdg-settings test to tests.session - tests: port snap-handle-link test to tests.session - arch: add riscv64 - tests: core20 early defaults spread test - tests: move install tests from snapstate_test.go to snapstate_install_test.go - github: port macOS sanity checks from travis - data/selinux: allow checking /var/cache/app-info - o/devicestate: core20 early config from gadget defaults - tests: autoremove after removing lxd in preseed-lxd test - secboot,cmd/snap-bootstrap: add tpm sealing support to secboot - sandbox/cgroup: move FreezerCgroupDir from dirs.go - tests: update the file used to detect the boot path on uc20 - spread.yaml: show /var/lib/snapd in debug - cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock + netplan files - snap/naming: add helpers to parse app and hook security tags - tests: modernize retry tool - tests: fix and trim debug section in xdg-open-portal - tests: modernize and use snapd.tool - vendor: update to latest github.com/snapcore/bolt for riscv64 - cmd/snap-confine: add support for libc6-lse - interfaces: miscellaneous policy updates xlv - interfaces/system-packages-doc: fix typo in variable names - tests: port interfaces-calendar-service to tests.session - tests: install/run the lzo test snap too - snap: (small) refactor of `snap download` code for testing/extending - data: fix shellcheck warnings in snapd.sh.in - packaging: disable buildmode=pie for riscv64 - tests: install test-snapd-rsync snap from edge channel - tests: modernize tests.session and port everything using it - tests: add ubuntu 20.10 to spread tests - cmd/snap/remove: mention snap restore/automatic snapshots - dbusutil: move all D-Bus helpers and D-Bus test helpers - wrappers: pass 'disable' flag to StopServices wrapper - osutil: enable riscv64 build - snap/naming: add ParseSecurityTag and friends - tests: port document-portal-activation to session-tool - bootloader: rename test helpers to reflect we are mocking EFI boot locations - tests: disable test of nfs v3 with udp proto on debian-sid - tests: plan to improve the naming and uniformity of utilities - tests: move *-tool tests to their own suite - snap-bootstrap: remove sealed key file on reinstall - bootloader/ubootenv: don't panic with an empty uboot env - systemd: rename actualFsTypeAndMountOptions to hostFsTypeAndMountOptions - daemon: fix filtering of service-control changes for snap.app - tests: spread test for preseeding in lxd container - tests: fix broken snapd.session agent.socket - wrappers: add RestartServices function and ReloadOrRestart to systemd - o/cmdstate: handle ignore flag on exec-command tasks - gadget: make ext4 filesystems with or without metadata checksum - tests: update statx test to run on all LTS releases - configcore: show better error when disabling services - interfaces: add hugepages-control - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ - tests: run ubuntu-20.04-* tests on all ubuntu-2* releases - tests: skip interfaces-openvswitch for centos 8 in nightly suite - tests: reload systemd --user for root, if present - tests: reload systemd after editing /etc/fstab - tests: add missing dependencies needed for sbuild test on debian - tests: reload systemd after removing pulseaudio - image, tests: core18 early config. - interfaces: add system-packages-doc interface - cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when preseeding - interfaces/fwupd: allow bind mount to /boot on core - tests: improve oom-vitality tests - tests: add fedora 32 to spread.yaml - config: apply vitality-hint immediately when the config changes - tests: port snap-routine-portal-info to session-tool - configcore: add "service.console-conf.disable" config option - tests: port xdg-open to session-tool - tests: port xdg-open-compat to session-tool - tests: port interfaces-desktop-* to session-tool - spread.yaml: apply yaml formatter/linter - tests: port interfaces-wayland to session-tool - o/devicestate: refactor current system handling - snap-mgmt: perform cleanup of user services - snap/snapfile,squashfs: followups from 8729 - boot, many: require mode in modeenv - data/selinux: update policy to allow forked processes to call getpw*() - tests: log stderr from dbus-monitor - packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers tag - snap/squashfs: also symlink snap Install with uc20 seed snap dir layout - interfaces/builtin/desktop: do not mount fonts cache on distros with quirks - data/selinux: allow snapd to remove/create the its socket - testutil/exec.go: set PATH after running shellcheck - tests: silence stderr from dbus-monitor - snap,many: mv Open to snapfile pkg to support add'l options to Container methods - devicestate, sysconfig: revert support for cloud.cfg.d/ in the gadget - github: remove workaround for bug 133 in actions/cache - tests: remove dbus.sh - cmd/snap-preseed: improve mountpoint checks of the preseeded chroot - spread.yaml: add ps aux to debug section - github: run all spread systems in a single go with cached results - test: session-tool cli tweaks - asserts: rest of the Pool API - tests: port interfaces-network-status-classic to session-tool - packaging: remove obsolete 16.10,17.04 symlinks - tests: setup portals before starting user session - o/devicestate: typo fix - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed devices - cmd/snap/model: support store, system-user-authority keys in --verbose - o/devicestate: raise conflict when requesting system action while seeding - tests: detect signs of crashed snap-confine - tests: sign kernel and gadget to run nested tests using current snapd code - tests: remove gnome-online-accounts we install - tests: fix the issue where all the tests were executed on secboot system - tests: port interfaces-accounts-service to session-tool - interfaces/network-control: bring /var/lib/dhcp from host - image,cmd/snap,tests: add support for store-wide cohort keys - configcore: add nomanagers buildtag for conditional build - tests: port interfaces-password-manager-service to session-tool - o/devicestate: cleanup system actions supported by recover mode - snap-bootstrap: remove create-partitions and update tests - tests: fix nested tests - packaging/arch: update PKGBUILD to match one in AUR - tests: port interfaces-location-control to session-tool - tests: port interfaces-contacts-service to session-tool - state: log task errors in the journal too - o/devicestate: change how current system is reported for different modes - devicestate: do not report "ErrNoState" for seeded up - tests: add a note about broken test sequence - tests: port interfaces-autopilot-introspection to session-tool - tests: port interfaces-dbus to session-tool - packaging: update sid packaging to match 16.04+ - tests: enable degraded test on uc20 - c/snaplock/runinhibit: add run inhibition operations - tests: detect and report root-owned files in /home - tests: reload root's systemd --user after snapd tests - tests: test registration with serial-authority: [generic] - cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon- key in recover - tests/mount-ns: stop binfmt_misc mount unit - cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition uuid if available - daemon, tests: indicate system mode, test switching to recovery and back to run - interfaces/desktop: silence more /var/lib/snapd/desktop/icons denials - tests/mount-ns: update to reflect new UEFI boot mode - usersession,tests: clean ups for userd/settings.go and move xdgopenproxy under usersession - tests: disable mount-ns test - tests: test user belongs to systemd-journald, on core20 - tests: run core/snap-set-core-config on uc20 too - tests: remove generated session-agent units - sysconfig: use new _writable_defaults dir to create cloud config - cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for future work - asserts: make clearer that with label we mean a serialized label - cmd/snap-bootstrap: tweak recovery trigger log messages - asserts: introduce PoolTo - userd: allow setting default-url-scheme-handler - secboot: append uuid to ubuntu-data when decrypting - o/configcore: pass extra options to FileSystemOnlyApply - tests: add dbus-user-session to bionic and reorder package names - boot, bootloader: adjust comments, expand tests - tests: improve debugging of user session agent tests - packaging: add the inhibit directory - many: add core.resiliance.vitality-hint config setting - tests: test adjustments and fixes for recently published images - cmd/snap: coldplug auto-import assertions from all removable devices - secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to secboot - tests: not fail when boot dir cannot be determined - tests: new directory used to store the cloud images on gce - tests: inject snapd from edge into seeds of the image in manual preseed test - usersession/agent,wrappers: fix races between Shutdown and Serve - tests: add dependency needed for next upgrade of bionic - tests: new test user is used for external backend - cmd/snap: fix the order of positional parameters in help output - tests: don't create root-owned things in ~test - tests/lib/prepare.sh: delete patching of the initrd - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy as well - progress: tweak multibyte label unit test data - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline - gadget: fix fallback device lookup for 'mbr' type structures - configcore: only reload journald if systemd is new enough - cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data - wrappers: allow user mode systemd daemons - progress: fix progress bar with multibyte duration units - tests: fix raciness in pulseaudio test - asserts/internal: introduce Grouping and Groupings - tests: remove user.sh - tests: pair of follow-ups from earlier reviews - overlord/snapstate: warn of refresh/postpone events - configcore,tests: use daemon-reexec to apply watchdog config - c/snap-bootstrap: check mount states via initramfsMountStates - store: implement DownloadAssertions - tests: run smoke test with different bases - tests: port user-mounts test to session-tool - store: handle error-list in fetch-assertions results - tests: port interfaces-audio-playback-record to session-tool - data/completion: add `snap` command completion for zsh - tests/degraded: ignore failure in systemd-vconsole-setup.service - image: stub implementation of image.Prepare for darwin - tests: session-tool --restore -u stops user-$UID.slice - o/ifacestate/handlers.go: fix typo - tests: port pulseaudio test to session-tool - tests: port user-session-env to session-tool - tests: work around journald bug in core16 - tests: add debug to core-persistent-journal test - tests: port selinux-clean to session-tool - tests: port portals test to session-tool, fix portal tests on sid - tests: adding option --no-install-recommends option also when install all the deps - tests: add session-tool --has-systemd-and-dbus - packaging/debian-sid: add gcc-multilib to build deps - osutil: expand FileLock to support shared locks and more - packaging: stop depending on python-docutils - store,asserts,many: support the new action fetch-assertions - tests: port snap-session-agent-* to session-tool - packaging/fedora: disable FIPS compliant crypto for static binaries - tests: fix for preseeding failures * New upstream release, LP: #1875071 - o/ifacestate: fix bug in snapsWithSecurityProfiles - tests/main/selinux-clean: workaround SELinux denials triggered by linger setup on Centos8 * New upstream release, LP: #1875071 - many: backport _writable_defaults dir changes - tests: fix incorrect check in smoke/remove test - cmd/snap-bootstrap,seed: backport of uc20 PRs - tests: avoid exit when nested type var is not defined - cmd/snap-preseed: backport fixes - interfaces: optimize rules of multiple connected iio/i2c/spi plugs - many: cherry-picks for 2.45, gh-action, test fixes - tests/lib: account for changes in arch package file name extension - postrm, snap-mgmt: cleanup modules and other cherry-picks - snap-confine: don't die if a device from sysfs path cannot be found by udev - data/selinux: update policy to allow forked processes to call getpw*() - tests/main/interfaces-time-control: exercise setting time via date - interfaces/builtin/time-control: allow POSIX clock API - usersession/userd: add "slack" to the white list of URL schemes handled by xdg-open * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open implementation - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment variable modification when calling the system xdg-open. Patch thanks to James Henstridge - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is restarted. Patch thanks to Michael Vogt - CVE-2020-11934 - LP: #1880085 * SECURITY UPDATE: arbitrary code execution vulnerability on core devices with access to physical removable media - devicestate: Disable/restrict cloud-init after seeding. - CVE-2020-11933 - LP: #1879530 * New upstream release, LP: #1875071 - data/selinux: allow checking /var/cache/app-info - cmd/snap-confine: add support for libc6-lse - interfaces: miscellaneous policy updates xlv - snap-bootstrap: remove sealed key file on reinstall - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ - gadget: make ext4 filesystems with or without metadata checksum - interfaces/fwupd: allow bind mount to /boot on core - tests: cherry-pick test fixes from master - snap/squashfs: also symlink snap Install with uc20 seed snap dir layout - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed devices - snap,many: mv Open to snapfile pkg to support add'l options to Container methods - interfaces/builtin/desktop: do not mount fonts cache on distros with quirks - devicestate, sysconfig: revert support for cloud.cfg.d/ in the gadget - data/completion, packaging: cherry-pick zsh completion - state: log task errors in the journal too - devicestate: do not report "ErrNoState" for seeded up - interfaces/desktop: silence more /var/lib/snapd/desktop/icons denials - packaging/fedora: disable FIPS compliant crypto for static binaries - packaging: stop depending on python-docutils * New upstream release, LP: #1875071 - o/devicestate: support doing system action reboots from recover mode - vendor: update to latest secboot - tests: not fail when boot dir cannot be determined - configcore: only reload journald if systemd is new enough - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data when decrypting - tests/lib/prepare.sh: delete patching of the initrd - cmd/snap: coldplug auto-import assertions from all removable devices - cmd/snap: fix the order of positional parameters in help output - c/snap-bootstrap: port mount state mocking to the new style on master - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy as well - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline, unlock in recover mode initramfs - progress: tweak multibyte label unit test data - gadget: fix fallback device lookup for 'mbr' type structures - progress: fix progress bar with multibyte duration units - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20 - many: put the sealed keys in a directory on seed for tidiness - cmd/snap-bootstrap: measure epoch and model before unlocking encrypted data - o/configstate: core config handler for persistent journal - bootloader/uboot: use secondary ubootenv file boot.sel for uc20 - packaging: add "$TAGS" to dh_auto_test for debian packaging - tests: ensure $cache_dir is actually available - secboot,cmd/snap-bootstrap: add model to pcr protection profile - devicestate: do not use snap-boostrap in devicestate to install - tests: fix a typo in nested.sh helper - devicestate: add support for cloud.cfg.d config from the gadget - cmd/snap-bootstrap: cleanups, naming tweaks - testutil: add NewDBusTestConn - snap-bootstrap: lock access to sealed keys - overlord/devicestate: preserve the current model inside ubuntu- boot - interfaces/apparmor: use differently templated policy for non-core bases - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing syscalls - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first, other misc changes - o/snapstate: tweak "waiting for restart" message - boot: store model model and grade information in modeenv - interfaces/firewall-control: allow -legacy and -nft for core20 - boot: enable makeBootable20RunMode for EnvRefExtractedKernel bootloaders - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20 implementation - daemon: fix error message from `snap remove-user foo` on classic - overlord: have a variant of Mock that can take a state.State - tests: 16.04 and 18.04 now have mediating pulseaudio (again) - seed: clearer errors for missing essential snapd or core snap - cmd/snap-bootstrap/initramfs-mounts: support EnvRefExtractedKernelBootloader's - gadget, cmd/snap-bootstrap: MBR schema support - image: improve/adjust DownloadSnap doc comment - asserts: introduce ModelGrade.Code - tests: ignore user-12345 slice and service - image,seed/seedwriter: support redirect channel aka default tracks - bootloader: use binary.Read/Write - tests: uc20 nested suite part II - tests/boot: refactor to make it easier for new bootloaderKernelState20 impl - interfaces/openvswitch: support use of ovs-appctl - snap-bootstrap: copy auth data from real ubuntu-data in recovery mode - snap-bootstrap: seal and unseal encryption key using tpm - tests: disable special-home-can-run-classic-snaps due to jenkins repo issue - packaging: fix build on Centos8 to support BUILDTAGS - boot/bootstate20: small changes to bootloaderKernelState20 - cmd/snap: Implement a "snap routine file-access" command - spread.yaml: switch back to latest/candidate for lxd snap - boot/bootstate20: re-factor kernel methods to use new interface for state - spread.yaml,tests/many: use global env var for lxd channel - boot/bootstate20: fix bug in try-kernel cleanup - config: add system.store-certs.[a-zA-Z0-9] support - secboot: key sealing also depends on secure boot enabled - httputil: fix client timeout retry tests - cmd/snap-update-ns: handle EBUSY when unlinking files - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20 vars - secboot: add tpm support helpers - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for kernel and gadget - cmd/snap-bootstrap: switch to a 64-byte key for unlocking - tests: preserve size for centos images on spread.yaml - github: partition the github action workflows - run-checks: use consistent "Checking ..." style messages - bootloader: add efi pkg for reading efi variables - data/systemd: do not run snapd.system-shutdown if finalrd is available - overlord: update tests to work with latest go - cmd/snap: do not hide debug boot-vars on core - cmd/snap-bootstrap: no error when not input devices are found - snap-bootstrap: fix partition numbering in create-partitions - httputil/client_test.go: add two TLS version tests - tests: ignore user@12345.service hierarchy - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things - tests: rewrite timeserver-control test - tests: fix racy pulseaudio tests - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS - tests: update snap-preseed --reset logic to accommodate for 2.44 change - cmd/snap: don't wait for system key when stopping - sandbox/cgroup: avoid making arrays we don't use - osutil: mock proc/self/mountinfo properly everywhere - selinux: export MockIsEnforcing; systemd: use in tests - tests: add 32 bit machine to GH actions - tests/session-tool: kill cron session, if any - asserts: it should be possible to omit many snap-ids if allowed, fix - boot: cleanup more things, simplify code - github: skip spread jobs when corresponding label is set - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor pkg - tests/session-tool: add session-tool --dump - github: allow cached debian downloads to restore - tests/session-tool: session ordering is non-deterministic - tests: enable unit tests on debian-sid again - github: move spread to self-hosted workers - secboot: import secboot on ubuntu, provide dummy on !ubuntu - overlord/devicestate: support for recover and run modes - snap/naming: add validator for snap security tag - interfaces: add case for rootWritableOverlay + NFS - tests/main/uc20-create-partitions: tweaks, renames, switch to 20.04 - github: port CLA check to Github Actions - interfaces/many: miscellaneous policy updates xliv - configcore,tests: fix setting watchdog options on UC18/20 - tests/session-tool: collect information about services on startup - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create- partitions - state: add state.CopyState() helper - tests/session-tool: stop anacron.service in prepare - interfaces: don't use the owner modifier for files shared via document portal - systemd: move the doc comments to the interface so they are visible - cmd/snap-recovery-chooser: tweaks - interfaces/docker-support: add overlayfs file access - packaging: use debian/not-installed to ignore snap-preseed - travis.yml: disable unit tests on travis - store: start splitting store.go and store_test.go into subtopic files - tests/session-tool: stop cron/anacron from meddling - github: disable fail-fast as spread cannot be interrupted - github: move static checks and spread over - tests: skip "/etc/machine-id" in "writablepaths" test - snap-bootstrap: store encrypted partition recovery key - httputil: increase testRetryStrategy max timelimit to 5s - tests/session-tool: kill leaking closing session - interfaces: allow raw access to USB printers - tests/session-tool: reset failed session-tool units - httputil: increase httpclient timeout in TestRetryRequestTimeoutHandling - usersession: extend timerange in TestExitOnIdle - client: increase timeout in client tests to 100ms - many: disentagle release and snapdenv from sandbox/* - boot: simplify modeenv mocking to always write a modeenv - snap-bootstrap: expand data partition on install - o/configstate: add backlight option for core config - cmd/snap-recovery-chooser: add recovery chooser - features: enable robust mount ns updates - snap: improve TestWaitRecovers test - sandbox/cgroup: add ProcessPathInTrackingCgroup - interfaces/policy: fix comment in recent new test - tests: make session tool way more robust - interfaces/seccomp: allow passing an address to setgroups - o/configcore: introduce core config handlers (3/N) - interfaces: updates to login-session-observe, network-manager and modem-manager interfaces - interfaces/policy/policy_test.go: add more tests'allow- installation: false' and we grant based on interface attributes - packaging: detect/disable broken seed in the postinst - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia library - tests: remove google-tpm backend from spread.yaml - tests: install dependencies with apt using --no-install-recommends - usersession/userd: add zoommtg url support - snap-bootstrap: fix disk layout sanity check - snap: add `snap debug state --is-seeded` helper - devicestate: generate warning if seeding fails - config, features: move and rename config.GetFeatureFlag helper to features.Flag - boot, overlord/devicestate, daemon: implement requesting boot into a given recovery system - xdgopenproxy: forward requests to the desktop portal - many: support immediate reboot - store: search v2 tweaks - tests: fix cross build tests when installing dependencies - daemon: make POST /v2/systems/