Releases: snapcore/snapd
Releases · snapcore/snapd
New bugfix release 2.53.3
New snapd release 2.53.3
See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.
- devicestate: Unregister deletes the device key pair as well
- daemon,tests: support forgetting device serial via API
- configcore: relax validation rules for hostname
- o/devicestate: introduce DeviceManager.Unregister
- packaging/ubuntu, packaging/debian: depend on dbus-session-bus provider
- many: wait for up to 10min for NTP synchronization before autorefresh
- interfaces/interfaces/scsi_generic: add interface for scsi generic devices
- interfaces/microstack-support: set controlsDeviceCgroup to true
- interface/builtin/log_observe: allow to access /dev/kmsg
- daemon: write formdata file parts to snaps dir
- spread: run lxd tests with version from latest/edge
- cmd/libsnap-confine-private: fix snap-device-helper device allow list modification on cgroup v2
- interfaces/builtin/dsp: add proc files for monitoring Ambarella DSP firmware
- interfaces/builtin/dsp: update proc file accordingly
Full Changelog: 2.53.2...2.53.3
New bugfix release 2.53.2
New snapd release 2.53.2
See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.
- interfaces/builtin/block_devices: allow blkid to print block device attributes/run/udev/data/b{major}:{minor}
- cmd/libsnap-confine-private: do not deny all devices when reusing the device cgroup
- interfaces/builtin/time-control: allow pps access
- interfaces/u2f-devices: add Trezor and Trezor v2 keys
- interfaces: timezone-control, add permission for ListTimezones DBus call
- interfaces/apparmor/template.go: allow udevadm from merged usr systems
- interface/modem-manager: allow connecting to the mbim/qmi proxy
- interfaces/network-manager-observe: Update for libnm client library
- cmd/snap-seccomp/syscalls: update syscalls to match libseccomp abad8a8f4
- sandbox/cgroup: freeze and thaw cgroups related to services and scopes only
- o/hookstate: print cohort with snapctl refresh --pending
- cmd/snap-confine: lazy set up of device cgroup, only when devices were assigned
- tests: ensure systemd-timesyncd is installed on debian
- tests/lib/pkgdb: install strace on Debian 11 and Sid
- tests/main/snapd-sigterm: flush, use retry
- tests/main/snapd-sigterm: fix race conditions
- release-tools/repack-debian-tarball.sh: fix c-vendor dir
- data/selinux: allow snap-confine to read udev's database
- interfaces/dsp: add more ambarella things* interfaces/dsp: add more ambarella things
Full Changelog: 2.53.1...2.53.2
New bugfix release 2.53.1
What's Changed
- tests: force snapd-session-agent.socket to be re-generated by @sergiocazzolato in #10556
- tests/main/services-install-hook-can-run-svcs: make variants more obvious by @anonymouse64 in #10558
- tests/many: remove lxd systemd unit to prevent unexpected leftovers by @sergiocazzolato in #10560
- tests: removing Ubuntu 20.10, adding 21.04 nested in spread by @sergiocazzolato in #10555
- snap: change
snap login --help
to not mention "buy" by @mvo5 in #10533 - packaging: switch ubuntu to use golang-1.13 by @mvo5 in #10440
- config: add "virtual" config via config.RegisterVirtualConfig by @mvo5 in #10264
- o/devicestate, sysconfig: refactor cloud-init config permission handling by @anonymouse64 in #10536
- overlord/devicestate: UC20 specific set-model, managers tests by @bboozzoo in #10510
- github: enable gofmt for Go 1.13 jobs by @bboozzoo in #10569
- interfaces: s/specifc/specific/ by @woodrow-shen in #10566
- cmd/libsnap-confine-private: g_spawn_check_exit_status is deprecated since glib 2.69 by @bboozzoo in #10565
- tests: skip udp protocol on latest ubuntus by @sergiocazzolato in #10564
- cmd/snap-confine: refactor device cgroup handling to enable easier v2 integration by @bboozzoo in #10547
- asserts/snapasserts: CheckPresenceInvalid and CheckPresenceRequired methods by @stolowski in #10535
- snap/squashfs: handle squashfs-tools 4.5+ by @bboozzoo in #10567
- tests/main/snapd-snap: install 4.x snapcraft to build the snapd snap by @anonymouse64 in #10579
- interfaces/builtin: allow access to per-user GTK CSS overrides by @jhenstridge in #10574
- tests: update nested wait for snapd command by @sergiocazzolato in #10582
- o/snapstate: affectedByRefresh tweaks by @stolowski in #10578
- packaging: fix build failure on bionic and simplify rules by @mvo5 in #10568
- interfaces/tee: add support for Qualcomm qseecom device node by @kubiko in #10585
- tests: fix cached-results condition in github actions workflow by @sergiocazzolato in #10587
- cmd/libsnap-confine-private: move device cgroup files, add helper to deny a device by @bboozzoo in #10576
- configcore: register virtual config for timezone reading by @mvo5 in #10562
- o/snapstate: add AffectedByRefreshCandidates helper by @stolowski in #10581
- snap: support links map in snap.yaml (and later from the store API) by @pedronis in #10467
- tests: use bigger storage on ubuntu 21.10 by @sergiocazzolato in #10596
- vendor: move to snapshot-4c814e1 branch and set fixed KDF options by @mvo5 in #10591
- {device,snap}state: skip kernel extraction in seeding by @mvo5 in #10595
- packaging: merge 2.51.4 changelog back to master by @anonymouse64 in #10603
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap by @anonymouse64 in #10601
- configcore: fix a bunch of incorrect error returns by @mvo5 in #10600
- tests/nested/manual: enable serial assertions on testkeys nested VM's by @anonymouse64 in #10542
- configcore: fix early config timezone handling by @mvo5 in #10599
- wrappers: measure time to enable services in StartServices() by @mvo5 in #10604
- corecfg: add "system.hostname" setting to the system settings by @mvo5 in #9094
- c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags to snap/snapctl by @MiguelPires in #10593
- sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init datasource by @anonymouse64 in #10572
- tests: fix core-early-config test to use tests.nested tool by @sergiocazzolato in #10612
- o/snapstate: allow auto-refresh limited to snaps affected by a specific gating snap by @stolowski in #10515
- clang-format: stop breaking my includes by @bboozzoo in #10618
- o/assertstate: implement ValidationSetAssertionForEnforce helper by @stolowski in #10563
- o/devicestate/handlers_install.go: add workaround to create dirs for install by @anonymouse64 in #10608
- cmd/libsnap-confine-private: fix coverity issues in tests, tweak uses of g_assert() by @bboozzoo in #10616
- cmd/snap-device-helper: reimplement snap-device-helper by @bboozzoo in #10577
- o/snapstate: remove commented out code by @stolowski in #10627
- interfaces/builtin/raw_usb: fix platform typo, fix access to usb devices accessible through platform by @bboozzoo in #10624
- devicestate: add
snap debug timings --ensure=install-system
by @mvo5 in #10529 - config: rename "virtual" config to "external" config by @mvo5 in #10597
- build-aux: build with go-1.13 in the snapcraft build too by @mvo5 in #10629
- packaging: changelog for 2.51.5 to master by @anonymouse64 in #10621
- cmd/snap: print logs in local timezone by @MiguelPires in #10625
- cmd/libsnap-confine-private: fix issues identified by coverity by @bboozzoo in #10631
- o/hookstate: allow snapctl refresh --proceed from snaps by @stolowski in #10528
- usersession/agent: refactor common JSON validation into own function by @mardy in #10623
- daemon, o/snapstate: handle IgnoreValidation flag on install (2/3) by @stolowski in #10546
- spread: temporarily fix the ownership of /home/ubuntu/.ssh on 21.10 by @bboozzoo in #10632
- tests: remove the test user just when it was installed on create-user-2 test by @sergiocazzolato in #10637
- secboot: switch main key KDF memory cost to 32KB by @mvo5 in #10645
- secboot: use half the mem for KDF in AddRecoveryKey by @mvo5 in #10619
- packaging: merge 2.51.6 changelog back to master by @anonymouse64 in #10650
- packaging: remove TEST_GITHUB_AUTOPKGTEST support by @mvo5 in #10641
- tests: stop the service when is active in test interfaces-firewall-control test by @sergiocazzolato in #10638
- secboot: remove duplicate import by @xnox in #10654
- .github/workflows: add codedov again by @anonymouse64 in #10648
- tests: update systems for sru validation by @sergiocazzolato in #10635
- tests: fix timing issue on security-dev-input-event-denied test by @sergiocazzolato in #10652
- tests: clean snaps.sh helper by @sergiocazzolato in #10343
- tests: fix services-refresh-mode test by @sergiocazzolato in #10646
- cmd, packaging: import BPF headers from kernel, detect whether host headers are usable by @bboozzoo in #10640
- testutil: add DeepUnsortedMatches Checker by @MiguelPires in #10643
- interfaces/u2f-devices: add Nitrokey FIDO2 by @kkeijzer in #10642
- tests/main/services-install-hook-can-run-svcs: shellcheck issue fix by @bboozzoo in #10663
- github: do not try to upload coverage when working with cached run by @bboozzoo in #10665
- cmd/snap-seccomp/syscalls: update syscalls list to libseccomp v2.2.0-428-g5c22d4b by @bboozzoo in #10667
- i18n/xgettext-go: preserve already escaped quotes by @MiguelPires in #10668
- .github/workflows/test.yaml: test github.events key by @anonymouse64 in #10662
- tests: set to 10 minutes the kill timeout for tests failing on slow boards by @sergiocazzolato in #10664
- gadget: Export mkfs functions for use in ubuntu-image by @GlenPickle in #10592
- cgroup-sup...
New major release 2.53
New major release
New bugfix release 2.52.1
Bugfixes:
- snap-bootstrap: wait in
mountNonDataPartitionMatchingKernelDisk
for the disk (if not present already) - many: support an API flag system-restart-immediate to make snap ops proceed immediately with system restarts
- cmd/libsnap-confine-private: g_spawn_check_exit_status is deprecated since glib 2.69
- interfaces/seccomp: add clone3 to default template
- interfaces/apparmor/template.go: allow inspection of dbus mediation level
- interfaces/dsp: add a usb rule to the ambarella flavor
- cmd/snap-confine: update s-c apparmor profile to allow versioned ld.so
- o/ifacestate: don't lose connections if snaps are broken
- interfaces/builtin/opengl.go: add libOpenGL.so* too
- interfaces/hardware-observe: add some dmi properties
- build-aux: stage libgcc1 library into snapd snap
- interfaces/block-devices: support to access the state of block devices
- packaging: ship the
snapd.apparmor.service
unit in debian
New snapd major release 2.52
New snapd release 2.52
See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.
- interface/builtin: add qualcomm-ipc-router interface for AF_QIPCRTR socket protocol
- o/ifacestate: special-case system-files and force refreshing its static attributes
- interfaces/network-control: additional ethernet rule
- packaging: update 2.52 changelog with 2.51.7
- interfaces/interfaces/ion-memory-control: add: add interface for ion buf
- packaging: merge 2.51.6 changelog back to 2.52
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
- many: merge release/2.51 change to release/2.52
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap
- o/servicestate: use snap app names for ExplicitServices of ServiceAction
- tests/main/services-install-hook-can-run-svcs: add variant w/o --enable
- o/servicestate: revert only start enabled services
- tests: adding Ubuntu 21.10 to spread test suite
- interface/modem-manager: add support for MBIM/QMI proxy clients
- cmd/snap/model: support storage-safety and snaps headers too
- o/assertstate: Implement EnforcedValidationSets helper
- tests: using retry tool for nested tests
- gadget: check for system-save with multi volumes if encrypting correctly
- interfaces: make the service naming entirely internal to systemd BE
- tests/lib/reset.sh: fix removing disabled snaps
- store/store_download.go: use system snap provided xdelta3 priority + fallback
- packaging: merge changelog from 2.51.3 back to master
- overlord: only start enabled services
- interfaces/builtin: add sd-control interface
- tests/nested/cloud-init-{never-used,nocloud}-not-vuln: fix tests, use 2.45
- tests/lib/reset.sh: add workaround from refresh-vs-services tests for all tests
- o/assertstate: check for conflicts when refreshing and committing validation set asserts
- devicestate: add support to save timings from install mode
- tests: new tests.nested commands copy and wait-for
- install: add a bunch of nested timings
- tests: drop any-python wrapper
- store: set ResponseHeaderTimeout on the default transport
- tests: fix test-snapd-user-service-sockets test removing snap
- tests: moving nested_exec to nested.tests exec
- tests: add tests about services vs snapd refreshes
- client, cmd/snap, daemon: refactor REST API for quotas to match CLI org
- c/snap,asserts: create/delete-key external keypair manager interaction
- tests: revert disable of the delta download tests
- tests/main/system-usernames-microk8s: disable on centos 7 too
- boot: support device change
- o/snapstate: remove unused refreshSchedule argument for isRefreshHeld helper
- daemon/api_quotas.go: handle conflicts, returning conflict response
- tests: test for gate-auto-refresh hook error resulting in hold
- release: 2.51.2
- snapstate/check_snap: add snap_microk8s to shared system- usernames
- snapstate: remove temporary snap file for local revisions early
- interface: allows reading sd cards internal info from block-devices interface
- tests: Renaming tool nested-state to tests.nested
- testutil: fix typo in json checker unit tests
- tests: ack assertions by default, add --noack option
- overlord/devicestate: try to pick alternative recovery labels during remodel
- bootloader/assets: update recovery grub to allow system labels generated by snapd
- tests: print serial log just once for nested tests
- tests: remove xenial 32 bits
- sandbox/cgroup: do not be so eager to fail when paths do not exist
- tests: run spread tests in ubuntu bionic 32bits
- c/snap,asserts: start supporting ExternalKeypairManager in the snap key-related commands
- tests: refresh control spread test
- cmd/libsnap-confine-private: do not fail on ENOENT, better getline error handling
- tests: disable delta download tests for now until the store is fixed
- tests/nested/manual/preseed: fix for cloud images that ship without core18
- boot: properly handle tried system model
- tests/lib/store.sh: revert #10470
- boot, seed/seedtest: tweak test helpers
- o/servicestate: TODO and fix preexisting typo
- o/servicestate: detect conflicts for quota group operations
- cmd/snap/quotas: adjust help texts for quota commands
- many/quotas: little adjustments
- tests: add spread test for classic snaps content slots
- o/snapstate: fix check-rerefresh task summary when refresh control is used
- many: use changes + tasks for quota group operations
- tests: fix test snap-quota-groups when checking file cgroupProcsFile
- asserts: introduce ExternalKeypairManager
- o/ifacestate: do not visit same halt tasks in waitChainSearch to avoid cycles
- tests/lib/store.sh: fix make_snap_installable_with_id()
- overlord/devicestate, overlord/assertstate: use a temporary DB when creating recovery systems
- corecfg: allow using
# snapd-edit: no
header to disable pi-config# snapd-edit: no - tests/main/interfaces-ssh-keys: tweak checks for openSUSE Tumbleweed
- cmd/snap: prevent cycles in waitChainSearch with snap debug state
- o/snapstate: fix populating of affectedSnapInfo.AffectingSnaps for marking self as affecting
- tests: new parameter used by retry tool to set env vars
- tests: support parameters for match-log on journal-state tool
- configcore: ignore system.pi-config.* setting on measured kernels
- sandbox/cgroup: support freezing groups with unified hierarchy
- tests: fix preseed test to used core20 snap on latest systems
- testutil: introduce a checker which compares the type after having passed them through a JSON marshaller
- store: tweak error message when store.Sections() download fails
- o/servicestate: stop setting DoneStatus prematurely for quota-control
- cmd/libsnap-confine-private: bump max depth of groups hierarchy to 32
- many: turn Contact into an accessor
- store: make the log with download size a debug one
- cmd/snap-update-ns: Revert "cmd/snap-update-ns: add SRCDIR to include search path"
- o/devicestate: move SystemMode method before first usage
- tests: skip tests when the sections cannot be retrieved
- boot: support resealing with a try model
- o/hookstate: dedicated handler for gate-auto-refresh hook
- tests: make sure the /root/snap dir is backed up on test snap-user-dir-perms-fixed
- cmd/snap-confine: make mount ns use check cgroup v2 compatible
- snap: fix TestInstallNoPATH unit test failure when SUDO_UID is set
- cmd/libsnap-confine-private/cgroup-support.c: Fix typo
- cmd/snap-confine, cmd/snapd-generator: fix issues identified by sparse
- o/snapstate: make conditional-auto-refresh conflict with other tasks via affected snaps
- many: pass device/model info to configcore via sysconfig.Device interface
- o/hookstate: return bool flag from Error function of hook handler to ignore hook errors
- cmd/snap-update-ns: add SRCDIR to include search path
- tests: fix for tests/main/lxd-mount-units test and enable ubuntu-21.04
- overlord, o/devicestate: use a single test helper for resetting to a post boot state
- HACKING.md: update instructions for go1.16+
- tests: fix restore for security-dev-input-event-denied test
- o/servicestate: move SetStatus to doQuotaControl
- tests: fix classic-prepare-image test
- o/snapstate: prune gating information and refresh-candidates on snap removal
- o/svcstate/svcstatetest, daemon/api_quotas: fix some tests, add mock helper
- cmd: a bunch of tweaks and updates
- o/servicestate: refactor meter handling, eliminate some common parameters
- o/hookstate/ctlcmd: allow snapctl refresh --pending --proceed syntax.
- o/snapstate: prune refresh candidates in check-rerefresh
- osutil: pass --extrausers option to groupdel
- o/snapstate: remove refreshed snap from snaps-hold in snapstate.doInstall
- tests/nested: add spread test for uc20 cloud.conf from gadgets
- boot: drop model from resealing and boostate
- o/servicestate, snap/quota: eliminate workaround for buggy systemds, add spread test
- o/servicestate: introduce internal and servicestatetest
- o/servicestate/quota_control.go: enforce minimum of 4K for quota groups
- overlord/servicestate: avoid unnecessary computation of disabled services
- o/hookstate/ctlcmd: do not call ProceedWithRefresh immediately from snapctl
- o/snapstate: prune hold state during autoRefreshPhase1
- wrappers/services.go: do not restart disabled or inactive services
- sysconfig/cloudinit.go: allow installing both gadget + ubuntu-seed config
- spread: switch LXD back to latest/candidate channel
- interfaces/opengl: add support for Imagination PowerVR
- boot: decouple model from seal/reseal handling via an auxiliary type
- spread, tests/main/lxd: no longer manual, switch to latest/stable
- github: try out golangci-lint
- tests: set lxd test to manual until failures are fixed
- tests: connect 30% of the interfaces on test interfaces-many-core-provided
- packaging/debian-sid: update snap-seccomp patches for latest master
- many: fix imports order (according to gci)
- o/snapstate: consider held snaps in autoRefreshPhase2
- o/snapstate: unlock the state before calling backend in undoStartSnapServices
- tests: replace "not MATCH" by NOMATCH in tests
- README.md: refer to new IRC server
- cmd/snap-preseed: provide more error info if snap-preseed fails early on mount
- daemon: add a Daemon argument to AccessChecker.CheckAccess
- c/snap-bootstrap: add bind option with tests
- interfaces/builtin/netlink_driver_test.go: add test snippet
- overlord/devicestate: set up recovery system tasks when attempting a remodel
- osutil,strutil,testutil: fix imports order (according to gci)
- release: merge 2.51.1 changelog
- cmd: fix imports order (according to gci)
- tests/lib/snaps/test-snapd-policy-app-consumer: remove dsp-control interface
- o/servicestate: move handlers tests to quota_handlers_test.go file instead
- interfaces: add netlink-driver interface
- interfaces: remove leftover debug print
- systemd: ref...
New bugfix release 2.51.7
New bugfix release 2.51.7
- cmd/snap-seccomp/syscalls: update syscalls list to libseccomp v2.2.0-428-g5c22d4b1
- tests: cherry-pick shellcheck fix
bd730fd4
- interfaces/dsp: add /dev/ambad into dsp interface
- many: shellcheck fixes
- snapstate: abort kernel refresh if no gadget update can be found
- overlord: add manager test for "assumes" checking
- store: deal correctly with "assumes" from the store raw yaml
New bugfix release 2.51.6
New bugfix release 2.51.6
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
New bugfix release 2.51.5
New bugfix release 2.51.5
- snap/squashfs: handle squashfs-tools 4.5+
- tests/core20-install-device-file-install-via-hook-hack: adjust test for 2.51
- o/devicestate/handlers_install.go: add workaround to create dirs for install
- tests: fix linter warning
- tests: update other spread tests for new behaviour
- tests: ack assertions by default, add --noack option
- release-tools/changelog.py: also fix opensuse changelog date format
- release-tools/changelog.py: fix typo in function name
- release-tools/changelog.py: fix fedora date format
- release-tools/changelog.py: handle case where we don't have a TZ
- release-tools/changelog.py: fix line length check
- release-tools/changelog.py: specify the LP bug for the release as an arg too
- interface/modem-manager: add support for MBIM/QMI proxy clients
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap
New bugfix release 2.51.4
New bugfix release 2.51.4
- {device,snap}state: skip kernel extraction in seeding
- vendor: move to snapshot-4c814e1 branch and set fixed KDF options
- tests/interfaces/tee: fix HasLen check for udev snippets
- interfaces/tee: add support for Qualcomm qseecom device node
- gadget: check for system-save with multi volumes if encrypting correctly
- gadget: drive-by: drop unnecessary/supported passthrough in test gadget.yaml