New bugfix release 2.53.3

New snapd release 2.53.3

See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.

• devicestate: Unregister deletes the device key pair as well
• daemon,tests: support forgetting device serial via API
• configcore: relax validation rules for hostname
• o/devicestate: introduce DeviceManager.Unregister
• packaging/ubuntu, packaging/debian: depend on dbus-session-bus provider
• many: wait for up to 10min for NTP synchronization before autorefresh
• interfaces/interfaces/scsi_generic: add interface for scsi generic devices
• interfaces/microstack-support: set controlsDeviceCgroup to true
• interface/builtin/log_observe: allow to access /dev/kmsg
• daemon: write formdata file parts to snaps dir
• spread: run lxd tests with version from latest/edge
• cmd/libsnap-confine-private: fix snap-device-helper device allow list modification on cgroup v2
• interfaces/builtin/dsp: add proc files for monitoring Ambarella DSP firmware
• interfaces/builtin/dsp: update proc file accordingly

Full Changelog: 2.53.2...2.53.3

New bugfix release 2.53.2

New snapd release 2.53.2

See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.

• interfaces/builtin/block_devices: allow blkid to print block device attributes/run/udev/data/b{major}:{minor}
• cmd/libsnap-confine-private: do not deny all devices when reusing the device cgroup
• interfaces/builtin/time-control: allow pps access
• interfaces/u2f-devices: add Trezor and Trezor v2 keys
• interfaces: timezone-control, add permission for ListTimezones DBus call
• interfaces/apparmor/template.go: allow udevadm from merged usr systems
• interface/modem-manager: allow connecting to the mbim/qmi proxy
• interfaces/network-manager-observe: Update for libnm client library
• cmd/snap-seccomp/syscalls: update syscalls to match libseccomp abad8a8f4
• sandbox/cgroup: freeze and thaw cgroups related to services and scopes only
• o/hookstate: print cohort with snapctl refresh --pending
• cmd/snap-confine: lazy set up of device cgroup, only when devices were assigned
• tests: ensure systemd-timesyncd is installed on debian
• tests/lib/pkgdb: install strace on Debian 11 and Sid
• tests/main/snapd-sigterm: flush, use retry
• tests/main/snapd-sigterm: fix race conditions
• release-tools/repack-debian-tarball.sh: fix c-vendor dir
• data/selinux: allow snap-confine to read udev's database
• interfaces/dsp: add more ambarella things* interfaces/dsp: add more ambarella things

Full Changelog: 2.53.1...2.53.2

New bugfix release 2.53.1

What's Changed

• tests: force snapd-session-agent.socket to be re-generated by @sergiocazzolato in #10556
• tests/main/services-install-hook-can-run-svcs: make variants more obvious by @anonymouse64 in #10558
• tests/many: remove lxd systemd unit to prevent unexpected leftovers by @sergiocazzolato in #10560
• tests: removing Ubuntu 20.10, adding 21.04 nested in spread by @sergiocazzolato in #10555
• snap: change snap login --help to not mention "buy" by @mvo5 in #10533
• packaging: switch ubuntu to use golang-1.13 by @mvo5 in #10440
• config: add "virtual" config via config.RegisterVirtualConfig by @mvo5 in #10264
• o/devicestate, sysconfig: refactor cloud-init config permission handling by @anonymouse64 in #10536
• overlord/devicestate: UC20 specific set-model, managers tests by @bboozzoo in #10510
• github: enable gofmt for Go 1.13 jobs by @bboozzoo in #10569
• interfaces: s/specifc/specific/ by @woodrow-shen in #10566
• cmd/libsnap-confine-private: g_spawn_check_exit_status is deprecated since glib 2.69 by @bboozzoo in #10565
• tests: skip udp protocol on latest ubuntus by @sergiocazzolato in #10564
• cmd/snap-confine: refactor device cgroup handling to enable easier v2 integration by @bboozzoo in #10547
• asserts/snapasserts: CheckPresenceInvalid and CheckPresenceRequired methods by @stolowski in #10535
• snap/squashfs: handle squashfs-tools 4.5+ by @bboozzoo in #10567
• tests/main/snapd-snap: install 4.x snapcraft to build the snapd snap by @anonymouse64 in #10579
• interfaces/builtin: allow access to per-user GTK CSS overrides by @jhenstridge in #10574
• tests: update nested wait for snapd command by @sergiocazzolato in #10582
• o/snapstate: affectedByRefresh tweaks by @stolowski in #10578
• packaging: fix build failure on bionic and simplify rules by @mvo5 in #10568
• interfaces/tee: add support for Qualcomm qseecom device node by @kubiko in #10585
• tests: fix cached-results condition in github actions workflow by @sergiocazzolato in #10587
• cmd/libsnap-confine-private: move device cgroup files, add helper to deny a device by @bboozzoo in #10576
• configcore: register virtual config for timezone reading by @mvo5 in #10562
• o/snapstate: add AffectedByRefreshCandidates helper by @stolowski in #10581
• snap: support links map in snap.yaml (and later from the store API) by @pedronis in #10467
• tests: use bigger storage on ubuntu 21.10 by @sergiocazzolato in #10596
• vendor: move to snapshot-4c814e1 branch and set fixed KDF options by @mvo5 in #10591
• {device,snap}state: skip kernel extraction in seeding by @mvo5 in #10595
• packaging: merge 2.51.4 changelog back to master by @anonymouse64 in #10603
• .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap by @anonymouse64 in #10601
• configcore: fix a bunch of incorrect error returns by @mvo5 in #10600
• tests/nested/manual: enable serial assertions on testkeys nested VM's by @anonymouse64 in #10542
• configcore: fix early config timezone handling by @mvo5 in #10599
• wrappers: measure time to enable services in StartServices() by @mvo5 in #10604
• corecfg: add "system.hostname" setting to the system settings by @mvo5 in #9094
• c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags to snap/snapctl by @MiguelPires in #10593
• sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init datasource by @anonymouse64 in #10572
• tests: fix core-early-config test to use tests.nested tool by @sergiocazzolato in #10612
• o/snapstate: allow auto-refresh limited to snaps affected by a specific gating snap by @stolowski in #10515
• clang-format: stop breaking my includes by @bboozzoo in #10618
• o/assertstate: implement ValidationSetAssertionForEnforce helper by @stolowski in #10563
• o/devicestate/handlers_install.go: add workaround to create dirs for install by @anonymouse64 in #10608
• cmd/libsnap-confine-private: fix coverity issues in tests, tweak uses of g_assert() by @bboozzoo in #10616
• cmd/snap-device-helper: reimplement snap-device-helper by @bboozzoo in #10577
• o/snapstate: remove commented out code by @stolowski in #10627
• interfaces/builtin/raw_usb: fix platform typo, fix access to usb devices accessible through platform by @bboozzoo in #10624
• devicestate: add snap debug timings --ensure=install-system by @mvo5 in #10529
• config: rename "virtual" config to "external" config by @mvo5 in #10597
• build-aux: build with go-1.13 in the snapcraft build too by @mvo5 in #10629
• packaging: changelog for 2.51.5 to master by @anonymouse64 in #10621
• cmd/snap: print logs in local timezone by @MiguelPires in #10625
• cmd/libsnap-confine-private: fix issues identified by coverity by @bboozzoo in #10631
• o/hookstate: allow snapctl refresh --proceed from snaps by @stolowski in #10528
• usersession/agent: refactor common JSON validation into own function by @mardy in #10623
• daemon, o/snapstate: handle IgnoreValidation flag on install (2/3) by @stolowski in #10546
• spread: temporarily fix the ownership of /home/ubuntu/.ssh on 21.10 by @bboozzoo in #10632
• tests: remove the test user just when it was installed on create-user-2 test by @sergiocazzolato in #10637
• secboot: switch main key KDF memory cost to 32KB by @mvo5 in #10645
• secboot: use half the mem for KDF in AddRecoveryKey by @mvo5 in #10619
• packaging: merge 2.51.6 changelog back to master by @anonymouse64 in #10650
• packaging: remove TEST_GITHUB_AUTOPKGTEST support by @mvo5 in #10641
• tests: stop the service when is active in test interfaces-firewall-control test by @sergiocazzolato in #10638
• secboot: remove duplicate import by @xnox in #10654
• .github/workflows: add codedov again by @anonymouse64 in #10648
• tests: update systems for sru validation by @sergiocazzolato in #10635
• tests: fix timing issue on security-dev-input-event-denied test by @sergiocazzolato in #10652
• tests: clean snaps.sh helper by @sergiocazzolato in #10343
• tests: fix services-refresh-mode test by @sergiocazzolato in #10646
• cmd, packaging: import BPF headers from kernel, detect whether host headers are usable by @bboozzoo in #10640
• testutil: add DeepUnsortedMatches Checker by @MiguelPires in #10643
• interfaces/u2f-devices: add Nitrokey FIDO2 by @kkeijzer in #10642
• tests/main/services-install-hook-can-run-svcs: shellcheck issue fix by @bboozzoo in #10663
• github: do not try to upload coverage when working with cached run by @bboozzoo in #10665
• cmd/snap-seccomp/syscalls: update syscalls list to libseccomp v2.2.0-428-g5c22d4b by @bboozzoo in #10667
• i18n/xgettext-go: preserve already escaped quotes by @MiguelPires in #10668
• .github/workflows/test.yaml: test github.events key by @anonymouse64 in #10662
• tests: set to 10 minutes the kill timeout for tests failing on slow boards by @sergiocazzolato in #10664
• gadget: Export mkfs functions for use in ubuntu-image by @GlenPickle in #10592
• cgroup-sup...

New major release 2.53

New major release

New bugfix release 2.52.1

Bugfixes:

• snap-bootstrap: wait in mountNonDataPartitionMatchingKernelDisk for the disk (if not present already)
• many: support an API flag system-restart-immediate to make snap ops proceed immediately with system restarts
• cmd/libsnap-confine-private: g_spawn_check_exit_status is deprecated since glib 2.69
• interfaces/seccomp: add clone3 to default template
• interfaces/apparmor/template.go: allow inspection of dbus mediation level
• interfaces/dsp: add a usb rule to the ambarella flavor
• cmd/snap-confine: update s-c apparmor profile to allow versioned ld.so
• o/ifacestate: don't lose connections if snaps are broken
• interfaces/builtin/opengl.go: add libOpenGL.so* too
• interfaces/hardware-observe: add some dmi properties
• build-aux: stage libgcc1 library into snapd snap
• interfaces/block-devices: support to access the state of block devices
• packaging: ship the snapd.apparmor.service unit in debian

New snapd major release 2.52

New snapd release 2.52

See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.

• interface/builtin: add qualcomm-ipc-router interface for AF_QIPCRTR socket protocol
• o/ifacestate: special-case system-files and force refreshing its static attributes
• interfaces/network-control: additional ethernet rule
• packaging: update 2.52 changelog with 2.51.7
• interfaces/interfaces/ion-memory-control: add: add interface for ion buf
• packaging: merge 2.51.6 changelog back to 2.52
• secboot: use half the mem for KDF in AddRecoveryKey
• secboot: switch main key KDF memory cost to 32KB
• many: merge release/2.51 change to release/2.52
• .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap
• o/servicestate: use snap app names for ExplicitServices of ServiceAction
• tests/main/services-install-hook-can-run-svcs: add variant w/o --enable
• o/servicestate: revert only start enabled services
• tests: adding Ubuntu 21.10 to spread test suite
• interface/modem-manager: add support for MBIM/QMI proxy clients
• cmd/snap/model: support storage-safety and snaps headers too
• o/assertstate: Implement EnforcedValidationSets helper
• tests: using retry tool for nested tests
• gadget: check for system-save with multi volumes if encrypting correctly
• interfaces: make the service naming entirely internal to systemd BE
• tests/lib/reset.sh: fix removing disabled snaps
• store/store_download.go: use system snap provided xdelta3 priority + fallback
• packaging: merge changelog from 2.51.3 back to master
• overlord: only start enabled services
• interfaces/builtin: add sd-control interface
• tests/nested/cloud-init-{never-used,nocloud}-not-vuln: fix tests, use 2.45
• tests/lib/reset.sh: add workaround from refresh-vs-services tests for all tests
• o/assertstate: check for conflicts when refreshing and committing validation set asserts
• devicestate: add support to save timings from install mode
• tests: new tests.nested commands copy and wait-for
• install: add a bunch of nested timings
• tests: drop any-python wrapper
• store: set ResponseHeaderTimeout on the default transport
• tests: fix test-snapd-user-service-sockets test removing snap
• tests: moving nested_exec to nested.tests exec
• tests: add tests about services vs snapd refreshes
• client, cmd/snap, daemon: refactor REST API for quotas to match CLI org
• c/snap,asserts: create/delete-key external keypair manager interaction
• tests: revert disable of the delta download tests
• tests/main/system-usernames-microk8s: disable on centos 7 too
• boot: support device change
• o/snapstate: remove unused refreshSchedule argument for isRefreshHeld helper
• daemon/api_quotas.go: handle conflicts, returning conflict response
• tests: test for gate-auto-refresh hook error resulting in hold
• release: 2.51.2
• snapstate/check_snap: add snap_microk8s to shared system- usernames
• snapstate: remove temporary snap file for local revisions early
• interface: allows reading sd cards internal info from block-devices interface
• tests: Renaming tool nested-state to tests.nested
• testutil: fix typo in json checker unit tests
• tests: ack assertions by default, add --noack option
• overlord/devicestate: try to pick alternative recovery labels during remodel
• bootloader/assets: update recovery grub to allow system labels generated by snapd
• tests: print serial log just once for nested tests
• tests: remove xenial 32 bits
• sandbox/cgroup: do not be so eager to fail when paths do not exist
• tests: run spread tests in ubuntu bionic 32bits
• c/snap,asserts: start supporting ExternalKeypairManager in the snap key-related commands
• tests: refresh control spread test
• cmd/libsnap-confine-private: do not fail on ENOENT, better getline error handling
• tests: disable delta download tests for now until the store is fixed
• tests/nested/manual/preseed: fix for cloud images that ship without core18
• boot: properly handle tried system model
• tests/lib/store.sh: revert #10470
• boot, seed/seedtest: tweak test helpers
• o/servicestate: TODO and fix preexisting typo
• o/servicestate: detect conflicts for quota group operations
• cmd/snap/quotas: adjust help texts for quota commands
• many/quotas: little adjustments
• tests: add spread test for classic snaps content slots
• o/snapstate: fix check-rerefresh task summary when refresh control is used
• many: use changes + tasks for quota group operations
• tests: fix test snap-quota-groups when checking file cgroupProcsFile
• asserts: introduce ExternalKeypairManager
• o/ifacestate: do not visit same halt tasks in waitChainSearch to avoid cycles
• tests/lib/store.sh: fix make_snap_installable_with_id()
• overlord/devicestate, overlord/assertstate: use a temporary DB when creating recovery systems
• corecfg: allow using # snapd-edit: no header to disable pi-config# snapd-edit: no
• tests/main/interfaces-ssh-keys: tweak checks for openSUSE Tumbleweed
• cmd/snap: prevent cycles in waitChainSearch with snap debug state
• o/snapstate: fix populating of affectedSnapInfo.AffectingSnaps for marking self as affecting
• tests: new parameter used by retry tool to set env vars
• tests: support parameters for match-log on journal-state tool
• configcore: ignore system.pi-config.* setting on measured kernels
• sandbox/cgroup: support freezing groups with unified hierarchy
• tests: fix preseed test to used core20 snap on latest systems
• testutil: introduce a checker which compares the type after having passed them through a JSON marshaller
• store: tweak error message when store.Sections() download fails
• o/servicestate: stop setting DoneStatus prematurely for quota-control
• cmd/libsnap-confine-private: bump max depth of groups hierarchy to 32
• many: turn Contact into an accessor
• store: make the log with download size a debug one
• cmd/snap-update-ns: Revert "cmd/snap-update-ns: add SRCDIR to include search path"
• o/devicestate: move SystemMode method before first usage
• tests: skip tests when the sections cannot be retrieved
• boot: support resealing with a try model
• o/hookstate: dedicated handler for gate-auto-refresh hook
• tests: make sure the /root/snap dir is backed up on test snap-user-dir-perms-fixed
• cmd/snap-confine: make mount ns use check cgroup v2 compatible
• snap: fix TestInstallNoPATH unit test failure when SUDO_UID is set
• cmd/libsnap-confine-private/cgroup-support.c: Fix typo
• cmd/snap-confine, cmd/snapd-generator: fix issues identified by sparse
• o/snapstate: make conditional-auto-refresh conflict with other tasks via affected snaps
• many: pass device/model info to configcore via sysconfig.Device interface
• o/hookstate: return bool flag from Error function of hook handler to ignore hook errors
• cmd/snap-update-ns: add SRCDIR to include search path
• tests: fix for tests/main/lxd-mount-units test and enable ubuntu-21.04
• overlord, o/devicestate: use a single test helper for resetting to a post boot state
• HACKING.md: update instructions for go1.16+
• tests: fix restore for security-dev-input-event-denied test
• o/servicestate: move SetStatus to doQuotaControl
• tests: fix classic-prepare-image test
• o/snapstate: prune gating information and refresh-candidates on snap removal
• o/svcstate/svcstatetest, daemon/api_quotas: fix some tests, add mock helper
• cmd: a bunch of tweaks and updates
• o/servicestate: refactor meter handling, eliminate some common parameters
• o/hookstate/ctlcmd: allow snapctl refresh --pending --proceed syntax.
• o/snapstate: prune refresh candidates in check-rerefresh
• osutil: pass --extrausers option to groupdel
• o/snapstate: remove refreshed snap from snaps-hold in snapstate.doInstall
• tests/nested: add spread test for uc20 cloud.conf from gadgets
• boot: drop model from resealing and boostate
• o/servicestate, snap/quota: eliminate workaround for buggy systemds, add spread test
• o/servicestate: introduce internal and servicestatetest
• o/servicestate/quota_control.go: enforce minimum of 4K for quota groups
• overlord/servicestate: avoid unnecessary computation of disabled services
• o/hookstate/ctlcmd: do not call ProceedWithRefresh immediately from snapctl
• o/snapstate: prune hold state during autoRefreshPhase1
• wrappers/services.go: do not restart disabled or inactive services
• sysconfig/cloudinit.go: allow installing both gadget + ubuntu-seed config
• spread: switch LXD back to latest/candidate channel
• interfaces/opengl: add support for Imagination PowerVR
• boot: decouple model from seal/reseal handling via an auxiliary type
• spread, tests/main/lxd: no longer manual, switch to latest/stable
• github: try out golangci-lint
• tests: set lxd test to manual until failures are fixed
• tests: connect 30% of the interfaces on test interfaces-many-core-provided
• packaging/debian-sid: update snap-seccomp patches for latest master
• many: fix imports order (according to gci)
• o/snapstate: consider held snaps in autoRefreshPhase2
• o/snapstate: unlock the state before calling backend in undoStartSnapServices
• tests: replace "not MATCH" by NOMATCH in tests
• README.md: refer to new IRC server
• cmd/snap-preseed: provide more error info if snap-preseed fails early on mount
• daemon: add a Daemon argument to AccessChecker.CheckAccess
• c/snap-bootstrap: add bind option with tests
• interfaces/builtin/netlink_driver_test.go: add test snippet
• overlord/devicestate: set up recovery system tasks when attempting a remodel
• osutil,strutil,testutil: fix imports order (according to gci)
• release: merge 2.51.1 changelog
• cmd: fix imports order (according to gci)
• tests/lib/snaps/test-snapd-policy-app-consumer: remove dsp-control interface
• o/servicestate: move handlers tests to quota_handlers_test.go file instead
• interfaces: add netlink-driver interface
• interfaces: remove leftover debug print
• systemd: ref...

New bugfix release 2.51.7

New bugfix release 2.51.7

• cmd/snap-seccomp/syscalls: update syscalls list to libseccomp v2.2.0-428-g5c22d4b1
• tests: cherry-pick shellcheck fix bd730fd4
• interfaces/dsp: add /dev/ambad into dsp interface
• many: shellcheck fixes
• snapstate: abort kernel refresh if no gadget update can be found
• overlord: add manager test for "assumes" checking
• store: deal correctly with "assumes" from the store raw yaml

New bugfix release 2.51.6

New bugfix release 2.51.6

- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB

New bugfix release 2.51.5

New bugfix release 2.51.5

- snap/squashfs: handle squashfs-tools 4.5+
- tests/core20-install-device-file-install-via-hook-hack: adjust test for 2.51
- o/devicestate/handlers_install.go: add workaround to create dirs for install
- tests: fix linter warning
- tests: update other spread tests for new behaviour
- tests: ack assertions by default, add --noack option
- release-tools/changelog.py: also fix opensuse changelog date format
- release-tools/changelog.py: fix typo in function name
- release-tools/changelog.py: fix fedora date format
- release-tools/changelog.py: handle case where we don't have a TZ
- release-tools/changelog.py: fix line length check
- release-tools/changelog.py: specify the LP bug for the release as an arg too
- interface/modem-manager: add support for MBIM/QMI proxy clients
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap

New bugfix release 2.51.4

New bugfix release 2.51.4

• {device,snap}state: skip kernel extraction in seeding
• vendor: move to snapshot-4c814e1 branch and set fixed KDF options
• tests/interfaces/tee: fix HasLen check for udev snippets
• interfaces/tee: add support for Qualcomm qseecom device node
• gadget: check for system-save with multi volumes if encrypting correctly
• gadget: drive-by: drop unnecessary/supported passthrough in test gadget.yaml