A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.
The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
* 'assert'=>'ack', 'asserts'=>'known'
* unset/zero => immediately refresh try
* - README.md: snappy => snap
* - daemon,client,overlord: progress current => done
* - image: bootstrapToRootDir => setupSeed
* - many: use "SNAP.APP as ALIAS" instead of => when listing
* - overlord/state: prevent change ready => unready
* - release,store,daemon: no more default-channel, release=>series
* cloud-init: 22.2-0ubuntu1~18.04.2 => 22.2-0ubuntu1~18.04.3
* curl: 7.58.0-2ubuntu3.18 => 7.58.0-2ubuntu3.19
* gnupg2: 2.2.4-1ubuntu1.5 => 2.2.4-1ubuntu1.6
* linux-meta: 4.15.0.187.173 => 4.15.0.188.173
* linux-signed: 4.15.0-187.198 => 4.15.0-188.199
* openssl1.0: 1.0.2n-1ubuntu5.9 => 1.0.2n-1ubuntu5.10
* openssl: 1.1.1-1ubuntu2.1~18.04.17 => 1.1.1-1ubuntu2.1~18.04.20
* shadow: 1:4.5-1ubuntu2.2 => 1:4.5-1ubuntu2.3
* snapd: 2.54.3+18.04.2ubuntu0.2 => 2.55.5+18.04
* ubuntu-advantage-tools: 27.8~18.04.1 => 27.9~18.04.1
The following is a complete changelog for this image.
new: {'linux-headers-4.15.0-188': '4.15.0-188.199', 'linux-headers-4.15.0-188-generic': '4.15.0-188.199', 'linux-modules-4.15.0-188-generic': '4.15.0-188.199'}
removed: {'linux-modules-4.15.0-187-generic': '4.15.0-187.198', 'linux-headers-4.15.0-187-generic': '4.15.0-187.198', 'linux-headers-4.15.0-187': '4.15.0-187.198'}
changed: ['cloud-init', 'curl', 'dirmngr', 'gnupg', 'gnupg-l10n', 'gnupg-utils', 'gpg', 'gpg-agent', 'gpg-wks-client', 'gpg-wks-server', 'gpgconf', 'gpgsm', 'gpgv', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'libssl1.0.0:amd64', 'libssl1.1:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.15.0-188-generic', 'linux-image-virtual', 'linux-virtual', 'login', 'openssl', 'passwd', 'snapd', 'ubuntu-advantage-tools', 'uidmap']
new snaps: {}
removed snaps: {}
changed snaps: []
==== cloud-init: 22.2-0ubuntu1~18.04.2 => 22.2-0ubuntu1~18.04.3 ====
==== cloud-init
* SECURITY UPDATE: schema errors can cause cloud-init to leak
userdata to system logs
- d/cloud-init.postinst: redact previously leaked schema errors
from logs
- Remove schema errors from log (LP: #1978422)
- CVE-2022-2084
==== curl: 7.58.0-2ubuntu3.18 => 7.58.0-2ubuntu3.19 ====
==== curl libcurl3-gnutls:amd64 libcurl4:amd64
* SECURITY UPDATE: HTTP compression denial of service
- debian/patches/CVE-2022-32206.patch: return error on too many
compression steps in lib/content_encoding.c.
- CVE-2022-32206
* SECURITY UPDATE: FTP-KRB bad msg verification
- debian/patches/CVE-2022-32208.patch: return error properly
on decode errors in lib/krb5.c.
- CVE-2022-32208
==== gnupg2: 2.2.4-1ubuntu1.5 => 2.2.4-1ubuntu1.6 ====
==== dirmngr gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm gpgv
* SECURITY UPDATE: signature forgery via injection into the status line
- debian/patches/CVE-2022-34903.patch: Fix garbled status messages in
NOTATION_DATA in g10/cpr.c.
- CVE-2022-34903
==== linux-meta: 4.15.0.187.173 => 4.15.0.188.173 ====
==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual
* Bump ABI 4.15.0-188
* Bump ABI 4.15.0-185
* Bump ABI 4.15.0-183
* Bump ABI 4.15.0-181
* Bump ABI 4.15.0-180
* Bump ABI 4.15.0-179
* Bump ABI 4.15.0-178
* Bump ABI 4.15.0-177
* Bump ABI 4.15.0-176
* Bump ABI 4.15.0-175
* Bump ABI 4.15.0-174
* Bump ABI 4.15.0-173
* Bump ABI 4.15.0-172
* Bump ABI 4.15.0-171
* Bump ABI 4.15.0-170
* Bump ABI 4.15.0-169
* Bump ABI 4.15.0-168
* Bump ABI 4.15.0-167
* Bump ABI 4.15.0-166
* Bump ABI 4.15.0-165
* Bump ABI 4.15.0-164
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-163
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-162
* Bump ABI 4.15.0-161
* Bump ABI 4.15.0-160
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-159
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-158
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-157
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-156
* Bump ABI 4.15.0-155
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-154
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-153
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-152
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-151
* Bump ABI 4.15.0-150
* Bump ABI 4.15.0-149
* Bump ABI 4.15.0-148
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-147
* Bump ABI 4.15.0-146
* Bump ABI 4.15.0-145
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-144
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-143
* Bump ABI 4.15.0-142
* Bump ABI 4.15.0-141
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-140
* Bump ABI 4.15.0-139
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-138
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-137
* Bump ABI 4.15.0-136
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-135
* Bump ABI 4.15.0-134
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-133
* Bump ABI 4.15.0-132
* Bump ABI 4.15.0-131
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-130
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-129
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-128
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-127
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-126
* Bump ABI 4.15.0-125
* Bump ABI 4.15.0-124
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-123
* Bump ABI 4.15.0-122
* Bump ABI 4.15.0-121
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-120
* Bump ABI 4.15.0-119
* Bump ABI 4.15.0-118
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Miscellaneous Ubuntu changes
- Ubuntu-4.15.0.116.104
* Miscellaneous upstream changes
- Merge tag 'Ubuntu-4.15.0.116.104' into master
* Bump ABI 4.15.0-117
* Bump ABI 4.15.0-115
* Bump ABI 4.15.0-114
* Bump ABI 4.15.0-113
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-112
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-111
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-110
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Bump ABI 4.15.0-109
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/dkms-versions from main package
* Build and ship a signed wireguard.ko (LP: #1861284)
- [Packaging] update-version -- add dkms-versions data to sync list
- [Packaging] expose versioned provides for contained dkms binaries
* Bump ABI 4.15.0-108
* Bump ABI 4.15.0-107
* Bump ABI 4.15.0-106
* Bump ABI 4.15.0-103
* Bump ABI 4.15.0-102
* Bump ABI 4.15.0-101
* Bump ABI 4.15.0-100
* Miscellaneous upstream changes
- Merge tag 'Ubuntu-4.15.0.99.89' into master
* Bump ABI 4.15.0-99
* Bump ABI 4.15.0-98
* Bump ABI 4.15.0-97
* Bump ABI 4.15.0-96
* Bump ABI 4.15.0-95
* Bump ABI 4.15.0-94
* Bump ABI 4.15.0-93
* Bump ABI 4.15.0-92
* Bump ABI 4.15.0-91
* Bump ABI 4.15.0-90
* Bump ABI 4.15.0-89
* Bump ABI 4.15.0-88
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* Bump ABI 4.15.0-87
* Bump ABI 4.15.0-76
* Bump ABI 4.15.0-75
* Bump ABI 4.15.0-74
* Bump ABI 4.15.0-73
* Bump ABI 4.15.0-72
* Bump ABI 4.15.0-71
* Bump ABI 4.15.0-70
* Bump ABI 4.15.0-69
* Bump ABI 4.15.0-68
* Bump ABI 4.15.0-67
* Bump ABI 4.15.0-66
* Bump ABI 4.15.0-65
* Bump ABI 4.15.0-64
* Bump ABI 4.15.0-63
* Bump ABI 4.15.0-62
* Bump ABI 4.15.0-61
* Bump ABI 4.15.0-60
* Bump ABI 4.15.0-59
* Bump ABI 4.15.0-58
* Bump ABI 4.15.0-57
* Bump ABI 4.15.0-56
* Bump ABI 4.15.0-55
* Bump ABI 4.15.0-54
* Bump ABI 4.15.0-53
* Bump ABI 4.15.0-52
* Bump ABI 4.15.0-51
* Bump ABI 4.15.0-50
* Bump ABI 4.15.0-49
* bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868)
- remove snapdragon meta packages
* Bump ABI 4.15.0-48
* Bump ABI 4.15.0-47
* Bump ABI 4.15.0-46
* Bump ABI 4.15.0-45
* Bump ABI 4.15.0-44
* Bump ABI 4.15.0-43
* Bump ABI 4.15.0-42
* Bump ABI 4.15.0-41
* Bump ABI 4.15.0-40
* Bump ABI 4.15.0-39
* Bump ABI 4.15.0-38
* Bump ABI 4.15.0-37
* Bump ABI 4.15.0-36
* Bump ABI 4.15.0-35
* Bump ABI 4.15.0-34
* Bump ABI 4.15.0-33
* Bump ABI 4.15.0-32
* Bump ABI 4.15.0-31
* Bump ABI 4.15.0-30
* Bump ABI 4.15.0-29
* Bump ABI 4.15.0-28
* Bump ABI 4.15.0-27
* Bump ABI 4.15.0-26
* Bump ABI 4.15.0-25
* Bump ABI 4.15.0-24
* linux-crashdump isn't built for arm64 (LP: #1773407)
- Generate linux-crashdump metapackage for arm64
* Need to ensure microcode updates are available to all bare-metal installs
of Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates
* Bump ABI 4.15.0-23
* Bump ABI 4.15.0-22
* Bump ABI 4.15.0-21
* Bump ABI 4.15.0-20
* Bump ABI 4.15.0-19
* Bump ABI 4.15.0-18
* signing: only install a signed kernel (LP: #1764794)
- switch to linux-image as signed when available
- convert linux-signed* into transitional packages
* Bump ABI 4.15.0-17
* Merge the linux-snapdragon kernel into bionic master/snapdragon
(LP: #1763040)
- Add snapdragon meta packages
* Bump ABI 4.15.0-16
* Bump ABI 4.15.0-15
* Bump ABI 4.15.0-14
* Miscellaneous Ubuntu changes
- add 16.04 to 18.04 transitional packages for hwe and hwe-edge
* Bump ABI 4.15.0-13
* Bump ABI 4.15.0-12
* Bump ABI 4.15.0-11
* Bump ABI 4.15.0-10
* Bump ABI 4.15.0-9
* Bump ABI 4.15.0-8
* Bump ABI 4.15.0-7
* Bump ABI 4.15.0-6
* Bump ABI 4.15.0-5
* Bump ABI 4.15.0-4
* Bump ABI 4.15.0-3
* Bump ABI 4.15.0-2
* Bump ABI 4.15.0-1
* Bump ABI 4.15.0-0
* Bump ABI 4.14.0-11
* Bump ABI 4.14.0-10
* Bump ABI 4.14.0-9
* Bump ABI 4.14.0-8
* Bump ABI 4.14.0-7
* Bump ABI 4.14.0-6
* Bump ABI 4.14.0-5
* Bump ABI 4.14.0-4
* Bump ABI 4.14.0-3
* Bump ABI 4.14.0-2
* Bump ABI 4.14.0-1
* Bump ABI 4.14.0-0
* Bump ABI 4.13.0-11
* Bump ABI 4.13.0-10
* Bump ABI 4.13.0-9
* Bump ABI 4.13.0-8
* Bump ABI 4.13.0-7
* Bump ABI 4.13.0-6
* Bump ABI 4.13.0-5
* Bump ABI 4.13.0-4
* Bump ABI 4.13.0-3
* Bump ABI 4.13.0-2
* Bump ABI 4.13.0-1
* Bump ABI 4.13.0-0
* Bump ABI 4.12.0-7
* Bump ABI 4.12.0-6
* Bump ABI 4.12.0-5
* Bump ABI 4.12.0-4
* Bump ABI 4.12.0-3
* Bump ABI 4.12.0-2
* Bump ABI 4.12.0-1
* Bump ABI 4.12.0-0
* Bump ABI 4.11.0-3
* Bump ABI 4.11.0-2
* Bump ABI 4.11.0-1
* Empty stanza
* Bump ABI 4.10.0-20
* Bump ABI 4.10.0-19
* Bump ABI 4.10.0-18
* Bump ABI 4.10.0-17
* Bump ABI 4.10.0-16
* Bump ABI 4.10.0-15
* Bump ABI 4.10.0-14
* Bump ABI 4.10.0-13
* Bump ABI 4.10.0-12
* Bump ABI 4.10.0-11
* Bump ABI 4.10.0-10
* Bump ABI 4.10.0-9
* Restored powerpc.
* Bump ABI 4.10.0-8
* Bump ABI 4.10.0-7
* Bump ABI 4.10.0-6
* Bump ABI 4.10.0-5
* Miscellaneous Ubuntu changes
- Drop powerpc flavors
* Bump ABI 4.10.0-4
* Bump ABI 4.10.0-3
* Bump ABI 4.10.0-2
* Bump ABI 4.10.0-1
* Bump ABI 4.10.0-0
* Bump ABI 4.9.0-11
* Fixed the kernel FTBS, so reenable powerpc64-emb
* Bump ABI 4.9.0-10
* Bump ABI 4.9.0-9
* Bump ABI 4.9.0-8
* Bump ABI 4.9.0-7
* Bump ABI 4.9.0-6
* Bump ABI 4.9.0-5
* Bump ABI 4.9.0-4
* UBUNTU: Drop powerpc64-emb pending build fixes
* Dropped transitionals
* Bump ABI 4.9.0-3
* Bump ABI 4.9.0-2
* Bump ABI 4.9.0-1
* Bump ABI 4.9.0-0
* Empty stanza
* Bump ABI 4.8.0-27
* Bump ABI 4.8.0-26
* Bump ABI 4.8.0-25
* Bump ABI 4.8.0-24
* Bump ABI 4.8.0-23
* Bump ABI 4.8.0-22
* Bump ABI 4.8.0-21
* Bump ABI 4.8.0-20
* Bump ABI 4.8.0-19
* Bump ABI 4.8.0-17
* linux-virtual flavour missing for arm64 in yakkety (LP: #1626868)
- arm64 -- add virtual flavour
* Bump ABI 4.8.0-16
* Bump ABI 4.8.0-15
* Bump ABI 4.8.0-14
* Bump ABI 4.8.0-13
* Bump ABI 4.8.0-12
* Bump ABI 4.8.0-11
* Miscellaneous Ubuntu changes
- armhf does not have -extra split
* Miscellaneous Ubuntu changes
- arm64 -generic flavour has -extra split
* Bump ABI 4.8.0-10
* Bump ABI 4.8.0-9
* Bump ABI 4.8.0-8
* Bump ABI 4.8.0-8
* Bump ABI 4.8.0-7
* Bump ABI 4.8.0-5
* Bump ABI 4.8.0-4
* Bump ABI 4.8.0-3
* Bump ABI 4.8.0-2
* Fix the powerpc64-smp -> generic transition and add virtual.
* Update to Standards-Version 3.9.8, and fix-ups where needed.
* Bump ABI 4.6.0-10
* ensure all items are included in changelog and standardise packaging
(LP: #1601954)
- simplify meta package packaging
- add git-ubuntu-log for changelog formatting
- add update-version to simplify updates
* switch powerpc flavour from -powerpc-smp to -generic.
* drop LTS transtional packages.
* build-arch and build-indep are now manditory targets (LP: #1603504)
* linux ABI 4.6.0-9
* linux ABI 4.6.0-8
* linux ABI 4.6.0-7
* linux ABI 4.6.0-6
* linux ABI 4.4.0-20
* linux ABI 4.4.0-19
* linux ABI 4.4.0-18
* linux ABI 4.4.0-17
* add linux-crashdump to s390x and armhf. (LP: #1560015)
* linux ABI 4.4.0-16
* linux ABI 4.4.0-15
* linux ABI 4.4.0-14
* linux ABI 4.4.0-13
* linux ABI 4.4.0-12
* Build-Depends: on the common headers to ensure we wait for _all to build
* linux ABI 4.4.0-11
* linux ABI 4.4.0-10
* linux ABI 4.4.0-9
* linux ABI 4.4.0-8
* linux ABI 4.4.0-7
* Drop linux-cloud-tools-virtual for ppc64el and s390x as we actually
do not generate those currently.
* virtual: add linux-tools-virtual, linux-cloud-tools-virtual, and
linux-image-extra-virtual linkage for ppc64el and s390x.
* transitional packages: drop updates for transitional which were
uninstallable in Trusty and have no candidates in Xenial.
[ Andy Whitcroft ]
* Add 14.04 to 16.04 transitional packages (LP: #1526931):
- add packages for the HWE auto upgrade packages.
- add packages for all of the lts backport packages.
[ Tim Gardner ]
* linux ABI 4.4.0-6
* * linux ABI 4.4.0-5
* linux ABI 4.4.0-4
* ensure we rebuild debian/control on clean
* linux ABI 4.4.0-3
* linux ABI 4.4.0-2
* linux ABI 4.4.0-1
* s390x: add s390x to -generic and -virtual.
* s390x: add s390x to build dependancies to hold off testing.
* linux ABI 4.4.0-0
* linux ABI 4.3.0-0
* linux ABI 4.2.0-17
* Revert temporary addition of virtualbox-guest-modules [i386 amd64
x32] provides. (LP: #1507588)
* temporarily add virtualbox-guest-modules [i386 amd64 x32] provides
to fix vbox installs. (See LP: 1507588)
* linux ABI 4.2.0-16
* linux ABI 4.2.0-15
* linux ABI 4.2.0-14
* Makefile: ignore dependencies when building the package
* move linux-signed linux-image-extra-* dependencies over to linux-meta.
(LP: #1501235)
* linux ABI 4.2.0-13
* add linux-signed-lowlatency packages. (LP: #1500910)
* linux ABI 4.2.0-12
* linux ABI 4.2.0-11
* linux ABI 4.2.0-10
* linux ABI 4.2.0-9
* linux ABI 4.2.0-8
* linux ABI 4.2.0-7
* linux ABI 4.2.0-6
* linux ABI 4.2.0-5
* * linux ABI 4.2.0-4
* linux ABI 4.2.0-3
* linux ABI 4.1.0-3
* linux ABI 4.1.0-2
* linux ABI 4.1.0-1
* fix up Vcs-Git: to point to launchpad
* linux ABI 4.0.0-4
* linux ABI 4.0.0-3
* linux ABI 4.0.0-2
* Fixes ppc64el build failure, add OverlayFS V1 support.
* linux ABI 4.0.0-1
* linux ABI 3.19.0-22
* linux ABI 3.19.0-21
* linux ABI 3.19.0-20
* linux ABI 3.19.0-19
* linux ABI 3.19.0-18
* linux ABI 3.29.0-17
* linux ABI 3.29.0-16
* linux ABI 3.29.0-15
[ Andy Whitcroft ]
* future proof VCS links
[ Andy Whitcroft ]
* rejig so we correctly link to our own packages
* make the meta-source trivially backportable
* linux ABI 3.29.0-12
* linux ABI 3.19.0-11
* linux ABI 3.19.0-10
* linux ABI 3.19.0-9
* linux ABI 3.19.0-8
* linux ABI 3.19.0-7
* linux ABI 3.19.0-6
* linux ABI 3.19.0-5
* linux ABI 3.19.0-4
[ Kamal Mostafa ]
* [Packaging] force "dpkg-source -I -i" behavior
[ Andy Whitcroft]
* linux ABI 3.19.0-3
* linux ABI 3.19.0-2
* linux ABI 3.18.0-14
* linux ABI 3.18.0-13
* linux ABI 3.18.0-12
[ Kamal Mostafa ]
* [Packaging] force "dpkg-source -I -i" behavior
[ Leann Ogasawara ]
* linux ABI 3.18.0-11
* linux ABI 3.18.0-10
* linux ABI 3.18.0-9
* linux ABI 3.18.0-8
* linux ABI 3.18.0-7
* linux ABI 3.18.0-6
* linux ABI 3.18.0-5
* linux ABI 3.18.0-4
* linux ABI 3.18.0-3
* linux ABI 3.18.0-2
[ Andy Whitcroft ]
* downgrade thermald to a Recommends: so that it can be removed when
it is not needed. (LP: #1387144)
* linux ABI 3.18.0-1
==== linux-signed: 4.15.0-187.198 => 4.15.0-188.199 ====
==== linux-image-4.15.0-188-generic
* Master version: 4.15.0-188.199
* Master version: 4.15.0-185.195
* Master version: 4.15.0-183.192
* Master version: 4.15.0-181.190
* Master version: 4.15.0-180.189
* Master version: 4.15.0-179.188
* Master version: 4.15.0-178.187
* Master version: 4.15.0-177.186
* Master version: 4.15.0-176.185
* Master version: 4.15.0-175.184
* Master version: 4.15.0-174.183
* Master version: 4.15.0-173.182
* Master version: 4.15.0-172.181
* Master version: 4.15.0-171.180
* Master version: 4.15.0-170.178
* Master version: 4.15.0-169.177
* Master version: 4.15.0-168.176
* Master version: 4.15.0-167.175
* Master version: 4.15.0-166.174
* Master version: 4.15.0-165.173
* Master version: 4.15.0-164.172
* Master version: 4.15.0-163.171
* Master version: 4.15.0-162.170
* Master version: 4.15.0-161.169
* Master version: 4.15.0-160.168
* Master version: 4.15.0-159.167
* Master version: 4.15.0-158.166
* Master version: 4.15.0-157.164
* Master version: 4.15.0-156.163
* Master version: 4.15.0-155.162
* Master version: 4.15.0-154.161
* Master version: 4.15.0-153.160
* Master version: 4.15.0-152.159
* Master version: 4.15.0-151.157
* Master version: 4.15.0-150.155
* Master version: 4.15.0-150.154
* Master version: 4.15.0-149.153
* Master version: 4.15.0-148.152
* Master version: 4.15.0-147.151
* Master version: 4.15.0-146.150
* Master version: 4.15.0-145.149
* Master version: 4.15.0-144.148
* Master version: 4.15.0-143.147
* Master version: 4.15.0-142.146
* Master version: 4.15.0-141.145
* Master version: 4.15.0-140.144
* Master version: 4.15.0-139.143
* Master version: 4.15.0-138.142
* Master version: 4.15.0-137.141
* Master version: 4.15.0-136.140
* Master version: 4.15.0-135.139
* Master version: 4.15.0-134.138
* Master version: 4.15.0-133.137
* Master version: 4.15.0-132.136
* Master version: 4.15.0-131.135
* Master version: 4.15.0-130.134
* Master version: 4.15.0-129.132
* Master version: 4.15.0-128.131
* Master version: 4.15.0-127.130
* Master version: 4.15.0-126.129
* Master version: 4.15.0-125.128
* Master version: 4.15.0-124.127
* Master version: 4.15.0-123.126
* Master version: 4.15.0-122.124
* Master version: 4.15.0-121.123
* Master version: 4.15.0-120.122
* Master version: 4.15.0-119.120
* Master version: 4.15.0-118.119
* Miscellaneous Ubuntu changes
- Ubuntu-4.15.0-116.117
* Miscellaneous upstream changes
- Merge tag 'Ubuntu-4.15.0-116.117' into master
* Master version: 4.15.0-117.118
* Master version: 4.15.0-115.116
* Master version: 4.15.0-114.115
* Master version: 4.15.0-113.114
* Master version: 4.15.0-112.113
* Master version: 4.15.0-111.112
* Master version: 4.15.0-110.111
* Master version: 4.15.0-109.110
* Master version: 4.15.0-108.109
* Master version: 4.15.0-107.108
* Master version: 4.15.0-106.107
* Master version: 4.15.0-103.104
* Master version: 4.15.0-102.103
* Master version: 4.15.0-101.102
* Master version: 4.15.0-100.101
* Miscellaneous upstream changes
- Merge tag 'Ubuntu-4.15.0-99.100' into master
* Master version: 4.15.0-99.100
* Master version: 4.15.0-98.99
* Master version: 4.15.0-97.98
* Master version: 4.15.0-96.97
* Master version: 4.15.0-95.96
* Master version: 4.15.0-94.95
* Master version: 4.15.0-93.94
* Master version: 4.15.0-92.93
* Master version: 4.15.0-91.92
* Master version: 4.15.0-90.91
* Bump upload number.
* Master version: 4.15.0-90.90
* Master version: 4.15.0-89.89
* Master version: 4.15.0-88.88
* Packaging resync (LP: #1786013)
- [Packaging] resync debian/templates
- [Packaging] resync git-ubuntu-log
* Master version: 4.15.0-87.87
* Master version: 4.15.0-76.86
* Master version: 4.15.0-75.85
* Master version: 4.15.0-74.84
* Master version: 4.15.0-74.83
* Master version: 4.15.0-73.82
* Master version: 4.15.0-72.81
* Master version: 4.15.0-71.80
* Master version: 4.15.0-70.79
* Master version: 4.15.0-69.78
* Master version: 4.15.0-68.77
* Master version: 4.15.0-67.76
* Master version: 4.15.0-66.75
* vmlinuz is world-readable (LP: #1843327)
- fix vmlinuz-* permissions for opal signed kernels
* Master version: 4.15.0-65.74
* Master version: 4.15.0-64.73
* Master version: 4.15.0-63.72
* Master version: 4.15.0-63.71
* Master version: 4.15.0-63.70
* Master version: 4.15.0-62.69
* Master version: 4.15.0-61.68
* Master version: 4.15.0-60.67
* Master version: 4.15.0-59.66
* Master version: 4.15.0-59.65
* Master version: 4.15.0-58.64
* Master version: 4.15.0-57.63
* Master version: 4.15.0-56.62
* Master version: 4.15.0-55.60
* Master version: 4.15.0-55.59
* Master version: 4.15.0-54.58
* Master version: 4.15.0-53.57
* Master version: 4.15.0-52.56
* Master version: 4.15.0-51.55
* Built-Using incorrect (LP: #1824016)
- Rename "VERSION" template string to more precise "UNSIGNED_SRC_VERSION"
- Use the correct source package name in Built-Using field
* Master version: 4.15.0-50.54
* Master version: 4.15.0-49.53
* Master version: 4.15.0-49.52
* Master version: 4.15.0-48.51
* Master version: 4.15.0-47.50
* Master version: 4.15.0-46.49
* Miscellaneous Ubuntu changes
- [Packaging] download-signed -- fix downloader component and handle versions
correctly
* Master version: 4.15.0-45.48
* Master version: 4.15.0-44.47
* Master version: 4.15.0-43.46
* Master version: 4.15.0-42.45
* Master version: 4.15.0-41.44
* Master version: 4.15.0-40.43
* Master version: 4.15.0-39.42
* Master version: 4.15.0-38.41
* Master version: 4.15.0-37.40
* Master version: 4.15.0-36.39
* Master version: 4.15.0-35.38
* Master version: 4.15.0-34.37
* Master version: 4.15.0-33.36
* Master version: 4.15.0-32.35
* Master version: 4.15.0-31.33
* Master version: 4.15.0-30.32
* Master version: 4.15.0-29.31
* Master version: 4.15.0-28.30
* Master version: 4.15.0-27.29
* Master version: 4.15.0-26.28
* Master version: 4.15.0-25.27
* Master version: 4.15.0-24.26
* Master version: 4.15.0-23.25
* Master version: 4.15.0-22.24
* Master version: 4.15.0-21.22
* Master version: 4.15.0-20.21
* Miscellaneous Ubuntu changes
- fix permissions for installed signed kernel images
* Master version: 4.15.0-19.20
* Fix dbgsym package handling to work for the case where we have a
bumped linux-signed version number.
* Fix the dbgsym packages to be correctly named as .ddeb instead of .deb
so they are published to the right archive.
* Master version: 4.15.0-18.19
* signing: only install a signed kernel (LP: #1764794)
- switch to raw-signing tarball form
- make control.stub master for packages built
- [Config] tone down the output verbosity
- switch to producing linux-image directly
- propogate control information from -unsigned package
- pull control files in from linux-unsigned
- resync control files with master
- introduce meta packages for the debug package
- fix names of substvars files
- propogate Recommends: and Provides: from unsigned package
- fix Section: control records
- do not produce lowlatency dbgsym package for ppc64el
- move dbgsym packages to bottom of control file
- ensure we apt-cache show against the exact version
* [18.04 FEAT] Sign POWER host/NV kernels (LP: #1696154)
- add Opal signing support and enable for ppc64el
* Master version: 4.15.0-17.18
* Master version: 4.15.0-16.17
* Master version: 4.15.0-15.16
* Master version: 4.15.0-14.15
* Master version: 4.15.0-13.14
* Master version: 4.15.0-12.13
* Master version: 4.15.0-11.12
* Master version: 4.15.0-10.11
* Master version: 4.15.0-9.10
* Master version: 4.15.0-8.9
* Master version: 4.15.0-7.8
* Master version: 4.15.0-6.7
* Master version: 4.15.0-5.6
* Master version: 4.15.0-4.5
* Master version: 4.15.0-3.4
* Master version: 4.15.0-2.3
* Master version: 4.15.0-1.2
* Master version: 4.15.0-0.1
* Master version: 4.14.0-11.13
* Master version: 4.14.0-10.12
* Master version: 4.14.0-9.11
* Master version: 4.14.0-8.10
* Master version: 4.14.0-7.9
* Master version: 4.14.0-6.8
* Master version: 4.14.0-5.7
* Master version: 4.14.0-5.6
* Master version: 4.14.0-4.5
* Master version: 4.14.0-3.4
* Master version: 4.14.0-2.3
* Master version: 4.14.0-1.2
* Master version: 4.14.0-0.1
* Master version: 4.13.0-11.12
* Master version: 4.13.0-10.11
* Master version: 4.13.0-9.10
* Master version: 4.13.0-8.9
* Master version: 4.13.0-7.8
* Master version: 4.13.0-6.7
* Master version: 4.13.0-5.6
* Master version: 4.13.0-4.5
* Master version: 4.13.0-3.4
* Master version: 4.13.0-2.3
* Master version: 4.13.0-1.2
* Master version: 4.13.0-0.1
* Master version: 4.12.0-7.8
* Master version: 4.12.0-6.7
* Master version: 4.12.0-5.6
* Master version: 4.12.0-4.5
* Master version: 4.12.0-3.4
* Master version: 4.12.0-2.3
* Master version: 4.12.0-1.2
* Master version: 4.12.0-0.1
* Master version: 4.11.0-3.8
* Master version: 4.11.0-2.7
* Master version: 4.11.0-1.6
* Master version: 4.10.0-20.22
* Master version: 4.10.0-19.21
* Master version: 4.10.0-18.20
* Master version: 4.10.0-17.19
* Master version: 4.10.0-16.18
* Master version: 4.10.0-15.17
* Master version: 4.10.0-14.16
* Master version: 4.10.0-13.15
* Master version: 4.10.0-12.14
* Master version: 4.10.0-11.13
* Master version: 4.10.0-10.12
* Master version: 4.10.0-9.11
* Master version: 4.10.0-8.10
* Master version: 4.10.0-7.9
* Master version: 4.10.0-6.8
* Master version: 4.10.0-2.4
* ensure all items are included in changelog and standardise packaging
(LP: #1601954)
- add git-ubuntu-log for changelog formatting
- update update-version to handle local commits
* linux-signed: does not build in a private PPA (LP: #1535634)
- fix download-signed to handle private PPAs
* linux-signed-<flavour>: dependencies to linux-image-extra are on the wrong
package (LP: #1501235)
- move linux-signed linux-image-extra-* dependencies and move to linux-meta
* linux-signed should also produce linux-signed-image-*-lowlatency
(LP: #1500910)
- add lowlatency signed package
* Miscellaneous Ubuntu changes
- Ubuntu-3.18.0-1.1
- Ubuntu-3.18.0-2.2
- Ubuntu-3.18.0-3.3
- Ubuntu-3.18.0-3.4
- Ubuntu-3.18.0-4.5
- Ubuntu-3.18.0-5.6
- Ubuntu-3.18.0-6.7
- Ubuntu-3.18.0-7.8
- Ubuntu-3.18.0-8.9
- Ubuntu-3.18.0-9.10
- Ubuntu-3.18.0-10.11
- [Packaging] force "dpkg-source -I -i" behavior
- Ubuntu-3.18.0-11.12
- Ubuntu-3.18.0-12.13
- Ubuntu-3.18.0-13.14
- Ubuntu-3.18.0-14.15
- Ubuntu-3.19.0-2.2
- Ubuntu-3.19.0-3.3
- Ubuntu-3.19.0-4.4
- Ubuntu-3.19.0-5.5
- Ubuntu-3.19.0-6.6
- Ubuntu-3.19.0-7.7
- Ubuntu-3.19.0-8.8
- Ubuntu-3.19.0-9.9
- Ubuntu-3.19.0-10.10
- Ubuntu-3.19.0-11.11
- Ubuntu-3.19.0-12.12
- Ubuntu-3.19.0-13.13
- Ubuntu-3.19.0-14.14
- Ubuntu-3.19.0-15.15
- Ubuntu-3.19.0-16.16
- Ubuntu-4.0.0-1.1
- Ubuntu-4.0.0-1.2
- Ubuntu-4.0.0-2.3
- Ubuntu-4.0.0-2.4
- Ubuntu-4.0.0-3.5
- pull in missing history
- Ubuntu-4.0.0-4.6
- Ubuntu-4.0.0-4.7
- Ubuntu-4.1.0-1.1
- Ubuntu-4.1.0-2.2
- Ubuntu-4.1.0-3.3
- Ubuntu-4.2.0-1.1~rc1
- Ubuntu-4.2.0-3.3
- Ubuntu-4.2.0-4.4
- Ubuntu-4.2.0-5.5
- Ubuntu-4.2.0-6.6
- Ubuntu-4.2.0-7.7
- Ubuntu-4.2.0-8.8
- Ubuntu-4.2.0-9.9
- Ubuntu-4.2.0-10.10
- Ubuntu-4.2.0-10.12
- Ubuntu-4.2.0-11.13
- Ubuntu-4.2.0-12.14
- Ubuntu-4.2.0-13.15
- comma separate the list of binaries used for Build-Depends
- Updated Ubuntu-4.2.0-13.15
- allow us to configure which flavours produce udebs
- switch downloads to build phase to prevent us downloading the kernel
binaries twice during build
- Ubuntu-4.2.0-13.15+signed2
- split separate shell commands so make can see them
- Ubuntu-4.2.0-14.16
- Ubuntu-4.2.0-15.17
- Ubuntu-4.2.0-15.18
- Ubuntu-4.2.0-16.19
- Ubuntu-4.2.0-17.20
- Ubuntu-4.3.0-0.6
- Ubuntu-4.3.0-0.8
- Ubuntu-4.3.0-0.9
- Ubuntu-4.3.0-1.10
- Ubuntu-4.3.0-2.11
- Ubuntu-4.3.0-4.13
- Ubuntu-4.3.0-5.14
- Ubuntu-4.3.0-5.15
- Ubuntu-4.3.0-5.16
- Ubuntu-4.3.0-6.17
- Ubuntu-4.3.0-7.18
- Ubuntu-4.4.0-1.15
- Ubuntu-4.4.0-2.16
- Ubuntu-4.4.0-3.17
- Ubuntu-4.4.0-4.19
- Ubuntu-4.4.0-5.20
- Ubuntu-4.4.0-6.21
- Ubuntu-4.4.0-7.22
- Ubuntu-4.4.0-8.23
- Ubuntu-4.4.0-9.24
- Ubuntu-4.4.0-10.25
- Ubuntu-4.4.0-11.26
- Ubuntu-4.4.0-12.27
- Ubuntu-4.4.0-12.28
- Ubuntu-4.4.0-13.29
- Ubuntu-4.4.0-14.30
- Ubuntu-4.4.0-15.31
- Ubuntu-4.4.0-16.32
- Ubuntu-4.4.0-17.33
- Ubuntu-4.4.0-18.34
- Ubuntu-4.4.0-19.35
- Ubuntu-4.4.0-20.36
- Ubuntu-4.4.0-21.37
- Ubuntu-4.4.0-22.38
- Ubuntu-4.4.0-22.39
- Ubuntu-4.4.0-22.40
- Ubuntu-4.4.0-23.41
- Ubuntu-4.4.0-24.42
- Ubuntu-4.4.0-24.43
- Ubuntu-4.4.0-25.44
- Ubuntu-4.4.0-26.45
- Ubuntu-4.4.0-27.46
- Ubuntu-4.4.0-28.47
- Ubuntu-4.4.0-29.48
- Ubuntu-4.4.0-30.49
- Ubuntu-4.4.0-31.50
- Ubuntu-4.6.0-9.11
- Ubuntu-4.6.0-10.12
- Ubuntu-4.6.0-11.13
- Ubuntu-4.6.0-12.14
- Ubuntu-4.8.0-10.11
- update-version -- fix master version prefix
- changelog -- fix up existing broken entries
- changelog -- properly format previous entry
- Ubuntu-4.8.0-11.12
- Ubuntu-4.8.0-12.13
- Ubuntu-4.8.0-13.14
- Ubuntu-4.8.0-14.15
- Ubuntu-4.8.0-15.16
- Ubuntu-4.8.0-16.17
- Ubuntu-4.8.0-17.19
- Ubuntu-4.8.0-19.21
- Ubuntu-4.8.0-20.22
- Ubuntu-4.8.0-21.23
- Ubuntu-4.8.0-22.24
- Ubuntu-4.8.0-23.25
- Ubuntu-4.8.0-24.26
- Ubuntu-4.8.0-25.27
- Ubuntu-4.8.0-26.28
- Ubuntu-4.8.0-27.29
- Ubuntu-4.9.0-1.2
- Ubuntu-4.9.0-2.3
- Ubuntu-4.9.0-3.4
- Ubuntu-4.9.0-4.5
- Ubuntu-4.9.0-5.6
- Ubuntu-4.9.0-6.7
- Ubuntu-4.9.0-7.8
- Ubuntu-4.9.0-8.9
- Ubuntu-4.9.0-9.10
- Ubuntu-4.9.0-10.11
- Ubuntu-4.9.0-11.12
- Ubuntu-4.10.0-0.1
- Ubuntu-4.10.0-0.2
- Ubuntu-4.10.0-1.3
* Miscellaneous upstream changes
- Initial version.
* Master version: 4.10.0-1.3
* Master version: 4.10.0-0.2
* Master version: 4.10.0-0.1
* Master version: 4.9.0-11.12
* Master version: 4.9.0-10.11
* Master version: 4.9.0-9.10
* Master version: 4.9.0-8.9
* Master version: 4.9.0-7.8
* Master version: 4.9.0-6.7
* Master version: 4.9.0-5.6
* Master version: 4.9.0-4.5
* Master version: 4.9.0-3.4
* Master version: 4.9.0-2.3
* Master version: 4.9.0-1.2
* Master version: 4.8.0-27.29
* Master version: 4.8.0-26.28
* Master version: 4.8.0-25.27
* Master version: 4.8.0-24.26
* Master version: 4.8.0-23.25
* Master version: 4.8.0-22.24
* Master version: 4.8.0-21.23
* Master version: 4.8.0-20.22
* Master version: 4.8.0-19.21
* Master version: 4.8.0-17.19
* Master version: 4.8.0-16.17
* Master version: 4.8.0-15.16
* Master version: 4.8.0-14.15
* Master version: 4.8.0-13.14
* Master version: 4.8.0-12.13
* Master version: 4.8.0-11.12
* Miscellaneous Ubuntu changes
- update-version -- fix master version prefix
- changelog -- fix up existing broken entries
- changelog -- properly format previous entry
* Master version: 4.8.0-10.11
* Master version: 4.6.0-12.14
* Master version: 4.6.0-11.13
* Version: 4.6.0-10.12
* ensure all items are included in changelog and standardise packaging
(LP: #1601954)
- add git-ubuntu-log for changelog formatting
- update update-version to handle local commits
* Version 4.6.0-9.11
* Version 4.4.0-31.50
* Version 4.4.0-30.49
* Version 4.4.0-29.48
* Version 4.4.0-28.47
* Version 4.4.0-27.46
* Version 4.4.0-26.45
* Version 4.4.0-25.44
* Version 4.4.0-24.43
* Version 4.4.0-24.42
* Version 4.4.0-23.41
* Version 4.4.0-22.40
* Version 4.4.0-22.39
* Version 4.4.0-22.38
* Version 4.4.0-21.37
* Version 4.4.0-20.36
* Version 4.4.0-19.35
* Version 4.4.0-18.34
* Version 4.4.0-17.33
* Version 4.4.0-16.32
* Version 4.4.0-15.31
* Version 4.4.0-14.30
* Version 4.4.0-13.29
* Version 4.4.0-12.28
* Version 4.4.0-12.27
* Version 4.4.0-11.26
* Version 4.4.0-10.25
* Version 4.4.0-9.24
* Version 4.4.0-8.23
* Version 4.4.0-7.22
* Version 4.4.0-6.21
* Version 4.4.0-5.20
* Version 4.4.0-4.19
* Version 4.4.0-3.17
* Version 4.4.0-2.16
* fix download-signed to work in a private PPA (LP: #1535634)
* Version 4.4.0-1.15
* Version 4.3.0-7.18
* Version 4.3.0-6.17
* Version 4.3.0-5.16
* Version 4.3.0-5.15
* Version 4.3.0-5.14
* Version 4.3.0-4.13
* Version 4.3.0-2.11
* Version 4.3.0-1.10
* Version 4.3.0-0.9
* Version 4.3.0-0.8
* Version 4.3.0-0.6
* Version 4.2.0-17.20
* Version 4.2.0-16.19
* Version 4.2.0-15.18
* Version 4.2.0-15.17
[ Andy Whitcroft ]
* split separate shell commands so make can see them, aids debugging in
case of failure.
[ Tim Gardner ]
* Version 4.2.0-14.16
* move linux-signed linux-image-extra-* dependencies over to linux-meta.
(LP: #1501235)
* allow us to configure which flavours produce a udeb of the signed
kernel.
* switch downloads to build phase to prevent us downloading the kernel
binaries twice during build.
[ Andy Whitcroft ]
* Add linux-signed-*-lowlatency. (LP: #1500910)
[ Tim Gardner ]
* Version 4.2.0-13.15
* UBUNTU: comma separate the list of binaries used for Build-Depends
* Version 4.2.0-12.14
* Version 4.2.0-11.13
* Version 4.2.0-10.12
* Version 4.2.0-10.10
* Version 4.2.0-9.9
* Version 4.2.0-8.8
* Version 4.2.0-7.7
* Version 4.2.0-6.6
* Version 4.2.0-5.5
* Version 4.2.0-4.4
* Version 4.2.0-3.3
* Version 4.2.0-1.1~rc1
* Version 4.1.0-3.3
* Version 4.1.0-2.2
* Version 4.1.0-1.1
* Version 4.0.0-4.7
* Version 4.0.0-4.6
* Version 4.0.0-3.5
* Version 4.0.0-2.4
* Version 4.0.0-2.3
* Version 4.0.0-1.2
* Version 4.0.0-1.1
* Version 3.19.0-22.22
* Version 3.19.0-21.21
* Version 3.19.0-20.20
* Version 3.19.0-19.19
* Version 3.19.0-18.18
* Version 3.19.0-17.17
* Version 3.19.0-16.16
* Version 3.19.0-15.15
* Version 3.19.0-14.14
* Version 3.19.0-13.13
* Version 3.19.0-12.12
* Version 3.19.0-11.11
* Version 3.19.0-10.10
* Version 3.19.0-9.9
* Version 3.19.0-8.8
* Version 3.19.0-7.7
* Version 3.19.0-6.6
* Version 3.19.0-5.5
* Version 3.19.0-4.4
* Version 3.19.0-3.3
* Version 3.19.0-2.2
* Version 3.18.0-14.15
* Version 3.18.0-13.14
* Version 3.18.0-12.13
* Version 3.18.0-11.12
* Version 3.18.0-10.11
* Version 3.18.0-9.10
* Version 3.18.0-8.9
* Version 3.18.0-7.8
* Version 3.18.0-6.7
* Version 3.18.0-5.6
* Version 3.18.0-4.5
* Version 3.18.0-3.4
* Version 3.18.0-3.3
* Version 3.18.0-2.2
* Version 3.18.0-1.1
* Version 3.16.0-23.30
* Version 3.16.0-22.29
* Version 3.16.0-21.28
* Version 3.16.0-20.27
* Version 3.16.0-19.26
* Version 3.16.0-18.25
* Version 3.16.0-17.23
* Version 3.16.0-16.22
* Version 3.16.0-15.22
* Version 3.16.0-15.21
* Version 3.16.0-14.20
* Version 3.16.0-13.19
* Version 3.16.0-12.18
* Version 3.16.0-12.17
* Version 3.16.0-11.16
* Version 3.16.0-10.15
* Version 3.16.0-9.14
* Version 3.16.0-8.13
* Version 3.16.0-7.12
* Version 3.16.0-6.11
* Version 3.16.0-5.10
* Version 3.16.0-4.9
* Version 3.16.0-3.8
* Version 3.16.0-2.5
* Version 3.16.0-2.4
* Version 3.16.0-1.3
* Version 3.16.0-0.1
* Version 3.15.0-6.11
* Version 3.15.0-5.10
* Version 3.15.0-4.9
* Version 3.15.0-4.8
* Version 3.15.0-3.7
* Version 3.15.0-2.6
* Version 3.15.0-1.5
* Version 3.15.0-1.4
* Version 3.15.0-1.3
* Version 3.13.0-24.46
* Version 3.13.0-23.45
* Version 3.13.0-22.44
* Version 3.13.0-21.43
* Version 3.13.0-20.42
* Version 3.13.0-20.41
* Version 3.13.0-19.40
* Version 3.13.0-18.38
* Version 3.13.0-17.37
* Version 3.13.0-16.36
* Version 3.13.0-15.35
* Version 3.13.0-14.34
* Version 3.13.0-13.33
* Version 3.13.0-12.32
* Version 3.13.0-11.31
* Version 3.13.0-10.30
* Version 3.13.0-9.29
* Version 3.13.0-8.28
* Version 3.13.0-8.27
* Version 3.13.0-7.26
* Version 3.13.0-7.25
* Version 3.13.0-7.24
* Version 3.13.0-6.23
* Version 3.13.0-5.20
* Version 3.13.0-4.19
* Version 3.13.0-3.18
* Version 3.13.0-2.17
* Version 3.13.0-1.16
* Version 3.13.0-0.14
* Version 3.12.0-8.16
* Version 3.12.0-6.14
* Version 3.12.0-5.13
* Version 3.12.0-4.12
* Version 3.12.0-4.11
* Version 3.12.0-4.10
* Version 3.12.0-3.9
* Version 3.12.0-3.8
* Version 3.12.0-2.7
* Version 3.12.0-2.6
* Version 3.12.0-2.5
* Version 3.12.0-2.4
* Version 3.12.0-1.3
* Version 3.12.0-0.2
* Version 3.12.0-0.1
* Version 3.11.0-12.19
* Version 3.11.0-12.18
* Version 3.11.0-11.17
* Version 3.11.0-9.16
* Version 3.11.0-8.15
* Version 3.11.0-7.14
* Version 3.11.0-7.13
* Version 3.11.0-6.12
* Version 3.11.0-5.11
* Version 3.11.0-5.10
* Version 3.11.0-4.9
* Version 3.11.0-3.8
* Version 3.11.0-3.7
* Version 3.11.0-3.6
* Version 3.11.0-2.5
* Version 3.11.0-1.4
* Version 3.11.0-0.3
* Version 3.11.0-0.2
* Version 3.10.0-6.17
* Version 3.10.0-5.15
* Version 3.10.0-5.14
* Version 3.10.0-4.13
* Fix the version number constraint between linux and linux-signed to be
'=' to ensure we cannot migrate linux without linux-signed being in
lock step. (LP: #1201444)
* Version 3.10.0-3.12
* Version 3.10.0-2.11
* Version 3.10.0-2.10
* Version 3.10.0-2.9
* Version 3.10.0-1.8
* Version 3.10.0-0.7
* Version 3.10.0-0.6
* Version 3.9.0-7.15
* Version 3.9.0-6.13
* Version 3.9.0-5.11
* Version 3.9.0-5.10
* Version 3.9.0-4.9
* Version 3.9.0-3.8
* Version 3.9.0-2.7
* Version 3.9.0-2.6
* Version 3.9.0-1.5
* Version 3.9.0-0.4
* Version 3.9.0-0.3
* Version 3.9.0-0.2
* Version 3.9.0-0.1
* Version 3.8.0-19.29
* Version 3.8.0-18.28
* Version 3.8.0-16.26
* Version 3.8.0-15.25
* Version 3.8.0-14.24
* Version 3.8.0-13.23
* Version 3.8.0-13.22
* Version 3.8.0-12.21
* Version 3.8.0-11.20
* Version 3.8.0-10.19
* Version 3.8.0-9.18
* Version 3.8.0-8.17
* Version 3.8.0-7.16
* Version 3.8.0-7.15
* Version 3.8.0-7.14
* Version 3.8.0-6.13
* Version 3.8.0-6.11
* Version 3.8.0-5.10
* Version 3.8.0-4.8
* Version 3.8.0-3.7
* Version 3.8.0-2.6
* Version 3.8.0-1.5
* Version 3.8.0-0.4
* Version 3.8.0-0.2
* Version 3.8.0-0.1
* Version 3.7.0-7.15
* Version 3.7.0-6.14
* Version 3.7.0-5.13
* Version 3.7.0-4.12
* Version 3.7.0-4.11
* Version 3.7.0-4.10
* Version 3.7.0-3.9
* Add Built-Using: fields pointing to the original linux source packages.
* Standard-Version: 3.9.4
* Version 3.7.0-2.8
* linux 3.7.0-1.6
* control-scripts.stub: update-grub may fail in a livefs environment and
in that context is not fatal. For now just ignore update-grub errors.
* update-version: fix commit command
* Version 3.7.0-0.5
* rules: include only the signature for the kernel image. (LP: #1075181)
* control.stub: add sbsigntool build-dep: to allow signature manipulation.
* flavour.stub: add sbsigntool depends: to allow signature manipulation.
* rules: fix version handling for PPA use.
* Version 3.7.0-0.4
* download-signed: add the -security pocket to the search list.
* update-version: handle an UNRELEASED version stanza.
* update-version: dump proposed commit and tag commands.
* rules: add signed udebs for the Debian installer.
* Search all pockets for the appropriate binary.
* Version 3.5.0-17.28
* Add linux-image-extra to dependancies to pull in full set of kernel
modules.
* Add initial postinst and postrm support. Simply calls out to
update-grub.
* Add versioned dependancies to the main linux-image binaries as we
need the approriate modules and initramfs.
* Version 3.5.0-17.27
* Initial release.
==== openssl: 1.1.1-1ubuntu2.1~18.04.17 => 1.1.1-1ubuntu2.1~18.04.20 ====
==== libssl1.1:amd64 openssl
* SECURITY UPDATE: AES OCB fails to encrypt some bytes
- debian/patches/CVE-2022-2097-1.patch: fix AES OCB encrypt/decrypt for
x86 AES-NI in crypto/aes/asm/aesni-x86.pl.
- debian/patches/CVE-2022-2097-2.patch: add AES OCB test vectors in
test/recipes/30-test_evp_data/evpciph.txt.
- CVE-2022-2097
[ Simon Chopin ]
* d/p/lp1978093/*: renew some expiring test certificates (LP: #1978093)
[ Marc Deslauriers ]
* SECURITY UPDATE: c_rehash script allows command injection
- debian/patches/CVE-2022-1292.patch: switch to upstream patch, and
apply it before c_rehash-compat.patch.
- debian/patches/CVE-2022-2068.patch: fix file operations in
tools/c_rehash.in.
- debian/patches/c_rehash-compat.patch: updated patch to apply after
the security updates.
- CVE-2022-2068
* Backport pr9780:
- d/p/pr9780_0001-Don-t-send-a-status_request-extension-in-a-Certifica.patch
- d/p/pr9780_0002-Teach-TLSProxy-how-to-parse-CertificateRequest-messa.patch
(LP: #1940141)
==== openssl1.0: 1.0.2n-1ubuntu5.9 => 1.0.2n-1ubuntu5.10 ====
==== libssl1.0.0:amd64
* SECURITY UPDATE: c_rehash script allows command injection
- debian/patches/CVE-2022-1292.patch: switch to upstream patch, and
apply it before c_rehash-compat.patch.
- debian/patches/CVE-2022-2068.patch: fix file operations in
tools/c_rehash.in.
- debian/patches/c_rehash-compat.patch: updated patch to apply after
the security updates.
- CVE-2022-2068
==== shadow: 1:4.5-1ubuntu2.2 => 1:4.5-1ubuntu2.3 ====
==== login passwd uidmap
[ Michael Vogt ]
* debian/patches/1010_extrausers.patch:
Add automatic detection of "extrausers" for usermod -G
(LP: #1959375)
==== snapd: 2.54.3+18.04.2ubuntu0.2 => 2.55.5+18.04 ====
==== snapd
* New upstream release, LP: #1965808
- snapstate: do not auto-migrate to ~/Snap for core22 just yet
- cmd/snap-seccomp: add copy_file_range to
syscallsWithNegArgsMaskHi32
- cmd/snap-update-ns: correctly set sticky bit on created
directories where applicable
- .github: Skip misspell and ineffassign on go 1.13
- tests: add lz4 dependency for jammy to avoid issues repacking
kernel
- interfaces: posix-mq: add new interface
* New upstream release, LP: #1965808
- tests: do not run mount-order-regression test on i386
- c/snap-seccomp: update syscalls
- o/snapstate: overwrite ~/.snap subdir when migrating
- o/assertstate: fix handling of validation set tracking update in
enforcing mode
- packaging: restart our units only after the upgrade
- interfaces: add a steam-support interface
- features: enable refresh-app-awareness by default
- i/b/custom_device: fix generation of udev rules
- interfaces/system-packages-doc: allow read-only access to
/usr/share/gtk-doc
- interfaces/system-packages-doc: allow read-only access to
/usr/share/xubuntu-docs
- interfaces/builtin/network-control: also allow for mstp and bchat
devices too
- interfaces/builtin: update apparmor profile to allow creating
mimic over /usr/share
- data/selinux: allow snap-update-ns to mount on top of /var/snap
inside the mount ns
- interfaces/cpu-control: fix apparmor rules of paths with CPU ID
* New upstream release, LP: #1965808
- cmd/snap-update-ns: apply content mounts before layouts
- many: change "transactional" flag to a "transaction" option
- b/piboot.go: check EEPROM version for RPi4
- snap/quota,spread: raise lower memory quota limit to 640kb
- boot,bootloader: add missing grub.cfg assets mocks in some
tests
- many: support --ignore-running with refresh many
- cmd/snap,wrappers: fix wrong implementation of zero count cpu
quota
- quota: add some more unit tests around Resource.Change()
- quota: detect/error if cpu-set is used with cgroup v1
- quota: add test for `Resource.clone()
- cmd/snap,client: frontend for cpu/thread quotas
- tests: update spread test to check right XDG dirs
- snap: set XDG env vars to new dirs
- o/snapstate: initialize XDG dirs in HOME migration
- i/b/kernel_module_load: expand $SNAP_COMMON in module options
- overlord: add missing grub.cfg assets mocks in manager_tests.go
- o/snapstate: account for repeat migration in ~/Snap undo
- b/a: do not set console in kernel command line for arm64
- sandbox: improve error message from `ProbeCgroupVersion()`
- tests/main/snap-quota-groups: fix spread test
- interfaces: add pkcs11 interface
- o/snapstate: undo migration on 'snap revert'
- overlord: snapshot exclusions
- interfaces: add private /dev/shm support to shared-memory
interface
- packaging: install Go snap from 1.17 channel in the integration
tests
- snap-exec: fix detection if `cups` interface is connected
- bootloader/piboot: add support for armhf
- interfaces/system-packages-doc: allow read-only access to
/usr/share/libreoffice/help
- daemon: add a /v2/accessories/changes/{ID} endpoint
- interfaces/appstream-metadata: Re-create app-info links to
swcatalog
- tests/main/snap-quota-groups: add 219 as possible exit code
- store: set validation-sets on actions when refreshing
- interfaces/appstream-metadata: Support new swcatalog directory
names
- asserts,interfaces/policy: slot-snap-id allow-installation
constraints
- i/b/network-manager: change rule for ResolveAddress to check only
label
- cmd/snap-bootstrap: support booting into factory-reset mode
- systemd: do not reload system when enabling/disabling services
* New upstream release, LP: #1965808
- cmd/snap-update-ns: actually use entirely non-existent dirs
* New upstream release, LP: #1965808
- cmd/snap-update-ns/change_test.go: use non-exist name foo-runtime
instead
* New upstream release, LP: #1965808
- kernel/fde: add PartitionName to various structs
- osutil/disks: calculate the last usable LBA instead of reading it
- snap/quota: additional validation in resources.go
- o/snapstate: avoid setting up single reboot when update includes
base, kernel and gadget
- overlord/state: add helper for aborting unready lanes
- snap-bootstrap: Partially revert simplifications of mount
dependencies
- cmd/snap-update-ns/change.go: sort needed, desired and not reused
mount entries
- cmd/snap-preseed, image: move preseeding code to image/preseed
- interfaces/docker-support: make generic rules not conflict with
snap-confine
- i/b/modem-manager: provide access to ObjectManager
- i/b/network_{control,manager}.go: add more access to resolved
- overlord/state: drop unused lanes field
- cmd/snap: make 1.18 vet happy
- o/snapstate: allow installing the snapd-desktop-integration snap
even if the user-daemons feature is otherwise disabled
- snap/quota: fix bug in quota group tree validation code
- o/snapstate: make sure that snapd is a prerequisite for updating
base snaps
- bootloader: add support for piboot
- i/seccomp/template.go: add close_range to the allowed syscalls
- snap: add new cpu quotas
- boot: support factory-reset when sealing and resealing
- tests: fix test to avoid editing the test-snapd-tools snap.yaml
file
- dirs: remove unused SnapMetaDir variable
- overlord: extend single reboot test to include a non-base, non-
kernel snap
- github: replace "sanity check" with "quick check" in workflow
- fde: add new DeviceUnlock() call
- many: replace use of "sanity" with more inclusive naming in
comments
- asserts: minimal changes to disable authority-delegation before
full revert
- tests: updating the test-snapd-cups-control-consumer snap to
core20 based
- many: replace use of "sanity" for interface implementation checks
- cmd/snap-preseed: support for core20 preseeding
- cmd: set core22 migration related env vars and update spread test
- interface/opengl: allow read on
/proc/sys/dev/i915/perf_stream_paranoid
- tests/lib/tools/report-mongodb: fix typo in help text
- tests: Include the source github url as part of the mongo db
issues
- o/devicestate: split mocks to separate calls for creating a model
and a gadget
- snap: Add missing zlib
- cmd/snap: add support for rebooting to factory-reset
- interfaces/apparmor: Update base template for systemd-machined
- i/a/template.go: add ld path for jammy
- o/devicestate, daemon: introduce factory-reset mode, allow
switching
- o/state: fix undo with independent tasks in same change and lane
- tests: validate tests tools just on google and qemu backends
- tests/lib/external/snapd-testing-tools: update from upstream
- tests: skip interfaces-cups-control from debian-sid
- Increase the times in snapd-sigterm for arm devices
- interfaces/browser-support: allow RealtimeKit's
MakeThreadRealtimeWithPID
- cmd: misc analyzer fixes
- interfaces/builtin/account-control: allow to execute pam_tally2
- tests/main/user-session-env: special case bash profile on
Tumbleweed
- o/snapstate: implement transactional lanes for prereqs
- o/snapstate: add core22 migration logic
- tests/main/mount-ns: unmount /run/qemu
- release: 2.54.4 changelog to master
- gadget: add buildVolumeStructureToLocation,
volumeStructureToLocationMap
- interfaces/apparmor: add missing unit tests for special devmode
rules/behavior
- cmd/snap-confine: coverity fixes
- interfaces/systemd: use batch systemd operations
- tests: small adjustments to fix vuln spread tests
- osutil/disks: trigger udev on the partition device node
- interfaces/network-control: add D-Bus rules for resolved too
- interfaces/cpu-control: add extra idleruntime data/reset files to
cpu-control
- packaging/ubuntu-16.04/rules: don't run unit tests on riscv64
- data/selinux: allow the snap command to run systemctl
- boot: mock amd64 arch for mabootable 20 suite
- testutil: add Backup helper to save/restore values, usually for
mocking
- tests/nested/core/core20-reinstall-partitions: update test summary
- asserts: return an explicit error when key cannot be found
- interfaces: custom-device
- Fix snap-run-gdbserver test by retrying the check
- overlord, boot: fix unit tests on arches other than amd64
- Get lxd snap from candidate channel
- bootloader: allow different names for the grub binary in different
archs
- cmd/snap-mgmt, packaging: trigger daemon reload after purging unit
files
- tests: add test to ensure consecutive refreshes do garbage
collection of old revs
- o/snapstate: deal with potentially invalid type of refresh.retain
value due to lax validation
- seed,image: changes necessary for ubuntu-image to support
preseeding extra snaps in classic images
- tests: add debugging to snap-confine-tmp-mount
- o/snapstate: add ~/Snap init related to backend
- data/env: cosmetic tweak for fish
- tests: include new testing tools and utils
- wrappers: do not reload the deamon or restart snapd services when
preseeding on core
- Fix smoke/install test for other architectures than pc
- tests: skip boot loader check during testing preparation on s390x
- t/m/interfaces-network-manager: use different channel depending on
system
- o/devicestate: pick system from seed systems/ for preseeding (1/N)
- asserts: add preseed assertion type
- data/env: more workarounds for even older fish shells, provide
reasonable defaults
- tests/main/snap-run-devmode-classic: reinstall snapcraft to clean
up
- gadget/update.go: add buildNewVolumeToDeviceMapping for existing
devices
- tests: allow run spread tests using a private ppaTo validate it
- interfaces/{cpu,power}-control: add more accesses for commercial
device tuning
- gadget: add searchForVolumeWithTraits + tests
- gadget/install: measure and save disk volume traits during
install.Run()
- tests: fix "undo purging" step in snap-run-devmode-classic
- many: move call to shutdown to the boot package
- spread.yaml: add core22 version of rsync to skip
- overlord, o/snapstate: fix mocking on systems without /snap
- many: move boot.Device to snap.Device
- tests: smoke test support for core22
- tests/nested/snapd-removes-vulnerable-snap-confine-revs: use newer
snaps
- snapstate: make "remove vulnerable version" message more
friendly
- o/devicestate/firstboot_preseed_test.go: remove deadcode
- o/devicestate: preseeding test cleanup
- gadget: refactor StructureEncryption to have a concrete type
instead of map
- tests: add created_at timestamp to mongo issues
- tests: fix security-udev-input-subsystem test
- o/devicestate/handlers_install.go: use --all to get binary data
too for logs
- o/snapstate: rename "corecore" -> "core"
- o/snapstate: implement transactional flag
- tests: skip ~/.snap migration test on openSUSE
- asserts,interfaces/policy: move and prepare DeviceScopeConstraint
for reuse
- asserts: fetching code should fetch authority-delegation
assertions with signing keys as needed
- tests: prepare and restore nested tests
- asserts: first-class support for formatting/encoding signatory-id
- asserts: remove unused function, fix for linter
- gadget: identify/match encryption parts, include in traits info
- asserts,cmd/snap-repair: support delegation when validating
signatures
- many: fix leftover empty snap dirs
- libsnap-confine-private: string functions simplification
- tests/nested/manual/core20-cloud-init-maas-signed-seed-data: add
gadget variant
- interfaces/u2f-devices: add U2F-TOKEN
- tests/core/mem-cgroup-disabled: minor fixups
- data/env: fix fish env for all versions of fish, unexport local
vars, export XDG_DATA_DIRS
- tests: reboot test running remodel
- Add extra disk space to nested images to "avoid No space left on
device" error
- tests: add regression tests for disabled memory cgroup operation
- many: fix issues flagged by golangci and configure it to fail
build
- docs: fix incorrect link
- cmd/snap: rename the verbose logging flag in snap run
- docs: cosmetic cleanups
- cmd/snap-confine: build const data structures at compile-
time
- o/snapstate: reduce maxInhibition for raa by 1s to avoid confusing
notification
- snap-bootstrap: Cleanup dependencies in systemd mounts
- interfaces/seccomp: Add rseq to base seccomp template
- cmd/snap-confine: remove mention of "legacy mode" from comment
- gadget/gadget_test.go: fix variable type
- gadget/gadget.go: add AllDiskVolumeDeviceTraits
- spread: non-functional cleanup of go1.6 legacy
- cmd/snap-confine: update ambiguous comment
- o/snapstate: revert migration on refresh if flag is disabled
- packaging/fedora: sync with downstream, packaging improvements
- tests: updated the documentation to run spread tests using
external backend
- osutil/mkfs: Expose more fakeroot flags
- interfaces/cups: add cups-socket-directory attr, use to specify
mount rules in backend
- tests/main/snap-system-key: reset-failed snapd and snapd.socket
- gadget/install: add unit tests for install.Run()
- tests/nested/manual/remodel-cross-store,remodel-simple: wait for
serial
- vscode: added integrated support for MS VSCODE
- cmd/snap/auto-import: use osutil.LoadMountInfo impl instead
- gadget/install: add unit tests for makeFilesystem, allow mocking
mkfs.Make()
- systemd: batched operations
- gadget/install/partition.go: include DiskIndex in synthesized
OnDiskStructure
- gadget/install: rm unused support for writing non-filesystem
structures
- cmd/snap: close refresh notifications after trying to run a snap
while inhibited
- o/servicestate: revert #11003 checking for memory cgroup being
disabled
- tests/core/failover: verify failover handling with the kernel snap
- snap-confine: allow numbers in hook security tag
- cmd/snap-confine: mount bpffs under /sys/fs/bpf if needed
- spread: switch to CentOS 8 Stream image
- overlord/servicestate: disallow mixing snaps and subgroups.
- cmd/snap: add --debug to snap run
- gadget: mv modelCharateristics to gadgettest.ModelCharacteristics
- cmd/snap: remove use of zenity, use notifications for snap run
inhibition
- o/devicestate: verify that the new model is self contained before
remodeling
- usersession/userd: query xdg-mime to check for fallback handlers
of a given scheme
- gadget, gadgettest: reimplement tests to use new gadgettest
examples.go file
- asserts: start implementing authority-delegationTODO in later PRs:
- overlord: skip manager tests on riscv for now
- o/servicestate: quota group error should be more explanative when
memory cgroup is disabled
- i/builtin: allow modem-manager interface to access some files in
sysfs
- tests: ensure that interface hook works with hotplug plug
- tests: fix repair test failure when run in a loop
- o/snapstate: re-write state after undo migration
- interfaces/opengl: add support for ARM Mali
- tests: enable snap-userd-reexec on ubuntu and debian
- tests: skip bind mount in snapd-snap test when the core snap in
not repacked
- many: add transactional flag to snapd API
- tests: new Jammy image for testing
- asserts: start generalizing attrMatcherGeneralization is along
- tests: ensure the ca-certificates package is installed
- devicestate: ensure permissions of /var/lib/snapd/void are
correct
- many: add altlinux support
- cmd/snap-update-ns: convert some unexpected decimal file mode
constants to octal.
- tests: use system ubuntu-21.10-64 in nested tests
- tests: skip version check on lp-1871652 for sru validation
- snap/quota: add positive tests for the quota.Resources logic
- asserts: start splitting out attrMatcher for reuse to
constraint.go
- systemd: actually test the function passed as a parameter
- tests: fix snaps-state test for sru validation
- many: add Transactional to snapstate.Flags
- gadget: rename DiskVolume...Opts to DiskVolume...Options
- tests: Handle PPAs being served from ppa.launchpadcontent.net
- tests/main/cgroup-tracking-failure: Make it pass when run alone
- tests: skip migration test on centOS
- tests: add back systemd-timesyncd to newer debian distros
- many: add conversion for interface attribute values
- many: unit test fix when SNAPD_DEBUG=1 is set
- gadget/install/partition.go: use device rescan trick only when
gadget says to
- osutil: refactoring the code exporting mocking APIs to other
packages
- mkversion: check that snapd is a git source tree before guessing
the version
- overlord: small refactoring of group quota implementation in
preparation of multiple quota values
- tests: drop 21.04 tests (it's EOL)
- osutil/mkfs: Expose option for --lib flag in fakeroot call
- cmd/snapd-apparmor: fix bad variable initialization
- packaging, systemd: fix socket (re-)start race
- tests: fix running tests.invariant on testflinger systems
- tests: spread test snap dir migration
- interfaces/shared-memory: support single wild-cards in the
read/write paths
- tests: cross store remodel
- packaging,tests: fix running autopkgtest
- spread-shellcheck: add a caching layer
- tests: add jammy to spread executions
- osutils: deal with ENOENT in UserMaybeSudoUser()
- packaging/ubuntu-16.04/control: adjust libfuse3 dependency as
suggested
- gadget/update.go: add DiskTraitsFromDeviceAndValidate
- tests/lib/prepare.sh: add debug kernel command line params via
gadget on UC20
- check-commit-email: do not fail when current dir is not under git
- configcore: implement netplan write support via dbus
- run-checks, check-commit-email.py: check commit email addresses
for validity
- tests: setup snapd remodel testing bits
- cmd/snap: adjust /cmd to migration changes
- systemd: enable batched calls for systemd calls operation on units
- o/ifacestate: add convenience Active() method to ConnectionState
struct
- o/snapstate: migrate to hidden dir on refresh/install
- store: fix flaky test
- i/builtin/xilinx-dma: add interface for Xilinx DMA driver
- go.mod: tidy up
- overlord/h/c/umount: remove handling of required parameter
- systemd: add NeedDaemonReload to the unit state
- mount-control: step 3
- tests/nested/manual/minimal-smoke: bump mem to 512 for unencrypted
case too
- gadget: fix typo with filesystem message
- gadget: misc helper fixes for implicit system-data role handling
- tests: fix uses of fakestore new-snap-declaration
- spread-shellcheck: use safe_load rather than load with a loder
- interfaces: allow access to new at-spi socket location in desktop-
legacy
- cmd/snap: setup tracking cgroup when invoking a service directly
as a user
- tests/main/snap-info: use yaml.safe_load rather than yaml.load
- cmd/snap: rm unnecessary validation
- tests: fix `tests/core/create-user` on testflinger pi3
- tests: fix parallel-install-basic on external UC16 devices
- tests: ubuntu-image 2.0 compatibility fixes
- tests/lib/prepare-restore: use go install rather than go get
- cmd/snap, daemon: add debug command for getting OnDiskVolume
dump
- gadget: resolve index ambiguity between OnDiskStructure and
LaidOutStructuretype: bare structures).
- tests: workaround missing bluez snap
- HACKING.md: add dbus-x11 to packages needed to run unit tests
- spread.yaml: add debian-{10,11}, drop debian-9
- cmd/snap/quota: fix typo in the help message
- gadget: allow gadget struct with unspecified filesystem to match
part with fs
- tests: re-enable kernel-module-load tests on arm
- tests/lib/uc20-create-partitions/main.go: setup a logger for
messages
- cmd: support installing multiple local snaps
- usersession: implement method to close notifications via
usersession REST API
- data/env: treat XDG_DATA_DIRS like PATH for fish
- cmd/snap, cmd/snap-confine: extend manpage, update links
- tests: fix fwupd interface test in debian sid
- tests: do not run k8s smoke test on 32 bit systems
- tests: fix testing in trusty qemu
- packaging: merge 2.54.2 changelog back to master
- overlord: fix issue with concurrent execution of two snapd
processes
- interfaces: add a polkit interface
- gadget/install/partition.go: wait for udev settle when creating
partitions too
- tests: exclude interfaces-kernel-module load on arm
- tests: ensure that test-snapd-kernel-module-load is
removed
- tests: do not test microk8s-smoke on arm
- packaging, bloader, github: restore cleanliness of snapd info
file; check in GA workflow
- tests/lib/tools/tests.invariant: simplify check
- tests/nested/manual/core20-to-core22: wait for device to be
initialized before starting a remodel
- build-aux/snap/snapcraft.yaml: use build-packages, don't fail
dirty builds
- tests/lib/tools/tests.invariant: add invariant for detecting
broken snaps
- tests/core/failover: replace boot-state with snap debug boot-vars
- tests: fix remodel-kernel test when running on external devices
- data/selinux: allow poking /proc/xen
- gadget: do not crash if gadget.yaml has an empty Volumes section
- i/b/mount-control: support creating tmpfs mounts
- packaging: Update openSUSE spec file with apparmor-parser and
datadir for fish
- cmd/snap-device-helper: fix variable name typo in the unit tests
- tests: fixed an issue with retrieval of the squashfuse repo
- release: 2.54.1
- tests: tidy up the top-level of ubuntu-seed during tests
- build-aux: detect/fix dirty git revisions while snapcraft
building
- release: 2.54
* New upstream release, LP: #1955137
- t/m/interfaces-network-manager: use different channel depending on
system
- many: backport attrer interface changes to 2.54
- tests: skip version check on lp-1871652 for sru validation
- i/builtin: allow modem-manager interface to access some files in
sysfs
- snapstate: make "remove vulnerable version" message more
friendly
- tests: fix "undo purging" step in snap-run-devmode-classic
- o/snapstate: deal with potentially invalid type of refresh.retain
value due to lax validation
- interfaces: custom-device
- packaging/ubuntu-16.04/control: adjust libfuse3 dependency
- data/env: fix fish env for all versions of fish
- packaging/ubuntu-16.04/snapd.postinst: start socket and service
first
- interfaces/u2f-devices: add U2F-TOKEN
- interfaces/seccomp: Add rseq to base seccomp template
- tests: remove disabled snaps before calling save_snapd_state
- overlord: skip manager tests on riscv for now
- interfaces/opengl: add support for ARM Mali
- devicestate: ensure permissions of /var/lib/snapd/void are
correct
- cmd/snap-update-ns: convert some unexpected decimal file mode
constants to octal.
- interfaces/shared-memory: support single wild-cards in the
read/write paths
- packaging: fix running autopkgtest
- i/builtin/xilinx-dma-host: add interface for Xilinx DMA driver
- tests: fix `tests/core/create-user` on testflinger pi3
- tests: fix parallel-install-basic on external UC16 devices
- tests: re-enable kernel-module-load tests on arm
- tests: do not run k8s smoke test on 32 bit systems
* SECURITY UPDATE: Local privilege escalation
- snap-confine: Add validations of the location of the snap-confine
binary within snapd.
- snap-confine: Fix race condition in snap-confine when preparing a
private mount namespace for a snap.
- CVE-2021-44730
- CVE-2021-44731
* SECURITY UPDATE: Data injection from malicious snaps
- interfaces: Add validations of snap content interface and layout
paths in snapd.
- CVE-2021-4120
- LP: #1949368
* New upstream release, LP: #1955137
- tests: exclude interfaces-kernel-module load on arm
- tests: ensure that test-snapd-kernel-module-load is
removed
- tests: do not test microk8s-smoke on arm
- tests/core/failover: replace boot-state with snap debug boot-vars
- tests: use snap info|awk to extract tracking channel
- tests: fix remodel-kernel test when running on external devices
- .github/workflows/test.yaml: also check internal snapd version for
cleanliness
- packaging/ubuntu-16.04/rules: eliminate seccomp modification
- bootloader/assets/grub_*cfg_asset.go: update Copyright
- build-aux/snap/snapcraft.yaml: adjust comment about get-version
- .github/workflows/test.yaml: add check in github actions for dirty
snapd snaps
- build-aux/snap/snapcraft.yaml: use build-packages, don't fail
dirty builds
- data/selinux: allow poking /proc/xen
* New upstream release, LP: #1955137
- buid-aux: set version before calling ./generate-packaging-dir
This fixes the "dirty" suffix in the auto-generated version
* New upstream release, LP: #1955137
- interfaces/builtin/opengl.go: add boot_vga sys/devices file
- o/configstate/configcore: add tmpfs.size option
- tests: moving to manual opensuse 15.2
- cmd/snap-device-helper: bring back the device type identification
behavior, but for remove action fallback only
- cmd/snap-failure: use snapd from the snapd snap if core is not
present
- tests/core/failover: enable the test on core18
- o/devicestate: ensure proper order when remodel does a simple
switch-snap-channel
- builtin/interfaces: add shared memory interface
- overlord: extend kernel/base success and failover with bootenv
checks
- o/snapstate: check disk space w/o store if possible
- snap-bootstrap: Mount snaps read only
- gadget/install: do not re-create partitions using OnDiskVolume
after deletion
- many: fix formatting w/ latest go version
- devicestate,timeutil: improve logging of NTP sync
- tests/main/security-device-cgroups-helper: more debugs
- cmd/snap: print a placeholder for version of broken snaps
- o/snapstate: mock system with classic confinement support
- cmd: Fixup .clangd to use correct syntax
- tests: run spread tests in fedora-35
- data/selinux: allow snapd to access /etc/modprobe.d
- mount-control: step 2
- daemon: add multiple snap sideload to API
- tests/lib/pkgdb: install dbus-user-session during prepare, drop
dbus-x11
- systemd: provide more detailed errors for unimplemented method in
emulation mode
- tests: avoid checking TRUST_TEST_KEYS on restore on remodel-base
test
- tests: retry umounting /var/lib/snapd/seed on uc20 on fsck-on-boot
test
- o/snapstate: add hide/expose snap data to backend
- interfaces: kernel-module-load
- snap: add support for `snap watch
--last={revert,enable,disable,switch}`
- tests/main/security-udev-input-subsystem: drop info from udev
- tests/core/kernel-and-base-single-reboot-failover,
tests/lib/fakestore: verify failover scenario
- tests/main/security-device-cgroups-helper: collect some debug info
when the test fails
- tests/nested/manual/core20-remodel: wait for device to have a
serial before starting a remodel
- tests/main/generic-unregister: test re-registration if not blocked
- o/snapstate, assertsate: validation sets/undo on partial failure
- tests: ensure snapd can be downloaded as a module
- snapdtool, many: support additional key/value flags in info file
- data/env: improve fish shell env setup
- usersession/client: provide a way for client to send messages to a
subset of users
- tests: verify that simultaneous refresh of kernel and base
triggers a single reboot only
- devicestate: Unregister deletes the device key pair as well
- daemon,tests: support forgetting device serial via API
- asserts: change behavior of alternative attribute matcher
- configcore: relax validation rules for hostname
- cmd/snap-confine: do not include libglvnd libraries from the host
system
- overlord, tests: add managers and a spread test for UC20 to UC22
remodel
- HACKING.md: adjust again for building the snapd snap
- systemd: add support for systemd unit alias names
- o/snapstate: add InstallPathMany
- gadget: allow EnsureLayoutCompatibility to ensure disk has all
laid out structsnow reject/fail:
- packaging/ubuntu, packaging/debian: depend on dbus-session-bus
provider (#11111)
- interfaces/interfaces/scsi_generic: add interface for scsi generic
de (#10936)
- osutil/disks/mockdisk.go: add MockDevicePathToDiskMapping
- interfaces/microstack-support: set controlsDeviceCgroup to true
- network-setup-control: add netplan generate D-Bus rules
- interface/builtin/log_observe: allow to access /dev/kmsg
- .github/workflows/test.yaml: restore failing of spread tests on
errors (nested)
- gadget: tweaks to DiskStructureDeviceTraits + expand test cases
- tests/lib/nested.sh: allow tests to use their own core18 in extra-
snaps-path
- interfaces/browser-support: Update rules for Edge
- o/devicestate: during remodel first check pending download tasks
for snaps
- polkit: add a package to validate polkit policy files
- HACKING.md: document building the snapd snap and splicing it into
the core snap
- interfaces/udev: fix installing snaps inside lxd in 21.10
- o/snapstate: refactor disk space checks
- tests: add (strict) microk8s smoke test
- osutil/strace: try to enable strace on more arches
- cmd/libsnap-confine-private: fix snap-device-helper device allow
list modification on cgroup v2
- tests/main/snapd-reexec-snapd-snap: improve debugging
- daemon: write formdata file parts to snaps dir
- systemd: add support for .target units
- tests: run snap-disconnect on uc16
- many: add experimental setting to allow using ~/.snap/data instead
of ~/snap
- overlord/snapstate: perform a single reboot when updating boot
base and kernel
- kernel/fde: add DeviceUnlockKernelHookDeviceMapperBackResolver,
use w/ disks pkg
- o/devicestate: introduce DeviceManager.Unregister
- interfaces: allow receiving PropertiesChanged on the mpris plug
- tests: new tool used to retrieve data from mongo db
- daemon: amend ssh keys coming from the store
- tests: Include the tools from snapd-testing-tools project in
"$TESTSTOOLS"
- tests: new workflow step used to report spread error to mongodb
- interfaces/builtin/dsp: update proc files for ambarella flavor
- gadget: replace ondisk implementation with disks package, refactor
part calcs
- tests: Revert "tests: disable flaky uc18 tests until systemd is
fixed"
- Revert: "many: Vendor apparmor-3.0.3 into the snapd snap"
- asserts: rename "white box" to "clear box" (woke checker)
- many: Vendor apparmor-3.0.3 into the snapd snap
- tests: reorganize the debug-each on the spread.yaml
- packaging: sync with downstream packaging in Fedora and openSUSE
- tests: disable flaky uc18 tests until systemd is fixed
- data/env: provide profile setup for fish shell
- tests: use ubuntu-image 1.11 from stable channel
- gadget/gadget.go: include disk schema in the disk device volume
traits too
- tests/main/security-device-cgroups-strict-enforced: extend the
comments
- README.md: point at bugs.launchpad.net/snapd instead of snappy
project
- osutil/disks: introduce RegisterDeviceMapperBackResolver + use for
crypt-luks2
- packaging: make postrm script robust against `rm` failures
- tests: print extra debug on auto-refresh-gating test failure
- o/assertstate, api: move enforcing/monitoring from api to
assertstate, save history
- tests: skip the test-snapd-timedate-control-consumer.date to avoid
NTP sync error
- gadget/install: use disks functions to implement deviceFromRole,
also rename
- tests: the `lxd` test is failing right now on 21.10
- o/snapstate: account for deleted revs when undoing install
- interfaces/builtin/block_devices: allow blkid to print block
device attributes
- gadget: include size + sector-size in DiskVolumeDeviceTraits
- cmd/libsnap-confine-private: do not deny all devices when reusing
the device cgroup
- interfaces/builtin/time-control: allow pps access
- o/snapstate/handlers: propagate read errors on "copy-snap-data"
- osutil/disks: add more fields to Partition, populate them during
discovery
- interfaces/u2f-devices: add Trezor and Trezor v2 keys
- interfaces: timezone-control, add permission for ListTimezones
DBus call
- o/snapstate: remove repeated test assertions
- tests: skip `snap advise-command` test if the store is overloaded
- cmd: create ~/snap dir with 0700 perms
- interfaces/apparmor/template.go: allow udevadm from merged usr
systems
- github: leave a comment documenting reasons for pipefail
- github: enable pipefail when running spread
- osutil/disks: add DiskFromPartitionDeviceNode
- gadget, many: add model param to Update()
- cmd/snap-seccomp: add riscv64 support
- o/snapstate: maintain a RevertStatus map in SnapState
- tests: enable lxd tests on impish system
- tests: (partially) revert the memory limits PR#r10241
- o/assertstate: functions for handling validation sets tracking
history
- tests: some improvements for the spread log parser
- interfaces/network-manager-observe: Update for libnm / dart
clients
- tests: add ntp related debug around "auto-refresh" test
- boot: expand on the fact that reseal taking modeenv is very
intentional
- cmd/snap-seccomp/syscalls: update syscalls to match libseccomp
abad8a8f4
- data/selinux: update the policy to allow snapd to talk to
org.freedesktop.timedate1
- o/snapstate: keep old revision if install doesn't add new one
- overlord/state: add a unit test for a kernel+base refresh like
sequence
- desktop, usersession: observe notifications
- osutil/disks: add AllPhysicalDisks()
- timeutil,deviceutil: fix unit tests on systems without dbus or
without ntp-sync
- cmd/snap-bootstrap/README: explain all the things (well most of
them anyways)
- docs: add run-checks dependency install instruction
- o/snapstate: do not prune refresh-candidates if gate-auto-refresh-
hook feature is not enabled
- o/snapstate: test relink remodel helpers do a proper subset of
doInstall and rework the verify*Tasks helpers
- tests/main/mount-ns: make the test run early
- tests: add `--debug` to netplan apply
- many: wait for up to 10min for NTP synchronization before
autorefresh
- tests: initialize CHANGE_ID in _wait_autorefresh
- sandbox/cgroup: freeze and thaw cgroups related to services and
scopes only
- tests: add more debug around qemu-nbd
- o/hookstate: print cohort with snapctl refresh --pending (#10985)
- tests: misc robustness changes
- o/snapstate: improve install/update tests (#10850)
- tests: clean up test tools
- spread.yaml: show `journalctl -e` for all suites on debug
- tests: give interfaces-udisks2 more time for the loop device to
appear
- tests: set memory limit for snapd
- tests: increase timeout/add debug around nbd0 mounting (up, see
LP:#1949513)
- snapstate: add debug message where a snap is mounted
- tests: give nbd0 more time to show up in preseed-lxd
- interfaces/dsp: add more ambarella things
- cmd/snap: improve snap disconnect arg parsing and err msg
- tests: disable nested lxd snapd testing
- tests: disable flaky "interfaces-udisks2" on ubuntu-18.04-32
- o/snapstate: avoid validationSetsSuite repeating snapmgrTestSuite
- sandbox/cgroup: wait for start transient unit job to finish
- o/snapstate: fix task order, tweak errors, add unit tests for
remodel helpers
- osutil/disks: re-org methods for end of usable region, size
information
- build-aux: ensure that debian packaging matches build-base
- docs: update HACKING.md instructions for snapd 2.52 and later
- spread: run lxd tests with version from latest/edge
- interfaces: suppress denial of sys_module capability
- osutil/disks: add methods to replace gadget/ondisk functions
- tests: split test tools - part 1
- tests: fix nested tests on uc20
- data/selinux: allow snap-confine to read udev's database
- i/b/common_test: refactor AppArmor features test
- tests: run spread tests on debian 11
- o/devicestate: copy timesyncd clock timestamp during install
- interfaces/builtin: do not probe parser features when apparmor
isn't available
- interface/modem-manager: allow connecting to the mbim/qmi proxy
- tests: fix error message in run-checks
- tests: spread test for validation sets enforcing
- cmd/snap-confine: lazy set up of device cgroup, only when devices
were assigned
- o/snapstate: deduplicate snap names in remove/install/update
- tests/main/selinux-data-context: use session when performing
actions as test user
- packaging/opensuse: sync with openSUSE packaging, enable AppArmor
on 15.3+
- interfaces: skip connection of netlink interface on older
systems
- asserts, o/snapstate: honor IgnoreValidation flag when checking
installed snaps
- tests/main/apparmor-batch-reload: fix fake apparmor_parser to
handle --preprocess
- sandbox/apparmor, interfaces/apparmor: detect bpf capability,
generate snippet for s-c
- release-tools/repack-debian-tarball.sh: fix c-vendor dir
- tests: test for enforcing with prerequisites
- tests/main/snapd-sigterm: fix race conditions
- spread: run lxd tests with version from latest/stable
- run-checks: remove --spread from help message
- secboot: use latest secboot with tpm legacy platform and v2 fully
optional
- tests/lib/pkgdb: install strace on Debian 11 and Sid
- tests: ensure systemd-timesyncd is installed on debian
- interfaces/u2f-devices: add Nitrokey 3
- tests: update the ubuntu-image channel to candidate
- osutil/disks/labels: simplify decoding algorithm
- tests: not testing lxd snap anymore on i386 architecture
- o/snapstate, hookstate: print remaining hold time on snapctl
--hold
- cmd/snap: support --ignore-validation with snap install client
command
- tests/snapd-sigterm: be more robust against service restart
- tests: simplify mock script for apparmor_parser
- o/devicestate, o/servicestate: update gadget assets and cmdline
when remodeling
- tests/nested/manual/refresh-revert-fundamentals: re-enable
encryption
- osutil/disks: fix bug in BlkIDEncodeLabel, add BlkIDDecodeLabel
- gadget, osutil/disks: fix some bugs from prior PR'sin the dir.
- secboot: revert move to new version (revert #10715)
- cmd/snap-confine: die when snap process is outside of snap
specific cgroup
- many: mv MockDeviceNameDisksToPartitionMapping ->
MockDeviceNameToDiskMapping
- interfaces/builtin: Add '/com/canonical/dbusmenu' path access to
'unity7' interface
- interfaces/builtin/hardware-observer: add /proc/bus/input/devices
too
- osutil/disks, many: switch to defining Partitions directly for
MockDiskMapping
- tests: remove extra-snaps-assertions test
- interface/modem-manager: add accept for MBIM/QMI proxy clients
- tests/nested/core/core20-create-recovery: fix passing of data to
curl
- daemon: allow enabling enforce mode
- daemon: use the syscall connection to get the socket credentials
- i/builtin/kubernetes_support: add access to Calico lock file
- osutil: ensure parent dir is opened and sync'd
- tests: using test-snapd-curl snap instead of http snap
- overlord: add managers unit test demonstrating cyclic dependency
between gadget and kernel updates
- gadget/ondisk.go: include the filesystem UUID in the returned
OnDiskVolume
- packaging: fixes for building on openSUSE
- o/configcore: allow hostnames up to 253 characters, with dot-
delimited elements
- gadget/ondisk.go: add listBlockDevices() to get all block devices
on a system
- gadget: add mapping trait types + functions to save/load
- interfaces: add polkit security backend
- cmd/snap-confine/snap-confine.apparmor.in: update ld rule for
s390x impish
- tests: merge coverage results
- tests: remove "features" from fde-setup.go example
- fde: add new device-setup support to fde-setup
- gadget: add `encryptedDevice` and add encryptedDeviceLUKS
- spread: use `bios: uefi` for uc20
- client: fail fast on non-retryable errors
- tests: support running all spread tests with experimental features
- tests: check that a snap that doesn't have gate-auto-refresh hook
can call --proceed
- o/snapstate: support ignore-validation flag when updating to a
specific snap revision
- o/snapstate: test prereq update if started by old version
- tests/main: disable cgroup-devices-v1 and freezer tests on 21.10
- tests/main/interfaces-many: run both variants on all possible
Ubuntu systems
- gadget: mv ensureLayoutCompatibility to gadget proper, add
gadgettest pkg
- many: replace state.State restart support with overlord/restart
- overlord: fix generated snap-revision assertions in remodel unit
tests
* New upstream release, LP: #1929842
- devicestate: mock devicestate.MockTimeutilIsNTPSynchronized to
avoid host env leaking into tests
- timeutil: return NoTimedate1Error if it can't connect to the
system bus
* New upstream release, LP: #1929842
- devicestate: Unregister deletes the device key pair as well
- daemon,tests: support forgetting device serial via API
- configcore: relax validation rules for hostname
- o/devicestate: introduce DeviceManager.Unregister
- packaging/ubuntu, packaging/debian: depend on dbus-session-bus
provider
- many: wait for up to 10min for NTP synchronization before
autorefresh
- interfaces/interfaces/scsi_generic: add interface for scsi generic
devices
- interfaces/microstack-support: set controlsDeviceCgroup to true
- interface/builtin/log_observe: allow to access /dev/kmsg
- daemon: write formdata file parts to snaps dir
- spread: run lxd tests with version from latest/edge
- cmd/libsnap-confine-private: fix snap-device-helper device allow
list modification on cgroup v2
- interfaces/builtin/dsp: add proc files for monitoring Ambarella
DSP firmware
- interfaces/builtin/dsp: update proc file accordingly
* New upstream release, LP: #1946127
- interfaces/builtin/block_devices: allow blkid to print block
device attributes/run/udev/data/b{major}:{minor}
- cmd/libsnap-confine-private: do not deny all devices when reusing
the device cgroup
- interfaces/builtin/time-control: allow pps access
- interfaces/u2f-devices: add Trezor and Trezor v2 keys
- interfaces: timezone-control, add permission for ListTimezones
DBus call
- interfaces/apparmor/template.go: allow udevadm from merged usr
systems
- interface/modem-manager: allow connecting to the mbim/qmi proxy
- interfaces/network-manager-observe: Update for libnm client
library
- cmd/snap-seccomp/syscalls: update syscalls to match libseccomp
abad8a8f4
- sandbox/cgroup: freeze and thaw cgroups related to services and
scopes only
- o/hookstate: print cohort with snapctl refresh --pending
- cmd/snap-confine: lazy set up of device cgroup, only when devices
were assigned
- tests: ensure systemd-timesyncd is installed on debian
- tests/lib/pkgdb: install strace on Debian 11 and Sid
- tests/main/snapd-sigterm: flush, use retry
- tests/main/snapd-sigterm: fix race conditions
- release-tools/repack-debian-tarball.sh: fix c-vendor dir
- data/selinux: allow snap-confine to read udev's database
- interfaces/dsp: add more ambarella things* interfaces/dsp: add
more ambarella things
* New upstream release, LP: #1946127
- spread: run lxd tests with version from latest/stable
- secboot: use latest secboot with tpm legacy platform and v2 fully
optional (#10946)
- cmd/snap-confine: die when snap process is outside of snap
specific cgroup (2.53)
- interfaces/u2f-devices: add Nitrokey 3
- Update the ubuntu-image channel to candidate
- Allow hostnames up to 253 characters, with dot-delimited elements
(as suggested by man 7 hostname).
- Disable i386 until it is possible to build snapd using lxd
- o/snapstate, hookstate: print remaining hold time on snapctl
--hold
- tests/snapd-sigterm: be more robust against service restart
- tests: add a regression test for snapd hanging on SIGTERM
- daemon: use the syscall connection to get the socket
credentials
- interfaces/builtin/hardware-observer: add /proc/bus/input/devices
too
- cmd/snap-confine/snap-confine.apparmor.in: update ld rule for
s390x impish
- interface/modem-manager: add accept for MBIM/QMI proxy clients
- secboot: revert move to new version
* New upstream release, LP: #1946127
- overlord: fix generated snap-revision assertions in remodel unit
tests
- snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
- interfaces/modem-manager: add access to PCIe modems
- overlord/devicestate: record recovery capable system on a
successful remodel
- o/snapstate: use device ctx in prerequisite install/update
- osutil/disks: support filtering by mount opts in
MountPointsForPartitionRoot
- many: support an API flag system-restart-immediate to make snap
ops proceed immediately with system restarts
- osutil/disks: add RootMountPointsForPartition
- overlord/devicestate, tests: enable UC20 remodel, add spread tests
- cmd/snap: improve snap run help message
- o/snapstate: support ignore validation flag on install/update
- osutil/disks: add Disk.FindMatchingPartitionWith{Fs,Part}Label
- desktop: implement gtk notification backend and provide minimal
notification api
- tests: use the latest cpu family for nested tests execution
- osutil/disks: add Partition struct and Disks.Partitions()
- o/snapstate: prevent install hang if prereq install fails
- osutil/disks: add Disk.KernelDevice{Node,Path} methods
- disks: add `Size(path)` helper
- tests: reset some mount units failing on ubuntu impish
- osutil/disks: add DiskFromDevicePath, other misc changes
- interfaces/apparmor: do not fail during initialization when there
is no AppArmor profile for snap-confine
- daemon: implement access checkers for themes API
- interfaces/seccomp: add clone3 to default template
- interfaces/u2f-devices: add GoTrust Idem Key
- o/snapstate: validation sets enforcing on update
- o/ifacestate: don't fail remove if disconnect hook fails
- tests: fix error trying to create the extra-snaps dir which
already exists
- devicestate: use EncryptionType
- cmd/libsnap-confine-private: workaround BPF memory accounting,
update apparmor profile
- tests: skip system-usernames-microk8s when TRUST_TEST_KEYS is
false
- interfaces/dsp: add a usb rule to the ambarella flavor
- interfaces/apparmor/template.go: allow inspection of dbus
mediation level
- tests/main/security-device-cgroups: fix when both variants run on
the same host
- cmd/snap-confine: update s-c apparmor profile to allow versioned
ld.so
- many: rename systemd.Kind to Backend for a bit more clarity
- cmd/libsnap-confine-private: fix set but unused variable in the
unit tests
- tests: fix netplan test on i386 architecture
- tests: fix lxd-mount-units test which is based on core20 in ubuntu
focal system
- osutil/disks: add new `CreateLinearMapperDevice` helper
- cmd/snap: wait while inhibition file is present
- tests: cleanup the job workspace as first step of the actions
workflow
- tests: use our own image for ubuntu impish
- o/snapstate: update default provider if missing required content
- o/assertstate, api: update validation set assertions only when
updating all snaps
- fde: add HasDeviceUnlock() helper
- secboot: move to new version
- o/ifacestate: don't lose connections if snaps are broken
- spread: display information about current device cgroup in debug
dump
- sysconfig: set TMPDIR in tests to avoid cluttering the real /tmp
- tests, interfaces/builtin: introduce 21.10 cgroupv2 variant, tweak
tests for cgroupv2, update builtin interfaces
- sysconfig/cloud-init: filter MAAS c-i config from ubuntu-seed on
grade signed
- usersession/client: refactor doMany() method
- interfaces/builtin/opengl.go: add libOpenGL.so* too
- o/assertstate: check installed snaps when refreshing validation
set assertions
- osutil: helper for injecting run time faults in snapd
- tests: update test nested tool part 2
- libsnap-confine: use the pid parameter
- gadget/gadget.go: LaidOutSystemVolumeFromGadget ->
LaidOutVolumesFromGadget
- tests: update the time tolerance to fix the snapd-state test
- .github/workflows/test.yaml: revert #10809
- tests: rename interfaces-hooks-misbehaving spread test to install-
hook-misbehaving
- data/selinux: update the policy to allow s-c to manipulate BPF map
and programs
- overlord/devicestate: make settle wait longer in remodel tests
- kernel/fde: mock systemd-run in unit test
- o/ifacestate: do not create stray task in batchConnectTasks if
there are no connections
- gadget: add VolumeName to Volume and VolumeStructure
- cmd/libsnap-confine-private: use root when necessary for BPF
related operations
- .github/workflows/test.yaml: bump action-build to 1.0.9
- o/snapstate: enforce validation sets/enforce on InstallMany
- asserts, snapstate: return full validation set keys from
CheckPresenceRequired and CheckPresenceInvalid
- cmd/snap: only log translation warnings in debug/testing
- tests/main/preseed: update for new base snap of the lxd snap
- tests/nested/manual: use loop for checking for initialize-system
task done
- tests: add a local snap variant to testing prepare-image gating
support
- tests/main/security-device-cgroups-strict-enforced: demonstrate
device cgroup being enforced
- store: one more tweak for the test action timeout
- github: do not fail when codecov upload fails
- o/devicestate: fix flaky test remodel clash
- o/snapstate: add ChangeID to conflict error
- tests: fix regex of TestSnapActionTimeout test
- tests: fix tests for 21.10
- tests: add test for store.SnapAction() request timeout
- tests: print user sessions info on debug-each
- packaging: backports of golang-go 1.13 are good enough
- sysconfig/cloudinit: add cloudDatasourcesInUseForDir
- cmd: build gdb shims as static binaries
- packaging/ubuntu: pass GO111MODULE to dh_auto_test
- cmd/libsnap-confine-private, tests, sandbox: remove warnings about
cgroup v2, drop forced devmode
- tests: increase memory quota in quota-groups-systemd-accounting
- tests: be more robust against a new day stepping in
- usersession/xdgopenproxy: move PortalLauncher class to own package
- interfaces/builtin: fix microstack unit tests on distros using
/usr/libexec
- cmd/snap-confine: handle CURRENT_TAGS on systems that support it
- cmd/libsnap-confine-private: device cgroup v2 support
- o/servicestate: Update task summary for restart action
- packaging, tests/lib/prepare-restore: build packages without
network access, fix building debs with go modules
- systemd: add AtLeast() method, add mocking in systemdtest
- systemd: use text.template to generate mount unit
- o/hookstate/ctlcmd: Implement snapctl refresh --show-lock command
- o/snapstate: optimize conflicts around snaps stored on
conditional-auto-refresh task
- tests/lib/prepare.sh: download core20 for UC20 runs via
BASE_CHANNEL
- mount-control: step 1
- go: update go.mod dependencies
- o/snapstate: enforce validation sets on snap install
- tests: revert revert manual lxd removal
- tests: pre-cache snaps in classic and core systems
- tests/lib/nested.sh: split out additional helper for adding files
to VM imgs
- tests: update nested tool - part1
- image/image_linux.go: add newline
- interfaces/block-devices: support to access the state of block
devices
- o/hookstate: require snap-refresh-control interface for snapctl
refresh --proceed
- build-aux: stage libgcc1 library into snapd snap
- configcore: add read-only netplan support
- tests: fix fakedevicesvc service already exists
- tests: fix interfaces-libvirt test
- tests: remove travis leftovers
- spread: bump delta ref to 2.52
- packaging: ship the `snapd.apparmor.service` unit in debian
- packaging: remove duplicated `golang-go` build-dependency
- boot: record recovery capable systems in recovery bootenv
- tests: skip overlord tests on riscv64 due to timeouts.
- overlord/ifacestate: fix arguments in unit tests
- ifacestate: undo repository connection if doConnect fails
- many: remove unused parameters
- tests: failure of prereqs on content interface doesn't prevent
install
- tests/nested/manual/refresh-revert-fundamentals: fix variable use
- strutil: add Intersection()
- o/ifacestate: special-case system-files and force refreshing its
static attributes
- interface/builtin: add qualcomm-ipc-router interface for
AF_QIPCRTR socket protocol
- tests: new snapd-state tool
- codecov: fix files pathnames
- systemd: add mock systemd helper
- tests/nested/core/extra-snaps-assertions: fix the match pattern
- image,c/snap,tests: support enforcing validations in prepare-image
via --customize JSON validation enforce(|ignore)
- o/snapstate: enforce validation sets assertions when removing
snaps
- many: update deps
- interfaces/network-control: additional ethernet rule
- tests: use host-scaled settle timeout for hookstate tests
- many: move to go modules
- interfaces: no need for snapRefreshControlInterface struct
- interfaces: introduce snap-refresh-control interface
- tests: move interfaces-libvirt test back to 16.04
- tests: bump the number of retries when waiting for /dev/nbd0p1
- tests: add more space on ubuntu xenial
- spread: add 21.10 to qemu, remove 20.10 (EOL)
- packaging: add libfuse3-dev build dependency
- interfaces: add microstack-support interface
- wrappers: fix a bunch of duplicated service definitions in tests
- tests: use host-scaled timeout to avoid riscv64 test failure
- many: fix run-checks gofmt check
- tests: spread test for snapctl refresh --pending/--proceed from
the snap
- o/assertstate,daemon: refresh validation sets assertions with snap
declarations
- tests: migrate tests that are only executed on xenial to bionic
- tests: remove opensuse-15.1 and add opensuse-15.3 from spread runs
- packaging: update master changelog for 2.51.7
- sysconfig/cloudinit: fix bug around error state of cloud-init
- interfaces, o/snapstate: introduce AffectsPlugOnRefresh flag
- interfaces/interfaces/ion-memory-control: add: add interface for
ion buf
- interfaces/dsp: add /dev/ambad into dsp interface
- tests: new spread log parser
- tests: check files and dirs are cleaned for each test
- o/hookstate/ctlcmd: unify the error message when context is
missing
- o/hookstate: support snapctl refresh --pending from snap
- many: remove unused/dead code
- cmd/libsnap-confine-private: add BPF support helpers
- interfaces/hardware-observe: add some dmi properties
- snapstate: abort kernel refresh if no gadget update can be found
- many: shellcheck fixes
- cmd/snap: add Size column to refresh --list
- packaging: build without dwarf debugging data
- snapstate: fix misleading `assumes` error message
- tests: fix restore in snapfuse spread tests
- o/assertstate: fix missing 'scheduled' header when auto refreshing
assertions
- o/snapstate: fail remove with invalid snap names
- o/hookstate/ctlcmd: correct err message if missing root
- .github/workflows/test.yaml: fix logic
- o/snapstate: don't hold some snaps if not all snaps can be held by
the given gating snap
- c-vendor.c: new c-vendor subdir
- store: make sure expectedZeroFields in tests gets updated
- overlord: add manager test for "assumes" checking
- store: deal correctly with "assumes" from the store raw yaml
- sysconfig/cloudinit.go: add functions for filtering cloud-init
config
- cgroup-support: allow to hide cgroupv2 warning via ENV
- gadget: Export mkfs functions for use in ubuntu-image
- tests: set to 10 minutes the kill timeout for tests failing on
slow boards
- .github/workflows/test.yaml: test github.events key
- i18n/xgettext-go: preserve already escaped quotes
- cmd/snap-seccomp/syscalls: update syscalls list to libseccomp
v2.2.0-428-g5c22d4b
- github: do not try to upload coverage when working with cached run
- tests/main/services-install-hook-can-run-svcs: shellcheck issue
fix
- interfaces/u2f-devices: add Nitrokey FIDO2
- testutil: add DeepUnsortedMatches Checker
- cmd, packaging: import BPF headers from kernel, detect whether
host headers are usable
- tests: fix services-refresh-mode test
- tests: clean snaps.sh helper
- tests: fix timing issue on security-dev-input-event-denied test
- tests: update systems for sru validation
- .github/workflows: add codedov again
- secboot: remove duplicate import
- tests: stop the service when is active in test interfaces-
firewall-control test
- packaging: remove TEST_GITHUB_AUTOPKGTEST support
- packaging: merge 2.51.6 changelog back to master
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
- tests: remove the test user just when it was installed on create-
user-2 test
- spread: temporarily fix the ownership of /home/ubuntu/.ssh on
21.10
- daemon, o/snapstate: handle IgnoreValidation flag on install (2/3)
- usersession/agent: refactor common JSON validation into own
function
- o/hookstate: allow snapctl refresh --proceed from snaps
- cmd/libsnap-confine-private: fix issues identified by coverity
- cmd/snap: print logs in local timezone
- packaging: changelog for 2.51.5 to master
- build-aux: build with go-1.13 in the snapcraft build too
- config: rename "virtual" config to "external" config
- devicestate: add `snap debug timings --ensure=install-system`
- interfaces/builtin/raw_usb: fix platform typo, fix access to usb
devices accessible through platform
- o/snapstate: remove commented out code
- cmd/snap-device-helper: reimplement snap-device-helper
- cmd/libsnap-confine-private: fix coverity issues in tests, tweak
uses of g_assert()
- o/devicestate/handlers_install.go: add workaround to create dirs
for install
- o/assertstate: implement ValidationSetAssertionForEnforce helper
- clang-format: stop breaking my includes
- o/snapstate: allow auto-refresh limited to snaps affected by a
specific gating snap
- tests: fix core-early-config test to use tests.nested tool
- sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init
datasource
- c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags
to snap/snapctl
- corecfg: add "system.hostname" setting to the system settings
- wrappers: measure time to enable services in StartServices()
- configcore: fix early config timezone handling
- tests/nested/manual: enable serial assertions on testkeys nested
VM's
- configcore: fix a bunch of incorrect error returns
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
- packaging: merge 2.51.4 changelog back to master
- {device,snap}state: skip kernel extraction in seeding
- vendor: move to snapshot-4c814e1 branch and set fixed KDF options
- tests: use bigger storage on ubuntu 21.10
- snap: support links map in snap.yaml (and later from the store
API)
- o/snapstate: add AffectedByRefreshCandidates helper
- configcore: register virtual config for timezone reading
- cmd/libsnap-confine-private: move device cgroup files, add helper
to deny a device
- tests: fix cached-results condition in github actions workflow
- interfaces/tee: add support for Qualcomm qseecom device node
- packaging: fix build failure on bionic and simplify rules
- o/snapstate: affectedByRefresh tweaks
- tests: update nested wait for snapd command
- interfaces/builtin: allow access to per-user GTK CSS overrides
- tests/main/snapd-snap: install 4.x snapcraft to build the snapd
snap
- snap/squashfs: handle squashfs-tools 4.5+
- asserts/snapasserts: CheckPresenceInvalid and
CheckPresenceRequired methods
- cmd/snap-confine: refactor device cgroup handling to enable easier
v2 integration
- tests: skip udp protocol on latest ubuntus
- cmd/libsnap-confine-private: g_spawn_check_exit_status is
deprecated since glib 2.69
- interfaces: s/specifc/specific/
- github: enable gofmt for Go 1.13 jobs
- overlord/devicestate: UC20 specific set-model, managers tests
- o/devicestate, sysconfig: refactor cloud-init config permission
handling
- config: add "virtual" config via config.RegisterVirtualConfig
- packaging: switch ubuntu to use golang-1.13
- snap: change `snap login --help` to not mention "buy"
- tests: removing Ubuntu 20.10, adding 21.04 nested in spread
- tests/many: remove lxd systemd unit to prevent unexpected
leftovers
- tests/main/services-install-hook-can-run-svcs: make variants more
obvious
- tests: force snapd-session-agent.socket to be re-generated
* New upstream release, LP: #1942646
- snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
for the disk (if not present already)
- many: support an API flag system-restart-immediate to make snap
ops proceed immediately with system restarts
- cmd/libsnap-confine-private: g_spawn_check_exit_status is
deprecated since glib 2.69
- interfaces/seccomp: add clone3 to default template
- interfaces/apparmor/template.go: allow inspection of dbus
mediation level
- interfaces/dsp: add a usb rule to the ambarella flavor
- cmd/snap-confine: update s-c apparmor profile to allow versioned
ld.so
- o/ifacestate: don't lose connections if snaps are broken
- interfaces/builtin/opengl.go: add libOpenGL.so* too
- interfaces/hardware-observe: add some dmi properties
- build-aux: stage libgcc1 library into snapd snap
- interfaces/block-devices: support to access the state of block
devices
- packaging: ship the `snapd.apparmor.service` unit in debian
* New upstream release, LP: #1942646
- interface/builtin: add qualcomm-ipc-router interface for
AF_QIPCRTR socket protocol
- o/ifacestate: special-case system-files and force refreshing its
static attributes
- interfaces/network-control: additional ethernet rule
- packaging: update 2.52 changelog with 2.51.7
- interfaces/interfaces/ion-memory-control: add: add interface for
ion buf
- packaging: merge 2.51.6 changelog back to 2.52
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
- many: merge release/2.51 change to release/2.52
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
- o/servicestate: use snap app names for ExplicitServices of
ServiceAction
- tests/main/services-install-hook-can-run-svcs: add variant w/o
--enable
- o/servicestate: revert only start enabled services
- tests: adding Ubuntu 21.10 to spread test suite
- interface/modem-manager: add support for MBIM/QMI proxy clients
- cmd/snap/model: support storage-safety and snaps headers too
- o/assertstate: Implement EnforcedValidationSets helper
- tests: using retry tool for nested tests
- gadget: check for system-save with multi volumes if encrypting
correctly
- interfaces: make the service naming entirely internal to systemd
BE
- tests/lib/reset.sh: fix removing disabled snaps
- store/store_download.go: use system snap provided xdelta3 priority
+ fallback
- packaging: merge changelog from 2.51.3 back to master
- overlord: only start enabled services
- interfaces/builtin: add sd-control interface
- tests/nested/cloud-init-{never-used,nocloud}-not-vuln: fix tests,
use 2.45
- tests/lib/reset.sh: add workaround from refresh-vs-services tests
for all tests
- o/assertstate: check for conflicts when refreshing and committing
validation set asserts
- devicestate: add support to save timings from install mode
- tests: new tests.nested commands copy and wait-for
- install: add a bunch of nested timings
- tests: drop any-python wrapper
- store: set ResponseHeaderTimeout on the default transport
- tests: fix test-snapd-user-service-sockets test removing snap
- tests: moving nested_exec to nested.tests exec
- tests: add tests about services vs snapd refreshes
- client, cmd/snap, daemon: refactor REST API for quotas to match
CLI org
- c/snap,asserts: create/delete-key external keypair manager
interaction
- tests: revert disable of the delta download tests
- tests/main/system-usernames-microk8s: disable on centos 7 too
- boot: support device change
- o/snapstate: remove unused refreshSchedule argument for
isRefreshHeld helper
- daemon/api_quotas.go: handle conflicts, returning conflict
response
- tests: test for gate-auto-refresh hook error resulting in hold
- release: 2.51.2
- snapstate/check_snap: add snap_microk8s to shared system-
usernames
- snapstate: remove temporary snap file for local revisions early
- interface: allows reading sd cards internal info from block-
devices interface
- tests: Renaming tool nested-state to tests.nested
- testutil: fix typo in json checker unit tests
- tests: ack assertions by default, add --noack option
- overlord/devicestate: try to pick alternative recovery labels
during remodel
- bootloader/assets: update recovery grub to allow system labels
generated by snapd
- tests: print serial log just once for nested tests
- tests: remove xenial 32 bits
- sandbox/cgroup: do not be so eager to fail when paths do not exist
- tests: run spread tests in ubuntu bionic 32bits
- c/snap,asserts: start supporting ExternalKeypairManager in the
snap key-related commands
- tests: refresh control spread test
- cmd/libsnap-confine-private: do not fail on ENOENT, better getline
error handling
- tests: disable delta download tests for now until the store is
fixed
- tests/nested/manual/preseed: fix for cloud images that ship
without core18
- boot: properly handle tried system model
- tests/lib/store.sh: revert #10470
- boot, seed/seedtest: tweak test helpers
- o/servicestate: TODO and fix preexisting typo
- o/servicestate: detect conflicts for quota group operations
- cmd/snap/quotas: adjust help texts for quota commands
- many/quotas: little adjustments
- tests: add spread test for classic snaps content slots
- o/snapstate: fix check-rerefresh task summary when refresh control
is used
- many: use changes + tasks for quota group operations
- tests: fix test snap-quota-groups when checking file
cgroupProcsFile
- asserts: introduce ExternalKeypairManager
- o/ifacestate: do not visit same halt tasks in waitChainSearch to
avoid cycles
- tests/lib/store.sh: fix make_snap_installable_with_id()
- overlord/devicestate, overlord/assertstate: use a temporary DB
when creating recovery systems
- corecfg: allow using `# snapd-edit: no` header to disable pi-
config# snapd-edit: no
- tests/main/interfaces-ssh-keys: tweak checks for openSUSE
Tumbleweed
- cmd/snap: prevent cycles in waitChainSearch with snap debug state
- o/snapstate: fix populating of affectedSnapInfo.AffectingSnaps for
marking self as affecting
- tests: new parameter used by retry tool to set env vars
- tests: support parameters for match-log on journal-state tool
- configcore: ignore system.pi-config.* setting on measured kernels
- sandbox/cgroup: support freezing groups with unified
hierarchy
- tests: fix preseed test to used core20 snap on latest systems
- testutil: introduce a checker which compares the type after having
passed them through a JSON marshaller
- store: tweak error message when store.Sections() download fails
- o/servicestate: stop setting DoneStatus prematurely for quota-
control
- cmd/libsnap-confine-private: bump max depth of groups hierarchy to
32
- many: turn Contact into an accessor
- store: make the log with download size a debug one
- cmd/snap-update-ns: Revert "cmd/snap-update-ns: add SRCDIR to
include search path"
- o/devicestate: move SystemMode method before first usage
- tests: skip tests when the sections cannot be retrieved
- boot: support resealing with a try model
- o/hookstate: dedicated handler for gate-auto-refresh hook
- tests: make sure the /root/snap dir is backed up on test snap-
user-dir-perms-fixed
- cmd/snap-confine: make mount ns use check cgroup v2 compatible
- snap: fix TestInstallNoPATH unit test failure when SUDO_UID is set
- cmd/libsnap-confine-private/cgroup-support.c: Fix typo
- cmd/snap-confine, cmd/snapd-generator: fix issues identified by
sparse
- o/snapstate: make conditional-auto-refresh conflict with other
tasks via affected snaps
- many: pass device/model info to configcore via sysconfig.Device
interface
- o/hookstate: return bool flag from Error function of hook handler
to ignore hook errors
- cmd/snap-update-ns: add SRCDIR to include search path
- tests: fix for tests/main/lxd-mount-units test and enable
ubuntu-21.04
- overlord, o/devicestate: use a single test helper for resetting to
a post boot state
- HACKING.md: update instructions for go1.16+
- tests: fix restore for security-dev-input-event-denied test
- o/servicestate: move SetStatus to doQuotaControl
- tests: fix classic-prepare-image test
- o/snapstate: prune gating information and refresh-candidates on
snap removal
- o/svcstate/svcstatetest, daemon/api_quotas: fix some tests, add
mock helper
- cmd: a bunch of tweaks and updates
- o/servicestate: refactor meter handling, eliminate some common
parameters
- o/hookstate/ctlcmd: allow snapctl refresh --pending --proceed
syntax.
- o/snapstate: prune refresh candidates in check-rerefresh
- osutil: pass --extrausers option to groupdel
- o/snapstate: remove refreshed snap from snaps-hold in
snapstate.doInstall
- tests/nested: add spread test for uc20 cloud.conf from gadgets
- boot: drop model from resealing and boostate
- o/servicestate, snap/quota: eliminate workaround for buggy
systemds, add spread test
- o/servicestate: introduce internal and servicestatetest
- o/servicestate/quota_control.go: enforce minimum of 4K for quota
groups
- overlord/servicestate: avoid unnecessary computation of disabled
services
- o/hookstate/ctlcmd: do not call ProceedWithRefresh immediately
from snapctl
- o/snapstate: prune hold state during autoRefreshPhase1
- wrappers/services.go: do not restart disabled or inactive
services
- sysconfig/cloudinit.go: allow installing both gadget + ubuntu-seed
config
- spread: switch LXD back to latest/candidate channel
- interfaces/opengl: add support for Imagination PowerVR
- boot: decouple model from seal/reseal handling via an auxiliary
type
- spread, tests/main/lxd: no longer manual, switch to latest/stable
- github: try out golangci-lint
- tests: set lxd test to manual until failures are fixed
- tests: connect 30% of the interfaces on test interfaces-many-core-
provided
- packaging/debian-sid: update snap-seccomp patches for latest
master
- many: fix imports order (according to gci)
- o/snapstate: consider held snaps in autoRefreshPhase2
- o/snapstate: unlock the state before calling backend in
undoStartSnapServices
- tests: replace "not MATCH" by NOMATCH in tests
- README.md: refer to new IRC server
- cmd/snap-preseed: provide more error info if snap-preseed fails
early on mount
- daemon: add a Daemon argument to AccessChecker.CheckAccess
- c/snap-bootstrap: add bind option with tests
- interfaces/builtin/netlink_driver_test.go: add test snippet
- overlord/devicestate: set up recovery system tasks when attempting
a remodel
- osutil,strutil,testutil: fix imports order (according to gci)
- release: merge 2.51.1 changelog
- cmd: fix imports order (according to gci)
- tests/lib/snaps/test-snapd-policy-app-consumer: remove dsp-control
interface
- o/servicestate: move handlers tests to quota_handlers_test.go file
instead
- interfaces: add netlink-driver interface
- interfaces: remove leftover debug print
- systemd: refactor property parsers for int values in
CurrentTasksCount, etc.
- tests: fix debug section for postrm-purge test
- tests/many: change all cloud-init passwords for ubuntu to use
plain_test_passwd
- asserts,interfaces,snap: fix imports order (according to gci)
- o/servicestate/quota_control_test.go: test the handlers directly
- tests: fix issue when checking the udev tag on test security-
device-cgroups
- many: introduce Store.SnapExists and use it in
/v2/accessories/themes
- o/snapstate: update LastRefreshTime in doLinkSnap handler
- o/hookstate: handle snapctl refresh --proceed and --hold
- boot: fix model inconsistency check in modeenv, extend unit tests
- overlord/servicestate: improve test robustness with locking
- tests: first part of the cleanup
- tests: new note in HACKING file to clarify about
yamlordereddictloader dependency
- daemon: make CheckAccess return an apiError
- overlord: fix imports ordering (according to gci)
- o/servicestate: add quotastate handlers
- boot: track model's sign key ID, prepare infra for tracking
candidate model
- daemon: have apiBaseSuite.errorReq return *apiError directly
- o/servicestate/service_control.go: add comment about
ExplicitServices
- interfaces: builtin: add dm-crypt interface to support external
storage encryption
- daemon: split out error response code from response*.go to
errors*.go
- interfaces/dsp: fix typo in udev rule
- daemon,o/devicestate: have DeviceManager.SystemMode take an
expectation on the system
- o/snapstate: add helpers for setting and querying holding time for
snaps
- many: fix quota groups for centos 7, amazon linux 2 w/ workaround
for buggy systemd
- overlord/servicestate: mv ensureSnapServicesForGroup to new file
- overlord/snapstate: lock the mutex before returning from stop snap
services undo
- daemon: drop resp completely in favor of using respJSON
consistently
- overlord/devicestate: support for snap downloads in recovery
system handlers
- daemon: introduce a separate findResponse, simplify SyncRespone
and drop Meta
- overlord/snapstate, overlord/devicestate: exclusive change
conflict check
- wrappers, packaging, snap-mgmt: handle removing slices on purge
too
- services: remember if acting on the entire snap
- store: extend context and action objects of SnapAction with
validation-sets
- o/snapstate: refresh control - autorefresh phase2
- cmd/snap/quota: refactor quota CLI as per new design
- interfaces: opengl: change path for Xilinx zocl driver
- tests: update spread images for ubuntu-core-20 and ubuntu-21.04
- o/servicestate/quota_control_test.go: change helper escaping
- o/configstate/configcore: support snap set system swap.size=...
- o/devicestate: require serial assertion before remodeling can be
started
- systemd: improve systemctl error reporting
- tests/core/remodel: use model assertions signed with valid keys
- daemon: use apiError for more of the code
- store: fix typo in snapActionResult struct json tag
- userd: mock `systemd --version` in privilegedDesktopLauncherSuite
- packaging/fedora: sync with downstream packaging
- daemon/api_quotas.go: include current memory usage information in
results
- daemon: introduce StructuredResponse and apiError
- o/patch: check if we have snapd snap with correct snap type
already in snapstate
- tests/main/snapd-snap: build the snapd snap on all platforms with
lxd
- tests: new commands for snaps-state tool
- tests/main/snap-quota-groups: add functional spread test for quota
groups
- interfaces/dsp: add /dev/cavalry into dsp interface
- cmd/snap/cmd_info_test.go: make test robust against TZ changes
- tests: moving to tests directories snaps built locally - part 2
- usersession/userd: fix unit tests on systems using /var/lib/snapd
- sandbox/cgroup: wait for pid to be moved to the desired cgroup
- tests: fix snap-user-dir-perms-fixed vs format checks
- interfaces/desktop-launch: support confined snaps launching other
snaps
- features: enable dbus-activation by default
- usersession/autostart: change ~/snap perms to 0700 on startup
- cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-data nosuid
- tests: new test static checker
- release-tool/changelog.py: misc fixes from real world usage
- release-tools/changelog.py: add function to generate github
release template
- spread, tests: Fedora 32 is EOL, drop it
- o/snapstate: bump max postponement from 60 to 95 days
- interfaces/apparmor: limit the number of jobs when running with a
single CPU
- packaging/fedora/snapd.spec: correct date format in changelog
- packaging: merge 2.51 changelog back to master
- packaging/ubuntu-16.04/changelog: add 2.50 and 2.50.1 changelogs,
placeholder for 2.51
- interfaces: allow read access to /proc/tty/drivers to modem-
manager and ppp/dev/tty
* New upstream release, LP: #1929842
- cmd/snap-seccomp/syscalls: update syscalls list to libseccomp
v2.2.0-428-g5c22d4b1
- tests: cherry-pick shellcheck fix `bd730fd4`
- interfaces/dsp: add /dev/ambad into dsp interface
- many: shellcheck fixes
- snapstate: abort kernel refresh if no gadget update can be found
- overlord: add manager test for "assumes" checking
- store: deal correctly with "assumes" from the store raw yaml
* New upstream release, LP: #1929842
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
* New upstream release, LP: #1929842
- snap/squashfs: handle squashfs-tools 4.5+
- tests/core20-install-device-file-install-via-hook-hack: adjust
test for 2.51
- o/devicestate/handlers_install.go: add workaround to create dirs
for install
- tests: fix linter warning
- tests: update other spread tests for new behaviour
- tests: ack assertions by default, add --noack option
- release-tools/changelog.py: also fix opensuse changelog date
format
- release-tools/changelog.py: fix typo in function name
- release-tools/changelog.py: fix fedora date format
- release-tools/changelog.py: handle case where we don't have a TZ
- release-tools/changelog.py: fix line length check
- release-tools/changelog.py: specify the LP bug for the release as
an arg too
- interface/modem-manager: add support for MBIM/QMI proxy
clients
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
* New upstream release, LP: #1929842
- {device,snap}state: skip kernel extraction in seeding
- vendor: move to snapshot-4c814e1 branch and set fixed KDF options
- tests/interfaces/tee: fix HasLen check for udev snippets
- interfaces/tee: add support for Qualcomm qseecom device node
- gadget: check for system-save with multi volumes if encrypting
correctly
- gadget: drive-by: drop unnecessary/supported passthrough in test
gadget.yaml
* New upstream release, LP: #1929842
- interfaces/builtin: add sd-control interface
- store: set ResponseHeaderTimeout on the default transport
* New upstream release, LP: #1929842
- snapstate: remove temporary snap file for local revisions early
- interface: allows reading sd cards internal info from block-
devices interface
- o/ifacestate: do not visit same halt tasks in waitChainSearch to
avoid slow convergence (or unlikely cycles)
- corecfg: allow using `# snapd-edit: no` header to disable pi-
config
- configcore: ignore system.pi-config.* setting on measured kernels
- many: pass device/model info to configcore via sysconfig.Device
interface
- o/configstate/configcore: support snap set system swap.size=...
- store: make the log with download size a debug one
- interfaces/opengl: add support for Imagination PowerVR
* New upstream release, LP: #1929842
- interfaces: add netlink-driver interface
- interfaces: builtin: add dm-crypt interface to support external
storage encryption
- interfaces/dsp: fix typo in udev rule
- overlord/snapstate: lock the mutex before returning from stop
snap services undo
- interfaces: opengl: change path for Xilinx zocl driver
- interfaces/dsp: add /dev/cavalry into dsp interface
- packaging/fedora/snapd.spec: correct date format in changelog
* New upstream release, LP: #1929842
- cmd/snap: stacktraces debug endpoint
- secboot: deactivate volume again when model checker fails
- store: extra log message, a few minor cleanups
- packaging/debian-sid: update systemd patch
- snapstate: adjust update-gadget-assets user visible message
- tests/nested/core/core20-create-recovery: verify that recovery
system can be created at runtime
- gadget: support creating vfat partitions during bootstrap
- daemon/api_quotas.go: support updating quotas with ensure action
- daemon: tighten access to a couple of POST endpoints that should
be really be root-only
- seed/seedtest, overlord/devicestate: move seed validation helper
to seedtest
- overlord/hookstate/ctlcmd: remove unneeded parameter
- snap/quota: add CurrentMemoryUsage for current memory usage of a
quota group
- systemd: add CurrentMemoryUsage to get current memory usage for a
unit
- o/snapstate: introduce minimalInstallInfo interface
- o/hookstate: print pending info (ready, inhibited or none)
- osutil: a helper to find out the total amount of memory in the
system
- overlord, overlord/devicestate: allow for reloading modeenv in
devicemgr when testing
- daemon: refine access testing
- spread: disable unattended-upgrades on debian
- tests/lib/reset: make nc exit after a while when connection is
idle
- daemon: replace access control flags on commands with access
checkers
- release-tools/changelog.py: refactor regexp + file reading/writing
- packaging/debian-sid: update locale patch for the latest master
- overlord/devicestate: tasks for creating recovery systems at
runtime
- release-tools/changelog.py: implement script to update all the
changelog files
- tests: change machine type used for nested testsPrices:
- cmd/snap: include locale when linting description being lower case
- o/servicestate: add RemoveSnapFromQuota
- interfaces/serial-port: add Qualcomm serial port devices to
allowed list
- packaging: merge 2.50.1 changelog back
- interfaces/builtin: introduce raw-input interface
- tests: remove tests.cleanup prepare from nested test
- cmd/snap-update-ns: fix linter errors
- asserts: fix errors reported by linter
- o/hookstate/ctlcmd: allow system-mode for non-root
- overlord/devicestate: comment why explicit system mode check is
needed in ensuring tried recovery systems (#10275)
- overlord/devicesate: observe snap writes when creating recovery
systems
- packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1
- tests: moving to tests directories snaps built locally - part 1
- seed/seedwriter: fail early when system seed directory exists
- o/snapstate: autorefresh phase1 for refresh-control
- c/snap: more precise message for ErrorKindSystemRestart op !=
reboot
- tests: simplify the tests.cleanup tool
- boot: helpers for manipulating current and good recovery systems
list
- o/hookstate, o/snapstate: print revision, version, channel with
snapctl --pending
- overlord: unit test tweaks, use well known snap IDs, setup snap
declarations for most common snaps
- tests/nested/manual: add test for install-device + snapctl reboot
- o/servicestate: restart slices + services on modifications
- tests: update mount-ns test to support changes in the distro
- interfaces: fix linter issues
- overlord: mock logger in managers unit tests
- tests: adding support for fedora-34
- tests: adding support for debian 10 on gce
- boot: reseal given keys when the respective boot chain has changed
- secboot: switch encryption key size to 32 byte (thanks to Chris)
- interfaces/dbus: allow claiming 'well-known' D-Bus names with a
wildcard suffix
- spread: bump delta reference version
- interfaces: builtin: update permitted paths to be compatible with
UC20
- overlord: fix errors reported by linter
- tests: remove old fedora systems from tests
- tests: update spread url
- interfaces/camera: allow devices in /sys/devices/platform/**/usb*
- interfaces/udisks2: Allow access to the login manager via dbus
- cmd/snap: exit normally if "snap changes" has no changes
(LP #1823974)
- tests: more fixes for spread suite on openSUSE
- tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed
- daemon: fix linter errors
- spread: add Fedora 34, leave a TODO about dropping Fedora 32
- interfaces: fix linter errors
- tests: use op.paths tools instead of dirs.sh helper - part 2
- client: Fix linter errors
- cmd/snap: Fix errors reported by linter
- cmd/snap-repair: fix linter issues
- cmd/snap-bootstrap: Fix linter errors
- tests: update permission denied message for test-snapd-event on
ubuntu 2104
- cmd/snap: small tweaks based on previous reviews
- snap/snaptest: helper that mocks both the squashfs file and a snap
directory
- overlord/devicestate: tweak comment about creating recovery
systems, formatting tweaks
- overlord/devicestate: move devicemgr base suite helpers closer to
test suite struct
- overlord/devicestate: keep track of tried recovery system
- seed/seedwriter: clarify in the diagram when SetInfo is called
- overlord/devicestate: add helper for creating recovery systems at
runtime
- snap-seccomp: update syscalls.go list
- boot,image: support image.Customizations.BootFlags
- overlord: support snapctl --halt|--poweroff in gadget install-
device
- features,servicestate: add experimental.quota-groups flag
- o/servicestate: address comments from previous PR
- tests: basic spread test for snap quota commands
- tests: moving the snaps which are not locally built to the store
directory
- image,c/snap: implement prepare-image --customize
- daemon: implement REST API for quota groups (create / list / get)
- cmd/snap, client: snap quotas command
- o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods
and snapctl system-mode
- o/servicestate/quota_control.go: introduce (very) basic group
manipulation methods
- cmd/snap, client: snap remove-quota command
- wrappers, quota: implement quota groups slice generation
- snap/quotas: followups from previous PR
- cmd/snap: introduce 'snap quota' command
- o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in
uc20 run mode
- o/servicestate: test has internal ordering issues, consider both
cases
- o/servicestate/quotas: add functions for getting and setting
quotas in state
- tests: new buckets for snapd-spread project on gce
- spread.yaml: update the gce project to start using snapd-spread
- quota: new package for managing resource groups
- many: bind and check keys against models when using FDE hooks v2
- many: move responsibilities down seboot -> kernel/fde and boot ->
secboot
- packaging: add placeholder changelog
- o/configstate/configcore/vitality: fix RequireMountedSnapdSnap
bug
- overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
Core system
- many: hide EncryptionKey size and refactors for fde hook v2 next
steps
- tests: adding debug info for create user tests
- o/hookstate: add "refresh" command to snapctl (hidden, not
complete yet)
- systemd: wait for zfs mounts (LP #1922293)
- testutil: support referencing files in FileEquals checker
- many: refactor to kernel/fde and allow `fde-setup initial-setup`
to return json
- o/snapstate: store refresh-candidates in the state
- o/snapstate: helper for creating gate-auto-refresh hooks
- bootloader/bootloadertest: provide interface implementation as
mixins, provide a mock for recovery-aware-trusted-asses bootloader
- tests/lib/nested: do not compress images, return early when
restored from pristine image
- boot: split out a helper for making recovery system bootable
- tests: update os.query check to match new bullseye codename used
on sid images
- o/snapstate: helper for getting snaps affected by refresh, define
new hook
- wrappers: support in EnsureSnapServices a callback to observe
changes (#10176)
- gadget: multi line support in gadget's cmdline file
- daemon: test that requesting restart from (early) Ensure works
- tests: use op.paths tools instead of dirs.sh helper - part 1
- tests: add new command to snaps-state to get current core, kernel
and gadget
- boot, gadget: move opening the snap container into the gadget
helper
- tests, overlord: extend unit tests, extend spread tests to cover
full command line support
- interfaces/builtin: introduce dsp interface
- boot, bootloader, bootloader/assets: support for full command line
override from gadget
- overlord/devicestate, overlord/snapstate: add task for updating
kernel command lines from gadget
- o/snapstate: remove unused DeviceCtx argument of
ensureInstallPreconditions
- tests/lib/nested: proper status return for tpm/secure boot checks
- cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars
- wrappers/services.go: refactor helper lambda function to separate
function
- boot/flags.go: add HostUbuntuDataForMode
- boot: handle updating of components that contribute to kernel
command line
- tests: add 20.04 to systems for nested/core
- daemon: add new accessChecker implementations
- boot, overlord/devicestate: consider gadget command lines when
updating boot config
- tests: fix prepare-image-grub-core18 for arm devices
- tests: fix gadget-kernel-refs-update-pc test on arm and when
$TRUST_TEST_KEY is false
- tests: enable help test for all the systems
- boot: set extra command line arguments when preparing run mode
- boot: load bits of kernel command line from gadget snaps
- tests: update layout for tests - part 2
- tests: update layout for tests - part 1
- tests: remove the snap profiler from the test suite
- boot: drop gadget snap yaml which is already defined elsewhere in
the tests
- boot: set extra kernel command line arguments when making a
recovery system bootable
- boot: pass gadget path to command line helpers, load gadget from
seed
- tests: new os.paths tool
- daemon: make ucrednetGet() return a *ucrednet structure
- boot: derive boot variables for kernel command lines
- cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from
initramfs
* New upstream release, LP: #1926005
- interfaces: update permitted /lib/.. paths to be compatible with
UC20
- interfaces: builtin: update permitted paths to be compatible with
UC20
- interfaces/greengrass-support: delete white spaces at the end of
lines
- snap-seccomp: update syscalls.go list
- many: backport kernel command line for 2.50
- interfaces/dbus: allow claiming 'well-known' D-Bus names with a
wildcard suffix
- interfaces/camera: allow devices in /sys/devices/platform/**/usb*
- interfaces/builtin: introduce dsp interface
* New upstream release, LP: #1926005
- overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
Core system
- o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug
- o/servicestate/servicemgr.go: add ensure loop for snap service
units
- wrappers/services.go: introduce EnsureSnapServices()
- snapstate: add "kernel-assets" to featureSet
- systemd: wait for zfs mounts
- overlord: make servicestate responsible to compute
SnapServiceOptions
- boot,tests: move where we write boot-flags one level up
- o/configstate: don't pass --root=/ when
masking/unmasking/enabling/disabling services
- cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to
/run
- gadget: be more flexible with kernel content resolving
- boot, cmd/snap: include extra cmdline args in debug boot-vars
output
- boot: support read/writing boot-flags from userspace/initramfs
- interfaces/pwm: add PWM interface
- tests/lib/prepare-restore.sh: clean out snapd changes and snaps
before purging
- systemd: enrich UnitStatus returned by systemd.Status() with
Installed flag
- tests: updated restore phase of spread tests - part 1
- gadget: add support for kernel command line provided by the gadget
- tests: Using GO111MODULE: "off" in spread.yaml
- features: add gate-auto-refresh-hook feature flag
- spread: ignore linux kernel upgrade in early stages for arch
preparation
- tests: use snaps-state commands and remove them from the snaps
helper
- o/configstate: fix panic with a sequence of config unset ops over
same path
- api: provide meaningful error message on connect/disconnect for
non-installed snap
- interfaces/u2f-devices: add HyperFIDO Pro
- tests: add simple sanity check for systemctl show
--property=UnitFileState for unknown service
- tests: use tests.session tool on interfaces-desktop-document-
portal test
- wrappers: install D-Bus service activation files for snapd session
tools on core
- many: add x-gvfs-hide option to mount units
- interfaces/builtin/gpio_test.go: actually test the generated gpio
apparmor
- spread: tentative workaround for arch failure caused by libc
upgrade and cgroups v2
- tests: add spread test for snap validate against store assertions
- tests: remove snaps which are not used in any test
- ci: set the accept-existing-contributors parameter for the cla-
check action
- daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and
some apiBaseSuite cosmetics)
- o/devicestate/devicemgr: register install-device hook, run if
present in install
- o/configstate/configcore: simple refactors in preparation for new
function
- tests: unifying the core20 nested suite with the core nested suite
- tests: uboot-unpacked-assets updated to reflect the real path used
to find the kernel
- daemon: switch api_test.go to daemon_test and various other
cleanups
- o/configstate/configcore/picfg.go: add hdmi_cvt support
- interfaces/apparmor: followup cleanups, comments and tweaks
- boot: cmd/snap-bootstrap: handle a candidate recovery system v2
- overlord/snapstate: skip catalog refresh when snappy testing is
enabled
- overlord/snapstate, overlord/ifacestate: move late security
profile removal to ifacestate
- snap-seccomp: fix seccomp test on ppc64el
- interfaces, interfaces/apparmor, overlord/snapstate: late removal
of snap-confine apparmor profiles
- cmd/snap-bootstrap/initramfs-mounts: move time forward using
assertion times
- tests: reset the system while preparing the test suite
- tests: fix snap-advise-command check for 429
- gadget: policy for gadget/kernel refreshes
- o/configstate: deal with no longer valid refresh.timer=managed
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- cla-check: Use has-signed-canonical-cla GitHub Action
- tests: validation sets spread test
- tests: simplify the reset.sh logic by removing not needed command
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20
- tests/lib/fde-setup-hook: also verify that fde-reveal-key key data
is base64
- o/devicestate: split off ensuring next boot goes to run mode into
new task
- tests: fix cgroup-tracking test
- boot: export helper for clearing tried system state, add tests
- cmd/snap: use less aggressive client timeouts in unit tests
- daemon: fix signing key validity timestamp in unit tests
- o/{device,hook}state: encode fde-setup-request key as base64
string
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- cmd/snap/pack: unhide the compression option
- boot: extend set try recovery system unit tests
- cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use
secboot's implicit fallback
- o/configstate/configcore: add hdmi_timings to pi-config
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- interfaces/tee: add TEE/OPTEE interface
- o/snapstate: update validation sets assertions with auto-refresh
- vendor: update go-tpm2/secboot to latest version
- seed: ReadSystemEssentialAndBetterEarliestTime
- tests: replace while commands with the retry tool
- interfaces/builtin: update unit tests to use proper distro's
libexecdir
- tests: run the reset.sh helper and check test invariants while the
test is restored
- daemon: switch preexisting daemon_test tests to apiBaseSuite and
.req
- boot, o/devicestate: split makeBootable20 into two parts
- interfaces/docker-support: add autobind unix rules to docker-
support
- interfaces/apparmor: allow reading
/proc/sys/kernel/random/entropy_avail
- tests: use retry tool instead a loops
- tests/main/uc20-create-partitions: fix tests cleanup
- asserts: mode where Database only assumes cur time >= earliest
time
- daemon: validation sets/api tests cleanup
- tests: improve tests self documentation for nested test suite
- api: local assertion fallback when it's not in the store
- api: validation sets monitor mode
- tests: use fs-state tool in interfaces tests
- daemon: move out /v2/login|logout and errToResponse tests from
api_test.go
- boot: helper for inspecting the outcome of a recovery system try
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- tests: update documentation and checks for interfaces tests
- snap-seccomp: add new `close_range` syscall
- boot: revert #10009
- gadget: remove `device-tree{,-origin}` from gadget tests
- boot: simplify systems test setup
- image: write resolved-content from snap prepare-image
- boot: reseal the run key for all recovery systems, but recovery
keys only for the good ones
- interfaces/builtin/network-setup-{control,observe}: allow using
netplan directly
- tests: improve sections prepare and restore - part 1
- tests: update details on task.yaml files
- tests: revert os.query usage in spread.yaml
- boot: export bootAssetsMap as AssetsMap
- tests/lib/prepare: fix repacking of the UC20 kernel snap for with
ubuntu-core-initramfs 40
- client: protect against reading too much data from stdin
- tests: improve tests documentation - part 2
- boot: helper for setting up a try recover system
- tests: improve tests documentation - part 1
- tests/unit/go: use tests.session wrapper for running tests as a
user
- tests: improvements for snap-seccomp-syscalls
- gadget: simplify filterUpdate (thanks to Maciej)
- tests/lib/prepare.sh: use /etc/group and friends from the core20
snap
- tests: fix tumbleweed spread tests part 2
- tests: use new commands of os.query tool on tests
- o/snapshotstate: create snapshots directory on import
- tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list
- packaging: drop 99-snapd.conf via dpkg-maintscript-helper
- osutil: add SetTime() w/ 32-bit and 64-bit implementations
- interfaces/wayland: rm Xwayland Xauth file access from wayland
slot
- packaging/ubuntu-16.04/rules: turn modules off explicitly
- gadget,devicestate: perform kernel asset update for $kernel: style
refs
- cmd/recovery: small fix for `snap recovery` tab output
- bootloader/lkenv: add recovery systems related variables
- tests: fix new tumbleweed image
- boot: fix typo, should be systems
- o/devicestate: test that users.create.automatic is configured
early
- asserts: use Fetcher in AddSequenceToUpdate
- daemon,o/c/configcore: introduce users.create.automatic
- client, o/servicestate: expose enabled state of user daemons
- boot: helper for checking and marking tried recovery system status
from initramfs
- asserts: pool changes for validation-sets (#9930)
- daemon: move the last api_foo_test.go to daemon_test
- asserts: include the assertion timestamp in error message when
outside of signing key validity range
- ovelord/snapshotstate: keep a few of the last line tar prints
before failing
- gadget/many: rm, delay sector size + structure size checks to
runtime
- cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
- interfaces: add allegro-vcu and media-control interfaces
- interfaces: opengl: add Xilinx zocl bits
- mkversion: check that version from changelog is set before
overriding the output version
- many: fix new ineffassign warnings
- .github/workflows/labeler.yaml: try work-around to not sync
labels
- cmd/snap, boot: add debug set-boot-vars
- interfaces: allow reading the Xauthority file KDE Plasma writes
for Wayland sessions
- tests/main/snap-repair: test running repair assertion w/ fakestore
- tests: disable lxd tests for 21.04 until the lxd images are
published for the system
- tests/regression/lp-1910456: cleanup the /snap symlink when done
- daemon: move single snap querying and ops to api_snaps.go
- tests: fix for preseed and dbus tests on 21.04
- overlord/snapshotstate: include the last message printed by tar in
the error
- interfaces/system-observe: Allow reading /proc/zoneinfo
- interfaces: remove apparmor downgrade feature
- snap: fix unit tests on Go 1.16
- spread: disable Go modules support in environment
- tests: use new path to find kernel.img in uc20 for arm devices
- tests: find files before using cat command when checking broadcom-
asic-control interface
- boot: introduce good recovery systems, provide compatibility
handling
- overlord: add manager gadget refresh test
- tests/lib/fakestore: support repair assertions too
- github: temporarily disable action labeler due to issues with
labels being removed
- o/devicestate,many: introduce DeviceManager.preloadGadget for
EarlyConfig
- tests: enable ubuntu 21.04 for spread tests
- snap: provide a useful error message if gdbserver is not installed
- data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1
- tests/lib/prepare.sh: split reflash.sh into two parts
- packaging/opensuse: sync with openSUSE packaging
- packaging: disable Go modules in snapd.mk
- snap: add deprecation noticed to "snap run --gdb"
- daemon: add API for checking and installing available theme snaps
- tests: using labeler action to add automatically a label to run
nested tests
- gadget: improve error handling around resolving content sources
- asserts: repeat the authority cross-check in CheckSignature as
well
- interfaces/seccomp/template.go: allow copy_file_range
- o/snapstate/check_snap.go: add support for many subversions in
assumes snapdX..
- daemon: move postSnap and inst.dispatch tests to api_snaps_test.go
- wrappers: use proper paths for mocked mount units in tests
- snap: rename gdbserver option to `snap run --gdbserver`
- store: support validation sets with fetch-assertions action
- snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky
- packaging/fedora: sync with downstream packaging in Fedora
- many: add Delegate=true to generated systemd units for special
interfaces (master)
- boot: use a common helper for mocking boot assets in cache
- api: validate snaps against validation set assert from the store
- wrappers: don't generate an [Install] section for timer or dbus
activated services
- tests/nested/core20/boot-config-update: skip when snapd was not
built with test features
- o/configstate,o/devicestate: introduce devicestate.EarlyConfig
implemented by configstate.EarlyConfig
- cmd/snap-bootstrap/initramfs-mounts: fix typo in func name
- interfaces/builtin: mock distribution in fontconfig cache unit
tests
- tests/lib/prepare.sh: add another console= to the reflash magic
grub entry
- overlord/servicestate: expose dbus activators of a service
- desktop/notification: test against a real session bus and
notification server implementation
- cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
recover+install
- HACKING.md: explain how to run UC20 spread tests with QEMU
- asserts: introduce AtSequence
- overlord/devicestate: task for updating boot configs, spread test
- gadget: fix documentation/typos
- gadget: cleanup MountedFilesystem{Writer,Updater}
- gadget: use ResolvedSource in MountedFilesystemWriter
- snap/info.go: add doc-comment for SortServices
- interfaces: add an optional mount-host-font-cache plug attribute
to the desktop interface
- osutil: skip TestReadBuildGo inside sbuild
- o/hookstate/ctlcmd: add optional --pid and --apparmor-label
arguments to "snapctl is-connected"
- data/env/snapd: use quoting in case PATH contains spaces
- boot: do not observe successful boot assets if not in run mode
- tests: fix umount for snapd snap on fsck-on-boot testumount:
/run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount
- misc: little tweaks
- snap/info.go: ignore unknown daemons in SortSnapServices
- devicestate: keep log from install-mode on installed system
- seed: add LoadEssentialMeta to seed16 and allow all of its
implementations to be called multiple times
- cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
seeds
- tests/core/uc20-recovery: move recover mode helpers to generic
testslib script
- interfaces/fwupd: allow any distros to access fw files via fwupd
- store: method for fetching validation set assertion
- store: switch to v2/assertions api
- gadget: add new ResolvedContent and populate from LayoutVolume()
- spread: use full format when listing processes
- osutil/many: make all test pkgs osutil_test instead of "osutil"
- tests/unit/go: drop unused environment variables, skip coverage
- OpenGL interface: Support more Tegra libs
- gadget,overlord: pass kernelRoot to install.Run()
- tests: run unit tests in Focal instead of Xenial
- interfaces/browser-support: allow sched_setaffinity with browser-
sandbox: true
- daemon: move query /snaps/<name> tests to api_snaps_test.go
- cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair
runner
- systemd/systemd.go: support journald JSON messages with arrays for
values
- cmd: make string/error code more robust against errno leaking
- github, run-checks: do not collect coverage data on subsequent
test runs
- boot: boot config update & reseal
- o/snapshotstate: handle conflicts between snapshot forget, export
and import
- osutil/stat.go: add RegularFileExists
- cmd/snapd-generator: don't create mount overrides for snap-try
snaps inside lxc
- gadget/gadget.go: rename ubuntu-* to system-* in doc-comment
- tests: use 6 spread workers for centos8
- bootloader/assets: support injecting bootloader assets in testing
builds of snapd
- gadget: enable multi-volume uc20 gadgets in
LaidOutSystemVolumeFromGadget; rename too
- overlord/devicestate, sysconfig: do nothing when cloud-init is not
present
- cmd/snap-repair: filter repair assertions based on bases + modes
- snap-confine: make host /etc/ssl available for snaps on classic
* New upstream release, LP: #1915248
- interfaces/tee: add TEE/OPTEE interface
- o/configstate/configcore: add hdmi_timings to pi-config
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- snap-seccomp: fix seccomp test on ppc64el
- interfaces{,/apparmor}, overlord/snapstate:
late removal of snap-confine apparmor profiles
- overlord/snapstate, wrappers: add dependency on usr-lib-
snapd.mount for services on core with snapd snap
- o/configstate: deal with no longer valid refresh.timer=managed
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- o/{device,hook}state: encode fde-setup-request key as base64
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- tests/main/uc20-create-partitions: fix tests cleanup
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- snap-seccomp: add new `close_range` syscall
* New upstream release, LP: #1915248
- tests: turn modules off explicitly in spread go unti test
- o/snapshotstate: create snapshots directory on import
- cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
- interfaces: add allegro-vcu and media-control interfaces
- interfaces: opengl: add Xilinx zocl bits
- many: fix new ineffassign warnings
- interfaces/seccomp/template.go: allow copy_file_range
- interfaces: allow reading the Xauthority file KDE Plasma writes
for Wayland sessions
- data/selinux: allow system dbus to watch
/var/lib/snapd/dbus-1
- Remove apparmor downgrade feature
- Support tmp and log dirs on Yocto/Poky
* New upstream release, LP: #1915248
- many: add Delegate=true to generated systemd units for special
interfaces
- cmd/snap-bootstrap: rename ModeenvFromModel to
EphemeralModeenvForModel
- cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
recover+install
- osutil: skip TestReadBuildGo inside sbuild
- tests: fix umount for snapd snap on fsck-on-boot test
- snap/info_test.go: add unit test cases for bug
- tests/main/services-after-before: add regression spread test
- snap/info.go: ignore unknown daemons in SortSnapServices
- cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
seeds
- OpenGL interface: Support more Tegra libs
- interfaces/browser-support: allow sched_setaffinity with browser-
sandbox: true
- cmd: make string/error code more robust against errno leaking
- o/snapshotstate: handle conflicts between snapshot forget, export
and import
- cmd/snapd-generator: don't create mount overrides for snap-try
snaps inside lxc
- tests: update test pkg for fedora and centos
- gadget: pass sector size in to mkfs family of functions, use to
select block sz
- o/snapshotstate: fix returning of snap names when duplicated
snapshot is detected
- tests/main/snap-network-errors: skip flushing dns cache on
centos-7
- interfaces/builtin: Allow DBus property access on
org.freedesktop.Notifications
- cgroup-support.c: fix link to CGROUP DELEGATION
- osutil: update go-udev package
- packaging: fix arch-indep build on debian-sid
- {,sec}boot: pass "key-name" to the FDE hooks
- asserts: sort by revision with Sort interface
- gadget: add gadget.ResolveContentPaths()
- cmd/snap-repair: save base snap and mode in device info; other
misc cleanups
- tests: cleanup the run-checks script
- asserts: snapasserts method to validate installed snaps against
validation sets
- tests: normalize test tools - part 1
- snapshotstate: detect duplicated snapshot imports
- interfaces/builtin: fix unit test expecting snap-device-helper at
/usr/lib/snapd
- tests: apply workaround done for snap-advise-command to apt-hooks
test
- tests: skip main part of snap-advise test if 429 error is
encountered
- many: clarify gadget role-usage consistency checks for UC16/18 vs
UC20
- sandbox/cgroup, tess/main: fix unit tests on v2 system, disable
broken tests on sid
- interfaces/builtin: more drive by fixes, import ordering, removing
dead code
- tests: skip interfaces-openvswitch spread test on debian sid
- interfaces/apparmor: drive by comment fix
- cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree
usage
- cmd/libsnap-confine-private: make unit tests execute happily in a
container
- interfaces, wrappers: misc comment fixes, etc.
- asserts/repair.go: add "bases" and "modes" support to the repair
assertion
- interfaces/opengl: allow RPi MMAL video decoding
- snap: skip help output tests for go-flags v1.4.0
- gadget: add validation for "$kernel:ref" style content
- packaging/deb, tests/main/lxd-postrm-purge: fix purge inside
containers
- spdx: update to SPDX license list version: 3.11 2020-11-25
- tests: improve hotplug test setup on classic
- tests: update check to verify is the current system is arm
- tests: use os-query tool to check debian, trusty and tumbleweed
- daemon: start moving implementation to api_snaps.go
- tests/main/snap-validate-basic: disable test on Fedora due to go-
flags panics
- tests: fix library path used for tests.pkgs
- tests/main/cohorts: replace yq with a Python snippet
- run-checks: update to match new argument syntax of ineffassign
- tests: use apiBaseSuite for snapshots tests, fix import endpoint
path
- many: separate consistency/content validation into
gadget.Validate|Content
- o/{device,snap}state: enable devmode snaps with dangerous model
assertions
secboot: add test for when systemd-run does not honor
RuntimeMaxSec
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- o/daemon: validation sets api and basic spread test
- gadget: move BuildPartitionList to install and make it unexported
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- tests: add os query commands for subsystems and architectures
- o/snapshotstate: don't set auto flag in the snapshot file
- tests: use os.query tool instead of comparing the system var
- testutil: use the original environment when calling shellcheck
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and
instead set the implicit labels when loading the yaml
- secboot: add new LockSealedKeys() that uses either TPM/fde-reveal-
key
- gadget/quantity: introduce Offset, start using it for offset
related fields in the gadget
- gadget: use "sealed-keys" to determine what method to use for
reseal
- tests/main/fake-netplan-apply: disable test on xenial for now
- daemon: start splitting snaps op tests out of api_test.go
- testutil: make DBusTest use a custom bus configuration file
- tests: replace pkgdb.sh (library) with tests.pkgs (program)
- gadget: prepare gadget kernel refs (0/N)
- interfaces/builtin/docker-support: allow /run/containerd/s/...
- cmd/snap-preseed: reset run inhibit locks on --reset.
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- daemon: reorg snap.go and split out sections and icons support
from api.go
- sandbox/seccomp: use snap-seccomp's stdout for getting version
info
- daemon: split find support to its own api_*.go files and move some
helpers
- tests: move snapstate config defaults tests to a separate file.
- bootloader/{lk,lkenv}: followups from #9695
- daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite
- gadget,o/devicestate: set implicit values for schema and role
directly instead of relying on Effective* accessors
- daemon: split aliases support to its own api_*.go files
- gadget: start separating rule/convention validation from basic
soundness
- cmd/snap-update-ns: add better unit test for overname sorting
- secboot: use `fde-reveal-key` if available to unseal key
- tests: fix lp-1899664 test when snapd_x1 is not installed in the
system
- tests: fix the scenario when the "$SRC".orig file does not exist
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- devicestate: add runFDESetupHook() helper
- bootloader/lk: add support for UC20 lk bootloader with V2 lkenv
structs
- daemon: split unsupported buy implementation to its own api_*.go
files
- tests: download timeout spread test
- gadget,o/devicestate: hybrid 18->20 ready volume setups should be
valid
- o/devicestate: save model with serial in the device save db
- bootloader: add check for prepare-image time and more tests
validating options
- interfaces/builtin/log_observe.go: allow controlling apparmor
audit levels
- hookstate: refactor around EphemeralRunHook
- cmd/snap: implement 'snap validate' command
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- boot: observe successful command line update, provide a default
- tests: New queries for the os tools
- bootloader/lkenv: specify backup file as arg to NewEnv(), use ""
as path+"bak"
- osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk
iface
- daemon: split out snapctl support and snap configuration support
to their own api_*.go files
- snapshotstate: improve handling of multiple errors
- tests: sign new nested-18|20* models to allow for generic serials
- bootloader: remove installableBootloader interface and methods
- seed: cleanup/drop some no longer valid TODOS, clarify some other
points
- boot: set kernel command line in modeenv during install
- many: rename disks.FindMatching... to FindMatching...WithFsLabel
and err type
- cmd/snap: suppress a case of spurious stdout logging from tests
- hookstate: add new HookManager.EphemeralRunHook()
- daemon: move some more api tests from daemon to daemon_test
- daemon: split apps and logs endpoints to api_apps.go and tests
- interfaces/utf: Add Ledger to U2F devices
- seed/seedwriter: consider modes when checking for deps
availability
- o/devicestate,daemon: fix reboot system action to not require a
system label
- cmd/snap-repair,store: increase initial retry time intervals,
stalling TODOs
- daemon: split interfacesCmd to api_interfaces.go
- github: run nested suite when commit is pushed to release branch
- client: reduce again the /v2/system-info timeout
- tests: reset fakestore unit status
- update-pot: fix typo in plural keyword spec
- tests: remove workarounds that add "ubuntu-save" if missing
- tests: add unit test for auto-refresh with validate-snap failure
- osutil: add helper for getting the kernel command line
- tests/main/uc20-create-partitions: verify ubuntu-save encryption
keys, tweak not MATCH
- boot: add kernel command lines to the modeenv file
- spread: bump delta ref, tweak repacking to make smaller delta
archives
- bootloader/lkenv: add v2 struct + support using it
- snapshotstate: add cleanup of abandonded snapshot imports
- tests: fix uc20-create-parition-* tests for updated gadget
- daemon: split out /v2/interfaces tests to api_interfaces_test.go
- hookstate: implement snapctl fde-setup-{request,result}
- wrappers, o/devicestate: remove EnableSnapServices
- tests: enable nested on 20.10
- daemon: simplify test helpers Get|PostReq into Req
- daemon: move general api to api_general*.go
- devicestate: make checkEncryption fde-setup hook aware
- client/snapctl, store: fix typos
- tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files
before doing apt ops
- cmd/snap-bootstrap: update model cross-check considerations
- client,snapctl: add naive support for "stdin"
- many: add new "install-mode: disable" option
- osutil/disks: allow building on mac os
- data/selinux: update the policy to allow operations on non-tmpfs
/tmp
- boot: add helper for generating candidate kernel lines for
recovery system
- wrappers: generate D-Bus service activation files
- bootloader/many: rm ConfigFile, add Present for indicating
presence of bloader
- osutil/disks: allow mocking DiskFromDeviceName
- daemon: start cleaning up api tests
- packaging/arch: sync with AUR packaging
- bootloader: indicate when boot config was updated
- tests: Fix snap-debug-bootvars test to make it work on arm devices
and core18
- tests/nested/manual/core20-save: verify handling of ubuntu-save
with different system variants
- snap: use the boot-base for kernel hooks
- devicestate: support "storage-safety" defaults during install
- bootloader/lkenv: mv v1 to separate file,
include/lk/snappy_boot_v1.h: little fixups
- interfaces/fpga: add fpga interface
- store: download timeout
- vendor: update secboot repo to avoid including secboot.test binary
- osutil: add KernelCommandLineKeyValue
- gadget/gadget.go: allow system-recovery-{image,select} as roles in
gadget.yaml
- devicestate: implement boot.HasFDESetupHook
- osutil/disks: add DiskFromName to get a disk using a udev name
- usersession/agent: have session agent connect to the D-Bus session
bus
- o/servicestate: preserve order of services on snap restart
- o/servicestate: unlock state before calling wrappers in
doServiceControl
- spread: disable unattended-upgrades on ubuntu
- tests: testing new fedora 33 image
- tests: fix fsck on boot on arm devices
- tests: skip boot state test on arm devices
- tests: updated the systems to run prepare-image-grub test
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- tests: unmount /boot/efi in fsck-on-boot test
- strutil/shlex,osutil/udev/netlink: minimally import go-check
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- tests/many: enable some uc20 tests, delete old unneeded tests or
TODOs
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- tests: migrate test from boot.sh helper to boot-state tool
- asserts: implement "storage-safety" in uc20 model assertion
- bootloader: use ForGadget when installing boot config
- spread: UC20 no longer needs 2GB of mem
- cmd/snap-confine: implement snap-device-helper internally
- bootloader/grub: replace old reference to Managed...Blr... with
Trusted...Blr...
- cmd/snap-bootstrap: add readme for snap-bootstrap + real state
diagram
- interfaces: fix greengrass attr namingThe flavor attribute names
are now as follows:
- tests/lib/nested: poke the API to get the snap revisions
- tests: compare options of mount units created by snapd and snapd-
generator
- o/snapstate,servicestate: use service-control task for service
actions
- sandbox: track applications unconditionally
- interfaces/greengrass-support: add additional "process" flavor for
1.11 update
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
* New upstream release, LP: #1906690
- tests: sign new nested-18|20* models to allow for generic serials
- secboot: add extra paranoia when waiting for that fde-reveal-key
- tests: backport netplan workarounds from #9785
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- secboot: add new LockSealedKeys() that uses either TPM or
fde-reveal-key
- gadget: use "sealed-keys" to determine what method to use for
reseal
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- secboot: use `fde-reveal-key` if available to unseal key
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- o/devicestate: save model with serial in the device save db
- devicestate: add runFDESetupHook() helper
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- hookstate: add new HookManager.EphemeralRunHook()
- update-pot: fix typo in plural keyword spec
- store,cmd/snap-repair: increase initial expontential time
intervals
- o/devicestate,daemon: fix reboot system action to not require a
system label
- github: run nested suite when commit is pushed to release branch
- tests: reset fakestore unit status
- tests: fix uc20-create-parition-* tests for updated gadget
- hookstate: implement snapctl fde-setup-{request,result}
- devicestate: make checkEncryption fde-setup hook aware
- client,snapctl: add naive support for "stdin"
- devicestate: support "storage-safety" defaults during install
- snap: use the boot-base for kernel hooks
- vendor: update secboot repo to avoid including secboot.test binary
* New upstream release, LP: #1906690
- gadget: disable ubuntu-boot role validation check
* New upstream release, LP: #1904098
- osutil: add KernelCommandLineKeyValue
- devicestate: implement boot.HasFDESetupHook
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- bootloader: use ForGadget when installing boot config
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- boot: add scaffolding for "fde-setup" hook support for sealing
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- snap: add new "fde-setup" hooktype
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
- secboot,cmd/snap-bootstrap: fix degraded mode cases with better
device handling
- boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
messiness
- tests/nested/manual/refresh-revert-fundamentals: temporarily
disable secure boot
- snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
boot modes
- many: address degraded recover mode feedback, cleanups
- tests: Use systemd-run on tests part2
- tests: set the opensuse tumbleweed system as manual in spread.yaml
- secboot: call BlockPCRProtectionPolicies even if the TPM is
disabled
- vendor: update to current secboot
- cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
save
- spread.yaml: increase number of workers on 20.10
- snap: add new `snap recovery --show-keys` option
- tests: minor test tweaks suggested in the review of 9607
- snapd-generator: set standard snapfuse options when generating
units for containers
- tests: enable lxd test on ubuntu-core-20 and 16.04-32
- interfaces: share /tmp/.X11-unix/ from host or provider
- tests: enable main lxd test on 20.10
- cmd/s-b/initramfs-mounts: refactor recover mode to implement
degraded mode
- gadget/install: add progress logging
- packaging: keep secboot/encrypt_dummy.go in debian
- interfaces/udev: use distro specific path to snap-device-helper
- o/devistate: fix chaining of tasks related to regular snaps when
preseeding
- gadget, overlord/devicestate: validate that system supports
encrypted data before install
- interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
ESP layout
- many: add /v2/system-recovery-keys API and client
- secboot, many: return UnlockMethod from Unlock* methods for future
usage
- many: mv keys to ubuntu-boot, move model file, rename keyring
prefix for secboot
- tests: using systemd-run instead of manually create a systemd unit
- part 1
- secboot, cmd/snap-bootstrap: enable or disable activation with
recovery key
- secboot: refactor Unlock...IfEncrypted to take keyfile + check
disks first
- secboot: add LockTPMSealedKeys() to lock access to keys
independently
- gadget: correct sfdisk arguments
- bootloader/assets/grub: adjust fwsetup menuentry label
- tests: new boot state tool
- spread: use the official image for Ubuntu 20.10, no longer an
unstable system
- tests/lib/nested: enable snapd logging to console for core18
- osutil/disks: re-implement partition searching for disk w/ non-
adjacent parts
- tests: using the nested-state tool in nested tests
- many: seal a fallback object to the recovery boot chain
- gadget, gadget/install: move helpers to install package, refactor
unit tests
- dirs: add "gentoo" to altDirDistros
- update-pot: include file locations in translation template, and
extract strings from desktop files
- gadget/many: drop usage of gpt attr 59 for indicating creation of
partitions
- gadget/quantity: tweak test name
- snap: fix failing unittest for quantity.FormatDuration()
- gadget/quantity: introduce a new package that captures quantities
- o/devicestate,a/sysdb: make a backup of the device serial to save
- tests: fix rare interaction of tests.session and specific tests
- features: enable classic-preserves-xdg-runtime-dir
- tests/nested/core20/save: check the bind mount and size bump
- o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
- tests: rename hasHooks to hasInterfaceHooks in the ifacestate
tests
- o/devicestate: unit test tweaks
- boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
- testutil, cmd/snap/version: fix misc little errors
- overlord/devicestate: bind mount ubuntu-save under
/var/lib/snapd/save on startup
- gadget/internal: tune ext4 setting for smaller filesystems
- tests/nested/core20/save: a test that verifies ubuntu-save is
present and set up
- tests: update google sru backend to support groovy
- o/ifacestate: handle interface hooks when preseeding
- tests: re-enable the apt hooks test
- interfaces,snap: use correct type: {os,snapd} for test data
- secboot: set metadata and keyslots sizes when formatting LUKS2
volumes
- tests: improve uc20-create-partitions-reinstall test
- client, daemon, cmd/snap: cleanups from #9489 + more unit tests
- cmd/snap-bootstrap: mount ubuntu-save during boot if present
- secboot: fix doc comment on helper for unlocking volume with key
- tests: add spread test for refreshing from an old snapd and core18
- o/snapstate: generate snapd snap wrappers again after restart on
refresh
- secboot: version bump, unlock volume with key
- tests/snap-advise-command: re-enable test
- cmd/snap, snapmgr, tests: cleanups after #9418
- interfaces: deny connected x11 plugs access to ICE
- daemon,client: write and read a maintenance.json file for when
snapd is shut down
- many: update to secboot v1 (part 1)
- osutil/disks/mockdisk: panic if same mountpoint shows up again
with diff opts
- tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
reseal tests
- many: implement snap routine console-conf-start for synchronizing
auto-refreshes
- dirs, boot: add ubuntu-save directories and related locations
- usersession: fix typo in test name
- overlord/snapstate: refactor ihibitRefresh
- overlord/snapstate: stop warning about inhibited refreshes
- cmd/snap: do not hardcode snapshot age value
- overlord,usersession: initial notifications of pending refreshes
- tests: add a unit test for UpdateMany where a single snap fails
- o/snapstate/catalogrefresh.go: don't refresh catalog in install
mode uc20
- tests: also check snapst.Current in undo-unlink tests
- tests: new nested tool
- o/snapstate: implement undo handler for unlink-snap
- tests: clean systems.sh helper and migrate last set of tests
- tests: moving the lib section from systems.sh helper to os.query
tool
- tests/uc20-create-partitions: don't check for grub.cfg
- packaging: make sure that static binaries are indeed static, fix
openSUSE
- many: have install return encryption keys for data and save,
improve tests
- overlord: add link participant for linkage transitions
- tests: lxd smoke test
- tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
seed too
- tests: moving main suite from systems.sh to os.query tool
- tests: moving the core test suite from systems.sh to os.query tool
- cmd/snap-confine: mask host's apparmor config
- o/snapstate: move setting updated SnapState after error paths
- tests: add value to INSTANCE_KEY/regular
- spread, tests: tweaks for openSUSE
- cmd/snap-confine: update path to snap-device-helper in AppArmor
profile
- tests: new os.query tool
- overlord/snapshotstate/backend: specify tar format for snapshots
- tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
UC20
- client,daemon,snap: auto-import does not error on managed devices
- interfaces: PTP hardware clock interface
- tests: use tests.backup tool
- many: verify that unit tests work with nosecboot tag and without
secboot package
- wrappers: do not error out on read-only /etc/dbus-1/session.d
filesystem on core18
- snapshots: import of a snapshot set
- tests: more output for sbuild test
- o/snapstate: re-order remove tasks for individual snap revisions
to remove current last
- boot: skip some unit tests when running as root
- o/assertstate: introduce
ValidationTrackingKey/ValidationSetTracking and basic methods
- many: allow ignoring running apps for specific request
- tests: allow the searching test to fail under load
- overlord/snapstate: inhibit startup while unlinked
- seed/seedwriter/writer.go: check DevModeConfinement for dangerous
features
- tests/main/sudo-env: snap bin is available on Fedora
- boot, overlord/devicestate: list trusted and managed assets
upfront
- gadget, gadget/install: support for ubuntu-save, create one during
install if needed
- spread-shellcheck: temporary workaround for deadlock, drop
unnecessary test
- snap: support different exit-code in the snap command
- logger: use strutil.KernelCommandLineSplit in
debugEnabledOnKernelCmdline
- logger: fix snapd.debug=1 parsing
- overlord: increase refresh postpone limit to 14 days
- spread-shellcheck: use single thread pool executor
- gadget/install,secboot: add debug messages
- spread-shellcheck: speed up spread-shellcheck even more
- spread-shellcheck: process paths from arguments in parallel
- tests: tweak error from tests.cleanup
- spread: remove workaround for openSUSE go issue
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- tests: new tests.backup tool
- tests: add tests.cleanup pop sub-command
- tests: migration of the main suite to snaps-state tool part 6
- tests: fix journal-state test
- cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
recover files
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- boot, gadget, bootloader: observer preserves managed bootloader
configs
- tests/nested/manual: add uc20 grade signed cloud-init test
- o/snapstate/autorefresh.go: eliminate race when launching
autorefresh
- daemon,snapshotstate: do not return "size" from Import()
- daemon: limit reading from snapshot import to Content-Length
- many: set/expect Content-Length header when importing snapshots
- github: switch from ::set-env command to environment file
- tests: migration of the main suite to snaps-state tool part 5
- client: cleanup the Client.raw* and Client.do* method families
- tests: moving main suite to snaps-state tool part 4
- client,daemon,snap: use constant for snapshot content-type
- many: fix typos and repeated "the"
- secboot: fix tpm connection leak when it's not enabled
- many: scaffolding for snapshots import API
- run-checks: run spread-shellcheck too
- interfaces: update network-manager interface to allow
ObjectManager access from unconfined clients
- tests: move core and regression suites to snaps-state tool
- tests: moving interfaces tests to snaps-state tool
- gadget: preserve files when indicated by content change observer
- tests: moving smoke test suite and some tests from main suite to
snaps-state tool
- o/snapshotstate: pass set id to backend.Open, update tests
- asserts/snapasserts: introduce ValidationSets
- o/snapshotstate: improve allocation of new set IDs
- boot: look at the gadget for run mode bootloader when making the
system bootable
- cmd/snap: allow snap help vs --all to diverge purposefully
- usersession/userd: separate bus name ownership from defining
interfaces
- o/snapshotstate: set snapshot set id from its filename
- o/snapstate: move remove-related tests to snapstate_remove_test.go
- desktop/notification: switch ExpireTimeout to time.Duration
- desktop/notification: add unit tests
- snap: snap help output refresh
- tests/nested/manual/preseed: include a system-usernames snap when
preseeding
- tests: fix sudo-env test
- tests: fix nested core20 shellcheck bug
- tests/lib: move to new directory when restoring PWD, cleanup
unpacked unpacked snap directories
- desktop/notification: add bindings for FDO notifications
- dbustest: fix stale comment references
- many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
drop former
- snap-repair: add uc20 support
- tests: print all the serial logs for the nested test
- o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
bug in test
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
as Unknown*
- asserts: deserialize grouping only once in Pool.AddBatch if needed
- gadget: allow content observer to have opinions about a change
- tests: new snaps-state command - part1
- o/assertstate: support refreshing any number of snap-declarations
- boot: use test helpers
- tests/core/snap-debug-bootvars: also check snap_mode
- many/apparmor: adjust rules for reading profile/ execing new
profiles for new kernel
- tests/core/snap-debug-bootvars: spread test for snap debug boot-
vars
- tests/lib/nested.sh: more little tweaks
- tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- overlord: explicitly set refresh-app-awareness in tests
- kernel: remove "edition" from kernel.yaml and add "update"
- spread: drop vendor from the packed project archive
- boot: fix debug bootloader variables dump on UC20 systems
- wrappers, systemd: allow empty root dir and conditionally do not
pass --root to systemctl
- tests/nested/manual: add test for grades above signed booting with
testkeys
- tests/nested: misc robustness fixes
- o/assertstate,asserts: use bulk refresh to refresh snap-
declarations
- tests/lib/prepare.sh: stop patching the uc20 initrd since it has
been updated now
- tests/nested/manual/refresh-revert-fundamentals: re-enable test
- update-pot: ignore .go files inside .git when running xgettext-go
- tests: disable part of the lxd test completely on 16.04.
- o/snapshotstate: tweak comment regarding snapshot filename
- o/snapstate: improve snapshot iteration
- bootloader: lk cleanups
- tests: update to support nested kvm without reboots on UC20
- tests/nested/manual/preseed: disable system-key check for 20.04
image
- spread.yaml: add ubuntu-20.10-64 to qemu
- store: handle v2 error when fetching assertions
- gadget: resolve device mapper devices for fallback device lookup
- tests/nested/cloud-init-many: simplify tests and unify
helpers/seed inputs
- tests: copy /usr/lib/snapd/info to correct directory
- check-pr-title.py * : allow "*" in the first part of the title
- many: typos and small test tweak
- tests/main/lxd: disable cgroup combination for 16.04 that is
failing a lot
- tests: make nested signing helpers less confusing
- tests: misc nested changes
- tests/nested/manual/refresh-revert-fundamentals: disable
temporarily
- tests/lib/cla_check: default to Python 3, tweaks, formatting
- tests/lib/cl_check.py: use python3 compatible code
* New upstream release, LP: #1895929
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- cmd/snap: allow snap help vs --all to diverge purposefully
- snap: snap help output refresh
* New upstream release, LP: #1895929
- tests: fix nested core20 shellcheck bug
- many/apparmor: adjust rule for reading apparmor profile for new
kernel
- snap-repair: add uc20 support
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- gadget: resolve device mapper devices for fallback device lookup
- secboot: add boot manager profile to pcr protection profile
- sysconfig,o/devicestate: mv DisableNoCloud to
DisableAfterLocalDatasourcesRun
- tests: make gadget-reseal more robust
- tests: skip nested images pre-configuration by default
- tests: fix for basic20 test running on external backend and rpi
- tests: improve kernel reseal test
- boot: adjust comments, naming, log success around reseal
- tests/nested, fakestore: changes necessary to run nested uc20
signed/secured tests
- tests: add nested core20 gadget reseal test
- boot/modeenv: track unknown keys in Read and put back into modeenv
during Write
- interfaces/process-control: add sched_setattr to seccomp
- boot: with unasserted kernels reseal if there's a hint modeenv
changed
- client: bump the default request timeout to 120s
- configcore: do not error in console-conf.disable for install mode
- boot: streamline bootstate20.go reseal and tests changes
- boot: reseal when changing kernel
- cmd/snap/model: specify grade in the model command output
- tests: simplify
repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks
- test: improve logging in nested tests
- nested: add support to telnet to serial port in nested VM
- secboot: use the snapcore/secboot native recovery key type
- tests/lib/nested.sh: use more focused cloud-init config for uc20
- tests/lib/nested.sh: wait for the tpm socket to exist
- spread.yaml, tests/nested: misc changes
- tests: add more checks to disk space awareness spread test
- tests: disk space awareness spread test
- boot: make MockUC20Device use a model and MockDevice more
realistic
- boot,many: reseal only when meaningful and necessary
- tests/nested/core20/kernel-failover: add test for failed refresh
of uc20 kernel
- tests: fix nested to work with qemu and kvm
- boot: reseal when updating boot assets
- tests: fix snap-routime-portal-info test
- boot: verify boot chain file in seal and reseal tests
- tests: use full path to test-snapd-refresh.version binary
- boot: store boot chains during install, helper for checking
whether reseal is needed
- boot: add call to reseal an existing key
- boot: consider boot chains with unrevisioned kernels incomparable
- overlord: assorted typos and miscellaneous changes
- boot: group SealKeyModelParams by model, improve testing
- secboot: adjust parameters to buildPCRProtectionProfile
- strutil: add SortedListsUniqueMergefrom the doc comment:
- snap/naming: upgrade TODO to TODO:UC20
- secboot: add call to reseal an existing key
- boot: in seal.go adjust error message and function names
- o/snapstate: check available disk space in RemoveMany
- boot: build bootchains data for sealing
- tests: remove "set -e" from function only shell libs
- o/snapstate: disk space check on UpdateMany
- o/snapstate: disk space check with snap update
- snap: implement new `snap reboot` command
- boot: do not reorder boot assets when generating predictable boot
chains and other small tweaks
- tests: some fixes and improvements for nested execution
- tests/core/uc20-recovery: fix check for at least specific calls to
mock-shutdown
- boot: be consistent using bootloader.Role* consts instead of
strings
- boot: helper for generating secboot load chains from a given boot
asset sequence
- boot: tweak boot chains to support a list of kernel command lines,
keep track of model and kernel boot file
- boot,secboot: switch to expose and use snapcore/secboot load event
trees
- tests: use `nested_exec` in core{20,}-early-config test
- devicestate: enable cloud-init on uc20 for grade signed and
secured
- boot: add "rootdir" to baseBootenvSuite and use in tests
- tests/lib/cla_check.py: don't allow users.noreply.github.com
commits to pass CLA
- boot: represent boot chains, helpers for marshalling and
equivalence checks
- boot: mark successful with boot assets
- client, api: handle insufficient space error
- o/snapstate: disk space check with single snap install
- configcore: "service.console-conf.disable" is gadget defaults only
- packaging/opensuse: fix for /usr/libexec on TW, do not hardcode
AppArmor profile path
- tests: skip udp protocol in nfs-support test on ubuntu-20.10
- packaging/debian-sid: tweak code preparing _build tree
- many: move seal code from gadget/install to boot
- tests: remove workaround for cups on ubuntu-20.10
- client: implement RebootToSystem
- many: seed.Model panics now if called before LoadAssertions
- daemon: add /v2/systems "reboot" action API
- github: run tests also on push to release branches
- interfaces/bluez: let slot access audio streams
- seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with
new seed.ReadSystemEssential
- interfaces: allow snap-update-ns to read /proc/cmdline
- tests: new organization for nested tests
- o/snapstate, features: add feature flags for disk space awareness
- tests: workaround for cups issue on 20.10 where default printer is
not configured.
- interfaces: update cups-control and add cups for providing snaps
- boot: keep track of the original asset when observing updates
- tests: simplify and fix tests for disk space checks on snap remove
- sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for
cloud.conf
- tests/main: mv core specific tests to core suite
- tests/lib/nested.sh: reset the TPM when we create the uc20 vm
- devicestate: rename "mockLogger" to "logbuf"
- many: introduce ContentChange for tracking gadget content in
observers
- many: fix partion vs partition typo
- bootloader: retrieve boot chains from bootloader
- devicestate: add tests around logging in RequestSystemAction
- boot: handle canceled update
- bootloader: tweak doc comments (thanks Samuele)
- seed/seedwriter: test local asserted snaps with UC20 grade signed
- sysconfig/cloudinit.go: add DisableNoCloud to
CloudInitRestrictOptions
- many: use BootFile type in load sequences
- boot,bootloader: clarifications after the changes to introduce
bootloader.Options.Role
- boot,bootloader,gadget: apply new bootloader.Options.Role
- o/snapstate, features: add feature flag for disk space check on
remove
- testutil: add checkers for symbolic link target
- many: refactor tpm seal parameter setting
- boot/bootstate20: reboot to rollback to previous kernel
- boot: add unit test helpers
- boot: observe update & rollback of trusted assets
- interfaces/utf: Add MIRKey to u2f devices
- o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20
cloud-init tests
- many: check that users of BaseTest don't forget to consume
cleanups
- tests/nested/core20/tpm: verify trusted boot assets tracking
- github: run macOS job with Go 1.14
- many: misc doc-comment changes and typo fixes
- o/snapstate: disk space check with InstallMany
- many: cloud-init cleanups from previous PR's
- tests: running tests on opensuse leap 15.2
- run-checks: check for dirty build tree too
- vendor: run ./get-deps.sh to update the secboot hash
- tests: update listing test for "-dirty" versions
- overlord/devicestate: do not release the state lock when updating
gadget assets
- secboot: read kernel efi image from snap file
- snap: add size to the random access file return interface
- daemon: correctly parse Content-Type HTTP header.
- tests: account for apt-get on core18
- cmd/snap-bootstrap/initramfs-mounts: compute string outside of
loop
- mkversion.sh: simple hack to include dirty in version if the tree
is dirty
- cgroup,snap: track hooks on system bus only
- interfaces/systemd: compare dereferenced Service
- run-checks: only check files in git for misspelling
- osutil: add a package doc comment (via doc.go)
- boot: complain about reused asset name during initial install
- snapstate: installSize helper that calculates total size of snaps
and their prerequisites
- snapshots: export of snapshots
- boot/initramfs_test.go: reset boot vars on the bootloader for each
iteration
* New upstream release, LP: #1891134
- interfaces: allow snap-update-ns to read
/proc/cmdline
- github: run macOS job with Go 1.14
- o/snapstate, features: add feature flag for disk space check on
remove
- tests: account for apt-get on core18
- mkversion.sh: include dirty in version if the tree
is dirty
- interfaces/systemd: compare dereferenced Service
- vendor.json: update mysterious secboot SHA again
* New upstream release, LP: #1891134
- logger: add support for setting snapd.debug=1 on kernel cmdline
- o/snapstate: check disk space before creating automatic snapshot
on remove
- boot, o/devicestate: observe existing recovery bootloader trusted
boot assets
- many: use transient scope for tracking apps and hooks
- features: add HiddenSnapFolder feature flag
- tests/lib/nested.sh: fix partition typo, unmount the image on uc20
too
- runinhibit: open the lock file in read-only mode in IsLocked
- cmd/s-b/initramfs-mounts: make recover -> run mode transition
automatic
- tests: update spread test for unknown plug/slot with snapctl is-
connected
- osutil: add OpenExistingLockForReading
- kernel: add kernel.Validate()
- interfaces: add vcio interface
- interfaces/{docker,kubernetes}-support: load overlay and support
systemd cgroup driver
- tests/lib/nested.sh: use more robust code for finding what loop
dev we mounted
- cmd/snap-update-ns: detach all bind-mounted file
- snap/snapenv: set SNAP_REAL_HOME
- packaging: umount /snap on purge in containers
- interfaces: misc policy updates xlvi
- secboot,cmd/snap-bootstrap: cross-check partitions before
unlocking, mounting
- boot: copy boot assets cache to new root
- gadget,kernel: add new kernel.{Info,Asset} struct and helpers
- o/hookstate/ctlcmd: make is-connected check whether the plug or
slot exists
- tests: find -ignore_readdir_race when scanning cgroups
- interfaces/many: deny arbitrary desktop files and misc from
/usr/share
- tests: use "set -ex" in prep-snapd-in-lxd.sh
- tests: re-enable udisks test on debian-sid
- cmd/snapd-generator: use PATH fallback if PATH is not set
- tests: disable udisks2 test on arch linux
- github: use latest/stable go, not latest/edge
- tests: remove support for ubuntu 19.10 from spread tests
- tests: fix lxd test wrongly tracking 'latest'
- secboot: document exported functions
- cmd: compile snap gdbserver shim correctly
- many: correctly calculate the desktop file prefix everywhere
- interfaces: add kernel-crypto-api interface
- corecfg: add "system.timezone" setting to the system settings
- cmd/snapd-generator: generate drop-in to use fuse in container
- cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments
from previous PR
- interfaces/many: miscellaneous updates for strict microk8s
- secboot,cmd/snap-bootstrap: don't import boot package from secboot
- cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of
the-tool
- tests: work around broken update of systemd-networkd
- tests/main/install-fontconfig-cache-gen: enhance test by
verifying, add fonts to test
- o/devicestate: wrap asset update observer error
- boot: refactor such that bootStateUpdate20 mainly carries Modeenv
- mkversion.sh: disallow changelog versions that have git in it, if
we also have git version
- interfaces/many: miscellaneous updates for strict microk8s
- snap: fix repeated "cannot list recovery system" and add test
- boot: track trusted assets during initial install, assets cache
- vendor: update secboot to fix key data validation
- tests: unmount FUSE file-systems from XDG runtime dir
- overlord/devicestate: workaround non-nil interface with nil struct
- sandbox/cgroup: remove temporary workaround for multiple cgroup
writers
- sandbox/cgroup: detect dangling v2 cgroup
- bootloader: add helper for creating a bootloader based on gadget
- tests: support different images on nested execution
- many: reorg cmd/snapinfo.go into snap and new client/clientutil
- packaging/arch: use external linker when building statically
- tests: cope with ghost cgroupv2
- tests: fix issues related to restarting systemd-logind.service
- boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to
gadget updates
- vendor: update github.com/kr/pretty to fix diffs of values with
pointer cycles
- boot: move bootloaderKernelState20 impls to separate file
- .github/workflows: move snap building to test.yaml as separate
cached job
- tests/nested/manual/minimal-smoke: run core smoke tests in a VM
meeting minimal requirements
- osutil: add CommitAs to atomic file
- gadget: introduce content update observer
- bootloader: introduce TrustedAssetsBootloader, implement for grub
- o/snapshotstate: helpers for calculating disk space needed for an
automatic snapshot
- gadget/install: retrieve command lines from bootloader
- boot/bootstate20: unify commit method impls, rm
bootState20MarkSuccessful
- tests: add system information and image information when debug
info is displayed
- tests/main/cgroup-tracking: try to collect some information about
cgroups
- boot: introduce current_boot_assets and
current_recovery_boot_assets to modeenv
- tests: fix for timing issues on journal-state test
- many: remove usage and creation of hijacked pid cgroup
- tests: port regression-home-snap-root-owned to tests.session
- tests: run as hightest via tests.session
- github: run CLA checks on self-hosted workers
- github: remove Ubuntu 19.10 from actions workflow
- tests: remove End-Of-Life opensuse/fedora releases
- tests: remove End-Of-Life releases from spread.yaml
- tests: fix debug section of appstream-id test
- interfaces: check !b.preseed earlier
- tests: work around bug in systemd/debian
- boot: add deepEqual, Copy helpers for Modeenv to simplify
bootstate20 refactor
- cmd: add new "snap recovery" command
- interfaces/systemd: use emulation mode when preseeding
- interfaces/kmod: don't load kernel modules in kmod backend when
preseeding
- interfaces/udev: do not reload udevadm rules when preseeding
- cmd/snap-preseed: use snapd from the deb if newer than from seeds
- boot: fancy marshaller for modeenv values
- gadget, osutil: use atomic file copy, adjust tests
- overlord: use new tracking cgroup for refresh app awareness
- github: do not skip gofmt with Go 1.9/1.10
- many: introduce content write observer, install mode glue, initial
seal stubs
- daemon,many: switch to use client.ErrorKind and drop the local
errorKind...
- tests: new parameters for nested execution
- client: move all error kinds into errors.go and add doc strings
- cmd/snap: display the error in snap debug seeding if seeding is in
error
- cmd/snap/debug/seeding: use unicode for proper yaml
- tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty
recovery_mode
- osutil/disks: add mock disk and tests for happy path of mock disks
- tests: refresh/revert snapd in uc20
- osutil/disks: use a dedicated error to indicate a fs label wasn't
found
- interfaces/system-key: in WriteSystemKey during tests, don't call
ParserFeatures
- boot: add current recovery systems to modeenv
- bootloader: extend managed assets bootloader interface to compose
a candidate command line
- interfaces: make the unmarshal test match more the comment
- daemon/api: use pointers to time.Time for debug seeding aspect
- o/ifacestate: update security profiles in connect undo handler
- interfaces: add uinput interface
- cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit
tests
- o/devicestate: save seeding/preseeding times for use with debug
seeding api
- cmd/snap/debug: add "snap debug seeding" command for preseeding
debugging
- tests/main/selinux-clean: workaround SELinux denials triggered by
linger setup on Centos8
- bootloader: compose command line with mode and extra arguments
- cmd/snap, daemon: detect and bail purge on multi-snap
- o/ifacestate: fix bug in snapsWithSecurityProfiles
- interfaces/builtin/multipass: replace U+00A0 no-break space with
simple space
- bootloader/assets: generate bootloader assets from files
- many/tests/preseed: reset the preseeded images before preseeding
them
- tests: drop accidental accents from e
- secboot: improve key sealing tests
- tests: replace _wait_for_file_change with retry
- tests: new fs-state which replaces the files.sh helper
- sysconfig/cloudinit_test.go: add test for initramfs case, rm "/"
from path
- cmd/snap: track started apps and hooks
- tests/main/interfaces-pulseaudio: disable start limit checking for
pulseaudio service
- api: seeding debug api
- .github/workflows/snap-build.yaml: build the snapd snap via GH
Actions too
- tests: moving journalctl.sh to a new journal-state tool
- tests/nested/manual: add spread tests for cloud-init vuln
- bootloader/assets: helpers for registering per-edition snippets,
register snippets for grub
- data,packaging,wrappers: extend D-Bus service activation search
path
- spread: add opensuse 15.2 and tumbleweed for qemu
- overlord,o/devicestate: restrict cloud-init on Ubuntu Core
- sysconfig/cloudinit: add RestrictCloudInit
- cmd/snap-preseed: check that target path exists and is a directory
on --reset
- tests: check for pids correctly
- gadget,gadget/install: refactor partition table update
- sysconfig/cloudinit: add CloudInitStatus func + CloudInitState
type
- interface/fwupd: add more policies for making fwupd upstream
strict
- tests: new to-one-line tool which replaces the strings.sh helper
- interfaces: new helpers to get and compare system key, for use
with seeding debug api
- osutil, many: add helper for checking whether the process is a go
test binary
- cmd/snap-seccomp/syscalls: add faccessat2
- tests: adjust xdg-open after launcher changes
- tests: new core config helper
- usersession/userd: do not modify XDG_DATA_DIRS when calling xdg-
open
- cmd/snap-preseed: handle relative chroot path
- snapshotstate: move sizer to osutil.Sizer()
- tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref
kernel tests
- gadget/install,secboot: use snapcore/secboot luks2 api
- boot/initramfs_test.go: add Commentf to more Assert()'s
- tests/lib: account for changes in arch package file name extension
- bootloader/bootloadertest: fix comment typo
- bootloader: add helper for getting recovery system environment
variables
- tests: preinstall shellcheck and run tests on focal
- strutil: add a helper for parsing kernel command line
- osutil: add CheckFreeSpace helper
- secboot: update tpm connection error handling
- packaging, cmd/snap-mgmt, tests: remove modules files on purge
- tests: add tests.cleanup helper
- packaging: add "ca-certificates" to build-depends
- tests: more checks in core20 early config spread test
- tests: fix some snapstate tests to use pointers for
snapmgrTestSuite
- boot: better naming of helpers for obtaining kernel command line
- many: use more specific check for unit test mocking
- systemd/escape: fix issues with "" and "\t" handling
- asserts: small improvements and corrections for sequence-forming
assertions' support
- boot, bootloader: query kernel command line of run mod and
recovery mode systems
- snap/validate.go: disallow snap layouts with new top-level
directories
- tests: allow to add a new label to run nested tests as part of PR
validation
- tests/core/gadget-update-pc: port to UC20
- tests: improve nested tests flexibility
- asserts: integer headers: disallow prefix zeros and make parsing
more uniform
- asserts: implement Database.FindSequence
- asserts: introduce SequenceMemberAfter in the asserts backstores
- spread.yaml: remove tests/lib/tools from PATH
- overlord: refuse to install snaps whose activatable D-Bus services
conflict with installed snaps
- tests: shorten lxd-state undo-mount-changes
- snap-confine: don't die if a device from sysfs path cannot be
found by udev
- tests: fix argument handling of apt-state
- tests: rename lxd-tool to lxd-state
- tests: rename user-tool to user-state, fix --help
- interfaces: add gconf interface
- sandbox/cgroup: avoid parsing security tags twice
- tests: rename version-tool to version-compare
- cmd/snap-update-ns: handle anomalies better
- tests: fix call to apt.Package.mark_install(auto_inst=True)
- tests: rename mountinfo-tool to mountinfo.query
- tests: rename memory-tool to memory-observe-do
- tests: rename invariant-tool to tests.invariant
- tests: rename apt-tool to apt-state
- many: managed boot config during run mode setup
- asserts: introduce the concept of sequence-forming assertion types
- tests: tweak comments/output in uc20-recovery test
- tests/lib/pkgdb: do not use quiet when purging debs
- interfaces/apparmor: allow snap-specific /run/lock
- interfaces: add system-source-code for access to /usr/src
- sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data
- gadget/install: move udev trigger to gadget/install
- many: make nested spread tests more reliable
- tests/core/uc20-recovery: apply hack to get gopath in recover mode
w/ external backend
- tests: enable tests on uc20 which now work with the real model
assertion
- tests: enable system-snap-refresh test on uc20
- gadget, bootloader: preserve managed boot assets during gadget
updates
- tests: fix leaked dbus-daemon in selinux-clean
- tests: add servicestate.Control tests
- tests: fix "restart.service"
- wrappers: helper for enabling services - extract and move enabling
of services into a helper
- tests: new test to validate refresh and revert of kernel and
gadget on uc20
- tests/lib/prepare-restore: collect debug info when prepare purge
fails
- bootloader: allow managed bootloader to update its boot config
- tests: Remove unity test from nightly test suite
- o/devicestate: set mark-seeded to done in the task itself
- tests: add spread test for disconnect undo caused by failing
disconnect hook
- sandbox/cgroup: allow discovering PIDs of given snap
- osutil/disks: support IsDecryptedDevice for mountpoints which are
dm devices
- osutil: detect autofs mounted in /home
- spread.yaml: allow amazon-linux-2-64 qemu with
ec2-user/ec2-user
- usersession: support additional zoom URL schemes
- overlord: mock timings.DurationThreshold in TestNewWithGoodState
- sandbox/cgroup: add tracking helpers
- tests: detect stray dbus-daemon
- overlord: refuse to install snaps providing user daemons on Ubuntu
14.04
- many: move encryption and installer from snap-boostrap to gadget
- o/ifacestate: fix connect undo handler
- interfaces: optimize rules of multiple connected iio/i2c/spi plugs
- bootloader: introduce managed bootloader, implement for grub
- tests: fix incorrect check in smoke/remove test
- asserts,seed: split handling of essential/not essential model
snaps
- gadget: fix typo in mounted filesystem updater
- gadget: do only one mount point lookup in mounted fs updater
- tests/core/snap-auto-mount: try to make the test more robust
- tests: adding ubuntu-20.04 to google-sru backend
- o/servicestate: add updateSnapstateServices helper
- bootloader: pull recovery grub config from internal assets
- tests/lib/tools: apply linger workaround when needed
- overlord/snapstate: graceful handling of denied "managed" refresh
schedule
- snapstate: fix autorefresh from classic->strict
- overlord/configstate: add system.kernel.printk.console-loglevel
option
- tests: fix assertion disk handling for nested UC systems
- snapstate: use testutil.HostScaledTimeout() in snapstate tests
- tests: extra worker for google-nested backend to avoid timeout
error on uc20
- snapdtool: helper to check whether the current binary is reexeced
from a snap
- tests: mock servicestate in api tests to avoid systemctl checks
- many: rename back snap.Info.GetType to Type
- tests/lib/cla_check: expect explicit commit range
- osutil/disks: refactor diskFromMountPointImpl a bit
- o/snapstate: service-control task handler
- osutil: add disks pkg for associating mountpoints with
disks/partitions
- gadget,cmd/snap-bootstrap: move partitioning to gadget
- seed: fix LoadEssentialMeta when gadget is not loaded
- cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo
secure_path
- asserts: introduce new assertion validation-set
- asserts,daemon: add support for "serials" field in system-user
assertion
- data/sudo: drop a failed sudo secure_path workaround
- gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat
- boot, snap-bootstrap: move initramfs-mounts logic to boot pkg
- spread.yaml: update secure boot attribute name
- interfaces/block_devices: add NVMe subsystem devices, support
multipath paths
- tests: use the "jq" snap from the edge channel
- tests: simplify the tpm test by removing the test-snapd-mokutil
snap
- boot/bootstate16.go: clean snap_try_* vars when not in Trying
status too
- tests/main/sudo-env: check snap path under sudo
- tests/main/lxd: add test for snaps inside nested lxd containers
not working
- asserts/internal: expand errors about invalid serialized grouping
labels
- usersession/userd: add msteams url support
- tests/lib/prepare.sh: adjust comment about sgdisk
- tests: fix how gadget pc is detected when the snap does not exist
and ls fails
- tests: move a few more tests to snapstate_update_test.go
- tests/main: add spread test for running svc from install hook
- tests/lib/prepare: increase the size of the uc16/uc18 partitions
- tests/special-home-can-run-classic-snaps: re-enable
- workflow: test PR title as part of the static checks again
- tests/main/xdg-open-compat: backup and restore original xdg-open
- tests: move update-related tests to snapstate_update_test.go
- cmd,many: move Version and bits related to snapd tools to
snapdtool, merge cmdutil
- tests/prepare-restore.sh: reset-failed systemd-journald before
restarting
- interfaces: misc small interface updates
- spread: use find rather than recursive ls, skip mounted snaps
- tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls
/var/lib/snapd
- tests: enable snap-auto-mount test on core20
- cmd/snap: do not show $PATH warning when executing under sudo on a
known distro
- asserts/internal: add some iteration benchmarks
- sandbox/cgroup: improve pid parsing code
- snap: add new `snap run --experimental-gdbserver` option
- asserts/internal: limit Grouping size switching to a bitset
representationWe don't always use the bit-set representation
because:
- snap: add an activates-on property to apps for D-Bus activation
- dirs: delete unused Cloud var, fix typo
- sysconfig/cloudinit: make callers of DisableCloudInit use
WritableDefaultsDir
- tests: fix classic ubuntu core transition auth
- tests: fail in setup_reflash_magic() if there is snapd state left
- tests: port interfaces-many-core-provided to tests.session
- tests: wait after creating partitions with sfdisk
- bootloader: introduce bootloarder assets, import grub.cfg with an
edition marker
- riscv64: bump timeouts
- gadget: drop dead code, hide exports that are not used externally
- tests: port 2 uc20 part1
- tests: fix bug waiting for snap command to be ready
- tests: move try-related tests to snapstate_try_test.go
- tests: add debug for 20.04 prepare failure
- travis.yml: removed, all our checks run in GH actions now
- tests: clean up up the use of configcoreSuite in the configcore
tests
- sandbox/cgroup: remove redundant pathOfProcPidCgroup
- sandbox/cgroup: add tests for ParsePids
- tests: fix the basic20 test for uc20 on external backend
- tests: use configcoreSuite in journalSuite and remove some
duplicated code
- tests: move a few more tests to snapstate_install_test
- tests: assorted small patches
- dbusutil/dbustest: separate license from package
- interfaces/builtin/time-control: allow POSIX clock API
- usersession/userd: add "slack" to the white list of URL schemes
handled by xdg-open
- tests: check that host settings like hostname are settable on core
- tests: port xdg-settings test to tests.session
- tests: port snap-handle-link test to tests.session
- arch: add riscv64
- tests: core20 early defaults spread test
- tests: move install tests from snapstate_test.go to
snapstate_install_test.go
- github: port macOS sanity checks from travis
- data/selinux: allow checking /var/cache/app-info
- o/devicestate: core20 early config from gadget defaults
- tests: autoremove after removing lxd in preseed-lxd test
- secboot,cmd/snap-bootstrap: add tpm sealing support to secboot
- sandbox/cgroup: move FreezerCgroupDir from dirs.go
- tests: update the file used to detect the boot path on uc20
- spread.yaml: show /var/lib/snapd in debug
- cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock +
netplan files
- snap/naming: add helpers to parse app and hook security tags
- tests: modernize retry tool
- tests: fix and trim debug section in xdg-open-portal
- tests: modernize and use snapd.tool
- vendor: update to latest github.com/snapcore/bolt for riscv64
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellaneous policy updates xlv
- interfaces/system-packages-doc: fix typo in variable names
- tests: port interfaces-calendar-service to tests.session
- tests: install/run the lzo test snap too
- snap: (small) refactor of `snap download` code for
testing/extending
- data: fix shellcheck warnings in snapd.sh.in
- packaging: disable buildmode=pie for riscv64
- tests: install test-snapd-rsync snap from edge channel
- tests: modernize tests.session and port everything using it
- tests: add ubuntu 20.10 to spread tests
- cmd/snap/remove: mention snap restore/automatic snapshots
- dbusutil: move all D-Bus helpers and D-Bus test helpers
- wrappers: pass 'disable' flag to StopServices wrapper
- osutil: enable riscv64 build
- snap/naming: add ParseSecurityTag and friends
- tests: port document-portal-activation to session-tool
- bootloader: rename test helpers to reflect we are mocking EFI boot
locations
- tests: disable test of nfs v3 with udp proto on debian-sid
- tests: plan to improve the naming and uniformity of utilities
- tests: move *-tool tests to their own suite
- snap-bootstrap: remove sealed key file on reinstall
- bootloader/ubootenv: don't panic with an empty uboot env
- systemd: rename actualFsTypeAndMountOptions to
hostFsTypeAndMountOptions
- daemon: fix filtering of service-control changes for snap.app
- tests: spread test for preseeding in lxd container
- tests: fix broken snapd.session agent.socket
- wrappers: add RestartServices function and ReloadOrRestart to
systemd
- o/cmdstate: handle ignore flag on exec-command tasks
- gadget: make ext4 filesystems with or without metadata checksum
- tests: update statx test to run on all LTS releases
- configcore: show better error when disabling services
- interfaces: add hugepages-control
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- tests: run ubuntu-20.04-* tests on all ubuntu-2* releases
- tests: skip interfaces-openvswitch for centos 8 in nightly suite
- tests: reload systemd --user for root, if present
- tests: reload systemd after editing /etc/fstab
- tests: add missing dependencies needed for sbuild test on debian
- tests: reload systemd after removing pulseaudio
- image, tests: core18 early config.
- interfaces: add system-packages-doc interface
- cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when
preseeding
- interfaces/fwupd: allow bind mount to /boot on core
- tests: improve oom-vitality tests
- tests: add fedora 32 to spread.yaml
- config: apply vitality-hint immediately when the config changes
- tests: port snap-routine-portal-info to session-tool
- configcore: add "service.console-conf.disable" config option
- tests: port xdg-open to session-tool
- tests: port xdg-open-compat to session-tool
- tests: port interfaces-desktop-* to session-tool
- spread.yaml: apply yaml formatter/linter
- tests: port interfaces-wayland to session-tool
- o/devicestate: refactor current system handling
- snap-mgmt: perform cleanup of user services
- snap/snapfile,squashfs: followups from 8729
- boot, many: require mode in modeenv
- data/selinux: update policy to allow forked processes to call
getpw*()
- tests: log stderr from dbus-monitor
- packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers
tag
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- data/selinux: allow snapd to remove/create the its socket
- testutil/exec.go: set PATH after running shellcheck
- tests: silence stderr from dbus-monitor
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- github: remove workaround for bug 133 in actions/cache
- tests: remove dbus.sh
- cmd/snap-preseed: improve mountpoint checks of the preseeded
chroot
- spread.yaml: add ps aux to debug section
- github: run all spread systems in a single go with cached results
- test: session-tool cli tweaks
- asserts: rest of the Pool API
- tests: port interfaces-network-status-classic to session-tool
- packaging: remove obsolete 16.10,17.04 symlinks
- tests: setup portals before starting user session
- o/devicestate: typo fix
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- cmd/snap/model: support store, system-user-authority keys in
--verbose
- o/devicestate: raise conflict when requesting system action while
seeding
- tests: detect signs of crashed snap-confine
- tests: sign kernel and gadget to run nested tests using current
snapd code
- tests: remove gnome-online-accounts we install
- tests: fix the issue where all the tests were executed on secboot
system
- tests: port interfaces-accounts-service to session-tool
- interfaces/network-control: bring /var/lib/dhcp from host
- image,cmd/snap,tests: add support for store-wide cohort keys
- configcore: add nomanagers buildtag for conditional build
- tests: port interfaces-password-manager-service to session-tool
- o/devicestate: cleanup system actions supported by recover mode
- snap-bootstrap: remove create-partitions and update tests
- tests: fix nested tests
- packaging/arch: update PKGBUILD to match one in AUR
- tests: port interfaces-location-control to session-tool
- tests: port interfaces-contacts-service to session-tool
- state: log task errors in the journal too
- o/devicestate: change how current system is reported for different
modes
- devicestate: do not report "ErrNoState" for seeded up
- tests: add a note about broken test sequence
- tests: port interfaces-autopilot-introspection to session-tool
- tests: port interfaces-dbus to session-tool
- packaging: update sid packaging to match 16.04+
- tests: enable degraded test on uc20
- c/snaplock/runinhibit: add run inhibition operations
- tests: detect and report root-owned files in /home
- tests: reload root's systemd --user after snapd tests
- tests: test registration with serial-authority: [generic]
- cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon-
key in recover
- tests/mount-ns: stop binfmt_misc mount unit
- cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition
uuid if available
- daemon, tests: indicate system mode, test switching to recovery
and back to run
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- tests/mount-ns: update to reflect new UEFI boot mode
- usersession,tests: clean ups for userd/settings.go and move
xdgopenproxy under usersession
- tests: disable mount-ns test
- tests: test user belongs to systemd-journald, on core20
- tests: run core/snap-set-core-config on uc20 too
- tests: remove generated session-agent units
- sysconfig: use new _writable_defaults dir to create cloud config
- cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for
future work
- asserts: make clearer that with label we mean a serialized label
- cmd/snap-bootstrap: tweak recovery trigger log messages
- asserts: introduce PoolTo
- userd: allow setting default-url-scheme-handler
- secboot: append uuid to ubuntu-data when decrypting
- o/configcore: pass extra options to FileSystemOnlyApply
- tests: add dbus-user-session to bionic and reorder package names
- boot, bootloader: adjust comments, expand tests
- tests: improve debugging of user session agent tests
- packaging: add the inhibit directory
- many: add core.resiliance.vitality-hint config setting
- tests: test adjustments and fixes for recently published images
- cmd/snap: coldplug auto-import assertions from all removable
devices
- secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to
secboot
- tests: not fail when boot dir cannot be determined
- tests: new directory used to store the cloud images on gce
- tests: inject snapd from edge into seeds of the image in manual
preseed test
- usersession/agent,wrappers: fix races between Shutdown and Serve
- tests: add dependency needed for next upgrade of bionic
- tests: new test user is used for external backend
- cmd/snap: fix the order of positional parameters in help output
- tests: don't create root-owned things in ~test
- tests/lib/prepare.sh: delete patching of the initrd
- cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
as well
- progress: tweak multibyte label unit test data
- o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline
- gadget: fix fallback device lookup for 'mbr' type structures
- configcore: only reload journald if systemd is new enough
- cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data
- wrappers: allow user mode systemd daemons
- progress: fix progress bar with multibyte duration units
- tests: fix raciness in pulseaudio test
- asserts/internal: introduce Grouping and Groupings
- tests: remove user.sh
- tests: pair of follow-ups from earlier reviews
- overlord/snapstate: warn of refresh/postpone events
- configcore,tests: use daemon-reexec to apply watchdog config
- c/snap-bootstrap: check mount states via initramfsMountStates
- store: implement DownloadAssertions
- tests: run smoke test with different bases
- tests: port user-mounts test to session-tool
- store: handle error-list in fetch-assertions results
- tests: port interfaces-audio-playback-record to session-tool
- data/completion: add `snap` command completion for zsh
- tests/degraded: ignore failure in systemd-vconsole-setup.service
- image: stub implementation of image.Prepare for darwin
- tests: session-tool --restore -u stops user-$UID.slice
- o/ifacestate/handlers.go: fix typo
- tests: port pulseaudio test to session-tool
- tests: port user-session-env to session-tool
- tests: work around journald bug in core16
- tests: add debug to core-persistent-journal test
- tests: port selinux-clean to session-tool
- tests: port portals test to session-tool, fix portal tests on sid
- tests: adding option --no-install-recommends option also when
install all the deps
- tests: add session-tool --has-systemd-and-dbus
- packaging/debian-sid: add gcc-multilib to build deps
- osutil: expand FileLock to support shared locks and more
- packaging: stop depending on python-docutils
- store,asserts,many: support the new action fetch-assertions
- tests: port snap-session-agent-* to session-tool
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- tests: fix for preseeding failures
* New upstream release, LP: #1875071
- o/ifacestate: fix bug in snapsWithSecurityProfiles
- tests/main/selinux-clean: workaround SELinux denials triggered by
linger setup on Centos8
* New upstream release, LP: #1875071
- many: backport _writable_defaults dir changes
- tests: fix incorrect check in smoke/remove test
- cmd/snap-bootstrap,seed: backport of uc20 PRs
- tests: avoid exit when nested type var is not defined
- cmd/snap-preseed: backport fixes
- interfaces: optimize rules of multiple connected iio/i2c/spi plugs
- many: cherry-picks for 2.45, gh-action, test fixes
- tests/lib: account for changes in arch package file name extension
- postrm, snap-mgmt: cleanup modules and other cherry-picks
- snap-confine: don't die if a device from sysfs path cannot be
found by udev
- data/selinux: update policy to allow forked processes to call
getpw*()
- tests/main/interfaces-time-control: exercise setting time via date
- interfaces/builtin/time-control: allow POSIX clock API
- usersession/userd: add "slack" to the white list of URL schemes
handled by xdg-open
* SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
implementation
- usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
variable modification when calling the system xdg-open. Patch
thanks to James Henstridge
- packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
restarted. Patch thanks to Michael Vogt
- CVE-2020-11934
- LP: #1880085
* SECURITY UPDATE: arbitrary code execution vulnerability on core
devices with access to physical removable media
- devicestate: Disable/restrict cloud-init after seeding.
- CVE-2020-11933
- LP: #1879530
* New upstream release, LP: #1875071
- data/selinux: allow checking /var/cache/app-info
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellaneous policy updates xlv
- snap-bootstrap: remove sealed key file on reinstall
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- gadget: make ext4 filesystems with or without metadata checksum
- interfaces/fwupd: allow bind mount to /boot on core
- tests: cherry-pick test fixes from master
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- data/completion, packaging: cherry-pick zsh completion
- state: log task errors in the journal too
- devicestate: do not report "ErrNoState" for seeded up
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- packaging: stop depending on python-docutils
* New upstream release, LP: #1875071
- o/devicestate: support doing system action reboots from recover
mode
- vendor: update to latest secboot
- tests: not fail when boot dir cannot be determined
- configcore: only reload journald if systemd is new enough
- cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data
when decrypting
- tests/lib/prepare.sh: delete patching of the initrd
- cmd/snap: coldplug auto-import assertions from all removable
devices
- cmd/snap: fix the order of positional parameters in help output
- c/snap-bootstrap: port mount state mocking to the new style on
master
- cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
as well
- o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline,
unlock in recover mode initramfs
- progress: tweak multibyte label unit test data
- gadget: fix fallback device lookup for 'mbr' type structures
- progress: fix progress bar with multibyte duration units
- many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20
- many: put the sealed keys in a directory on seed for tidiness
- cmd/snap-bootstrap: measure epoch and model before unlocking
encrypted data
- o/configstate: core config handler for persistent journal
- bootloader/uboot: use secondary ubootenv file boot.sel for uc20
- packaging: add "$TAGS" to dh_auto_test for debian packaging
- tests: ensure $cache_dir is actually available
- secboot,cmd/snap-bootstrap: add model to pcr protection profile
- devicestate: do not use snap-boostrap in devicestate to install
- tests: fix a typo in nested.sh helper
- devicestate: add support for cloud.cfg.d config from the gadget
- cmd/snap-bootstrap: cleanups, naming tweaks
- testutil: add NewDBusTestConn
- snap-bootstrap: lock access to sealed keys
- overlord/devicestate: preserve the current model inside ubuntu-
boot
- interfaces/apparmor: use differently templated policy for non-core
bases
- seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
syscalls
- cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first,
other misc changes
- o/snapstate: tweak "waiting for restart" message
- boot: store model model and grade information in modeenv
- interfaces/firewall-control: allow -legacy and -nft for core20
- boot: enable makeBootable20RunMode for EnvRefExtractedKernel
bootloaders
- boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20
implementation
- daemon: fix error message from `snap remove-user foo` on classic
- overlord: have a variant of Mock that can take a state.State
- tests: 16.04 and 18.04 now have mediating pulseaudio (again)
- seed: clearer errors for missing essential snapd or core snap
- cmd/snap-bootstrap/initramfs-mounts: support
EnvRefExtractedKernelBootloader's
- gadget, cmd/snap-bootstrap: MBR schema support
- image: improve/adjust DownloadSnap doc comment
- asserts: introduce ModelGrade.Code
- tests: ignore user-12345 slice and service
- image,seed/seedwriter: support redirect channel aka default
tracks
- bootloader: use binary.Read/Write
- tests: uc20 nested suite part II
- tests/boot: refactor to make it easier for new
bootloaderKernelState20 impl
- interfaces/openvswitch: support use of ovs-appctl
- snap-bootstrap: copy auth data from real ubuntu-data in recovery
mode
- snap-bootstrap: seal and unseal encryption key using tpm
- tests: disable special-home-can-run-classic-snaps due to jenkins
repo issue
- packaging: fix build on Centos8 to support BUILDTAGS
- boot/bootstate20: small changes to bootloaderKernelState20
- cmd/snap: Implement a "snap routine file-access" command
- spread.yaml: switch back to latest/candidate for lxd snap
- boot/bootstate20: re-factor kernel methods to use new interface
for state
- spread.yaml,tests/many: use global env var for lxd channel
- boot/bootstate20: fix bug in try-kernel cleanup
- config: add system.store-certs.[a-zA-Z0-9] support
- secboot: key sealing also depends on secure boot enabled
- httputil: fix client timeout retry tests
- cmd/snap-update-ns: handle EBUSY when unlinking files
- cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20
vars
- secboot: add tpm support helpers
- tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for
kernel and gadget
- cmd/snap-bootstrap: switch to a 64-byte key for unlocking
- tests: preserve size for centos images on spread.yaml
- github: partition the github action workflows
- run-checks: use consistent "Checking ..." style messages
- bootloader: add efi pkg for reading efi variables
- data/systemd: do not run snapd.system-shutdown if finalrd is
available
- overlord: update tests to work with latest go
- cmd/snap: do not hide debug boot-vars on core
- cmd/snap-bootstrap: no error when not input devices are found
- snap-bootstrap: fix partition numbering in create-partitions
- httputil/client_test.go: add two TLS version tests
- tests: ignore user@12345.service hierarchy
- bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things
- tests: rewrite timeserver-control test
- tests: fix racy pulseaudio tests
- many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
- tests: update snap-preseed --reset logic to accommodate for 2.44
change
- cmd/snap: don't wait for system key when stopping
- sandbox/cgroup: avoid making arrays we don't use
- osutil: mock proc/self/mountinfo properly everywhere
- selinux: export MockIsEnforcing; systemd: use in tests
- tests: add 32 bit machine to GH actions
- tests/session-tool: kill cron session, if any
- asserts: it should be possible to omit many snap-ids if allowed,
fix
- boot: cleanup more things, simplify code
- github: skip spread jobs when corresponding label is set
- dirs: don't depend on osutil anymore, mv apparmor vars to apparmor
pkg
- tests/session-tool: add session-tool --dump
- github: allow cached debian downloads to restore
- tests/session-tool: session ordering is non-deterministic
- tests: enable unit tests on debian-sid again
- github: move spread to self-hosted workers
- secboot: import secboot on ubuntu, provide dummy on !ubuntu
- overlord/devicestate: support for recover and run modes
- snap/naming: add validator for snap security tag
- interfaces: add case for rootWritableOverlay + NFS
- tests/main/uc20-create-partitions: tweaks, renames, switch to
20.04
- github: port CLA check to Github Actions
- interfaces/many: miscellaneous policy updates xliv
- configcore,tests: fix setting watchdog options on UC18/20
- tests/session-tool: collect information about services on startup
- tests/main/uc20-snap-recovery: unbreak, rename to uc20-create-
partitions
- state: add state.CopyState() helper
- tests/session-tool: stop anacron.service in prepare
- interfaces: don't use the owner modifier for files shared via
document portal
- systemd: move the doc comments to the interface so they are
visible
- cmd/snap-recovery-chooser: tweaks
- interfaces/docker-support: add overlayfs file access
- packaging: use debian/not-installed to ignore snap-preseed
- travis.yml: disable unit tests on travis
- store: start splitting store.go and store_test.go into subtopic
files
- tests/session-tool: stop cron/anacron from meddling
- github: disable fail-fast as spread cannot be interrupted
- github: move static checks and spread over
- tests: skip "/etc/machine-id" in "writablepaths" test
- snap-bootstrap: store encrypted partition recovery key
- httputil: increase testRetryStrategy max timelimit to 5s
- tests/session-tool: kill leaking closing session
- interfaces: allow raw access to USB printers
- tests/session-tool: reset failed session-tool units
- httputil: increase httpclient timeout in
TestRetryRequestTimeoutHandling
- usersession: extend timerange in TestExitOnIdle
- client: increase timeout in client tests to 100ms
- many: disentagle release and snapdenv from sandbox/*
- boot: simplify modeenv mocking to always write a modeenv
- snap-bootstrap: expand data partition on install
- o/configstate: add backlight option for core config
- cmd/snap-recovery-chooser: add recovery chooser
- features: enable robust mount ns updates
- snap: improve TestWaitRecovers test
- sandbox/cgroup: add ProcessPathInTrackingCgroup
- interfaces/policy: fix comment in recent new test
- tests: make session tool way more robust
- interfaces/seccomp: allow passing an address to setgroups
- o/configcore: introduce core config handlers (3/N)
- interfaces: updates to login-session-observe, network-manager and
modem-manager interfaces
- interfaces/policy/policy_test.go: add more tests'allow-
installation: false' and we grant based on interface attributes
- packaging: detect/disable broken seed in the postinst
- cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia
library
- tests: remove google-tpm backend from spread.yaml
- tests: install dependencies with apt using --no-install-recommends
- usersession/userd: add zoommtg url support
- snap-bootstrap: fix disk layout sanity check
- snap: add `snap debug state --is-seeded` helper
- devicestate: generate warning if seeding fails
- config, features: move and rename config.GetFeatureFlag helper to
features.Flag
- boot, overlord/devicestate, daemon: implement requesting boot
into a given recovery system
- xdgopenproxy: forward requests to the desktop portal
- many: support immediate reboot
- store: search v2 tweaks
- tests: fix cross build tests when installing dependencies
- daemon: make POST /v2/systems/<label> root only
- tests/lib/prepare.sh: use only initrd from the kernel snap
- cmd/snap,seed: validate full seeds (UC 16/18)
- tests/main/user-session-env: stop the user session before deleting
the test-zsh user
- overlord/devicestate, daemon: record the seed current system was
installed from
- gadget: SystemDefaults helper function to convert system defaults
config into a flattened map suitable for FilesystemOnlyApply.
- many: comment or avoid cryptic snap-ids in tests
- tests: add LXD_CHANNEL environment
- store: support for search API v2
- .github: register a problem matcher to detect spread failures
- seed: add Info() method for seed.Snap
- github: always run the "Discard spread workers" step, even if the
job fails
- github: offload self-hosted workers
- cmd/snap: the model command needs just a client, no waitMixin
- github: combine tests into one workflow
- github: fix order of go get caches
- tests: adding more workers for ubuntu 20.04
- boot,overlord: rename operating mode to system mode
- config: add new Transaction.GetPristine{,Maybe}() function
- o/devicestate: rename readMaybe* to maybeRead*
- github: cache Debian dependencies for unit tests
- wrappers: respect pre-seeding in error path
- seed: validate UC20 seed system label
- client, daemon, overlord/devicestate: request system action API
and stubs
- asserts,o/devicestate: support model specified alternative serial-
authority
- many: introduce naming.WellKnownSnapID
- o/configcore: FilesystemOnlyApply method for early configuration
of core (1/N)
- github: run C unit tests
- github: run spread tests on PRs only
- interfaces/docker-support: make containerd abstract socket more
generic
- tests: cleanup security-private-tmp properly
- overlord/devicestate,boot: do not hold to the originally read
modeenv
- dirs: rm RunMnt; boot: add vars for early boot env layout;
sysconfig: take targetdir arg
- cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over
s.runMnt
- tests: add regression test for MAAS refresh bug
- errtracker: add missing mocks
- github: apt-get update before installing build-deps
- github: don't fail-fast
- github: run spread via github actions
- boot,many: add modeenv.WriteTo, make Write take no args
- wrappers: fix timer schedules that are days only
- tests/main/snap-seccomp-syscalls: install gperf
- github: always checkout to snapcore/snapd
- github: add prototype workflow running unit tests
- many: improve comments, naming, a possible TODO
- client: use Assert when checking for error
- tests: ensure sockets target is ready in session agent spread
tests
- osutil: do not leave processes behind after the test run
- tests: update proxy-no-core to match latest CDN changes
- devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade:
dangerous
- cmd/snap-failure,tests: try to make snap-failure more robust
- many: fix packages having mistakenly their copyright as doc
- many: enumerate system seeds, return them on the /v2/systems API
endpoint
- randutil: don't consume kernel entropy at init, just mix more info
to try to avoid fleet collisions
- snap-bootstrap: add creationSupported predicate for partition
types
- tests: umount partitions which are not umounted after remount
gadget
- snap: run gofmt -s
- many: improve environment handling, fixing duplicate entries
- boot_test: add many boot robustness tests for UC20 kernel
MarkBootSuccessul and SetNextBoot
- overlord: remove unneeded overlord.MockPruneInterval() mocks
- interfaces/greengrass-support: fix typo
- overlord,timings,daemon: separate timings from overlord/state
- tests: enable nested on core20 and test current branch
- snap-bootstrap: remove created partitions on reinstall
- boot: apply Go 1.10 formatting
- apparmor: use rw for uuidd request to default and remove from
elsewhere
- packaging: add README.source for debian
- tests: cleanup various uc20 boot tests from previous PR
- devicestate: disable cloud-init by default on uc20
- run-checks: tweak formatting checks
- packaging,tests: ensure debian-sid builds without vendor/
- travis.yml: run unit tests with go/master as well* travis.yml: run
unit tests with go/master as well
- seed: make Brand() part of the Seed interface
- cmd/snap-update-ns: ignore EROFS from rmdir/unlink
- daemon: do a forceful server shutdown if we hit a deadline
- tests/many: don't use StartLimitInterval anymore, unify snapd-
failover variants, build snapd snap for UC16 tests
- snap-seccomp: robustness improvements
- run-tests: disable -v for go test to avoid spaming the logs
- snap: whitelist lzo as support compression for snap pack
- snap: tweak comment in Install() for overlayfs detection
- many: introduce snapdenv.Preseeding instead of release.PreseedMode
- client, daemon, overlord/devicestate: structures and stubs for
systems API
- o/devicestate: delay the creation of mark-seeded task until
asserts are loaded
- data/selinux, tests/main/selinux: cleanup tmpfs operations in the
policy, updates
- interfaces/greengrass-support: add new 1.9 access
- snap: do not hardlink on overlayfs
- boot,image: ARM kernel extract prepare image
- interfaces: make gpio robust against not-existing gpios in /sys
- cmd/snap-preseed: handle --reset flag
- many: introduce snapdenv to present common snapd env options
- interfaces/kubernetes-support: allow autobind to journald socket
- snap-seccomp: allow mprotect() to unblock the tests
- tests/lib/reset: workaround unicode dot in systemctl output
- interfaces/udisks2: also allow Introspection on
/org/freedesktop/UDisks/**
- snap: introduce Container.RandomAccessFile
- o/ifacestate, api: implementation of snap disconnect --forget
- cmd/snap: make the portal-info command search for the network-
status interface
- interfaces: work around apparmor_parser slowness affecting uio
- tests: fix/improve failing spread tests
- many: clean separation of bootenv mocking vs mock bootloader kinds
- tests: mock prune ticker in overlord tests to reduce wait times
- travis: disable arm64 again
- httputil: add support for extra snapd certs
- travis.yml: run unit tests on arm64 as well
- many: fix a pair of ineffectual assignments
- tests: add uc20 kernel snap upgrade managers test, fix
bootloadertest bugs
- o/snapstate: set base in SnapSetup on snap revert
- interfaces/{docker,kubernetes}-support: updates for lastest k8s
- cmd/snap-exec: add test case for LP bug 1860369
- interfaces: make the network-status interface implicit on
classic
- interfaces: power control interfaceIt is documented in the
kernel
- interfaces: miscellaneous policy updates
- cmd/snap: add a "snap routine portal-info" command
- usersession/userd: add "apt" to the white list of URL schemes
handled by xdg-open
- interfaces/desktop: allow access to system prompter interface
- devicestate: allow encryption regardless of grade
- tests: run ipv6 network-retry test too
- tests: test that after "remove-user" the system is unmanaged
- snap-confine: unconditionally add /dev/net/tun to the device
cgroup
- snapcraft.yaml: use sudo -E and remove workaround
- interfaces/audio_playback: Fix pulseaudio config access
- ovelord/snapstate: update only system wide fonts cache
- wrappers: import /etc/environment in all services
- interfaces/u2f: Add Titan USB-C key
- overlord, taskrunner: exit on task/ensure error when preseeding
- tests: add session-tool, a su / sudo replacement
- wrappers: add mount unit dependency for snapd services on core
devices
- tests: just remove user when the system is not managed on create-
user-2 test
- snap-preseed: support for preseeding of snapd and core18
- boot: misc UC20 changes
- tests: adding arch-linux execution
- packaging: revert "work around review-tools and snap-confine"
- netlink: fix panic on arm64 with the new rawsockstop codewith a
nil Timeval panics
- spread, data/selinux: add CentOS 8, update policy
- tests: updating checks to new test account for snapd-test snaps
- spread.yaml: mv opensuse 15.1 to unstable
- cmd/snap-bootstrap,seed: verify only in-play snaps
- tests: use ipv4 in retry-network to unblock failing master
- data/systemd: improve the description
- client: add "Resume" to DownloadOptions and new test
- tests: enable snapd-failover on uc20
- tests: add more debug output to the snapd-failure handling
- o/devicestate: unset recovery_system when done seeding
* New upstream release, LP: #1864808
- spread.yaml: adding more workers for ubuntu 20.04
- packaging: stop depending on python-docutils on opensuse
- spread.yaml: do not run ubuntu-core-20-64 with snapd 2.44, snapd
is not recent enough to drive ubuntu-core-20
- spread.yaml: Preserve size for centos images on spread.yaml
- spread.yaml: use non-uefi enabled image for uc20
- tests: ensure $cache_dir is actually available
- tests: disable preseed tests, they work in master but require too
much cherry-picking here
- travis.yml: remove go/master unit tests from 2.44
* New upstream release, LP: #1864808
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- interfaces/firewall-control: allow -legacy and -nft for core20
- seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
syscalls
- tests: 16.04 and 18.04 now have mediating pulseaudio
- tests: ignore user@12345.service hierarchy
* New upstream release, LP: #1864808
- tests: fix racy pulseaudio tests
- many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
- tests: update snap-preseed --reset logic
- tests: backport partition fixes
- cmd/snap: don't wait for system key when stopping
- interfaces/many: miscellaneous policy updates xliv
- tests/main/uc20-snap-recovery: use 20.04 system
- tests: skip "/etc/machine-id" in "writablepaths
- interfaces/docker-support: add overlays file access
* New upstream release, LP: #1864808
- packaging: detect/disable broken seeds in the postinst
- cmd/snap,seed: validate full seeds (UC 16/18)
- snap: add `snap debug state --is-seeded` helper
- devicestate: generate warning if seeding fails
- store: support for search API v2
- cmd/snap-seccomp/syscalls: update the list of known syscalls
- snap/cmd: the model command needs just a client, no waitMixin
- tests: cleanup security-private-tmp properly
- wrappers: fix timer schedules that are days only
- tests: update proxy-no-core to match latest CDN changes
- cmd/snap-failure,tests: make snap-failure more robust
- tests, many: don't use StartLimitInterval anymore, unify snapd-
failover variants, build snapd snap for UC16 tests
* New upstream release, LP: #1864808
- randutil: switch back to setting up seed with lower entropy data
- interfaces/greengrass-support: fix typo
- packaging,tests: ensure debian-sid builds without vendor/
- travis.yml: run unit tests with go/master as well
- cmd/snap-update-ns: ignore EROFS from rmdir/unlink
* New upstream release, LP: #1864808
- daemon: do a forceful serer shutdown if we hit a deadline
- snap: whitelist lzo as support compression for snap pack
- data/selinux: update policy to allow more ops
- interfaces/greengrass-support: add new 1.9 access
- snap: do not hardlink on overlayfs
- cmd/snap-preseed: handle --reset flag
- interfaces/kubernetes-support: allow autobind to journald socket
- snap-seccomp: allow mprotect() to unblock the tests
- tests/lib/reset: workaround unicode dot in systemctl output
- interfaces: work around apparmor_parser slowness affecting uio
- interfaces/udisks2: also allow Introspection on
/org/freedesktop/UDisks2/**
- tests: mock prune ticker in overlord tests to reduce wait times
- interfaces/{docker,kubernetes}-support: updates for lastest k8s
- interfaces: miscellaneous policy updates
- interfaces/audio_playback: Fix pulseaudio config access
- overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
- ovelord/snapstate: update only system wide fonts cache
- wrappers: import /etc/environment in all services
- interfaces/u2f: Add Titan USB-C key
- overlord, taskrunner: exit on task/ensure error when preseeding
- overlord/snapstate/backend: update snapd services contents in unit
tests
- wrappers: add mount unit dependency for snapd services on core
devices
- Revert "tests: remove /tmp/snap.* left over by other tests"
- Revert "packaging: work around review-tools and snap-confine"
- netlink: fix panic on arm64 with the new rawsockstop code
- spread, data/selinux: add CentOS 8, update policy
- spread.yaml: mv opensuse tumbleweed to unstable too
- spread.yaml: mv opensuse 15.1 to unstable
- tests: use ipv4 in retry-network to unblock failing master
- data/systemd: improve the description
- tests/lib/prepare.sh: simplify, combine code paths
- tests/main/user-session-env: add test verifying environment
variables inside the user session
- spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
- run-checks: SKIP_GMFMT really skips formatting checks
- tests: enable more tests for UC20/UC18
- tests: remove tmp dir for snap not-test-snapd-sh on security-
private-tmp test
- seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
simplify bootstrap code
- snapstate: do not restart in undoLinkSnap unless on first install
- cmd/snap-bootstrap: subcommand to detect UC chooser trigger
- cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
mode too
- cmd/libsnap, tests: fix C unit tests failing as non-root
- cmd/snap-bootstrap: verify kernel snap is in modeenv before
mounting it
- tests: adding amazon linux to google backend
- cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
status
- client: add support for "ResumeToken", "HeaderPeek" to download
- build: enable type: snapd
- tests: rm -rf /tmp/snap.* in restore
- cmd/snap-confine: deny snap-confine to load nss libs
- snapcraft.yaml: add comments, rename snapd part to snapd-deb
- boot: write current_kernels in bootstate20, makebootable
- packaging: work around review-tools and snap-confine
- tests: skipping interfaces-openvswitch on centos due to package is
not available
- packaging,snap-confine: stop being setgid root
- cmd/snap-confine: bring /var/lib/dhcp from host, if present
- store: rely on CommandFromSystemSnap to find xdelta3
- tests: bump sleep time of the new overlord tests
- cmd/snap-preseed: snapd version check for the target
- netlink: fix/support stopping goroutines reading netlink raw
sockets
- tests: reset PS1 before possibly interactive dash
- overlord, state: don't abort changes if spawn time before
StartOfOperationTime (2/2)
- snapcraft.yaml: add python3-apt, tzdata as build-deps for the
snapd snap
- tests: ask tar to speak English
- tests: using google storage when downloading ubuntu cloud images
from gce
- Coverity produces false positives for code like this:
- many: maybe restart & security backend options
- o/standby: add SNAPD_STANDBY_WAIT to control standby in
development
- snap: use the actual staging snap-id for snapd
- cmd/snap-bootstrap: create a new parser instance
- snapcraft.yaml: use build-base and adopt-info, rm builddeb
plugin
- tests: set StartLimitInterval in snapd failover test
- tests: disable archlinux system
- tests: add preseed test for classic
- many, tests: integrate all preseed bits and add spread tests
- daemon: support resuming downloads
- tests: use Filename() instead of filepath.Base(sn.MountFile())
- tests/core: add swapfiles test
- interfaces/cpu-control: allow to control cpufreq tunables
- interfaces: use commonInteface for desktopInterface
- interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
location
- snap/info: add Filename
- bootloader: make uboot a RecoveryAwareBootloader
- gadget: skip update when mounted filesystem content is identical
- systemd: improve is-active check for 'failed' services
- boot: add current_kernels to modeenv
- o/devicestate: StartOfOperationTime helper for Prune (1/2)
- tests: detect LXD launching i386 containers
- tests: move main/ubuntu-core-* tests to core/ suite
- tests: remove snapd in ubuntu-core-snapd
- boot: enable base snap updates in bootstate20
- tests: Fix core revert channel after 2.43 has been released to
stable
- data/selinux: unify tabs/spaces
- o/ifacestate: move ResolveDisconnect to ifacestate
- spread: move centos to stable systems
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use in serial
acquire
- store: detect if server does not support http range headers
- test/lib/user: add helper lib for doing things for and as a user
- overlord/snapstate, wrappers: undo of snapd on core
- tests/main/interfaces-pulseaudio: use custom pulseaudio script,
set kill timeout
- store: add support for resume in DownloadStream
- cmd/snap: implement 'snap remove-user'
- overlord/devicestate: fix preseed unit tests on systems not using
/snap
- tests/main/static: ldd in glibc 2.31 logs to stderr now
- run-checks, travis: allow skipping spread jobs by adding a label
- tests: add new backend which includes images with tpm support
- boot: use constants for boot status values
- tests: add "core" suite for UC specific tests
- tests/lib/prepare: use a local copy of uc20 initramfs skeleton
- tests: retry mounting the udisk2 device due to timing issue
- usersession/client: add a client library for the user session
agent
- o/devicestate: Handle preseed mode in the firstboot mode (core16
only for now).
- boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
- cmd/snap-confine: detect base transitions on core16
- boot: don't use "kernel" from the modeenv anymore
- interfaces: add uio interface
- tests: repack the initramfs + kernel snap for UC20 spread tests
- interfaces/greengrass-support: add /dev/null ->
/proc/latency_stats mount
- httputil: remove workaround for redirect handling in go1.7
- httputil: remove go1.6 transport workaround
- snap: add `snap pack --compression=<comp>` options
- tests/lib/prepare: fix hardcoded loopback device names for UC
images
- timeutil: add a unit test case for trivial schedule
- randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
introduction
- dirs: variable with distros using alternate snap mount
- many,randutil: centralize and streamline our random value
generation
- tests/lib/prepare-restore: Revert "Continue on errors updating or
installing dependencies"
- daemon: Allow clients to call /v2/logout via Polkit
- dirs: manjaro-arm is like manjaro
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
- daemon, store: better expose single action errors
- tests: switch mount-ns test to differential data set
- snapstate: refactor things to add the re-refresh task last
- daemon: drop support for the DELETE method
- client: move to /v2/users; implement RemoveUser
- boot: enable UC20 kernel extraction and bootState20 handling
- interfaces/policy: enforce plug-names/slot-names constraints
- asserts: parse plug-names/slot-names constraints
- daemon: make users result more consistent
- cmd/snap-confine,tests: support x.y.z nvidia version
- dirs: fixlet for XdgRuntimeDirGlob
- boot: add bootloader options to coreKernel
- o/auth,daemon: do not remove unknown user
- tests: tweak and enable tests on ubuntu 20.04
- daemon: implement user removal
- cmd/snap-confine: allow snap-confine to link to libpcre2
- interfaces/builtin: Allow NotificationReplied signal on
org.freedesktop.Notifications
- overlord/auth: add RemoveUserByName
- client: move user-related things to their own files
- boot: tweak kernel cmdline helper docstring
- osutil: implement deluser
- gadget: skip update when raw structure content is unchanged
- boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
detection to boot
- tests: fix revisions leaking from snapd-refresh test
- daemon: refactor create-user to a user action & hide behind a flag
- osutil/tests: check there are no leftover symlinks with
AtomicSymlink
- grub: support atomically renaming kernel symlinks
- osutil: add helpers for creating symlinks and renaming in an
atomic manner
- tests: add marker tag for core 20 test failure
- tests: fix gadget-update-pc test leaking snaps
- tests: remove revision leaking from ubuntu-core-refresh
- tests: remove revision leaking from remodel-kernel
- tests: disable system-usernames test on core20
- travis, tests, run-checks: skip nakedret
- tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
- tests: update mount-ns test tables
- snap: disable auto-import in uc20 install-mode
- tests: add a command-chain service test
- tests: use test-snapd-upower instead of upower
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- spread.yaml: fix ubuntu 19.10 and 20.04 names
- debian: check embedded keys for snap-{bootstrap,preseed} too
- interfaces/apparmor: fix doc-comments, unnecessary code
- o/ifacestate,o/devicestatate: merge gadget-connect logic into
auto-connect
- bootloader: add ExtractedRunKernelImageBootloader interface,
implement in grub
- tests: add spread test for hook permissions
- cmd/snap-bootstrap: check device size before boostrapping and
produce a meaningful error
- cmd/snap: add ability to register "snap routine" commands
- tests: add a test demonstrating that snaps can't access the
session agent socket
- api: don't return connections referring to non-existing
plugs/slots
- interfaces: refactor path() from raw-volume into utils with
comments for old
- gitignore: ignore snap files
- tests: skip interfaces-network-manager on arm devices
- o/devicestate: do not create perfTimings if not needed inside
ensureSeed/Operational
- tests: add ubuntu 20.04 to the tests execution and remove
tumbleweed from unstable
- usersession: add systemd user instance service control to user
session agent
- cmd/snap: print full channel in 'snap list', 'snap info'
- tests: remove execution of ubuntu 19.04 from google backend
- cmd/snap-boostrap: add mocking for fakeroot
- tests/core18/snapd-failover: collect more debug info
- many: run black formatter on all python files
- overlord: increase settle timeout for slow machines
- httputil: use shorter timeout in TestRetryRequestTimeoutHandling
- store, o/snapstate: send default-tracks header, use
RedirectChannel
- overlord/standby: fix possible deadlock in standby test
- cmd/snap-discard-ns: fix pattern for .info files
- boot: add HasModeenv to Device
- devicestate: do not allow remodel between core20 models
- bootloader,snap: misc tweaks
- store, overlord/snapstate, etc: SnapAction now returns a []Result
- snap-bootstrap: create encrypted partition
- snap: remove "host" output from `snap version`
- tests: use snap remove --purge flag in most of the spread tests
- data/selinux, test/main/selinux-clean: update the test to cover
more scenarios
- many: drop NameAndRevision, use snap.PlaceInfo instead
- boot: split MakeBootable tests into their own file
- travis-ci: add go import path
- boot: split MakeBootable implementations into their own file
- tests: enable a lot of the tests of main on uc20
- packaging, tests: stop services in prerm
- tests: enable regression suite on core20
- overlord/snapstate: improve snapd snap backend link unit tests
- boot: implement SetNextBoot in terms of bootState.setNext
- wrappers: write and undo snapd services on core
- boot,o/devicestate: refactor MarkBootSuccessful over bootState
- snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
- snap-bootstrap: refactor partition creation
- tests: use new snapd.spread-tests-run-mode-tweaks.service unit
- tests: add core20 tests
- boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
use the information
- tests/main/snap-sign: add test for non-stdin signing
- snap-bootstrap: trigger udev after filesystem creation
- boot,overlord: introduce internal abstraction bootState and use it
for InUse/GetCurrentBoot
- overlord/snapstate: tracks are now sticky
- cmd: sign: add filename param
- tests: remove "test-snapd-tools" in smoke/sandbox on restore
- cmd/snap, daemon: stop over-normalising channels
- tests: fix classic-ubuntu-core-transition-two-cores after refactor
of MATCH -v
- packaging: ship var/lib/snapd/desktop/applications in the pkg
- spread: drop copr repo with F30 build dependencies
- tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
- tests: fix partition creation test
- tests: unify/rename services-related spread tests to start with
services- prefix
- test: extract code that modifies "writable" for test prep
- systemd: handle preseed mode
- snap-bootstrap: read only stdout when parsing the sfdisk json
- interfaces/browser-support: add more product/vendor paths
- boot: write compat UC16 bootvars in makeBootable20RunMode
- devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
- devicestate: request reboot after successful doSetupRunSystem()
- snapd.core-fixup.sh: do not run on UC20 at all
- tests: unmount automounted snap-bootstrap devices
- devicestate: run boot.MakeBootable in doSetupRunSystem
- boot: copy kernel/base to data partition in makeBootable20RunMode
- tests: also check nested lxd container
- run-checks: complain about MATCH -v
- boot: always return the trivial boot participant in ephemeral mode
- o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
- snap-bootstrap: append new partitions
- snap-bootstrap: mount filesystems after creation
- snapstate: do not try to detect rollback in ephemeral modes
- snap-bootstrap: trigger udev for new partitions
- cmd/snap-bootstrap: xxx todos about kernel cross-checks
- tests: avoid mask rsyslog service in case is not enabled on the
system
- tests: fix use of MATCH -v
- cmd/snap-preseed: update help strings
- cmd/snap-bootstrap: actually parse snapd_recovery_system label
- bootstrap: reduce runmode mounts from 5 to 2 steps.
- lkenv.go: adjust for new location of include file
- snap: improve squashfs.ReadFile() error
- systemd: fix uc20 shutdown
- boot: write modeenv when creating the run mode
- boot,image: add skeleton boot.makeBootable20RunMode
- cmd/snap-preseed: add snap-preseed executable
- overlord,boot: follow ups to #7889 and #7899
- interfaces/wayland: Add access to Xwayland's shm files
- o/hookstate/ctlcmd: fix command name in snapctl -h
- daemon,snap: remove screenshot deprecation notice
- overlord,o/snapstate: make sure we never leave config behind
- many: pass consistently boot.Device state to boot methods
- run-checks: check multiline string blocks in
restore/prepare/execute sections of spread tests
- intrefaces: login-session-control - added missing dbus commands
- tests/main/parallel-install-remove-after: parallel installs should
not break removal
- overlord/snapstate: tweak assumes error hint
- overlord: replace DeviceContext.OldModel with GroundContext
- devicestate: use httputil.ShouldRetryError() in
prepareSerialRequest
- tests: replace "test-snapd-base-bare" with real "bare" base snap
- many: pass a Model to the gadget info reading functions
- snapstate: relax gadget constraints in ConfigDefaults Et al.
- devicestate: only run ensureBootOk() in "run" mode
- tests/many: quiet lxc launching, file pushing
- tests: disable apt-hooks test until it can be properly fixed
- tests: 16.04 and 18.04 now have mediating pulseaudio
* New upstream release, LP: #1856159
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use
in serial acquire
- interfaces: add uio interface
- interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to
start due to apparmor deny on mounting of "/proc/latency_stats".
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
* New upstream release, LP: #1856159
- cmd/snap-confine: Revert #7421 (unmount /writable from snap view)
- overlord/snapstate: fix for re-refresh bug
- tests, run-checks, many: fix nakedret issues
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- tests: use test-snapd-upower instead of upower
- overlord: increase overall settle timeout for slow arm boards
* New upstream release, LP: #1856159
- devicestate: use httputil.ShouldRetryError() in prepareSerialRequest
- overlord/standby: fix possible deadlock in standby test
- cmd/snap-discard-ns: fix pattern for .info files
- overlord,o/snapstate: make sure we never leave config behind
- data/selinux: update policy to cover more cases
- snap: remove "host" output from `snap version`
* New upstream release, LP: #1856159
- snap: default to "--direct" in `snap known`
- packaging: ship var/lib/snapd/desktop/applications in the
pkg
- tests: cherry-pick fixes for snap-set-core-config/ubuntu-core-
config-defaults-once
- tests: use test-snapd-sh snap instead of test-snapd-tools
- tests: rename "test-snapd-sh" in smoke test to test-snapd-sandbox
- tests: fix partition creation test
- packaging: fix incorrect changelog entry
- Revert "tests: 16.04 and 18.04 now have mediating pulseaudio"
- tests: 16.04 and 18.04 now have mediating pulseaudio
- interfaces: include hooks in plug/slot apparmor label
- interfaces: add raw-volume interface for access to partitions
- image: set recovery system label when creating the image
- cmd/snapd-generator: fix unit name for non /snap mount locations
- boot,bootloader: setup the snap recovery system bootenv
- seed: support ModeSnaps(mode) for mode != "run"
- seed: fix seed location of local but asserted snaps
- doc: HACKING.md change autopkgtest-trusty-amd64.img name
- interfaces/seccomp: parallelize seccomp backend setup
- cmd/snap-bootstrap: mount ubuntu-data tmpfs, in one go with kernel
& base
- interfaces: add audio-playback/record and pulseaudio spread tests
- apparmor: allow 'r'
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size
- cmd/snap-mgmt, packaging/postrm: stop and remove socket units when
purging
- tests: use test-snapd-sh snap instead of test-snapd-tools
- snap-confine: raise egid before calling setup_private_mount()
- tests: fix fwupd version regular expression
- snap-bootstrap: parse seed if either kernel or base are not
mounted
- tests: check for SELinux denials in interfaces-kvm spread test
- tests: run snap-set-core-config on all core devices
- selinux: update policy to allow modifications related to kmod
backend
- o/hookstate/ctlcmd: snapctl is-connected command
- devicestate: add missing test for failing task setup-run-system
- gadget: add missing test for duplicate detection of roles
- tests/cmd/snapctl: unset SNAP_CONTEXT for the suite
- snap/pack, cmd_pack: 'snap pack --check-skeleton' checks
interfaces
- gitignore: ignore visual studio code directory
- snap-bootstrap: implement "run" mode in snap-bootstrap initramfs-
mounts
- interfaces/apparmor: handle pre-seeding mode
- devicestate: implement creating partitions in "install" mode
- seed: support extra snaps on top of Core 20 dangerous models
- tests: cache snaps also for ubuntu core and add new snaps to cache
- snap-bootstrap: support auto-detect device in create-partitions
- tests: fix partitioning test debug message
- tests: prevent partitioning test errors
- cmd/snap-bootstrap: stub out snap.SanitizePlugsSlots for real
- gadget: extract and export new DiskFromPartition() helper
- snap-bootstrap: force partition table operations
- HACKING.md: add nvidia options to configure example
- tests: move the watchdog timeout to 2s to make the tests work in
rpi
- tests: demand silence from check_journalctl_log
- tests: fix the channels checks done on nested tests
- tests: reduce the complexity of the test-snapd-sh snap
- snap/squashfs, osutil: verify files/dirs can be accessed by
mksquashfs when building a snap
- boot: add boot.Modeenv.Kernel support
- devicestate: ensure system installation
- tests: apply change on permissions to serial port on hotplug test
- cmd/snap-update-ns: adjust debugging output for usability
- devicestate: add reading of modeenv to uc20 firstboot code
- tests/lib/prepare: drop workarounds for rpmbuild rewriting /bin/sh
- cmd/snap-bootstrap: write /var/lib/snapd/modeenv to the right
place
- boot: add boot.Modeenv.Base support
- overlord/snapstate: install task edges
- cmd/snap-bootstrap: some small naming and code org tweaks
- snap-bootstrap: remove SNAPPY_TESTING check, we use it for real
now
- interfaces: remove leftover reservedForOS
- snap-bootstrap: write /run/mnt/ubuntu-data/var/lib/snapd/modeenv
- osutil/mount: optimize flagOptSearch some more
- devicestate: read modeenv early and store in devicestate
- interfaces: add login-session-observe for who, {fail,last}log and
loginctl
- tests: add Ubuntu Eoan to google-sru backend
- osutil/mount: de-duplicate code to use a list
- interfaces: remove reservedForOS from commonInterface
- interfaces/browser-support: allow reading status of huge pages
- interfaces: update system-backup tests to not check for sanitize
errors related to os
- interfaces: add system-backup interface
- osutil/mount: add {Unm,M}outFlagsToOpts helpers
- snap-bootstrap: make cmdline parsing robust
- overlord/patch: normalize tracking channel in state
- boot: add boot.Modeenv that can read/write the UC20 modeenv files
- bootloader: add new bootloader.InstallBootConfig()
- many: share single implementation to list needed default-providers
- snap-bootstrap: implement "snap-bootstrap initramfs-mounts"
- seccomp: allow chown 'snap_daemon:root' and 'root:snap_daemon'
- osutil: handle "rw" mount flag in ParseMountEntry
- overlord/ifacestate: report bad plug/slots with warnings on snap
install
- po: sync translations from launchpad
- tests: cleanup most test snaps icons, they were anyway in the
wrong place
- seed: fix confusing pre snapd dates in tests
- many: make ValidateBasesAndProviders signature simpler/canonical
- snap-bootstrap: set expected filesystem labels
- testutil, many: make MockCommand() create prefix of absolute paths
- tests: improve TestDoPrereqRetryWhenBaseInFlight to fix occasional
flakiness.
- seed: proper support for optional snaps for Core 20 models
- many: test various kinds of overriding for the snapd snap in Core
20
- cmd/snap-failure: passthrough snapd logs, add informational
logging
- cmd/snap-failure: fallback to snapd from core, extend tests
- configcore: fix missing error propagation
- devicestate: rename ensureSeedYaml -> ensureSeeded
- tests: adding fedora 31
- tests: restart the snapd service in the snapd-failover test
- seed: Core 20 seeds channel overrides support for grade dangerous
- cmd: fix the get command help message
- tests: enable degraded test on arch linux after latest image
updates
- overlord/snapstate: don't re-enable and start disabled services on
refresh, etc.
- seed: support in Core 20 seeds local unasserted snaps for model
snaps
- snap-bootstrap: add go-flags cmdline parsing and tests
- gadget: skip fakeroot if not needed
- overlord/state: panic in MarkEdge() if task is nil
- spread: fix typo in spread suite
- overlord: mock device serial in gadget remodel unit tests
- tests: fix spread shellcheck and degraded tests to unbreak master
- spread, tests: openSUSE Tumbleweed to unstable systems, update
system-usernames on Amazon Linux 2
- snap: extract printInstallHint in cmd_download.go
- cmd: fix a pair of typos
- release: preseed mode flag
- cmd/snap-confine: tracking processes with classic confinement
- overlord/ifacestate: remove automatic connections if plug/slot
missing
- o/ifacestate,interfaces,interfaces/policy: slots-per-plug: *
- tests/lib/state: snapshot and restore /var/snap during the tests
- overlord: add base->base remodel undo tests and fixes
- seed: test and improve Core 20 seed handling errors
- asserts: add "snapd" type to valid types in the model assertion
- snap-bootstrap: check gadget versus disk partitions
- devicestate: add support for gadget->gadget remodel
- snap/snapenv: preserve XDG_RUNTIME_DIR for classic confinement
- daemon: parse and reject invalid channels in snap ops
- overlord: add kernel remodel undo tests and fix undo
- cmd/snap: support (but warn) using deprecated multi-slash channel
- overlord: refactor mgrsSuite and extract kernelSuite
- tests/docker-smoke: add minimal docker smoke test
- interfaces: extend the fwupd slot to be implicit on classic
- cmd/snap: make 'snap list' shorten latest/$RISK to $RISK
- tests: fix for journalctl which is failing to restart
- cmd/snap,image: initial support for Core 20 in prepare-image with
test
- cmd/snap-confine: add support for parallel instances of classic
snaps, global mount ns initialization
- overlord: add kernel rollback across reboots manager test and
fixes
- o/devicestate: the basics of Core 20 firstboot support with test
- asserts: support and parsing for slots-per-plug/plugs-per-slotSee
https://forum.snapcraft.io/t/plug-slot-declaration-rules-greedy-
plugs/12438
- parts/plugins: don't xz-compress a deb we're going to discard
- cmd/snap: make completion skip hidden commands (unless overridden)
- many: load/consume Core 20 seeds (aka recovery systems)
- tests: add netplan test on ubuntu core
- seed/internal: doc comment fix and drop handled TODOs
- o/ifacestate: unify code into
autoConnectChecker.addAutoConnectionsneed to change to support
slots-per-plugs: *
- many: changes to testing in preparation of Core 20 seed consuming
code
- snapstate,devicestate: make OldModel() available in DeviceContext
- tests: opensuse tumbleweed has similar issue than arch linux with
snap --strace
- client,daemon: pass sha3-384 in /v2/download to the client
- builtin/browser_support.go: allow monitoring process memory
utilization (used by chromium)
- overlord/ifacestate: use SetupMany in setupSecurityByBackend
- tests: add 14.04 canonical-livepatch test
- snap: make `snap known --remote` use snapd if available
- seed: share auxInfo20 and makeSystemSnap via internal
- spread: disable secondary compression for deltas
- interfaces/content: workaround for renamed target
- tests/lib/gendevmodel: helper tool for generating developer model
assertions
- tests: tweak wording in mount-ns test
- tests: don't depend on GNU time
- o/snapstate, etc: SnapState.Channel -> TrackingChannel, and a
setter
- seed/seedwriter: support writing Core 20 seeds (aka recovery
systems)
- snap-recovery: rename to "snap-bootstrap"
- managers: add remodel undo test for new required snaps case
- client: add xerrors and wrap errors coming from "client"
- tests: verify host is not affected by mount-ns tests
- tests: configure the journald service for core systems
- cmd/snap, store: include snapcraft.io page URL in snap info output
- cmd/cmdutil: version helper
- spread: enable bboozzoo/snapd-devel-deps COPR repo for getting
golang-x-xerrors
- interfaces: simplify AddUpdateNS and emit
- interfaces/policy: expand cstrs/cstrs1 to
altConstraints/constraints
- overlord/devicestate: check snap handler for gadget remodel
compatibility
- snap-recovery: deploy gadget content when creating partitions
- gadget: skip structures with MBR role during remodel
- tests: do not use lsblk in uc20-snap-recovery test
- overlord/snapstate: add LastActiveDisabledServices,
missingDisabledServices
- overlord/devicestate: refactor and split into per-functionality
files, drop dead code
- tests: update mount-ns after addition of /etc/systemd/user
- interfaces/pulseaudio: adjust to manually connect by default
- interfaces/u2f-devices: add OnlyKey to devices list
- interfaces: emit update-ns snippets to function
- interfaces/net-setup-{observe,control}: add Info D-Bus method
accesses
- tests: moving ubuntu-19.10-64 from google-unstable to google
backend
- gadget: rename existing and add new helpers for checking
filesystem/partition presence
- gadget, overlord/devicestate: add support for customized update
policy, add remodel policy
- snap-recovery: create filesystems as defined in the gadget
- tests: ignore directories for go modules
- policy: implement CanRemove policy for the snapd type
- overlord/snapstate: skip catalog refresh if unseeded
- strutil: add OrderedSet
- snap-recovery: add minimal binary so that we can use spread on it
- gadget, snap/pack: perform extended validation of gadget metadata
and contents
- timeutil: fix schedules with ambiguous nth weekday spans
- interfaces/many: allow k8s/systemd-run to mount volume subPaths
plus cleanups
- client: add KnownOptions to Know() and support remote assertions
- tests: check the apparmor_parser when the file exists on snap-
confine test
- gadget: helper for volume compatibility checks
- tests: update snap logs to match for multiple lines for "running"
- overlord: add checks for bootvars in
TestRemodelSwitchToDifferentKernel
- snap-install: add ext4,vfat creation support
- snap-recovery: remove "usedPartitions" from sfdisk.Create()
- image,seed: hide Seed16/Snap16, use seed.Open in image_test.go
- cmd/snap: Sort tasks in snap debug timings output by lanes and
ready-time.
- snap-confine.apparmor.in: harden pivot_root until we have full
mediation
- gadget: refactor ensureVolumeConsistency
- gadget: add a public helper for parsing gadget metadata
- many: address issues related to explicit/implicit channels for
image building
- overlord/many: switch order of check snap parameters
- cmd/snap-confine: remove leftover condition from capability world
- overlord: set fake serial in TestRemodelSwitchToDifferentKernel
- overlord/many: extend check snap callback to take snap container
- recovery-tool: add sfdisk wrapper
- tests: launch the lxd images following the pattern
ubuntu:${VERSION_ID}
- sandbox/cgroup: move freeze/thaw code
- gadget: accept system-seed role and ubuntu-data label
- test/lib/names.sh: make backslash escaping explicit
- spread: generate delta when using google backend
- cmd/snap-confine: remove loads of dead code
- boot,dirs,image: various refinements in the prepare-image code
switched to seedwriter
- spread: include mounts list in task debug output
- .gitignore: pair of trivial changes
- image,seed/seedwriter: switch image to use seedwriter.Writer
- asserts: introduce explicit support for grade for Core 20 models
- usersession: drive by fixes for things flagged by unused or
gosimple
- spread.yaml: exclude vendor dir
- sandbox/cgroup, overlord/snapstate: move helper for listing pids
in group to the cgroup package
- sandbox/cgroup: refactor process cgroup helper to support v2 and
named hierarchies
- snap-repair: error if run as non-root
- snap: when running `snap repair` without arguments, show hint
- interfaces: add cgroup-version to system-key
- snap-repair: add missing check in TestRepairBasicRun
- tests: use `snap model` instead of `snap known model` in tests
- daemon: make /v2/download take snapRevisionOptions
- snap-repair: add additional comment about trust in runner.Verify()
- client: add support to use the new "download" API
- interfaces: bump system-key version (and keep on bumping)
- interfaces/mount: account for cgroup version when reporting
supported features
- tests: change regex to validate access to cdn during snap
download
- daemon: change /v2/download API to take "snap-name" as input
- release: make forced dev mode look at cgroupv2 support
- seed/seedwriter: support for extra snaps
- wrappers/services.go: add disabled svc list arg to AddSnapServices
- overlord/snapstate: add SetTaskSnapSetup helper + unit tests
- cmd/libsnap: use cgroup.procs instead of tasks
- tests: fix snapd-failover test for core18 tests on boards
- overlord/snapstate/policy, etc: introduce policy, move canRemove
to it
- seed/seedwriter: cleanups and small left over todos* drive-by: use
testutil.FilePresent consistently
- cmd/snap: update 'snap find' help because it's no longer narrow
- seed/seedwriter,snap/naming: support classic models
- cmd/snap-confine: unmount /writable from snap view
- spread.yaml: exclude automake cacheThe error message is looks like
this:dpkg-source: info: local changes detected, the modified files
are:
- interfaces/openvswitch: allow access to other openvswitch sockets
- cmd/model: don't show model with display-name inline w/ opts
- daemon: add a 'prune' debug action
- client: add doTimeout to http.Client{Timeout}
- interfaces/seccomp: query apparmor sandbox helper rather than
aggregate info
- sandbox/cgroup: avoid dependency on dirs
- seed/seedwriter,snap: support local snaps
- overlord/snapstate: fix undo on firstboot seeding.
- usersession: track connections to session agent for exit on idle
and peer credential checks
- tests: fix ubuntu-core-device-reg test for arm devices on core18
- sandbox/seccomp: move the remaining sandbox bits to a
corresponding sandbox package
- osutil: generalize SyncDir with FileState interface
- daemon, client, cmd/snap: include architecture in 'snap version'
- daemon: allow /v2/assertions/{assertType} to query store
- gadget: do not fail the update when old gadget snap is missing
bare content
- sandbox/selinux: move SELinux related bits from 'release' to
'sandbox/selinux'
- tests: add unit test for gadget defaults with a multiline string
- overlord/snapstate: have more context in the errors about
prerequisites
- httputil: set user agent for CONNECT
- seed/seedwriter: resolve channels using channel.Resolve* for snaps
- run-checks: allow overriding gofmt binary, show gofmt diff
- asserts,seed/seedwriter: follow snap type sorting in the model
assertion snap listings
- daemon: return "snapname_rev.snap" style when using /v2/download
- tests: when the backend is external skip the loop waiting for snap
version
- many: move AppArmor probing code under sandbox/apparmor
- cmd: add `snap debug boot-vars` that dumps the current bootvars
- tests: skip the ubuntu-core-upgrade on arm devices on core18
- seed/seedwriter: implement WriteMeta and tree16 corresponding code
- interfaces/docker-support,kubernetes-support: misc updates for
strict k8s
- tests: restart the journald service while preparing the test
- tests/cmd/debug_state: make the test output TZ independent
- interfaces/kubernetes-support: allow use of /run/flannel
- seed/seedwriter: start of Writer and internal policy16/tree16
- sandbox/cgroup, usersession/userd: move cgroup related helper to a
dedicated package
- tests: move "centos-7" to unstable systems
- snapstate: add missing tests for checkGadgetOrKernel
- docs: Update README.md
- snapcraft: set license to GPL-3.0
- interfaces/wayland: allow a confined server running in a user
session to work with Qt, GTK3 & SDL2 clients
- selinux: move the package under sandbox/selinux
- interfaces/udev: account for cgroup version when reporting
supported features
- store, ..., client: add a "website" field
- sanity: sanity check cgroup probing
- snapstate: increase settleTimeout in
TestRemodelSwitchToDifferentKernel
- packaging: remove obsolete usr.lib.snapd.snap-confine in postinst
- data/selinux: allow snapd/snap to do statfs() on the cgroup
mountpoint
- usersession/userd: make sure to export DBus interfaces before
requesting a name
- data/selinux: allow snapd to issue sigkill to journalctl
- docs: Add Code of Conduct
- store: download propagates options to delta download
- tests/main/listing: account for dots in ~pre suffix
* New upstream release, LP: #1853244
- snap-confine: revert, with comment, explicit unix deny for nested
lxd
- Disable mount-ns test on 16.04. It is too flaky currently.
* New upstream release, LP: #1853244
- overlord/snapstate: make sure configuration defaults are applied
only once
* New upstream release, LP: #1853244
- overlord/snapstate: pick up system defaults when seeding the snapd
snap
- cmd/snap-update-ns: fix overlapping, nested writable mimic
handling
- interfaces: misc updates for u2f-devices, browser-support,
hardware-observe, et al
- tests: reset failing "fwupd-refresh.service" if needed
- tests/main/gadget-update-pc: use a program to modify gadget yaml
- snap-confine: suppress noisy classic snap file_inherit denials
* New upstream release, LP: #1853244
- interfaces/lxd-support: Fix on core18
- tests/main/system-usernames: Amazon Linux 2 comes with libseccomp
2.4.1 now
- snap-seccomp: add missing clock_getres_time64
- cmd/snap-seccomp/syscalls: update the list of known
syscalls
- sandbox/seccomp: accept build ID generated by Go toolchain
- interfaces: allow access to ovs bridge sockets
* New upstream release, LP: #1846181
- interfaces: de-duplicate emitted update-ns profiles
- packaging: tweak handling of usr.lib.snapd.snap-confine
- interfaces: allow introspecting network-manager on core
- tests/main/interfaces-contacts-service: disable on openSUSE
Tumbleweed
- tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
- snap: fix default-provider in seed validation
- tests: update system-usernames test now that opensuse-15.1 works
- overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
- gadget: rename "boot{select,img}" -> system-boot-{select,image}
- tests: listing test, make accepted snapd/core versions consistent
* New upstream release, LP: #1846181
- tests: disable {contacts,calendar}-service tests on debian-sid
- tests/main/snap-run: disable strace test cases on Arch
- cmd/system-shutdown: include correct prototype for die
- snap/naming: add test for hook name connect-plug-i2c
- cmd/snap-confine: allow digits in hook names
- gadget: do not fail the update when old gadget snap is missing
bare content
- tests: disable {contacts,calendar}-service tests on Arch Linux
- tests: move "centos-7" to unstable systems
- interfaces/docker-support,kubernetes-support: misc updates for
strict k8s
- packaging: remove obsolete usr.lib.snapd.snap-confine in
postinst
- tests: add test that ensures our snapfuse binary actually works
- packaging: use snapfuse_ll to speed up snapfuse performance
- usersession/userd: make sure to export DBus interfaces before
requesting a name
- data/selinux: allow snapd to issue sigkill to journalctl
- store: download propagates options to delta download
- wrappers: allow snaps to install icon theme icons
- debug: state-inspect debugging utility
- sandbox/cgroup: introduce cgroup wrappers package
- snap-confine: fix return value checks for udev functions
- cmd/model: output tweaks, add'l tests
- wrappers/services: add ServicesEnableState + unit tests
- tests: fix newline and wrong test name pointed out in previous PRs
- tests: extend mount-ns test to handle mimics
- run-checks, tests/main/go: allow gofmt checks to be skipped on
19.10
- tests/main/interfaces-{calendar,contacts}-service: disable on
19.10
- tests: part3 making tests work on ubuntu-core-18
- tests: fix interfaces-timeserver-control on 19.10
- overlord/snapstate: config revision code cleanup and extra tests
- devicestate: allow remodel to different kernels
- overlord,daemon: adjust startup timeout via EXTEND_TIMEOUT_USEC
using an estimate
- tests/main/many: increase kill-timeout to 5m
- interfaces/kubernetes-support: allow systemd-run to ptrace read
unconfined
- snapstate: auto transition on experimental.snapd-snap=true
- tests: retry checking until the written file on desktop-portal-
filechooser
- tests: unit test for a refresh failing on configure hook
- tests: remove mount_id and parent_id from mount-ns test data
- tests: move classic-ubuntu-core-transition* to nightly
- tests/mountinfo-tool: proper formatting of opt_fields
- overlord/configstate: special-case "null" in transaction Changes()
- snap-confine: fallback gracefully on a cgroup v2 only system
- tests: debian sid now ships new seccomp, adjust tests
- tests: explicitly restore after using LXD
- snapstate: make progress reporting less granular
- bootloader: little kernel support
- fixme: rename ubuntu*architectures to dpkg*architectures
- tests: run dbus-launch inside a systemd unit
- channel: introduce Resolve and ResolveLocked
- tests: run failing tests on ubuntu eoan due to is now set as
unstable
- systemd: detach rather than unmount .mount units
- cmd/snap-confine: add unit tests for sc_invocation, cleanup memory
leaks in tests
- boot,dirs,image: introduce boot.MakeBootable, use it in image
instead of ad hoc code
- cmd/snap-update-ns: clarify sharing comment
- tests/overlord/snapstate: refactor for cleaner test failures
- cmd/snap-update-ns: don't propagate detaching changes
- interfaces: allow reading mutter Xauthority file
- cmd/snap-confine: fix /snap duplication in legacy mode
- tests: fix mountinfo-tool filtering when used with rewriting
- seed,image,o/devicestate: extract seed loading to seed/seed16.go
- many: pass the rootdir and options to bootloader.Find
- tests: part5 making tests work on ubuntu-core-18
- cmd/snap-confine: keep track of snap instance name and the snap
name
- cmd: unify die() across C programs
- tests: add functions to make an abstraction for the snaps
- packaging/fedora, tests/lib/prepare-restore: helper tool for
packing sources for RPM
- cmd/snap: improve help and error msg for snapshot commands
- hookstate/ctlcmd: fix snapctl set help message
- cmd/snap: don't append / to snap name just because a dir exists
- tests: support fastly-global.cdn.snapcraft.io url on proxy-no-core
test
- tests: add --quiet switch to retry-tool
- tests: add unstable stage for travis execution
- tests: disable interfaces-timeserver-control on 19.10
- tests: don't guess in is_classic_confinement_supported
- boot, etc: simplify BootParticipant (etc) usage
- tests: verify retry-tool not retrying missing commands
- tests: rewrite "retry" command as retry-tool
- tests: move debug section after restore
- cmd/libsnap-confine-private, cmd/s-c: use constants for
snap/instance name lengths
- tests: measure behavior of the device cgroup
- boot, bootloader, o/devicestate: boot env manip goes in boot
- tests: enabling ubuntu 19.10-64 on spread.yaml
- tests: fix ephemeral mount table in left over by prepare
- tests: add version-tool for comparing versions
- cmd/libsnap: make feature flag enum 1<<N style
- many: refactor boot/boottest and move to bootloader/bootloadertest
- tests/cross/go-build: use go list rather than shell trickery
- HACKING.md: clarify where "make fmt" is needed
- osutil: make flock test more robust
- features, overlord: make parallel-installs exported, export flags
on startup
- overlord/devicestate: support the device service returning a
stream of assertions
- many: add snap model command, add /v2/model, /v2/model/serial REST
APIs
- debian: set GOCACHE dir during build to fix FTBFS on eoan
- boot, etc.: refactor boot to have a lookup with different imps
- many: add the start of Core 20 extensions support to the model
assertion
- overlord/snapstate: revert track-risk behavior change and
validation on install
- cmd/snap,image,seed: move image.ValidateSeed to
seed.ValidateFromYaml
- image,o/devicestate,seed: oops, make sure to clear seedtest
helpers
- tests/main/snap-info: update check.py for test-snapd-tools 2.0
- tests: moving tests to nightly suite
- overlord/devicestate,seed: small step, introduce
seed.LoadAssertions and use it from firstboot
- snapstate: add comment to checkVersion vs strutil.VersionCompare
- tests: add unit tests for cmd_whoami
- tests: add debug section to interfaces-contacts-service
- many: introduce package seed and seedtest
- interfaces/bluez: enable communication between bluetoothd and
meshd via dbus
- cmd/snap: fix snap switch message
- overlord/snapstate: check channel names on install
- tests: check snap_daemon user and group on system-usernames-
illegal test are not created
- cmd/snap-confine: fix group and permission of .info files
- gadget: do not error on gadget refreshes with multiple volumes
- snap: use deterministic paths to find the built deb
- tests: just build snapd commands on go-build test
- tests: re-enable mount-ns test on classic
- tests: rename fuse_support to fuse-support
- tests: move restore-project-each code to existing function
- tests: simplify interfaces-account-control test
- i18n, vendor, packaging: drop github.com/ojii/gettext.go, use
github.com/snapcore/go-gettext
- tests: always say 'restore: |'
- tests: new test to check the output after refreshing/reverting
core
- snapstate: validate all system-usernames before creating them
- tests: fix system version check on listing test for external
backend
- tests: add check for snap_daemon user/group
- tests: don't look for lxcfs in mountinfo
- tests: adding support for arm devices on ubuntu-core-device-reg
test
- snap: explicitly forbid trying to parallel install from seed
- tests: remove trailing spaces from shell scripts
- tests: remove locally installed revisions of core
- tests: fix removal of snaps on ubuntu-core
- interfaces: support Tegra display drivers
- tests: move interfaces-contacts-service to /tmp
- interfaces/network-manager: allow using
org.freedesktop.DBus.ObjectManager
- tests: restore dpkg selections after upgrade-from-2.15 test
- tests: pass --remove to userdel on core
- snap/naming: simplify SnapSet somewhat
- devicestate/firstboot: check for missing bases early
- httputil: rework protocol error detection
- tests: unmount fuse connections only if not initially mounted
- snap: prevent duplicated snap name and snap files when parsing
seed.yaml
- tests: re-implement user tool in python
- image: improve/tweak some warning/error messages
- cmd/libsnap-confine-private: add checks for parallel instances
feature flag
- tests: wait_for_service shows status after actual first minute
- sanity: report proper errror when fuse is needed but not available
- snap/naming: introduce SnapRef, Snap, and SnapSet
- image: support prepare-image --classic for snapd snap only
imagesConsequently:
- tests/main/mount-ns: account for clone_children in cpuset cgroup
on 18.04
- many: merging asserts.Batch Precheck with CommitTo and other
clarifications
- devicestate: add missing test for remodeling possibly removing
required flag
- tests: use user-tool to remove test user in the non-home test
- overlord/configstate: sort patch keys to have deterministic order
with snap set
- many: generalize assertstate.Batch to asserts.Batch, have
assertstate.AddBatch
- gadget, overlord/devicestate: rename Position/Layout
- store, image, cmd: make 'snap download' leave partials
- httputil: improve http2 PROTOCOL_ERROR detection
- tests: add new "user-tool" helper and use in system-user tests
- tests: clean up after NFS tests
- ifacestate: optimize auto-connect by setting profiles once after
all connects
- hookstate/ctlcmd: snapctl unset command
- tests: allow test user XDG_RUNTIME_DIR to phase out
- tests: cleanup "snap_daemon" user in system-usernames-install-
twice
- cmd/snap-mgmt: set +x on startup
- interfaces/wayland,x11: allow reading an Xwayland Xauth file
- many: move channel parsing to snap/channel
- check-pr-title.py: allow {} in pr prefix
- tests: spam test logs less while waiting for systemd unit to stop
- tests: remove redundant activation check for snapd.socket
snapd.service
- tests: trivial snapctl test cleanup
- tests: ubuntu 18.10 removed from the google-sru backend on the
spread.yaml
- tests: add new cases into arch_test
- tests: clean user and group for test system-usernames-install-
twice
- interfaces: k8s worker node updates
- asserts: move Model to its own model.go
- tests: unmount binfmt_misc on cleanup
- tests: restore nsdelegate clobbered by LXD
- cmd/snap: fix snap unset help string
- tests: unmount fusectl after testing
- cmd/snap: fix remote snap info for parallel installed snaps
* New upstream release, LP: #1840740
- overlord/snapstate: revert track-risk behavior
- tests: fix snap info test
- httputil: rework protocol error detection
- gadget: do not error on gadget refreshes with multiple volumes
- i18n, vendor, packaging: drop github.com/ojii/gettext.go, use
github.com/snapcore/go-gettext
- snapstate: validate all system-usernames before creating them
- mkversion.sh: fix version from git checkouts
- interfaces/network-{control,manager}: allow 'k' on
/run/resolvconf/**
- interfaces/wayland,x11: allow reading an Xwayland Xauth file
- interfaces: k8s worker node updates
- debian: re-enable systemd environment generator
- many: create system-usernames user/group if both don't exist
- packaging: fix symlink for snapd.session-agent.socket
- tests: change cgroups so that LXD doesn't have to
- interfaces/network-setup-control: allow dbus netplan apply
messages
- tests: add /var/cache/snapd to the snapd state to prevent error on
the store
- tests: add test for services disabled during refresh hook
- many: simpler access to snap-seccomp version-info
- snap: cleanup some tests, clarify some errorsThis is a follow up
from work on system usernames:
- osutil: add osutil.Find{Uid,Gid}
- tests: use a different archive based on the spread backend on go-
build test
- cmd/snap-update-ns: fix pair of bugs affecting refresh of snap
with layouts
- overlord/devicestate: detect clashing concurrent (ongoing, just
finished) remodels or changes
- interfaces/docker-support: declare controls-device-cgroup
- packaging: fix removal of old apparmor profile
- store: use track/risk for "channel" name when parsing store
details
- many: allow 'system-usernames' with libseccomp > 2.4 and golang-
seccomp > 0.9.0
- overlord/devicestate, tests: use gadget.Update() proper, spread
test
- overlord/configstate/configcore: allow setting start_x=1 to enable
CSI camera on RPi
- interfaces: remove BeforePrepareSlot from commonInterface
- many: support system-usernames for 'snap_daemon' user
- overlord/devicestate,o/snapstate: queue service commands before
mark-seeded and other final tasks
- interfaces/mount: discard mount ns on backend Remove
- packaging/fedora: build on RHEL8
- overlord/devicestate: support seeding a classic system with the
snapd snap and no core
- interfaces: fix test failure in gpio_control_test
- interfaces, policy: remove sanitize helpers and use minimal policy
check
- packaging: use %systemd_user_* macros to enable session agent
socket according to presets
- snapstate, store: handle 429s on catalog refresh a little bit
better
- tests: part4 making tests work on ubuntu-core-18
- many: drop snap.ReadGadgetInfo wrapper
- xdgopenproxy: update test API to match upstream
- tests: show why sbuild failed
- data/selinux: allow mandb_t to search /var/lib/snapd
- tests: be less verbose when checking service status
- tests: set sbuild test as manual
- overlord: DeviceCtx must find the remodel context for a remodel
change
- tests: use snap info --verbose to check for base
- sanity: unmount squashfs with --lazy
- overlord/snapstate: keep current track if only risk is specified
- interfaces/firewall-control: support nft routing expressions and
device groups
- gadget: support for writing symlinks
- tests: mountinfo-tool fail if there are no matches
- tests: sync journal log before start the test
- cmd/snap, data/completion: improve completion for 'snap debug'
- httputil: retry for http2 PROTOCOL_ERROR
- Errata commit: pulseaudio still auto-connects on classic
- interfaces/misc: updates for k8s 1.15 (and greengrass test)
- tests: set GOTRACEBACK=1 when running tests
- cmd/libsnap: don't leak memory in sc_die_on_error
- tests: improve how the system is restored when the upgrade-
from-2.15 test fails
- interfaces/bluetooth-control: add udev rules for BT_chrdev devices
- interfaces: add audio-playback/audio-record and make pulseaudio
manually connect
- tests: split the sbuild test in 2 depending on the type of build
- interfaces: add an interface granting access to AppStream metadata
- gadget: ensure filesystem labels are unique
- usersession/agent: use background context when stopping the agent
- HACKING.md: update spread section, other updates
- data/selinux: allow snap-confine to read entries on nsfs
- tests: respect SPREAD_DEBUG_EACH on the main suite
- packaging/debian-sid: set GOCACHE to a known writable location
- interfaces: add gpio-control interface
- cmd/snap: use showDone helper with 'snap switch'
- gadget: effective structure role fallback, extra tests
- many: fix unit tests getting stuck
- tests: remove installed snap on restore
- daemon: do not modify test data in user suite
- data/selinux: allow read on sysfs
- packaging/debian: don't md5sum absent files
- tests: remove test-snapd-curl
- tests: remove test-snapd-snapctl-core18 in restore
- tests: remove installed snap in the restore section
- tests: remove installed test snap
- tests: correctly escape mount unit path
- cmd/Makefile.am: support building with the go snap
- tests: work around classic snap affecting the host
- tests: fix typo "current"
- overlord/assertstate: add Batch.Precheck to check for the full
validity of the batch before Commit
- tests: restore cpuset clone_children clobbered by lxd
- usersession: move userd package to usersession/userd
- tests: reformat and fix markdown in snapd-state.md
- gadget: select the right updater for given structure
- tests: show stderr only if it exists
- sessionagent: add a REST interface with socket activation
- tests: remove locally installed core in more tests
- tests: remove local revision of core
- packaging/debian-sid: use correct apparmor Depends for Debian
- packaging/debian-sid: merge debian upload changes back into master
- cmd/snap-repair: make sure the goroutine doesn't stick around on
timeout
- packaging/fedora: github.com/cheggaaa/pb is no longer used
- configstate/config: fix crash in purgeNulls
- boot, o/snapst, o/devicest: limit knowledge of boot vars to boot
- client,cmd/snap: stop depending on status/status-code in the JSON
responses in client
- tests: unmount leftover /run/netns
- tests: switch mount-ns test to manual
- overlord,daemon,cmd/snapd: move expensive startup to dedicated
StartUp methods
- osutil: add EnsureTreeState helper
- tests: measure properties of various mount namespaces
- tests: part2 making tests work on ubuntu-core-18
- interfaces/policy: minimal policy check for replacing
sanitizeReservedFor helpers (1/2)
- interfaces: add an interface that grants access to the PackageKit
service
- overlord/devicestate: update gadget update handlers and mocks
- tests: add mountinfo-tool --ref-x1000
- tests: remove lxd / lxcfs if pre-installed
- tests: removing support for ubuntu cosmic on spread test suite
- tests: don't leak /run/netns mount
- image: clean up the validateSuite
- bootloader: remove "Dir()" from Bootloader interface
- many: retry to reboot if snapd gets restarted before expected
reboot
- overlord: implement re-registration remodeling
- cmd: revert PR#6933 (tweak of GOMAXPROCS)
- cmd/snap: add snap unset command
- many: add Client-User-Agent to "SnapAction" install API call
- tests: first part making tests run on ubuntu-core-18
- hookstate/ctlcmd: support hidden commands in snapctl
- many: replace snapd snap name checks with type checks (3/4)
- overlord: mostly stop needing Kernel/CoreInfo, make GadgetInfo
consider a DeviceContext
- snapctl: handle unsetting of config options with "!"
- tests: move core migration snaps to tests/lib/snaps dir
- cmd/snap: handle unsetting of config options with "!"
- cmd/snap, etc: add health to 'snap list' and 'snap info'
- gadget: use struct field names when intializing data in mounted
updater unit tests
- cmd/snap-confine: bring /lib/firmware from the host
- snap: set snapd snap type (1/4)
- snap: add checks in validate-seed for missing base/default-
provider
- daemon: replace shutdownServer with net/http's native shutdown
support
- interfaces/builtin: add exec "/bin/runc" to docker-support
- gadget: mounted filesystem updater
- overlord/patch: simplify conditions for re-applying sublevel
patches for level 6
- seccomp/compiler: adjust test case names and comment for later
changes
- tests: fix error doing snap pack running failover test
- tests: don't preserve size= when rewriting mount tables
- tests: allow reordering of rewrite operations
- gadget: main update routine
- overlord/config: normalize nulls to support config unsetting
semantics
- snap-userd-autostart: don't list as a startup application on the
GUI
- tests: renumber snap revisions as seen via writable
- tests: change allocation for mount options
- tests: re-enable ns-re-associate test
- tests: mountinfo-tool allow many --refs
- overlord/devicestate: implement reregRemodelContext with the
essential re-registration logic
- tests: replace various numeric mount options
- gadget: filesystem image writer
- tests: add more unit tests for mountinfo-tool
- tests: introduce mountinfo-tool --ref feature
- tests: refactor mountinfo-tool rewrite state
- tests: allow renumbering mount namespace identifiers
- snap: refactor and explain layout blacklisting
- tests: renumber snap revisions as seen via hostfs
- daemon, interfaces, travis: workaround build ID with Go 1.9, use
1.9 for travis tests
- cmd/libsnap: add sc_error_init_{simple,api_misuse}
- gadget: make raw updater handle shifted structures
- tests/lib/nested: create WORK_DIR before accessing it
- cmd/libsnap: rename SC_LIBSNAP_ERROR to SC_LIBSNAP_DOMAIN
- cmd,tests: forcibly discard mount namespace when bases change
- many: introduce healthstate, run check-health
post-(install/refresh/try/revert)
- interfaces/optical-drive: add scsi-generic type 4 and 5 support
- cmd/snap-confine: exit from helper when parent dies
* New upstream release, LP: #1836327
- overlord/patch: simplify conditions for re-applying sublevel
patches for level 6
- cmd,tests: forcibly discard mount namespace when bases change
- cmd/snap-confine: handle device cgroup before pivot
- cmd/snap-apparmor-service: quit if there are no profiles
- cmd/snap, image: add --target-directory and --basename to 'snap
download'
- interfaces: add jack1 implicit classic interface
- interfaces: miscellaneous policy updates
- daemon: classic confinement is not supported on core
- interfaces: bluetooth-control: add mtk BT device node
- cmd/snap-seccomp: initial support for negative arguments with
uid/gid caching
- snap-confine: move seccomp load after permanent privilege drop
- tests: new profiler snap used to track cpu and memory for snapd
and snap commands
- debian: make maintainer scripts do nothing on powerpc
- gadget: mounted filesystem writer
- cmd/snap: use padded checkers for snapshot output
- bootloader: switch to bootloader_test style testing
- gadget: add a wrapper for generating partitioned images with
sfdisk
- tests/main/snap-seccomp-syscalls: add description
- tests: continue executing on errors either updating the repo db or
installing dependencies
- cmd/snap-seccomp/syscalls: add io_uring syscalls
- systemd: add InstanceMode enumeration to control which systemd
instance to control
- netutil: extract socket activation helpers from daemon package.
- interfaces: spi: update regex rules to accept spi nodes like
spidev12345.0
- gadget: fallback device lookup
- many: add strutil.ElliptLeft, use it for shortening cohorts
- wrappers: allow sockets under $XDG_RUNTIME_DIR
- gadget: add wrapper for creating and populating filesystems
- gadget: add writer for offset-write
- gadget: support relative symlinks in device lookup
- snap, snapstate: additional validation of base field
- many: fix some races and missing locking, make sure UDevMonitor is
stopped
- boot: move ExtractKernelAssets
- daemon, snap: screenshots _only_ shows the deprecation notice,
from 2.39
- osutil: add a workaround for overlayfs apparmor as it is used on
Manjaro
- snap: introduce GetType() function for snap.Info
- tests: update systems to be used for during sru validation
- daemon: increase `shutdownTimeout` to 25s to deal with slow
HW
- interfaces/network-manager: move deny ptrace to the connected slot
- interfaces: allow locking of pppd files
- cmd/snap-exec: fix snap completion for classic snaps with non
/usr/lib/snapd libexecdir
- daemon: expose pprof endpoints
- travis: disable snap pack on OSX
- client, cmd/snap: expose the new cohort options for snap ops
- overlord/snapstate: tweak switch summaries
- tests: reuse the image created initially for nested tests
execution
- tests/lib/nested: tweak assert disk prepare step
- daemon, overlord/snapstate: support leave-cohort
- tests/main/appstream-id: collect debug info
- store,daemon: add client-user-agent support to store.SnapInfo
- tests: add check for invalid PR titles in the static checks
- tests: add snap-tool for easier access to internal tools
- daemon: unexport file{Response,Stream}
- devicestate: make TestUpdateGadgetOnClassicErrorsOut less racy
- tests: fix test desktop-portal-filechooser
- tests: sort commands from DumpCommands in the dumpDbHook
- cmd/snap: add unit test for "advise-snap --dump-db".
- bootloader: remove extra mock bootloader implementation
- daemon: tweak for "add api endpoint for download" PR
- packaging: fix reproducible build error
- tests: synchronize journal logs before check logs
- tests: fix snap service watchdog test
- tests: use more readable test directory names
- tests/regression/lp-1805485: update test description
- overlord: make changes conflict with remodel
- tests: make sure the snapshot unit test uses a snapshot time
relative to Now()
- tests: revert "tests: stop catalog-update/apt-hooks test for now"
- tests: mountinfo-tool --one prints matches on failure
- data/selinux: fix policy for snaps with bases and classic snaps
- debian: fix building on eoan by tweaking golang build-deps
- packaging/debian-sid: update required golang version to 1.10
- httputil: handle "no such host" error explicitly and do not retry
it
- overlord/snapstate, & fallout: give Install a *RevisionOptions
- cmd/snap: don't run install on 'snap --help install'
- gadget: raw/bare structure writer and updater
- daemon, client, cmd/snap: show cohort key in snap info --verbose
- overlord/snapstate: add update-gadget task when needed, block
other changes
- image: turn a missing default content provider into an error
- overlord/devicestate: update-gadget-assets task handler with
stubbed gadget callbacks
- interface: builtin: avahi-observe/control: update label for
implicit slot
- tests/lib/nested: fix multi argument copy_remote
- tests/lib/nested: have mkfs.ext4 use a rootdir instead of mounting
an image
- packaging: fix permissions powerpc docs dir
- overlord: mock store to avoid net requests
- debian: rework how we run autopkgtests
- interface: builtin: avahi-observe/control: allow slots
implementation also by app snap on classic system
- interfaces: builtin: utils: add helper function to identify system
slots
- interfaces: add missing adjtimex to time-control
- overlord/snapstate, snap: support base = "none"
- daemon, overlord/snapstate: give RevisionOptions a CohortKey
- data/selinux: permit init_t to remount snappy_snap_t
- cmd/snap: test for a friendly error on 'okay' without 'warnings'
- cmd/snap: support snap debug timings --startup=.. and measure
loadState time
- advise-snap: add --dump-db which dumps the command database
- interfaces/docker-support: support overlayfs on ubuntu core
- cmd/okay: Remove err message when warning file not exist
- devicestate: disallow removal of snaps used in booting early
- packaging: fix build-depends on powerpc
- tests: run spread tests on opensuse leap 15.1
- strutil/shlex: fix ineffassign
- cmd/snapd: ensure GOMAXPROCS is at least 2
- cmd/snap-update-ns: detach unused mount points
- gadget: record gadget root directory used during positioning
- tests: force removal to prevent restore fails when directory
doesn't exist on lp-1801955 test
- overlord: implement store switch remodeling
- tests: stop using ! for naive negation in shell scripts
- snap,store,daemon,client: send new "Snap-Client-User-Agent" header
in Search()
- osutil: now that we require golang-1.10, use user.LookupGroup()
- spread.yaml,tests: change MATCH and REBOOT to cmds
- packaging/fedora: force external linker to ensure static linking
and -extldflags use
- timings: tweak the conditional for ensure timings
- timings: always store ensure timings as long as they have an
associated change
- cmd/snap: tweak the output of snap debug timings --ensure=...
- overlord/devicestate: introduce remodel kinds and
contextsregistrationContext:
- snaptest: add helper for mocking snap with contents
- snapstate: allow removal of non-model kernels
- tests: change strace parameters on snap-run test to avoid the test
gets stuck
- gadget: keep track of the index where structure content was
defined
- cmd/snap-update-ns: rename leftover ctx to upCtx
- tests: add "not" command
- spread.yaml: use "snap connections" in debug
- tests: fix how strings are matched on auto-refresh-retry test
- spread-shellcheck: add support for variants and environment
- gadget: helper for shifting structure start position
- cmd/snap-update-ns: add several TODO comments
- cmd/snap-update-ns: rename ctx to upCtx
- spread.yaml: make HOST: usage shellcheck-clean
- overlord/snapstate, daemon: snapstate.Switch now takes a
RevisionOption
- tests: add mountinfo-tool
- many: make snapstate.Update take *RevisionOptions instead of chan,
rev
- tests/unit/spread-shellcheck: temporary workaround for SC2251
- daemon: refactor user ops to api_users
- cmd/snap, tests: refactor info to unify handling of 'direct' snaps
- cmd/snap-confine: combine sc_make_slave_mount_ns into caller
- cmd/snap-update-ns: use "none" for propagation changes
- cmd/snap-confine: don't pass MS_SLAVE along with MS_BIND
- cmd/snap, api, snapstate: implement "snap remove --purge"
- tests: new hotplug test executed on ubuntu core
- tests: running tests on fedora 30
- gadget: offset-write: fix validation, calculate absolute position
- data/selinux: allow snap-confine to do search on snappy_var_t
directories
- daemon, o/snapstate, store: support for installing from cohorts
- cmd/snap-confine: do not mount over non files/directories
- tests: validates snapd from ppa
- overlord/configstate: don't panic on invalid configuration
- gadget: improve device lookup, add helper for mount point lookup
- cmd/snap-update-ns: add tests for executeMountProfileUpdate
- overlord/hookstate: don't run handler unless hooksup.Always
- cmd/snap-update-ns: allow changing mount propagation
- systemd: workaround systemctl show quirks on older systemd
versions
- cmd/snap: allow option descriptions to start with the command
- many: introduce a gadget helper for locating device matching given
structure
- cmd/snap-update-ns: fix golint complaints about variable names
- cmd/snap: unit tests for debug timings
- testutil: support sharing-related mount flags
- packaging/fedora: Merge changes from Fedora Dist-Git and drop EOL
Fedora releases
- cmd/snap: support for --ensure argument for snap debug timings
- cmd,sandbox: tweak seccomp version info handling
- gadget: record sector size in positioned volume
- tests: make create-user test support managed devices
- packaging: build empty package on powerpc
- overlord/snapstate: perform hard refresh check
- gadget: add volume level update checks
- cmd/snap: mangle descriptions that have indent > terminal width
- cmd/snap-update-ns: rename applyFstab to executeMountProfileUpdate
- cmd/snap-confine: unshare per-user mount ns once
- tests: retry govendor sync
- tests: avoid removing snaps which are cached to speed up the
prepare on boards
- tests: fix how the base snap are deleted when there are multiple
to deleted on reset
- cmd/snap-update-ns: merge apply functions
- many: introduce assertstest.SigningAccounts and AddMany test
helpers
- interfaces: special-case "snapd" in sanitizeSlotReservedForOS*
helpers
- cmd/snap-update-ns: make apply{User,System}Fstab identical
- gadget: introduce checkers for sanitizing structure updates
- cmd/snap-update-ns: move apply{Profile,{User,System}Fstab} to same
file
- overlord/devicestate: introduce registrationContext
- cmd/snap-update-ns: add no-op load/save current user profile logic
- devicestate: set "new-model" on the remodel change
- devicestate: use deviceCtx in checkGadgetOrKernel
- many: use a fake assertion model in the device contexts for tests
- gadget: fix handling of positioning constrains for structures of
MBR role
- snap-confine: improve error when running on a not /home homedir
- devicestate: make Remodel() return a state.Change
- many: make which store to use contextualThis reworks
snapstate.Store instead of relying solely on DeviceContext,
because:
- tests: enable tests on centos 7 again
- interfaces: add login-session-control interface
- tests: extra debug for snapshot-basic test
- overlord,overlord/devicestate: do without GadgetInfo/KernelInfo in
devicestate
- gadget: more validation checks for legacy MBR structure type &
role
- osutil: fix TestReadBuildGo test in sbuild
- data: update XDG_DATA_DIRS via the systemd environment.d mechanism
too
- many: do without device state/assertions accessors based on state
only outside of devicestate/tests
- interfaces/dbus: fix unit tests when default snap mount dir is not
/snap
- tests: add security-seccomp to verify seccomp with arg filtering
- snapshotstate: disable automatic snapshots on core for now
- snapstate: auto-install snapd when needed
- overlord/ifacestate: update static attributes of "content"
interface
- interfaces: add support for the snapd snap in the dbus backend*
- overlord/snapstate: tweak autorefresh logic if network is not
available
- snapcraft: also include ld.so.conf from libc in the snapcraft.yml
- snapcraft.yaml: fix links ld-linux-x86-64.so.2/ld64.so.2
- overlord: pass a DeviceContext to the checkSnap implementations
- daemon: add RootOnly flag to commands
- many: make access to the device model assertion etc contextual
via a DeviceCtx hook/DeviceContext interface
- snapcraft.yaml: include libc6 in snapd
- tests: reduce snapcraft leftovers from PROJECT_PATH, temp disable
centos
- overlord: make the store context composably backed by separate
backends for device asserts/info etc.
- snapstate: revert "overlord/snapstate: remove PlugsOnly"
- osutil,cmdutil: move CommandFromCore and make it use the snapd
snap (if available)
- travis: bump Go version to 1.10.x
- cmd/snap-update-ns: remove instanceName argument from applyProfile
- gadget: embed volume in positioned volume, rename fields
- osutil: use go build-id when no gnu build-id is available
- snap-seccomp: add 4th field to version-info for golang-seccomp
features
- cmd/snap-update-ns: merge computeAndSaveSystemChanges into
applySystemFstab
- cmd/snap, client, daemon, store: create-cohort
- tests: give more time until nc returns on appstream test
- tests: run spread tests on ubuntu 19.04
- gadget: layout, smaller fixes
- overlord: update static attrs when reloading connections
- daemon: verify snap instructions for multi-snap requests
- overlord/corecfg: make expiration of automatic snapshots
configurable (4/4)
- cmd/snap-update-ns: pass MountProfileUpdate to
apply{System,User}Fstab
- snap: fix interface bindings on implicit hooks
- tests: improve how snaps are cached
- cmd/snap-update-ns: formatting tweaks
- data/selinux: policy tweaks
- cmd/snap-update-ns: move locking to the common layer
- overlord: use private YAML inside several tests
- cmd/snap, store, image: support for cohorts in "snap download"
- overlord/snapstate: add timings to critical task handlers and the
backend
- cmd: add `snap debug validate-seed <path>` cmd
- state: add possible error return to TaskSet.Edge()
- snap-seccomp: use username regex as defined in osutil/user.go
- osutil: make IsValidUsername public and fix regex
- store: serialize the acquisition of device sessions
- interfaces/builtin/desktop: fonconfig v6/v7 cache handling on
Fedora
- many: move Device/SetDevice to devicestate, start of making them
pluggable in storecontext
- overlord/snapstate: remove PlugsOnly
- interfaces/apparmor: allow running /usr/bin/od
- spread: add qemu:fedora-29-64
- tests: make test parallel-install-interfaces work for boards with
pre-installed snaps
- interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern
- spread.yaml: add qemu:centos-7-64
- overlord/devicestate: extra measurements related to
populateStateFromSeed
- cmd/snap-update-ns: move Assumption to {System,User}ProfileUpdate
- cmd/libsnap: remove fringe error function
- gadget: add validation of cross structure overlap and offset
writes
- cmd/snap-update-ns: refactor of profile application (3/N)
- data/selinux: tweak the policy for runuser and s-c, interpret
audit entries
- tests: fix spaces issue in the base snaps names to remove during
reset phase
- tests: wait for man db cache is updated before after install snapd
on Fedora
- tests: extend timeout of sbuild test
* New upstream release, LP: #1827495
- daemon: increase `shutdownTimeout` to 25s to deal with slow HW
- spread: run tests against openSUSE 15.1
- data/selinux: fix policy for snaps with bases and classic snaps
* New upstream release, LP: #1827495
- debian: rework how we run autopkgtests
- interfaces/docker-support: add overlayfs accesses for ubuntu core
- data/selinux: permit init_t to remount snappy_snap_t
- strutil/shlex: fix ineffassign
- packaging: fix build-depends on powerpc
* New upstream release, LP: #1827495
- spread: enable Fedora 30
- cmd/snap-confine, data/selinux: cherry pick Fedora 30 fixes
- tests/unit/spread-shellcheck: temporary workaround for SC2251
- packaging: build empty package on powerpc
- interfaces: special-case "snapd" in sanitizeSlotReservedForOS*
helper
- cmd/snap: mangle descriptions that have indent > terminal width
- cmd/snap-confine: unshare per-user mount ns once
- tests: avoid adding spaces to the base snaps names
- systemd: workaround systemctl show quirks on older systemd
versions
* New upstream release, LP: #1827495
- overlord/ifacestate: update static attributes of "content"
interface
- data/selinux: tweak the policy for runuser and s-c, interpret
audit entries
- snapshotstate: disable automatic snapshots on core for now
- overlord/corecfg: make expiration of automatic snapshots
configurable
- snapstate: auto-install snapd when needed
- interfaces: add support for the snapd snap in the dbus backend
- overlord/snapstate: tweak autorefresh logic if network is not
available
- interfaces/apparmor: allow running /usr/bin/od
- osutil,cmdutil: move CommandFromCore and make it use the snapd
snap (if available)
- daemon: also verify snap instructions for multi-snap requests
- data/selinux: allow snap-confine to mount on top of bin
- data/selinux: auto transition /var/snap to snappy_var_t
- cmd: add `snap debug validate-seed <path>` cmd
- interfaces/builtin/desktop: fonconfig v6/v7 cache handling on
Fedora
- interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern
- tests: make snap-connections test work on boards with snaps pre-
installed
- tests: check for /snap/core16/current in core16-provided-by-core
- tests: run livepatch test on 18.04 as well
- devicestate: deal correctly with the "required" flag on Remodel
- snapstate,state: add TaskSet.AddAllWithEdges() and use in doUpdate
- snapstate: add new NoReRefresh flag and use in Remodel()
- many: allow core as a fallback for core16
- snapcraft: build static fontconfig in the snapd snap
- cmd/snap-confine: remove unused sc_open_snap_{update,discard}_ns
- data/selinux: allow snapd to execute runuser under snappy_t
- spread, tests: do not leave mislabeled files in restorecon test,
attempt to catch similar files
- interfaces: cleanup internal tool lookup in system-key
- many: move auth.AuthContext to store.DeviceAndAuthContext, the
implemention to a separate storecontext packageThis:
- overlord/devicestate: measurements around ensure and related tasks
- cmd: tweak internal tool lookup to accept more possible locations
- overlord/snapstate,snapshotstate: create snapshot on snap removal
- tests: run smoke tests on (almost) pristine systems
- tests: system disable ssh for config defaults in gadget
- cmd/debug: integrate new task timings with "snap debug timings"
- tests/upgrade/basic, packaging/fedoar: restore SELinux context of
/var/cache/fontconfig, patch pre-2.39 mount units
- image: simplify prefer local logic and fixes
- tests/main/selinux-lxd: make sure LXD from snaps works cleanly
with enforcing SELinux
- tests: deny ioctl - TIOCSTI with garbage in high bits
- overlord: factor out mocking of device service and gadget w.
prepare-device for registration tests
- data/selinux, tests/main/selinux-clean: fine tune the policy, make
sure that no denials are raised
- cmd/libsnap,osutil: fix parsing of mountinfo
- ubuntu: disable -buildmode=pie on armhf to fix memory issue
- overlord/snapstate: inhibit refresh for up to a week
- cmd/snap-confine: prevent cwd restore permission bypass
- overlord/ifacestate: introduce HotplugKey type use short key in
change summaries
- many: make Remodel() download everything first before installing
- tests: fixes discovered debugging refresh-app-awareness
- overlord/snapstate: track time of postponed refreshes
- snap-confine: set rootfs_dir in sc_invocation struct
- tests: run create-user on core devices
- boot: add flag file "meta/force-kernel-extraction"
- tests: add regression test for systemctl race fix
- overlord/snapshotstate: helpers for snapshot expirations
- overlord,tests: perform soft refresh check in doInstall
- tests: enable tests that write /etc/{hostname,timezone} on core18
- overlord/ifacestate: implement String() method of
HotplugDeviceInfo for better logs/messages
- cmd/snap-confine: move ubuntu-core fallback checks
- testutil: fix MockCmd for shellcheck 0.5
- snap, gadget: move gadget read/validation into separate package,
tweak naming
- tests: split travis spread execution in 2 jobs for ubuntu and non
ubuntu systems
- testutil: make mocked command work with shellcheck from snaps
- packaging/fedora, tests/upgrade/basic: patch existing mount units
with SELinux context on upgrade
- metautil, snap: extract yaml value normalization to a helper
package
- tests: use apt via eatmydata
- dirs,overlord/snapstate: add Soft and Hard refresh checks
- cmd/snap-confine: allow using tools from snapd snap
- cmd,interfaces: replace local helpers with cmd.InternalToolPath
- tweak: fix "make hack" on Fedora
- snap: add validation of gadget.yaml
- cmd/snap-update-ns: refactor of profile application
- cmd/snap,client,daemon,store: layout and sanity tweaks for
find/search options
- tests: add workaround for missing cache reset on older snapd
- interfaces: deal with the snapd snap correctly for apparmor 2.13
- release-tools: add debian-package-builder
- tests: enable opensuse 15 and add force-resolution installing
packages
- timings: AddTag helper
- testutil: run mocked commands through shellcheck
- overlord/snapshotstate: support auto flag
- client, daemon, store: search by common-id
- tests: all the systems for google backend with 6 workers
- interfaces: hotplug nested vm test, updated serial-port interface
for hotplug.
- sanity: use proper SELinux context when mounting squashfs
- cmd/libsnap: neuter variables in cleanup functions
- interfaces/adb-support: account for hubs on sysfs path
- interfaces/seccomp: regenerate changed profiles only
- snap: reject layouts to /lib/{firmware,modules}
- cmd/snap-confine, packaging: support SELinux
- selinux, systemd: support mount contexts for snap images
- interfaces/builtin/opengl: allow access to Tegra X1
- cmd/snap: make 'snap warnings' output yamlish
- tests: add check to detect a broken snap on reset
- interfaces: add one-plus devices to adb-support
- cmd: prevent umask from breaking snap-run chain
- tests/lib/pkgdb: allow downgrade when installing packages in
openSUSE
- cmd/snap-confine: use fixed private tmp directory
- snap: tweak parsing errors of gadget updates
- overlord/ifacemgr: basic measurements
- spread: refresh metadata on openSUSE
- cmd/snap-confine: pass sc_invocation instead of numerous args
around
- snap/gadget: introduce volume update info
- partition,bootloader: rename 'partition' package to 'bootloader'
- interfaces/builtin: add dev/pts/ptmx access to docker_support
- tests: restore sbuild test
- strutil: make SplitUnit public, allow negative numbers
- overlord/snapstate,: retry less for auto-stuff
- interfaces/builtin: add add exec "/" to docker-support
- cmd/snap: fix regression of snap saved command
- cmd/libsnap: rename C enum for feature flag
- cmd: typedef mountinfo structures
- tests/main/remodel: clean up before reverting the state
- cmd/snap-confine: umount scratch dir using UMOUNT_NOFOLLOW
- timings: add new helpers, Measurer interface and DurationThreshold
- cmd/snap-seccomp: version-info subcommand
- errortracker: fix panic in Report if db cannot be opened
- sandbox/seccomp: a helper package wrapping calls to snap-seccomp
- many: add /v2/model API, `snap remodel` CLI and spread test
- tests: enable opensuse tumbleweed back
- overlord/snapstate, store: set a header when auto-refreshing
- data/selinux, tests: refactor SELinux policy, add minimal tests
- spread: restore SELinux context when we mess with system files
- daemon/api: filter connections with hotplug-gone=true
- daemon: support returning assertion information as JSON with the
"json" query parameter
- cmd/snap: hide 'interfaces' command, show deprecation notice
- timings: base API for recording timings in state
- cmd/snap-confine: drop unused dependency on libseccomp
- interfaces/apparmor: factor out test boilerplate
- daemon: extract assertions api endpoint implementation into
api_asserts.go
- spread.yaml: bump delta reference
- cmd/snap-confine: track per-app and per-hook processes
- cmd/snap-confine: make sc_args helpers const-correct
- daemon: move a function that was between an other struct and its
methods
- overlord/snapstate: fix restoring of "old-current" revision config
in undoLinkSnap
- cmd/snap, client, daemon, ifacestate: show a leading attribute of
a connection
- cmd/snap-confine: call sc_should_use_normal_mode once
- cmd/snap-confine: populate enter_non_classic_execution_environment
- daemon: allow downloading snaps blobs via .../file
- cmd/snap-confine: introduce sc_invocation
- devicestate: add initial Remodel support
- snap: remove obsolete license-* fields in the yaml
- cmd/libsnap: add cgroup-pids-support module
- overlord/snapstate/backend: make LinkSnap clean up more
- snapstate: only keep 2 snaps on classic
- ctlcmd/tests: tests tweaks (followup to #6322)
* New upstream release, LP: #1824394
- tests: add workaround for missing cache reset on older snapd
- ubuntu: disable -buildmode=pie on armhf to fix memory issue
* New upstream release, LP: #1818648
- overlord/snapstate,: retry less for auto-stuff
- cmd/snap: fix regression of snap saved command
- interfaces/builtin: add dev/pts/ptmx access to docker_support
- overlord/snapstate, store: set a header when auto-refreshing
- interfaces/builtin: add add exec "/" to docker-support
- cmd/snap, client, daemon, ifacestate: show a leading attribute of
a connection
- interface: avahi-observe: Fixing socket permissions on 4.15
kernels
- tests: check that apt works before using it
- apparmor: support AppArmor 2.13
- snapstate: restart into the snapd snap on classic
- overlord/snapstate: during refresh, re-refresh on epoch bump
- cmd, daemon: split out the common bits of mapLocal and mapRemote
- cmd/snap-confine: chown private /tmp to root.root
- cmd/snap-confine: drop uid from random /tmp name
- overlord/hookstate: apply pending transaction changes onto
temporary configuration for snapctl get
- cmd/snap: `snap connections` command
- interfaces/greengrass_support: update accesses for GGC 1.8
- cmd/snap, daemon: make the connectivity check use GET
- interfaces/builtin,/udev: add spec support to disable udev +
device cgroup and use it for greengrass
- interfaces/intel-mei: small follow up tweaks
- ifacestate/tests: fix/improve udev mon test
- interfaces: add multipass-support interface
- tests/main/high-user-handling: fix the test for Go 1.12
- interfaces: add new intel-mei interface
- systemd: decrease the checker counter before unlocking otherwise
we can get spurious panics
- daemon/tests: fix race in the disconnect conflict test
- cmd/snap-confine: allow moving tasks to pids cgroup
- tests: enable opensuse tumbleweed on spread
- cmd/snap: fix `snap services` completion
- ifacestate/hotplug: integration with udev monitor
- packaging: build snapctl as a static binary
- packaging/opensuse: move most logic to snapd.mk
- overlord: fix ensure before slowness on Retry
- overlord/ifacestate: fix migration of connections on upgrade from
ubuntu-core
- daemon, client, cmd/snap: debug GETs ask aspects, not actions
- tests/main/desktop-portal-*: fix handling of python dependencies
- interfaces/wayland: allow wayland server snaps function on classic
too
- daemon, client, cmd/snap: snap debug base-declaration
- tests: run tests on opensuse leap 15.0 instead of 42.3
- cmd/snap: fix error messages for snapshots commands if ID is not
uint
- interfaces/seccomp: increase filter precision
- interfaces/network-manager: no peer label check for hostname1
- tests: add a tests for xdg-desktop-portal integration
- tests: not checking 'tracking channel' after refresh core on
nested execution
- tests: remove snapweb from tests
- snap, wrappers: support StartTimeout
- wrappers: Add an X-SnapInstanceName field to desktop files
- cmd/snap: produce better output for help on subcommands
- tests/main/nfs-support: use archive mode for creating fstab backup
- many: collect time each task runs and display it with `snap debug
timings <id>`
- tests: add attribution to helper script
- daemon: make ucrednetGet not loop
- squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
- features,cmd/libsnap: add new feature "refresh-app-awareness"
- overlord: fix random typos
- interfaces/seccomp: generate global seccomp profile
- daemon/api: fix error case for disconnect conflict
- overlord/snapstate: add some randomness to the catalog refresh
- tests: disable trusty-proposed for now
- tests: fix upgrade-from-2.15 with kernel 4.15
- interfaces/apparmor: allow sending and receiving signals from
ourselves
- tests: split the test interfaces-many in 2 and remove snaps on
restore
- tests: use snap which takes 15 seconds to install on retryable-
error test
- packaging: avoid race in snapd.postinst
- overlord/snapstate: discard mount namespace when undoing 1st link
snap
- cmd/snap-confine: allow writes to /var/lib/**
- tests: stop catalog-update test for now
- tests/main/auto-refresh-private: make sure to actually download
with the expired macaroon
- many: save media info when installing, show it when listing
- userd: handle help urls which requires prepending XDG_DATA_DIRS
- tests: fix NFS home mocking
- tests: improve snaps-system-env test
- tests: pre-cache core on core18 systems
- interfaces/hotplug: renamed RequestedSlotSpec to ProposedSlot,
removed Specification
- debian: ensure leftover usr.lib.snapd.snap-confine is gone
- image,cmd/snap,tests: introduce support for modern prepare-image
--snap <snap>[=<channel>]
- overlord/ifacestate: tweak logic for generating unique slot names
- packaging: import debian salsa packaging work, add sbuild test and
use in spead
- overlord/ifacestate: hotplug-add-slot handler
- image,cmd/snap: simplify --classic-arch to --arch, expose
prepare-image
- tests: run test snap as user in the smoke test
- cmd/snap: tweak man output to have no doubled up .TP lines
- cmd/snap, overlord/snapstate: silently ignore classic flag when a
snap is strictly confined
- snap-confine: remove special handling of /var/lib/jenkins
- cmd/snap-confine: handle death of helper process
- packaging: disable systemd environment generator on 18.04
- snap-confine: fix classic snaps for users with /var/lib/* homedirs
- tests/prepare: prevent console-conf from running
- image: bootstrapToRootDir => setupSeed
- image,cmd/snap,tests: introduce prepare-image --classic
- tests: update smoke/sandbox test for armhf
- client, daemon: introduce helper for querying snapd API for the
list of slot/plug connections
- cmd/snap-confine: refactor and cleanup of seccomp loading
- snapstate, snap: allow update/switch requests with risk only
channel to DTRT
- interfaces: add network-manager-observe interface
- snap-confine: increase locking timeout to 30s
- snap-confine: fix incorrect "sanity timeout 3s" message
- snap-confine: provide proper error message on sc_sanity_timeout
- snapd,state: improve error message on state reading failure
- interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
- snap: fix reexec from the snapd snap for classic snaps
- snap: fix hook autodiscovery for parallel installed snaps
- overlord/snapstate: format the refresh time for the log
- cmd/snap-confine: add special case for Jenkins
- snapcraft.yaml: fix XBuildDeb PATH for go-1.10
- overlord/snapstate: validate instance names early
- overlord/ifacestate: handler for hotplug-update-slot tasks
- polkit: cast pid to uint32 to keep polkit happy for now
- snap/naming: move various name validation helpers to separate
package
- tests: iterate getting journal logs to support delay on boards on
daemon-notify test
- cmd/snap: fix typo in cmd_wait.go
- snap/channel: improve channel parsing
- daemon, polkit: pid_t is signed
- daemon: introduce /v2/connections snapd API endpoint
- cmd/snap: small refactor of cmd_info's channel handling
- overlord/snapstate: use an ad-hoc error when no results
- cmd/snap: wrap "summary" better
- tests: workaround missing go dependencies in debian-9
- daemon: try to tidy up the icon stuff a little
- interfaces: add display-control interface
- snapcraft.yaml: fix snap building in launchpad
- tests: update fedora 29 workers to speed up the whole testing time
- interfaces: add u2f-devices interface and allow reading udev
+power_supply:* in hardware-observe
- cmd/snap-update-ns: save errno from strtoul
- tests: interfaces tests normalization
- many: cleanup golang.org/x/net/context
- tests: add spread test for system dbus interface
- tests: remove -o pipefail
- interfaces: add block-devices interface
- spread: enable upgrade suite on fedora
- tests/main/searching: video section got renamed to photo-and-video
- interfaces/home: use dac_read_search instead of dac_override with
'read: all'
- snap: really run the RunSuite
- interfaces/camera: allow reading vendor/etc info from
/run/udev/data/+usb:*
- interfaces/dbus: be less strict about alternations for well-known
names
- interfaces/home: allow dac_override with 'read:
all'
- interfaces/pulseaudio: allow reading subdirectories of
/etc/pulse
- interfaces/system-observe: allow read on
/proc/locks
- run-checks: ensure we use go-1.10 if available
- tests: get test-snapd-dbus-{provider,consumer} from the beta
channel
- interfaces/apparmor: mock presence of overlayfs root
- spread: increase default kill-timeout to 30min
- tests: simplify interfaces-contacts-service test
- packaging/ubuntu: build with golang 1.10
- ifacestate/tests: extra test for hotplug-connect handler
- packaging: make sure that /var/lib/snapd/lib/glvnd is accounted
for
- overlord/snapstate/backend: call fontconfig helpers from the new
'current'
- kvm: load required kernel modules if necessary
- cmd/snap: use a fake user for 'run' tests
- tests: update systems for google sru backend
- tests: fix install-snaps test by changing the snap info regex
- interfaces: helpers for sorting plug/slot/connection refs
- tests: moving core-snap-refresh-on-core test from main to nested
suite
- tests: fix daemon-notify test checking denials considering all the
log lines
- tests: skip lp-1802591 on "official" images
- tests: fix listing tests to match "snap list --unicode=never"
- debian: fix silly typo in the spread test invocation
- interface: raw-usb: Adding ttyACM ttyACA permissions
- tests: fix enable-disable-unit-gpio test on external boards
- overlord/ifacestate: helper API to obtain the state of connections
- tests: define new "tests/smoke" suite and use that for
autopkgtests
- cmd/snap-update-ns: explicitly check for return value from
parse_arg_u
- interfaces/builtin/opengl: allow access to NVIDIA VDPAU library
- tests: auto-clean the test directory
- cmd/snap: further tweak messaging; add a test
- overlord/ifacestate: handler for hotplug-connect task
- cmd/snap-confine: join freezer only after setting up user mount
- cmd/snap-confine: don't preemptively create .mnt files
- cmd/snap-update-ns: manually implement isspace
- cmd/snap-update-ns: let the go parser know we are parsing -u
- cmd/snap-discard-ns: fix name of user fstab files
- snapshotstate: don't task.Log without the lock
- tests: exclude some more slow tests from runs in autopkgtest
- many: remove .user-fstab files from /run/snapd/ns
- cmd/libsnap: pass --from-snap-confine when calling snap-update-ns
as user
- cmd/snap-update-ns: make freezer mockable
- cmd/snap-update-ns: move XDG code to dedicated file
- osutil: add helper for loading fstab from string
- cmd/snap-update-ns: move existing code around, renaming some
functions
- overlord/configstate/configcore: support - and _ in cloud init
field names
- * cmd/snap-confine: use makedev instead of MKDEV
- tests: review/fix the autopkgtest failures in disco
- overlord: drop old v1 store api support from managers test
- tests: new test for snapshots with more than 1 user
* New upstream release, LP: #1817949
- squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
- overlord/ifacestate: fix migration of connections on upgrade from
ubuntu-core
- tests: fix upgrade-from-2.15 with kernel 4.15
- interfaces/seccomp: increase filter precision
- tests: remove snapweb from tests
* New upstream release, LP: #1811233
- interfaces/seccomp: generate global seccomp profile
- overlord/snapstate: add some randomness to the catalog refresh
- tests: add upgrade test from 2.15.2ubuntu1 -> current snapd
- snap-confine: fix fallback to ubuntu-core
- packaging: avoid race in snapd.postinst
- overlord/snapstate: discard mount namespace when undoing 1st link
snap
- cmd/snap-confine: allow writes to /var/lib/** again
- tests: stop catalog-update/apt-hooks test until the catlog refresh
is randomized
- debian: ensure leftover usr.lib.snapd.snap-confine is gone
* New upstream release, LP: #1811233
- cmd/snap, overlord/snapstate: silently ignore classic flag when a
snap is strictly confined
- snap-confine: remove special handling of /var/lib/jenkins
- cmd/snap-confine: handle death of helper process gracefully
- snap-confine: fix classic snaps for users with /var/lib/* homedirs
like jenkins/postgres
- packaging: disable systemd environment generator on 18.04
- tests: update smoke/sandbox test for armhf
- cmd/snap-confine: refactor and cleanup of seccomp loading
- snap-confine: increase locking timeout to 30s
- snap-confine: fix incorrect "sanity timeout 3s" message
- snap: fix hook autodiscovery for parallel installed snaps
- tests: iterate getting journal logs to support delay on boards on
daemon-notify test
- interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
- interfaces: add u2f-devices interface
* New upstream release, LP: #1811233
- cmd/snap-confine: add special case for Jenkins
- tests: workaround missing go dependencies in debian-9
- daemon, polkit: pid_t is signed
- interfaces: add display-control interface
- interfaces: add block-devices interface
- tests/main/searching: video section got renamed to photo-and-video
- interfaces/camera: allow reading vendor/etc info from
/run/udev/data/+usb
- interfaces/dbus: be less strict about alternations for well-known
names
- interfaces/home: allow dac_read_search with 'read: all'
- interfaces/pulseaudio: allow reading subdirectories of
/etc/pulse
- interfaces/system-observe: allow read on
/proc/locks
- tests: get test-snapd-dbus-{provider,consumer} from the beta
channel
- interfaces/apparmor: mock presence of overlayfs root
- packaging/{fedora,opensuse,ubuntu}: add /var/lib/snapd/lib/glvnd
* New upstream release, LP: #1811233
- snapd: fix race in TestSanityFailGoesIntoDegradedMode test
- cmd: fix snap-device-helper to deal correctly with hooks
- tests: various fixes for external backend
- interface: raw-usb: Adding ttyACM[0-9]* as many serial devices
have device node /dev/ttyACM[0-9]
- tests: fix enable-disable-unit-gpio test on external boards
- tests: define new "tests/smoke" suite and use that for
autopkgtests
- interfaces/builtin/opengl: allow access to NVIDIA VDPAU
library
- snapshotstate: don't task.Log without the lock
- overlord/configstate/configcore: support - and _ in cloud init
field names
- cmd/snap-confine: use makedev instead of MKDEV
- tests: review/fix the autopkgtest failures in disco
- systemd: allow only a single daemon-reload at the same time
- cmd/snap: only auto-enable unicode to a tty
- cmd/snap: right-align revision and size in info's channel map
- dirs, interfaces/builtin/desktop: system fontconfig cache path is
different on Fedora
- tests: fix "No space left on device" issue on amazon-linux
- store: undo workaround for timezone-less released-at
- store, snap, cmd/snap: channels have released-at
- snap-confine: fix incorrect use "src" var in mount-support.c
- release: support probing SELinux state
- release-tools: display self-help
- interface: add new `{personal,system}-files` interface
- snap: give Epoch an Equal method
- many: remove unused interface code
- interfaces/many: use 'unsafe' with docker-support change_profile
rules
- run-checks: stop running HEAD of staticcheck
- release: use sync.Once around lazy intialized state
- overlord/ifacestate: include interface name in the hotplug-
disconnect task summary
- spread: show free space in debug output
- cmd/snap: attempt to restore SELinux context of snap user
directories
- image: do not write empty etc/cloud
- tests: skip snapd snap on reset for core systems
- cmd/snap-discard-ns: fix umount(2) typo
- overlord/ifacestate: hotplug-remove-slot task handler
- overlord/ifacestate: handler for hotplug-disconnect task
- ifacestate/hotplug: updateDevice helper
- tests: reset snapd state on tests restore
- interfaces: return security setup errors
- overlord: make InstallMany work like UpdateMany, issuing a single
request to get candidates
- systemd/systemd.go: add missing tests for systemd.IsActive
- overlord/ifacestate: addHotplugSeqWaitTask helper
- cmd/snap-confine: refactor call to snap-update-ns --user-mounts
- tests: new backend used to run upgrade test suite
- travis: short circuit failures in static and unit tests travis job
- cmd: automatically fix localized <option>s to <option>
- overlord/configstate,features: expose features to snapd tools
- selinux: package to query SELinux status and verify/restore file
contexts
- wrappers: use new systemd.IsActive in core18 early boot
- cmd: add tests for lintArg and lintDesc
- httputil: retry on temporary net errors
- cmd/snap-confine: remove unused sc_discard_preserved_mount_ns
- wrappers: only restart service in core18 when they are active
- overlord/ifacestate: helpers for serializing hotplug changes
- packaging/{fedora,opensuse}: own /var/lib/snapd/cookie
- systemd: start snapd.autoimport.service in --no-block mode
- data/selinux: fix syntax error in definition of snappy_admin
interface
- snap/info: bind global plugs/slots to implicit hooks
- cmd/snap-confine: remove SC_NS_MNT_FILE
- spread: record each tests/upgrade job
- osutil: do not import dirs
- cmd/snap-confine: fix typo "a pipe"
- tests: make security-device-cgroups-{devmode,jailmode} work on arm
devices
- tests: force test-snapd-daemon-notify exit 0 when the interface is
not connected
- overlord/snapstate: run 'remove' hook before 'auto-disconnect'
- centos: enable SELinux support on CentOS 7
- apparmor: allow hard link to snap-specific semaphore files
- tests/lib/pkgdb: disable weak deps on Fedora
- release: detect too old apparmor_parser
- tests: improve how the log is checked to see if the system is
waiting for a reboot
- cmd, dirs, interfaces/apparmor: update distro identification to
support ID="archlinux"
- spread, tests: add Fedora 29
- cmd/snap-confine: refactor calling snapd tools into helper module
- apparmor: allow snap-update-ns access to common devices
- cmd/snap-confine: capture initialized per-user mount ns
- tests: reduce verbosity around package installation
- data: set KillMode=process for snapd
- cmd/snap: handle DNS error gracefully
- spread, tests: use checkpoints when dumping audit log
- tests/lib/prepare: make sure that SELinux context of repacked core
snap is controlled
- testutils: split checkers, tweak tests
- tests: fix for tests test-*-cgroup
- spread: show AVC audits when debugging, start auditd on Fedora
- spread: drop Fedora 27, add Fedora 29
- tests/lib/reset: restore context of removed snapd directories
- testutil: add File{Present,Absent} checkers
- snap: add new `snap run --trace-exec`
- tests: fix for failover test on how logs are checked
- snapctl: add "services"
- overlord/snapstate: use file timestamp to initialize timer
- cmd/libsnap: introduce and use sc_strdup
- interfaces: let NM access ifindex/ifupdown files
- overlord/snapstate: on refresh, check new rev can read current
- client, store: don't use store from client (use client from store)
- tests/main/parallel-install-store: verify installation of more
than one instance at a time
- overlord: don't write system key if security setup fails
- packaging/fedora/snapd.spec: fix bogus date in changelog
- snapstate: update fontconfig caches on install
- interfaces/apparmor/backend.go:411:38: regular expression does not
contain any meta characters (SA6004)
- asserts/header_checks.go:199:35: regular expression does not
contain any meta characters (SA6004)
- run staticcheck every time :-)
- tests/lib/systemd-escape/main.go:46:14: printf-style function with
dynamic first argument and no further arguments should use print-
style function instead (SA1006)
- tests/lib/fakestore/cmd/fakestore/cmd_run.go:66:15: the channel
used with signal.Notify should be buffered (SA1017)
- tests/lib/fakedevicesvc/main.go:55:15: the channel used with
signal.Notify should be buffered (SA1017)
- spdx/parser.go:30:1: only the first constant has an explicit type
(SA9004)
- overlord/snapstate/snapmgr.go:553:21: printf-style function with
dynamic first argument and no further arguments should use print-
style function instead (SA1006)
- overlord/patch/patch3.go:44:70: printf-style function with dynamic
first argument and no further arguments should use print-style
function instead (SA1006)
- cmd/snap/cmd_advise.go:200:2: empty branch (SA9003)
- osutil/udev/netlink/conn.go:120:5: ineffective break statement.
Did you mean to break out of the outer loop? (SA4011)
- daemon/api.go:992:22: printf-style function with dynamic first
argument and no further arguments should use print-style function
instead (SA1006)
- cmd/snapd/main.go:94:5: ineffective break statement. Did you mean
to break out of the outer loop? (SA4011)
- cmd/snap/cmd_userd.go:73:15: the channel used with signal.Notify
should be buffered (SA1017)
- cmd/snap/cmd_help.go:102:7: io.Writer.Write must not modify the
provided buffer, not even temporarily (SA1023)
- release: probe apparmor features lazily
- overlord,daemon: mock security backends for testing
- cmd/libsnap: move apparmor-support to libsnap
- cmd: drop cruft from snap-discard-ns build rules
- cmd/snap-confine: use snap-discard-ns ns to discard stale
namespaces
- cmd/snap-confine: handle mounted shared /run/snapd/ns
- many: fix composite literals with unkeyed fields
- dirs, wrappers, overlord/snapstate: make completion + bases work
- tests: revert "tests: restore in restore, not prepare"
- many: validate title
- snap: make description maximum in runes, not bytes
- tests: discard mount namespaces in reset.sh
- tests/lib: sync cla check back from snapcraft
- Revert "cmd/snap, tests/main/snap-info: highlight the current
channel"
- daemon: remove enableInternalInterfaceActions
- mkversion: use "test -n" rather than "! test -z"
- run-checks: assorted fixes
- tests: restore in restore, not in prepare
- cmd/snap: fix missing newline in "snap keys" error message
- snap: epoch lists must contain no duplicate entries
- interfaces/avahi_observe: Fix typo in comment
- tests: add SPREAD_JOB to the description of
systemd_create_and_start_unit
- daemon, vendor: bump github.com/coreos/go-systemd/activation,
handle API changes
- Revert "cmd/snap-confine: don't allow mapping lib{uuid,blkid}"
- packaging/fedora: use %_sysctldir macro
- cmd/snap-confine: remove unneeded unshare
- sanity: extend the kernel version check to cover CentOS/RHEL
kernels
- wrappers: remove all desktop files from a snap on removal
- snap: add an explicit check for `epoch: null` loading
- snap: check max description length in validate
- spread, tests: add CentOS support
- cmd/snap-confine: allow mapping more libc shards
- cmd/snap-discard-ns: add support for --from-snap-confine
- tests: make tinyproxy support systemd notify
- tests: fix shellcheck
- snap, store: rename `snap.Epoch`'s `Unset` to `IsZero`
- store: add a test for a non-zero epoch refresh (with epoch bump)
- store: v1 search doesn't send epoch, stop pretending it does
- snap: make any "0" epoch be Unset, and marshalled to {[0],[0]}
- overlord/snapstate: amend test should send local revision
- tests: use mock-gpio.py in enable-disable-units-gpio test
- snap: enforce minimal snap name len of 2
- cmd/libsnap: add sc_verify_snap_lock
- cmd/snap-update-ns: extra debugging of trespassing events
- userd: force zenity width if the text displayed is long
- overlord/snapstate, store: always send epochs
- cmd/snap-confine,snap-update-ns: discard quirks
- cmd/snap: add nanosleep to blacklisted syscalls when running with
--strace
- cmd/snap-update-ns, tests: clean trespassing paths
- nvidia, interfaces/builtin: OpenCL fixes
- ifacestate/hotplug: removeDevice helper
- cmd: install snap-discard-ns in "make hack"
- overlord/ifacestate: setup security backends phased by backends
first
- ifacestate/helpers: added SystemSnapName mapper helper method
- overlord/ifacestate: set hotplug-key of the connection when
connecting hotplug slots
- snapd: allow snap-update-ns to read /proc/version
- cmd: handle tumbleweed and leap in autogen.sh
- interfaces/tests: MockHotplugSlot test helper
- store,daemon: make UserInfo,LoginUser part of the store interface
- overlord/ifacestate: use remapper when checking if system snap is
installed
- tests: fix how pinentry is prepared for new gpg v 2.1 and 2.2
- packaging/arch: fix bash completions path
- interfaces/builtin: add device-buttons interface for accessing
events
- tests, fakestore: extend refresh tests with parallel installed
snaps
- snap, store, overlord/snapshotstate: drop epoch pointers
- snap: make Epoch default to {[0],[0]} on load from yaml
- data/completion: pass documented arguments to completion functions
- tests: skip opensuse from interfaces-openvswitch-support test
- tests: simple reproducer for snap try and hooks bug
- snapstate: do not allow classic mode for strict snaps
- snap: make Epoch's MarshalJSON not simplify
- store: remove unused currentSnap and currentSnapJSON
- many: some small doc comment fixes in recent hotplug code
- ifacestate/udevmonitor: added callback to signal end of
enumeration
- cmd/libsnap: add simplified feature flag checker
- interfaces/opengl: add additional accesses for cuda
- tests: add core18 only hooks test and fix running core18 only on
classic
- sanity, release, cmd/snap: refuse to try to do things on WSL.
- cmd: make coreSupportsReExec faster
- overlord/ifacestate: don't remove the dash when generating unique
slot name
- cmd/snap-seccomp: add full complement of ptrace constants
- cmd: update autogen.sh for opensuse
- interfaces/apparmor: allow access to /run/snap.$SNAP_INSTANCE_NAME
- spread.yaml: add more systems to the autopkgtest and qemu backends
- daemon: spool sideloaded snap into blob dir
overlord/snapstate: address review feedback
- packaging/opensuse: stop using golang-packaging
- overlord/snapshots: survive an unknown user
- wrappers: fix generating of service units with multiple `before`
dependencies
- data: run snapd.autoimport.service only after seeding
- cmd/snap: unhide --name parameter to snap install, tweak help
message
- packaging/fedora: Merge changes from Fedora Dist-Git
- tests/main/snap-service-after-before-install: verify after/before
in snap install
- overlord/ifacestate: mark connections disconnected by hotplug with
hotplug-gone
- ifacestate/ifacemgr: don't reload hotplug-gone connections on
startup
- tests: install dependencies during prepare
- tests,store,daemon: ensure proxy settings are honored in
auth/userinfo too
- tests: core 18 does not support classic confinement
- tests: add debug output for degraded test
- strutil: make VersionCompare faster
- overlord/snapshotstate/backend: survive missing directories
- overlord/ifacestate: use map[string]*connState when passing conns
around
- tests: move fedora 28 to manual
- overlord/snapshotstate/backend: be more verbose when
SNAPPY_TESTING=1
- tests: removing fedora 26 system from spread.yaml
- tests: linode execution is not needed anymore
- tests/lib: adjust to changed systemctl behaviour on debian-9
- tests: fixes and new backend for tests on nested suite
- strutil: let MatchCounter work with a nil regexp
- ifacestate/helpers: findConnsForHotplugKey helper
- many: move regexp.(Must)Compile out of non-init functions into
variables
- store: also make snaps downloaded via deltas 0600
- snap: use Lstat to determine snap size, remove
ReadSnapInfoExceptSize
- interfaces/builtin: add adb-support interface
- tests: fail if install_snap_local fails
- strutil: add extra test to CommaSeparatedList as suggested by
mborzecki
- cmd/snap, daemon, strutil: use CommaSeparatedList to split a CSL
- ifacestate: optimize disconnect hooks
- cmd/snap-update-ns: parse the -u <uid> command line option
- cmd/snap, tests: snapshots for all
- client, cmd/daemon: allow disabling keepalive, improve degraded
mode unit tests
- snap: only show "next" refresh time if its after the hold time
- overlord/snapstate: run tests for classic snaps even on systems
that don't support classic
- overlord/standby: fix a race between standby goroutine and stop
- cmd/snap-exec: don't fail on some try mode snaps
- cmd/snap, userd, testutil: tweak DBus tests to use private session
bus connection
- cmd: remove remnants of sc_should_populate_mount_ns
- client, daemon, cmd/snap: indicate that services are socket/timer
activated
- cmd/snap-seccomp: only look for PTRACE_GETFPX?REGS where available
- cmd/snap-confine: remove SC_NS_FAIL_GRACEFULLY
- snap/pack, cmd/snap: allow specifying the filename of 'snap pack'
- cmd/snap-discard-ns: add support for per-user mount namespaces
- cmd/snap-confine: remove stale mount profile along stale namespace
- data/apt: close stderr when calling snap in the apt install hook.
- tests/main: fixes for the new shellcheck
- testutil, cmd/snap: introduce and use testutil.EqualsWrapped and
fly
- tests: initial setup for testing current branch on nested vm and
hotplug management
- cmd: refactor IPC and lifecycle of the helper process
- tests/main/parallel-install-store: the store has caught up, do not
expect failures
- overlord/snapstate, snap, wrappers: start services in the right
order during install
- interfaces/browser-support, cmd/snap-seccomp: Allow read-only
ptrace, for the Breakpad crash reporter
- snap,client: use a different exit code for retryable errors
- overlord/ifacestate: don't conflict on own discard-snap tasks when
refreshing & doing garbage collection
- cmd/snap: tweak `snap services` output when there is no services
- interfaces/many: updates to support k8s worker nodes
- cmd/snap: gnome-software install via snap:// handler
- overlord/many: cleanup use of snapName vs. instanceName
- snapstate: add command-chain to supported featureset
- daemon, snap: mark screenshots as deprecated
- interfaces: fix decoding of json numbers for static/dynamic
attributes* ifstate: fix decoding of json numbers
- cmd/snap: try not to panic on error from "snap try"
- tests: new cosmic image for spread tests on gce
- interfaces/system-key: add parser mtime and only discover features
on write
- overlord/snapshotstate/backend: detect path to tar in unit tests
- tests/unit/gccgo: drop gccgo unit tests
- cmd: use relative file names in locking APIs
- interfaces: fix NormalizeInterfaceAttributes, add tests
- overlord/snapshotstate/backend: fall back on sudo when no runuser
- cmd/snap-confine: reduce verbosity of debug and error messages
- systemd: extend Status() to work for socket and timer units
- interfaces: typo 'allows' for consistency with other ifaces
- systemd,wrappers: don't start disabled services
- ifacestate: simplify task chaining in ifacestate.Connect
- tests: ensure that goa-daemon is off
- snap/pack, snap/squashfs: remove extra copy before mksquashfs
- cmd/snap: block 'snap help <cmd> --all'
- asserts, image: ensure kernel, gadget, base and required-snaps use
valid snap names
- apparmor: add unit test for probeAppArmorParser and simplify code
- interfaces/apparmor: conditionally add explicit deny rules for
ptrace
- po: sync translations from launchpad
- osutil: tweak handling of error adduser errors
- cmd: rename ns_group to mount_ns
- tests/main/interfaces-accounts-service: more debugging
- snap/pack, snap/squashfs: use type to determine mksquashfs args
- data/systemd, wrappers: tweak system-shutdown helper for core18
- tests: show list of processes when ifaces-accounts-service fails
- tests: do not run degraded test in autopkgtest env
- snap: overhaul validation error messages
- ifacestate/hooks: only create interface hook tasks if hooks exist
- osutil: workaround overlayfs on ubuntu 18.10
- interfaces/home: don't allow snaps to write to $HOME/bin
- interfaces: improve Attr error further
- snapstate: tweak GetFeatureFlagBool() to have a default argument
- many: cleanup remaining parallel installs TODOs
- image: improve validation of extra snaps
* New upstream release, LP: #1795590
- wrappers: use new systemd.IsActive in core18 early boot
- httputil: retry on temporary net errors
- wrappers: only restart service in core18 when they are active
- systemd: start snapd.autoimport.service in --no-block mode
- data/selinux: fix syntax error in definition of snappy_admin
interfacewhen installing selinux-policy-devel package.
- centos: enable SELinux support on CentOS 7
- cmd, dirs, interfaces/apparmor: update distro identification to
support ID="archlinux"
- apparmor: allow hard link to snap-specific semaphore files
- overlord,apparmor: new syskey behaviour + non-ignored snap-confine
profile errors
- snap: add new `snap run --trace-exec` call
- interfaces/backends: detect too old apparmor_parser
* New upstream release, LP: #1795590
- daemon, vendor: bump github.com/coreos/go-systemd/activation,
handle API changes
- snapstate: update fontconfig caches on install
- overlord,daemon: mock security backends for testing
- sanity, spread, tests: add CentOS
- Revert "cmd/snap, tests/main/snap-info: highlight the current
channel"
- cmd/snap: add nanosleep to blacklisted syscalls when running with
--strace
- tests: add regression test for LP #1803535
- snap-update-ns: fix trailing slash bug on trespassing error
- interfaces/builtin/opengl: allow reading /etc/OpenCL/vendors
- cmd/snap-confine: nvidia: pick up libnvidia-opencl.so
- interfaces/opengl: add additional accesses for cuda
* New upstream release, LP: #1795590
- tests,snap-confine: add core18 only hooks test and fix running
core18 only hooks on classic
- interfaces/apparmor: allow access to
/run/snap.$SNAP_INSTANCE_NAME
- spread.yaml: add more systems to the autopkgtest and qemu backends
- daemon: spool sideloaded snap into blob dir
- wrappers: fix generating of service units with multiple `before`
dependencies
- data: run snapd.autoimport.service only after seeding
- tests,store,daemon: ensure proxy settings are honored in
auth/userinfo too
- packaging/fedora: Merge changes from Fedora Dist-Git
- tests/lib: adjust to changed systemctl behaviour on debian-9
- tests/main/interfces-accounts-service: switch to busctl, more
debugging
- store: also make snaps downloaded via deltas 0600
- cmd/snap-exec: don't fail on some try mode snaps
- cmd/snap, userd, testutil: tweak DBus tests to use private session
bus connection
- tests/main: fixes for the new shellcheck
- cmd/snap-confine: remove stale mount profile along stale namespace
- data/apt: close stderr when calling snap in the apt install hook
* New upstream release, LP: #1795590
- overlord/snapstate, snap, wrappers: start services in the right
order during install
- tests: the store has caught up, drop gccgo test, update cosmic
image
- cmd/snap: try not to panic on error from "snap try"`--devmode`
- overlord/ifacestate: don't conflict on own discard-snap tasks when
refreshing & doing garbage collection
- snapstate: add command-chain to supported featureset
- daemon, snap: mark screenshots as deprecated
- interfaces: fix decoding of json numbers for static/dynamic
attributes
- data/systemd, wrappers: tweak system-shutdown helper for core18
- interfaces/system-key: add parser mtime and only discover features
on write
- interfaces: fix NormalizeInterfaceAttributes, add tests
- systemd,wrappers: don't start disabled services
- ifacestate/hooks: only create interface hook tasks if hooks exist
- tests: do not run degraded test in autopkgtest env
- osutil: workaround overlayfs on ubuntu 18.10
- interfaces: include invalid type in Attr error
- many: enable layouts by default
- interfaces/default: don't scrub with change_profile with classic
- cmd/snap: speed up unit tests
- vendor, cmd/snap: refactor to accommodate the new less buggy go-
flags
- daemon: expose snapshots to the API
- interfaces: updates for default, screen-inhibit-control, tpm,
{hardware,system,network}-observe
- interfaces/hotplug: rename HotplugDeviceKey method to HotplugKey,
update test interface
- interfaces/tests: use TestInterface instead of a custom local
helper
- overlord/snapstate: export getFeatureFlagBool.
- osutil,asserts,daemon: support force password change in system-
user assertion
- snap, wrappers: support restart-delay, generate RestartSec=<value>
in service units
- tests/ifacestate: moved asserts-related mocking into helper
- image: fetch device store assertion if available
- many: enable AppArmor on Arch
- interfaces/repo: two helper methods for hotplug
- overlord/ifacestate: add hotplug slots with implicit slots
- interfaces/hotplug: helpers and struct updates
- tests: run the snapd tests on Ubuntu 18.10
- snapstate: only report errors if there is an actual error
- store: speedup unit tests
- spread-shellcheck: fix interleaved error messages, tweaks
- apparmor: create SnapAppArmorDir in setupSnapConfineReexec
- ifacestate: implementation of defaultDeviceKey function for
hotplug
- cmd/snap-update-ns: remove empty placeholders used for mounting
- snapshotstate: restore to current revision
- tests/lib: rework the CLA checker
- many: support and consider store friendly-stores when checking
device scope constraints
- overlord/snapstate: block parallel installs of snapd, core, base,
kernel, gadget snaps
- overlord/patch: patch for static plug/slot attributes
- interfaces: honor static attributes when reloading conns
- osutils: unit tests speedup; introduce run-checks --short-
unit.
- systemd, wrappers: speed up wrappers unit tests
- client: speedup unit tests
- spread-shellcheck: use threads to parallelise
- snap: validate plug and slot names
- osutil, interfaces/apparmor: add and use of osutil.UnlinkMany
- wrappers: do not depend on network.taget in socket units, tweak
generated units
- interfaces/apparmor: (un)load profiles in one apparmor_parser call
- store: gracefully handle unexpected errors in 'action'
response
- cmd: put our manpages in section 8
- overlord: don't make become-operational interfere with user
requests
- store: tweak unmatched refresh result error log
- snap, client, daemon, store: use and expose "media" more
- tests,cmd/snap-update-ns: add test showing mount update bug
cmd/snap-update-ns: better detection of snapd-made tmpfs
- tests: spread tests for aliases with parallel installed snaps
- interfaces/seccomp: allow using statx by default
- store: gracefully handle unexpected errors in 'action' response
- overlord/snapshotstate: chown the tempdir
- cmd/snap: attempt to start the document portal if running with a
session bus
- snap: detect layouts vs layout in snap.yaml
- interfaces/apparmor: handle overlayfs snippet for snap-update-ns
- snapcraft.yaml: set grade to stable
- tests: shellchecks, final round
- interfaces/apparmor: handle overlayfs snippet for snap-update-ns
- snap: detect layouts vs layout in snap.yaml
- overlord/snapshotstate: store epoch in snapshot, check on restore
- cmd/snap: tweak UX of snap refresh --list
- overlord/snapstate: improve consistency, use validateInfoAndFlags
also in InstallPath
- snap: give Epoch a CanRead helper
- overlord/snapshotstate: small refactor of internal helpers
- interfaces/builtin: adding missing permission to create
/run/wpa_supplicant directory
- interfaces/builtin: avahi interface update
- client, daemon: support passing of 'unaliased' option when
installing from local files
- selftest: rename selftest.Run() to sanity.Check()
- interfaces/apparmor: report apparmor support level and policy
- ifacestate: helpers for generating slot names for hotplug
- overlord/ifacestate: make sure to pass in the Model assertion when
enforcing policies
- overlord/snapshotstate: store the SnapID in snapshot, block
restore if changed
- interfaces: generalize writable mimic profile
- asserts,interfaces/policy: add support for on-store/on-brand/on-
model plug/slot rule constraints
- many: fetch the device store assertion together and in the context
of interpreting snap-declarations
- tests: disable gccgo tests on 18.04 for now, until dh-golang vs
gccgo is fixed
- tests/main/parallel-install-services: add spread test for snaps
with services
- tests/main/snap-env: extend to cover parallel installations of
snaps
- tests/main/parallel-install-local: rename from *-sideload, extend
to run snaps
- cmd/snapd,daemon,overlord: without snaps, stop and wait for socket
- cmd/snap: tame the help zoo
- tests/main/parallel-install-store: run installed snap
- cmd/snap: add a bunch of TRANSLATORS notes (and a little more
i18n)
- cmd: fix C formatting
- tests: remove unneeded cleanup from layout tests
- image: warn on missing default-providers
- selftest: add test to ensure selftest.checks is up-to-date
- interfaces/apparmor, interfaces/builtin: tweaks for parallel snap
installs
- userd: extend the list of supported XDG Desktop properties when
autostarting user applications
- cmd/snap-update-ns: enforce trespassing checks
- selftest: actually run the kernel version selftest
- snapd: go into degraded mode when the selftest fails
- tests: add test that runs snapctl with a core18 snap
- tests: add snap install hook with base: core18
- overlord/{snapstate,assertstate}: parallel instances and
refresh validation
- interfaces/docker-support: add rules to read apparmor macros
- tests: make nfs test available for more systems
- tests: cleanup copy/paste dup in interfaces-network-setup-control
- tests: using single sh snap in interface tests
- overlord/snapstate: improve cleaup in mount-snap handler
- tests: don't fail interfaces-bluez test if bluez is already
installed
- tests: find snaps just for edge and beta channels
- daemon, snapstate: consistent snap list [--all] output with broken
snaps
- tests: fix listing to allow extra things in the notes column
- cmd/snap: improve UX when removing specific snap revision
- cmd/snap, tests/main/snap-info: highlight the current channel
- interfaces/testiface: added TestHotplugInterface
- snap: tweak commands
- interfaces/hotplug: hotplug spec takes one slot definition
- overlord/snapstate, snap: handle shared snap directories when
installing/remove snaps with instance key
- interfaces/opengl: misc accesses for VA-API
- client, cmd/snap: expose warnings to the world
- cmd/snap-update-ns: introduce trespassing state tracking
- cmd/snap: commands no longer build their own client
- tests: try to build cmd/snap for darwin
- daemon: make error responders not printf when called with 1
argument
- many: return real snap name in API response
- overlord/state: return latest LastAdded time in WarningsSummary
- many: mount namespace mapping for parallel installs of snaps
- ifacestate/autoconnect: do not self-conflict on setup-profiles if
core-phase-2
- client, cmd/snap: on !linux, exit when the client tries to Do
something
- tests: refactor for nested suite and tests fixed
- tests: use lxd's waitready instead of polling lxd socket
- ifacestate: don't initialize udev monitor until we have a system
snap
- interfaces: extra argument for static attrs in
NewConnectedPlug/NewConnectedSlot
- packaging/arch: sync packaging with AUR
- snapstate/tests: serialize all appends in fake backend
- snap-confine: make /lib/modules optional
- cmd/snap: handle "snap interfaces core" better
- store: move download tests into downloadSuite
- tests,interfaces: run interfaces-account-control on UC18
- tests: fix install snaps test by adding link to /snap
- tests: fix for nested test suite
- daemon: fix snap list --all with parallel snap instances
- snapstate: refactor tests to use SetModel*
- wrappers: fix snap services order in tests
- many: provide salt for generating instance-key in store requests
- ifacestate: fix hang when retrying content providers
- snapd-env-generator: fix when PATH is empty or unset
- overlord/assertstate: propagate TaskSnapSetup error
- client: catch and expose logs errors
- overlord: integrate device enumeration with udev monitor
- daemon, overlord/state: warnings pipeline
- tests: add publisher regex to fix the snap-info test pass on sru
- cmd: use systemdsystemgeneratorsdir, cleanup automake complaints,
tweaks
- cmd/snap-update-ns: remove the unused Secure type
- osutil, o/snapshotstate, o/sss/backend: quick fixes
- tests: update the listing expression to support core from
different channels
- store: use stable instance key in store refresh requests
- cmd/snap-update-ns: detach Mk{Prefix,{File,Dir,Symlink{,All}}}
- overlord/patch: support for sublevel patches
- tests: update prepare/restore for nightly suite
- cmd/snap-update-ns: detach BindMount from the Secure type
- cmd/snap-update-ns: re-factor pair of helpers to call fstatfs once
- ifacestate: retry on "discard-snap" in autoconnect conflict check
- cmd/snap-update-ns: separate OpenPath from the Secure struct
- wrappers: remove Wants=network-online.target
- tests: add new core16-base test
- store: refactor tests so that they work as store_test package
- many: add refresh.rate-limit core option
- tests: run account-control test with different bases
- tests: port proxy test to use python tinyproxy
- overlord: introduce snapshotstate.
- testutil: allow Fstatfs results to vary over time
- snap-update-ns: add comments about the "deadcode" in bootstrap.go
- overlord: add chg.Err() in testUpdateWithAutoconnectRetry
- many: remove deadcode
- tests: also run unit/gccgo in 18.04
- tests: introduce a helper for installing local snaps with --name
- tests: avoid removing core snap on reset
- snap: use snap.SideInfo in test to fix build with gccgo
- partition: remove unused runCommand
- image: fix incorrect error when using local bases
- overlord/snapstate: fix format
- cmd: fix format
- tests: setting "storage: preserve-size" just for amazon-linux
system
- tests: test for the hostname interface
- interfaces/modem-manager: allow access to more USB strings
- overlord: instantiate UDevMonitor
- interfaces/apparmor: tweak naming, rename to AddLayout()
- interfaces: take instance name in ifacetest.InstallSnap
- snapcraft: do not use --dirty in mkversion
- cmd: add systemd environment generator
- devicestate: support getting (http) proxy from core config
- many: rename ClientOpts to ClientOptions
- prepare-image-grub-core18: remove image root in restore
- overlord/ifacestate: remove "old-conn" from connect/undo connect
handlers
- packaging/fedora: Merge changes from Fedora Dist-Git
- image: handle errors when downloadedSnapsInfoForBootConfig has no
data
- tests: use official core18 model assertion in tests
- snap-confine: map /var/lib/extrausers into snaps mount-namespace
- overlord,store: support proxy settings internally too
- cmd/snap: bring back 'snap version'
- interfaces/mount: tweak naming of things
- strutil: fix MatchCounter to also work with buffer reuse
- cmd,interfaces,tests: add /mnt to removable-media interface
- systemd: do not run "snapd.snap-repair.service.in on firstboot
bootstrap
- snap/snapenv: drop some instance specific variables, use instance-
specific ones for user locations
- firstboot: sort by type when installing the firstboot snaps
- cmd, cmd/snap: better support for non-linux
- strutil: add new ParseByteSize
- image: detect and error if bases are missing
- interfaces/apparmor: do not downgrade confinement on arch with
linux-hardened 4.17.4+
- daemon: add pokeStateLock helper to the daemon tests
- snap/squashfs: improve error message from Build on mksquashfs
failure
- tests: remove /etc/alternatives from dirs-not-shared-with-host
- cmd: support re-exec into the "snapd" snap
- spdx: remove "Other Open Source" from the support licenses
- snap: add new type "TypeSnapd" and attach to the snapd snap
- interfaces: retain order of inserted security backends
- tests: spread test for parallel-installs desktop file handling
- overlord/devicestate: use OpenSSL's PEM format when generating
keys
- cmd: remove --skip-command-chain from snap run and snap-exec
- selftest: detect if apparmor is unusable and error
- snap,snap-exec: support command-chain for hooks
- tests: significantly reduce execution time for managers test
- snapstate: use new "snap.ByType" sorting
- overlord/snapstate: fix UpdateMany() to work with parallel
instances
- testutil: have File* checker produce more useful error output
- overlord/ifacestate: introduce connectOpts
- interfaces: parallel instances support, extend unit tests
- tests: normalize tests
- snapstate: make InstallPath() return *snap.Info too
- snap: add ByType sorting
- interfaces: add cifs-mount interface
- tests: use file based markers in snap-service-stop-mode
- osutil: reorg and stub out things to get it building on darwin
- tests/main/layout: cleanup after the test
- osutil/sys: small tweaks to let it build on darwin
- daemon, overlord/snapstate: set instance name when installing from
snap file
- many: move Uname to osutil, for more DRY and easier porting.
- cmd/snap: create snap user directory when running parallel
installed snaps
- cmd/snap-confine: switch to validation of SNAP_INSTANCE_NAME
- tests: basic test for parallel installs from the store
- image: download the gadget from the model.GadgetTrack()
- snapstate: add support for gadget tracks in model assertion
- image: add support for "gadget=track"
- overlord: handle sigterm during shutdown better
- tests: add the original function to fix the errors on new kernels
- tests/main/lxd: pull lxd from candidate; renable i386
- wayland: add extra sockets that are used by older toolkits (e.g.
gtk3)
- asserts: add support for gadget tracks in the model assertion
- overlord/snapstate: improve feature flag validation
- tests/main/lxd: run ubuntu-16.04 only on 64 bit variant
- interfaces: workaround for activated services and newer DBus
- tests: get the linux-image-extra available for the current kernel
- interfaces: add new "sysfs-name" to i2c interfaces code
- interfaces: disconnect hooks
- cmd/libsnap: unify detection of core/classic with go
- tests: fix autopkgtest failures in cosmic
- snap: fix advice json
- overlord/snapstate: parallel snap install
- store: backward compatible instance-key handling for non-instance
snaps
- interfaces: add screencast-legacy for video and audio recording
- tests: skip unsupported architectures for fedora-base-smoke test
- tests: avoid using the journalctl cursor when it has not been
created yet
- snapstate: ensure normal snaps wait for the "snapd" snap on
refresh
- tests: enable lxd again everywhere
- tests: new test for udisks2 interface
- interfaces: add cpu-control for setting CPU tunables
- overlord/devicestate: fix tests, set seeded in registration
through proxy tests
- debian: add missing breaks on cosmic
- devicestate: only run device-hook when fully seeded
- seccomp: conditionally add socketcall() based on system and base
- tests: new test for juju client observe interface
- overlord/devicestate: DTRT w/a snap proxy to reach a serial vault
- snapcraft: set version information for the snapd snap
- cmd/snap, daemon: error out if trying to install a snap using
empty name
- hookstate: simplify some hook tests
- cmd/snap-confine: extend security tag validation to cover instance
names
- snap: fix mocking of systemkey in snap-run tests
- packaging/opensuse: fix static build of snap-update-ns and snap-
exec
- interfaces/builtin: addtl network-manager resolved DBus fix
- udev: skip TestParseUdevEvent on ppc
- interfaces: miscellaneous policy updates
- debian: add tzdata to build-dep to ensure snapd builds correctly
- cmd/libsnap-confine-private: intoduce helpers for validating snap
instance name and instance key
- snap,snap-exec: support command-chain for app
- interfaces/builtin: network-manager resolved DBus changes
- snap: tweak `snap wait` command
- cmd/snap-update-ns: introduce validation of snap instance names
- cmd/snap: fix some corner-case test setup weirdness
- cmd,dirs: fix various issues discovered by a Fedora base snap
- tests/lib/prepare: fix extra snaps test
* New upstream release, LP: #1786438
- interfaces/home: don't allow snaps to write to $HOME/bin
- osutil: workaround overlayfs on ubuntu 18.10
* New upstream release, LP: #1786438
- wrappers: do not depend on network.taget in socket units, tweak
generated units
* New upstream release, LP: #1786438
- overlord: don't make become-operational interfere with user
requests
- docker_support.go: add rules to read apparmor macros
- interfaces/apparmor: handle overlayfs snippet for snap-update-
nsFixes:
- snapcraft.yaml: add workaround to fix snapcraft build
- interfaces/opengl: misc accesses for VA-API
* New upstream release, LP: #1786438
- cmd,overlord/snapstate: go 1.11 format fixes
- ifacestate: fix hang when retrying content providers
- snap-env-generator: do nothing when PATH is unset
- interfaces/modem-manager: allow access to more USB strings
* New upstream release, LP: #1786438
- packaging/fedora: Merge changes from Fedora Dist-Git
- snapcraft: do not use --diry in mkversion.sh
- cmd: add systemd environment generator
- snap-confine: map /var/lib/extrausers into snaps mount-namespace
- tests: cherry-pick test fixes from master for 2.35
- systemd: do not run "snapd.snap-repair.service.in on firstboot
bootstrap
- interfaces: retain order of inserted security backends
- selftest: detect if apparmor is unusable and error
* New upstream release, LP: #1786438
- snapstate: add support for gadget tracks in model assertion
- image: add support for "gadget=track"
- asserts: add support for gadget tracks in the model assertion
- interfaces: add new "sysfs-name" to i2c interfaces code
- overlord: handle sigterm during shutdown better
- wayland: add extra sockets that are used by older toolkits
- snap: fix advice json
- tests: fix autopkgtest failures in cosmic
- store: backward compatible instance-key handling for non-instance
snaps
- snapstate: ensure normal snaps wait for the "snapd" snap on
refresh
- interfaces: add cpu-control for setting CPU tunables
- debian: add missing breaks on comisc
- overlord/devicestate: DTRT w/a snap proxy to reach a serial vault
- devicestate: only run device-hook when fully seeded
- seccomp: conditionally add socketcall() based on system and base
- interfaces/builtin: addtl network-manager resolved DBus fix
- hookstate: simplify some hook tests
- udev: skip TestParseUdevEvent on ppc
- interfaces: miscellaneous policy updates
- debian: add tzdata to build-dep to ensure snapd builds correctly
- interfaces/builtin: network-manager resolved DBus changes
- tests: add spread test for fedora29 base snap
- cmd/libsnap: treat distributions with VARIANT_ID=snappy as "core"
- dirs: fix SnapMountDir inside a Fedora base snap
- tests: fix snapd-failover for core18 with external backend
- overlord/snapstate: always clean SnapState when doing Get()
- overlod/ifacestate: always use a new SnapState when fetching the
snap state
- overlord/devicestate: have the serial request talk to the proxy if
set
- interfaces/hotplug: udevadm output parser
- tests: New test for daemon-notify interface
- image: ensure "core" is ordered early if base: and core is used
- cmd/snap-confine: snap-device-helper parallel installs support
- tests: enable interfaces-framebuffer everywhere
- tests: reduce nc wait time from 2 to 1 second
- snap/snapenv: add snap instance specific variables
- cmd/snap-confine: add minimal test for snap-device-helper
- tests: enable snapctl test on core18
- overlord: added UDevMonitor for future hotplug support
- wrappers: do not glob when removing desktop files
- tests: add dbus monitor log to interfaces-accounts-service
- tests: add core-18 systems to external backend
- wrappers: account for changed app wrapper in parallel installed
snaps
- wrappers: make sure that the tests pass on non-Ubuntu too
- many: add snapd snap failure handling
- tests: new test for dvb interface
- configstate: accept refresh.timer=managed
- tests: new test for snap logs command
- wrapper: generate all the snapd unit files when generating
wrappers
- store: keep all files with link-count > 1 in the cache
- store: be less verbose in the common refresh case of "no updates"
- snap-confine: update snappy-app-dev path
- debian: ensure dependency on fixed apt on 18.04
- snapd: add initial software watchdog for snapd
- daemon, systemd: change journalctl -n=all to --no-tail
- systemd: fix snapd.apparmor.service.in dependencies
- snapstate: refuse to remove bases or core if snaps need them
- snap: introduce package-level helpers for building snap related
directory/file paths
- overlord/devicestate: deny parallel install of kernel or gadget
snaps
- store: clean up parallel-install TODOs in store tests
- timeutil: fix first weekday of the month schedule
- interfaces: match all possible tty but console
- tests: shellchecks part 5
- cmd/snap-confine: allow ptrace read for 4.18 kernels
- advise: make the bolt database do the atomic rename dance
- tests/main/apt-hooks: debug dump of commands.db
- tests/lib/prepare-restore: update Arch Linux kernel LOCALVERSION
handling
- snap: validate instance name as part of Validate()
- daemon: if a snap is inactive, don't ask systemd about its
services.
- udev: skip TestParseUdevEvent on s390x
- tests: switch core-amd64-18 to use `kernel: pc-kernel=18`
- asserts,image: add support for new kernel=track syntax
- tests: new gce image for fedora 27
- interfaces/apparmor: use the cache in mtime-resilient way
- store, overlord/snapstate: introduce instance name in store APIs
- tests: drive-by cleanup of redudant pkgname matching
- tests: ensure apt-hook is only run after catalog update ran
- tests: use pkill instead of kilall
- tests/main: another bunch of updates for Amazon Linux 2
- tests/lib/snaps: avoid using relative command paths that go up in
the directory tree
- tests: disable/fix more tests for Amazon Linux 2
- overlord: introduce InstanceKey to SnapState and SnapSetup,
renames
- daemon: make sure most change generating handlers can produce
errors with kinds
- tests/main/interfaces-calendar-service: skip the test on AMZN2
- tests/lib/snaps: avoid using relative command paths that go up in
the directory tree
- cmd/snap: add a green check mark to verified publishers
- cmd/snap: fix two issues in the cmd/snap unit tests
- packaging/fedora: fix target path of /snap symlink
- cmd/snap: support `--last=<type>?` to mean "no error on empty"
- cmd/snap-confine: (nvidia) pick up libnvidia-glvkspirv.so
- strutil: detect and bail out of Unmarshal on duplicate key
- packaging/fedora(amzn2): disable SELinux, drop dependency on
squashfuse for AMZN2
- spread, tests: add support for Amazon Linux 2
- packaging/fedora: Add Amazon Linux 2 support
- many: make Wait/Stop optional on StateManagers
- snap/squashfs: stop printing unsquashfs info to stderr
- snap: add support for `snap advise-snap --from-apt`
- overlord/ifacestate: ignore connect if already connected
- tests: change the service snap used instead of network-bind-
consumer
- interfaces/network-control: update for wpa-supplicant and ifupdown
- tests: fix raciness in stop mode tests
- logger: try to not have double dates
- debian: use deb-systemd-invoke instead of systemctl directly
- tests: run all main tests on core18
- many: finish sharing a single TaskRunner with all the managers
- interfaces/repo: added AllHotplugInterfaces helper
- snapstate: ensure kernel-track is honored on switch/refresh
- overlord/ifacestate: support implicit slots on snapd
- image: add support for "kernel-track" in `snap prepare-image`
- tests: add test that ensures we do not boot any system in degraded
state
- tests: update tests to work on core18
- cmd/snap: check for typographic dashes in command
- tests: fix tests expecting old email address
- client: add some existing error kinds that were not listed in
client.go
- tests: add missing slots in classic and core provider test snaps
- overlord,daemon,cmd: re-map snap names around the edges of snapd
- tests: use install_local in snap-run-hooks
- coreconfig: add support for `snap set system network.disable-
ipv6`
- overlord/snapstate: dedupe default content providers
- osutil/udev: sync with upstream
- debian: do not ship snapd.apparmor.service on ubuntu
- overlord: have SnapManager use a passed in TaskRunner created by
Overlord
- many: streamline the generic conflict check mechanisms
- tests: remove unneeded setup code in snap-run-symlink
- cmd/snap: print unset license as "unset", instead of "unknown"
- asserts: add (optional) kernel-track to model assertion
- snap/squashfs, tests: pass -n[o-progress] to {mk,un}squashfs
- interfaces/pulseaudio: be clear that the interface allows playback
and record
- snap: support hook environment
- interfaces: fix typo "daemonNotify" (add missing "n")
- interfaces: tweak tests of daemon-notify, use common naming
- interfaces: allow invoking systemd-notify when daemon-notify is
connected
- store: make snap blobs be 0600
- interfaces,daemon: move JSON types to the daemon
- tests: prepare needs to handle bin/snapctl being a symlink
- tests: do not mask errors in interfaces-timezone-control (#5405)
- packaging: put snapctl into /usr/lib/snapd and symlink in usr/bin
- tests: add basic integration test for spread hold
- overlord/snapstate: improve PlugsOnly comment
- many: assorted shellcheck fixes
- store, daemon, client, cmd/snap: expose "scope", default to wide
- snapstate: allow setting "refresh.timer=managed"
- cmd/snap: display a link to data privacy notice for interactive
snap login
- client, cmd/snap: pass snap instance name when installing from
file
- cmd/snap: add 'debug paths' command
- snapstate: make sure all *link-*snap tasks carry a snap type and
further hints
- devicestate: fix race when refreshing a snap with snapd-control
- tests: fix tests on arch
- tests: start active system units on reset
- tests: new test for joystick interface
- tests: moving install of dependencies to pkgdb helper
- tests: enable new fedora image with test dependencies installed
- tests: start using the new opensuse image with test dependencies
- tests: check catalog refresh before and after restart snapd
- tests: stop restarting journald service on prepare
- interfaces: make core-support a no-op interface
- interfaces: prefer "snapd" when resolving implicit connections
- interfaces/hotplug: add hotplug Specification and
HotplugDeviceInfo
- many: lessen the use of core-support
- tests: fixes for the autopkgtest failures in cosmic
- tests: remove extra ' which breaks interfaces-bluetooth-control
test
- dirs: fix antergos typo
- tests: use grep to avoid non-matching messages from MATCH
- dirs: improve distro detection for Antegros
- vendor: switch to latest bson
- interfaces/builtin: create can-bus interface
- tests: "snap connect" is idempotent so just connect
- many: use extra "releases" information on store "revision-not-
found" errors to produce better errors
- interfaces: treat "snapd" snap as type:os
- interfaces: tweak tests to have less repetition of "core" and
"ubuntu
- tests: simplify econnreset test
- snap: add helper for renaming slots
- devicestate: fix panic in firstboot code when no snaps are seeded
- tests: add artful for sru validation on google backend
- snap,interfaces: move interface name validation to snap
- overlord/snapstate: introduce path to fake backend ops
- cmd/snap-confine: fix snaps running on core18
- many: expose publisher's validation throughout the API
* New upstream release, LP: #1779403
- interfaces/apparmor: use the cache in mtime-resilient way
- cmd/snap-confine: (nvidia) pick up libnvidia-glvkspirv.so
- snapstate: allow setting "refresh.timer=managed"
- spread: switch Fedora and openSUSE images
* New upstream release, LP: #1779403
- packaging: fix bogus date in fedora snapd.spec
- tests: fix tests expecting old email address
* New upstream release, LP: #1779403
- tests: cherry-pick test fixes from master for 2.34
- coreconfig: add support for `snap set system network.disable-
ipv6`
- debian: do not ship snapd.apparmor.service on ubuntu
- overlord/snapstate: dedupe default content providers
- interfaces/builtin: create can-bus interface
* New upstream release, LP: #1779403
- store, daemon, client, cmd/snap: expose "scope", default to wide*
- tests: fix arch tests
- snapstate: make sure all *link-*snap tasks carry a snap type and
further hints
- snapstate: allow setting "refresh.timer=managed"
- cmd/snap: display a link to data privacy notice for interactive
snap login
- devicestate: fix race when refreshing a snap with snapd-control
- tests: skip interfaces-framebuffer when no /dev/fb0 is found
- tests: run interfaces-contacts-service only where test-snapd-eds
is available
- many: expose publisher's validation throughout the API
- many: use extra "releases" information on store "revision-not-
found" errors to produce better errors
- dirs: improve distro detection for Antegros
- Revert "dirs: improve identification of Arch Linux like systems"
- devicestate: fix panic in firstboot code when no snaps are seeded
- i18n: use xgettext-go --files-from to avoid running into cmdline
size limits
- interfaces: move ValidateName helper to utils
- snapstate,ifstate: wait for pending restarts before auto-
connecting
- snap: account for parallel installs in wrappers, place info and
tests
- configcore: fix incorrect handling of keys with numbers (like
gpu_mem_512)
- tests: fix tests when no keyboard input detected
- overlord/configstate: add watchdog options
- snap-mgmt: fix for non-existent dbus system policy dir,
shellchecks
- tests/main/snapd-notify: use systemd's service properties rater
than the journal
- snapstate: allow removal of snap.TypeOS when using a model with a
base
- interfaces: make findSnapdPath smarter
- tests: run "arp" tests only if arp is available
- spread: increase the number of auto retries for package downloads
in opensuse
- cmd/snap-confine: fix nvidia support under lxd
- corecfg: added experimental.hotplug feature flag
- image: block installation of parallel snap instances
- interfaces: moved normalize method to interfaces/utils and made it
public
- api/snapctl: allow -h and --help for regular users.
- interfaces/udisks2: also implement implicit classic slot
- cmd/snap-confine: include CUDA runtime libraries
- tests: disable auto-refresh test on core18
- many: switch to account validation: unproven|verified
- overlord/ifacestate: get/set connection state only via helpers
- tests: adding extra check to validate journalctl is showing
current test data
- data: add systemd environment configuration
- i18n: handle write errors in xgettext-go
- snap: helper for validating snap instance names
- snap{/snaptest}: set instance key based on snap name
- userd: fix running unit tests on KDE
- tests/main/econnreset: limit ingress traffic to 512kB/s
- snap: introduce a struct Channel to represent store channels, and
helpers to work with it
- tests: add fedora to distro_clean_package_cache function
- many: rename snap.Info.StoreName() to snap.Info.SnapName()
- tests: add spread test to ensure snapd/core18 are not removable
- tests: tweaks for running the main tests on core18
- overlord/{config,snap}state: introduce experimental.parallel-
instances feature flag
- strutil: support iteration over almost clean paths
- strutil: add PathIterator.Rewind
- tests: update interfaces-timeserver-control to core18
- tests: add halt-timeout to google backend
- tests: skip security-udev-input-subsystem without /dev/input/by-
path
- snap: introduce the instance key field
- packaging/opensuse: remaining packaging updates for 2.33.1
- overlord/snapstate: disallow installing snapd on baseless models
- tests: disable core tests on all core systems (16 and 18)
- dirs: improve identification of Arch Linux like systems
- many: expose full publisher info over the snapd API
- tests: disable core tests on all core systems (16 and 18)
- tests/main/xdg-open: restore or clean up xdg-open
- tests/main/interfaces-firewall-control: shellcheck fix
- snapstate: sort "snapd" first
- systemd: require snapd.socket in snapd.seeded.service; make sure
snapd.seeded
- spread-shellcheck: use the latest shellcheck available from snaps
- tests: use "ss" instead of "netstat" (netstat is not available in
core18)
- data/complete: fix three out of four shellcheck warnings in
data/complete
- packaging/opensuse: fix typo, missing assignment
- tests: initial core18 spread image building
- overlord: introduce a gadget-connect task and use it at first boot
- data/completion: fix inconsistency in +x and shebang
- firstboot: mark essential snaps as "Required" in the state
- spread-shellcheck: use a whitelist of files that are allowed to
fail validation
- packaging/opensuse: build position-independent binaries
- ifacestate: prevent running interface hooks twice when self-
connecting on autoconnect
- data: remove /bin/sh from snapd.sh
- tests: fix shellcheck 0.5.0 warnings
- packaging/opensuse: snap-confine should be 06755
- packaging/opensuse: ship apparmor integration if enabled
- interfaces/udev,misc: only trigger udev events on input subsystem
as needed
- packaging/opensuse: add missing bits for snapd.seeded.service
- packaging/opensuse: don't use %-macros in comments
- tests: shellchecks part 4
- many: rename snap.Info.Name() to snap.Info.InstanceName(), leave
parallel-install TODOs
- store: drop unused: channel map types, and details fixture.
- store: have a basic test about the unmarshalling of /search
results
- tests: show executed tests on current system when a test fails
- tests: fix for the download of the big snap
- interfaces/apparmor: add chopTree
- tests: remove double debug: | entry in tests and add more checks
- cmd/snap-update-ns: introduce mimicRequired helper
- interfaces: move assertions around for better failure line number
- store: log a nice clear "download succeeded" message
- snap: run snap-confine from the re-exec location
- snapstate: support restarting snapd from the snapd snap on core18
- tests: show status of the partial test-snapd-huge snap in
econnreset test
- tests: fix interfaces-calendar-service test when gvfsd-metadata
loks the xdg dirctory
- store: switch store.SnapInfo to use the new v2/info endpoint
- interfaces: add Repository.AllInterfaces
- snapstate: stop using evolving SnapSpec internally, use an
internal-only snapSpec instead
- cmd/libsnap-confine-private: introduce a helper for splitting snap
name
- tests: econnreset/retry tweaks
- store, et al: kill dead code that uses the bulk endpoint
- tests/lib/prepare-restore: fix upgrade/reboot handling on arch
- cmd/snap-update-ns,strutil: move PathIterator to strutil, add
Depth helper
- data/systemd/snapd.run-from-snap: ensure snapd tooling is
available
- store: switch connectivity check to use v2/info
- devicestate: support seeding from a base snap instead of core
- snapstate,ifacestate: remove core-phase-2 handling
- interfaces/docker-support: update for docker 18.05
- tests: enable fedora 28 again
- overlord/ifacestate: simplify checkConnectConflicts and also
connect signature
- snap: parse connect instructions in gadget.yaml
- tests: fix snapd-repair.timer on ubuntu-core-snapd-run- from-snap
test
- interfaces/apparmor: allow killing snap-update-ns
- tests: skip "try" test on s390x
- store, image: have 'snap download' use v2/refresh action=download
- interfaces/policy: test that base policy can be parsed
- tests: publish test-snapd-appstreamid for any architecture
- snap: don't include newline in hook environment
- cmd/snap-update-ns: use RCall with SyscallsEqual
- cmd/snap-update-ns: add IsSnapdCreatedPrivateTmpfs and tests
- tests: skip security-dev-input-event-denied on s390x/arm64
- interfaces: add the dvb interface
- daemon: paging is not a thing.
- cmd/snap-mgmt: remove system key on purge
- testutil: syscall sequence checker
- cmd/snap-update-ns: fix a leaking file descriptor in MkSymlink
- packaging: use official bolt in the errtracker on fedora
- many: add `snap debug connectivity` command* many: add `snap debug
connectivity` command
- configstate: deny configuration of base snaps and for the "snapd"
snap
- interfaces/raw-usb: also allow usb serial devices
- snap: reject more layout locations
- errtracker: do not send duplicated reports
- httputil: extra debug if an error is not retried
- cmd/snap-update-ns: improve wording in many errors
- cmd/snap: use snaptest.MockSnapCurrent in `snap run` tests
- cmd/snap-update-ns: add helper for checking for read-only
filesystems
- interfaces/builtin/docker: use commonInterface over specific
struct
- testutil: add test support for Fstatfs
- cmd/snap-update-ns: discard the concept of segments
- cmd/libsnap-confine-private: helper for extracting store snap name
from local-name
- tests: fix flaky test for hooks undo
- interfaces: add {contacts,calendar}-service interfaces
- tests: retry 'restarting into..' match in the snap-confine-from-
core test
- systemd: adjust TestWriteMountUnitForDirs() to use
squashfs.MockUseFuse(false)
- data: add helper that can generate/start/stop the snapd service
- sefltest: advise reboot into 4.4 on trusty running 3.13
- selftest: add new selftest package that tests squashfs mounting
- store, jsonutil: move store.getStructFields to
jsonutil.StructFields
- ifacestate: improved conflict and error handling when creating
autoconnect tasks
- cmd/snap-confine: applied make fmt
- interfaces/udev: call 'udevadm settle --timeout=10' after
triggering events
- tests: wait more time until snap start to be downloaded on
econnreset test
- snapstate: ensure fakestore returns TypeOS for the core snap
- tests: fix lxd test which hangs on restore
- cmd/snap-update-ns: add PathIterator
- asserts,image: add support for models with bases
- tests: shellchecks part 3
- overlord/hookstate: support undo for hooks
- interfaces/tpm: Allow access to the kernel resource manager
- tests: skip appstream-id test for core systems 32 bits
- interfaces/home: remove redundant common interface assignment
- tests: reprioritise a few tests that are known to be slow
- cmd/snap: small help tweaks and fixes
- tests: add test to ensure /dev/input/event* for non-joysticks is
denied
- spread-shellcheck: silly fix & pep8
- spread: switch fedora 28 to manual
- client,cmd/snap,daemon,tests: expose base of a snap over API, show
it in snap info --verbose
- tests: fix lxd test - --auto now sets up networking
- tests: adding fedora-28 to spread.yaml
- interfaces: add juju-client-observe interface
- client, daemon: add a "mounted-from" entry to local snaps' JSON
- image: set model.DisplayName() in bootenv as "snap_menuentry"
- packaging/opensuse: Refactor packaging to support all openSUSE
targets
- interfaces/joystick: force use of the device cgroup with joystick
interface
- interfaces/hardware-observe: allow access to /etc/sensors* for
libsensors
- interfaces: remove Plug/Slot types
- interface hooks: update old AutoConnect methods
- snapcraft: run with DEB_BUILD_OPTIONS=nocheck
- overlord/{config,snap}state: the number of inactive revisions is
config
- cmd/snap: check with snapd for unknown sections
- tests: moving test helpers from sh to bash
- data/systemd: add snapd.apparmor.service
- many: expose AppStream IDs (AKA common ID)
- many: hold refresh when on metered connections
- interfaces/joystick: also support modern evdev joysticks and
gamepads
- xdgopenproxy: skip TestOpenUnreadableFile when run as root
- snapcraft: use dpkg-buildpackage options that work in xenial
- spread: openSUSE LEAP 42.2 was EOLd in January, remove it
- get-deps: work with an unset GOPATH too
- interfaces/apparmor: use strict template on openSUSE tumbleweed
- packaging: filter out verbose flags from "dh-golang"
- packaging: fix description
- snapcraft.yaml: add minimal snapcraft.yaml with custom build
* New upstream release, LP: #1773118
- many: improve udev trigger on refresh experience
- systemd: require snapd.socket in snapd.seeded.service
- snap: don't include newline in hook environment
- interfaces/apparmor: allow killing snap-update-ns
- tests: skip "try" test on s390x
- tests: skip security-dev-input-event-denied when /dev/input/by-
path/ is missing
- tests: skip security-dev-input-event-denied on s390x/arm64
* New upstream release, LP: #1773118
- packaging: use official bolt in the errtracker on fedora
- many: add `snap debug connectivity` command
- interfaces/raw-usb: also allow usb serial devices
- errtracker: do not send duplicated reports
- selftest: add new selftest package that tests squashfs mounting
- tests: backport lxd force stop and econnreset fixes
- tests: add test to ensure /dev/input/event* for non-joysticks is
denied
- interfaces/joystick: support modern evdev joysticks
- interfaces: add juju-client-observe
- interfaces/hardware-observe: allow access to /etc/sensors* for
libsensors
- many: holding refresh on metered connections
- many: expose AppStream IDs (AKA common ID)
- tests: speed up save/restore snapd state for all-snap systems
during tests execution
- interfaces/apparmor: use helper to load stray profile
- tests: ubuntu core abstraction
- overlord/snapstate:don't panic in a corner case interaction of
cleanup tasks and pruning
- interfaces/apparmor: add 'mediate_deleted' profile flag for all
snaps
- tests: new parameter for the journalctl rate limit
- spread-shellcheck: port to python
- interfaces/home: add 'read' attribute to allow non-owner read to
@{HOME}
- testutil: import check.v1 differently to workaround gccgo error
- interfaces/many: miscellaneous updates for default, desktop,
desktop-legacy, system-observe, hardware-observe, opengl and gpg-
keys
- snapstate/hooks: reorder autoconnect and reconnect hooks
- daemon: update unit tests to match current master
- overlord/snapshotstate/backend: introducing the snapshot backend
- many: support 'system' nickname in interfaces
- userd: add the "snap" scheme to the whitelist
- many: make rebooting of core on refresh immediate, refactor logic
around it
- tests/main/snap-service-timer: account for service timer being in
the 'running' state
- interfaces/builtin: allow access to libGLESv* too for opengl
interface
- daemon: fix unit tests on arch
- interfaces/default,process-control: miscellaneous signal policy
fixes
- interfaces/bulitin: add write permission to optical-drive
- configstate: validate known core.* options
- snap, wrappers: systemd WatchdogSec support
- ifacestate: do not auto-connect manually disconnected interfaces
- systemd: mock useFuse() so testsuite passes in container via lxd
snap
- snap/env: fix env duplication logic
- snap: some doc comments fixes and additions
- cmd/snap-confine, interfaces/opengl: allow access to glvnd EGL
vendor files
- ifacestate: unify reconnect and autoconnect methods
- tests: fix user mounts test for external systems
- overlord/snapstate,overlord/auth,store: coalesce no auth user
refresh requests
- boot,partition: improve tests/docs around SetNextBoot()
- many: improve `snap wait` command
- snap: fix `snap interface --attrs` output when numbers are used
- cmd/snap-update-ns: poke holes when creating source paths for
layouts
- snapstate: support getting new bases/default-providers on refresh
- ifacemgr: remove stale connections on startup
- asserts: use Attrer in policy checks
- testutil: record system call errors / return values
- tests: increase timeouts to make tests reliable on slow boards
- repo: pass and return ConnRef via pointers
- interfaces: add xdg-document-portal support to desktop interface
- debian: add a zenity|kdialog suggests
- snapstate: make TestDoPrereqRetryWhenBaseInFlight less brittle
- tests: go must be installed as a classic snap
- tests: use journalctl cursors instead rotating logs
- daemon: add confinement-options to /v2/system-info
daemon: refactor classic support flag to be more structured
- tests: build spread in the autopkgtests with a more recent go
- cmd/snap: fix the message when snap.channel != snap.tracking
- overlord/snapstate: allow core defaults configuration via 'system'
key
- many: add "snap debug sandbox-features" and needed bits
- interfaces: interface hooks for refresh
- snapd.core-fixup.sh: add workaround for corrupted uboot.env
- boot: clear "snap_mode" when needed
- many: add wait command and `snapd.seeded` service
- interfaces: move host font update-ns AppArmor rules to desktop
interface
- jsonutil/safejson: introducing safejson.String &
safejson.Paragraph
- cmd/snap-update-ns: use Secure.BindMount to bind mount files
- cmd/snap-update-ns,tests: mimic the mode and ownership of
directories
- cmd/snap-update-ns: add support for ignoring mounts with missing
source/target
- interfaces: interface hooks implementation
- cmd/libsnap: fix compile error on more restrictive gcc
cmd/libsnap: fix compilation errors on gcc 8
- interfaces/apparmor: allow bash and dash to be in /usr/bin/
- cmd/snap-confine: allow any base snap to provide /etc/alternatives
- tests: fix interfaces-network test for systems with partial
confinement
- spread.yaml: add cosmic (18.10) to autopkgtest/qemu
- tests: ubuntu 18.04 or higher does not need linux-image-extra-
- configcore: validate experimental.layouts option
- interfaces:minor autoconnect cleanup
- HACKING: fix typos
- spread: add adt for ubuntu 18.10
- tests: skip test lp-1721518 for arch, snapd is failing to start
after reboot
- interfaces/x11: allow X11 slot implementations
- tests: checking interfaces declaring the specific interface
- snap: improve error for snaps not available in the given context
- cmdstate: add missing test for default timeout handling
- tests: shellcheck spread tasks
- cmd/snap: update install/refresh help vs --revision
- cmd/snap-confine: add support for per-user mounts
- snap: do not use overly short timeout in `snap
{start,stop,restart}`
- tests: adding google-sru backend replacing linode-sur
- interfaces/apparmor: fix incorrect apparmor profile glob
- systemd: replace ancient paths with 16.04+ standards
- overlord,systemd: store snap revision in mount units
- testutil: add test helper for SysLstat
- testutil,cmd: rename test helper of Lstat to OsLstat
- testutil: document all fake syscall/os functions
- osutil,interfaces,cmd: use less hardcoded strings
- testutil: rename UNMOUNT_NOFOLLOW to umountNoFollow
- testutil: don't dot-import check.v1
- store: getStructFields takes pointers now
- tests: drop `linux-image-extra-$(uname -r)` install in 18.04
- many: fix false negatives reported by vet
- osutil,interfaces: use uint32 for uid, gid
- many: fix various issues reported by shellcheck
- tests: add pending shutdown detection
- image: support refreshing soft-expired user macaroons in tooling
- interfaces/builtin, daemon: cleanup mocked builtin interfaces in
daemon tests
- interfaces/builtin: add support for software-watchdog interface
- spread: auto accept key changes when calling dnf
- snap,overlord/snapstate: introduce and use BrokenSnapError
- tests: detect kernel oops during tests and abort tests in this
case
- tests: bring back one missing test in snap-service-stop-mode
- debian: update LP bug for the 2.32.5 SRU
- userd: set up journal logging streams for autostarted apps
- snap,tests : don't fail if we cannot stat MountFile
- tests: smaller fixes for Arch tests
- tests: run interfaces-broadcom-asic-control early
- client: support for snapshot sets, snapshots, and snapshot actions
- tests: skip interfaces-content test on core devices
- cmd: generalize locking to global, snap and per-user locks
- release-tools: handle the snapd-x.y.z version
- packaging: fix incorrectly auto-generated changelog entry for
2.32.5
- tests: add arch to CI
- systemd: add helper for opening stream file descriptors to the
journal
- cmd/snap: handle distros with no version ID
- many: add "stop-mode: sig{term,hup,usr[12]}{,-all}" instead of
conflating that with refresh-mode
- tests: removing linode-sru backend
- tests: updating bionic version for spread tests on google
- overlord/snapstate: poll for up to 10s if a snap is unexpectedly
not mounted in doMountSnap
- overlord/snapstate: allow to get an error from readInfo instead of
a broken stub, use it in doMountSnap
- snap: snap.AppInfo is now a fmt.Stringer
- tests: move fedora 27 to google backend
- many: add `core.problem-reports.disabled` option
- cmd/snap-update-ns: remove the need for stash directory in secure
bind mount implementation
- errtracker: check for whoopsie.service instead of reading
/etc/whoopsie
- cmd/snap: user session application autostart v3
- tests: add test to ensure `snap refresh --amend` works with
different channels
- tests: add check for OOM error after each test
- cmd/snap-seccomp: graceful handling of non-multilib host
- interfaces/shutdown: allow calling SetWallMessage
- cmd/snap-update-ns: add secure bind mount implementation for use
with user mounts
- snap: fix `snap advise-snap --command` output to match spec
- overlord/snapstate: on multi-snap refresh make sure bases and core
are finished before dependent snaps
- overlord/snapstate: introduce envvars to control the channels for
based and prereqs
- cmd/snap-confine: ignore missing cgroups in snap-device-helper
- debian: add gbp.conf script to build snapd via `gbp buildpackage`
- daemon,overlord/hookstate: stop/wait for running hooks before
closing the snapctl socket
- advisor: use json for package database
- interfaces/hostname-control: allow setting the hostname via
syscall and systemd
- tests/main/interfaces-opengl-nvidia: verify access to 32bit
libraries
- interfaces: misc updates for default, firewall-control, fuse-
support and process-control
- data/selinux: Give snapd access to more aspects of the system
- many: use the new install/refresh API by switching snapstate to
use store.SnapAction
- errtracker: make TestJournalErrorSilentError work on gccgo
- ifacestate: add to the repo also snaps that are pending being
activated but have a done setup-profiles
- snapstate, ifacestate: inject auto-connect tasks try 2
- cmd/snap-confine: allow creating missing gl32, gl, vulkan dirs
- errtracker: add more fields to aid debugging
- interfaces: make system-key more robust against invalid fstab
entries
- overlord,interfaces: be more vocal about broken snaps and read
errors
- ifacestate: injectTasks helper
- osutil: fix fstab parser to allow for # in field values
- cmd/snap-mgmt: remove timers, udev rules, dbus policy files
- release-tools: add repack-debian-tarball.sh
- daemon,client: add build-id to /v2/system-info
- cmd: make fmt (indent 2.2.11)
- interfaces/content: add rule so slot can access writable files at
plug's mountpoint
- interfaces: add /var/lib/snapd/snap to @{INSTALL_DIR}
- ifacestate: don't surface errors from stale connections
- cmd/snap-update-ns: convert Secure* family of functions into
methods
- tests: adjust canonical-livepatch test on GCE
- tests: fix quoting issues in econnreset test
- cmd/snap-confine: make /run/media an alias of /media
- cmd/snap-update-ns: rename i to segNum
- interfaces/serial: change pattern not to exclude /dev/ttymxc*
- spread: disable StartLimitInterval option on opensuse-42.3
- configstate: give a chance to immediately recompute the next
refresh time when schedules are set
- cmd/snap-confine: attempt to detect if multiarch host uses
arch triplets
- store: add Store.SnapAction to support the new install/refresh API
endpoint
- tests: adding test for removable-media interface
- tests: update interface tests to remove extra checks and normalize
tests
- timeutil: in Human, count days with fingers
- vendor: update gopkg.in/yaml.v2 to the latest version
- cmd/snap-confine: fix Archlinux compatibility
- cmd/snapd: make sure signal handlers are established during early
daemon startup
- cmd/snap-confine: apparmor: allow creating prefix path for
gl/vulkan
- osutil: use tilde suffix for temporary files used for atomic
replacement
- tests: copy or sanity check core users using usernames
- tests: disentangle etc vs extrausers in core tests
- tests: fix snap-run tests when snapd is not running
- overlord/configstate: change how ssh is stopped/started
- snap: make `snap run` look at the system-key for security profiles
- strutil, cmd/snap: drop strutil.WordWrap, first pass at
replacement
- tests: adding opensuse-42.3 to google
- cmd/snap: fix one issue with noWait error handling logic, add
tests plus other cleanups
- cmd/snap-confine: nvidia: preserve globbed file prefix
- advisor: add comment why osutil.FileExists(dirs.SnapCommandsDB) is
needed
- interfaces,release: probe seccomp features lazily
- tests: change debug for layout test
- advisor: deal with missing commands.db file
- interfaces/apparmor: simplify UpdateNS internals
- polkit: Pass caller uid to PolicyKit authority
- tests: moving debian 9 from linode to google backend
- cmd/snap-confine: nvidia: add tls/libnvidia-tls.so* glob
- po: specify charset in po/snappy.pot
- interfaces: harden snap-update-ns profile
- snap: Call SanitizePlugsSlots from InfoFromSnapYaml
- tests: update tests to deal with s390x quirks
- debian: run snap.mount upgrade fixup *before* debhelper
- tests: move xenial i386 to google backend
- snapstate: add compat mode for default-provider
- tests: a bunch of test fixes for s390x from looking at the
autopkgtest logs
- packaging: recommend "gnupg" instead of "gnupg1 | gnupg"
- interfaces/builtin: let MM change qmi device attributes
- tests: add workaround for s390x failure
- snap/pack, cmd/snap: add `snap pack --check-skeleton`
- daemon: support 'system' as nickname of the core snap
- cmd/snap-update-ns: use x-snapd.{synthetic,needed-by} in practice
- devicestate: add DeviceManager.Registered returning a channel
closed when the device is known to be registered
- store: Sections and WriteCatalogs need to strictly send device
auth only if the device has a custom store
- tests: add bionic system to google backend
- many: fix shellcheck warnings in bionic
- cmd/snap-update-ns: don't fail on existing symlinks
- tests: make autopkgtest tests more targeted
- cmd/snap-update-ns: fix creation of layout symlinks
- spread,tests: move suite-level prepare/restore to central script
- many: propagate contexts enough to be able to mark store
operations done from the Ensure loop
- snap: don't create empty Change with "Hold" state on disconnect
- snap: unify snap name validation w/python; enforce length limit.
- cmd/snap: use shlex when parsing `snap run --strace` arguments
- osutil,testutil: add symlinkat(2) and readlinkat(2)
- tests: autopkgtest may have non edge core too
- tests: adding checks before stopping snapd service to avoid job
canceled on ubuntu 14.04
- errtracker: respect the /etc/whoopsie configuration
- overlord/snapstate: hold refreshes for 2h after seeding on
classic
- cmd/snap: tweak and polish help strings
- snapstate: put layout feature behind feature flag
- tests: force profile re-generation via system-key
- snap/squashfs: when installing from seed, try symlink before cp
- wrappers: services which are socket or timer activated should not
be started during boot
- many: go vet cleanups
- tests: define MATCH from spread
- packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
fix
- cmd/snap: use timeutil.Human to show times in `snap refresh
--time`
- cmd/snap: in changes and tasks, default to human-friendly times
- many: support holding refreshes by setting refresh.hold
- Revert "cmd/snap: use timeutil.Human to show times in `snap
refresh --time`"
- cmd/snap: use timeutil.Human to show times in `snap refresh
--time`
- tests/main/snap-service-refresh-mode: refactor the test to rely on
comparing PIDs
- tests/main/media-sharing: improve the test to cover /media and
/run/media
- store: enable deltas for core devices too
- cmd/snap: unhide --no-wait; make wait use go via waitMixin
- strutil/shlex: import github.com/google/shlex into the tree
- vendor: update github.com/mvo5/libseccomp-golang
- overlord/snapstate: block install of "system"
- cmd/snap: "current""installed"; "refreshed""refresh-date"
- many: add the snapd-generator
- cmd/snap-seccomp: Cancel the atomic file on error, not just Close
- polkit: ensure error is properly set if dialog is dismissed
- snap-confine, snap-seccomp: utilize new seccomp logging features
- progress: tweak ansimeter cvvis use to no longer confuse minicom
- xdgopenproxy: integrate xdg-open implementation into snapctl
- tests: avoid removing preinstalled snaps on core
- tests: chroot into core to run xdg-open there
- userd: add an OpenFile method for launching local files with xdg-
open
- tests: moving ubuntu core from linode to google backend
- run-checks: remove accidental bashism
- i18n: simplify NG usage by doing the modulo math in-package.
- snap/squashfs: set timezone when calling unsquashfs to get the
build date
- timeutil: timeutil.Human(t) gives a human-friendly string for t
- snap: add autostart app property
- tests: add support for external backend executions on listing test
- tests: make interface-broadcom-asic-control test work on rpi
- configstate: when disable "ssh" we must disable the "sshd" service
- interfaces/apparmor,system-key: add upperdir snippets for strict
snaps on livecd
- snap/squashfs: add BuildDate
- store: parse the JSON format used by the coming new store API to
convey snap information
- many: remove snapd.refresh.{timer,service}
- tests: adding ubuntu-14.04-64 to the google backend
- interfaces: add xdg-desktop-portal support to desktop interface
- packaging/arch: sync with snapd/snapd-git from AUR
- wrappers, tests/main/snap-service-timer: restore missing commit,
add spread test for timer services
- store: don't ask for snap_yaml_raw except on the details endpoint
- many: generate and use per-snap snap-update-ns profile
- tests: add debug for layout test
- wrappers: detect whether systemd-analyze can be used in unit tests
- osutil: allow creating strings out of MountInfoEntry
- servicestate: use systemctl enable+start and disable+stop instead
of --now flag
- osutil: handle file being matched by multiple patterns
- daemon, snap: fix InstallDate, make a method of *snap.Info
- wrappers: timer services
- wrappers: generator for systemd OnCalendar schedules
- asserts: fix flaky storeSuite.TestCheckAuthority
- tests: fix dependency for ubuntu artful
- spread: start moving towards google backend
- tests: add a spread test for layouts
- ifacestate: be consistent passing Retry.After as named field
- cmd/snap-update-ns: use recursive bind mounts for writable mimic
- testutil: allow mocking syscall.Fstat
- overlord/snapstate: verify that default schedule is randomized and
is not a single time
- many: simplify mocking of home-on-NFS
- cmd/snap-update-ns: use syscall.Symlink instead of os.Symlink
- store: move infoFromRemote into details.go close to snapDetails
- userd/tests: Test kdialog calls and mock kdialog too to make tests
work in KDE
- cmd/snap: tweaks to 'snap info' (feat. installed->current rename)
- cmd/snap: add self-strace to `snap run`
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- update-pot: Force xgettext() to return true
- store: cleanup test naming, dropping remoteRepo and
UbuntuStore(Repository)? references
- store: reorg auth refresh
* New upstream release, LP: #1767833
- tests: run all spread tests inside GCE
- tests: build spread in the autopkgtests with a more recent go
* New upstream release, LP: #1767833
- snapd.core-fixup.sh: fix workaround for corrupted uboot.env
and add tests
* New upstream release, LP: #1767833
- many: add wait command and seeded target (2
- snapd.core-fixup.sh: add workaround for corrupted uboot.env
- boot: clear "snap_mode" when needed
- cmd/libsnap: fix compile error on more restrictive gcc
- tests: cherry-pick commits to move spread to google backend
- spread.yaml: add cosmic (18.10) to autopkgtest/qemu
- userd: set up journal logging streams for autostarted apps
* New upstream release, LP: #1767833
- snap: do not use overly short timeout in `snap
{start,stop,restart}`
- interfaces/apparmor: fix incorrect apparmor profile glob
- tests: detect kernel oops during tests and abort tests in this
case
- tests: run interfaces-boradcom-asic-control early
- tests: skip interfaces-content test on core devices
* New upstream release, LP: #1765090
- many: add "stop-mode: sig{term,hup,usr[12]}{,-all}" instead of
conflating that with refresh-mode
- overlord/snapstate: poll for up to 10s if a snap is unexpectedly
not mounted in doMountSnap
- daemon: support 'system' as nickname of the core snap
* New upstream release, LP: #1756173
- cmd/snap: user session application autostart
- overlord/snapstate: introduce envvars to control the channels for
bases and prereqs
- overlord/snapstate: on multi-snap refresh make sure bases and core
are finished before dependent snaps
- many: use the new install/refresh /v2/snaps/refresh store API
* New upstream release, LP: #1756173
- errtracker: make TestJournalErrorSilentError work on
gccgo
- errtracker: check for whoopsie.service instead of reading
/etc/whoopsie
* New upstream release, LP: #1756173
- debian: add gbp.conf script to build snapd via `gbp
buildpackage`
- tests: add check for OOM error after each test
- cmd/snap-seccomp: graceful handling of non-multilib host
- interfaces/shutdown: allow calling SetWallMessage
- data/selinux: Give snapd access to more aspects of the system
- daemon,overlord/hookstate: stop/wait for running hooks before
closing the snapctl socket
- cmd/snap-confine: ignore missing cgroups in snap-device-helper
- interfaces: misc updates for default, firewall-control, fuse-
support and process-control
- overlord: test fix, address corner case
* New upstream release, LP: #1756173
- ifacestate: add to the repo also snaps that are pending being
activated but have a done setup-profiles
- snapstate: inject autoconnect tasks in doLinkSnap for regular
snaps
- cmd/snap-confine: allow creating missing gl32, gl, vulkan dirs
- errtracker: add more fields to aid debugging
- interfaces: make system-key more robust against invalid fstab
entries
- cmd/snap-mgmt: remove timers, udev rules, dbus policy files
- overlord,interfaces: be more vocal about broken snaps and read
errors
- osutil: fix fstab parser to allow for # in field values
* New upstream release, LP: #1756173
- interfaces/content: add rule so slot can access writable files at
plug's mountpoint
- tests: adjust canonical-livepatch test on GCE
- interfaces/serial: change pattern not to exclude /dev/ttymxc
- spread.yaml: switch Fedora 27 tests to manual
- store: Sections and WriteCatalogs need to strictly send device
auth only if the device has a custom store
- configstate: give a chance to immediately recompute the next
refresh time when schedules are set
- cmd/snap-confine: attempt to detect if multiarch host uses arch
triplets
- vendor: update gopkg.in/yaml.v2 to the latest version (#4945)
* New upstream release, LP: #1756173
- cmd/snapd: make sure signal handlers are established during early
daemon startup
- osutil: use tilde suffix for temporary files used for atomic
replacement
- cmd/snap-confine: apparmor: allow creating prefix path for
gl/vulkan
- tests: disentangle etc vs extrausers in core tests
- packaging: fix changelogs' typo
* New upstream release, LP: #1756173
- snap: make `snap run` look at the system-key for security profiles
- overlord/configstate: change how ssh is stopped/started
- cmd/snap-confine: nvidia: preserve globbed file prefix
- advisor: deal with missing commands.db file
- interfaces,release: probe seccomp features lazily
- interfaces: harden snap-update-ns profile
- polkit: Pass caller uid to PolicyKit authority
- tests: change debug for layout test
- cmd/snap-confine: don't use per-snap s-u-n profile
- many: backported fixes for layouts and symlinks
- cmd/snap-confine: nvidia: add tls/libnvidia-tls.so* glob
- cmd/snap-update-ns: use x-snapd.{synthetic,needed-by} in practice
- snap: Call SanitizePlugsSlots from InfoFromSnapYaml
- cmd/snap-confine: fix ptrace rule with snap-confine peer
- tests: update tests to deal with s390x quirks
- snapstate: add compat mode for default-provider"snapname:ifname"
- snap-confine: fallback to /lib/udev/snappy-app-dev if the core is
older
- tests: a bunch of test fixes for s390x from looking at the
autopkgtest logs
- packaging: recommend "gnupg" instead of "gnupg1 | gnupg"
- interfaces/builtin: let MM change qmi device attributes
- debian: undo snap.mount system unit removal
- snap: don't create empty Change with "Hold" state on disconnect
- tests: add workaround for s390x failure
- tests: make autopkgtest tests more targeted
- many: propagate contexts enough to be able to mark store
operations done from the Ensure loop
- store: cleanup test naming, dropping remoteRepo and
UbuntuStore(Repository)? references
- store: reorg auth refresh
- tests: autopkgtest may have non edge core too
- data: translate polkit strings
- snapstate: put layout feature behind feature flag
- errtracker: respect the /etc/whoopsie configuration
- overlord/snapstate: hold refreshes for 2h after seeding on classic
- many: cherry-pick relevant `go vet` 1.10 fixes to 2.32
- snap/squashfs: when installing from seed, try symlink before cp
- wrappers: services which are socket or timer activated should not
be started during boot
- many: generate and use per-snap snap-update-ns profile
- many: support holding refreshes by setting refresh.hold
- snap-confine, snap-seccomp: utilize new seccomp logging features
- many: remove snapd.refresh.{timer,service}
- many: add the snapd-generator
- polkit: do not shadow dbus errors, avoid panic in case of errors
- polkit: ensure error is properly set if dialog is dismissed
- xdgopenproxy: integrate xdg-open implementation into snapctl
- userd: add an OpenFile method for launching local files with xdg-
open
- asserts: use a timestamp for the assertion after the signing key
has been created
- ifacestate: be consistent passing Retry.After as named field
- interfaces/apparmor,system-key: add upperdir snippets for strict
snaps on livecd
interfaces/apparmor,system-key: add upperdir snippets for strict
snaps
- configstate: when disable "ssh" we must disable the "sshd"
service
- store: don't ask for snap_yaml_raw except on the details endpoint
- osutil: handle file being matched by multiple patterns
- cmd/snap-update-ns: use recursive bind mounts for writable mimic
- cmd/snap-update-ns: use syscall.Symlink instead of os.Symlink
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- interfaces/network-status: fix use of '/' in interface in DBus
rule
- interfaces/screen-inhibit-control: fix use of '.' in path in DBus
rule
- overlord/snapstate: fix task iteration order in
TestDoPrereqRetryWhenBaseInFlight
- interfaces: add an interface for gnome-online-accounts D-Bus
service
- snap: pass full timer spec in `snap run --timer`
- cmd/snap: introduce `snap run --timer`
- snapstate: auto install default-providers for content snaps
- hooks/strutil: limit the number of data read from the hooks to
avoid oom
- osutil: aggregate mockable symbols
- tests: make sure snapd is running before attempting to remove
leftover snaps
- timeutil: account for 24h wrap when flattening clock spans
- many: send new Snap-CDN header with none or with cloud instance
placement info as needed
- cmd/snap-update-ns,testutil: move syscall testing helpers
- tests: disable interfaces-location-control on s390x
- tests: new spread test for gpio-memory-control interface
- tests: spread test for broadcom-asic-control interface
- tests: make restore of interfaces-password-manager-service more
robust
- tests/lib/prepare-restore: sync journal before rotating and
vacuuming
- overlord/snapstate: use spread in the default refresh schedule
- tests: fixes for autopkgtest in bionic
- timeutil: introduce helpers for checking it time falls inside the
schedule
- cmd/snap-repair,httputil: set snap-repair User-Agent on requests
- vendor: resync formatting of vendor.json
- snapstate/ifacestate: auto-connect tasks
- cmd/snap: also include tracking channel in list output.
- interfaces/apparmor: use snap revision with surrounding '.' when
replacing in glob
- debian,vendor: import github.com/snapcore/squashfs and use
- many: implement "refresh-mode: {restart,endure,...}" for services
- daemon: make the ast-inspecting test smarter; drop 'exceptions'
- tests: new spread test for kvm interface
- cmd/snap: tweaks to 'snap info' output
- snap: remove underscore from version validator regexp
- testutil: add File{Matches,Equals,Contains} checkers.
- snap: improve the version validator's error messages.
- osutil: refactor EnsureFileState to separate out the comparator
- timeutil: fix scheduling on nth weekday of the month
- cmd/snap-update-ns: small refactor for upcoming per-user mounts
- many: rename snappy-app-dev to snap-device-helper
- systemd: add default target for timers
- interfaces: miscellaneous policy updates for home, opengl, time-
control, network, et al
- cmd/snap: linter cleanups
- interfaces/mount: generate per-user mount profiles
- cmd/snap: use proper help strings for `snap userd --help`
- packaging: provide a compat symlink for snappy-app-dev
- interfaces/time-control,netlink-audit: adjust for util-linux
compiled with libaudit
- tests: adding new test to validate the raw-usb interface
- snap: add support for `snap run --gdb`
- interfaces/builtin: allow MM to access login1
- packaging: fix build on sbuild
- store: revert PR#4532 and do not display displayname
- interfaces/mount: add support for per-user mount entries
- cmd/system-shutdown: move sync to be even more pessimistic
- osutil: reimplement IsMounted with LoadMountInfo
- tests/main/ubuntu-core-services: enable snapd.refresh.timer for
the test
- many: don't allow layout construction to silently fail
- interfaces/apparmor: ensure snap-confine profile for reexec is
current
- interfaces/apparmor: generalize apparmor load and unload helpers
- tests: removing packages which are not needed anymore to generate
random data
- snap: improve `snap run` comments/naming
- snap: allow options for --strace, e.g. `snap run --strace="-tt"`
- tests: fix spread test failures on 18.04
- systemd: update comment on SocketsTarget
- osutil: add and update docstrings
- osutil: parse mount entries without options field
- interfaces: mock away real mountinfo/fstab
- many: move /lib/udev/snappy-app-dev to /usr/lib/snapd/snappy-app-
dev
- overlord/snapstate/backend: perform cleanup if snap setup fails
- tests/lib/prepare: disable snapd.refresh.timer
- daemon: remove redundant UserOK markings from api commands
- snap: introduce timer service data types and validation
- cmd/snap: fix UX of snap services
- daemon: allow `snapctl get` from any uid
- debian, snap: only static link libseccomp in snap-seccomp on
ubuntu
- all: snap versions are now validated
- many: add nfs-home flag to system-key
- snap: disallow layouts in various special directories
- cmd/snap: add help for service commands.
- devicestate: fix autopkgtest failure in
TestDoRequestSerialErrorsOnNoHost
- snap,interfaces: allow using bind-file layouts
- many: move mount code to osutil
- snap: understand directories in layout blacklist
- snap: use custom unsquashfsStderrWriter for unsquashfs error
detection
- tests/main/user-data-handling: get rid of ordering bug
- snap: exclude `gettimeofday` from `snap run --strace`
- tests: check if snapd.socket is active before stoping it
- snap: sort layout elements before validating
- strutil: introducing MatchCounter
- snap: detect unsquashfs write failures
- spread: add missing ubuntu-18.04-arm64 to available autopkgtest
machines
- cmd/snap-confine: allow mounting anywhere, effectively
- daemon: improve ucrednet code for the snap.socket
- release, interfaces: add new release.AppArmorFeatures helper
- snap: apply some golint suggestions
- many: add interfaces.SystemKey() helper
- tests: new snaps to test installs nightly
- tests: skip alsa interface test when the system does not have any
audio devices
- debian/rules: workaround for
https://github.com/golang/go/issues/23721
- interfaces/apparmor: early support for snap-update-ns snippets
- wrappers: cleanup enabled service sockets
- cmd/snap-update-ns: large refactor / update of unit tests
- interfaces/apparmor: remove leaked future layout code
- many: allow constructing layouts (phase 1)
- data/systemd: for debugging/testing use /etc/environment also for
snap-repair runs
- cmd/snap-confine: create lib/{gl,gl32,vulkan} under /var/lib/snapd
and chown as root:root
- overlord/configstate/config: make [GS]etSnapConfig use *RawMessage
- daemon: refactor snapFooMany helpers a little
- cmd/snap-confine: allow snap-update-ns to chown things
- interfaces/apparmor: use a helper to set the scope
- overlord/configstate/config: make SetSnapConfig delete on empty
- osutil: make MkdirAllChown clean the path passed in
- many: at seeding try to capture cloud information into core config
under "cloud"
- cmd/snap: add completion conversion helper to increase DRY
- many: remove "content" argument from snaptest.MockSnap()
- osutil: allow using many globs in EnsureDirState
- cmd/snap-confine: fix read-only filesystem when mounting nvidia
files in biarch
- tests: use root path to /home/test/tmp to avoid lack of space
issue
- packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
packaging
- tests: update kill-timeout focused on making tests pass on boards
- advisor: ensure commands.db has mode 0644 and add test
- snap: improve validation of snap layouts
- tests: ensure disabled services are masked
- interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
- systemd, wrappers: start all snap services in one systemctl call
- mir: software clients need access to shared memory /dev/shm/#*
- snap: add support for `snap advise-snap pkgName`
- snap: fix command-not-found on core devices
- tests: new spead test for openvswitch-support interface
- tests: add integration for local snap licenses
- config: add (Get|Set)SnapConfig to do bulk config e.g. from
snapshots
- cmd/snap: display snap license information
- tests: enable content sharing test for $SNAP
- osutil: add ContextWriter and RunWithContext helpers.
- osutil: add DirExists and IsDirNotExist
* New upstream release, LP: #1745217
- many: add the snapd-generator
- polkit: ensure error is properly set if dialog is dismissed
- xdgopenproxy: integrate xdg-open implementation into snapctl
- userd: add an OpenFile method for launching local files with xdg-
open
- configstate: when disable "ssh" we must disable the "sshd"
service
- many: remove snapd.refresh.{timer,service}
- interfaces/builtin: allow MM to access login1
- timeutil: account for 24h wrap when flattening clock spans
- interfaces/screen-inhibit-control,network-status: fix dbus path
and interface typos
- systemd, wrappers: start all snap services in one systemctl
call
- tests: disable interfaces-location-control on s390x
* New upstream release, LP: #1745217
- tests: multiple autopkgtest related fixes for 18.04
- overlord/snapstate: use spread in the default refresh schedule
- timeutil: fix scheduling on nth weekday of the month
- interfaces: miscellaneous policy updates for home, opengl, time-
control, network, et al
- cmd/snap: use proper help strings for `snap userd --help`
- interfaces/time-control,netlink-audit: adjust for util-linux
compiled with libaudit
- rules: do not static link on powerpc
- packaging: revert LDFLAGS rewrite again after building snap-
seccomp
- store: revert PR#4532 and do not display displayname
- daemon: allow `snapctl get` from any uid
- debian, snap: only static link libseccomp in snap-seccomp on
ubuntu
- daemon: improve ucrednet code for the snap.socket
* New upstream release, LP: #1745217
- cmd/snap-confine: allow snap-update-ns to chown things
- cmd/snap-confine: fix read-only filesystem when mounting nvidia
files in biarch
- packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
packaging
- advisor: ensure commands.db has mode 0644 and add test
- interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
- snap: improve validation of snap layoutsRules for validating
layouts:
- snap: fix command-not-found on core devices
- cmd/snap: display snap license information
- tests: enable content sharing test for $SNAP
- userd: add support for a simple UI that can be used from userd
- snap-confine/nvidia: Support legacy biarch trees for GLVND systems
- tests: generic detection of gadget and kernel snaps
- cmd/snap-update-ns: refactor and improve Change.Perform to handle
EROFS
- cmd/snap: improve output when snaps were found in a section or the
section is invalid
- cmd/snap-confine,tests: hide message about stale base snap
- cmd/snap-mgmt: fix out of source tree build
- strutil/quantity: new package that exports formatFoo (from
progress)
- cmd/snap: snap refresh --time with new and legacy schedules
- state: unknown tasks handler
- cmd/snap-confine,data/systemd: fix removal of snaps inside LXD
- snap: add io.snapcraft.Settings to `snap userd`
- spread: remove more EOLed releases
- snap: tidy up top-level help output
- snap: fix race in `snap run --strace`
- tests: update "searching" test to match store changes
- store: use the "publisher" when populating the "publisher" field
- snap: make `snap find --section` show all sections
- tests: new test to validate location control interface
- many: add new `snap refresh --amend <snap>` command
- tests/main/kernel-snap-refresh-on-core: skip the whole test if
edge and stable are the same version
- tests: set test kernel-snap-refresh-on-core to manual
- tests: new spread test for interface gpg-keys
- packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
fix
- interfaces: miscellaneous policy updates
- interfaces/builtin: Replace Solus support with GLVND support
- tests/main/kernel-snap-refresh-on-core: do not fail if edge and
stable kernels are the same version
- snap: add `snap run --strace` to be able to strace snap apps
- tests: new spread test for ssh-keys interface
- errtracker: include detected virtualisation
- tests: add new kernel refresh/revert test for spread-cron
- interfaces/builtin: blacklist zigbee dongle
- cmd/snap-confine: discard stale mount namespaces
- cmd: remove unused execArg0/execEnv
- snap,interfaces/mount: disallow nobody/nogroup
- cmd/snap: improve `snap aliases` output when no aliases are
defined
- tests/lib/snaps/test-snapd-service: refactor service reload
- tests: new spread test for gpg-public-keys interface
- tests: new spread test for ssh-public-keys interface
- spread: setup machine creation on Linode
- interfaces/builtin: allow introspecting UDisks2
- interfaces/builtin: add support for content "source" section
- tests: new spread test for netlink-audit interface
- daemon: avoid panic'ing building an error response w/no snaps
given
- interfaces/mount,snap: early support for snap layouts
- daemon: unlock state even if RefreshSchedule() fails
- arch: add "armv8l" to ubuntuArchFromKernelArch table
- tests: fix for test interface-netlink-connector
- data/dbus: add AssumedAppArmorLabel=unconfined
- advisor: use forked bolt to make it work on ppc
- overlord/snapstate: record the 'kind' of conflicting change
- dirs: fix snap mount dir on Manjaro
- overlord/{snapstate,configstate}, daemon: introduce refresh.timer,
fallback to refresh.schedule
- config: add support for `snap set core proxy.no_proxy=...`
- snap-mgmt: extend spread tests, stop, disable and cleanup snap
services
- spread.yaml: add fedora 27
- cmd/snap-confine: allow snap-update-ns to poke writable holes in
$SNAP
- packaging/14.04: move linux-generic-lts-xenial to recommends
- osutil/sys: ppc has 32-bit getuid already
- snapstate: make no autorefresh message clearer
- spread: try to enable Fedora once more
- overlord/snapstate: do a minimal sanity check on containers
- configcore: ensure config.txt has a final newline
- cmd/libsnap-confine-private: print failed mount/umount regardless
of SNAP_CONFINE_DEBUG
- debian/tests: add missing autopkgtest test dependencies for debian
- image: port ini handling to goconfigparser
- tests/main/snap-service-after-before: add test for after/before
service ordering
- tests: enabling opensuse for tests
- tests: update auto-refresh-private to match messages from current
master
- dirs: check if distro 'is like' fedora when picking path to
libexecdir
- tests: fix "job canceled" issue and improve cleanup for snaps
- cmd/libsnap-confine-private: add debug build of libsnap-confine-
private.a, link it into snap-confine-debug
- vendor: remove x/sys/unix to fix builds on arm64 and powerpc
- image: let consume snapcraft export-login files from tooling
- interfaces/mir: allow Wayland socket and non-root sockets
- interfaces/builtin: use snap.{Plug,Slot}Info over
interfaces.{Plug,Slot}
- tests: add simple snap-mgmt test
- wrappers: autogenerate After/Before in systemd's service files for
apps
- snap: add usage hints in `snap download`
- snap: provide more meaningful errors for installMany and friends
- cmd/snap: show header/footer when `snap find` is used without
arguments
- overlord/snapstate: for Enable's tasks refer to the first task
with snap-setup, do not duplicate
- tests: add hard-coded fully expired macaroons to run related tests
- cmd/snap-update-ns: new test features
- cmd/snap-update-ns: we don't want to bind mount symlinks
- interfaces/mount: test OptsToCommonFlags, filter out x-snapd.
options
- cmd/snap-update-ns: untangle upcoming cyclic initialization
- client, daemon: update user's email when logging in with new
account
- tests: ensure snap-confine apparmor profile is parsable
- snap: do not leak internal errors on install/refresh etc
- snap: fix missing error check when multiple snaps are refreshed
- spread: trying to re-enable tests on Fedora
- snap: fix gadget.yaml parsing for multi volume gadgets
- snap: give the snap.Container interface a Walk method
- snap: rename `snap advise-command` to `snap advise-snap --command`
- overlord/snapstate: no refresh just for hints if there was a
recent regular full refresh
- progress: switch ansimeter's Spin() to use a spinner
- snap: support `command-not-found` symlink for `snap advise-
command`
- daemon: store email, ID and macaroon when creating a new user
- snap: app startup after/before validation
- timeutil: refresh timer take 2
- store, daemon/api: Rename MyAppsServer, point to
dashboard.snapcraft.io instead
- tests: use "quiet" helper instead of "dnf -q" to get errors on
failures
- cmd/snap-update-ns: improve mocking for tests
- many: implement the advisor backend, populate it from the store
- tests: make less calls to the package manager
- tests/main/confinement-classic: enable the test on Fedora
- snap: do not leak internal network errors to the user
- snap: use stdout instead of stderr for "fetching" message
- tests: fix test whoami, share successful_login.exp
- many: refresh with appropriate creds
- snap: add new `snap advice-command` skeleton
- tests: add test that ensures we never parse versions as numbers
- overlord/snapstate: override Snapstate.UserID in refresh if the
installing user is gone
- interfaces: allow socket "shutdown" syscall in default profile
- snap: print friendly message if `snap keys` is empty
- cmd/snap-update-ns: add execWritableMimic
- snap: make `snap info invalid-snap` output more user friendly
- cmd/snap, tests/main/classic-confinement: fix snap-exec path when
running under classic confinement
- overlord/ifacestate: fix disable/enable cycle to setup security
- snap: fix snap find " " output
- daemon: add new polkit action to manage interfaces
- packaging/arch: disable services when removing
- asserts/signtool: support for building tools on top that fill-
in/compute some headers
- cmd: clarify "This leaves %s tracking %s." message
- daemon: return "bad-query" error kind for store.ErrBadQuery
- taskrunner/many: KnownTaskKinds helper
- tests/main/interfaces-fuse_support: fix confinement, allow
unmount, fix spread tests
- snap: use the -no-fragments mksquashfs option
- data/selinux: allow messages from policykit
- tests: fix catalog-update wait loop
- tests/lib/prepare-restore: disable rate limiting in journald
- tests: change interfaces-fuse_support to be debug friendly
- tests/main/postrm-purge: stop snapd before purge
- This is an example of test log:https://paste.ubuntu.com/26215170/
- tests/main/interfaces-fuse_support: dump more debugging
information
- interfaces/dbus: adjust slot policy for listen, accept and accept4
syscalls
- tests: save the snapd-state without compression
- tests/main/searching: handle changes in featured snaps list
- overlord/snapstate: fix auto-refresh summary for 2 snaps
- overlord/auth,daemon: introduce an explicit auth.ErrInvalidUser
- interfaces: add /proc/partitions to system-observe (This addresses
LP#1708527.)
- tests/lib: introduce helpers for setting up /dev/random using
/dev/urandom in project prepare
- tests: new test for interface network status
- interfaces: interfaces: also add an app/hook-specific udev RUN
rule for hotplugging
- tests: fix external backend for tests that need DEBUG output
- tests: do not disable refresh timer on external backend
- client: send all snap related bool json fields
- interfaces/desktop,unity7: allow status/activate/lock of
screensavers
- tests/main: source mkpinentry.sh
- tests: fix security-device-cgroups-serial-port test for rpi and db
- cmd/snap-mgmt: add more directories for cleanup and refactor
purge() code
- snap: YAML and data structures for app before/after ordering
- tests: set TRUST_TEST_KEYS=false for all the external backends
- packaging/arch: install snap-mgmt tool
- tests: add support on tests for cm3 gadget
- interfaces/removable-media: also allow 'k' (lock)
- interfaces: use ConnectedPlug/ConnectedSlot types (step 2)
- interfaces: rename sanitize methods
- devicestate: fix misbehaving test when using systemd-resolved
- interfaces: added Ref() helpers, restored more detailed error
message on spi iface
- debian: make "gnupg" a recommends
- interfaces/many: misc updates for default, browser-support,
opengl, desktop, unity7, x11
- interfaces: PlugInfo/SlotInfo/ConnectedPlug/ConnectedSlot
attribute helpers
- interfaces: update fixme comments
- tests: make interfaces-snapd-control-with-manage more robust
- userd: generalize dbusInterface
- interfaces: use ConnectedPlug/ConnectedSlot types (step 1)
- hookstate: add compat "configure-snapd" task.
- config, overlord/snapstate, timeutil: rename ParseSchedule to
ParseLegacySchedule
- tests: adding tests for time*-control interfaces
- tests: new test to check interfaces after reboot the system
- cmd/snap-mgmt: fixes
- packaging/opensuse-42.2: package and use snap-mgmt
- corecfg: also "mask" services when disabling them
- cmd/snap-mgmt: introduce snap-mgmt tool
- configstate: simplify ConfigManager
- interfaces: add gpio-memory-control interface
- cmd: disable check-syntax-c
- packaging/arch: add bash-completion as optional dependency
- corecfg: rename package to overlord/configstate/configcore
- wrappers: fix unit tests to use dirs.SnapMountDir
- osutil/sys: reimplement getuid and chown with the right int type
- interfaces-netlink-connector: fix sourcing snaps.sh
* New upstream release, LP: #1735344
- tests: set TRUST_TEST_KEYS=false for all the external backends
- tests: fix external backend for tests that need DEBUG output
- tests: do not disable refresh timer on external backend
- client: send all snap related bool json fields
- interfaces: interfaces: also add an app/hook-specific udev RUN
rule for hotplugging
- interfaces/desktop,unity7: allow status/activate/lock of
screensavers
- tests/main: source mkpinentry.sh
- devicestate: use a different nowhere domain
- interfaces: add ssh-keys, ssh-public-keys, gpg-keys and gpg-public
keys interfaces
- interfaces/many: misc updates for default, browser-support, opengl,
desktop, unity7, x11
- devicestate: fix misbehaving test when using systemd-resolved
- interfaces/removable-media: also allow 'k' (lock)
- interfaces/many: misc updates for default, browser-support,
opengl, desktop, unity7, x11
- corecfg: also "mask" services when disabling them
- tests: add support for autopkgtests on s390x
- snapstate: support for pre-refresh hook
- many: allow to configure core before it is installed
- devicestate: fix unkeyed fields error
- snap-confine: create mount target for lib32,vulkan on demand
- snapstate: add support for refresh.schedule=managed
- cmd/snap-update-ns: teach update logic to handle synthetic changes
- many: remove configure-snapd task again and handle internally
- snap: fix TestDirAndFileMethods() test to work with gccgo
- debian: ensure /var/lib/snapd/lib/vulkan is available
- cmd/snap-confine: use #include instead of bare include
- snapstate: store userID in snapstate
- snapd.dirs: add var/lib/snapd/lib/gl32
- timeutil, overlod/snapstate: cleanup remaining pieces of timeutil
weekday support
- packaging/arch: install missing directories, manpages and version
info
- snapstate,store: store if a snap is a paid snap in the sideinfo
- packaging/arch: pre-create snapd directories when packaging
- tests/main/manpages: set LC_ALL=C as man may complain if the
locale is unset or unsupported
- repo: ConnectedPlug and ConnectedSlot types
- snapd: fix handling of undo in the taskrunner
- store: fix download caching and add integration test
- snapstate: move autorefresh code into autoRefresh helper
- snapctl: don't error out on start/stop/restart from configure hook
during install or refresh
- cmd/snap-update-ns: add planWritableMimic
- deamon: don't omit responses, even if null
- tests: add test for frame buffer interface
- tests/lib: fix shellcheck errors
- apparmor: generate the snap-confine re-exec profile for
AppArmor{Partial,Full}
- tests: remove obsolete workaround
- snap: use existing files in `snap download` if digest/size matches
- tests: merge pepare-project.sh into prepare-restore.sh
- tests: cache snaps to $TESTSLIB/cache
- tests: set -e, -o pipefail in prepare-restore.sh
- apparmor: generate the snap-confine re-exec profile for
AppArmor{Partial,Full}
- cmd/snap-seccomp: fix uid/gid restrictions tests on Arch
- tests: document and slightly refactor prepare/restore code
- snapstate: ensure RefreshSchedule() gives accurate results
- snapstate: add new refresh-hints helper and use it
- spread.yaml,tests: move most of project-wide prepare/restore to
separate file
- timeutil: introduce helpers for weekdays and TimeOfDay
- tests: adding new test for uhid interface
- cmd/libsnap: fix parsing of empty mountinfo fields
- overlord/devicestate: best effort to go to early full retries for
registration on the like of DNS no host
- spread.yaml: bump delta ref to 2.29
- tests: adding test to test physical memory observe interface
- cmd, errtracker: get rid of SNAP_DID_REEXEC environment
- timeutil: remove support to parse weekday schedules
- snap-confine: add workaround for snap-confine on 4.13/upstream
- store: do not log the http body for catalog updates
- snapstate: move catalogRefresh into its own helper
- spread.yaml: fix shellcheck issues and trivial refactor
- spread.yaml: move prepare-each closer to restore-each
- spread.yaml: increase workers for opensuse to 3
- tests: force delete when tests are restore to avoid suite failure
- test: ignore /snap/README
- interfaces/opengl: also allow read on 'revision' in
/sys/devices/pci...
- interfaces/screen-inhibit-control: fix case in screen inhibit
control
- asserts/sysdb: panic early if pointed to staging but staging keys
are not compiled-in
- interfaces: allow /bin/chown and fchownat to root:root
- timeutil: include test input in error message in
TestParseSchedule()
- interfaces/browser-support: adjust base declaration for auto-
connection
- snap-confine: fix snap-confine under lxd
- store: bit less aggressive retry strategy
- tests: add new `fakestore new-snap-{declaration,revision}` helpers
- cmd/snap-update-ns: add secureMkfileAll
- snap: use field names when initializing composite literals
- HACKING: fix path in snap install
- store: add support for flags in ListRefresh()
- interfaces: remove invalid plugs/slots from SnapInfo on
sanitization.
- debian: add missing udev dependency
- snap/validate: extend socket validation tests
- interfaces: add "refresh-schedule" attribute to snapd-control
- interfaces/builtin/account_control: use gid owning /etc/shadow to
setup seccomp rules
- cmd/snap-update-ns: tweak changePerform
- interfaces,tests: skip unknown plug/slot interfaces
- tests: disable interfaces-network-control-tuntap
- cmd: use a preinit_array function rather than parsing
/proc/self/cmdline
- interfaces/time*_control: explicitly deny noisy read on
/proc/1/environ
- cmd/snap-update-ns: misc cleanups
- snapd: allow hooks to have slots
- fakestore: add go-flags to prepare for `new-snap-declaration` cmd
- interfaces/browser-support: add shm path for nwjs
- many: add magic /snap/README file
- overlord/snapstate: support completion for command aliases
- tests: re-enable tun/tap test on Debian
- snap,wrappers: add support for socket activation
- repo: use PlugInfo and SlotInfo for permanent plugs/slots
- tests/interfaces-network-control-tuntap: disable on debian-
unstable for now
- cmd/snap-confine: Loosen the NVIDIA Vulkan ICD glob
- cmd/snap-update-ns: detect and report read-only filesystems
- cmd/snap-update-ns: re-factor secureMkdirAll into
secureMk{Prefix,Dir}
- run-checks, tests/lib/snaps/: shellcheck fixes
- corecfg: validate refresh.schedule when it is applied
- tests: adjust test to match stderr
- snapd: fix snap cookie bugs
- packaging/arch: do not quote MAKEFLAGS
- state: add change.LaneTasks helper
- cmd/snap-update-ns: do not assume 'nogroup' exists
- tests/lib: handle distro specific grub-editenv naming
- cmd/snap-confine: Add missing bi-arch NVIDIA filesthe
`/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl/vdpau` paths within
- cmd: Support exposing NVIDIA Vulkan ICD files to the snaps
- cmd/snap-confine: Implement full 32-bit NVIDIA driver support
- packaging/arch: packaging update
- cmd/snap-confine: Support bash as base runtime entry
- wrappers: do not error on incorrect Exec= lines
- interfaces: fix udev tagging for hooks
- tests/set-proxy-store: exclude ubuntu-core-16 via systems: key
- tests: new tests for network setup control and observe interfaces
- osutil: add helper for obtaining group ID of given file path
- daemon,overlord/snapstate: return snap-not-installed error in more
cases
- interfaces/builtin/lxd_support: allow discovering of host's os-
release
- configstate: add support for configure-snapd for
snapstate.IgnoreHookError
- tests: add a spread test for proxy.store setting together with
store assertion
- cmd/snap-seccomp: do not use group 'shadow' in tests
- asserts/assertstest: fix use of hardcoded value when the passed
or default keys should be used
- interfaces/many: misc policy updates for browser-support, cups-
control and network-status
- tests: fix xdg-open-compat
- daemon: for /v2/logs, 404 when no services are found
- packaging/fedora: Merge changes from Fedora Dist-Git
- cmd/snap-update-ns: add new helpers for mount entries
- cmd/snap-confine: Respect biarch nature of libdirs
- cmd/snap-confine: Ensure snap-confine is allowed to access os-
release
- cmd: fix re-exec bug with classic confinement for host snapd <
2.28
- interfaces/kmod: simplify loadModules now that errors are ignored
- tests: disable xdg-open-compat test
- tests: add test that checks core reverts on core devices
- dirs: use alt root when checking classic confinement support
without
- interfaces/kmod: treat failure to load module as non-fatal
- cmd/snap-update-ns: fix golint and some stale comments
- corecfg: support setting proxy.store if there's a matching store
assertion
- overlord/snapstate: toggle ignore-validation as needed as we do
for channel
- tests: fix security-device-cgroup* tests on devices with
framebuffer
- interfaces/raw-usb: match on SUBSYSTEM, not SUBSYSTEMS
- interfaces: add USB interface number attribute in udev rule for
serial-port interface
- overlord/devicestate: switch to the new endpoints for registration
- snap-update-ns: add missing unit test for desired/current profile
handling
- cmd/{snap-confine,libsnap-confine-private,snap-shutdown}: cleanup
low-level C bits
- ifacestate: make interfaces.Repository available via state cache
- overlord/snapstate: cleanups around switch-snap*
- cmd/snapd,client,daemon: display ignore-validation flag through
the notes mechanism
- cmd/snap-update-ns: add logging to snap-update-ns
- many: have a timestamp on store assertions
- many: lookup and use the URL from a store assertion if one is set
for use
- tests/test-snapd-service: fix shellcheck issues
- tests: new test for hardware-random-control interface
- tests: use `snap change --last=install` in snapd-reexec test
- repo, daemon: use PlugInfo, SlotInfo
- many: handle core configuration internally instead of using the
core configure hook
- tests: refactor and expand content interface test
- snap-seccomp: skip in-kernel bpf tests for socket() in trusty/i386
- cmd/snap-update-ns: allow Change.Perform to return changes
- snap-confine: Support biarch Linux distribution confinement
- partition/ubootenv: don't panic when uboot.env is missing the eof
marker
- cmd/snap-update-ns: allow fault injection to provide dynamic
result
- interfaces/mount: exspose mount.{Escape,Unescape}
- snapctl: added long help to stop/start/restart command
- cmd/snap-update-ns: create missing mount points automatically.
- cmd: downgrade log message in InternalToolPath to Debugf()
- tests: wait for service status change & file update in the test to
avoid races
- daemon, store: forward SSO invalid credentials errors as 401
Unauthorized responses
- spdx: fix for WITH syntax, require a license name before the
operator
- many: reorg things in preparation to make handling of the base url
in store dynamic
- hooks/configure: queue service restarts
- cmd/snap: warn when a snap is not from the tracking channel
- interfaces/mount: add support for parsing x-snapd.{mode,uid,gid}=
- cmd/snap-confine: add detection of stale mount namespace
- interfaces: add plugRef/slotRef helpers for PlugInfo/SlotInfo
- tests: check for invalid udev files during all tests
- daemon: use newChange() in changeAliases for consistency
- servicestate: use taskset
- many: add support for /home on NFS
- packaging,spread: fix and re-enable opensuse builds
* New upstream release, LP: #1726258
- tests: more debug info for classic-ubuntu-core-transition
- packaging: fix typo that causes error in the misspell test
* New upstream release, LP: #1726258
- snap-confine: fix snap-confine under lxd
- tests: disable classic-ubuntu-core-transition on i386 temporarily
- many: reject bad plugs/slots
- interfaces,tests: skip unknown plug/slot interfaces
- store: enable "base" field from the store
- packaging/fedora: Merge changes from Fedora Dist-Git
* New upstream release, LP: #1726258
- daemon: cherry-picked /v2/logs fixes
- cmd/snap-confine: Respect biarch nature of libdirs
- cmd/snap-confine: Ensure snap-confine is allowed to access os-
release
- interfaces: fix udev tagging for hooks
- cmd: fix re-exec bug with classic confinement for host snapd
- tests: disable xdg-open-compat test
- cmd/snap-confine: add slave PTYs and let devpts newinstance
perform mediation
- interfaces/many: misc policy updates for browser-support, cups-
control and network-status
- interfaces/raw-usb: match on SUBSYSTEM, not SUBSYSTEMS
- tests: fix security-device-cgroup* tests on devices with
framebuffer
* New upstream release, LP: #1726258
- snapctl: disable stop/start/restart (2.29)
- cmd/snap-update-ns: fix collection of changes made
* New upstream release, LP: #1726258
- interfaces: fix incorrect signature of ofono DBusPermanentSlot
- interfaces/serial-port: udev tag plugged slots that have just
'path' via KERNEL
- interfaces/hidraw: udev tag plugged slots that have just 'path'
via KERNEL
- interfaces/uhid: unconditionally add existing uhid device to the
device cgroup
- cmd/snap-update-ns: fix mount rules for font sharing
- tests: disable refresh-undo test on trusty for now
- tests: use `snap change --last=install` in snapd-reexec test
- Revert " wrappers: fail install if exec-line cannot be re-written
- interfaces: don't udev tag devmode or classic snaps
- many: make ignore-validation sticky and send the flag with refresh
requests
* New upstream release, LP: #1726258
- interfaces/many: miscellaneous updates based on feedback from the
field
- snap-confine: allow reading uevents from any where in /sys
- spread: add bionic beaver
- debian: make packaging/ubuntu-14.04/copyright a real file again
- tests: cherry pick the fix for services test into 2.29
- cmd/snap-update-ns: initialize logger
- hooks/configure: queue service restarts
- snap-{confine,seccomp}: make @unrestricted fully unrestricted
- interfaces: clean system apparmor cache on core device
- debian: do not build static snap-exec on powerpc
- snap-confine: increase sanity_timeout to 6s
- snapctl: cherry pick service commands changes
- cmd/snap: tell translators about arg names and descs req's
- systemd: run all mount units before snapd.service to avoid race
- store: add a test to show auth failures are forwarded by doRequest
- daemon: convert ErrInvalidCredentials to a 401 Unauthorized error.
- store: forward on INVALID_CREDENTIALS error as
ErrInvalidCredentials
- daemon: generate a forbidden response message if polkit dialog is
dismissed
- daemon: Allow Polkit authorization to cancel changes.
- travis: switch to container based test runs
- interfaces: reduce duplicated code in interface tests mocks
- tests: improve revert related testing
- interfaces: sanitize plugs and slots early in ReadInfo
- store: add download caching
- preserve TMPDIR and HOSTALIASES across snap-confine invocation
- snap-confine: init all arrays with `= {0,}`
- tests: adding test for network-manager interface
- interfaces/mount: don't generate legacy per-hook/per-app mount
profiles
- snap: introduce structured epochs
- tests: fix interfaces-cups-control test for cups-2.2.5
- snap-confine: cleanup incorrectly created nvidia udev tags
- cmd/snap-confine: update valid security tag regexp
- cmd/libsnap: enable two stranded tests
- cmd,packaging: enable apparmor on openSUSE
- overlord/ifacestate: refresh all security backends on startup
- interfaces/dbus: drop unneeded check for
release.ReleaseInfo.ForceDevMode
- dbus: ensure io.snapcraft.Launcher.service is created on re-
exec
- overlord/auth: continue for now supporting UBUNTU_STORE_ID if the
model is generic-classic
- snap-confine: add support for handling /dev/nvidia-modeset
- interfaces/network-control: remove incorrect rules for tun
- spread: allow setting SPREAD_DEBUG_EACH=0 to disable debug-each
section
- packaging: remove .mnt files on removal
- tests: fix econnreset scenario when the iptables rule was not
created
- tests: add test for lxd interface
- run-checks: use nakedret static checker to check for naked
returns on long functions
- progress: be more flexible in testing ansimeter
- interfaces: fix udev rules for tun
- many: implement our own ANSI-escape-using progress indicator
- snap-exec: update tests to follow main_test pattern
- snap: support "command: foo $ENV_STRING"
- packaging: update nvidia configure options
- snap: add new `snap pack` and use in tests
- cmd: correctly name the "Ubuntu" and "Arch" NVIDIA methods
- cmd: add autogen case for solus
- tests: do not use http://canihazip.com/ which appears to be down
- hooks: commands for controlling own services from snapctl
- snap: refactor cmdGet.Execute()
- interfaces/mount: make Change.Perform testable and test it
- interfaces/mount,cmd/snap-update-ns: move change code
- snap-confine: is_running_on_classic_distribution() looks into os-
release
- interfaces: misc updates for default, browser-support, home and
system-observe
- interfaces: deny lttng by default
- interfaces/lxd: lxd slot implementation can also be an app snap
- release,cmd,dirs: Redo the distro checks to take into account
distribution families
- cmd/snap: completion for alias and unalias
- snap-confine: add new SC_CLEANUP and use it
- snap: refrain from running filepath.Base on random strings
- cmd/snap-confine: put processes into freezer hierarchy
- wrappers: fail install if exec-line cannot be re-written
- cmd/snap-seccomp,osutil: make user/group lookup functions public
- snapstate: deal with snap user data in the /root/ directory
- interfaces: Enhance full-confinement support for biarch
distributions
- snap-confine: Only attempt to copy/mount NVIDIA libs when NVIDIA
is used
- packaging/fedora: Add Fedora 26, 27, and Rawhide symlinks
- overlord/snapstate: prefer a smaller corner case for doing the
wrong thing
- cmd/snap-repair: set user agent for snap-repair http requests
- packaging: bring down the delta between 14.04 and 16.04
- snap-confine: Ensure lib64 biarch directory is respected
- snap-confine: update apparmor rules for fedora based base snaps
- tests: Increase SNAPD_CONFIGURE_HOOK_TIMEOUT to 3 minutes to
install real snaps
- daemon: use client.Snap instead of map[string]interface{} for
snaps.
- hooks: rename refresh hook to post-refresh
- git: make the .gitingore file a bit more targeted
- interfaces/opengl: don't udev tag nvidia devices and use snap-
confine instead
- cmd/snap-{confine,update-ns}: apply mount profiles using snap-
update-ns
- cmd: update "make hack"
- interfaces/system-observe: allow clients to enumerate DBus
connection names
- snap-repair: implement `snap-repair {list,show}`
- dirs,interfaces: create snap-confine.d on demand when re-executing
- snap-confine: fix base snaps on core
- cmd/snap-repair: fix tests when running as root
- interfaces: add Connection type
- cmd/snap-repair: skip disabled repairs
- cmd/snap-repair: prefer leaking unmanaged fds on test failure over
closing random ones
- snap-repair: make `repair` binary available for repair scripts
- snap-repair: fix missing Close() in TestStatusHappy
- cmd/snap-confine,packaging: import snapd-generated policy
- cmd/snap: return empty document if snap has no configuration
- snap-seccomp: run secondary-arch tests via gcc-multilib
- snap: implement `snap {repair,repairs}` and pass-through to snap-
repair
- interfaces/builtin: allow receiving dbus messages
- snap-repair: implement `snap-repair {done,skip,retry}`
- data/completion: small tweak to snap completion snippet
- dirs: fix classic support detection
- cmd/snap-repair: integrate root public keys for repairs
- tests: fix ubuntu core services
- tests: add new test that checks that the compat snapd-xdg-open
works
- snap-confine: improve error message if core/u-core cannot be found
- tests: only run tests/regression/nmcli on amd64
- interfaces: mount host system fonts in desktop interface
- interfaces: enable partial apparmor support
- snapstate: auto-install missing base snaps
- spread: work around temporary packaging issue in debian sid
- asserts,cmd/snap-repair: introduce a mandatory summary for repairs
- asserts,cmd/snap-repair: represent RepairID internally as an int
- tests: test the real "xdg-open" from the core snap
- many: implement fetching sections and package names periodically.
- interfaces/network: allow using netcat as client
- snap-seccomp, osutil: use osutil.AtomicFile in snap-seccomp
- snap-seccomp: skip mknod syscall on arm64
- tests: add trivial canonical-livepatch test
- tests: add test that ensures that all core services are working
- many: add logger.MockLogger() and use it in the tests
- snap-repair: fix test failure in TestRepairHitsTimeout
- asserts: add empty values check in HeadersFromPrimaryKey
- daemon: remove unused installSnap var in test
- daemon: reach for Overlord.Loop less thanks to overlord.Mock
- snap-seccomp: manually resolve socket() call in tests
- tests: change regex used to validate installed ubuntu core snap
- cmd/snapctl: allow snapctl -h without a context (regression fix).
- many: use snapcore/snapd/i18n instead of i18n/dumb
- many: introduce asserts.NotFoundError replacing both ErrNotFound
and store.AssertionNotFoundError
- packaging: don't include any marcos in comments
- overlord: use overlord.Mock in more tests, make sure we check the
outcome of Settle
- tests: try to fix staging tests
- store: simplify api base url config
- systemd: add systemd.MockJournalctl()
- many: provide systemd.MockSystemctl() helper
- tests: improve the listing test to not fail for e.g. 2.28~rc2
- snapstate: give snapmgrTestSuite.settle() more time to settle
- tests: fix regex to check core version on snap list
- debian: update trusted account-keys check on 14.04 packaging
- interfaces: add udev netlink support to hardware-observe
- overlord: introduce Mock which enables to use Overlord.Settle for
settle in many more places
- snap-repair: execute the repair and capture logs/status
- tests: run the tests/unit/go everywhere
- daemon, snapstate: move ensureCore from daemon/api.go into
snapstate.go
- cmd/snap: get keys or root document
- spread.yaml: turn suse to manual given that it's breaking master
- many: configure store from state, reconfigure store at runtime
- osutil: AtomicWriter (an io.Writer), and io.Reader versions of
AtomicWrite*
- tests: check for negative syscalls in runBpf() and skip those
tests
- docs: use abolute path in PULL_REQUEST_TEMPLATE.md
- store: move device auth endpoint uris to config (#3831)
* New upstream release, LP: #1714984
- snap-confine: cleanup broken nvidia udev tags
- cmd/snap-confine: update valid security tag regexp
- overlord/ifacestate: refresh udev backend on startup
- dbus: ensure io.snapcraft.Launcher.service is created on re-
exec
- snap-confine: add support for handling /dev/nvidia-modeset
- interfaces/network-control: remove incorrect rules for tun
* New upstream release, LP: #1714984
- interfaces/opengl: don't udev tag nvidia devices and use snap-
confine instead
- debian: fix replaces/breaks for snap-xdg-open (thanks to apw!)
* New upstream release, LP: #1714984
- interfaces/lxd: lxd slot implementation can also be an app
snap
* New upstream release, LP: #1714984
- interfaces: fix udev rules for tun
- release,cmd,dirs: Redo the distro checks to take into account
distribution families
* New upstream release, LP: #1714984
- snap-confine: update apparmor rules for fedora based basesnaps
- snapstate: rename refresh hook to post-refresh for consistency
* New upstream release, LP: #1714984
- hooks: rename refresh to after-refresh
- snap-confine: bind mount /usr/lib/snapd relative to snap-confine
- cmd,dirs: treat "liri" the same way as "arch"
- snap-confine: fix base snaps on core
- hooks: substitute env vars when executing hooks
- interfaces: updates for default, browser-support, desktop, opengl,
upower and stub-resolv.conf
- cmd,dirs: treat manjaro the same as arch
- systemd: do not run auto-import and repair services on classic
- packaging/fedora: Ensure vendor/ is empty for builds and fix spec
to build current master
- many: fix TestSetConfNumber missing an Unlock and other fragility
improvements
- osutil: adjust StreamCommand tests for golang 1.9
- daemon: allow polkit authorisation to install/remove snaps
- tests: make TestCmdWatch more robust
- debian: improve package description
- interfaces: add netlink kobject uevent to hardware observe
- debian: update trusted account-keys check on 14.04 packaging
- interfaces/network-{control,observe}: allow receiving
kobject_uevent() messages
- tests: fix lxd test for external backend
- snap-confine,snap-update-ns: add -no-pie to fix FTBFS on
go1.7,ppc64
- corecfg: mock "systemctl" in all corecfg tests
- tests: fix unit tests on Ubuntu 14.04
- debian: add missing flags when building static snap-exec
- many: end-to-end support for the bare base snap
- overlord/snapstate: SetRootDir from SetUpTest, not in just some
tests
- store: have an ad-hoc method on cfg to get its list of uris for
tests
- daemon: let client decide whether to allow interactive auth via
polkit
- client,daemon,snap,store: add license field
- overlord/snapstate: rename HasCurrent to IsInstalled, remove
superfluous/misleading check from All
- cmd/snap: SetRootDir from SetUpTest, not in just some individual
tests.
- systemd: rename snap-repair.{service,timer} to snapd.snap-
repair.{service,timer}
- snap-seccomp: remove use of x/net/bpf from tests
- httputil: more naive per go version way to recreate a default
transport for tls reconfig
- cmd/snap-seccomp/main_test.go: add one more syscall for arm64
- interfaces/opengl: use == to compare, not =
- cmd/snap-seccomp/main_test.go: add syscalls for armhf and arm64
- cmd/snap-repair: track and use a lower bound for the time for
TLSchecks
- interfaces: expose bluez interface on classic OS
- snap-seccomp: add in-kernel bpf tests
- overlord: always try to get a serial, lazily on classic
- tests: add nmcli regression test
- tests: deal with __PNR_chown on aarch64 to fix FTBFS on arm64
- tests: add autopilot-introspection interface test
- vendor: fix artifact from manually editing vendor/vendor.json
- tests: rename complexion to test-snapd-complexion
- interfaces: add desktop and desktop-legacy
interfaces/desktop: add new 'desktop' interface for modern DEs
interfaces/builtin/desktop_test.go: use modern testing techniques
interfaces/wayland: allow read on /etc/drirc for Plasma desktop
interfaces/desktop-legacy: add new 'legacy' interface (currently
for a11y and input)
- tests: fix race in snap userd test
- devices/iio: add read/write for missing sysfs entries
- spread: don't set HTTPS?_PROXY for linode
- cmd/snap-repair: check signatures of repairs from Next
- env: set XDG_DATA_DIRS for wayland et.al.
- interfaces/{default,account-control}: Use username/group instead
of uid/gid
- interfaces/builtin: use udev tagging more broadly
- tests: add basic lxd test
- wrappers: ensure bash completion snaps install on core
- vendor: use old golang.org/x/crypto/ssh/terminal to build on
powerpc again
- docs: add PULL_REQUEST_TEMPLATE.md
- interfaces: fix network-manager plug
- hooks: do not error out when hook is optional and no hook handler
is registered
- cmd/snap: add userd command to replace snapd-xdg-open
- tests: new regex used to validate the core version on extra snaps
ass...
- snap: add new `snap switch` command
- tests: wait more and more debug info about fakestore start issues
- apparmor,release: add better apparmor detection/mocking code
- interfaces/i2c: adjust sysfs rule for alternate paths
- interfaces/apparmor: add missing call to dirs.SetRootDir
- cmd: "make hack" now also installs snap-update-ns
- tests: copy files with less verbosity
- cmd/snap-confine: allow using additional libraries required by
openSUSE
- packaging/fedora: Merge changes from Fedora Dist-Git
- snapstate: improve the error message when classic confinement is
not supported
- tests: add test to ensure amd64 can run i386 syscall binaries
- tests: adding extra info for fakestore when fails to start
- tests: install most important snaps
- cmd/snap-repair: more test coverage of filtering
- squashfs: remove runCommand/runCommandWithOutput as we do not need
it
- cmd/snap-repair: ignore superseded revisions, filter on arch and
models
- hooks: support for refresh hook
- Partial revert "overlord/devicestate, store: update device auth
endpoints URLs"
- cmd/snap-confine: allow reading /proc/filesystems
- cmd/snap-confine: genearlize apparmor profile for various lib
layout
- corecfg: fix proxy.* writing and add integration test
- corecfg: deal with system.power-key-action="" correctly
- vendor: update vendor.json after (presumed) manual edits
- cmd/snap: in `snap info`, don't print a newline between tracks
- daemon: add polkit support to /v2/login
- snapd,snapctl: decode json using Number
- client: fix go vet 1.7 errors
- tests: make 17.04 shellcheck clean
- tests: remove TestInterfacesHelp as it breaks when go-flags
changes
- snapstate: undo a daemon restart on classic if needed
- cmd/snap-repair: recover brand/model from
/var/lib/snapd/seed/assertions checking signatures and brand
account
- spread: opt into unsafe IO during spread tests
- snap-repair: update snap-repair/runner_test.go for API change in
makeMockServer
- cmd/snap-repair: skeleton code around actually running a repair
- tests: wait until the port is listening after start the fake store
- corecfg: fix typo in tests
- cmd/snap-repair: test that redirects works during fetching
- osutil: honor SNAPD_UNSAFE_IO for testing
- vendor: explode and make more precise our golang.go/x/crypto deps,
use same version as Debian unstable
- many: sanitize NewStoreStack signature, have shared default store
test private keys
- systemd: disable `Nice=-5` to fix error when running inside lxd
- spread.yaml: update delta ref to 2.27
- cmd/snap-repair: use E-Tags when refetching a repair to retry
- interfaces/many: updates based on chromium and mrrescue denials
- cmd/snap-repair: implement most logic to get the next repair to
run/retry in a brand sequence
- asserts/assertstest: copy headers in SigningDB.Sign
- interfaces: convert uhid to common interface and test cases
improvement for time_control and opengl
- many tests: move all panicing fake store methods to a common place
- asserts: add store assertion type
- interfaces: don't crash if content slot has no attributes
- debian: do not build with -buildmode=pie on i386
- wrappers: symlink completion snippets when symlinking binaries
- tests: adding more debug information for the interfaces-cups-
control
- apparmor: pass --quiet to parser on load unless SNAPD_DEBUG is set
- many: allow and support serials signed by the 'generic' authority
instead of the brand
- corecfg: add proxy configuration via `snap set core
proxy.{http,https,ftp}=...`
- interfaces: a bunch of interfaces test improvement
- tests: enable regression and completion suites for opensuse
- tests: installing snapd for nested test suite
- interfaces: convert lxd_support to common iface
- interfaces: add missing test for camera interface.
- snap: add support for parsing snap layout section
- cmd/snap-repair: like for downloads we cannot have a timeout (at
least for now), less aggressive retry strategies
- overlord: rely on more conservative ensure interval
- overlord,store: no piles of return args for methods gathering
device session request params
- overlord,store: send model assertion when setting up device
sessions
- interfaces/misc: updates for unity7/x11, browser-
support, network-control and mount-observe
interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
interfaces/browser-support: update sysfs reads for
newer browser versions, interfaces/network-control: rw for
ieee80211 advanced wireless interfaces/mount-observe: allow read
on sysfs entries for block devices
- tests: use dnf --refresh install to avert stale cache
- osutil: ensure TestLockUnlockWorks uses supported flock
- interfaces: convert lxd to common iface
- tests: restart snapd to ensure re-exec settings are applied
- tests: fix interfaces-cups-control test
- interfaces: improve and tweak bunch of interfaces test cases.
- tests: adding extra worker for fedora
- asserts,overlord/devicestate: support predefined assertions that
don't establish foundational trust
- interfaces: convert two hardware_random interfaces to common iface
- interfaces: convert io_ports_control to common iface
- tests: fix for upgrade test on fedora
- daemon, client, cmd/snap: implement snap start/stop/restart
- cmd/snap-confine: set _FILE_OFFSET_BITS to 64
- interfaces: covert framebuffer to commonInterface
- interfaces: convert joystick to common iface
- interfaces/builtin: add the spi interface
- wrappers, overlord/snapstate/backend: make link-snap clean up on
failure.
- interfaces/wayland: add wayland interface
- interfaces: convert kvm to common iface
- tests: extend upower-observe test to cover snaps providing slots
- tests: enable main suite for opensuse
- interfaces: convert physical_memory_observe to common iface
- interfaces: add missing test for optical_drive interface.
- interfaces: convert physical_memory_control to common iface
- interfaces: convert ppp to common iface
- interfaces: convert time-control to common iface
- tests: fix failover test
- interfaces/builtin: rework for avahi interface
- interfaces: convert broadcom-asic-control to common iface
- snap/snapenv: document the use of CoreSnapMountDir for SNAP
- packaging/arch: drop patches merged into master
- cmd: fix mustUnsetenv docstring (thanks to Chipaca)
- release: remove default from VERSION_ID
- tests: enable regression, upgrade and completion test suites for
fedora
- tests: restore interfaces-account-control properly
- overlord/devicestate, store: update device auth endpoints URLs
- tests: fix install-hook test failure
- tests: download core and ubuntu-core at most once
- interfaces: add common support for udev
- overlord/devicestate: fix, don't assume that the serial is backed
by a 1-key chain
- cmd/snap-confine: don't share /etc/nsswitch from host
- store: do not resume a download when we already have the whole
thing
- many: implement "snap logs"
- store: don't call useDeltas() twice in quick succession
- interfaces/builtin: add kvm interface
- snap/snapenv: always expect /snap for $SNAP
- cmd: mark arch as non-reexecing distro
- cmd: fix tests that assume /snap mount
- gitignore: ignore more build artefacts
- packaging: add current arch packaging
- interfaces/unity7: allow receiving media key events in (at least)
gnome-shell
- interfaces/many, cmd/snap-confine: miscellaneous policy updates
- interfaces/builtin: implement broadcom-asic-control interface
- interfaces/builtin: reduce duplication and remove cruft in
Sanitize{Plug,Slot}
- tests: apply underscore convention for SNAPMOUNTDIR variable
- interfaces/greengrass-support: adjust accesses now that have
working snap
- daemon, client, cmd/snap: implement "snap services"
- tests: fix refresh tests not stopping fake store for fedora
- many: add the interface command
- overlord/snapstate/backend: some copydata improvements
- many: support querying and completing assertion type names
- interfaces/builtin: discard empty Validate{Plug,Slot}
- cmd/snap-repair: start of Runner, implement first pass of Peek
and Fetch
- tests: enable main suite on fedora
- snap: do not always quote the snap info summary
- vendor: update go-flags to address crash in "snap debug"
- interfaces: opengl support pci device and vendor
- many: start implenting "base" snap type on the snapd side
- arch,release: map armv6 correctly
- many: expose service status in 'snap info'
- tests: add browser-support interface test
- tests: disable snapd-notify for the external backend
- interfaces: Add /run/uuid/request to openvswitch
- interfaces: add password-manager-service implicit classic
interface
- cmd: rework reexec detection
- cmd: fix re-exec bug when starting from snapd 2.21
- tests: dependency packages installed during prepare-project
- tests: remove unneeded check for re-exec in InternalToolPath()
- cmd,tests: fix classic confinement confusing re-execution code
- store: configurable base api
- tests: fix how package lists are updated for opensuse and fedora
* New upstream release, LP: #1703798:
- interfaces: add udev netlink support to hardware-observe
- interfaces/network-{control,observe}: allow receiving
kobject_uevent() messages
* New upstream release, LP: #1703798:
- interfaces: fix network-manager plug regression
- hooks: do not error when hook handler is not registered
- interfaces/alsa,pulseaudio: allow read on udev data for sound
- interfaces/optical-drive: read access to udev data for /dev/scd*
- interfaces/browser-support: read on /proc/vmstat and misc udev
data
* New upstream release, LP: #1703798:
- snap-seccomp: add secondary arch for unrestricted snaps as well
* New upstream release, LP: #1703798:
- systemd: disable `Nice=-5` to fix error when running inside lxdSee
https://bugs.launchpad.net/snapd/+bug/1709536
* New upstream release, LP: #1703798:
- tests: remove TestInterfacesHelp as it breaks when go-flags
changes
- interfaces: don't crash if content slot has no attributes
- debian: do not build with -buildmode=pie on i386
- interfaces: backport broadcom-asic-control interface
- interfaces: allow /usr/bin/xdg-open in unity7
- store: do not resume a download when we already have the whole
thing
* New upstream release, LP: #1703798:
- tests: use dnf --refresh install to avert stale cache
- tests: fix test failure on 14.04 due to old version of
flock
- updates for unity7/x11, browser-support, network-control,
mount-observe
- interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
- interfaces/browser-support: update sysfs reads for
newer browser versions
- interfaces/network-control: rw for ieee80211 advanced wireless
- interfaces/mount-observe: allow read on sysfs entries for block
devices
* New upstream release, LP: #1703798
- fix build failure on 32bit fedora
- interfaces: add password-manager-service implicit classic interface
- interfaces/greengrass-support: adjust accesses now that have working
snap
- interfaces/many, cmd/snap-confine: miscellaneous policy updates
- interfaces/unity7: allow receiving media key events in (at least)
gnome-shell
- cmd: fix re-exec bug when starting from snapd 2.21
- tests: restore interfaces-account-control properly
- cmd: fix tests that assume /snap mount
- cmd: mark arch as non-reexecing distro
- snap-confine: don't share /etc/nsswitch from host
- store: talk to api.snapcraft.io for purchases
- hooks: support for install and remove hooks
- packaging: fix Fedora support
- tests: add bluetooth-control interface test
- store: talk to api.snapcraft.io for assertions
- tests: remove snapd before building from branch
- tests: add avahi-observe interface test
- store: orders API now checks if customer is ready
- cmd/snap: snap find only searches stable
- interfaces: updates default, mir, optical-observe, system-observe,
screen-inhibit-control and unity7
- tests: speedup prepare statement part 1
- store: do not send empty refresh requests
- asserts: fix error handling in snap-developer consistency check
- systemd: add explicit sync to snapd.core-fixup.sh
- snapd: generate snap cookies on startup
- cmd,client,daemon: expose "force devmode" in sysinfo
- many: introduce and use strutil.ListContains and also
strutil.SortedListContains
- assserts,overlord/assertstate: test we don't accept chains of
assertions founded on a self-signed key coming externally
- interfaces: enable access to bridge settings
- interfaces: fix copy-pasted iio vs io in io-ports-control
- cmd/snap-confine: various small fixes and tweaks to seccomp
support code
- interfaces: bring back seccomp argument filtering
- systemd, osutil: rework systemd logs in preparation for services
commands
- tests: store /etc/systemd/system/snap-*core*.mount in snapd-
state.tar.gz
- tests: shellcheck improvements for tests/main tasks - first set of
tests
- cmd/snap: `--last` for abort and watch, and aliases
(searchfind, changetasks)
- tests: shellcheck improvements for tests/lib scripts
- tests: create ramdisk if it's not present
- tests: shellcheck improvements for nightly upgrade and regressions
tests
- snapd: fix for snapctl get panic on null config values.
- tests: fix for rng-tools service not restarting
- systemd: add snapd.core-fixup.service unit
- cmd: avoid using current symlink in InternalToolPath
- tests: fix timeout issue for test refresh core with hanging
- intefaces: control bridged vlan/ppoe-tagged traffic
- cmd/snap: include snap type in notes
- overlord/state: Abort() only visits each task once
- tests: extend find-private test to cover more cases
- snap-seccomp: skip socket() tests on systems that use socketcall()
instead of socket()
- many: support snap title as localized/title-cased name
- snap-seccomp: deal with mknod on aarch64 in the seccomp tests
- interfaces: put base policy fragments inside each interface
- asserts: introduce NewDecoderWithTypeMaxBodySize
- tests: fix snapd-notify when it takes more time to restart
- snap-seccomp: fix snap-seccomp tests in artful
- tests: fix for create-key task to avoid rng-tools service ramains
alive
- snap-seccomp: make sure snap-seccomp writes the bpf file
atomically
- tests: do not disable ipv6 on core systems
- arch: the kernel architecture name is armv7l instead of armv7
- snap-confine: ensure snap-confine waits some seconds for seccomp
security profiles
- tests: shellcheck improvements for tests/nested tasks
- wrappers: add SyslogIdentifier to the service unit files.
- tests: shellcheck improvements for unit tasks
- asserts: implement FindManyTrusted as well
- asserts: open up and optimize Encoder to help avoiding unnecessary
copying
- interfaces: simplify snap-confine by just loading pre-generated
bpf code
- tests: restart rng-tools services after few seconds
- interfaces, tests: add mising dbus abstraction to system-observe
and extend spread test
- store: change main store host to api.snapcraft.io
- overlord/cmdstate: new package for running commands as tasks.
- spread: help libapt resolve installing libudev-dev
- tests: show the IP from .travis.yaml
- tests/main: use pkgdb function in more test cases
- cmd,daemon: add debug command for displaying the base policy
- tests: prevent quoting error on opensuse
- tests: fix nightly suite
- tests: add linode-sru backend
- snap-confine: validate SNAP_NAME against security tag
- tests: fix ipv6 disable for ubuntu-core
- tests: extend core-revert test to cover bluez issues
- interfaces/greengrass-support: add support for Amazon Greengrass
as a snap
- asserts: support timestamp and optional disabled header on repair
- tests: reboot after upgrading to snapd on the -proposed pocket
- many: fix test cases to work with different DistroLibExecDir
- tests: reenable help test on ubuntu and debian systems
- packaging/{opensuse,fedora}: allow package build with testkeys
included
- tests/lib: generalize RPM build support
- interfaces/builtin: sync connected slot and permanent slot snippet
- tests: fix snap create-key by restarting automatically rng-tools
- many: switch to use http numeric statuses as agreed
- debian: add missing Type=notify in 14.04 packaging
- tests: mark interfaces-openvswitch as manual due to prepare errors
- debian: unify built_using between the 14.04 and 16.04 packaging
branch
- tests: pull from urandom when real entropy is not enough
- tests/main/manpages: install missing man package
- tests: add refresh --time output check
- debian: add missing "make -C data/systemd clean"
- tests: fix for upgrade test when it is repeated
- tests/main: use dir abstraction in a few more test cases
- tests/main: check for confinement in a few more interface tests
- spread: add fedora snap bin dir to global PATH
- tests: check that locale-control is not present on core
- many: snapctl outside hooks
- tests: add whoami check
- interfaces: compose the base declaration from interfaces
- tests: fix spread flaky tests linode
- tests,packaging: add package build support for openSUSE
- many: slight improvement of some snap error messaging
- errtracker: Include /etc/apparmor.d/usr.lib.snap-confine md5sum in
err reports
- tests: fix for the test postrm-purge
- tests: restoring the /etc/environment and service units config for
each test
- daemon: make snapd a "Type=notify" daemon and notify when startup
is done
- cmd/snap-confine: add support for --base snap
- many: derive implicit slots from interface meta-data
- tests: add core revert test
- tests,packaging: add package build support for Fedora for our
spread setup
- interfaces: move base declaration to the policy sub-package
- tests: fix for snapd-reexec test cheking for restart info on debug
log
- tests: show available entropy on error
- tests: clean journalctl logs on trusty
- tests: fix econnreset on staging
- tests: modify core before calling set
- tests: add snap-confine privilege test
- tests: add staging snap-id
- interfaces/builtin: silence ptrace denial for network-manager
- tests: add alsa interface spread test
- tests: prefer ipv4 over ipv6
- tests: fix for econnreset test checking that the download already
started
- httputil,store: extract retry code to httputil, reorg usages
- errtracker: report if snapd did re-execute itself
- errtracker: include bits of snap-confine apparmor profile
- tests: take into account staging snap-ids for snap-info
- cmd: add stub new snap-repair command and add timer
- many: stop "snap refresh $x --channel invalid" from working
- interfaces: revert "interfaces: re-add reverted ioctl and quotactl
- snapstate: consider connect/disconnect tasks in
CheckChangeConflict.
- interfaces: disable "mknod |N" in the default seccomp template
again
- interfaces,overlord/ifacestate: make sure installing slots after
plugs works similarly to plugs after slots
- interfaces/seccomp: add bind() syscall for forced-devmode systems
- packaging/fedora: Sync packaging from Fedora Dist-Git
- tests: move static and unit tests to spread task
- many: error types should be called FooError, not ErrFoo.
- partition: add directory sync to the save uboot.env file code
- cmd: test everything (100% coverage \o/)
- many: make shell scripts shellcheck-clean
- tests: remove additional setup for docker on core
- interfaces: add summary to each interface
- many: remove interface meta-data from list of connections
- logger (& many more, to accommodate): drop explicit syslog.
- packaging: import packaging bits for opensuse
- snapstate,many: implement snap install --unaliased
- tests/lib: abstract build dependency installation a bit more
- interfaces, osutil: move flock code from interfaces/mount to
osutil
- cmd: auto import assertions only from ext4,vfat file systems
- many: refactor in preparation for 'snap start'
- overlord/snapstate: have an explicit code path last-refresh
unset/zero => immediately refresh try
- tests: fixes for executions using the staging store
- tests: use pollinate to seed the rng
- cmd/snap,tests: show the sha3-384 of the snap for snap info
--verbose SNAP-FILE
- asserts: simplify and adjust repair assertion definition
- cmd/snap,tests: show the snap id if available in snap info
- daemon,overlord/auth: store from model assertion wins
- cmd/snap,tests/main: add confinement switch instead of spread
system blacklisting
- many: cleanup MockCommands and don't leave a process around after
hookstate tests
- tests: update listing test to the core version number schema
- interfaces: allow snaps to use the timedatectl utility
- packaging: Add Fedora packaging files
- tests/libs: add distro_auto_remove_packages function
- cmd/snap: correct devmode note for anomalous state
- tests/main/snap-info: use proper pkgdb functions to install distro
packages
- tests/lib: use mktemp instead of tempfile to work cross-distro
- tests: abstract common dirs which differ on distributions
- many: model and expose interface meta-data.
- overlord: make config defaults from gadget work also at first boot
- interfaces/log-observe: allow using journalctl from hostfs for
classic distro
- partition,snap: add support for android boot
- errtracker: small simplification around readMachineID
- snap-confine: move rm_rf_tmp to test-utils.
- tests/lib: introduce pkgdb helper library
- errtracker: try multiple paths to read machine-id
- overlord/hooks: make sure only one hook for given snap is executed
at a time.
- cmd/snap-confine: use SNAP_MOUNT_DIR to setup /snap inside the
confinement env
- tests: bump kill-timeout and remove quiet call on build
- tests/lib/snaps: add a test store snap with a passthrough
configure hook
- daemon: teach the daemon to wait on active connections when
shutting down
- tests: remove unit tests task
- tests/main/completion: source from /usr/share/bash-completion
- assertions: add "repair" assertion
- interfaces/seccomp: document Backend.NewSpecification
- wrappers: make StartSnapServices cleanup any services that were
added if a later one fails
- overlord/snapstate: avoid creating command aliases for daemons
- vendor: remove unused packages
- vendor,partition: fix panics from uenv
- cmd,interfaces/mount: run snap-update-ns and snap-discard-ns from
core if possible
- daemon: do not allow to install ubuntu-core anymore
- wrappers: service start/stop were inconsistent
- tests: fix failing tests (snap core version, syslog changes)
- cmd/snap-update-ns: add actual implementation
- tests: improve entropy also for ubuntu
- cmd/snap-confine: use /etc/ssl from the core snap
- wrappers: don't convert between []byte and string needlessly.
- hooks: default timeout
- overlord/snapstate: Enable() was ignoring the flags from the
snap's state, resulting in losing "devmode" on disable/enable.
- difs,interfaces/mount: add support for locking namespaces
- interfaces/mount: keep track of kept mount entries
- tests/main: move a bunch of greps over to MATCH
- interfaces/builtin: make all interfaces private
- interfaces/mount: spell unmount correctly
- tests: allow 16-X.Y.Z version of core snap
- the timezone_control interface only allows changing /etc/timezone
and /etc/writable/timezone. systemd-timedated also updated the
link of /etc/localtime and /etc/writable/localtime ... allow
access to this file too
- cmd/snap-confine: aggregate operations holding global lock
- api, ifacestate: resolve disconnect early
- interfaces/builtin: ensure we don't register interfaces twice
* New upstream release, LP: #1690083
- cmd: fix incorrect re-exec when starting from snapd 2.21
* New upstream release, LP: #1690083
- cmd,tests: fix classic confinement confusing re-execution code
- cmd: fix incorrect check check for re-exec in InternalToolPath()
- snap-seccomp: add secondary arch for unrestricted snaps as well
* New upstream release, LP: #1690083
- Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
* New upstream release, LP: #1690083
- statically link libseccomp in snap-seccomp to fix refresh issue
on trusty
* New upstream release, LP: #1690083
- Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
- add snapd.core-fixup.service unit
- ensure re-exec uses the right internal tools
* New upstream release, LP: #1690083
- interfaces: allow snaps to use the timedatectl utility in
time-control
* New upstream release, LP: #1690083
- backport of seccomp-bpf branch to the 2.26 release to ensure snap
revert with new seccomp syntax works correctly
* New upstream release, LP: #1690083
- partly revert aace15ab53 to unbreak core reverts
- Revert "interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)"
- Disable "mknod |N" in the default seccomp template
reasons outline in https://forum.snapcraft.io/t/snapd-2-25-blocked-because-of-revert-race-condition
- errtracker: include bits of snap-confine apparmor profile
- errtracker: report if snapd did re-execute itself
* New upstream release, LP: #1690083
- cherry pick test fixes f0103a6, 9de5c8a, d7725a7 to make
sure the image tests are updated for the changes in the
`snap info core` output and the removal of the rsyslog
package from core.
* New upstream release, LP: #1690083
- cherry pick d444728 to make the uboot.env file parsing more
robust
* New upstream release, LP: #1690083
- store: fix panic error in auth
- tests: the new ubuntu-image snap needs classic confinement, adjust
tests
- cmd/snap-confine: don't fail on pre 3.8 kernel
* New upstream release, LP: #1690083
- timeutil: avoid panicking when the window is very small
- image: fix go vet issue
- overlord/ifacestate: don't spam logs with harmless auto-connect
messages
- interfaces/builtin: add network-status interface
- interfaces/builtin: add online-accounts-service interface
- interfaces/builtin: distribute code of touching allInterfaces
- interfaces: API additions for interface hooks
- interfaces/builtin: add storage-framework-service interface
- tests: disable create-key test on ppc64el for artful (expect not
working)
- snap: make `snap prepare-image --extra-snaps` derive side info
- tests: unify tests/{main/completion,completion}/lib.exp0
- cmd/snap: tweak info channels output
- interfaces: ensure that legacy interface methods are unused
- packaging: cleanup how built-using is generated
- tests: extend kernel-module-control interface test
- interfaces/network: workaround Go's need for NETLINK_ROUTE with
'net'.
- cmd/snap-confine: use defensive argument parser
- tests: add test for empty snap name on revert
- overlord/hookstate: remove unused Context.timeout
- tests: additional setup in docker test for core systems
- configstate: return error if patch is invalid
- interfaces: add random interface
- store, daemon, client, cmd/snap: handle PASSWORD_POLICY_ERROR
- cmd/snap, client: add "whoami" command
- cmd/snap: iterate interface tab completion
- snap: move locale-control to only be present on classic
- interfaces/browser-support: deny read on squashfs backing files
and LVM vg names
- tests: wait for the docker socket to be listening
- snap: add `snap refresh --time` option
- tests: re-enable and moderninze /media sharing test
- cmd: make rst2man optional
- tests: remove quoting from [[ ]] when globs
- interfaces: allow plugging DBus clients to introspect the slot
service
- packaging/ubuntu*/changelog: drop extra dash
- snap-confine: init the ENTRY variable, coverity is unhappy
otherwise
- cmd/snap-confine/spread-tests: discard useless --version test
- spread: add spread target qemu:debian-9-64
- interfaces: mediate netlink sockets via seccomp
- tests,cmd/snap-confine: port older snapd-discard-ns tests
- cmd/snap-confine/tests: fix shellcheck on recently added files
- tests/upgrade: force install core snap from beta for debian
- overlord/snapstate/backend,interfaces/mount: move ns management
code.
- tests: extend network-control spread test to cope with network
namespaces
- tests: fail early in the spread suite if trying to run it inside a
container
- tests: set ownership of $PROJECT_PATH for the external backend
- tests: specify the auto-refreshable snap being tested
- many: fix tests with go1.8 / artful
- fix for tests: debian does not have /snap/bin in secure_path so
sudo
- snap: support for snap tasks --last=...
- cmd/snap-confine: remove obsolete debug message
- address review feedback, add a lot of comments :-), call
shellcheck on the completion scripts, fix a bug in compopt
* New upstream release, LP: #1686713
- interfaces/default: allow mknod for regular files, pipes and
sockets
- many: use "SNAP.APP as ALIAS" instead of => when listing
added/removed aliases
- cmd/snap-confine: write current mount profile
- cmd/snap-discard-ns: remove current profile when cleaning up
- many: support debian in our CI
- tests: tweak time for econnreset test a bit more
- cmd/snap-confine: re-enable re-assciate fix for CE
- many: aliases v2 cleanups
- cmd/snap-confine: don't use apparmor if it is disabled on boot
- many: implement `snap prefer <snap>` (aliases v2)
- many: adjust /aliases and "snap aliases" to aliases v2, also some
cleanup
- snapstate: normalize gadget defaults
- many: allow core refresh.schedule setting
- many: show alias changes on snap alias/unalias (aliases v2)
- client,cmd/snap: improve messaging on --devmode and --classic
- many: implement `snap unalias <alias-or-snap>` (aliases v2)
- store: retry on connection reset
- interfaces/mount: add Change.Perform
- tests: add openvswitch interface spread test
- interfaces/i2c: allow modifying device-specific sysfs entries
- interfaces: allow writing to /run/systemd/journal/stdout by
default
- tests: ensure travis fails early if static checks fail
- store,daemon: make store interpret channel="" as stable in most
cases
- overlord/snapstate: make UpdateAliases idempotent, simplify the
backend interface bits for aliases not used anymore (aliases v2)
- many: implement snap alias <snap.app> <alias> (aliases v2)
- snap-confine: add code to ensure that / or /snap is mounted
"shared"
- many: show available "tracks" in `snap info`
- cmd/snap: make users Xauthority file available in snap environment
- interfaces/mount: write current fstab files with mode 0644
- overlord: switch to aliases v2 tasks for install/refresh etc ops
plus transition
- tests: parameterize gadget snap channel (#3117)
- tests: copy .real profile as .real
- tests: add empty initrd failover test
- many: mount squashfs as read-only
- cmd: make locking around namespaces explicit
- tests: address review comments from #3186
- tests: add dbus interface spread test
- interfaces/mount: add ReadMountInfo and LoadMountInfo
- snap: require snap name for 'revert'
- overlord: maintain per-revision snapshots of snap configuration
- tests: relax network-bind interface regexps
- interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)
- store: retry once on hashsum mismatches in a Download()
- interfaces/builtin: don't panic if content plug has nil attrs
- interfaces/mount: pass mount.Profile to mount.NeededChanges
- packaging: add `built-using` header for 16.04 packaging
- interfaces: add media-hub interface
- interfaces/builtin: allow full access to properties iface of the
udisks service
- tests: handle case when both .real and plain are present
- interfaces/mount: add Change.String for readable output
- tests: ensure we mock force dev mode as well to fix FTBFS in
sbuild
- store: add more logs around retry in download
- interfaces/mount: add stub Change.{Needed,Perform}
- tests: allow installing snapd from -proposed for SRU validation
- interfaces/mount: parse mount options to map[string]string
- snap: added tasks subcommand
- tests: copy snap-confine apparmor profile into testbed
- interfaces/mount: improve go identifier names of mountinfo, parse
optional fields
- Arch Linux wants to respect FHS
(https://bugs.archlinux.org/task/53656),
- daemon: do not set RemoveSnapPath flag when doing a try
- debian: add maintscript helper to remove usr.lib.snapd.snap-
confine in snap-confine
- cmd/snap-confine: don't use plain "classic" term
- cmd/snap-confine: set TMPDIR and TEMPDIR each time
- many: fixes for `go vet` in go 1.7
- tests: add kernel-module-control interface test
- overlord/snapstate: introduce tasks for aliases v2 semantics with
temporary names for now (aliases v2)
- overlord/devicestate: switch to ssh-keygen for device key
generation
- snap: skip /dev/ram from auto-import assertions to make it less
noisy (#3010)
- interfaces: add kubernetes-support interface and adjust related
interfaces (LP: #1664638)
- tests: download previous snapd package from published versions
instead of specific PPA
- snap: run snap-confine from core if snap is also running from core
- overlord/ifacestate: automatically rename connections on core snap
- many: break the /aliases mutation API with a clean 400 (aliases
v2)
- interfaces/builting: allow read-only access to /sys/module
- tests: add extra test after the core transition for snap get/set
core
- store: misc cleanups in tests
- interfaces/mount: add parser for mountinfo entries
- store: tests for unexpected EOF
- tests: fix unity test
- interfaces,overlord: log interface auto-connection failures
- cmd/snap-update-ns: add C preamble for setns
- interfaces: validate plug/slot uniqueness
* New upstream release, LP: #1681799:
- fix autopkgtest failures with stable core snap
- ensure the snap-confine transitional package cleans up
the no-longer-used apparmor profile to fix the kernels
autopkgtest failures
* New upstream release, LP: #1681799:
- interfaces/mount: add InfoEntry type
- many: fix plug auto-connect during core transition
- interfaces: fold network bind into core support with tests
- .travis.yml: add option to make raw log less noisy
- interfaces: adjust shm accesses to use 'm' for updated mmap kernel
mediation
- many: rename two core plugs that clash with slot names
- snap-confine,browser-support: /dev/tty for snap-confine, misc
browser-support for gnome-shell
- store: add download test with EOF in the middle
- tests: adjust to look for network-bind-plug
- store: make hash error message more accurate
- overlord/snapstate: simplify AliasesStatus down to just an
AutoAliasesDisabled bool flag (aliases v2)
- errtracker: never send errtracker reports when running under
SNAPPY_TESTING
- interfaces/repo: validate slot/plug names
- daemon: Give the snap directories via GET /v2/system-info
- interfaces/unity7: support unity messaging menu
- interfaces/mount: add high-level Profile functions
- git: ignore only the cmd/Makefile{,.in}
- cmd: explicitly set _GNU_SOURCE and _FILE_OFFSET_BITS for xfs
support
- daemon: add desktop file location for app to the API
- overlord,release: disable classic snap support when not possible
- overlord: fix TestEnsureLoopPrune not to be so racy
- many: abstract path to /bin/{true,false}
- data/systemd: tweak data/systemd/Makefile to be slightly simpler
- store: handle EOF via url.Error check
- packaging: use templates for relevant systemd units
- tests: run gccgo only on ubuntu-16.04-64
- .travis.yml: remove travis matrix and do a single sequential run
- overlord/state: make sure that setting to nil a state key is
equivalent to deleting it
- tests: fix incorrect shell expression
- interfaces/mount: add OptsToFlags for converting arguments to
syscall
- interfaces: add a joystick interface
- tests: enable docker test for more ubuntu-core systems
- tests: download and install additional dependencies when using
prepackaged snapd
- many: add support for partially static builds
- interfaces: allow slot to introspect dbus-daemon in dbus
interface, allow /usr/bin/arch by default
- interfaces/mount: fix golint issues
- interfaces/mount: add function for saving fstab-like file
- osutil: introducing GetenvInt64, like GetenvBool but Int64er.
- interfaces: drop udev tagging from framebuffer interface
- snapstate: more helpers to work with aliases state (aliases
v2)
- interfaces/mount: add function for parsing fstab-like file
- cmd: disable the re-associate fix as requested by jdstrand
- overlord/snapstate: unlock/relock the state less, especially not
across mutating the SnapState of a snap
- interfaces: allow executing ld.so (needed with new AppArmor base
abstraction)
- interfaces/mount: add function for parsing mount entries
- cmd: rework header check for xfs/xqm.h
- cmd: add poky to the list of distros which don't support reexec
- overlord: finish reorg, revert "be more conservative until we have
cut 2.23.x"
- cmd: select what socket to use in cmd/snap{,ctl}
- overlord: remove snap config values when snap is removed
- snapstate: introduce helper to apply to disk a alias states change
for a snap (aliases v2)
- configstate,hookstate: timeout the configure hook after 5 mins,
report failures to the errtracker
- interfaces/seccomp: add bind as part of the default seccomp policy
for hooks
- cmd: discard the C implementation of snap-update-ns
- tests: remove stale apt proxy leftover from cloud-init
- tests: move unity test to nightly suite
- interfaces: add support for location-observe for
dbus::ObjectManager session paths
- boot: log error in KernelOrOsRebootRequired
- interfaces: remove old API
- interfaces: use udev spec
- interfaces: convert systemd backend to new APIs
- osutil: add BootID
- tests: move docker test to new nightly suite
- interfaces/mount: compute mount changes required to transition
mount profiles
- data/selinux: add context definition for snapctl
- overlord: clean up organization under state packages
- overlord: make sure all managers packages have *state.go with the
main state manipulation/query APIs
- interfaces: use spec in the dbus backend
- store: download from authenticated URL if there is a device
session set
- tests: remove core_name variable
- interfaces: rename thumbnailer to thumbnailer-service
- interfaces: add chroot to base templates
- asserts: remove some unused things
- systemd: mount the squashfs with nodev
- overlord: when shutting down assume errors might be due to
cancellation so retry
- cmd: rename all unit tests to $command/unit-test
- cmd/snap: fix help string for version command
- asserts: don't allow revocations with other items for the same
developer
- tests: skip lp-1644439 test on older kernels
- interfaces: allow "sync" to be used by core support
- assertstate,snapstate: have assertstate.AutoAliases use the
"aliases" header
- interfaces: allow writing config.txt.tmp in the core-support
interface
- tests: adjust network-bind test
- interfaces: dbus backend spec
- asserts: introduce a snap-declaration "aliases" header to list
auto aliases with explicit targets
- cmd: enable large file support
- cmd/snap: handle missing snap-confine
- cmd/snap-confine: re-associate with pid-1 mount namespace if
required
- cmd/libsnap: make mountinfo structures public
- tests: fix interfaces-cups-control for zesty
- misc: revert "Log if the system goes into ForceDevMode"
- interfaces: seccomp tests cleanup
- cmd: validate SNAP_NAME
- interfaces: log if the system goes into ForceDevMode
- tests: fix classic-ubuntu-core-transition race
- interfaces: use apparmor spec in the apparmor backend
- interfaces: alphabetize framebuffer in base decl and add it to
all_test.go
- tests: add ubuntu-core-16-32 system to the external backend and
fix docker test
- cmd/libsnap: simplify sc_string_quote default case
- osutil: fix double expand in environment map code and add test
- interfaces: extend location-control out-of-process provider
support
- cmd/snap-update-ns: use bidirectional lists for mount entries
- tests: prevent automatic transition before setting the initial
state of the test
- release: detect if we are in ForcedDevMode by inspecting the
kernel
- tests: add core-snap-refresh test
- interfaces: add maliit input method interface
- interfaces: seccomp spec API tweaks for better tests
- interfaces: updates for mir-kiosk in browser-support, mir, opengl,
unity7
- testutils: address review feedback from PR#2997
- tests: specify the core version to be unsquashfs'ed in the
failover tests
- interfaces: use MockInfo in tests
- cmd/libsnap: add sc_quote_string
- cmd/snap-confine: use sc_do_umount everywhere
- interfaces: add unity8 plug permissions
- timeutil: a few helpers for the recurring events
- asserts: implement snap-developer type
- partition: deal with grub{,2}-editenv in tests
- many: add new (hidden) `snap debug ensure-state-soon` command and
use in tests
- interfaces/builtin: small refactor of dbus tests
- packaging, tests: use "systemctl list-unit-files --full"
everywhere
- many: some opensuse patches that are ready to go into master
- packaging: add opensuse permissions files
- client, daemon: move "snap list" name filtering into snapd.
- interfaces: use seccomp specs
- overlord/snapstate: small cleanup of
ensureForceDevmodeDropsDevmodeFromState
- interfaces/builtin/alsa: add read access to alsa state dir
- interfaces: use spec in kmod backend, updated firewall_control,
openvswitch_support, ppp
- cmd/snap-confine: use sc_do_mount everywhere
- tests: remove workaround for docker again, snap-declaration is
fixed now
- interfaces: interface to allow autopilot introspection
* New upstream release, LP: #1673568
- cmd: use the most appropriate snap/snapctl sockets
- tests: fix interfaces-cups-control for zesty
- configstate,hookstate: timeout the configure hook after 5 mins,
report failures
- packaging: rename the file shipping snap-confine AA profile to
workaround dpkg bug #858004
- many: ignore configure hook failures on core refresh to ensure
upgrades are always possible
- snapstate: restart as needed if we undid unlinking aka relinked
core or kernel snap
* New upstream release, LP: #1673568
- allow "sync" in core-support
* New upstream release, LP: #1673568
- fix core-support interface for the new pi-config options
* FTBFS due to missing files in vendor/
* New upstream release, LP: #1673568
- cmd/snap: handle missing snap-confine (#3041)
* New upstream release, LP: #1665608
- packaging, tests: use "systemctl list-unit-files --full"
everywhere
- interfaces: fix default content attribute value
- tests: do not nuke the entire snapd.conf.d dir when changing
store settings
- hookstate: run the right "snap" command in the hookmanager
- snapstate: revert PR#2958, run configure hook again everywhere
* New upstream release, LP: #1665608
- overlord: phase 2 with 2nd setup-profiles and hook done after
restart for core installation
- data: re-add snapd.refresh.{timer,service} with weekly schedule
- interfaces: allow 'getent' by default with some missing dbs to
various interfaces
- overlord/snapstate: drop forced devmode
- snapstate: disable running the configure hook on classic for the
core snap
- ifacestate: re-generate apparmor in InterfaceManager.initialize()
- daemon: DevModeDistro does not imply snapstate.Flags{DevMode:true}
- interfaces/bluez,network-manager: implement ConnectedSlot policy
- cmd: add helpers for mounting / unmounting
- snapstate: error in LinkSnap() if revision is unset
- release: add linuxmint 18 to the non-devmode distros
- cmd: fixes to run correctly on opensuse
- interfaces: consistently use 'const' instead of 'var' for security
policy
- interfaces: miscellaneous policy updates for unity7, udisks2 and
browser-support
- interfaces/apparmor: compensate for kernel behavior change
- many: only tweak core config if hook exists
- overlord/hookstate: don't report a run hook output error without
any context
- cmd/snap-update-ns: move test data and helpers to new module
- vet: fix vet error on mount test.
- tests: empty init (systemd) failover test
- cmd: add .indent.pro file to the tree
- interfaces: specs for apparmor, seccomp, udev
- wrappers/services: RemainAfterExit=yes for oneshot daemons w/ stop
cmds
- tests: several improvements to the nested suite
- tests: do not use core for "All snaps up to date" check
- cmd/snap-update-ns: add function for sorting mount entries
- httputil: copy some headers over redirects
- data/selinux: merge SELinux policy module
- kmod: added Specification for kmod security backend
- tests: failover test for rc.local crash
- debian/tests: map snapd deb pockets to core snap channels for
autopkgtest
- many: switch channels on refresh if needed
- interfaces/builtin: add /boot/uboot/config.txt access to core-
support
- release: assume higher version of supported distros will still
work
- cmd/snap-update-ns: add compare function for mount entries
- tests: enable docker test
- tests: bail out if core snap is not installed
- interfaces: use mount.Entry instead of string snippets.
- osutil: trivial tweaks to build ID support
- many: display kernel version in 'snap version'
- osutil: add package for reading Build-ID
- snap: error when `snap list foo` is run and no snap is installed
- cmd/snap-confine: don't crash if nvidia module is loaded but
drivers are not available
- tests: update listing test for latest core snap version update
- overlord/hookstate/ctlcmd: helper function for creating a deep
copy of interface attributes
- interfaces: add a linux framebuffer interface
- cmd/snap, store: change error messages to reflect latest UX doc
- interfaces: initial unity8 interface
- asserts: improved information about assertions format in the
Decode doc comment
- snapstate: ensure snapstate.CanAutoRefresh is nil in tests
- mkversion.sh: Add support for taking the version as a parameter
- interfaces: add an interface for use by thumbnailer
- cmd/snap-confine: ensure that hostfs is root owned.
- screen-inhibit-control: add methods for delaying screensavers
- overlord: optional device registration and gadget support on
classic
- overlord: make seeding work also on classic, optionally
- image,cmd/snap: refactoring and initial envvar support to use
stores needing auth
- tests: add libvirt interface spread test
- cmd/libsnap: add helper for dropping permissions
- interfaces: misc updates for network-control, firewall-control,
unity7 and default policy
- interfaces: allow recv* and send* by default, accept4 with accept
and other cleanups
- interfaces/builtin: add classic-support interface
- store: use xdelta3 from core if available and not on the regular
system
- snap: add contact: line in `snap info`
- interfaces/builtin: add network-setup-control which allows rw
access to netplan
- unity7: support missing signals and methods for status icons
- cmd: autoconf for RHEL
- cmd/snap-confine: look for PROCFS_SUPER_MAGIC
- dirs: use the right snap mount dir for the distribution
- many: differentiate between "distro" and "core" libexecdir
- cmd: don't reexec on RHEL family
- config: make helpers reusable
- snap-exec: support nested environment variables in environment
- release: add galliumos support
- interfaces/builtin: more path options for serial
- i18n: look into core snaps when checking for translations
- tests: nested image testing
- tests: add basic test for docker
- hookstate,ifacestate: support snapctl set/get slot and plug attrs
(step 3)
- cmd/snap: add shell completion to connect
- cmd: add functions to load/save fstab-like files
- snap run: create "current" symlink in user data dir
- cmd: autoconf for centos
- tests: add more debug if ubuntu-core-upgrade fails
- tests: increase service retries
- packaging/ubuntu-14.04: inform user how to extend PATH with
/snap/bin.
- cmd: add helpers for working with mount/umount commands
- overlord/snapstate: prepare for using snap-update-ns
- cmd: use per-snap mount profile to populate the mount namespace
- overlord/ifacestate: setup seccomp security on startup
- interface/seccomp: sort combined snippets
- release: don't force devmode on LinuxMint "serena"
- tests: filter ubuntu-core systems for authenticated find-private
test
- interfaces/builtin/core-support: Allow modifying logind
configuration from the core snap
- tests: fix "snap managed" output check and suppress output from
expect in the authenticated login tests
- interfaces: shutdown: also allow shutdown/reboot/suspend via
logind
- cmd/snap-confine-tests: reformat test to pass shellcheck
- cmd: add sc_is_debug_enabled
- interfaces/mount: add dedicated mount entry type
- interfaces/core-support: allow modifying systemd-timesyncd and
sysctl configuration
- snap: improve message after `snap refresh pkg1 pkg2`
- tests: improve snap-env test
- interfaces/io-ports-control: use /dev/port, not /dev/ports
- interfaces/mount-observe: add quotactl with arg filtering (LP:
#1626359)
- interfaces/mount: generate per-snap mount profile
- tests: add spread test for delta downloads
- daemon: show "$snapname (delta)" in progress when downloading
deltas
- cmd: use safer functions in sc_mount_opt2str
- asserts: introduce a variant of model assertions for classic
systems
- interfaces/core-support: allow modifying snap rsyslog
configuration
- interfaces: remove some syscalls already in the default policy
plus comment cleanups
- interfaces: miscellaneous updates for hardware-observe, kernel-
module-control, unity7 and default
- snap-confine: add the key for which hsearch_r fails
- snap: improve the error message for `snap try`
- tests: fix pattern and use MATCH in find-private
- tests: stop tying setting up staging store access to the setup of
the state tarball
- tests: add regression spread test for #1660941
- interfaces/default: don't allow TIOCSTI ioctl
- interfaces: allow nice/setpriority to 0-19 values for calling
process by default
- tests: improve debug when the core transition test hangs
- tests: disable ubuntu-core->core transition on ppc64el (its just
too slow)
- snapstate: move refresh from a systemd timer to the internal
snapstate Ensure()
- tests/lib/fakestore/refresh: some more info when we fail to copy
asserts
- overlord/devicestate: backoff between retries if the server seems
to have refused the serial-request
- image: check kernel/gadget publisher vs model brand, warn on store
disconnected snaps
- vendor: move gettext.go back to github.com/ojii/gettext.go
- store: retry on 502 http response as well
- tests: increase snap-service kill-timeout
- store,osutil: use new osutil.ExecutableExists(exe) check to only
use deltas if xdelta3 is present
- cmd: fix autogen.sh on fedora
- overlord/devicemgr: fix test: setup account-key before using the
key for signing
- cmd: add /usr/local/* to PATH
- cmd: add sc_string_append
- asserts: support for correctly suggesting format 2 for snap-
declaration
- interfaces: port mount backend to new APIs, unify content of per
app/hook profiles
- overlord/devicestate: implement policy about gadget and kernel
matching the model
- interfaces: allow sched_setscheduler again by default
- debian: update breaks/replaces for snap-confine->snapd
- debian: move the snap-confine packaging into snapd
- 14.04/integrationtests: rely on upstart to restart ssh.
- store: enable download deltas on classic by default
- spread: add unit suite
- snapctl: add config in client to disable auth and use it in
snapctl
- overlord/ifacestate: register all security backends with the
repository
- overlord,tests: have enable/disable affect security profiles
- tests: install ubuntu-core from the same channel as core
- overlord: move configstate.Transaction into config package
- seccomp-support.c: add PF_* domains which can be used instead of
AF_*
- store: always log retry summary when SNAPD_DEBUG is set
- tests: parameterize kernel snap channel
- snapenv: do not append ":" to the SNAP_LIBRARY_PATH
- interfaces/builtin: refine the content interface rules using $SLOT
- asserts,interfaces/policy: add support for
$SLOT()/$PLUG()/$MISSING in *-attributes constraintsThis adds
support for $SLOT(arg), $PLUG(arg) and $MISSING attribute
constraints in plugs and slots rules in snap-declarations:
- cmd/snap-confine: add snap-confine command line parser module
- tests: remove (some) garbage files found by restore cleanup
analysis
- cmd: fix issues uncovered by valgrind
- tests: fix typo in systems name
- cmd: collect string utilities in one module, add missing tests
- cmd: rename mountinfo to sc_mountinfo
- tests: allow to install snapd debs from a ppa instead of building
them
- spread: remove state tar on project restore
* New upstream release:
- errtracker,overlord/snapstate: more info in errtracker reports
- interfaces/apparmor: compensate for kernel behavior change
* New upstream release, LP: #1667105
- overlord/ifacestate: don't fail if affected snap is gone
- revert #2910: osutil: add package for reading Build-ID (#2918)
- errtracker: include the build-id of host and core snapd (#2912)
- errtracker: include the number of ubuntu-core -> core retries
(#2915)
- snapstate: retry ubuntu-core -> core transition every 6h (#2914)
- osutil: add package for reading Build-ID (#2910)
- errtracker: include kernel version in error reports (#2905)
- release: return "unknown" if uname fails
- many: rebased uname branch for 2.22
- errtracker: include snapd version in err reports
- overlord/ifacestate: don't unconditionally retry stuff (#2906)
- snapstate: fix incorrect cut of the timestamps for the error
reports (#2908)
- tests: update listing test for latest core snap version update
* Fix FTBFS due to machine-id file
* New bugfix release:
- errtracker: add support for error reporting via daisy.ubuntu.com
- snapstate: allow for 6 retries for the core transition
- httputils: ensure User-Agent works across redirects
* New bugfix release, LP: #1665729:
- Limit the number of retries for the ubuntu-core -> core
transition to fix possible store overload.
* New upstream release, LP: #1659522
- cherry pick fix for sched_setscheduler regression
(LP: #1661265)
* New upstream release, LP: #1659522
- cherry pick fix for snapctl auth.json handling
* New upstream release, LP: #1659522
- many: make ubuntu-core-launcher mostly go
- interfaces/builtin: add account-control interface
- interfaces/builtin: add missing syscalls to core-support needed
for systemctl
- interfaces/builtin: rework core-support to only allow full access
to systemctl
- debian/tests: drop stale autopkgtest dependencies.
- tests: make the debugging of c-unit-tests more useful
- store: retry auth-related requests
- tests: integration test for system reload
- snap: be more helpful in the `snap install <already-installed>`
error message
- tests: set SNAPPY_USE_STAGING_STORE in su call
- tests: use test snap
- spread: set SNAPD_DEBUG=1 in the core snap as well
- tests: add extra debugging to security-setuid-root test
- cmd,snap,wrappers: systemd reload command support
- interfaces: builtin: mir: Allow recv and send
- overlord/ifacestate: use ParseConnRef
- overlord/snapstate,overlord/ifacestate: add automatic ubuntu-core
-> core transition
- debian: remove aliases as well in snapd.postrm
- many: change interfaces.ParseID to return value
- interfaces/opengl: allow access to the nvidia abstract socket
- overlord, daemon: flag failures feature fancy forms.
- many: add --classic support to try and revert, and make missing
these things a little harder
- interfaces: allow reading non-PCI-attached usb devices via raw-usb
- many: rename snap-alter-ns to snap-update-ns
- interfaces/builtin: add core-support
- store: increase the retry.LimitTime()
- debian: move the packaging out into package/$id-$version_id
- overlord/stapstate: don't use unkeyed fields
- many: add stub implementation of snap-alter-ns
- asserts: improve error message when key is not valid at the given
time
- snapstate, ifacestate: add snapstate.CheckChangeConflict() to
ifacestate.{Connect,Disconnect}
- debian: remove trusty specific bits
- docs: Add a note about building snapd.
- interfaces: miscellaneous updates for default and network-control
- daemon: bubble out store.ErrSnapNotFound in the findOne codepath
- store: add retry logging into download as well
- snap: show price in `snap info`
- cmd: add fault injection support code
- interfaces: network-manager: allow rw access to /etc/netplan
- debian: move systemd files out of ./debian and into ./data/systemd
- asserts: implement SuggestFormat to help avoid specifying the
wrong format iteration for an assertion
- many: detect potentially insecure use of snap-confine
- interfaces: allow querying added security backends
- cmd: ensure that all .c files have a -test.c file
- asserts: don't use 'context' for the path of attributes, want to
reuse the concept for something else
- interfaces: abbreviate ConnRef construction
- tests: ensure systemd override directory is available before using
it
- cmd: more build system cleanups and a small fix
- tests: increase retries for service up
- cmd: move seccomp cleanup function to seccomp-support
- many: auto-connect plugs and slots symmetrically
- overlord: use a ticker for the pruning
- interfaces/builtin: add uhid interface
- cmd/snap-confine: add shutdown helper
- tests: fix path used when debugging
- cmd: switch to non-recursive make
- overlord/ifacestate: setup security of snaps affected by auto-
connection
- spread: refresh apt cache before first install
- overlord: allow max 500 changes in "ready" state to avoid growing
changes for 24h
- snap: add {Plug,Slot}Info.SecurityTags
- cmd: move snap-discard-ns to dedicated directory
- tests: skip i18n test when no "snappy.mo" file is available
- interfaces,overlord/ifacestate: small refactor around reference
methods
- tests: remove the snapd dirs last (should fix random test errors)
- interfaces: mm: permissions for protocol proxies
- interfaces/builtin: add evolution interfaces
- many: extract the logging http client and user-agent handling for
use in devicestate
- interfaces: unity8-download-manager is the chosen name for this
interface.
- tests: add "quiet" wrapper function that only prints output on
failure
- tests: fix failing snapd-reexec test
- docs: simplify HACKING.md that snapd itself supports setting up
the sockets
- overlord: flag required-snaps from model as required and prevent
removing them
- spread: exclude .o and .a files
- tests: parameterize remote store
- cmd: fix hardcoded paths to rst2man and support rst2man.py
- tests: improve debug output when reexec is used
- tests: disable ipv6 before unpacking delta
- interfaces: add new interface API
- tests: change TRUST_TEST_KEYS to be controlled from the host
- spread: add boilerplate for Linode delta uploads
- wrappers: add support for the X-Ayatana-Desktop-Shortcuts=
extension
- partition: add support for native grubenv read/write and use it
- tests: add test ensuring manual pages are shipped
* New upstream release, LP: #1656382
- daemon: re-enable reexec
- interfaces: allow reading installed files from previous revisions
by default
- daemon: make activation optional
- tests: run all snap-confine tests in c-unit-tests task
- many: fix abbreviated forms of disconnect
- tests: switch more tests to MATCH
- store: export userAgent. daemon: print store.UserAgent() on
startup.
- tests: test classic confinement `snap list` and `snap info`
output
- debian: skip snap-confine unit tests on nocheck
- overlord/snapstate: share code between Update and UpdateMany, so
that it deals with auto-aliases correctly
- interfaces: upower-observe: refactor to allow snaps to provide a
slot
- tests: add end-to-end store test for classic confinement
- overlord,overlord/snapstate: have UpdateMany retire/enable auto-
aliases even without new revision
- interfaces/browser-support: add @{PROC}/@{pid}/fd/[0-9] w and misc
/run/udev
- interfaces/builtin: add physical-memory-* and io-ports-control
- interfaces: allow getsockopt by default since it is so commonly
used
- cmd/snap, daemon, overlord/snapstate: tests and fixes for "snap
refresh" of a classic snap
- interfaces: allow read/write access of real-time clock with time-
control interface
- store: request no CDN via a header using SNAPPY_STORE_NO_CDN
envvar
- snap: add information about tracking channel (not just actual
channel)
- interfaces: use fewer dot imports
- overlord/snapstate: remove restrictions on ResetAliases
- overlord, store: move confinement filtering to the overlord (from
The Store)
- many: move interface test helpers to ifacetest package
- many: implement 'snap aliases'
- vet: fix for unkeyed fields error on aliases_test.go
- interfaces: miscellaneous policy updates for network-control,
unity7, pulseaudio, default and home
- tests: test for auto-aliases
- interface hooks: connect plug slot hooks (step 2)
- cmd/snap: fix internal naming in snap connect
- snap: use "size" as the json tag in snap.ChannelSnapInfo
- tests: restore the missing initialization of iface manager causing
race
- snap: fix missing sizes in `snap info <remote-snap>`
- tests: improve cleanup for c-unit-tests
- cmd/snap-confine: build non-installed libsnap-confine-private.a
- cmd/snap-confine: small tweaks to seccomp support code
- interfaces/docker-support: allow /run/shm/aufs.xeno for 14.04
- many: obtain installed snaps developer/publisher username through
assertions
- store: setting of fields for details endpoint
- cmd/snap-confine: check for rst2man on configure
- snap: show `snap --help` output when just running `snap`
- interface/builtin: drop the obsolete checks in udisks2
SanitizeSlot
- cmd/snap: remove currency switch following UX review
- spread: find top-level directory before running generate-
packaging-dir
- interface hooks: prepare plug slot hooks (step 1)
- i18n: use github.com/mvo5/gettext.go (pure go) for i18n to avoid
cgo
- many: put a marker in the User-Agent sent by snapd/snap when under
testingThe User-Agent will look like:
- tests: fix -reuse and -resend when govendor is missing
- snap: provide friendlier `snap find` message when no snaps are
found
- tests: fix mkversions.sh failure on zesty
- spread: install build-essential unconditionally
- spread: improve qemu ubuntu-14.04-{32,64} support
- overlord/snapstate,daemon: implement GET /v2/aliases handling
- store: retry user info request
- tests: port more snap-confine regression tests
- tests: cancel the scheduled reboot on ubuntu-core-upgrade-no-gc
and restore state
- tests: debug zesty autopkgtest failures
- overlord/snapstate: use keyed fields on literals
- tests: use MATCH in install-remove-multi
- tests: increase wait time for service to be up
- tests: make debug-each succeed if DENIED doesn't match
- tests: skip packaging dir generation for non-git based autopkgtest
runs
- tests: port refresh-all-undo to MATCH
- tests: improve snap connect test
- tests: port additional snap-confine regression tests
- tests: show --version when it matches unknown
- tests: optionally use apt proxy for qemu
- tests: add hello-classic test
- many: behave more consistently when pointed to staging and
possibly the fake store
- overlord/ifacestate: remove stale comments
- interfaces/apparmor: ignore snippets in classic confinement
- tests: port first regression test from snap-confine
- cmd/snap-confine: disable old tests
* New upstream release, LP: #1648520
- tests: enable the ppc64el tests again
- tests: add classic confinement test
- tests: run snap confine tests in debian/rules already
* New upstream release, LP: #1648520
- many: implement "snap alias --reset" using snapstate.ResetAliases
- debian: use a packaging branch for 14.04
- store: retry downloads on io.Copy errors and sha3 checksum errors
- snap: show apps in `snap info`
- store: send an explicit X-Ubuntu-Classic header to the store
- overlord/snapstate: implement snapstate.ResetAliases
- interfaces/builtin: add dbus interface
- tests: fix tests on 17.04
- store: use mocked retry strategy to make store tests faster
- overlord: apply auto-aliases information from the snap-declaration
on install or refresh
- many: prepare landing on trusty
- many: implement snap unalias using snapstate.Unalias
- overlord/snapstate: fixing the placement/grouping of some
functions
- interfaces: support network namespaces via 'ip netns' in network-
control
- interfaces/builtin: fix pulseaudio apparmor rules
- interfaces/builtin: add iio interface
- tests: update custom core snap with the freshly build snap-confine
- interfaces: use sysd.{Disable,Stop} instead of sysd.DisableNow()
- overlord,overlord/snapstate: implement snapstate.Unalias by
generalizing the "alias" task
- interfaces: misc openstack snap enablement
- cmd/snap: mock terminal.ReadPassword instead of using /dev/ptmx
- notifications, daemon: kill the unsupported events endpoint
- client: only allow Dangerous option in InstallPath
- overlord/ifacestate: no interface checks if no snap id
- many: implement alias command
- snap: tweak snap install output as designed by Mark
- debian: fix Pre-Depends on dpkg
- tests: check if snap-confine --version is unknown
- cmd/snap-confine: allow content interface mounts
- tests: remove ppa:snappy-dev/image again
- interfaces/apparmor: allow access to core snap
- tests: remove snap-confine/ubuntu-core-launcher after the tests
- overlord,overlord/snapstate: implement snapstate.Alias
- cmd/snap: reject "snap disconnect foo"
- debian: add split ubuntu-core-launcher and snap-confine packages
- cmd: fix mkversion.sh and add regression test
- overlord/snapstate: setup/remove aliases as we link/unlink snaps
- cmd/snap,tests: alias support in snap run
- snap/snapenv: don't obscure HOME if snap uses classic confinement
- store: decode response.Body json inside retry loops
- cmd/snap-confine: fix compilation on platforms with gcc < 4.9.0
- vendor: update tomb package fixing context support
* New upstream release, LP: #1648520
- cmd/snap-confine: disable support for XDG_RUNTIME_DIR
- cmd/snap-confine/tests: fix stale path after move to snapd
- cmd/snap-confine: don't use __attribute__((nonull))
- snap: add description to `snap info`
- snap: show last refresh time
- store: switch default delta format from xdelta to xdelta3
- interfaces: fix system-observe interface to work with ps_mem
- debian: add missing ca-certificates dependency
- cmd/snap-confine: add support for classic confinement
- snapstate/backend: add backend methods to manage aliases
- tests: re-enable snap-confine unit tests via spread
- many: merge snap-confine into snapd
- many: add support for classic confinement
- snap: abort install with ctrl+c
- cmd/snap: change terms accept URL following UX review
- interfaces/apparmor: use distinct apparmor template for classic
- snap: add snap size to `snap info`
- interfaces: add unconfined access to modem-manager
- snap: support for parsing and exposing on snap.Info aliases
- debian: disable autopkgtests on ppc64el
- snap: disable support for socket activation
- tests: fix incorrect restore of the current symlink
- asserts: introduce auto-aliases header in snap-declaration
- interfaces/seccomp: add support for classic confinement
- tests: do not use external snaps
- daemon: close the dup()ed file descriptor to not leak it
- overlord, daemon, progress: enable building snapd without CGO
- daemon, store: let snap info find things in any channel
- store: retry tweaks and logging
- snap: Improve `snap --help` output as designed by Mark
- interfaces/builtin: fix incorrect udev rule in i2c
- overlord: increase test timeout and improve failure message
- snap: remove unused experimental command
- debian: remove unneeded conflict against the "snappy" package
- daemon, strutil: move daemon.quotedNames to strutil.Quoted
- docs: document SNAP_DEBUG_HTTP in HACKING.md
- cmd/snap: have some completers
- snap: support "daemon: notify" in snap.yaml
- snap: fix try command when daemon linie is added
- interfaces: apparmor support for classic confinement
- debian/rules: build with -buildoptions=pie
- tests: include /boot in saved state (including bootenv and any
kernels)
- daemon: ensure `snap try` installs core if it's missing
- tests: save/restore /snap/core/current symlink
- tests: decrease the number of expected featured apps
- tests: add set -e to the prepare ssh script
- cmd/snap: add tests for section completion; fix bugs.
- cmd/snap: document 'snap list --all'
* New upstream release, LP: #1644625
- daemon: fix crash when `snap refresh` contains a single update
- fix unhandled error from io.Copy() in download()
- interfaces/builtin: fix incorrect udev rule in i2c
* New upstream release, LP: #1644625
- store: retry on io.EOF
- tests: skip pty tests on ppc64el and powerpc
- client, cmd/snap: introducing "snap info"
- snap: do exit 0 on install/remove if that snap is already
installed or already removed
- snap: add `snap watch <change-id>` to attach to a running change
- store: retry downloads using retry loop
- snap: try doesn't require snap-dir when run in snap's directory
- daemon: show what will change in the "refresh-all" changes
- tests: disable autorefresh for the external backend
- snap: add `snap list -a` to show all snaps (even inactive ones)
- many: unify boolean env var handling
- overlord/ifacestate: don't setup jailmode snaps with devmode
confinement
- snapstate: do not garbage collect the snaps used by the bootenv
- debian: drop hard xdelta dependency for now
- snap: make `snap login` ask for email if not given as argument
- osutil: fix build on armhf (arm in go-arch) and powerpc (ppc in
go-arch)
- many: rename DevmodeConfinement to DevModeConfinement
- store: resp.Body.Close() missing in ReadyToBuy
- many: use ConfinementOptions instead of ConfinementType
- snap, daemon, store: fake the channel map in the REST API
- misc: run github.com/gordonklaus/ineffassign as part of the static
checks
- docs: add goreportcard badge and remove coveralls badge
- tests: force gofmt -s in static checks
- many: run gofmt -s -w on all the code
- store: DRY actual retry code
- many: fix various errors uncovered by goreportcard.com
- interfaces/builtin: allow additional shared memory for webkit
- many: some more missing snapState->snapst
- asserts: introduce an optional freeform display-name for model
- interfaces/builtin: rename usb-raw to raw-usb
- progress: init pbar with correct total value
- daemon/api.go: add quotedNames() helper
- interfaces: add ConfinementOptions type
- tests: add a test about the extra bits that prepare-device can
specify for device registration
- tests: check that gpio device nodes are exported after reboot
- tests: parameterize core channel with env var for classic too
- many: rename variable "ss" to "snapsup" or "snapst" or "st"
(depending on context)
- tests: do not use external snaps in spread
- store: retry buy request
- store: retry store.Find
- store: retry assertion store call
- store: retry call for snap details
- many: use snap.ConfinementType rather than bool devmode
- daemon: if a bad snap is posted it is not an internal error but a
bad request
- client: add "Snap.Screenshots" to the client API
- interfaces: update base declaration documentation and policy for
on-classic and snap-type
- store: check payment method before TOS for a better UX
- interfaces: allow sched_setaffinity in process-control
- tests: parameterize core channel with env var
- tests: ensure that the XDG_ env contains at least XDG_RUNTIME_DIR
- interfaces: fcitx also listens on the session bus for Qt apps
- store: retry ListRefresh
- snap: use "Password of <email>:" in the `snap login`
- many: reshuffle how we load/inject tests keys so image doesn't
need assertstate anymore
- store: use range requests if we have a local file already
- dirs,interfaces,overlord,snap,snapenv,test: export per-snap
XDG_RUNTIME_DIR per user
- osutil: make RealUser only look at SUDO_USER when uid==0
- tests: do not use the ppa:snappy-dev/image in the tests
- store: retry readyToBuy request
- tests: increase `expect` timeouts
- static tests: add spell check
- tests: add debug to all flaky expect tests
- systemd: correct the mount arguments when mounting with squashfuse
- interfaces: add avahi-observe
- store: bring delta downloads back
- interfaces: add alsa
- interfaces/builtin: fix a broken test that snuck into master
- osutil: add chattr funcs
- image: init "snap_mode" on image creation time to avoid ugly
messages
- tests: test-snapd-fuse-consumer needs python-fuse as a build-
package
- interfaces/builtin: add i2c interface
- interfaces: add ofono interface
- tests: do not use hello-world in our tests
- snap: add support for classic confinement
- interfaces: remove LegacyAutoConnect() from the interfaces
- interfaces: miscellaneous policy updates
- tests: run autopkgtests in the autopkgtest.ubuntu.com
infrastructure
- Implement lxd-client interface exposing the lxd snap
- asserts: validate optional account username
- many: remove unnecessary snap name parameter from buying endpoint
- tests: do not hardcode the size of /dev/ram0
- tests: add test that ensures the right content for /etc/os-release
- spread tests: fix snap mode check
- docs: fix path for source files location in HACKING.md
- interfaces/builtin/mir: allow slot to make recvfrom syscalls
- store: sections/featured snaps store support
* New upstream release, LP: #1637215:
- release: os-release on core has changed
- tests: /dev/ptmx does not work on powerpc, skip here
- docs: moved to github.com/snapcore/snapd/wiki (#2258)
- debian: golang is not installable on powerpc, use golang-any
* New upstream release, LP: #1637215:
- overlord/ifacestate: add unit tests for undo of setup-snap-
security (#2243)
- daemon,overlord,snap,tests: download to .partial in final dir
(#2237)
- overlord/state: marshaling tests for lanes (#2245)
- overlord/state: introduce state lanes (#2241)
- overlord/snapstate: fix revert+refresh (#2224)
- interfaces/sytemd: enable/disable generated service units (#2229)
- many: fix incorrect security files generation on undo
- overlord/snapstate: add dynamic snapdX.Y assumes (#2227)
- interfaces: network-manager: give slot full read-write access to
/run/NetworkManager
- docs: update the name of the command for the cross-build
- overlord/snapstate: fix missing argument to Noticef
- snapstate: ensure gadget/core/kernel can not be disabled (#2218)
- asserts: limit to 1y only if len(models) == 0 (#2219)
- debian: only install share/locale if available (missing on
powerpc)
- overlrod/snapstate: fix revert followed by refresh to old-current
(#2214)
- interfaces/builtin: network-manager and bluez can change hostname
(#2204)
- snap: switch the auto-import dir to /run/snapd/auto-import
- docs: less details about cloud.cfg as requested in trello (#2206)
- spread.yaml: Ensure ubuntu user has passwordless sudo for
autopkgtests (#2201)
- interfaces/builtin: add dcdbas-control interface
- boot: do not set boot to try mode if the revision is unchanged
- interfaces: add shutdown interface (#2162)
- interfaces: add system-power-control interface
- many: use the new systemd backend for configuring GPIOs
- overlord/ifacestate: setup security for slots before plugs
- snap: spool assertion candidates if snapd is not up yet
- store,daemon,overlord: download things to a partials dir
- asserts,daemon: implement system-user-authority header/concept
- interfaces/builtin: home base declaration rule using on-classic
for its policy
- interfaces/builtin: finish decl based checks
- asserts: bump snap-declaration to allow signing with new-style
plugs and slots
- overlord: checks for kernel installation/refresh based on model
assertion and previous kernel
- tests/lib/fakestore: fix logic to distinguish assertion not found
errors
- client: add a few explicit error types (around the request cycle)
- tests/lib/fakestore/cmd/fakestore: make it log, and fix a typo
- overlord/snapstate: two bugs for one
- snappy: disable auto-import of assertions on classic (#2122)
- overlord/snapstate: move trash cleanup to a cleanup handler
(#2173)
- daemon: make create-user --known fail on classic without --force-
managed (#2123)
- asserts,interfaces/policy: implement on-classic plug/slot
constraints
- overlord: check that the first installed gadget matches the model
assertion
- tests: use the snapd-control-consumer snap from the store
- cmd/snap: make snap run not talk to snapd for finding the revision
- snap/squashfs: try to hard link instead of copying. Also, switch
to osutil.CopyFile for cp invocation.
- store: send supported max-format when retrieving assertions
- snapstate, devicestate: do not remove seed
- boot,image,overlord,partition: read/write boot variables in single
operation
- tests: reenable ubuntu-core tests on qemu
- asserts,interfaces/policy: allow OR-ing of subrule constraints in
plug/slot rules
- many: move from flags as ints to flags as structs-of-bools (#2156)
- many: add supports for keeping and finding assertions with
different format iterations
- snap: stop using ubuntu-core-launcher, use snap-confine
- many: introduce an assertion format iteration concept, refuse to
add unsupported assertion
- interfaces: tweak wording and comment
- spread.yaml: dump apparmor denials on spread failure
- tests: unflake ubuntu-core-reboot (#2150)
- cmd/snap: tweak unknown command error message (#2139)
- client,daemon,cmd: add payment-declined error kind (#2107)
- cmd/snap: update remove command help (#2145)
- many: removed frameworks target and fixed service files (#2138)
- asserts,snap: validate attributes to a JSON-compatible type subset
(#2140)
- asserts: remove unused serial-proof type
- tests: skip auto-import tests on systems without test keys (#2142)
- overlord/devicestate: don't spam the debug log on classic (#2141)
- cmd/snap: simplify auto-import mountinfo parsing (#2135)
- tests: run ubuntu-core upgrades on isolated machine (#2137)
- overlord/devicestate: recover seeding from old external approach
(#2134)
- overlord: merge overlord/boot pkg into overlord/devicestate
(#2118)
- daemon: add postCreateUserSuite test suite (#2124)
- tests: abort tests if an update process is scheduled (#2119)
- snapstate: avoid reboots if nothing in the boot setup has changed
(#2117)
- cmd/snap: do not auto-import from loop or non-dev devices (#2121)
- tests: add spread test for `snap auto-import` (#2126)
- tests: add test for auto-mount assertion import (#2127)
- osutil: add missing unit tests for IsMounted (#2133)
- tests: check for failure creating user on managed ubuntu-core
systems (#2096)
- snap: ignore /dev/loop addings from udev (#2111)
- tests: remove snapd.boot-ok reference (#2109)
- tests: enable tests related to the home interface in all-snaps
(#2106)
- snapstate: only import defaults from gadget on install (#2105)
- many: move firstboot code into the snapd daemon (#2033)
- store: send correct JSON type of string for expected payment
amount (#2103)
- cmd/snap: rename is-managed to managed and tune (#2102)
- interfaces,overlord/ifacestate: initial cleaning up of no arg
AutoConnect related bits (#2090)
- client, cmd: prompt for password when buying (#2086)
- snapstate: fix hanging `snap remove` if snap is no longer mounted
- image: support gadget specific cloud.conf file (#2101)
- cmd/snap,ctlcmd: fix behavior of snap(ctl) get (#2093)
- store: local users download from the anonymous url (#2100)
- docs/hooks.md: fix typos (#2099)
- many: check installation of slots and plugs against declarations
- docs: fix missing "=" in the systemd-active docs
- store: do not set store auth for local users (#2092)
- interfaces,overlord/ifacestate: use declaration-based checking for
auto-connect (#2071)
- overlord, daemon, snap: support gadget config defaults (#2082)The
main semantic changes are:
- tests: fix snap-disconnect tests after core rename (#2088)
- client,daemon,overlord,cmd: add /v2/users and create-user on auto-
import (#2074)
- many: abbreviated forms of disconnect (#2066)
- asserts: require lowercase model until insensitive matching is
ready (#2076)
- cmd/snap: add version command, same as --version (#2075)
- all: use "core" by default but allow "ubuntu-core" still (#2070)
- overlord/devicestate, docs/hooks.md: nest prepare-device
configuration options
- daemon: fix login API to return local macaroons (#2078)
- daemon: do not hardcode UID in userLookup (#2080)
- client, cmd: connect fixes (#2026)
- many: preparations for switching most of autoconnect to use the
declarationsfor now:
- overlord/auth: update CheckMacaroon to verify local snapd
macaroons (#2069)
- cmd/snap: trivial auto-import and download tweaks (#2067)
- interfaces: add repo.ResolveConnect that handles name resolution
- interfaces/policy: introduce InstallCandidate and its checks
- interfaces/policy,overlord: check connection requests against the
declarations in ifacestate
- many: setup snapd macaroon for local users (#2051)Next step: do
snapd macaroons verification.
- interfaces/policy: implement snap-id/publisher-id checks
- many: change Connect to take ConnRef instead of strings (#2060)
- snap: auto mount block devices and import assertions (#2047)
- daemon: add `snap create-user --force-managed` support (#2041)
- docs: remove references to removed buying features (#2057)
- interfaces,docs: allow sharing SNAP{,_DATA,_COMMON} via content
iface (#2063)
- interfaces: add Plug/Slot/Connection reference helpers (#2056)
- client,daemon,cmd/snap: improve create-user APIs (#2054)
- many: introduce snap refresh --ignore-validation <snap> to
override refresh validation (#2052)
- daemon: add support for `snap create-user --known` (#2040)
- interfaces/policy: start of interface policy checking code based
on declarations (#2050)
- overlord/configstate: support nested configuration (#2039)
- asserts,interfaces/builtin,overlord/assertstate: introduce base-
declaration (#2037)
- interfaces: builtin: Allow writing DHCP lease files to
/run/NetworkManager/dhcp (#2049)
- many: remove all traces of the /v2/buy/methods endpoint (#2045)
- tests: add external spread backend (#1918)
- asserts: parse the slot rules in snap-declarations (#2035)
- interfaces: allow read of /etc/ld.so.preload by default for armhf
on series 16 (#2048)
- store: change purchase to order and store clean up first pass
(#2043)
- daemon, store: switch to new store APIs in snapd (#2036)
- many: add email to UserState (#2038)
- asserts: support parsing the plugs stanza i.e. plug rules in snap-
declarations (#2027)
- store: apply deltas if explicitly enabled (#2031)
- tests: fix create-key/snap-sign test isolation (#2032)
- snap/implicit: don't restrict the camera iface to classic (#2025)
- client, cmd: change buy command to match UX document (#2011)
- coreconfig: nuke it. Also, ignore po/snappy.pot. (#2030)
- store: download deltas if explicitly enabled (#2017)
- many: allow use of the system user assertion with create-user
(#1990)
- asserts,overlord,snap: add prepare-device hook for device
registration (#2005)
- debian: adjust packaging for trusty/deputy systemd (#2003)
- asserts: introduce AttributeConstraints (#2015)
- interface/builtin: access system bus on screen-inhibit-control
- tests: add firewall-control interface test (#2009)
- snapstate: pass errors from ListRefresh in updateInfo (#2018)
- README: add links to IRC, mailing list and social media (#2022)
- docs: add `configure` hook to hooks list (#2024)LP: #1596629
- cmd/snap,configstate: rename apply-config variables to configure.
(#2023)
- store: retry download on 500 (#2019)
- interfaces/builtin: support time and date settings via
'org.freedesktop.timedate1 (#1832)
* New upstream release, LP: #1628425
- overlord/state: prune old empty changes
- interfaces: ppp: load needed kernel module (#2007)
- interfaces/builtin: add missing rule to allow run-parts to
execute all resolvconf scripts
- many: rename apply-config hook to configure
- tests: use new spread `debug` feature
- many: finish `snap set` API.
- overlord: fix and simplify configstate.Transaction
- assertions: add system-user assertion
- snap: add `snap known --remote`
- tests: replace systemd-run with on-the-fly generation of units.
- overlord/boot: switch to using assertstate.Batch
- snap, daemon, store: pass through screenshots from store
- image: add meta/gadget.yaml infrastructure
- tests: add test benchmark script
- daemon: add the actual ssh keys that got added to the create-user
response
- daemon: add REST API behind `snap get`
- debian: re-add golang-github-gosexy-gettext-dev
- tests: added install_local function
- interfaces/builtin: fix resolvconf permissions for network-manager
interface
- tests: use apt as compatible with trusty
- many: discard preserved namespace after removing snap
- daemon, overlord, store: add ReadyToBuy API to snapd
- many: add support for installing/removing multiple snaps
- progress: use New64 and fix output newline
- interfaces/builtin: allow network-manager to access netplan conf
files
- tests: build once and install test snap from cache
- overlord/state: introduce cleanup support
- snap: move/clarify Info.Broken
- ctlcmd: add snapctl get.
- overlord,store: clean up serial-proof plumbing code
- interfaces/builtin: add network-setup-observe interface
- daemon,overlord/assertstate: support streams of assertions with
snap ack
- snapd: kmod backend
- tests: ensure HOME is also set correctly
- configstate,hookstate: add snapctl set
- tests: disable broken create-key test
- interfaces: adjust bluetooth-control to allow getsockopt (LP:
#1613572)
- tests: add a test for core about device initialization and device
registration and auth
- many: show snap name before the download progress bar
- interfaces/builtin: add rcvfrom for client connected plugs to mir
interface
- asserts: support for maps in assertions
- tests: increase timeout for key generation in create-key test
- many: validate refreshes against validation assertions by gating
snaps
- interfaces/apparmor: allow 'm' in default policy for snap-exec
- many: avoid snap.InfoFromSnapYaml in tests
- interfaces/builtin: allow /dev/net/tun with network-control
- tests: add spread test for snap create-key/snap sign
- tests: add missing quotes in security-device-cgroups/task.yaml
- interfaces: drop ErrUnknownSecurity
- store: add "ready to buy" method
- snap/snapenv, tests: use root's data dirs when running via sudo
- interfaces/builtin: add initial docker interface
- snap: remove extra newline after progress is done
- docs: fix formating of HACKING.md "Testing snapd"
- store : add requestOptions.ExtraHeaders so that individual
requests can customise headers.
- many: use unique plug/slot names in tests
- tests: add tests for the classic dimension
- many: add vendoring of dependencies by default
- tests: use in-tree snap{ctl,-exec} for all tests
- many: support snapctl -h
- tests: adjust regex after changes in stat output
- store,snap: initial support for delta downloads
- interfaces/builtin: add run/udev/data paths to mir interface
- snap: lessen annoyance of implicit interface tests
- tests: ensure http{,s}_proxy is defined inside the fake-store
- interfaces: allow xdg-open in unity7, unity7 cleanups
- daemon,store: move store login user logic to store
- tests: replace realpath with readlink -f for trusty support.
- tests: add https_proxy into environment as well
- interfaces/builtin: allow mmaping pulseaudio buffers
* New upstream release, LP: #1623579
- snap/snapenv, tests: use root's data dirs when running via sudo
(cherry pick PR: #1857)
- tests: add https_proxy into environment
(cherry pick PR: #1926)
- interfaces: allow xdg-open in unity7, unity7 cleanups
(cherry pick PR: #1946)
- tests: ensure http{,s}_proxy is defined inside the fake-store
(cherry pick PR: #1949)
* New upstream release, LP: #1623579
- asserts: define a bit less terse Ref.String
- interfaces: disable auto-connect in libvirt interface
- asserts: check that validation assertions are signed by the
publisher of the gating snap
* New upstream release, LP: #1623579
- image: ensure local snaps are put last in seed.yaml
- asserts: revert change that made the account-key's name mandatory.
- many: refresh all snap decls
- interfaces/apparmor: allow reading /etc/environment
* New upstream release, LP: #1623579
- tests: disable prepare-image-grub test in autopkgtest
- interfaces: allow special casing for auto-connect until we have
assertions
- docs: add a little documentation on hooks.
- hookstate,daemon: don't mock HookRunner, mock command.
- tests: add http_proxy to /etc/environment in the autopkgtest
environment
- backends: first bits of kernel-module security backend
- tests: ensure openssh-server is installed in autopkgtest
- tests: make ubuntu-core tests more robust
- many: mostly work to support ABA upgrades
- cmd/snap: do runtime linting of descriptions
- spread.yaml: don't assume LANG is set
- snap: fix SNAP* environment merging in `snap run`
- CONTRIBUTING.md: remove integration-tests, include spread
- store: don't discard error body from request device session call
- docs: add create-user documentation
- cmd/snap: match UX document for message when buying without login
- firstboot: do not overwrite any existing netplan config
- tests: add debug output to ubuntu-core-update-rollback-
stresstest:
- tests/lib/prepare.sh: test that classic does not setting bootvars
- snap: run all tests with gpg2
- asserts: basic support for validation assertion and refresh-
control
- interfaces: miscellaneous policy updates for default, browser-
support and camera
- snap: (re)add --force-dangerous compat option
- tests: ensure SUDO_{USER,GID} is unset in the spread tests
- many: clean out left over references to integration tests
- overlord/auth,store: fix raciness in updating device/user in state
through authcontext and other issuesbonus fixes:
- tests: fix spread tests on yakkety
- store: refactor auth/refresh tests
- asserts: use gpg --fixed-list-mode to be compatible with both gpg1
and gpg2
- cmd/snap: i18n option descriptions
- asserts: required account key name header
- tests: add yakkety test host
- packaging: make sure debhelper-generated snippet is invoked on
postrm
- snap,store: capture newest digest from the store, make it
DownloadInfo only
- tests: add upower-observe spread test
- Merge github.com:snapcore/snapd
- tests: fixes to actually run the spread tests inside autopkgtest
- cmd/snap: make "snap find" error nicer.
- tests: get the gadget name from snap list
- cmd/snap: tweak help of 'snap download'
- cmd/snap,image: teach snap download to download also assertions
- interfaces/builtin: tweak opengl interface
- interfaces: serial-port use udevUsbDeviceSnippet
- store: ensure the payment methods method handles auth failure
- overlord/snapstate: support revert flags
- many: add snap configuration to REST API
- tests: use ubuntu-image for the ubuntu-core-16 image creation
- cmd/snap: serialise empty keys list as [] rather than null
- cmd/snap,client: add snap set and snap get commands
- asserts: update trusted account-key asserts with names
- overlord/snapstate: misc fixes/tweaks/cleanups
- image: have prepare-image set devmode correctly
- overlord/boot: have firstboot support assertion files with
multiple assertions
- daemon: bail from enable and disable if revision given, and from
multi-op if unsupported optons given
- osutil: call sync after cp if
requested.overlord/snapstate/backend: switch to use osutil instead
of another buggy call to cp
- cmd/snap: generate account-key-request "since" header in UTC
- many: use symlinks instead of wrappers
- tests: remove silly [Service] entry from snapd.socket.d/local.conf
- store: switch device session to use device-session-request
assertion
- snap: ensure that plug and slot names are unique
- cmd/snap: fix test suite (no Exit(0) on tests!)
- interfaces: add interface for hidraw devices
- tests: use the real model assertion when creating the core test
image
- interfaces/builtin: add udisks2 and removable-media interfaces
- interface: network_manager: enable resolvconf
- interfaces/builtin: usb serial-port support via udev
- interfaces/udev: support noneSecurityTag keyed snippets
- snap: switch to the new agreed regexp for snap names
- tests: adjust test setup after ubuntu user removal
- many: start services only after the snap is fully ready (link-snap
was run)
- asserts: don't have Add/Check panic in the face of unsupported no-
authority assertions
- asserts: initial support to generate/sign snap-build assertions
- asserts: support checking account-key-request assertions
- overlord: introduce AuthContext.DeviceSessionRequest with support
in devicestate
- overlord/state: fix for reloaded task/change crashing on Set if
checkpointed w. no custom data yet
- snapd.refresh.service: require snap.socket and /snap/*/current.
- many: spell --force-dangerous as just --dangerous, devmode should
imply it
- overlord/devicestate: try to fetch/refresh the signing key of
serial (also in case is not there yet)
- image,overlord/boot,snap: metadata from asserts for image snaps
- many: automatically restart all-snap devices after os/kernel
updates
- interfaces: modem-manager: ignore camera
- firstboot: only configure en* and eth* interfaces by default
- interfaces: fix interface handling on no-app snaps
- snap: set user variables even if HOME is unset (like with systemd
services)
* New upstream release: LP: #1618095
- tests: use the spread tests with the adhoc interface inside
autopkgtest
- interfaces: add fwupd interface
- asserts,cmd/snap: add "name" header to account-key(-request)
- client,cmd/snap: display os-release data only on classic
- asserts/tool,cmd/snap: introduce hidden "snap sign"
- many: when installing snap file derive metadata from assertions
unless --force-dangerous
- osutil: tweak the createUserTests a bit and extract common code
- debian: umount --lazy before rm on snapd.postrm
- interfaces: updates to default policy, browser-support, and x11
- store: set initial device session
- interfaces: add upower-observe interface (LP: #1595813)
- tests: use beta u-d-f in test by default
- interfaces/builtin: allow writing on /dev/vhci in bluetooth-
control
- interfaces/builtin: allow /dev/vhci on bluetooth-control
- tests: port integration tests to spread
- snapstate: use umount --lazy when removing the mount units
- spread: enable halt-timeout, tweak image selection
- tests: fix firstboot-assertions to actually be runnable on classic
again
- asserts: introduce device-session-request
- interfaces: add screen-inhibit-control interface (LP: #1604880)
- firstboot: change location of netplan config
- overlord/devicestate: some cleanups and solving a couple todos
- daemon,overlord: add subcommand handling to snapctl
* New upstream release: LP: #1618095
- snap-exec: add support for commands with internal args in snap-
exec
- store: refresh expired device sessions
- debian: re-add ubuntu-core-snapd-units as a transitional package
- image: snap assertions into image
- overlord/assertstate,asserts/snapasserts: give snap assertions
helpers a package, introduce ReconstructSideInfo
- docs/interfaces: Add empty line after lxd-support title
- README: cover the new /run/snapd-snap.socket
- daemon: make socket split backward-compatible.
* New upstream release: LP: #1618095
- cmd: enable SNAP_REEXEC only if it is set to SNAP_REEXEC=1
- osutil: fix create-user on classic
- firstboot: disable firstboot on classic for now
- cmd/snap: add export-key --account= option
- many: split public snapd REST API into separate socket.
- many: drop ubuntu-core-snapd-units package, use release.OnClassic
instead
- tests: add content-shareing binary test that excersises snap-
confine
- snap: use "up to date" instead of "up-to-date"
- asserts: add an account-key-request assertion
- asserts: fix GPG key generation parameters
- tests, integration-tests: implement the cups-control manual test
as a spread test
- many: clarify/tie down model assertion
- cmd/snap: add "snap download" command
- integration-tests: remove them in favour of the spread tests
- tests: test all snap ubuntu core upgrade
- many: support install and remove by revision
- overlord/state: prevent change ready => unready
- tests: fixes to make the ubuntu-core-16 image usable with
-keep/-reuse
- asserts: authority-id and brand-id of serial must match
- firstboot: generate netplan config rather than ifupdown
- store: request device session macaroon from store
- tests: add workaround for u-d-f to unblock all-snap image tests
- tests: the stable ubuntu-core snap has snap run support now
- many: use make StripGlobalRootDir public
- asserts: add some stricter checks around format
- many: have AuthContext expose device store-id, serial and serial-
proof signing to the store
- tests: fix "tests/main/ack" to not break if asserts are alreay
there
- tests/main/ack: fix test/style
- snap: add key management commands
- firstboot: add firstboot assertions importing
* New upstream release: LP: #1616157
- many: respect dirs.SnapSnapsDir in tests
- tests: update listing test for latest stable image
- many: hook in start of code to fetch/check assertions when
installing snap from store
- boot: add missing udevadm mock to fix FTBFS
- interfaces: add lxd-support interface
- dirs,snap: handle empty root directory in SetRootDir
- dirs,snap: define methods for SNAP_USER_DATA and SNAP_USER_COMMON
- tests: spread all-snap test cleanup
- tests: add all-snap spread image tests
- store,tests: have just one envvar SNAPPY_USE_STAGING_STORE to
control talking to staging
- overlord/hookstate: use snap run posix parameters.
- interfaces/builtin: allow bind in the network interface
- asserts,overlord/devicestate: simplify private key/key pairs APIs,
they take just key ids
- dependencies: update godeps
- boot: add support for "devmode: {true,false}" in seed.yaml
- many: teach prepare-image to copy the model assertion (and
prereqs) into the seed area of the image
- tests: start teaching the fakestore about assertions
- asserts/sysdb: embed the new format official root/trusted
assertions
- overlord/devicestate: first pass at device registration logic
- tests: add process-control interface spread test
- tests: disable unity test
- tests: adapt to new spread version
- asserts: add serial-proof device assertion
- client, cmd/snap: use the new multi-refresh endpoint
- many: preparations for image code to fetch model prereqs
- debian: add extra checks when debian/snapd.postrm purge is run
- overlord/snapstate, daemon: support for multi-snap refresh
- tests: do not leave "squashfs-root" around
- snap-exec: Fix broken `snap run --shell` and add test
- overlord/snapstate: check changes to SnapState for conflicts also.
- docs/interfaces: change snappy command to snap
- tests: test `snap run --hook` using in-tree snap-exec.
- partition: ensure that snap_{kernel,core} is not overridden with an
empty value
- asserts,overlord/assertstate: introduce an assertstate task
handler to fetch snap assertions
- spread: disable re-exec to always test development tree.
- interfaces: implement a fuse interface
- interfaces/hardware-observe.go: re-add /run/udev/data
- overlord/assertstate,daemon: reorg how the assert manager exposes
the assertion db and adding to it
- release: Remove "UBUNTU_CODENAME" from the test data
- many: implement snapctl command.
- interfaces: mpris updates (fix unconfined introspection, add name
attribute)
- asserts: export DecodePublicKey
- asserts: introduce support for assertions with no authority,
implement serial-request
- interfaces: bluez: add a few more tests to verify interface
connection works
- interfaces: bluez: add missing mount security snippet case
- interfaces: add kernel-module interface for module insertion.
- integration-tests: look for ubuntu-device-flash on PATH before
calling sudo
- client, cmd, daemon, osutil: support --yaml and --sudoer flags for
create-user
- spread: use snap-confine from ppa:snappy-dev/image for the tests
- many: move to purely hash based key lookup and to new
key/signature format (v1)
- spread: Use /home/gopath in spread.yaml
- tests: base security spread tests
* New upstream release: LP: #1612362
- many: do not require root for `snap prepare-image`
- tests: prevent restore error on test failure
- osutil: change escaping for create-user's sudoers
- docs: private flag doesn't exist on /v2/find (it's select)
- snap: do not sort the result of `snap find`
- interfaces/builtin: add gpio interface
- partition: fix cleaning of the boot variables on the second good
boot
- tests: add udev rules spread test
- docs: fix references to refresh action
- interfaces/udev,osutil: avoid doubled rules and put all in a per
snap file
- store: minor store improvements from previous reviews
- many: support interactive payments in snapd, filter from command
line
- docs/interfaces.md: improve interfaces documentation
- overlord,store: set store device authorization header
- store: add device nonce API support
- many: various fixes around the `create-user` command
- client, osutil: chown the auth file
- interfaces/builtin: add transitional browser-support interface
- snap: don't load unsupported implicit hooks.
- cmd/snap,cmd/snap-exec: support hooks again.
- interfaces/builtin: improve pulseaudio interface
- asserts: make account-key's `until` optional to represent a never-
expiring key
- store: refactor newRequest/doRequest to take requestOptions
- tests: allow-downgrades on upgrade test to prevent version errors
- daemon: stop using group membership as succedaneous of running
things with sudo
- interfaces: add bluetooth-control interfaces
- many: remove integration-test coverage metrics
- daemon,docs: drop license docs and error kind
- tests: add network-control interface spread test
- tests: add hardware-observe spread test
- interfaces: add system-trace interface LP: #1600085
- boot: use `cp -aLv` instead of `cp -a` (no symlinks on vfat)
- store: soft-refresh discharge macaroon from store when required
- partition: clear snap_try_{kernel,core} on success
- tests: add snapd-control interface spread test
- tests: add locale-control write spread test
- store: fix buy method after some refactoring broke it
- interfaces/builtin: read perms for network devices in network-
observe
- interfaces: also allow rfkill in network_control
- snapstate: remove artifacts from a snap try dir that vanished
- client, cmd/snap: better errors for empty snap list result
- wrappers: set BAMF_DESKTOP_FILE_HINT for unity
- many: cleanup/update rest.md; improve auth errors
- interfaces: miscelleneous policy updates for default, log-observe,
mount-observe, opengl, pulseaudio, system-observe and unity7
- interfaces: add process-control interface (LP: #1598225)
- osutil: support both "nobody" and "nogroup" for grpnam tests
- cmd: support defaulting to the user's preferred payment method
- overlord: actually run hooks.
- overlord/state,overlord/ifacestate: define basic infrastructure
for and then setting up serialising of interface mgr tasks
- asserts: add Assertion.Prerequisites and SigningKey, Ref and
FindTrusted
- overlord/snapstate: ensure calls to store are done without the
state lock held
- asserts,client: switch snap-build and snap-revision to be indexed
by snap-sha3-384
- many: make seed.yaml on firstboot mandatory and include sideInfo
- asserts,many: start supporting structured headers using the new
parseHeaders
- many: update code for the new snap_mode
- tests: added spread find private test
- store: deal with 404 froms the SSO store properly
- snap: remove meta/kernel.yaml again
- daemon: always mock release info in tests
- snapstate: drop revisions after "current" on refresh
- asserts: introduce new parseHeadersThis introduces the new
parseHeaders returning map[string]interface{} and capable of
accepting:
- asserts: remove/disable comma separated lists and their uses
* New upstream release: LP: #1605303
- increase version number to reflect the nature of the update
better
- store, daemon, client, cmd/snap, docs/rest.md: adieu search
grammar
- debian: move snapd.refresh.timer into timers.target
- snapstate: add daemon-reload to fix autopkgtest on yakkety
- Interfaces: hardware-observe
- snap: rework the output after a snap operation
- daemon, cmd/snap: refresh --devmode
- store, daemon, client, cmd/snap: implement `snap find --private`
- tests: add network-observe interface spread test
- interfaces/builtin: allow getsockopt for connected x11 plugs
- osutil: check for nogrup instead of adm
- store: small cleanups (more needed)
- snap/squashfs: fix test not to hardcode snap size
- client,cmd/snap: cleanup cmd/snap test suite, add extra args
testThis cleans up the cmd/snap test suite:
- wrappers: map "never" restart condition to "no."
- wrappers: run update-desktop-database after add/remove of desktop
files
- release: work around elementary mistake
- many: remove all traces of channel from the buying codepath
- store: kill setUbuntuStoreHeaders
- docs: add payment methods documentation
- many: present user with a choice of payment backends
- asserts: add cross checks for snap asserts
- cmd/snap,cmd/snap-exec: support running hooks via snap-exec.
- tests: improve snap run symlink tests
- tests: add content sharing interface spread test
- store & many: a mechanical branch shortening store names
- snappy: remove old snappy pkg
- overlord/snapstate: kill flagscompat
- overlord/snapstate, daemon, client, cmd/snap: devmode override
(aka confined)
- tests: extend refresh test to talk to the staging and production
stores
- asserts,daemon: cross checks for account and account-key
assertions
- client: existing JSON fixtures uses tabs for indentation
- snap-exec: add proper integration test for snap-exec
- spread.yaml, tests: replace hello-world with test-snapd-tools
- tests: add locale-control interface spread test
- tests: add mount-observe interface spread test
- tests: add system-observe interface spread test
- many: add AuthContext to mediate user updates to the state
- store/auth: add helper for the macaroon refresh endpoint
- cmd: add buy command
- overlord: switch snapstate.Update to use ListRefresh (aka
/snaps/metadata)
- snap-exec: fix silly off-by-one error
- tests: stop using hello-world.echo in the tests
- tests: add env command to test-snapd-tools
- classic: remove (most of) "classic" mode, this is implemented as a
snap now
- many: remove snapstate.Candidate and other cleanups
- many: removed authenticator, store gets a user instead
- asserts: fix minor doc comment typo
- snap: ensure unknown arguments to `snap run` are ignored
- overlord/auth: add Device/SetDevice to persist device identity in
state
- overlord: make SyncBoot work again
- tests: add -y flag to apt autoremove command in unity task restore
- many: migrate SnapSetup and SideInfo to use RealName
- daemon: drop auther()
- client: improve error from client.do() on json decode failures
- tests: readd the fake store tests
- many: allow removal of broken snaps, add spread test
- overlord: implement &Retry{After: duration} support for handlers
- interface: add new interfaces.all.SecurityBackends
- integration-tests: remove login tests
- cmd,interfaces,snap: implement hook whitelist.
- daemon,overlord/auth,store: update macaroon authentication to use
the new endpoints
- daemon, overlord: add buy endpoint to REST API
- tests: use systemd-run for starting and stopping the unity app
- tests, integration-tests: port systemd service check test to
spread
- store: switch search to new snap-specific endpoint
- store, many: start using the new details endpoint
- tests, integration-tests: port unity test to spread
- tests: add spread test for tried snaps removal
- tests, integration-tests: port auth errors test to spread
- snapstate: rename OfficialName to RealName in the new tests
- many: rename SideInfo.OfficialName to SideInfo.RealName
- snapstate: use snapstate.Type in backend.RemoveSnapFiles
- many: add `snap enable/disable` commands
- tests, integration-tests: port refresh all test to spread
- snap: add `snap run --shell`
- tests: set yaml indentation to 4 spaces
- snapstate: cleanup downloaded temp snap files
- overlord: make patch1_test more robust
- debian: add snapd.postrm that purges
- integration-tests: drop already covered refresh app test
- many: add concept of "broken" snaps
- tests, integration-tests: port remove errors tests to spread
- tests, integration-tests: port revert test to spread
- debian: fix snapbuild path
- overlord: fix access to the state without lock in firstboot.go and
add test
- snapstate: add very simple garbage collection on upgrade
- asserts: introduce assertstest with helpers to test code involving
assertions
- tests, integration tests: port undone failed install test to
spread
- snap,store: switch to the new snaps/metadata endpoint, introduce
and start capturing DeveloperID
- tests, integration-tests: port the op remove retry test to spread
- po: remove snappy.pot from git, it will be generated at build time
- many: add some missing tests, clarify some things and nitpicks as
follow up to `snap revert`
- snapstate: when doing snapsate.Update|Install, talk to the store
early
- tests, integration-tests: port the op remove test to spread
- interfaces: allow /usr/bin/locale in default policy
- many: add `snap revert`
- overlord/auth,store: add macaroon serialization/deserialization
helpers
- many: embed main store trusted assertions in snapd, way to have
test ones, spread tests for ack and known
- overlord/snapstate,daemon: clarify active vs current, add
SnapState.HasCurrent,CurrentInfo
- tests: do not search for a specific snap (we hit 100 items) and
pagination kicks in
- tests: use printf instead of echo where we need portability
- tests: rename and generalize basic-binaries to test-snapd-tools
* New upstream release: LP: #1597329
- interfaces: also allow @{PROC}/@{pid}/mountinfo and
@{PROC}/@{pid}/mountstats
- interfaces: allow read access to /etc/machine-id and
@{PROC}/@{pid}/smaps
- interfaces: miscelleneous policy updates for default, log-observe
and system-observe
- snapstate: add logging after a successful doLinkSnap
- tests, integration-tests: port try tests to spread
- store, cmd/snapd: send a basic user-agent to the store
- store: add buy method
- client: retry on failed GETs
- tests: actual refresh test
- docs: REST API update
- interfaces: add mount support for hooks.
- interfaces: add udev support for hooks.
- interfaces: add dbus support for hooks.
- tests, integration-tests: port refresh test to spread
- tests, integration-tests: port change errors test to spread
- overlord/ifacestate: don't retry snap security setup
- integration-tests: remove unused file
- tests: manage the socket unit when reseting state
- overlord: improve organization of state patches
- tests: wait for snapd listening after reset
- interfaces/builtin: allow other sr*/scd* optical devices
- systemd: add support for squashfuse
- snap: make snaps vanishing less fatal for the system
- snap-exec: os.Exec() needs argv0 in the args[] slice too
- many: add new `create-user` command
- interfaces: auto-connect content interfaces with the same content
and developer
- snapstate: add Current revision to SnapState
- readme: tweak readme blurb
- integration-tests: wait for listening port instead of active
service reported by systemd
- many: rename Current -> {CurrentSideInfo,CurrentInfo}
- spread: fix home interface test after suite move
- many: name unversioned data.
- interfaces: add "content" interface
- overlord/snapstate: defaultBackend can go away now
- debian: comment to remember why the timer is setup like it is
- tests,spread.yaml: introduce an upgrade test, support/split into
two suites for this
- overlord,overlord/snapstate: ensure we keep snap type in snapstate
of each snap
- many: rework the firstboot support
- integration-tests: fix test failure
- spread: keep core on suite restore
- tests: temporary fix for state reset
- overlord: add infrastructure for simple state format/content
migrations
- interfaces: add seccomp support for hooks.
- interfaces: allow gvfs shares in home and temporarily allow
socketcall by default (LP: #1592901, LP: #1594675)
- tests, integration-tests: port network-bind interface tests to
spread
- snap,snap/snaptest: use PopulateDir/MakeTestSnapWithFiles directly
and remove MockSnapWithHooks
- interfaces: add mpris interface
- tests: enable `snap run` on i386
- tests, integration-tests: port network interface test to spread
- tests, integration-tests: port interfaces cli to spread
- tests, integration-tests: port leftover install tests to spread
- interfaces: add apparmor support for hooks.
- tests, integration-tests: port log-observe interface tests to
spread
- asserts: improve Decode doc comment about assertion format
- tests: moved snaps to lib
- many: add the camera interface
- many: add optical-drive interface
- interfaces: auto-connect home if running on classic
- spread: bump gccgo test timeout
- interfaces: use security tags to index security snippets.
- daemon, overlord/snapstate, store: send confinement header to the
store for install
- spread: run tests on 16.04 i386 concurrently
- tests,integration-tests: port install error tests to spread
- interfaces: add a serial-port interface
- tests, integration-tests, debian: port sideload install tests to
spread
- interfaces: add new bind security backend and refactor
backendtests
- snap: load and validate implicit hooks.
- tests: add a build/run test for gccgo in spread
- cmd/snap/cmd_login: Adjust message after adding support for wheel
group
- tests, integration-tests: ported install from store tests to
spread
- snap: make `snap change <taskid>` show task progress
- tests, integration-tests: port search tests to spread
- overlord/state,daemon: make abort proceed immediately, fix doc
comment, improve tests
- daemon: extend privileged access to users in "wheel" group
- snap: tweak `snap refresh` and `snap refresh --list` outputTiny
branch that does three things:
- interfaces: refactor auto-connection candidate check
- snap: add support for snap {install,refresh}
--{edge,beta,candidate,stable}
- release: don't force KDE Neon into devmode.
* New upstream release: LP: #1593201
- snap: add the magic redirect part of `snap run`
- tests, integration-tests: port server related tests to spread
- overlord/snapstate: log restarting in the task
- daemon: test restart wiring, fix setup/teardown
- cmd: don't show the price if a snap has already been purchased
- tests, integration-tests: port listing tests to spread
- integration-tests: do not try to kill ubuntu-clock-app.clock (no
longer a process)
- several: tie up overlord's restart handler into daemon; adjust
snap to cope
- tests, integration-tests: port abort tests to spread
- integration-tests: fix flaky TestRemoveBusyRetries
- testutils: refactor/mock exec
- snap,cmd: add hook support to snap run.
- overlord/snapstate: remove Download from backend
- store: use a custom logging transport
- overlord/hookstate: implement basic HookManager.
- spread: move the suite restore to restore-each
- asserts: turn model os into model core field, making it also more
like the kernel and gadget fields
- asserts: / is not allowed in primary key headers, follow the store
in this
- release: enable full confinement on Elementary 0.4
- integration-tests: fix another i386 autopkgtest failure.
- cmd/snap: create SNAP_USER_DATA and common dirs in `snap run`
- many: have the installation of the core snap request a restart (on
classic)
- asserts: allow to load also account assertions into the trusted
set
- many: install snaps in devmode on distributions without complete
apparmor and seccomp support
- spread: run on travis
- snapenv: do not hardcode amd64 in tests
- spread: initial harness and first test
- interfaces: miscelleneous policy updates for chromium, x86,
opengl, etc
- integration-tests: remove daemon to use the log-observe interface
- client: remove client.Revision and import snap.Revision instead
- integration-tests: wait for network-bind service in try test
- many: move over from snappy to snapstate/backend SetupSnap and
related code
- integration-tests: add interfaces cli tests
- snapenv: cleanup snapenv.{Basic,User}
- cmd/snap: also print slots that connect to the wanted snap (LP:
#1590704)
- asserts: error style, use "cannot" instead of "failed to"
following the main decided style
- integration-tests: wait until the network-bind service is up
before testing
- many: add new `snap run` command
- snappy: unexport snappy.Install and snappy.Overlord.{Un,}Install
- many: add some shared testing helpers to snap/snaptest and to
boot/boottest
- rest-api: support to send apps per snap (LP: #1564076)
* New upstream release
- Cherry pick four commits that show snaps as installed in devmode on
distributions without full confinement dependencies available:
25634d3364a46b5e9147e4466932c59b1b572d35
53f2e8d5f1b2d7ce13f5b50be4c09fa1de8cf1e0
38771f4cc324ad9dd4aa48b03108d13a2c361aad
c46e069351c61e45c338c98ab12689a319790bd5
* New upstream release: LP: #1589534
- debian: make `snap refresh` times more random (LP: #1537793)
- cmd: ExecInCoreSnap looks in "core" snap first, and only in
"ubuntu-core" snap if rev>125.
- cmd/snap: have 'snap list' display helper message on stderr
(LP: #1587445)
- snap: make app names more restrictive.
* New upstream release: LP: #1589534
- debian: do not ship /etc/ld.so.conf.d/snappy.conf (LP: #1589006)
- debian: fix snapd.refresh.service install and usage (LP: #1588977)
- ovlerlord/state: actually support task setting themself as
done/undone
- snap: do not use "." import in revision_test.go, as this breaks
gccgo-6 (fix build failure on powerpc)
- interfaces: add fcitx and mozc input methods to unity7
- interfaces: add global gsettings interfaces
- interfaces: autoconnect home and doc updates (LP: #1588886)
- integration-tests: remove
abortSuite.TestAbortWithValidIdInDoingStatus
- many: adding backward compatible code to upgrade SnapSetup.Flags
- overlord/snapstate: handle sideloading over an old sideloaded snap
without panicing
- interfaces: add socketcall() to the network/network-bind
interfaces (LP: #1588100)
- overlord/snapstate,snappy: move over CanRemoveThis moves over the
CanRemove check to snapstate itself.overlord/snapstate
- snappy: move over CanRemove
- overlord/snapstate,snappy: move over CopyData and Remove*Data code
* New upstream release: LP: #1588052:
- many: repository moved to snapcore/snapd
- debian: add transitional pkg for the github location change
- snap: ensure `snap try` work with relative paths
- debian: drop run/build dependency on lsb-release
- asserts/tool: gpg key pair manager
- many: add new snap-exec
- many: implement `snap refresh --list` and `snap refresh`
- snap: add parsing support for hooks.
- many: add the cups interface
- interfaces: misc policy fixes (LP: #1583794)
- many: add `snap try`
- interfaces: allow using sysctl and scmp_sys_resolver for parsing
kernel logs
- debian: make snapd get its environ from /etc/environment
- daemon,client,snap: revisions are now strings
- interfaces: allow access to new ibus abstract socket path
LP: #1580463
- integration-tests: add remove tests
- asserts: stronger crypto choices and follow better latest designs
- snappy,daemon: hollow out more of snappy (either removing or not
exporting stuff on its way out), snappy/gadget.go is gone
- asserts: rename device-serial to serial
- asserts: rename identity to account (and username access)
- integration-tests: add changes tests
- backend: add tests for environment wrapper generation
- interfaces/builtin: add location-control interface
- overlord/snapstate: move over check snap logic from snappy
- release: use os-release instead of lsb-release for cross-distro
use
- asserts: allow empty snap-name for snap-declaration
- interfaces/builtin,docs,snap: add the pulseaudio interface
- many: add support for an environment map inside snap.yaml
- overlord/snapstate: increase robustness of doLinkSnap/undoLinkSnap
with sanity unit tests
- snap: parse epoch property
- snappy: do nothing in SetNextBoot when running on classic
- snap: validate snap type
- integration-tests: extend find command tests
- asserts: extend tests to cover mandatory and empty headers
- tests: stop the update-pot check in run-checks
- snap: parse confinement property.
- store: change applyUbuntuStoreHeaders to not take accept, and to
take a channel
- many: struct-based revisions, new representation
- interfaces: remove 'audit deny' rules from network_control.go
- interfaces: add com.canonical.UrlLauncher.XdgOpen to unity7
interface
- interfaces: firewall-control can access xtables lock file
- interfaces: allow unity7 AppMenu
- interfaces: allow unity7 launcher API
- interfaces/builtin: add location-observe interface
- snap: fixed snap empty list text LP: #1587445
* New upstream release: LP: #1583085
- interfaces: add dbusmenu, freedesktop and kde notifications to
unity7 (LP: #1573188)
- daemon: make localSnapInfo return SnapState
- cmd: make snap list with no snaps not special
- debian: workaround for XDG_DATA_DIRS issues
- cmd,po: fix conflicts, apply review from #1154
- snap,store: load and store the private flag sent by the store in
SideInfo
- interfaces/apparmor/template.go: adjust /dev/shm to be more usable
- store: use purchase decorator in Snap and FindSnaps
- interfaces: first version of the networkmanager interface
- snap, snappy: implement the new (minmimal) kernel spec
- cmd/snap, debian: move manpage generation to depend on an environ
key; also, fix completion
* New upstream release:
- interfaces: cleanup explicit denies
- integration-tests: remove the ancient integration daemon tests
- integration-tests: add network-bind interface test
- integration-tests: add actual checks for undoing install
- integration-tests: add store login test
- snap: add certain implicit slots only on classic
- integration-tests: add coverage flags to snapd.service ExecStart
setting when building from branch
- integration-tests: remove the tests for features removed in 16.04.
- daemon, overlord/snapstate: "(de)activate" is no longer a thing
- docs: update meta.md and security.md for current snappy
- debian: always start snapd
- integration-tests: add test for undoing failed install
- overlord: handle ensureNext being in the past
- overlord/snapstate,overlord/snapstate/backend,snappy: start
backend porting LinkSnap and UnlinkSnap
- debian/tests: add reboot capability to autopkgtest and execute
snapPersistsSuite
- daemon,snappy,progress: drop license agreement broken logic
- daemon,client,cmd/snap: nice access denied message
(LP: #1574829)
- daemon: add user parameter to all commands
- snap, store: rework purchase methods into decorators
- many: simplify release package and add OnClassic
- interfaces: miscellaneous policy updates
- snappy,wrappers: move desktop files handling to wrappers
- snappy: remove some obviously dead code
- interfaces/builtin: quote apparmor label
- many: remove the gadget yaml support from snappy
- snappy,systemd,wrappers: move service units generation to wrappers
- store: add method to determine if a snap must be bought
- store: add methods to read purchases from the store
- wrappers,snappy: move binary wrapper generation to new package
wrappers
- snap: add `snap help` command
- integration-tests: remove framework-test data and avoid using
config-snap for now
- add integration test to verify fix for LP: #1571721
* New upstream micro release:
- integration-tests, debian/tests: add unity snap autopkg test
- snappy: introduce first feature flag for assumes: common-data-dir
- timeout,snap: add YAML unmarshal function for timeout.Timeout
- many: go into state.Retry state when unmounting a snap fails.
(LP: #1571721, #1575399)
- daemon,client,cmd/snap: improve output after snap
install/refresh/remove (LP: #1574830)
- integration-tests, debian/tests: add test for home interface
- interfaces,overlord: support unversioned data
- interfaces/builtin: improve the bluez interface
- cmd: don't include the unit tests when building with go test -c
for integration tests
- integration-tests: teach some new trick to the fake store,
reenable the app refresh test
- many: move with some simplifications test snap building to
snap/snaptest
- asserts: define type for revision related errors
- snap/snaptest,daemon,overlord/ifacestate,overlord/snapstate: unify
mocking snaps behind MockSnap
- snappy: fix openSnapFile's handling of sideInfo
- daemon: improve snap sideload form handling
- snap: add short and long description to the man-page
(LP: #1570280)
- snappy: remove unused SetProperty
- snappy: use more accurate test data
- integration-tests: add a integration test about remove removing
all revisions
- overlord/snapstate: make "snap remove" remove all revisions of a
snap (LP: #1571710)
- integration-tests: re-enable a bunch of integration tests
- snappy: remove unused dbus code
- overlord/ifacestate: fix setup-profiles to use new snap revision
for setup (LP: #1572463)
- integration-tests: add regression test for auth bug LP:#1571491
- client, snap: remove obsolete TypeCore which was used in the old
SystemImage days
- integration-tests: add apparmor test
- cmd: don't perform type assertion when we know error to be nil
- client: list correct snap types
- intefaces/builtin: allow getsockname on connected x11 plugs
(LP: #1574526)
- daemon,overlord/snapstate: read name out of sideloaded snap early,
improved change summary
- overlord: keep tasks unlinked from a change hidden, prune them
- integration-tests: snap list on fresh boot is good again
- integration-tests: add partial term to the find test
- integration-tests: changed default release to 16
- integration-tests: add regression test for snaps not present after
reboot
- integration-tests: network interface
- integration-tests: add proxy related environment variables to
snapd env file
- README.md: snappy => snap
- etc: trivial typo fix (LP:#1569892)
- debian: remove unneeded /var/lib/snapd/apparmor/additional
directory (LP: #1569577)
- builtin/unity7.go: allow using gmenu. LP: #1576287
* New upstream release:
- systemd: add multi-user.target (LP: #1572125)
- release: our series is 16
- integration-tests: fix snapd binary path for mounting the daemon
built from branch
- overlord,snap: add firstboot state sync
* client,daemon,overlord: fix authentication:
- fix incorrect authenication check (LP: #1571491)
* New upstream release:
- debian: put snapd in /usr/lib/snapd/
- cmd/snap: minor polishing
- cmd,client,daemon: add snap abort command
- overlord: don't hold locks when callling backends
- release,store,daemon: no more default-channel, release=>series
- many: drop support for deprecated environment variables
(SNAP_APP_*)
- many: support individual ids in changes cmd
- overlord/state: use numeric change and task ids
- overlord/auth,daemon,client,cmd/snap: logout
- daemon: don't install ubuntu-core twice
- daemon,client,overlord/state,cmd: add changes command
- interfaces/dbus: drop superfluous backslash from template
- daemon, overlord/snapstate: updates are users too!
- cmd/snap,daemon,overlord/ifacestate: add support for developer
mode
- daemon,overlord/snapstate: on refresh use the remembered channel,
default to stable channel otherwise
- cmd/snap: improve UX of snap interfaces when there are no results
- overlord/state: include time in task log messages
- overlord: prune and abort old changes and tasks
- overlord/ifacestate: add implicit slots in setup-profiles
- daemon,overlord: setup authentication for store downloads
- daemon: macaroon-authed users are like root, and sudoers can login
- daemon,client,docs: send install options to daemon
* New upstream release:
- etc: fix desktop file location
- overlord/snapstate: stop an update once download sees the revision
is already installed
- overlord: make SnapState.DevMode a method, store flags
- snappy: no more snapYaml in snappy.Snap
- daemon,cmd,dirs,lockfile: drop all lockfiles
- debian: use sudo in setup of the proxy environment
- snap/snapenv,snappy,systemd: expose SNAP_REVISION to app
environment
- snap: validate similarly to what we did with old snapYaml info
from squashfs snaps
- daemon,store: plug in authentication for store search/details
- overlord/snapstate: fix JSON name of SnapState.Candidate
- overlord/snapstate: start using revisions higher than 100000 for
local installs (sideloads)
- interfaces,overlorf/ifacestate: honor user choice and don't auto-
connect disconnected plugs
- overlord/auth,daemon,client: hide user ids again
- daemon,overlord/snapstate: back /snaps (and so snap list) using
state
- daemon,client,overlord/auth: rework state auth data
- overlord/snapstate: disable Activate and Deactivate
- debian: fix silly typo in autopkgtest setup
- overlord/ifacestate: remove connection state with discard-conns
task, on the removal of last snap
- daemon,client: rename API update action to refresh
- cmd/snap: rework login to be more resilient
- overlord/snapstate: deny two changes on one snap
- snappy: fix crash on certain snap.yaml
- systemd: use native systemctl enable instead of our own
implementation
- store: add workaround for misbehaving store
- debian: make autopkgtest use the right env vars
- state: log do/undo status too when a task is run
- docs: update rest.md with price information
- daemon: only include price property if the snap is non-free
- daemon, client, cmd/snap: connect/disconnect now async
- snap,snappy: allow snaps to require system features
- integration-tests: fix report of skips in SetUpTest method
- snappy: clean out major bits (still using Installed) now
unreferenced as cmd/snappy is gone
- daemon/api,overlord/auth: add helper to get UserState from a
client request
* New upstream release:
- many: prepare for opengl support on classic
- interfaces/apparmor: load all apparmor profiles on snap setup
- daemon,client: move async resource to change in meta
- debian: disable autopilot
- snap: add basic progress reporting
- client,cmd,daemon,snap,store: show the price of snaps in the cli
- state: add minimal taskrunner logging
- daemon,snap,overlord/snapstate: in the API get the snap icon using
state
- client,daemon,overlord: don't guess snap file vs. name
- overlord/ifacestate: reload snap connections when setting up
security for a given snap
- snappy: remove cmd/snappy (superseded in favour of cmd/snap)
- interfaecs/apparmor: remove all traces of old-security from
apparmor backend
- interfaces/builtin: add bluez interface
- overlord/ifacestate: don't crash if connection cannot be reloaded
- debian: add searchSuite to autopkgtest
- client, daemon, cmd/snap: no more tasks; everything is changes
- client: send authorization header in client requests
- client, daemon: marshal suggested currency over REST
- docs, snap: enumerate snap types correctly in docs and comments
- many: add store authenticator parameter
- overlord/ifacestate,daemon: setup security on conect and
disconnect
- interfaces/apparmor: remove unused apparmor variables
- snapstate: add missing "TaskProgressAdapter.Write()" for working
progress reporting
- many: clean out snap config related code not for OS
- daemon,client,cmd: return snap list from /v2/snaps
- docs: update `/v2/snaps` endpoint documentation
- interfaces: rename developerMode to devMode
- daemon,client,overlord: progress current => done
- daemon,client,cmd/snap: move query metadata to top-level doc
- interfaces: add TestSecurityBackend
- many: replace typographic quotes with ASCII
- client, daemon: rework rest changes to export "ready" and "err"
- overlord/snapstate,snap,store: track snap-id in side-info and
therefore in state
- daemon: improve mocking of interfaces API tests
- integration-tests: remove origins in default snap names for udf
call
- integration-test: use "snap list" in GetCurrentVersion
- many: almost no more NewInstalledSnap reading manifest from
snapstate and backend
- daemon: auto install ubuntu-core if missing
- oauth,store: remove OAuth authentication logic
- overlord/ifacestate: simplify some tests with implicit manager
initialization
- store, snappy: move away from hitting details directly
- overlord/ifacestate: reload connections when restarting the
manager
- overlord/ifacestate: increase flexibility of unit tests
- overlord: use state to discover all installed snaps
- overlord/ifacestate: track connections in the state
- many: separate copy-data from unlinking of current snap
- overlord/auth,store/auth: add macaroon authenticator to UserState
- client: support for /v2/changes and /v2/changes/{id}
- daemon/api,overlord/auth: rework authenticated users information
in state
* New upstream release:
- cmd/snap,daemon,store: rework login command to use daemon login
API
- store: cache suggested currency from the store
- overlord/ifacestate: modularize and extend tests
- integration-tests: reenable failure tests
- daemon: include progress in rest changes
- daemon, overlord/state: expose individual changes
- overlord/ifacestate: drop duplicate package comment
- overlord/ifacestate: allow tests to override security backends
- cmd/snap: install *.snap and *.snap.* as files too
- interfaces/apparmor: replace /var/lib/snap with /var/snap
- daemon,overlord/ifacestate: connect REST API to interfaces in the
overlord
- debian: remove unneeded dependencies from snapd
- overlord/state: checkpoint on final progress only
- osutil: introduce IsUIDInAny
- overlord/snapstate: rename GetSnapState to Get, SetSnapState to
Set
- daemon: add id to changes json
- overlord/snapstate: SetSnapState() needs locks
- overlord: fix broken tests
- overlord/snapstate,overlord/ifacestate: reimplement SnapInfo (as
Info) actually using the state
* debian/tests/control:
- add git to make autopkgtest work
* Add warning about installing ubuntu-core-snapd-units on Desktop systems.
* Add ${misc:Depends} to ubuntu-core-snapd-units.
* interfaces,overlord: add support for auto-connecting plugs on
install
* fix sideloading snaps and (re)add tests for this
* add `ca-certificates` to the test-dependencies to fix autopkgtest
failure on armhf
* rename source and binary package to "snapd"
* update directory layout to final 16.04 layout
* use `snap` command instead of the previous `snappy`
* use `interface` based security
* use new state engine for install/update/remove
- debian: update versionized ubuntu-core-launcher dependency
- debian: tweak desktop file dir, ship Xsession.d snip for seamless
integration
- snappy: fix hw-assign to work with per-app udev tags
- snappy: use $snap.$app as per-app udev tag
- snap,snappy,systemd: %s/\<SNAP_ORIGIN\>/SNAP_DEVELOPER/g
- snappy: add mksquashfs --no-xattrs parameter
- snap,snappy,systemd: kill SNAP_FULLNAME
- snappy,snap: move icon under meta/gui/
- debian: add snap.8 manpage
- debian: move snapd to /usr/lib/snappy/snapd
- snap,snappy,systemd: remove TMPDIR, TEMPDIR, SNAP_APP_TMPDIR
- snappy,dirs: add support to use desktop files from inside snaps
- daemon: snapd API events endpoint redux
- interfaces/builtin: add "network" interface
- overlord/state: do small fixes (typo, id clashes paranoia)
- overlord: add first pass of the logic in StateEngine itself
- overlord/state: introduce Status/SetStatus on Change
- interfaces: support permanent security snippets
- overlord/state: introduce Status/SetStatus and
Progress/SetProgress on Task
- overlord/state: introduce Task and Change.NewTask
- many: selectively swap semantics of plugs and slots
- client,cmd/snap: remove useless indirection in Interfaces
- interfaces: maintain Plug and Slot connection details
- client,daemon,cmd/snap: change POST /2.0/interfaces to work with
lists
- overlord/state: introduce Change and NewChange on state to create
them
- snappy: bugfix for snap.yaml parsing to be more consistent with
the spec
- snappy,systemd: remove "ports" from snap.yaml
* rename:
debian/golang-snappy-dev.install ->
debian/golang-github-ubuntu-core-snappy-dev.install:
* really fix typo in dependency name
* fix typo in dependency name
- debian: update build-depends for MIR
- many: implement new REST API: GET /2.0/interfaces
- integration-tests: properly stop snapd from branch
- cmd/snap: update tests for go-flags changes
- overlord/state: implement Lock/Unlock with implicit checkpointing
- overlord: split out the managers and State to their own
subpackages of overlord
- snappy: rename "migration-skill" to "old-security" and use new
interface names instead of skills
- client,cmd/snap: clarify name ambiguity in Plug or Slot
- overlord: start working on state engine along spec v2, have the
main skeleton follow that
- classic, oauth: update tests for change in MakeRandomString()
- client,cmd/snap: s/add/install/:-(
- interfaces,daemon: specialize Name to either Plug or Slot
- interfaces,interfaces/types: unify security snippet functions
- snapd: close the listener on Stop, to force the http.Serve loop to
exit
- snappy,daemon,snap/lightweight,cmd/snappy,docs/rest.md: expose
explicit channel selection to rest api
- interfaces,daemon: rename package holding built-in interfaces
- integration-tests: add the first classic dimension tests
- client,deaemon,docs: rename skills to interfaces on the wire
- asserts: add identity assertion type
- integration-tests: add the no_proxy env var
- debian: update build-depends for new package names
- oauth: fix oauth & quoting in the oauth_signature
- integration-tests: remove unused field
- integration-tests: add the http proxy argument
- interfaces,interfaces/types,deamon: mass internal rename to
interfaces
- client,cmd/snap: rename skills to interfaces (part 2)
- arch: fix missing mapping for powerpc
- integration-tests: always use the built snapd when compiling
binaries from branch
- cmd/snap: rename skills to interfaces
- testutil,skills/types,skills,daemon: tweak discovery of know skill
types
- docs: add docs for arm64 cross building
- overlord: implement basic ReadState/WriteState
- overlord: implement Get/Set/Copy on State
- integration-tests: fix dd output check
- integration-tests: add fromBranch config field
- integration-tests: use cli pkg methods in hwAssignSuite
- debian: do not create the snappypkg user, we don't need it anymore
- arch: fix build failure on s390x
- classic: cleanup downloaded lxd tarball
- cmd/snap,client,integration-tests: rename snap subcmds
'assert'=>'ack', 'asserts'=>'known'
- skills: fix broken tests builds
- skills,skills/types: pass slot to SlotSecuritySnippet()
- skills/types: teach bool-file about udev security
* New git snapshot:
- asserts: introduce snap-declaration
- cmd/snap: fix integration tests for the "cmd_asserts"
- integration-tests: fix fanctl output check
- cmd/snap: fix test failure after merging 23a64e6
- cmd/snap: replace skip-help with empty description
- docs: update security.md to match current migration-skill
semantics
- snappy: treat commands with 'daemon' field as services
- asserts: use more consistent names for receivers in
snap_asserts*.go
- debian: add missing golang-websocket-dev build-dependency
- classic: if classic fails to get created, undo the bind mounts
- snappy: never return nil in NewLocalSnapRepository()
- notifications: A simple notification system
- snappy: when using staging, authenticate there instead
- integration-tests/snapd: fix the start of the test snapd socket
- skills/types: use CamelCase for security names
- skills: add support for implicit revoke
- skills: add security layer
- integration-tests: use exec.Command wrapper for updates
- cmd/snap: add 'snap skills'
- cms/snap: add 'snap revoke'
- docs: add docs for skills API
- cmd/snap: add 'snap grant'
- cmd/snappy, coreconfig, daemon, snappy: move config to always be
bytes (in and out)
- overlord: start with a skeleton and stubs for Overlord,
StateEngine, StateJournal and managers
- integration-tests: skip tests affected by LP: #1544507
- skills/types: add bool-file
- po: refresh translation templates
- cmd/snap: add 'snap experimental remove-skill-slot'
- asserts: introduce device assertion
- cmd/snap: implemented add, remove, purge, refresh, rollback,
activate, deactivate
- cmd/snap: add 'snap experimental add-skill-slot'
- cmd/snap: add 'snap experimental remove-skill'
- cmd/snap: add tests for common skills code
- cmd/snap: add 'snap experimental add-skill'
- asserts: make assertion checkers used by db.Check modular and
pluggable
- cmd,client,daemon,caps,docs,po: remove capabilities
- scripts: move the script to get dependencies to a separate file
- asserts: make the disk layout compatible for storing more than one
revision
- cmd/snap: make the assert command options exported
- integration-tests: Remove the target release and channel
- asserts: introduce model assertion
- integration-tests: add exec.Cmd wrapper
- cmd/snap: add client test support methods
- cmd/snap: move key=value attribute parsing to commmon
- cmd/snap: apply new style consistency to "snap" commands.
- cmd/snap: support redirecting the client for testing
- cmd/snap: support testing command output
- snappy,daemon: remove the meta repositories abstractions
- cmd: add support for experimental commands
- cmd/snappy,daemon,snap,snappy: remove SetActive from parts
- cmd/snappy,daemon,snappy,snap: remove config from parts interface
- client: improve test data
- cmd: allow to construct a fresh parser
- cmd: don't treat help as an error
- cmd/snappy,snappy: remove "Details" from the repository interface
- asserts: check that primary keys are set when
Decode()ing/assembling assertions
- snap,snappy: refactor to remove "Install" from the Part interface
- client,cmd: make client.New() configurable
- client: enable retrieving asynchronous operation information with
`Client.Operation`.
* New git snapshot:
- integration-tests: fix the rollback error messages
- integration-test: use the common cli method when trying to install
an unexisting snap
- integration-tests: rename snap find test
- daemon: refactor makeErrorResponder()
- integration: add regression test for LP: #1541317
- integration-tests: reenable TestRollbackMustRebootToOtherVersion
- asserts: introduce "snap asserts" subcmd to show assertions in the
system db
- docs: fix parameter style
- daemon: use underscore in JSON interface
- client: add skills API
- asserts,docs/rest.md: change Encoder not to add extra newlines at
the end of the stream
- integration-tests: "snappy search" is no more, its "snap search"
now
- README, integration-tests/tests: chmod snapd.socket after manual
start.
- snappy: add default security profile if none is specified
- skills,daemon: add REST APIs for skills
- cmd/snap, cmd/snappy: move from `snappy search` to `snap find`.
- The first step towards REST world domination: search is now done
via
- debian: remove obsolete /etc/grub.d/09_snappy on upgrade
- skills: provide different security snippets for skill and slot
side
- osutil: make go vet happy again
- snappy,systemd: use Type field in systemd.ServiceDescription
- skills: add basic grant-revoke methods
- client,daemon,asserts: expose the ability to query assertions in
the system db
- skills: add basic methods for slot handling
- snappy,daemon,snap: move "Uninstall" into overlord
- snappy: move SnapFile.Install() into Overlord.Install()
- integration-tests: re-enable some failover tests
- client: remove snaps
- asserts: uniform searching across trusted (account keys) and main
backstore
- asserts: introduce Decoder to parse streams of assertions and
Encoder to build them
- client: filter snaps with a search query
- client: pass query as well as path in client internals
- skills: provide different security snippets for skill and slot
side
- snappy: refactor snapYaml to remove methods on snapYaml type
- snappy: remove unused variable from test
- skills: add basic methods for skill handing
- snappy: remove support for meta/package.yaml and implement new
meta/snap.yaml
- snappy: add new overlord type responsible for
Installed/Install/Uninstall/SetActive and stub it out
- skills: add basic methods for type handling
- daemon, snappy: add find (aka search)
- client: filter snaps by type
- skills: tweak valid names and error messages
- skills: add special skill type for testing
- cmd/snapd,daemon: filter snaps by type
- partition: remove obsolete uEnv.txt
- skills: add Type interface
- integration-tests: fix the bootloader path
- asserts: introduce a memory backed assertion backstore
- integration-tests: get name of OS snap from bootloader
- cmd/snapd,daemon: filter snaps by source
- asserts,daemon: bump some copyright years for things that have
been touched in the new year
- skills: add the initial Repository type
- skills: add a name validation function
- client: filter snaps by source
- snappy: unmount the squashfs snap again if it fails to install
- snap: make a copy of the search uri before mutating it
Closes: LP#1537005
- cmd/snap,client,daemon,asserts: introduce "assert " snap
subcommand
- cmd/snappy, snappy: fix failover handling of the "active"
kernel/os snap
- daemon, client, docs/rest.md, snapd integration tests: move to the
new error response
- asserts: change Backstore interface, backstores can now access
primary key names from types
- asserts: make AssertionType into a real struct exposing the
metadata Name and PrimaryKey
- caps: improve bool-file sanitization
- asserts: fixup toolbelt to use exposed key ID.
- client: return by reference rather than by value
- asserts: exported filesystem backstores + explicit backstores
* New git snapshot
* New upstream release:
- bin-path integration
- assertions/capability work
- fix squashfs based snap building
* New upstream release:
- fix dependencies
- fix armhf builds
* New upstream release:
- kernel/os snap support
- squashfs snap support
- initial capabilities work
- initial assertitions work
- rest API support
* New upstream release, including the following changes:
- Fix hwaccess for gpio (LP: #1493389, LP: #1488618)
- Fix handleAssets name normalization
- Run boot-ok job late (LP: #1476129)
- Add support for systemd socket files
- Add "snappy service" command
- Documentation improvements
- Many test improvements (unit and integration)
- Override sideload versions
- Go1.5 fixes
- Add i18n
- Add man-page
- Add .snapignore
- Run services that uses external ports only after the network is up
- Bufix in Synbootloader (LP: 1474125)
- Use uboot.env for boot state tracking
* New upstream release, including the following changes:
- Use O_TRUNC when copying files
- Added path redefinition to include test's binaries location
- Don't run update-grub, instead use grub.cfg from the oem
package
- Do network configuration from first boot
- zero size systemd of new partition made executable to
prevent unrecoverable boot failure
- Close downloaded files
* New upstream release, including the following changes:
- Allow to run the integration tests using snappy from branch
- Add CopyFileOverwrite flag and behaviour to helpers.CopyFile
- add a bunch of missing i18n.G() now that we have gettext
- Generate only the translators comments that start with
TRANSLATORS
- Try both clickpkg and snappypkg when dropping privs
* New upstream release, including the following changes:
- gettext support
- use snappypkg user for the installed snaps
- switch to system-image-3.x as the system-image backend
- more reliable developer mode detection
* New upstream release, including the following changes:
- Consider the root directory when installing and removing policies
- In the uboot TestHandleAssetsNoHardwareYaml, patch the cache dir
before creating the partition type
- In the PartitionTestSuite, remove the unnecessary patches for
defaultCacheDir
- Fix the help output of "snappy install -h"
* New upstream release, including the following changes:
- Remove compatibility for click-bin-path in generated exec-wrappers
- Release the readme.md after parsing it
* New upstream release, including the following changes:
- Set all app services to restart on failure
- Fixes the missing oauth quoting and makes the code a bit nicer
- Added integrate() to set Integration to default values needed for
integration
- Moved setActivateClick to be a method of SnapPart
- Make unsetActiveClick a method of SnapPart
- Check the package.yaml for the required fields
- Integrate lp:snappy/selftest branch into snappy itself
- API to record information about the image and to check if the kernel was
sideloaded.
- Factor out update from cmd
- Continue updating when a sideload error is returned
* New wily upload with fix for go 1.4 syscall.Setgid() breakage
* fix symlink unpacking
* fix typo in apparmor rules generation
* 15.04 archive upload
* initial ubuntu archive upload
* new snapshot
* Initial packaging
==== ubuntu-advantage-tools: 27.8~18.04.1 => 27.9~18.04.1 ====
==== ubuntu-advantage-tools
* Backport new upstream release: (LP: #1973099) to bionic
* d/rules
- remove trusty specific code
- remove ua-license-check.{timer,service,path}
- install ubuntu-advantage.service
- only on xenial: install ubuntu-advantage-cloud-id-shim.service
* d/tools.preinst: remove old config field to avoid warnings in logs
* d/tools.postinst
- remove trusty specific code
- print warnings if /etc/os-release doesn't have required fields
- hardcode service list instead of exec-ing python3 for old migration
- refactor python to avoid instantiating UAConfig extra times
- refactor python to always use messages module for strings
- rm the old marker file that triggered ua-license-check.path
- remove unnecessary deb-systemd-helper check in ua-messaging cleanup
- clean up old ua-license-check state
- run new cloud-id-shim script
* d/tools/postrm
- clean up ubuntu-advantage-daemon log files
* New upstream release 27.9 (LP: #1973099)
- cli:
+ for json formatted output, include additional_info for some errors
+ new subcommand `ua refresh messages` to update motd and apt messages
- daemon:
+ replace ua-license-check timer with ubuntu-advantage.service daemon
+ detects on-boot if pro license was added and runs auto-attach
+ only runs on gcp and does not continuously long-poll by default for now
- enable:
+ fix error message on wrong service name when unattached
- fips:
+ allow enabling generic fips kernel on azure by default
+ clean up fips reboot message (LP: #1972026)
- fix:
+ handle errors during attach process
+ fix bug where enable or detach during a fix failed (LP: #1969809)
+ fix bug where attempting to fix some CVEs would never finish
- performance:
+ remove unnecessary UAConfig object instantiation (also cleans up logs)
+ cache "apt-cache policy" output to avoid unnecessary subp calls
- proxy:
+ apt_http(s)_proxy renamed to global_apt_http(s)_proxy
+ apt_http(s)_proxy config var names will still work
+ new ua_apt_http(s)_proxy for only ua-related apt traffic (LP: #1956764)
+ global_apt_http(s)_proxy and ua_apt_http(s)_proxy cannot be set at the
same time
- realtime: adjust warning to clarify that a manual revert is possible
- refresh: a normal `ua refresh` will also update motd and apt messages
- security-status: add counts of packages from each archive component
- status: check if contract has updated and notify user to run "ua refresh"
* New upstream release 27.8 (LP: #1969125)
- entitlements: apply overrides from the contract response
- fips:
+ unhold fips packages when enabling fips-updates
+ Automatically disable fips service before enabling fips-updates
+ unhold more packages when enabling fips
- lib: fix upgrade script for unsupported releases (LP: #1968067)
- realtime: add support for realtime kernel beta service on Jammy
* fips:
- make fips service incompatible with fips-updates
- unhold more packages when enabling fips
* d/changelog:
- fix changelog trailer line for 27.4.1
* d/logrotate:
- make new logs world readable
* d/tools.postinst:
- refactor to catch exception from entitlement_factory
- no longer always set log file to only root readable
- when creating log file for the first time, make world readable
- adapt postinst for new messages module
* New upstream release 27.7 (LP: #1964028)
- attach: --attach-config option for customizing auto-enabled services
and supplying token via a file
- auto-attach: fix bug where auto-attach caused a manually attached
machine to detach
- cli:
+ support --format=json for attach
+ support --format=json for detach
+ support --format=json for enable
+ support --format=json for disable
- contract: include activity info when updating contract
- detach: no longer contacts contract server on detach
- fips: allow fips on containers
- fix: support USNs that don't have related CVEs
- logs: make all newly created logs world-readable
- security-status:
+ show already installed esm package counts
+ include APT origin for each potential update
+ bump schema version to "0.1"
+ remove previously required --beta flag
- status:
+ include blocked_by information in service status when format=json
+ --simulate-with-token now reports expired tokens as errors
+ --simulate-with-token now returns errors in the specified format
* New upstream release 27.6 (LP: #1958556)
- cli: only request available resources from contract server when needed
- fips:
+ allow enabling FIPS on focal clouds
+ update prompt messages
- jobs: disable license-check job on GCP after attach
- message: fix how apt and motd messages are updated after ua commands
* d/control:
- Update homepage URL
* d/tools.postinst:
- Refactor to use valid_services
* d/tools.postrm:
- Use a wildcard to remove ua related gpg files
* New upstream release 27.5 (LP: #1956456)
- aws: add support for the IPv6 metadata endpoint
- cis: update URL for the documentation
- cli:
+ add endpoint to simulate the status using a specific contract token
+ fix return code when attaching an already attached machine (GH: #1867)
+ fix security-status to consider all possible origins to show updates
+ include cloud build.info in the collect-logs tarball
+ only show services which exist in the contracts server in ua status
- docs: fix typos and wrong/outdated information
- livepatch: always use the full path in livepatch calls (LP: #1951954)
- logs:
+ improve rules to redact sensitive information from all log files
+ redact sensitive information from older unredacted log files
+ log errors from external software execution, for debugging purposes
- usg:
+ support the presentedAs affordance from the contract server, showing
services in the CLI with the appropriate names
+ replace the CIS entitlement by USG on Focal and onwards
* d/tools.postinst:
- Fix check_service_is_enabled function when the machine is
unattached (LP: #1951705)
* jobs: do not run the status job for unattached users
* d/rules:
- Remove conftest file from the package
* d/tools.postinst:
- hardcode python binary to run python scripts (LP: #1930121)
- undo unnecessary log file creation
* d/tools.prerm:
- hardcode python binary to run python scripts (LP: #1930121)
* New upstream release 27.4 (LP: #1949634)
- cc-eal: remove beta flag
- cli:
+ attach will save machine-id during operation
+ detach won't ask unnecessary questions
+ new security-status subcommand lists potentially available
security and ESM updates (beta)
- fix:
+ exit 0 when fix is successfully applied and completed
+ exit 1 when fix cannot be applied
+ exit 2 when fix requires a reboot to complete
+ check reboot-required.pkgs for better reboot suggestions
- livepatch: allow livepatch and fips-updates at the same time
- metering:
+ update how activity info is parsed
+ update contract response structure
+ enable job by default
- proxy: no_proxy defaults for link-local IMDS routes
- util:
+ cache get_platform_info calls
+ fix machine-id fallback path on get_machine_id
* d/tools.postinst:
- consider cloud to be "none" on any cloud-id error
- purge old ua-messaging.timer/service files
- keep ua-timer.timer disabled if ua-messaging.timer was disabled by
the user
- properly configure both ubuntu-advantage-timer and
ubuntu-advantage-licence-check logs
* d/tools.postrm:
- remove ubuntu-advantage-timer and ubuntu-advantage-license-check logs
during purge
* systemd:
- remove ua-messaging.timer/service
- add new ua-timer.timer that runs every 6 hours
- add new ua-license_check.timer that runs every 5 minutes only if
activated by ua-license-check.path
* New upstream release 27.3 (LP: #1942929)
- ros:
+ add beta support to enable ros and ros-updates
+ add support for "required services" so that esm-infra and esm-apps
get auto-enabled when enabling ros or ros-updates
+ add support for "dependent services" so that user gets prompted to
disable ros/ros-updates if they disable esm-infra/esm-apps
- fips:
+ allow fips on GCP bionic now that optimized kernel is ready
+ disallow enabling fips on focal on clouds until cloud-optimized focal
fips-certified kernel is ready (LP: #1939449, LP: #1939932)
+ print warning about generic fips kernel if cloud-id fails
- cloud:
+ rely only on cloud-id to determine cloud type (LP: #1940131)
+ catch errors when determining cloud type
(LP: #1938207, LP: #1944676) (GH: #1541)
- azure:
+ bump IMDS API version to support Azure published images
- cli:
+ collect-logs command that creates a tar file with debug-relevant logs
and status info (GH: #463)
+ clean locks on exceptions more thoroughly to avoid false "Operation in
progress" status messages
+ retain past service state after detach
+ shows better error message when a port value in a proxy is invalid
- non-unicode locale support:
+ remove unicode-only characters from help file
+ don't print unicode-only characters in ua fix if non-utf8 locale
(GH: #1463)
- logrotate:
+ add logrotate functionality for ubuntu-advantage-timer.log.
+ Fix root:root logrotate permissions.
- ua-timer.timer:
+ introduce a single systemd timer to handle ua recurring jobs
+ timer runs every 2 hours to support most frequent timer job
+ recurring job intervals are configurable in uaclient.conf
+ individual jobs are disabled if their interval is set to 0
- status job:
+ update ua status every 12 hours
- messaging job:
+ update APT/MOTD ESM messaging every 6 hours
- metering job:
+ disabled until infrastructure is ready
+ for attached machines only, periodically update contract server with
status information for proper contract metering
- ua-license-check.timer:
+ only runs on LTS GCP instances that are not attached
+ runs every 5 minutes to check if gcp instance has license required to
auto-attach
- logs:
+ fixes duplicate logging (GH: #553)
- tests and support:
+ remove groovy integration tests
+ various improvements to integration tests
* d/tools.postinst:
- Do not fail in postinst if cloud-init did not run.
This fixes the regression introduced in 27.2.1. (LP: #1936833)
* d/control:
- remove unnecessary distro-info dependency from build-depends
* d/rules:
- pick right version of distro-info based on release
* docs:
+ add information about proxy auth to manpage and readme
* lib:
+ handle missing configStatus key in patch status json script
* d/control:
- add comments to explain complex build-depends
- add version requirement to distro-info (LP: #1932028)
* d/tools.postinst:
- run status.json schema patch script to avoid non-root status errors
* New upstream release 27.2:
- attach: print contract server reason for 403 (GH: #1630)
- cli: add ua config set, unset and show subcommands
- config:
+ add default ua_config setting values
+ only allow some fields to be set by envvar
+ use defaults for contract and security url
- docs:
+ add proxy config options to man page
+ add instructions to generate MOTD messages
+ add support matrix info
+ remove broken api link
- enable: allow downgrading packages during enable (GH: #1659)
- fips:
+ add focal test for fips-updates
+ alert if wrong fips package installed on gov clouds
+ install correct fips package on gov clouds
+ only install conditional_packages if necessary and available
- logs: log env vars that affect config on cli runs
- proxy:
+ add config options to set proxies
+ print message when setting proxy
+ support configuring apt proxies
+ support configuring snap and livepatch proxies
+ support setting proxy for web requests
+ validate urls before setting as proxies
- refresh: support refreshing config and contract separately
- status
+ add config info to json output
+ add env vars to json output
+ do not show unavailable services in json output
+ support yaml format with same content as json format
+ update account info in json output
+ update contract info in json output
+ update root level keys of json output
- refactor:
+ remove side effects from can_enable (GH: #1654, #1571)
+ use DatetimeAwareJSONDecoder to parse date strings
- tests:
+ add additional enable test for incompatible services
+ add flag to enable proposed pocket
+ add test to check and print version being tested
+ drop trusty specific tests
* Cherrypick upstream pr #1681 to unbreak many migrations. LP: #1930741
* d/control:
- specify debianutils min version
* d/changelog:
- fix lintian typos amend and redact incorrect 27.0 entry (GH: #1624)
* lintian:
- override ubuntu-advantage-pro wanted-by-target cloud-init
- override xenial specific errors
- rename package-specific overrides for pro vs tools
* New upstream release 27.1:
- apt-hook:
+ avoid segfault when comparing null Apt file origin to esm
(LP: #1929123)
+ avoid wrapping static message formats at 80 chars
+ update go build flags based on lintian warnings (GH: #1626)
+ only add newlines for MOTD if message file length is non-zero
- attach: do not print contract name if empty
- autocomplete: Do not show beta services in autocomplete (GH: #1594)
- cis:
+ make service non-beta
+ post enable message pointing to docs
+ update cis help url
- docs: update releases.md per SRU review feedback on branch structuring
- enable: correct messaging for beta service (GH: #1588)
- errors: print a more helpful message when ssl fails (GH: #1618)
- fips:
+ Block enabling fips if fips-updates once enabled (GH: #1600)
+ Update output of fips commands (GH: #1631)
- livepatch: alert when snapd does not have wait cmd (LP: #1927329)
- logging: remove tracebacks for UserFacingErrors (GH: #1586)
- messaging:
+ Infra and Apps messaging is mutually exclusive (GH: #1573)
+ point to u.com/16-04 instead of u.com/advantage on ESM (GH: #1584)
+ separate _remove_msg_template. emit no warranty on infra disabled
- pro: obtain AWS IMDSv2 API token before trying to grab pkcs7 doc
(GH: #1608)
- status: do not show info if not on contract (GH: #1592)
- tests:
+ drop trusty specific tests
+ fix mock for handle_message_operations
+ fix motd message for bionic (GH: #1615)
+ integration tests for hirsute and groovy
+ manual test for trusty upgrade to xenial
+ reboot after dist-upgrade for upgrade test
+ test enabling CIS on focal (GH: #1582)
+ update messages in integration tests (GH: #1635)
+ use proposed pocket on xenial upgrade test
- jenkins:
+ add pytest runs for xenial and bionic
+ run focal lxd integration tests
* d/control:
- order build-depends alternatives newer first (LP: #1926949)
- apt-hook: do not attempt to package go APT JSON hook on some
architectures (GH: #1603) (LP: #1927886, LP: #1927795)
* Bug-fix release 27.0.2: build failures on riscv64 and powerpc
- apt-hook: refactor json hook messaging to be dry
- tests: fix subp ls error case for powerpc builds
- jenkinsfile: add --resolve-alternatives for trusty builds
- amend changelog: add omitted apt-hook message for 27.0.1 stanza
* Add .gitignore and cleanup ignored directory .pytest_cache
* apt-hook: mitigate failures with true
* New upstream release 27.0:
- [redacted: actually landed in 27.0.1] apt-hook: mitigate failures with
true
- messages: add optional (s) to apt messaging to include
singular/plural pkgs
- apt-hook: avoid reporting and counting duplicate package
names (GH: #1578)
- fix: don't say reboot required when unnecessary (LP: #1926183)
- test: uncomment additional xenial upgrade tests
* New upstream beta3 release:
- config: avoid tracebacks on invalid features value in uaclient.conf
(GH: #1564)
- apt-hook: new json hook for security update counts
- Remove redundant messaging from uaclient
* d/control:
- add distro-info dependency
- add new debianutils dependency
- add optional dh-systemd | debhelper (>= 13.3) to fallback on hirsute
and later when dh-systemd is not present
* d/rules: enable and start ua-messaging.timer on package install
* d/postinst:
- configure esm on any LTS release avoid beta services
- configure esm-infra when is_active_esm and apps on LTS
- xenial enable unauthenticated apt source for apps/infra
* New upstream release 27.0~beta:
- apt-hook:
+ adapt hook to process separate message templates
+ esm-apps and esm-infra pkg counts not mutually-exclusive
+ print static messages on apt upgrade/dist-upgrade (GH: #1546)
- config: create settings_overrides on config (GH: #1507)
- docs: add entry for uploading new version to ppa
- esm:
+ add pin never when disabling esm-infra/apps on xenial
+ enable infra when EOL LTS and apps on all LTS (GH: #1558)
- fips: add notice when installing over old fips
- fix:
+ add links to ubuntu.com/gcp/aws in messaging when on non-PRO
+ add notice to reboot operation on ua fix
+ do not prompt user for beta services (GH: #1544)
+ notify users if reboot is required (GH: #1476)
+ update how the expired token logic works
+ wrap output greater than 80 chars (GH: #1487)
- lib: fix notice handling on reboot script
- messages
+ provide static message files for use in APT and MOTD
+ update_ua_messages on attach/detach/disable
- mypy: add lib/ dir for coverage
- status: do not remove notices on non-root call (GH: #1518)
- subp: separate % format strings when logging (GH: #1520)
- systemd: add ua-messaging.timer to update ua MOTD and APT msgs
- update-motd.d: add conditional hooks for motd to source ua messages
- util: add is_lts and is_active_esm funtions to support ESM
- test
+ add integration tests asserting esm-apps setup due to postinst
+ manual test script for xenial upgrade
+ trusty and xenial infra and apps disabled in pkg install
- behave: use unaltered cloud images unsetting UACLIENT_BEHAVE_PPA
- jenkins: make lint and style stage run sequentially
* d/*: prefix all the debhelper conf files with the package name
* d/control:
- add Rules-Requires-Root: no
- bump Standards-Version to 4.5.1
- make ubuntu-advantage-pro Architecture: all
* d/lintian-overrides:
- override maintainer-script-calls-service
- package-supports-alternative-init-but-no-init.d-script
* d/postinst: move the u-a-pro note to a config script
* d/ubuntu-advantage-tools.templates: suggest the use of apt
* New upstream release 27.0~beta:
- apt: add retry for apt-helper command (GH: #1431)
- cli: drop subcommand repeated help output, fix enable & refresh
(GH: #1440)
- config:
+ allow parsing yaml delivered from env values
+ environment variable support for feature overrides (GH: #1395)
+ create config to add extra params to security url
- docs:
+ add ppas and fix typos
+ use Ubuntu Pro not Ubuntu PRO
+ add stop "." punctuation to messages (GH: #1320)
- fips: fix FIPS message when disable operation fails
- fix:
+ add basic UASecurityClient to which queries CVE and USNs
+ add security_url to config
+ check if service is enabled during ua fix (GH: #1462)
+ closer representation of cve and usn responses
+ filter usns by cve details (GH: #1470)
+ fix regex to be more permissive and strict
+ get_cve_affected_source_packages_status won't list not-affected
(GH: #1467)
+ handle other package status when running ua fix (GH: #1435)
+ improve error message for ua fix (GH: #1420)
+ install pkg fixes when they are on standard pocket (GH: #1401)
+ move timeout and retries to security client only
+ only prompt for subscription attach for UA-related pkg updates
+ parse all related USNS to a given CVE when fixing
+ parse full API responses for related CVEs and USNs
+ prefer USN.release_packages binary pkg versions to CVE src ver
(GH: #1436)
+ prompt for new ua token when expired one is used (GH: #1475)
+ prompt to emit pro suggestion on pro_clouds if unattached (GH: #1386)
+ prompt to enable service during ua fix (GH: #1455)
+ provide related CVE URLs instead of USNs (GH: #1456)
+ raise errors when source_link is null or unexpected format
+ show packages that were not fixed in the output
+ update output for released packages in ua fix (GH: #1438)
+ update message for invalid issue in ua fix (GH: #1433)
+ use pocket values from USNs (GH: #1439)
- logs: emit error response on API errors and redact sensitive logs
(GH: #1424)
- serviceclient: add 10 second timeout and two retries to API calls
(GH: #1374)
- util:
+ add error prompts on invalid selection
+ add timeout to readurl
- tests:
+ Add disable_auto_attach config to all test PRO vms
+ add merge_usn_released_binary_package_versions tests
+ add unittest coverage for override_usn_release_package_status
+ drop traceback checks on fips integration tests
+ refactor integration tests for ua fix cmd
+ run status wait before detach in PRO tests
+ use ssh to run commands on lxd containers
- jenkins: archiveArtifacts can only reference paths within workspace
* d/control: add new debianutils dependency
* New upstream release 26.3
- util: improve is_container check for chroot
- cli: pass assume_yes param to services on detach (GH: #1530)
* Drop dh-systemd build dependency.
* status: show beta services in status if enabled (GH: #1410)
* New upstream release 26.1
- contract: block detach call to contract if machine-id change
- docs: add readme docs about mastering clean golden images
- fips: add reboot notices for fips operations (GH: #1368)
- livepatch: add retry when running canonical-livepatch status
(GH: #1360)
- util: use lru_cache to avoid re-reading os-release and machine-id
(GH: #1329)
- tests:
+ add disable_auto_attach config to all test PRO vms
+ add more log artifacts during failed integration test
+ check cloudinit status after launching image
+ mock leaking livepatch.application_status for fips test
+ retry package installs on apt exit 100
- jenkins: parameterize build stages to avoid parallel job collision
* auto-attach: fix comparing numeric iid
* New upstream release 26.0:
- auto-attach: systemd unit to run before ua-reboot-cmds.service
- config: remove_notice should remove notices.json when empty
- fips:
+ add notice if running a deactivated FIPS kernel (GH: #1348)
+ block enabling FIPS on clouds using Xenial
+ block enabling fips on GCP instances
+ check /proc/sys/crypto/fips_enable to see if fips is enabled
+ override fips metapackage when on bionic cloud
+ update metapackage override logic on fips
- notices: clear lock file and notice when encountering any exception
(GH: #1326)
- reboot_cmds: retry on lock held errors due to pro auto-attach
- services: allow uaclient to disable services during enable
- status: include beta services in json formatted output with --all
(GH: #1341)
- tests:
+ add FIPS tests to AWS and Azure bionic images
+ add GCP pro test for focal machine
+ add after_step collection of artifacts on failure
+ remove proc file check after disabling fips
+ pro: block auto-attach with cloud-config bootcmd
+ add validation of systemd unit ua-reboot-cmds.service
+ test enabling fips-updates when fips is enabled
- jenkins:
- add deb build stage to assert package builds
- use series-specific sbuild --build-dir avoid races
- use --append-to-version for each sbuild run to avoid races
- presume success when no integration artifacts created
* d/rules:
- add --with systemd to allow reboot init script
- do not remove lib/systemd/system folder
* d/postinst:
- create marker file when reboot script need to run:
- enable livepatch across trusty to xenial upgrade
- update fips on existing fips pro machines
* New upstream release 26.0~beta:
- gcp: add Google Cloud Platform support (GH #1269)
- fips:
+ remove is_beta from fips sevices
+ fips pro: add upgrade support to require reboot to unmark held fips pkgs
+ update origin UbuntuFIPSUpdates
- status:
+ add notice to tabular output
+ held locks emit notice about Operation in progress
- cli: help sort output so trusty ordering matches xenial++
- cis: rename service from cis-audit
- config: provide config notices and add_notice and remove_notice methods
- contract: add resource-machine-access route and datapath
- init: add init script to run commands on reboot
- keys: add ubuntu-advantage-cis keyring
- livepatch: make livepatch react to enableByDefault delta
- log: log when we install pkgs because of contract delta
- make: drop six testdeps target
- pro: do not install pro debs on non-pro instances
- services: Update beta info for services (GH #1220)
- tools: add tox-lxd-runner, that execute the test command in a shell
- tools: refresh-keyrings handles cis keys. drop series-specific keys
- tests:
+ add GCE support for integration tests
+ add cis integration tests for unattached and pro
+ add pytest constraint for mypy tests
+ add unittests for reboot_cmds script
+ fix esm package messages for new update notifier version
+ pin importlib-metadata for mypy tests
+ repo tests for request_resource_machine_access
+ unit tests for config cache clearing and machine-access data
- jenkins:
+ add basic Jenkinsfile for CI runs per PR
+ add jenkins parseable test results
+ add lxc cleanup stage on Jenkinsfile
* Release version 25.0
* New upstream release 25.0~beta3:
- upgrade-lts-conract: noop during do-release-upgrade on unattached
(GH: #1255)
- ua-auto-attach: order systemd unit before cloud-config.service
- Update FIPSUpdates pin origin
- fips: unmark held fips packages for ubuntu pro fips image support
(GH: #1109)
- repo: handle changes to additionalPackages contract deltas
- repo: move package installation to install_packages method
- pro: trigger auto-attach as soon as instance-data.json is available
(GH: #1234)
- Conditionally install packages when enabling FIPS
- fips: allow disable (GH: #1168)
- cli: add trailing newline to argparse errors (GH: #1236)
- Install fips metapacking when enabling service
- integration test improvements:
+ upgrade-test: fix upgrade path restart failures on trusty (GH: #1257)
+ Fix integration test setup scripts (GH: #1253)
+ strict checking for command success on behave
+ Update tests to use new pycloudlib LXD abstraction
+ Add upgrade scenario tests when FIPS is enabled
+ Improve FIPS tests for checking packages
+ Update esm-infra xenial lxd test
+ Fix vm tests as esm-apps is beta service
+ Fix azure generic integration testing
+ Update esm-apps check on staging_commands tests
+ Install pycloudlib for azure jobs only
+ Fix shell condition in run_azure_travis_integration_tests.sh
+ Update azure jobs on travis
+ Update travis url in README
+ Update travis scripts to use ppa only on master
+ Fix cron event type check on travis yaml
* New upstream release 25.0~beta2:
- help: update esm-infra help text (GH: #1212)
- apt-hook: update apt cli messaging for UA Infra: ESM and UA Apps: ESM
product names
- help: update fips help docs (GH: #1213)
- help: revert CIS help doc URL (GH: #1211)
- help: add new fips help URLs to CLI help docs (GH: #1210)
- Show error when enabling service with invalid repo [Lucas Moura]
(GH: #954)
- Update beta info for services (#1220) [Lucas Moura] (GH: #1216)
- Do not enable fips when fips-updates is active [Lucas Moura] (GH: #1209)
- Add vm test commands in tox.ini (#1204) [Lucas Moura]
* Beta bug fix release
- status: fix missing description_override key after upgrade from
trusty (GH: #1201)
- During contract delta processing use _check_application_status_on_cache
instead of live service status
* d/control:
- add po-debconf dependency and fix lintian not-using-po-debconf and
untranslatable-debconf-templates
- add ${misc:Depends} dep to ubuntu-advantage-pro to fix lintian
debhelper-but-no-misc-depends (GH: #1024)
* d/rules:
- drop --with systemd fix build-depends-on-obsolete-package
- set fix lintian warning extra:Depends even if empty
* d/postrm
- Add more gpg keys to be deleted in postrm for Xenial+ support
* d/postinst:
- do not unconfigure non-trusty esm. no series in apt filenames (GH: #1170)
- check if esm is already enabled (GH: #1095)
* New upstream release 25.0:
- Do not uninstall additionalPackages or livepatch when disabling services
- check for issubclass on clean_apt_files
- Add do-release-upgrade support for esm-infra and apps suites (GH: #1169)
- Apply contract deltas during do-release-upgrade operations
- cli: add ua help command
- cli: status add blocking --wait param and lock files for config change
- Fix livepatch behaviour on aws pro focal machine
- travis: drop inapplicable workspaces from specific awsgeneric release
jobs
- Add possible reboot text after enabling/disabling services
- apt-hook: package apt-hook and apt configuration files on all releases
(GH: #1150)
- Fix enable fail bug
- Add uaclient.conf override mechanism for auto-attach, beta services and
machine-token
- Support ESM Apps [Brian Murray] (GH: #930)
- Do not enable services if blocking services is active (GH: #1029)
- contract: handle 401 on invalid token, 403 on expired (GH: #1335)
- Hide beta services from default status output and enable/disable
operations (GH: #1079) (GH: #1091)
- fips: force apt noninteractive prompts during package installs
(GH: #1084)
- tests: add unit tests for aws-gov/aws-china cloud detection
- Add AWS China and GovCloud partitions [Robert Jennings]
- Disable beta services to be show/enabled without flag
- Add missing build_pr command to environment
- Use additionalPackages from service payload
- Add integration testing for Travis runs [patriciadomin] (GH: #856)
(GH: #857) (GH: #853)
* New bug-fix-only release 24.4:
- uaclient.version bump to 24.4
- fips: honor additionalPackage directive from contract for bionic
(GH #1173)
* New bug-fix-only release 24.3:
- uaclient.version bump to 24.3
- fips: add conditional reboot message only if /var/run/reboot-required is
present
- fips: add apt repo key for FIPS and FIPS updates (GH #1026)
* New bug-fix-only release 24.2:
- uaclient.version bump to 24.2
- pro: Add AWS China and GovCloud partitions support (GH #1077)
* New bug-fix-only release 24.1:
- livepatch: run snap wait system snap.seeded before trying to install
(GH: #1049)
- version: return debian/changelog version when git describe fails to
match upstream <major>.<minor> tags for git-ubuntu workflow
(GH: #1058)
* bump version to 24.0 for new versioninig scheme
* New upstream release 20.3:
- ubuntu-pro: automatically reattach across instance id delta
(LP: #1867573)
- integration testing:
+ add behave tests ua subcommands for attached vm
+ add invalid token tests
+ add reuse_container test docs
+ refactor token parameter
* d/templates: add a debconf note on upgrade from pre-ubuntu pro package
* d/control: create a separate ubuntu-advantage-pro package which
delivers the tooling and scripts necessary to auto-attach pro machines
This change breaks/replaces ubuntu-advantage-tools <= 20.1
* d/maintscript: rm_conffile /etc/init/ua-auto-attach.conf from ua-tools pkg
* d/postint: remove stale systemd symlinks which have migrated to ubuntu-pro
* d/rules: only install the apt hook on trusty
* d/rules: provide --no-start to debhelper to avoid auto-attach on pkg install
* Release 20.2:
- ubuntu-pro:
+ azure: fix detection of DatasourceAzureNet as azure on trusty
+ generalize identity_doc to return dict instead of string
+ auto-attach: any 4XX errors during auto-attach are the result of non-Pro
+ auto-attach: handle 403 errors raised by contract server for invalid vms
- attach: persist any status config changes after attach failures
- output: add messaging using a different subscription if attached
* Release 20.1:
- azure-pro, support for azure ubuntu pro auto-attach:
+ add azure auto-attach instance as valid cloud_instance_factory
+ add azure cloud instance module and tests
+ generalize request_aws_contract_token for multiple cloud_types
+ contract: request_auto_attach_contract_token takes an instance param
- constraints: add constraint on pyyaml version in trusty
- auto-attach: move duplicate invalid cloud_type check out of cli
* d/postinst: only configure ESM on supported architectures (LP: #1851858)
[Andreas Hasenack]
* d/postinst: rename existing ubuntu-esm-precise.list file to trusty.
This fixes the upgrade path from precise to trusty and to this client
while esm is enabled (LP: #1850672)
* Release 19.7:
- aws: handle missing SYS_HYPERVISOR_PRODUCT_UUID
- aws-pro: support for aws ubuntu pro auto-attach
- pro: add cloud identity module and fix unit tests
- pro: update systemd service and upstart boot scripts to auto-attach
- pro: esm do not do apt pin never on disable on xenial or bionic
- pro: esm-apps has origin UbuntuESMApps and esm-infra is UbuntuESM
- status: dynamic status available now from refreshed machine-token
- uaclient: update customer visible messages after UX review
- esm-apps: allow unattended security upgrades for esm-apps
- systemd: needs WantedBy=multi-user.target to get pulled into boot
- cli: update docstring to describe errors raised from auto-attach
- keyrings: update ubuntu-advantage-esm-apps.gpg with correct key
- repo: match strict repo url in apt-policy to avoid esm substring matches
- esm: don't disable_apt_auth_only for ESM entitlements
- initial implementation of esm-apps
- repo: don't raise exception in application_status if aptURL missing
- entitlements: rely solely on contract server for repo_url
- cli: exit 0 if already attached
- cli: use decorators for action_attach and action_attach_premium
- cli: add assert_not_attached decorator
- status: custom descriptions for n/a service status
* New upstream release. Main changes:
- drop SSO interactive login support
- d/control: no longer depend on pymacaroons, which was only needed for
the SSO interactive login support
- drop keyrings for services not supported in trusty: cc-eal, fips,
fips-updates, cis audit
- make sure /var/lib/ubuntu-advantage/private has 0700 perms
- rename esm to esm-infra. Also handle upgrades
- don't unecessarily remove config files that are already handled by dpkg
- expand the apt related runtime dependencies
- handle sources.list.d esm snippet when release upgrading from precise
- ua status now reports availability of services even in unattached state
- the "ua status" output was changed, including the json format option
- drop "ua status" call in postinst as it now requires internet access and
that is restricted in LP builders and test runners.
- fix the d/t/usage DEP8 test that was also using status
* d/t/usage: fix dep8 test ("entitlements" was renamed to "services")
* New upstream release (LP: #1832757):
- packaging:
+ d/control: depend on libapt-pkg<ABI_VERSION> to use pin-priority never
+ d/postinst: adjust logfile permissions
+ d/postinst: remove public files and generate status cache on upgrade
+ d/postinst: Remove the old CACHE_DIR in postinst
+ d/postrm: remove log files on package purge
+ d/postrm: remove the ESM pinning file on purge
+ trusty should remove v1 esm key if present after upgrade
+ keyrings: regenerate keyrings on a trusty host
+ refresh keyrings to match current production for fips and cc-eal
- apt:
+ all repo entitlements now call apt-get update on enable
+ enable -updates if -updates from the Ubuntu archive is enabled
+ Add basic i18n (good enough for lang packs)
+ retry apt install and update commands 3 times simple backoff
+ write commented -updates lines instead of omitting them
- attach/detach:
+ added --no-auto-enable option
+ suppress messages from inapplicable default entitlements
+ two-factor auth reprompt only two-factor auth on failed 2fa
+ honour enableByDefault obligations from contract server
+ livepatch: no auto-enable on attach for trusty
+ don't attempt to disable inapplicable entitlements during detach
+ check for root before checking for attach in assert_attached_root
- status:
+ add --json cli formatting option
+ emit a SERVICE header in status output
+ redact technical support and expiry for free contracts
+ unentitled services will report n/a
- cc-eal:
+ add a warning about download size before install
+ change cc to cc-eal in docs, parameters and commandline help
- esm:
+ add esm-v2 gpg keyring, drop old keyring, ignore aptKey directive
+ and livepatch auto enabled on attach where supported
+ on upgrade do not install preferences to pin never if esm enabled
+ remove only the apt auth entry on disable, leaving sources.list
+ use Pin-Priority never apt preference file to disable esm initially
- fips:
+ display as pending when linux-fips is not the running kernel
+ only install/upgrade optional packages that are already on the system
- logs:
+ no longer redact secrets as logfile is root read-only
+ separate console log devel from logfile level
+ remove level from messages to the console
- add subcommand to refresh all contract details
- config: allow contract_url and sso_auth_url to have a trailing slash
- docker: fix persisting generated uuid on images without machine-id files
- environ: allow lowercase ua_<config_option> overrides
- repo: un-comment ESM sources.list lines on repo disable
- updated manpage and help docs
* apt-hook: Add missing headers for APT 1.9
* Drop the self-test assert in the apt-hook, it's making the subiquity
server install fail (LP: #1824523)
* apt-hook: Do not crash/fail if we can't read /proc/self/status
(LP: #1824523)
* Ubuntu Advantage Tools rewrite in Python (LP: #1814157):
- Allow attaching a system to a contract or account
- More complete status output, dropping MOTD updates
- Easily enable and disable services offered
* Have ua status cope with the additional livepatch of running a kernel
that is not supported for livepatches.
* Have an option for enable-livepatch to install a compatible kernel if
needed.
[ Vineetha Kamath ]
* Add support to common criteria EAL2 artifacts installation #144
* New upstream release
- added enable-fips-updates command. This command enables the fips-updates
repository to install updates to FIPS modules. The updated modules from
fips-updates repository are non-certified.
* d/t/update-motd-run: fix path to the esm motd (LP: #1757490)
* Rename motd scripts so they are shown a bit earlier (LP: #1757171)
* Move empty line placement in the livepatch motd to the beginning of the
message to avoid double blank lines.
* New upstream release:
- repositories are only added after credentials are verified
(LP: #1730361)
- Livepatch MOTD script (LP: #1710976)
- better "status" command output formatting (LP: #1719034)
- sources.list.d files no longer contain credentials. The "auth.conf"
facility is used instead. (LP: #1700611)
- enabled Livepatch support for Bionic 18.04 LTS
* New upstream release:
- run tests during package build
* New upstream release:
- revert the latest name changes
- instead of "advantage", add a "ua" symlink pointing at the
ubuntu-advantage script. Likewise for its manpage. (LP: #1721272)
* New upstream release:
- rename the ubuntu-advantage script to advantage, including where it's
mentioned in the documentation. Also provide symlinks pointing at the
previous name. (LP: #1721272)
- slightly reword some of the FIPS messages
* New upstream release with FIPS support (LP: #1718291)
* New upstream release:
- call apt-get with the non-interactive frontend variable set, and tell
dpkg to keep the old config file by default should there be any prompts
about that. (LP: #1715012)
- split the one big test file into multiple smaller files, for better
maintainability.
* Release to artful (LP: #1711369)
* d/control: update package description
* New release version 6. Main changes:
- document return codes on the manpage (Fixes: #33)
- new status command (Fixes: #40)
- restrict esm to precise only (Fixes: #43)
- drop the livepatch motd update, only esm has motd output now
(Fixes: #44)
- skip tests during package building (Fixes #49)
* Only display apt output in the case of errors (Fixes #34).
* Check running kernel version before enabling the Livepatch service
(Fixes #30).
* Add livepatch support:
- New commands:
+ enable-livepatch
+ disable-livepatch
+ is-livepatch-enabled
- new tests
- new manpage
- new help output
- new README.md
- new MOTD
* ubuntu-advantage & /etc/update-motd.d/99-esm now build, run and are quiet
on non-precise release. (LP: #1686183)
* Add simple dep8 tests.
* Also install ca-certificates (LP: #1690270)
* Initial Release. LP: #1686183
--
[1] http://cloud-images.ubuntu.com/releases/bionic/release-20220709/
[2] http://cloud-images.ubuntu.com/releases/bionic/release-20220615/