-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-3b5ba1cd3f 2019-10-31 01:52:32.621487 --------------------------------------------------------------------------------
Name : snapd Product : Fedora 29 Version : 2.42 Release : 2.fc29 URL : https://github.com/snapcore/snapd Summary : A transactional software package manager Description : Snappy is a modern, cross-distribution, transactional package manager designed for working with self-contained, immutable packages.
-------------------------------------------------------------------------------- Update Information:
Update to snapd 2.42 -------------------------------------------------------------------------------- ChangeLog:
* Tue Oct 29 2019 Maciek Borzecki maciek.borzecki@gmail.com - 2.42-2 - Drop valgrind BR on ppc64le (RH#1766519) - Redirect stderr in dynamic executable check * Fri Oct 4 2019 Maciek Borzecki maciek.borzecki@gmail.com - 2.42-1 - Release snapd 2.42 to Fedora - Drop libtool patch - Drop cgroupv2 patch, changes are available in the release * Tue Oct 1 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.42 - tests: disable {contacts,calendar}-service tests on debian-sid - tests/main/snap-run: disable strace test cases on Arch - cmd/system-shutdown: include correct prototype for die - snap/naming: add test for hook name connect-plug-i2c - cmd/snap-confine: allow digits in hook names - gadget: do not fail the update when old gadget snap is missing bare content - tests: disable {contacts,calendar}-service tests on Arch Linux - tests: move "centos-7" to unstable systems - interfaces/docker-support,kubernetes-support: misc updates for strict k8s - packaging: remove obsolete usr.lib.snapd.snap-confine in postinst - tests: add test that ensures our snapfuse binary actually works - packaging: use snapfuse_ll to speed up snapfuse performance - usersession/userd: make sure to export DBus interfaces before requesting a name - data/selinux: allow snapd to issue sigkill to journalctl - store: download propagates options to delta download - wrappers: allow snaps to install icon theme icons - debug: state-inspect debugging utility - sandbox/cgroup: introduce cgroup wrappers package - snap-confine: fix return value checks for udev functions - cmd/model: output tweaks, add'l tests - wrappers/services: add ServicesEnableState + unit tests - tests: fix newline and wrong test name pointed out in previous PRs - tests: extend mount-ns test to handle mimics - run-checks, tests/main/go: allow gofmt checks to be skipped on 19.10 - tests/main/interfaces-{calendar,contacts}-service: disable on 19.10 - tests: part3 making tests work on ubuntu-core-18 - tests: fix interfaces-timeserver-control on 19.10 - overlord/snapstate: config revision code cleanup and extra tests - devicestate: allow remodel to different kernels - overlord,daemon: adjust startup timeout via EXTEND_TIMEOUT_USEC using an estimate - tests/main/many: increase kill-timeout to 5m - interfaces/kubernetes-support: allow systemd-run to ptrace read unconfined - snapstate: auto transition on experimental.snapd-snap=true - tests: retry checking until the written file on desktop-portal- filechooser - tests: unit test for a refresh failing on configure hook - tests: remove mount_id and parent_id from mount-ns test data - tests: move classic-ubuntu-core-transition* to nightly - tests/mountinfo-tool: proper formatting of opt_fields - overlord/configstate: special-case "null" in transaction Changes() - snap-confine: fallback gracefully on a cgroup v2 only system - tests: debian sid now ships new seccomp, adjust tests - tests: explicitly restore after using LXD - snapstate: make progress reporting less granular - bootloader: little kernel support - fixme: rename ubuntu*architectures to dpkg*architectures - tests: run dbus-launch inside a systemd unit - channel: introduce Resolve and ResolveLocked - tests: run failing tests on ubuntu eoan due to is now set as unstable - systemd: detach rather than unmount .mount units - cmd/snap-confine: add unit tests for sc_invocation, cleanup memory leaks in tests - boot,dirs,image: introduce boot.MakeBootable, use it in image instead of ad hoc code - cmd/snap-update-ns: clarify sharing comment - tests/overlord/snapstate: refactor for cleaner test failures - cmd/snap-update-ns: don't propagate detaching changes - interfaces: allow reading mutter Xauthority file - cmd/snap-confine: fix /snap duplication in legacy mode - tests: fix mountinfo-tool filtering when used with rewriting - seed,image,o/devicestate: extract seed loading to seed/seed16.go - many: pass the rootdir and options to bootloader.Find - tests: part5 making tests work on ubuntu-core-18 - cmd/snap-confine: keep track of snap instance name and the snap name - cmd: unify die() across C programs - tests: add functions to make an abstraction for the snaps - packaging/fedora, tests/lib/prepare-restore: helper tool for packing sources for RPM - cmd/snap: improve help and error msg for snapshot commands - hookstate/ctlcmd: fix snapctl set help message - cmd/snap: don't append / to snap name just because a dir exists - tests: support fastly-global.cdn.snapcraft.io url on proxy-no-core test - tests: add --quiet switch to retry-tool - tests: add unstable stage for travis execution - tests: disable interfaces-timeserver-control on 19.10 - tests: don't guess in is_classic_confinement_supported - boot, etc: simplify BootParticipant (etc) usage - tests: verify retry-tool not retrying missing commands - tests: rewrite "retry" command as retry-tool - tests: move debug section after restore - cmd/libsnap-confine-private, cmd/s-c: use constants for snap/instance name lengths - tests: measure behavior of the device cgroup - boot, bootloader, o/devicestate: boot env manip goes in boot - tests: enabling ubuntu 19.10-64 on spread.yaml - tests: fix ephemeral mount table in left over by prepare - tests: add version-tool for comparing versions - cmd/libsnap: make feature flag enum 1<<N style - many: refactor boot/boottest and move to bootloader/bootloadertest - tests/cross/go-build: use go list rather than shell trickery - HACKING.md: clarify where "make fmt" is needed - osutil: make flock test more robust - features, overlord: make parallel-installs exported, export flags on startup - overlord/devicestate: support the device service returning a stream of assertions - many: add snap model command, add /v2/model, /v2/model/serial REST APIs - debian: set GOCACHE dir during build to fix FTBFS on eoan - boot, etc.: refactor boot to have a lookup with different imps - many: add the start of Core 20 extensions support to the model assertion - overlord/snapstate: revert track-risk behavior change and validation on install - cmd/snap,image,seed: move image.ValidateSeed to seed.ValidateFromYaml - image,o/devicestate,seed: oops, make sure to clear seedtest helpers - tests/main/snap-info: update check.py for test-snapd-tools 2.0 - tests: moving tests to nightly suite - overlord/devicestate,seed: small step, introduce seed.LoadAssertions and use it from firstboot - snapstate: add comment to checkVersion vs strutil.VersionCompare - tests: add unit tests for cmd_whoami - tests: add debug section to interfaces-contacts-service - many: introduce package seed and seedtest - interfaces/bluez: enable communication between bluetoothd and meshd via dbus - cmd/snap: fix snap switch message - overlord/snapstate: check channel names on install - tests: check snap_daemon user and group on system-usernames- illegal test are not created - cmd/snap-confine: fix group and permission of .info files - gadget: do not error on gadget refreshes with multiple volumes - snap: use deterministic paths to find the built deb - tests: just build snapd commands on go-build test - tests: re-enable mount-ns test on classic - tests: rename fuse_support to fuse-support - tests: move restore-project-each code to existing function - tests: simplify interfaces-account-control test - i18n, vendor, packaging: drop github.com/ojii/gettext.go, use github.com/snapcore/go-gettext - tests: always say 'restore: |' - tests: new test to check the output after refreshing/reverting core - snapstate: validate all system-usernames before creating them - tests: fix system version check on listing test for external backend - tests: add check for snap_daemon user/group - tests: don't look for lxcfs in mountinfo - tests: adding support for arm devices on ubuntu-core-device-reg test - snap: explicitly forbid trying to parallel install from seed - tests: remove trailing spaces from shell scripts - tests: remove locally installed revisions of core - tests: fix removal of snaps on ubuntu-core - interfaces: support Tegra display drivers - tests: move interfaces-contacts-service to /tmp - interfaces/network-manager: allow using org.freedesktop.DBus.ObjectManager - tests: restore dpkg selections after upgrade-from-2.15 test - tests: pass --remove to userdel on core - snap/naming: simplify SnapSet somewhat - devicestate/firstboot: check for missing bases early - httputil: rework protocol error detection - tests: unmount fuse connections only if not initially mounted - snap: prevent duplicated snap name and snap files when parsing seed.yaml - tests: re-implement user tool in python - image: improve/tweak some warning/error messages - cmd/libsnap-confine-private: add checks for parallel instances feature flag - tests: wait_for_service shows status after actual first minute - sanity: report proper errror when fuse is needed but not available - snap/naming: introduce SnapRef, Snap, and SnapSet - image: support prepare-image --classic for snapd snap only imagesConsequently: - tests/main/mount-ns: account for clone_children in cpuset cgroup on 18.04 - many: merging asserts.Batch Precheck with CommitTo and other clarifications - devicestate: add missing test for remodeling possibly removing required flag - tests: use user-tool to remove test user in the non-home test - overlord/configstate: sort patch keys to have deterministic order with snap set - many: generalize assertstate.Batch to asserts.Batch, have assertstate.AddBatch - gadget, overlord/devicestate: rename Position/Layout - store, image, cmd: make 'snap download' leave partials - httputil: improve http2 PROTOCOL_ERROR detection - tests: add new "user-tool" helper and use in system-user tests - tests: clean up after NFS tests - ifacestate: optimize auto-connect by setting profiles once after all connects - hookstate/ctlcmd: snapctl unset command - tests: allow test user XDG_RUNTIME_DIR to phase out - tests: cleanup "snap_daemon" user in system-usernames-install- twice - cmd/snap-mgmt: set +x on startup - interfaces/wayland,x11: allow reading an Xwayland Xauth file - many: move channel parsing to snap/channel - check-pr-title.py: allow {} in pr prefix - tests: spam test logs less while waiting for systemd unit to stop - tests: remove redundant activation check for snapd.socket snapd.service - tests: trivial snapctl test cleanup - tests: ubuntu 18.10 removed from the google-sru backend on the spread.yaml - tests: add new cases into arch_test - tests: clean user and group for test system-usernames-install- twice - interfaces: k8s worker node updates - asserts: move Model to its own model.go - tests: unmount binfmt_misc on cleanup - tests: restore nsdelegate clobbered by LXD - cmd/snap: fix snap unset help string - tests: unmount fusectl after testing - cmd/snap: fix remote snap info for parallel installed snaps * Tue Sep 3 2019 Neal Gompa ngompa13@gmail.com - 2.41-1 - Release 2.41 to Fedora (RH#1722957) - Add proposed patches to gracefully degrade on cgroups v2 (RH#1438079) - Add support for EL8 * Fri Aug 30 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.41 - overlord/snapstate: revert track-risk behavior - tests: fix snap info test - httputil: rework protocol error detection - gadget: do not error on gadget refreshes with multiple volumes - i18n, vendor, packaging: drop github.com/ojii/gettext.go, use github.com/snapcore/go-gettext - snapstate: validate all system-usernames before creating them - mkversion.sh: fix version from git checkouts - interfaces/network-{control,manager}: allow 'k' on /run/resolvconf/** - interfaces/wayland,x11: allow reading an Xwayland Xauth file - interfaces: k8s worker node updates - debian: re-enable systemd environment generator - many: create system-usernames user/group if both don't exist - packaging: fix symlink for snapd.session-agent.socket - tests: change cgroups so that LXD doesn't have to - interfaces/network-setup-control: allow dbus netplan apply messages - tests: add /var/cache/snapd to the snapd state to prevent error on the store - tests: add test for services disabled during refresh hook - many: simpler access to snap-seccomp version-info - snap: cleanup some tests, clarify some errorsThis is a follow up from work on system usernames: - osutil: add osutil.Find{Uid,Gid} - tests: use a different archive based on the spread backend on go- build test - cmd/snap-update-ns: fix pair of bugs affecting refresh of snap with layouts - overlord/devicestate: detect clashing concurrent (ongoing, just finished) remodels or changes - interfaces/docker-support: declare controls-device-cgroup - packaging: fix removal of old apparmor profile - store: use track/risk for "channel" name when parsing store details - many: allow 'system-usernames' with libseccomp > 2.4 and golang- seccomp > 0.9.0 - overlord/devicestate, tests: use gadget.Update() proper, spread test - overlord/configstate/configcore: allow setting start_x=1 to enable CSI camera on RPi - interfaces: remove BeforePrepareSlot from commonInterface - many: support system-usernames for 'snap_daemon' user - overlord/devicestate,o/snapstate: queue service commands before mark-seeded and other final tasks - interfaces/mount: discard mount ns on backend Remove - packaging/fedora: build on RHEL8 - overlord/devicestate: support seeding a classic system with the snapd snap and no core - interfaces: fix test failure in gpio_control_test - interfaces, policy: remove sanitize helpers and use minimal policy check - packaging: use %systemd_user_* macros to enable session agent socket according to presets - snapstate, store: handle 429s on catalog refresh a little bit better - tests: part4 making tests work on ubuntu-core-18 - many: drop snap.ReadGadgetInfo wrapper - xdgopenproxy: update test API to match upstream - tests: show why sbuild failed - data/selinux: allow mandb_t to search /var/lib/snapd - tests: be less verbose when checking service status - tests: set sbuild test as manual - overlord: DeviceCtx must find the remodel context for a remodel change - tests: use snap info --verbose to check for base - sanity: unmount squashfs with --lazy - overlord/snapstate: keep current track if only risk is specified - interfaces/firewall-control: support nft routing expressions and device groups - gadget: support for writing symlinks - tests: mountinfo-tool fail if there are no matches - tests: sync journal log before start the test - cmd/snap, data/completion: improve completion for 'snap debug' - httputil: retry for http2 PROTOCOL_ERROR - Errata commit: pulseaudio still auto-connects on classic - interfaces/misc: updates for k8s 1.15 (and greengrass test) - tests: set GOTRACEBACK=1 when running tests - cmd/libsnap: don't leak memory in sc_die_on_error - tests: improve how the system is restored when the upgrade- from-2.15 test fails - interfaces/bluetooth-control: add udev rules for BT_chrdev devices - interfaces: add audio-playback/audio-record and make pulseaudio manually connect - tests: split the sbuild test in 2 depending on the type of build - interfaces: add an interface granting access to AppStream metadata - gadget: ensure filesystem labels are unique - usersession/agent: use background context when stopping the agent - HACKING.md: update spread section, other updates - data/selinux: allow snap-confine to read entries on nsfs - tests: respect SPREAD_DEBUG_EACH on the main suite - packaging/debian-sid: set GOCACHE to a known writable location - interfaces: add gpio-control interface - cmd/snap: use showDone helper with 'snap switch' - gadget: effective structure role fallback, extra tests - many: fix unit tests getting stuck - tests: remove installed snap on restore - daemon: do not modify test data in user suite - data/selinux: allow read on sysfs - packaging/debian: don't md5sum absent files - tests: remove test-snapd-curl - tests: remove test-snapd-snapctl-core18 in restore - tests: remove installed snap in the restore section - tests: remove installed test snap - tests: correctly escape mount unit path - cmd/Makefile.am: support building with the go snap - tests: work around classic snap affecting the host - tests: fix typo "current" - overlord/assertstate: add Batch.Precheck to check for the full validity of the batch before Commit - tests: restore cpuset clone_children clobbered by lxd - usersession: move userd package to usersession/userd - tests: reformat and fix markdown in snapd-state.md - gadget: select the right updater for given structure - tests: show stderr only if it exists - sessionagent: add a REST interface with socket activation - tests: remove locally installed core in more tests - tests: remove local revision of core - packaging/debian-sid: use correct apparmor Depends for Debian - packaging/debian-sid: merge debian upload changes back into master - cmd/snap-repair: make sure the goroutine doesn't stick around on timeout - packaging/fedora: github.com/cheggaaa/pb is no longer used - configstate/config: fix crash in purgeNulls - boot, o/snapst, o/devicest: limit knowledge of boot vars to boot - client,cmd/snap: stop depending on status/status-code in the JSON responses in client - tests: unmount leftover /run/netns - tests: switch mount-ns test to manual - overlord,daemon,cmd/snapd: move expensive startup to dedicated StartUp methods - osutil: add EnsureTreeState helper - tests: measure properties of various mount namespaces - tests: part2 making tests work on ubuntu-core-18 - interfaces/policy: minimal policy check for replacing sanitizeReservedFor helpers (1/2) - interfaces: add an interface that grants access to the PackageKit service - overlord/devicestate: update gadget update handlers and mocks - tests: add mountinfo-tool --ref-x1000 - tests: remove lxd / lxcfs if pre-installed - tests: removing support for ubuntu cosmic on spread test suite - tests: don't leak /run/netns mount - image: clean up the validateSuite - bootloader: remove "Dir()" from Bootloader interface - many: retry to reboot if snapd gets restarted before expected reboot - overlord: implement re-registration remodeling - cmd: revert PR#6933 (tweak of GOMAXPROCS) - cmd/snap: add snap unset command - many: add Client-User-Agent to "SnapAction" install API call - tests: first part making tests run on ubuntu-core-18 - hookstate/ctlcmd: support hidden commands in snapctl - many: replace snapd snap name checks with type checks (3/4) - overlord: mostly stop needing Kernel/CoreInfo, make GadgetInfo consider a DeviceContext - snapctl: handle unsetting of config options with "!" - tests: move core migration snaps to tests/lib/snaps dir - cmd/snap: handle unsetting of config options with "!" - cmd/snap, etc: add health to 'snap list' and 'snap info' - gadget: use struct field names when intializing data in mounted updater unit tests - cmd/snap-confine: bring /lib/firmware from the host - snap: set snapd snap type (1/4) - snap: add checks in validate-seed for missing base/default- provider - daemon: replace shutdownServer with net/http's native shutdown support - interfaces/builtin: add exec "/bin/runc" to docker-support - gadget: mounted filesystem updater - overlord/patch: simplify conditions for re-applying sublevel patches for level 6 - seccomp/compiler: adjust test case names and comment for later changes - tests: fix error doing snap pack running failover test - tests: don't preserve size= when rewriting mount tables - tests: allow reordering of rewrite operations - gadget: main update routine - overlord/config: normalize nulls to support config unsetting semantics - snap-userd-autostart: don't list as a startup application on the GUI - tests: renumber snap revisions as seen via writable - tests: change allocation for mount options - tests: re-enable ns-re-associate test - tests: mountinfo-tool allow many --refs - overlord/devicestate: implement reregRemodelContext with the essential re-registration logic - tests: replace various numeric mount options - gadget: filesystem image writer - tests: add more unit tests for mountinfo-tool - tests: introduce mountinfo-tool --ref feature - tests: refactor mountinfo-tool rewrite state - tests: allow renumbering mount namespace identifiers - snap: refactor and explain layout blacklisting - tests: renumber snap revisions as seen via hostfs - daemon, interfaces, travis: workaround build ID with Go 1.9, use 1.9 for travis tests - cmd/libsnap: add sc_error_init_{simple,api_misuse} - gadget: make raw updater handle shifted structures - tests/lib/nested: create WORK_DIR before accessing it - cmd/libsnap: rename SC_LIBSNAP_ERROR to SC_LIBSNAP_DOMAIN - cmd,tests: forcibly discard mount namespace when bases change - many: introduce healthstate, run check-health post-(install/refresh/try/revert) - interfaces/optical-drive: add scsi-generic type 4 and 5 support - cmd/snap-confine: exit from helper when parent dies * Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 2.39.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri Jul 12 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.40 - overlord/patch: simplify conditions for re-applying sublevel patches for level 6 - cmd,tests: forcibly discard mount namespace when bases change - cmd/snap-confine: handle device cgroup before pivot - cmd/snap-apparmor-service: quit if there are no profiles - cmd/snap, image: add --target-directory and --basename to 'snap download' - interfaces: add jack1 implicit classic interface - interfaces: miscellaneous policy updates - daemon: classic confinement is not supported on core - interfaces: bluetooth-control: add mtk BT device node - cmd/snap-seccomp: initial support for negative arguments with uid/gid caching - snap-confine: move seccomp load after permanent privilege drop - tests: new profiler snap used to track cpu and memory for snapd and snap commands - debian: make maintainer scripts do nothing on powerpc - gadget: mounted filesystem writer - cmd/snap: use padded checkers for snapshot output - bootloader: switch to bootloader_test style testing - gadget: add a wrapper for generating partitioned images with sfdisk - tests/main/snap-seccomp-syscalls: add description - tests: continue executing on errors either updating the repo db or installing dependencies - cmd/snap-seccomp/syscalls: add io_uring syscalls - systemd: add InstanceMode enumeration to control which systemd instance to control - netutil: extract socket activation helpers from daemon package. - interfaces: spi: update regex rules to accept spi nodes like spidev12345.0 - gadget: fallback device lookup - many: add strutil.ElliptLeft, use it for shortening cohorts - wrappers: allow sockets under $XDG_RUNTIME_DIR - gadget: add wrapper for creating and populating filesystems - gadget: add writer for offset-write - gadget: support relative symlinks in device lookup - snap, snapstate: additional validation of base field - many: fix some races and missing locking, make sure UDevMonitor is stopped - boot: move ExtractKernelAssets - daemon, snap: screenshots _only_ shows the deprecation notice, from 2.39 - osutil: add a workaround for overlayfs apparmor as it is used on Manjaro - snap: introduce GetType() function for snap.Info - tests: update systems to be used for during sru validation - daemon: increase `shutdownTimeout` to 25s to deal with slow HW - interfaces/network-manager: move deny ptrace to the connected slot - interfaces: allow locking of pppd files - cmd/snap-exec: fix snap completion for classic snaps with non /usr/lib/snapd libexecdir - daemon: expose pprof endpoints - travis: disable snap pack on OSX - client, cmd/snap: expose the new cohort options for snap ops - overlord/snapstate: tweak switch summaries - tests: reuse the image created initially for nested tests execution - tests/lib/nested: tweak assert disk prepare step - daemon, overlord/snapstate: support leave-cohort - tests/main/appstream-id: collect debug info - store,daemon: add client-user-agent support to store.SnapInfo - tests: add check for invalid PR titles in the static checks - tests: add snap-tool for easier access to internal tools - daemon: unexport file{Response,Stream} - devicestate: make TestUpdateGadgetOnClassicErrorsOut less racy - tests: fix test desktop-portal-filechooser - tests: sort commands from DumpCommands in the dumpDbHook - cmd/snap: add unit test for "advise-snap --dump-db". - bootloader: remove extra mock bootloader implementation - daemon: tweak for "add api endpoint for download" PR - packaging: fix reproducible build error - tests: synchronize journal logs before check logs - tests: fix snap service watchdog test - tests: use more readable test directory names - tests/regression/lp-1805485: update test description - overlord: make changes conflict with remodel - tests: make sure the snapshot unit test uses a snapshot time relative to Now() - tests: revert "tests: stop catalog-update/apt-hooks test for now" - tests: mountinfo-tool --one prints matches on failure - data/selinux: fix policy for snaps with bases and classic snaps - debian: fix building on eoan by tweaking golang build-deps - packaging/debian-sid: update required golang version to 1.10 - httputil: handle "no such host" error explicitly and do not retry it - overlord/snapstate, & fallout: give Install a *RevisionOptions - cmd/snap: don't run install on 'snap --help install' - gadget: raw/bare structure writer and updater - daemon, client, cmd/snap: show cohort key in snap info --verbose - overlord/snapstate: add update-gadget task when needed, block other changes - image: turn a missing default content provider into an error - overlord/devicestate: update-gadget-assets task handler with stubbed gadget callbacks - interface: builtin: avahi-observe/control: update label for implicit slot - tests/lib/nested: fix multi argument copy_remote - tests/lib/nested: have mkfs.ext4 use a rootdir instead of mounting an image - packaging: fix permissions powerpc docs dir - overlord: mock store to avoid net requests - debian: rework how we run autopkgtests - interface: builtin: avahi-observe/control: allow slots implementation also by app snap on classic system - interfaces: builtin: utils: add helper function to identify system slots - interfaces: add missing adjtimex to time-control - overlord/snapstate, snap: support base = "none" - daemon, overlord/snapstate: give RevisionOptions a CohortKey - data/selinux: permit init_t to remount snappy_snap_t - cmd/snap: test for a friendly error on 'okay' without 'warnings' - cmd/snap: support snap debug timings --startup=.. and measure loadState time - advise-snap: add --dump-db which dumps the command database - interfaces/docker-support: support overlayfs on ubuntu core - cmd/okay: Remove err message when warning file not exist - devicestate: disallow removal of snaps used in booting early - packaging: fix build-depends on powerpc - tests: run spread tests on opensuse leap 15.1 - strutil/shlex: fix ineffassign - cmd/snapd: ensure GOMAXPROCS is at least 2 - cmd/snap-update-ns: detach unused mount points - gadget: record gadget root directory used during positioning - tests: force removal to prevent restore fails when directory doesn't exist on lp-1801955 test - overlord: implement store switch remodeling - tests: stop using ! for naive negation in shell scripts - snap,store,daemon,client: send new "Snap-Client-User-Agent" header in Search() - osutil: now that we require golang-1.10, use user.LookupGroup() - spread.yaml,tests: change MATCH and REBOOT to cmds - packaging/fedora: force external linker to ensure static linking and -extldflags use - timings: tweak the conditional for ensure timings - timings: always store ensure timings as long as they have an associated change - cmd/snap: tweak the output of snap debug timings --ensure=... - overlord/devicestate: introduce remodel kinds and contextsregistrationContext: - snaptest: add helper for mocking snap with contents - snapstate: allow removal of non-model kernels - tests: change strace parameters on snap-run test to avoid the test gets stuck - gadget: keep track of the index where structure content was defined - cmd/snap-update-ns: rename leftover ctx to upCtx - tests: add "not" command - spread.yaml: use "snap connections" in debug - tests: fix how strings are matched on auto-refresh-retry test - spread-shellcheck: add support for variants and environment - gadget: helper for shifting structure start position - cmd/snap-update-ns: add several TODO comments - cmd/snap-update-ns: rename ctx to upCtx - spread.yaml: make HOST: usage shellcheck-clean - overlord/snapstate, daemon: snapstate.Switch now takes a RevisionOption - tests: add mountinfo-tool - many: make snapstate.Update take *RevisionOptions instead of chan, rev - tests/unit/spread-shellcheck: temporary workaround for SC2251 - daemon: refactor user ops to api_users - cmd/snap, tests: refactor info to unify handling of 'direct' snaps - cmd/snap-confine: combine sc_make_slave_mount_ns into caller - cmd/snap-update-ns: use "none" for propagation changes - cmd/snap-confine: don't pass MS_SLAVE along with MS_BIND - cmd/snap, api, snapstate: implement "snap remove --purge" - tests: new hotplug test executed on ubuntu core - tests: running tests on fedora 30 - gadget: offset-write: fix validation, calculate absolute position - data/selinux: allow snap-confine to do search on snappy_var_t directories - daemon, o/snapstate, store: support for installing from cohorts - cmd/snap-confine: do not mount over non files/directories - tests: validates snapd from ppa - overlord/configstate: don't panic on invalid configuration - gadget: improve device lookup, add helper for mount point lookup - cmd/snap-update-ns: add tests for executeMountProfileUpdate - overlord/hookstate: don't run handler unless hooksup.Always - cmd/snap-update-ns: allow changing mount propagation - systemd: workaround systemctl show quirks on older systemd versions - cmd/snap: allow option descriptions to start with the command - many: introduce a gadget helper for locating device matching given structure - cmd/snap-update-ns: fix golint complaints about variable names - cmd/snap: unit tests for debug timings - testutil: support sharing-related mount flags - packaging/fedora: Merge changes from Fedora Dist-Git and drop EOL Fedora releases - cmd/snap: support for --ensure argument for snap debug timings - cmd,sandbox: tweak seccomp version info handling - gadget: record sector size in positioned volume - tests: make create-user test support managed devices - packaging: build empty package on powerpc - overlord/snapstate: perform hard refresh check - gadget: add volume level update checks - cmd/snap: mangle descriptions that have indent > terminal width - cmd/snap-update-ns: rename applyFstab to executeMountProfileUpdate - cmd/snap-confine: unshare per-user mount ns once - tests: retry govendor sync - tests: avoid removing snaps which are cached to speed up the prepare on boards - tests: fix how the base snap are deleted when there are multiple to deleted on reset - cmd/snap-update-ns: merge apply functions - many: introduce assertstest.SigningAccounts and AddMany test helpers - interfaces: special-case "snapd" in sanitizeSlotReservedForOS* helpers - cmd/snap-update-ns: make apply{User,System}Fstab identical - gadget: introduce checkers for sanitizing structure updates - cmd/snap-update-ns: move apply{Profile,{User,System}Fstab} to same file - overlord/devicestate: introduce registrationContext - cmd/snap-update-ns: add no-op load/save current user profile logic - devicestate: set "new-model" on the remodel change - devicestate: use deviceCtx in checkGadgetOrKernel - many: use a fake assertion model in the device contexts for tests - gadget: fix handling of positioning constrains for structures of MBR role - snap-confine: improve error when running on a not /home homedir - devicestate: make Remodel() return a state.Change - many: make which store to use contextualThis reworks snapstate.Store instead of relying solely on DeviceContext, because: - tests: enable tests on centos 7 again - interfaces: add login-session-control interface - tests: extra debug for snapshot-basic test - overlord,overlord/devicestate: do without GadgetInfo/KernelInfo in devicestate - gadget: more validation checks for legacy MBR structure type & role - osutil: fix TestReadBuildGo test in sbuild - data: update XDG_DATA_DIRS via the systemd environment.d mechanism too - many: do without device state/assertions accessors based on state only outside of devicestate/tests - interfaces/dbus: fix unit tests when default snap mount dir is not /snap - tests: add security-seccomp to verify seccomp with arg filtering - snapshotstate: disable automatic snapshots on core for now - snapstate: auto-install snapd when needed - overlord/ifacestate: update static attributes of "content" interface - interfaces: add support for the snapd snap in the dbus backend* - overlord/snapstate: tweak autorefresh logic if network is not available - snapcraft: also include ld.so.conf from libc in the snapcraft.yml - snapcraft.yaml: fix links ld-linux-x86-64.so.2/ld64.so.2 - overlord: pass a DeviceContext to the checkSnap implementations - daemon: add RootOnly flag to commands - many: make access to the device model assertion etc contextual via a DeviceCtx hook/DeviceContext interface - snapcraft.yaml: include libc6 in snapd - tests: reduce snapcraft leftovers from PROJECT_PATH, temp disable centos - overlord: make the store context composably backed by separate backends for device asserts/info etc. - snapstate: revert "overlord/snapstate: remove PlugsOnly" - osutil,cmdutil: move CommandFromCore and make it use the snapd snap (if available) - travis: bump Go version to 1.10.x - cmd/snap-update-ns: remove instanceName argument from applyProfile - gadget: embed volume in positioned volume, rename fields - osutil: use go build-id when no gnu build-id is available - snap-seccomp: add 4th field to version-info for golang-seccomp features - cmd/snap-update-ns: merge computeAndSaveSystemChanges into applySystemFstab - cmd/snap, client, daemon, store: create-cohort - tests: give more time until nc returns on appstream test - tests: run spread tests on ubuntu 19.04 - gadget: layout, smaller fixes - overlord: update static attrs when reloading connections - daemon: verify snap instructions for multi-snap requests - overlord/corecfg: make expiration of automatic snapshots configurable (4/4) - cmd/snap-update-ns: pass MountProfileUpdate to apply{System,User}Fstab - snap: fix interface bindings on implicit hooks - tests: improve how snaps are cached - cmd/snap-update-ns: formatting tweaks - data/selinux: policy tweaks - cmd/snap-update-ns: move locking to the common layer - overlord: use private YAML inside several tests - cmd/snap, store, image: support for cohorts in "snap download" - overlord/snapstate: add timings to critical task handlers and the backend - cmd: add `snap debug validate-seed <path>` cmd - state: add possible error return to TaskSet.Edge() - snap-seccomp: use username regex as defined in osutil/user.go - osutil: make IsValidUsername public and fix regex - store: serialize the acquisition of device sessions - interfaces/builtin/desktop: fonconfig v6/v7 cache handling on Fedora - many: move Device/SetDevice to devicestate, start of making them pluggable in storecontext - overlord/snapstate: remove PlugsOnly - interfaces/apparmor: allow running /usr/bin/od - spread: add qemu:fedora-29-64 - tests: make test parallel-install-interfaces work for boards with pre-installed snaps - interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern - spread.yaml: add qemu:centos-7-64 - overlord/devicestate: extra measurements related to populateStateFromSeed - cmd/snap-update-ns: move Assumption to {System,User}ProfileUpdate - cmd/libsnap: remove fringe error function - gadget: add validation of cross structure overlap and offset writes - cmd/snap-update-ns: refactor of profile application (3/N) - data/selinux: tweak the policy for runuser and s-c, interpret audit entries - tests: fix spaces issue in the base snaps names to remove during reset phase - tests: wait for man db cache is updated before after install snapd on Fedora - tests: extend timeout of sbuild test * Fri Jun 21 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.39.3 - daemon: increase `shutdownTimeout` to 25s to deal with slow HW - spread: run tests against openSUSE 15.1 - data/selinux: fix policy for snaps with bases and classic snaps * Fri Jun 14 2019 Neal Gompa ngompa13@gmail.com - 2.39.2-1 - Release 2.39.2 to Fedora (RH#1717448) - Drop patch included in this release * Tue Jun 11 2019 Maciej Borzecki maciek.borzecki@gmail.com - 2.39.1-2 - Fix SELinux policy to allow running hooks and services from snaps with bases and classic snaps - Bump SELinux policy version * Wed Jun 5 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.39.2 - debian: rework how we run autopkgtests - interfaces/docker-support: add overlayfs accesses for ubuntu core - data/selinux: permit init_t to remount snappy_snap_t - strutil/shlex: fix ineffassign - packaging: fix build-depends on powerpc * Tue Jun 4 2019 Neal Gompa ngompa13@gmail.com - 2.39.1-1 - Release 2.39.1 to Fedora (RH#1715505) - Backport SELinux policy fixes for systemd unit mount namespacing (RH#1708991) * Wed May 29 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.39.1 - spread: enable Fedora 30 - cmd/snap-confine, data/selinux: cherry pick Fedora 30 fixes - tests/unit/spread-shellcheck: temporary workaround for SC2251 - packaging: build empty package on powerpc - interfaces: special-case "snapd" in sanitizeSlotReservedForOS* helper - cmd/snap: mangle descriptions that have indent > terminal width - cmd/snap-confine: unshare per-user mount ns once - tests: avoid adding spaces to the base snaps names - systemd: workaround systemctl show quirks on older systemd versions * Mon May 6 2019 Neal Gompa ngompa13@gmail.com - 2.39-1 - Release 2.39 to Fedora (RH#1699087) - Enable basic SELinux integration - Fix changelog entry to fix build for EPEL 7 - Exclude bash and POSIX sh shebangs from mangling (LP:1824158) - Drop some old pre Fedora 28 logic * Fri May 3 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.39 - overlord/ifacestate: update static attributes of "content" interface - data/selinux: tweak the policy for runuser and s-c, interpret audit entries - snapshotstate: disable automatic snapshots on core for now - overlord/corecfg: make expiration of automatic snapshots configurable - snapstate: auto-install snapd when needed - interfaces: add support for the snapd snap in the dbus backend - overlord/snapstate: tweak autorefresh logic if network is not available - interfaces/apparmor: allow running /usr/bin/od - osutil,cmdutil: move CommandFromCore and make it use the snapd snap (if available) - daemon: also verify snap instructions for multi-snap requests - data/selinux: allow snap-confine to mount on top of bin - data/selinux: auto transition /var/snap to snappy_var_t - cmd: add `snap debug validate-seed <path>` cmd - interfaces/builtin/desktop: fonconfig v6/v7 cache handling on Fedora - interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern - tests: make snap-connections test work on boards with snaps pre- installed - tests: check for /snap/core16/current in core16-provided-by-core - tests: run livepatch test on 18.04 as well - devicestate: deal correctly with the "required" flag on Remodel - snapstate,state: add TaskSet.AddAllWithEdges() and use in doUpdate - snapstate: add new NoReRefresh flag and use in Remodel() - many: allow core as a fallback for core16 - snapcraft: build static fontconfig in the snapd snap - cmd/snap-confine: remove unused sc_open_snap_{update,discard}_ns - data/selinux: allow snapd to execute runuser under snappy_t - spread, tests: do not leave mislabeled files in restorecon test, attempt to catch similar files - interfaces: cleanup internal tool lookup in system-key - many: move auth.AuthContext to store.DeviceAndAuthContext, the implemention to a separate storecontext packageThis: - overlord/devicestate: measurements around ensure and related tasks - cmd: tweak internal tool lookup to accept more possible locations - overlord/snapstate,snapshotstate: create snapshot on snap removal - tests: run smoke tests on (almost) pristine systems - tests: system disable ssh for config defaults in gadget - cmd/debug: integrate new task timings with "snap debug timings" - tests/upgrade/basic, packaging/fedoar: restore SELinux context of /var/cache/fontconfig, patch pre-2.39 mount units - image: simplify prefer local logic and fixes - tests/main/selinux-lxd: make sure LXD from snaps works cleanly with enforcing SELinux - tests: deny ioctl - TIOCSTI with garbage in high bits - overlord: factor out mocking of device service and gadget w. prepare-device for registration tests - data/selinux, tests/main/selinux-clean: fine tune the policy, make sure that no denials are raised - cmd/libsnap,osutil: fix parsing of mountinfo - ubuntu: disable -buildmode=pie on armhf to fix memory issue - overlord/snapstate: inhibit refresh for up to a week - cmd/snap-confine: prevent cwd restore permission bypass - overlord/ifacestate: introduce HotplugKey type use short key in change summaries - many: make Remodel() download everything first before installing - tests: fixes discovered debugging refresh-app-awareness - overlord/snapstate: track time of postponed refreshes - snap-confine: set rootfs_dir in sc_invocation struct - tests: run create-user on core devices - boot: add flag file "meta/force-kernel-extraction" - tests: add regression test for systemctl race fix - overlord/snapshotstate: helpers for snapshot expirations - overlord,tests: perform soft refresh check in doInstall - tests: enable tests that write /etc/{hostname,timezone} on core18 - overlord/ifacestate: implement String() method of HotplugDeviceInfo for better logs/messages - cmd/snap-confine: move ubuntu-core fallback checks - testutil: fix MockCmd for shellcheck 0.5 - snap, gadget: move gadget read/validation into separate package, tweak naming - tests: split travis spread execution in 2 jobs for ubuntu and non ubuntu systems - testutil: make mocked command work with shellcheck from snaps - packaging/fedora, tests/upgrade/basic: patch existing mount units with SELinux context on upgrade - metautil, snap: extract yaml value normalization to a helper package - tests: use apt via eatmydata - dirs,overlord/snapstate: add Soft and Hard refresh checks - cmd/snap-confine: allow using tools from snapd snap - cmd,interfaces: replace local helpers with cmd.InternalToolPath - tweak: fix "make hack" on Fedora - snap: add validation of gadget.yaml - cmd/snap-update-ns: refactor of profile application - cmd/snap,client,daemon,store: layout and sanity tweaks for find/search options - tests: add workaround for missing cache reset on older snapd - interfaces: deal with the snapd snap correctly for apparmor 2.13 - release-tools: add debian-package-builder - tests: enable opensuse 15 and add force-resolution installing packages - timings: AddTag helper - testutil: run mocked commands through shellcheck - overlord/snapshotstate: support auto flag - client, daemon, store: search by common-id - tests: all the systems for google backend with 6 workers - interfaces: hotplug nested vm test, updated serial-port interface for hotplug. - sanity: use proper SELinux context when mounting squashfs - cmd/libsnap: neuter variables in cleanup functions - interfaces/adb-support: account for hubs on sysfs path - interfaces/seccomp: regenerate changed profiles only - snap: reject layouts to /lib/{firmware,modules} - cmd/snap-confine, packaging: support SELinux - selinux, systemd: support mount contexts for snap images - interfaces/builtin/opengl: allow access to Tegra X1 - cmd/snap: make 'snap warnings' output yamlish - tests: add check to detect a broken snap on reset - interfaces: add one-plus devices to adb-support - cmd: prevent umask from breaking snap-run chain - tests/lib/pkgdb: allow downgrade when installing packages in openSUSE - cmd/snap-confine: use fixed private tmp directory - snap: tweak parsing errors of gadget updates - overlord/ifacemgr: basic measurements - spread: refresh metadata on openSUSE - cmd/snap-confine: pass sc_invocation instead of numerous args around - snap/gadget: introduce volume update info - partition,bootloader: rename 'partition' package to 'bootloader' - interfaces/builtin: add dev/pts/ptmx access to docker_support - tests: restore sbuild test - strutil: make SplitUnit public, allow negative numbers - overlord/snapstate,: retry less for auto-stuff - interfaces/builtin: add add exec "/" to docker-support - cmd/snap: fix regression of snap saved command - cmd/libsnap: rename C enum for feature flag - cmd: typedef mountinfo structures - tests/main/remodel: clean up before reverting the state - cmd/snap-confine: umount scratch dir using UMOUNT_NOFOLLOW - timings: add new helpers, Measurer interface and DurationThreshold - cmd/snap-seccomp: version-info subcommand - errortracker: fix panic in Report if db cannot be opened - sandbox/seccomp: a helper package wrapping calls to snap-seccomp - many: add /v2/model API, `snap remodel` CLI and spread test - tests: enable opensuse tumbleweed back - overlord/snapstate, store: set a header when auto-refreshing - data/selinux, tests: refactor SELinux policy, add minimal tests - spread: restore SELinux context when we mess with system files - daemon/api: filter connections with hotplug-gone=true - daemon: support returning assertion information as JSON with the "json" query parameter - cmd/snap: hide 'interfaces' command, show deprecation notice - timings: base API for recording timings in state - cmd/snap-confine: drop unused dependency on libseccomp - interfaces/apparmor: factor out test boilerplate - daemon: extract assertions api endpoint implementation into api_asserts.go - spread.yaml: bump delta reference - cmd/snap-confine: track per-app and per-hook processes - cmd/snap-confine: make sc_args helpers const-correct - daemon: move a function that was between an other struct and its methods - overlord/snapstate: fix restoring of "old-current" revision config in undoLinkSnap - cmd/snap, client, daemon, ifacestate: show a leading attribute of a connection - cmd/snap-confine: call sc_should_use_normal_mode once - cmd/snap-confine: populate enter_non_classic_execution_environment - daemon: allow downloading snaps blobs via .../file - cmd/snap-confine: introduce sc_invocation - devicestate: add initial Remodel support - snap: remove obsolete license-* fields in the yaml - cmd/libsnap: add cgroup-pids-support module - overlord/snapstate/backend: make LinkSnap clean up more - snapstate: only keep 2 snaps on classic - ctlcmd/tests: tests tweaks (followup to #6322) * Tue Apr 23 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 2.38-3 - Rebuilt for fix in golang-github-seccomp-libseccomp-golang * Fri Apr 5 2019 Neal Gompa ngompa13@gmail.com - 2.38-2 - Readd snapd-login-service Provides for gnome-software for F29 and older * Thu Mar 21 2019 Neal Gompa ngompa13@gmail.com - 2.38-1 - Release 2.38 to Fedora (RH#1691296) - Switch to officially released main source tarball - Drop obsolete snapd-login-service Provides * Thu Mar 21 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.38 - overlord/snapstate,: retry less for auto-stuff - cmd/snap: fix regression of snap saved command - interfaces/builtin: add dev/pts/ptmx access to docker_support - overlord/snapstate, store: set a header when auto-refreshing - interfaces/builtin: add add exec "/" to docker-support - cmd/snap, client, daemon, ifacestate: show a leading attribute of a connection - interface: avahi-observe: Fixing socket permissions on 4.15 kernels - tests: check that apt works before using it - apparmor: support AppArmor 2.13 - snapstate: restart into the snapd snap on classic - overlord/snapstate: during refresh, re-refresh on epoch bump - cmd, daemon: split out the common bits of mapLocal and mapRemote - cmd/snap-confine: chown private /tmp to root.root - cmd/snap-confine: drop uid from random /tmp name - overlord/hookstate: apply pending transaction changes onto temporary configuration for snapctl get - cmd/snap: `snap connections` command - interfaces/greengrass_support: update accesses for GGC 1.8 - cmd/snap, daemon: make the connectivity check use GET - interfaces/builtin,/udev: add spec support to disable udev + device cgroup and use it for greengrass - interfaces/intel-mei: small follow up tweaks - ifacestate/tests: fix/improve udev mon test - interfaces: add multipass-support interface - tests/main/high-user-handling: fix the test for Go 1.12 - interfaces: add new intel-mei interface - systemd: decrease the checker counter before unlocking otherwise we can get spurious panics - daemon/tests: fix race in the disconnect conflict test - cmd/snap-confine: allow moving tasks to pids cgroup - tests: enable opensuse tumbleweed on spread - cmd/snap: fix `snap services` completion - ifacestate/hotplug: integration with udev monitor - packaging: build snapctl as a static binary - packaging/opensuse: move most logic to snapd.mk - overlord: fix ensure before slowness on Retry - overlord/ifacestate: fix migration of connections on upgrade from ubuntu-core - daemon, client, cmd/snap: debug GETs ask aspects, not actions - tests/main/desktop-portal-*: fix handling of python dependencies - interfaces/wayland: allow wayland server snaps function on classic too - daemon, client, cmd/snap: snap debug base-declaration - tests: run tests on opensuse leap 15.0 instead of 42.3 - cmd/snap: fix error messages for snapshots commands if ID is not uint - interfaces/seccomp: increase filter precision - interfaces/network-manager: no peer label check for hostname1 - tests: add a tests for xdg-desktop-portal integration - tests: not checking 'tracking channel' after refresh core on nested execution - tests: remove snapweb from tests - snap, wrappers: support StartTimeout - wrappers: Add an X-SnapInstanceName field to desktop files - cmd/snap: produce better output for help on subcommands - tests/main/nfs-support: use archive mode for creating fstab backup - many: collect time each task runs and display it with `snap debug timings <id>` - tests: add attribution to helper script - daemon: make ucrednetGet not loop - squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test - features,cmd/libsnap: add new feature "refresh-app-awareness" - overlord: fix random typos - interfaces/seccomp: generate global seccomp profile - daemon/api: fix error case for disconnect conflict - overlord/snapstate: add some randomness to the catalog refresh - tests: disable trusty-proposed for now - tests: fix upgrade-from-2.15 with kernel 4.15 - interfaces/apparmor: allow sending and receiving signals from ourselves - tests: split the test interfaces-many in 2 and remove snaps on restore - tests: use snap which takes 15 seconds to install on retryable- error test - packaging: avoid race in snapd.postinst - overlord/snapstate: discard mount namespace when undoing 1st link snap - cmd/snap-confine: allow writes to /var/lib/** - tests: stop catalog-update test for now - tests/main/auto-refresh-private: make sure to actually download with the expired macaroon - many: save media info when installing, show it when listing - userd: handle help urls which requires prepending XDG_DATA_DIRS - tests: fix NFS home mocking - tests: improve snaps-system-env test - tests: pre-cache core on core18 systems - interfaces/hotplug: renamed RequestedSlotSpec to ProposedSlot, removed Specification - debian: ensure leftover usr.lib.snapd.snap-confine is gone - image,cmd/snap,tests: introduce support for modern prepare-image --snap <snap>[=<channel>] - overlord/ifacestate: tweak logic for generating unique slot names - packaging: import debian salsa packaging work, add sbuild test and use in spead - overlord/ifacestate: hotplug-add-slot handler - image,cmd/snap: simplify --classic-arch to --arch, expose prepare-image - tests: run test snap as user in the smoke test - cmd/snap: tweak man output to have no doubled up .TP lines - cmd/snap, overlord/snapstate: silently ignore classic flag when a snap is strictly confined - snap-confine: remove special handling of /var/lib/jenkins - cmd/snap-confine: handle death of helper process - packaging: disable systemd environment generator on 18.04 - snap-confine: fix classic snaps for users with /var/lib/* homedirs - tests/prepare: prevent console-conf from running - image: bootstrapToRootDir => setupSeed - image,cmd/snap,tests: introduce prepare-image --classic - tests: update smoke/sandbox test for armhf - client, daemon: introduce helper for querying snapd API for the list of slot/plug connections - cmd/snap-confine: refactor and cleanup of seccomp loading - snapstate, snap: allow update/switch requests with risk only channel to DTRT - interfaces: add network-manager-observe interface - snap-confine: increase locking timeout to 30s - snap-confine: fix incorrect "sanity timeout 3s" message - snap-confine: provide proper error message on sc_sanity_timeout - snapd,state: improve error message on state reading failure - interfaces/apparmor: deny inet/inet6 in snap-update-ns profile - snap: fix reexec from the snapd snap for classic snaps - snap: fix hook autodiscovery for parallel installed snaps - overlord/snapstate: format the refresh time for the log - cmd/snap-confine: add special case for Jenkins - snapcraft.yaml: fix XBuildDeb PATH for go-1.10 - overlord/snapstate: validate instance names early - overlord/ifacestate: handler for hotplug-update-slot tasks - polkit: cast pid to uint32 to keep polkit happy for now - snap/naming: move various name validation helpers to separate package - tests: iterate getting journal logs to support delay on boards on daemon-notify test - cmd/snap: fix typo in cmd_wait.go - snap/channel: improve channel parsing - daemon, polkit: pid_t is signed - daemon: introduce /v2/connections snapd API endpoint - cmd/snap: small refactor of cmd_info's channel handling - overlord/snapstate: use an ad-hoc error when no results - cmd/snap: wrap "summary" better - tests: workaround missing go dependencies in debian-9 - daemon: try to tidy up the icon stuff a little - interfaces: add display-control interface - snapcraft.yaml: fix snap building in launchpad - tests: update fedora 29 workers to speed up the whole testing time - interfaces: add u2f-devices interface and allow reading udev +power_supply:* in hardware-observe - cmd/snap-update-ns: save errno from strtoul - tests: interfaces tests normalization - many: cleanup golang.org/x/net/context - tests: add spread test for system dbus interface - tests: remove -o pipefail - interfaces: add block-devices interface - spread: enable upgrade suite on fedora - tests/main/searching: video section got renamed to photo-and-video - interfaces/home: use dac_read_search instead of dac_override with 'read: all' - snap: really run the RunSuite - interfaces/camera: allow reading vendor/etc info from /run/udev/data/+usb:* - interfaces/dbus: be less strict about alternations for well-known names - interfaces/home: allow dac_override with 'read: all' - interfaces/pulseaudio: allow reading subdirectories of /etc/pulse - interfaces/system-observe: allow read on /proc/locks - run-checks: ensure we use go-1.10 if available - tests: get test-snapd-dbus-{provider,consumer} from the beta channel - interfaces/apparmor: mock presence of overlayfs root - spread: increase default kill-timeout to 30min - tests: simplify interfaces-contacts-service test - packaging/ubuntu: build with golang 1.10 - ifacestate/tests: extra test for hotplug-connect handler - packaging: make sure that /var/lib/snapd/lib/glvnd is accounted for - overlord/snapstate/backend: call fontconfig helpers from the new 'current' - kvm: load required kernel modules if necessary - cmd/snap: use a fake user for 'run' tests - tests: update systems for google sru backend - tests: fix install-snaps test by changing the snap info regex - interfaces: helpers for sorting plug/slot/connection refs - tests: moving core-snap-refresh-on-core test from main to nested suite - tests: fix daemon-notify test checking denials considering all the log lines - tests: skip lp-1802591 on "official" images - tests: fix listing tests to match "snap list --unicode=never" - debian: fix silly typo in the spread test invocation - interface: raw-usb: Adding ttyACM ttyACA permissions - tests: fix enable-disable-unit-gpio test on external boards - overlord/ifacestate: helper API to obtain the state of connections - tests: define new "tests/smoke" suite and use that for autopkgtests - cmd/snap-update-ns: explicitly check for return value from parse_arg_u - interfaces/builtin/opengl: allow access to NVIDIA VDPAU library - tests: auto-clean the test directory - cmd/snap: further tweak messaging; add a test - overlord/ifacestate: handler for hotplug-connect task - cmd/snap-confine: join freezer only after setting up user mount - cmd/snap-confine: don't preemptively create .mnt files - cmd/snap-update-ns: manually implement isspace - cmd/snap-update-ns: let the go parser know we are parsing -u - cmd/snap-discard-ns: fix name of user fstab files - snapshotstate: don't task.Log without the lock - tests: exclude some more slow tests from runs in autopkgtest - many: remove .user-fstab files from /run/snapd/ns - cmd/libsnap: pass --from-snap-confine when calling snap-update-ns as user - cmd/snap-update-ns: make freezer mockable - cmd/snap-update-ns: move XDG code to dedicated file - osutil: add helper for loading fstab from string - cmd/snap-update-ns: move existing code around, renaming some functions - overlord/configstate/configcore: support - and _ in cloud init field names - * cmd/snap-confine: use makedev instead of MKDEV - tests: review/fix the autopkgtest failures in disco - overlord: drop old v1 store api support from managers test - tests: new test for snapshots with more than 1 user * Thu Feb 28 2019 Neal Gompa ngompa13@gmail.com - 2.37.4-2 - Fix accidentally corrupted changelog merge * Thu Feb 28 2019 Zygmunt Bazyli Krynicki me@zygoon.pl - 2.37.4-1 - Release 2.37.4 to Fedora (RH#1683795) - Fix RPM macro in changelog (rpmlint) - Fix non-break space in changelog (rpmlint) * Wed Feb 27 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.37.4 - squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test - overlord/ifacestate: fix migration of connections on upgrade from ubuntu-core - tests: fix upgrade-from-2.15 with kernel 4.15 - interfaces/seccomp: increase filter precision - tests: remove snapweb from tests * Tue Feb 19 2019 Zygmunt Bazyli Krynicki me@zygoon.pl - 2.37.3-1 - Release 2.37.3 to Fedora (RH#1678603) * Mon Feb 18 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.37.3 - interfaces/seccomp: generate global seccomp profile - overlord/snapstate: add some randomness to the catalog refresh - tests: add upgrade test from 2.15.2ubuntu1 -> current snapd - snap-confine: fix fallback to ubuntu-core - packaging: avoid race in snapd.postinst - overlord/snapstate: discard mount namespace when undoing 1st link snap - cmd/snap-confine: allow writes to /var/lib/** again - tests: stop catalog-update/apt-hooks test until the catlog refresh is randomized - debian: ensure leftover usr.lib.snapd.snap-confine is gone * Wed Feb 6 2019 Neal Gompa ngompa13@gmail.com - 2.37.2-1 - Release 2.37.2 to Fedora (RH#1667460) * Wed Feb 6 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.37.2 - cmd/snap, overlord/snapstate: silently ignore classic flag when a snap is strictly confined - snap-confine: remove special handling of /var/lib/jenkins - cmd/snap-confine: handle death of helper process gracefully - snap-confine: fix classic snaps for users with /var/lib/* homedirs like jenkins/postgres - packaging: disable systemd environment generator on 18.04 - tests: update smoke/sandbox test for armhf - cmd/snap-confine: refactor and cleanup of seccomp loading - snap-confine: increase locking timeout to 30s - snap-confine: fix incorrect "sanity timeout 3s" message - snap: fix hook autodiscovery for parallel installed snaps - tests: iterate getting journal logs to support delay on boards on daemon-notify test - interfaces/apparmor: deny inet/inet6 in snap-update-ns profile - interfaces: add u2f-devices interface * Sun Feb 3 2019 Fedora Release Engineering releng@fedoraproject.org - 2.36.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Tue Jan 29 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.37.1 - cmd/snap-confine: add special case for Jenkins - tests: workaround missing go dependencies in debian-9 - daemon, polkit: pid_t is signed - interfaces: add display-control interface - interfaces: add block-devices interface - tests/main/searching: video section got renamed to photo-and-video - interfaces/camera: allow reading vendor/etc info from /run/udev/data/+usb - interfaces/dbus: be less strict about alternations for well-known names - interfaces/home: allow dac_read_search with 'read: all' - interfaces/pulseaudio: allow reading subdirectories of /etc/pulse - interfaces/system-observe: allow read on /proc/locks - tests: get test-snapd-dbus-{provider,consumer} from the beta channel - interfaces/apparmor: mock presence of overlayfs root - packaging/{fedora,opensuse,ubuntu}: add /var/lib/snapd/lib/glvnd * Wed Jan 16 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.37 - snapd: fix race in TestSanityFailGoesIntoDegradedMode test - cmd: fix snap-device-helper to deal correctly with hooks - tests: various fixes for external backend - interface: raw-usb: Adding ttyACM[0-9]* as many serial devices have device node /dev/ttyACM[0-9] - tests: fix enable-disable-unit-gpio test on external boards - tests: define new "tests/smoke" suite and use that for autopkgtests - interfaces/builtin/opengl: allow access to NVIDIA VDPAU library - snapshotstate: don't task.Log without the lock - overlord/configstate/configcore: support - and _ in cloud init field names - cmd/snap-confine: use makedev instead of MKDEV - tests: review/fix the autopkgtest failures in disco - systemd: allow only a single daemon-reload at the same time - cmd/snap: only auto-enable unicode to a tty - cmd/snap: right-align revision and size in info's channel map - dirs, interfaces/builtin/desktop: system fontconfig cache path is different on Fedora - tests: fix "No space left on device" issue on amazon-linux - store: undo workaround for timezone-less released-at - store, snap, cmd/snap: channels have released-at - snap-confine: fix incorrect use "src" var in mount-support.c - release: support probing SELinux state - release-tools: display self-help - interface: add new `{personal,system}-files` interface - snap: give Epoch an Equal method - many: remove unused interface code - interfaces/many: use 'unsafe' with docker-support change_profile rules - run-checks: stop running HEAD of staticcheck - release: use sync.Once around lazy intialized state - overlord/ifacestate: include interface name in the hotplug- disconnect task summary - spread: show free space in debug output - cmd/snap: attempt to restore SELinux context of snap user directories - image: do not write empty etc/cloud - tests: skip snapd snap on reset for core systems - cmd/snap-discard-ns: fix umount(2) typo - overlord/ifacestate: hotplug-remove-slot task handler - overlord/ifacestate: handler for hotplug-disconnect task - ifacestate/hotplug: updateDevice helper - tests: reset snapd state on tests restore - interfaces: return security setup errors - overlord: make InstallMany work like UpdateMany, issuing a single request to get candidates - systemd/systemd.go: add missing tests for systemd.IsActive - overlord/ifacestate: addHotplugSeqWaitTask helper - cmd/snap-confine: refactor call to snap-update-ns --user-mounts - tests: new backend used to run upgrade test suite - travis: short circuit failures in static and unit tests travis job - cmd: automatically fix localized <option>s to <option> - overlord/configstate,features: expose features to snapd tools - selinux: package to query SELinux status and verify/restore file contexts - wrappers: use new systemd.IsActive in core18 early boot - cmd: add tests for lintArg and lintDesc - httputil: retry on temporary net errors - cmd/snap-confine: remove unused sc_discard_preserved_mount_ns - wrappers: only restart service in core18 when they are active - overlord/ifacestate: helpers for serializing hotplug changes - packaging/{fedora,opensuse}: own /var/lib/snapd/cookie - systemd: start snapd.autoimport.service in --no-block mode - data/selinux: fix syntax error in definition of snappy_admin interface - snap/info: bind global plugs/slots to implicit hooks - cmd/snap-confine: remove SC_NS_MNT_FILE - spread: record each tests/upgrade job - osutil: do not import dirs - cmd/snap-confine: fix typo "a pipe" - tests: make security-device-cgroups-{devmode,jailmode} work on arm devices - tests: force test-snapd-daemon-notify exit 0 when the interface is not connected - overlord/snapstate: run 'remove' hook before 'auto-disconnect' - centos: enable SELinux support on CentOS 7 - apparmor: allow hard link to snap-specific semaphore files - tests/lib/pkgdb: disable weak deps on Fedora - release: detect too old apparmor_parser - tests: improve how the log is checked to see if the system is waiting for a reboot - cmd, dirs, interfaces/apparmor: update distro identification to support ID="archlinux" - spread, tests: add Fedora 29 - cmd/snap-confine: refactor calling snapd tools into helper module - apparmor: allow snap-update-ns access to common devices - cmd/snap-confine: capture initialized per-user mount ns - tests: reduce verbosity around package installation - data: set KillMode=process for snapd - cmd/snap: handle DNS error gracefully - spread, tests: use checkpoints when dumping audit log - tests/lib/prepare: make sure that SELinux context of repacked core snap is controlled - testutils: split checkers, tweak tests - tests: fix for tests test-*-cgroup - spread: show AVC audits when debugging, start auditd on Fedora - spread: drop Fedora 27, add Fedora 29 - tests/lib/reset: restore context of removed snapd directories - testutil: add File{Present,Absent} checkers - snap: add new `snap run --trace-exec` - tests: fix for failover test on how logs are checked - snapctl: add "services" - overlord/snapstate: use file timestamp to initialize timer - cmd/libsnap: introduce and use sc_strdup - interfaces: let NM access ifindex/ifupdown files - overlord/snapstate: on refresh, check new rev can read current - client, store: don't use store from client (use client from store) - tests/main/parallel-install-store: verify installation of more than one instance at a time - overlord: don't write system key if security setup fails - packaging/fedora/snapd.spec: fix bogus date in changelog - snapstate: update fontconfig caches on install - interfaces/apparmor/backend.go:411:38: regular expression does not contain any meta characters (SA6004) - asserts/header_checks.go:199:35: regular expression does not contain any meta characters (SA6004) - run staticcheck every time :-) - tests/lib/systemd-escape/main.go:46:14: printf-style function with dynamic first argument and no further arguments should use print- style function instead (SA1006) - tests/lib/fakestore/cmd/fakestore/cmd_run.go:66:15: the channel used with signal.Notify should be buffered (SA1017) - tests/lib/fakedevicesvc/main.go:55:15: the channel used with signal.Notify should be buffered (SA1017) - spdx/parser.go:30:1: only the first constant has an explicit type (SA9004) - overlord/snapstate/snapmgr.go:553:21: printf-style function with dynamic first argument and no further arguments should use print- style function instead (SA1006) - overlord/patch/patch3.go:44:70: printf-style function with dynamic first argument and no further arguments should use print-style function instead (SA1006) - cmd/snap/cmd_advise.go:200:2: empty branch (SA9003) - osutil/udev/netlink/conn.go:120:5: ineffective break statement. Did you mean to break out of the outer loop? (SA4011) - daemon/api.go:992:22: printf-style function with dynamic first argument and no further arguments should use print-style function instead (SA1006) - cmd/snapd/main.go:94:5: ineffective break statement. Did you mean to break out of the outer loop? (SA4011) - cmd/snap/cmd_userd.go:73:15: the channel used with signal.Notify should be buffered (SA1017) - cmd/snap/cmd_help.go:102:7: io.Writer.Write must not modify the provided buffer, not even temporarily (SA1023) - release: probe apparmor features lazily - overlord,daemon: mock security backends for testing - cmd/libsnap: move apparmor-support to libsnap - cmd: drop cruft from snap-discard-ns build rules - cmd/snap-confine: use snap-discard-ns ns to discard stale namespaces - cmd/snap-confine: handle mounted shared /run/snapd/ns - many: fix composite literals with unkeyed fields - dirs, wrappers, overlord/snapstate: make completion + bases work - tests: revert "tests: restore in restore, not prepare" - many: validate title - snap: make description maximum in runes, not bytes - tests: discard mount namespaces in reset.sh - tests/lib: sync cla check back from snapcraft - Revert "cmd/snap, tests/main/snap-info: highlight the current channel" - daemon: remove enableInternalInterfaceActions - mkversion: use "test -n" rather than "! test -z" - run-checks: assorted fixes - tests: restore in restore, not in prepare - cmd/snap: fix missing newline in "snap keys" error message - snap: epoch lists must contain no duplicate entries - interfaces/avahi_observe: Fix typo in comment - tests: add SPREAD_JOB to the description of systemd_create_and_start_unit - daemon, vendor: bump github.com/coreos/go-systemd/activation, handle API changes - Revert "cmd/snap-confine: don't allow mapping lib{uuid,blkid}" - packaging/fedora: use %_sysctldir macro - cmd/snap-confine: remove unneeded unshare - sanity: extend the kernel version check to cover CentOS/RHEL kernels - wrappers: remove all desktop files from a snap on removal - snap: add an explicit check for `epoch: null` loading - snap: check max description length in validate - spread, tests: add CentOS support - cmd/snap-confine: allow mapping more libc shards - cmd/snap-discard-ns: add support for --from-snap-confine - tests: make tinyproxy support systemd notify - tests: fix shellcheck - snap, store: rename `snap.Epoch`'s `Unset` to `IsZero` - store: add a test for a non-zero epoch refresh (with epoch bump) - store: v1 search doesn't send epoch, stop pretending it does - snap: make any "0" epoch be Unset, and marshalled to {[0],[0]} - overlord/snapstate: amend test should send local revision - tests: use mock-gpio.py in enable-disable-units-gpio test - snap: enforce minimal snap name len of 2 - cmd/libsnap: add sc_verify_snap_lock - cmd/snap-update-ns: extra debugging of trespassing events - userd: force zenity width if the text displayed is long - overlord/snapstate, store: always send epochs - cmd/snap-confine,snap-update-ns: discard quirks - cmd/snap: add nanosleep to blacklisted syscalls when running with --strace - cmd/snap-update-ns, tests: clean trespassing paths - nvidia, interfaces/builtin: OpenCL fixes - ifacestate/hotplug: removeDevice helper - cmd: install snap-discard-ns in "make hack" - overlord/ifacestate: setup security backends phased by backends first - ifacestate/helpers: added SystemSnapName mapper helper method - overlord/ifacestate: set hotplug-key of the connection when connecting hotplug slots - snapd: allow snap-update-ns to read /proc/version - cmd: handle tumbleweed and leap in autogen.sh - interfaces/tests: MockHotplugSlot test helper - store,daemon: make UserInfo,LoginUser part of the store interface - overlord/ifacestate: use remapper when checking if system snap is installed - tests: fix how pinentry is prepared for new gpg v 2.1 and 2.2 - packaging/arch: fix bash completions path - interfaces/builtin: add device-buttons interface for accessing events - tests, fakestore: extend refresh tests with parallel installed snaps - snap, store, overlord/snapshotstate: drop epoch pointers - snap: make Epoch default to {[0],[0]} on load from yaml - data/completion: pass documented arguments to completion functions - tests: skip opensuse from interfaces-openvswitch-support test - tests: simple reproducer for snap try and hooks bug - snapstate: do not allow classic mode for strict snaps - snap: make Epoch's MarshalJSON not simplify - store: remove unused currentSnap and currentSnapJSON - many: some small doc comment fixes in recent hotplug code - ifacestate/udevmonitor: added callback to signal end of enumeration - cmd/libsnap: add simplified feature flag checker - interfaces/opengl: add additional accesses for cuda - tests: add core18 only hooks test and fix running core18 only on classic - sanity, release, cmd/snap: refuse to try to do things on WSL. - cmd: make coreSupportsReExec faster - overlord/ifacestate: don't remove the dash when generating unique slot name - cmd/snap-seccomp: add full complement of ptrace constants - cmd: update autogen.sh for opensuse - interfaces/apparmor: allow access to /run/snap.$SNAP_INSTANCE_NAME - spread.yaml: add more systems to the autopkgtest and qemu backends - daemon: spool sideloaded snap into blob dir overlord/snapstate: address review feedback - packaging/opensuse: stop using golang-packaging - overlord/snapshots: survive an unknown user - wrappers: fix generating of service units with multiple `before` dependencies - data: run snapd.autoimport.service only after seeding - cmd/snap: unhide --name parameter to snap install, tweak help message - packaging/fedora: Merge changes from Fedora Dist-Git - tests/main/snap-service-after-before-install: verify after/before in snap install - overlord/ifacestate: mark connections disconnected by hotplug with hotplug-gone - ifacestate/ifacemgr: don't reload hotplug-gone connections on startup - tests: install dependencies during prepare - tests,store,daemon: ensure proxy settings are honored in auth/userinfo too - tests: core 18 does not support classic confinement - tests: add debug output for degraded test - strutil: make VersionCompare faster - overlord/snapshotstate/backend: survive missing directories - overlord/ifacestate: use map[string]*connState when passing conns around - tests: move fedora 28 to manual - overlord/snapshotstate/backend: be more verbose when SNAPPY_TESTING=1 - tests: removing fedora 26 system from spread.yaml - tests: linode execution is not needed anymore - tests/lib: adjust to changed systemctl behaviour on debian-9 - tests: fixes and new backend for tests on nested suite - strutil: let MatchCounter work with a nil regexp - ifacestate/helpers: findConnsForHotplugKey helper - many: move regexp.(Must)Compile out of non-init functions into variables - store: also make snaps downloaded via deltas 0600 - snap: use Lstat to determine snap size, remove ReadSnapInfoExceptSize - interfaces/builtin: add adb-support interface - tests: fail if install_snap_local fails - strutil: add extra test to CommaSeparatedList as suggested by mborzecki - cmd/snap, daemon, strutil: use CommaSeparatedList to split a CSL - ifacestate: optimize disconnect hooks - cmd/snap-update-ns: parse the -u <uid> command line option - cmd/snap, tests: snapshots for all - client, cmd/daemon: allow disabling keepalive, improve degraded mode unit tests - snap: only show "next" refresh time if its after the hold time - overlord/snapstate: run tests for classic snaps even on systems that don't support classic - overlord/standby: fix a race between standby goroutine and stop - cmd/snap-exec: don't fail on some try mode snaps - cmd/snap, userd, testutil: tweak DBus tests to use private session bus connection - cmd: remove remnants of sc_should_populate_mount_ns - client, daemon, cmd/snap: indicate that services are socket/timer activated - cmd/snap-seccomp: only look for PTRACE_GETFPX?REGS where available - cmd/snap-confine: remove SC_NS_FAIL_GRACEFULLY - snap/pack, cmd/snap: allow specifying the filename of 'snap pack' - cmd/snap-discard-ns: add support for per-user mount namespaces - cmd/snap-confine: remove stale mount profile along stale namespace - data/apt: close stderr when calling snap in the apt install hook. - tests/main: fixes for the new shellcheck - testutil, cmd/snap: introduce and use testutil.EqualsWrapped and fly - tests: initial setup for testing current branch on nested vm and hotplug management - cmd: refactor IPC and lifecycle of the helper process - tests/main/parallel-install-store: the store has caught up, do not expect failures - overlord/snapstate, snap, wrappers: start services in the right order during install - interfaces/browser-support, cmd/snap-seccomp: Allow read-only ptrace, for the Breakpad crash reporter - snap,client: use a different exit code for retryable errors - overlord/ifacestate: don't conflict on own discard-snap tasks when refreshing & doing garbage collection - cmd/snap: tweak `snap services` output when there is no services - interfaces/many: updates to support k8s worker nodes - cmd/snap: gnome-software install via snap:// handler - overlord/many: cleanup use of snapName vs. instanceName - snapstate: add command-chain to supported featureset - daemon, snap: mark screenshots as deprecated - interfaces: fix decoding of json numbers for static/dynamic attributes* ifstate: fix decoding of json numbers - cmd/snap: try not to panic on error from "snap try" - tests: new cosmic image for spread tests on gce - interfaces/system-key: add parser mtime and only discover features on write - overlord/snapshotstate/backend: detect path to tar in unit tests - tests/unit/gccgo: drop gccgo unit tests - cmd: use relative file names in locking APIs - interfaces: fix NormalizeInterfaceAttributes, add tests - overlord/snapshotstate/backend: fall back on sudo when no runuser - cmd/snap-confine: reduce verbosity of debug and error messages - systemd: extend Status() to work for socket and timer units - interfaces: typo 'allows' for consistency with other ifaces - systemd,wrappers: don't start disabled services - ifacestate: simplify task chaining in ifacestate.Connect - tests: ensure that goa-daemon is off - snap/pack, snap/squashfs: remove extra copy before mksquashfs - cmd/snap: block 'snap help <cmd> --all' - asserts, image: ensure kernel, gadget, base and required-snaps use valid snap names - apparmor: add unit test for probeAppArmorParser and simplify code - interfaces/apparmor: conditionally add explicit deny rules for ptrace - po: sync translations from launchpad - osutil: tweak handling of error adduser errors - cmd: rename ns_group to mount_ns - tests/main/interfaces-accounts-service: more debugging - snap/pack, snap/squashfs: use type to determine mksquashfs args - data/systemd, wrappers: tweak system-shutdown helper for core18 - tests: show list of processes when ifaces-accounts-service fails - tests: do not run degraded test in autopkgtest env - snap: overhaul validation error messages - ifacestate/hooks: only create interface hook tasks if hooks exist - osutil: workaround overlayfs on ubuntu 18.10 - interfaces/home: don't allow snaps to write to $HOME/bin - interfaces: improve Attr error further - snapstate: tweak GetFeatureFlagBool() to have a default argument - many: cleanup remaining parallel installs TODOs - image: improve validation of extra snaps * Tue Dec 18 2018 Neal Gompa ngompa13@gmail.com - 2.36.3-1 - Release 2.36.3 to Fedora - Remove merged patch * Fri Dec 14 2018 Michael Vogt mvo@ubuntu.com - New upstream release 2.36.3 - wrappers: use new systemd.IsActive in core18 early boot - httputil: retry on temporary net errors - wrappers: only restart service in core18 when they are active - systemd: start snapd.autoimport.service in --no-block mode - data/selinux: fix syntax error in definition of snappy_admin interfacewhen installing selinux-policy-devel package. - centos: enable SELinux support on CentOS 7 - cmd, dirs, interfaces/apparmor: update distro identification to support ID="archlinux" - apparmor: allow hard link to snap-specific semaphore files - overlord,apparmor: new syskey behaviour + non-ignored snap-confine profile errors - snap: add new `snap run --trace-exec` call - interfaces/backends: detect too old apparmor_parser * Thu Nov 29 2018 Michael Vogt mvo@ubuntu.com - New upstream release 2.36.2 - daemon, vendor: bump github.com/coreos/go-systemd/activation, handle API changes - snapstate: update fontconfig caches on install - overlord,daemon: mock security backends for testing - sanity, spread, tests: add CentOS - Revert "cmd/snap, tests/main/snap-info: highlight the current channel" - cmd/snap: add nanosleep to blacklisted syscalls when running with --strace - tests: add regression test for LP: #1803535 - snap-update-ns: fix trailing slash bug on trespassing error - interfaces/builtin/opengl: allow reading /etc/OpenCL/vendors - cmd/snap-confine: nvidia: pick up libnvidia-opencl.so - interfaces/opengl: add additional accesses for cuda * Wed Nov 21 2018 Neal Gompa ngompa13@gmail.com - 2.36-4 - Fix backport patch * Wed Nov 21 2018 Neal Gompa ngompa13@gmail.com - 2.36-3 - Backport fixes for EL7 support * Wed Nov 14 2018 Neal Gompa ngompa13@gmail.com - 2.36-2 - Fix runtime dependency for selinux subpackage for EL7 * Fri Nov 9 2018 Michael Vogt mvo@ubuntu.com - New upstream release 2.36.1 - tests,snap-confine: add core18 only hooks test and fix running core18 only hooks on classic - interfaces/apparmor: allow access to /run/snap.$SNAP_INSTANCE_NAME - spread.yaml: add more systems to the autopkgtest and qemu backends - daemon: spool sideloaded snap into blob dir - wrappers: fix generating of service units with multiple `before` dependencies - data: run snapd.autoimport.service only after seeding - tests,store,daemon: ensure proxy settings are honored in auth/userinfo too - packaging/fedora: Merge changes from Fedora Dist-Git - tests/lib: adjust to changed systemctl behaviour on debian-9 - tests/main/interfces-accounts-service: switch to busctl, more debugging - store: also make snaps downloaded via deltas 0600 - cmd/snap-exec: don't fail on some try mode snaps - cmd/snap, userd, testutil: tweak DBus tests to use private session bus connection - tests/main: fixes for the new shellcheck - cmd/snap-confine: remove stale mount profile along stale namespace - data/apt: close stderr when calling snap in the apt install hook * Sun Nov 4 2018 Neal Gompa ngompa13@gmail.com - 2.36-1 - Release 2.36 to Fedora * Wed Oct 24 2018 Michael Vogt mvo@ubuntu.com - New upstream release 2.36 - overlord/snapstate, snap, wrappers: start services in the right order during install - tests: the store has caught up, drop gccgo test, update cosmic image - cmd/snap: try not to panic on error from "snap try"`--devmode` - overlord/ifacestate: don't conflict on own discard-snap tasks when refreshing & doing garbage collection - snapstate: add command-chain to supported featureset - daemon, snap: mark screenshots as deprecated - interfaces: fix decoding of json numbers for static/dynamic attributes - data/systemd, wrappers: tweak system-shutdown helper for core18 - interfaces/system-key: add parser mtime and only discover features on write - interfaces: fix NormalizeInterfaceAttributes, add tests - systemd,wrappers: don't start disabled services - ifacestate/hooks: only create interface hook tasks if hooks exist - tests: do not run degraded test in autopkgtest env - osutil: workaround overlayfs on ubuntu 18.10 - interfaces: include invalid type in Attr error - many: enable layouts by default - interfaces/default: don't scrub with change_profile with classic - cmd/snap: speed up unit tests - vendor, cmd/snap: refactor to accommodate the new less buggy go- flags - daemon: expose snapshots to the API - interfaces: updates for default, screen-inhibit-control, tpm, {hardware,system,network}-observe - interfaces/hotplug: rename HotplugDeviceKey method to HotplugKey, update test interface - interfaces/tests: use TestInterface instead of a custom local helper - overlord/snapstate: export getFeatureFlagBool. - osutil,asserts,daemon: support force password change in system- user assertion - snap, wrappers: support restart-delay, generate RestartSec=<value> in service units - tests/ifacestate: moved asserts-related mocking into helper - image: fetch device store assertion if available - many: enable AppArmor on Arch - interfaces/repo: two helper methods for hotplug - overlord/ifacestate: add hotplug slots with implicit slots - interfaces/hotplug: helpers and struct updates - tests: run the snapd tests on Ubuntu 18.10 - snapstate: only report errors if there is an actual error - store: speedup unit tests - spread-shellcheck: fix interleaved error messages, tweaks - apparmor: create SnapAppArmorDir in setupSnapConfineReexec - ifacestate: implementation of defaultDeviceKey function for hotplug - cmd/snap-update-ns: remove empty placeholders used for mounting - snapshotstate: restore to current revision - tests/lib: rework the CLA checker - many: support and consider store friendly-stores when checking device scope constraints - overlord/snapstate: block parallel installs of snapd, core, base, kernel, gadget snaps - overlord/patch: patch for static plug/slot attributes - interfaces: honor static attributes when reloading conns - osutils: unit tests speedup; introduce ��run-checks --short- unit��. - systemd, wrappers: speed up wrappers unit tests - client: speedup unit tests - spread-shellcheck: use threads to parallelise - snap: validate plug and slot names - osutil, interfaces/apparmor: add and use of osutil.UnlinkMany - wrappers: do not depend on network.taget in socket units, tweak generated units - interfaces/apparmor: (un)load profiles in one apparmor_parser call - store: gracefully handle unexpected errors in 'action' response - cmd: put our manpages in section 8 - overlord: don't make become-operational interfere with user requests - store: tweak unmatched refresh result error log - snap, client, daemon, store: use and expose "media" more - tests,cmd/snap-update-ns: add test showing mount update bug cmd/snap-update-ns: better detection of snapd-made tmpfs - tests: spread tests for aliases with parallel installed snaps - interfaces/seccomp: allow using statx by default - store: gracefully handle unexpected errors in 'action' response - overlord/snapshotstate: chown the tempdir - cmd/snap: attempt to start the document portal if running with a session bus - snap: detect layouts vs layout in snap.yaml - interfaces/apparmor: handle overlayfs snippet for snap-update-ns - snapcraft.yaml: set grade to stable - tests: shellchecks, final round - interfaces/apparmor: handle overlayfs snippet for snap-update-ns - snap: detect layouts vs layout in snap.yaml - overlord/snapshotstate: store epoch in snapshot, check on restore - cmd/snap: tweak UX of snap refresh --list - overlord/snapstate: improve consistency, use validateInfoAndFlags also in InstallPath - snap: give Epoch a CanRead helper - overlord/snapshotstate: small refactor of internal helpers - interfaces/builtin: adding missing permission to create /run/wpa_supplicant directory - interfaces/builtin: avahi interface update - client, daemon: support passing of 'unaliased' option when installing from local files - selftest: rename selftest.Run() to sanity.Check() - interfaces/apparmor: report apparmor support level and policy - ifacestate: helpers for generating slot names for hotplug - overlord/ifacestate: make sure to pass in the Model assertion when enforcing policies - overlord/snapshotstate: store the SnapID in snapshot, block restore if changed - interfaces: generalize writable mimic profile - asserts,interfaces/policy: add support for on-store/on-brand/on- model plug/slot rule constraints - many: fetch the device store assertion together and in the context of interpreting snap-declarations - tests: disable gccgo tests on 18.04 for now, until dh-golang vs gccgo is fixed - tests/main/parallel-install-services: add spread test for snaps with services - tests/main/snap-env: extend to cover parallel installations of snaps - tests/main/parallel-install-local: rename from *-sideload, extend to run snaps - cmd/snapd,daemon,overlord: without snaps, stop and wait for socket - cmd/snap: tame the help zoo - tests/main/parallel-install-store: run installed snap - cmd/snap: add a bunch of TRANSLATORS notes (and a little more i18n) - cmd: fix C formatting - tests: remove unneeded cleanup from layout tests - image: warn on missing default-providers - selftest: add test to ensure selftest.checks is up-to-date - interfaces/apparmor, interfaces/builtin: tweaks for parallel snap installs - userd: extend the list of supported XDG Desktop properties when autostarting user applications - cmd/snap-update-ns: enforce trespassing checks - selftest: actually run the kernel version selftest - snapd: go into degraded mode when the selftest fails - tests: add test that runs snapctl with a core18 snap - tests: add snap install hook with base: core18 - overlord/{snapstate,assertstate}: parallel instances and refresh validation - interfaces/docker-support: add rules to read apparmor macros - tests: make nfs test available for more systems - tests: cleanup copy/paste dup in interfaces-network-setup-control - tests: using single sh snap in interface tests - overlord/snapstate: improve cleaup in mount-snap handler - tests: don't fail interfaces-bluez test if bluez is already installed - tests: find snaps just for edge and beta channels - daemon, snapstate: consistent snap list [--all] output with broken snaps - tests: fix listing to allow extra things in the notes column - cmd/snap: improve UX when removing specific snap revision - cmd/snap, tests/main/snap-info: highlight the current channel - interfaces/testiface: added TestHotplugInterface - snap: tweak commands - interfaces/hotplug: hotplug spec takes one slot definition - overlord/snapstate, snap: handle shared snap directories when installing/remove snaps with instance key - interfaces/opengl: misc accesses for VA-API - client, cmd/snap: expose warnings to the world - cmd/snap-update-ns: introduce trespassing state tracking - cmd/snap: commands no longer build their own client - tests: try to build cmd/snap for darwin - daemon: make error responders not printf when called with 1 argument - many: return real snap name in API response - overlord/state: return latest LastAdded time in WarningsSummary - many: mount namespace mapping for parallel installs of snaps - ifacestate/autoconnect: do not self-conflict on setup-profiles if core-phase-2 - client, cmd/snap: on !linux, exit when the client tries to Do something - tests: refactor for nested suite and tests fixed - tests: use lxd's waitready instead of polling lxd socket - ifacestate: don't initialize udev monitor until we have a system snap - interfaces: extra argument for static attrs in NewConnectedPlug/NewConnectedSlot - packaging/arch: sync packaging with AUR - snapstate/tests: serialize all appends in fake backend - snap-confine: make /lib/modules optional - cmd/snap: handle "snap interfaces core" better - store: move download tests into downloadSuite - tests,interfaces: run interfaces-account-control on UC18 - tests: fix install snaps test by adding link to /snap - tests: fix for nested test suite - daemon: fix snap list --all with parallel snap instances - snapstate: refactor tests to use SetModel* - wrappers: fix snap services order in tests - many: provide salt for generating instance-key in store requests - ifacestate: fix hang when retrying content providers - snapd-env-generator: fix when PATH is empty or unset - overlord/assertstate: propagate TaskSnapSetup error - client: catch and expose logs errors - overlord: integrate device enumeration with udev monitor - daemon, overlord/state: warnings pipeline - tests: add publisher regex to fix the snap-info test pass on sru - cmd: use systemdsystemgeneratorsdir, cleanup automake complaints, tweaks - cmd/snap-update-ns: remove the unused Secure type - osutil, o/snapshotstate, o/sss/backend: quick fixes - tests: update the listing expression to support core from different channels - store: use stable instance key in store refresh requests - cmd/snap-update-ns: detach Mk{Prefix,{File,Dir,Symlink{,All}}} - overlord/patch: support for sublevel patches - tests: update prepare/restore for nightly suite - cmd/snap-update-ns: detach BindMount from the Secure type - cmd/snap-update-ns: re-factor pair of helpers to call fstatfs once - ifacestate: retry on "discard-snap" in autoconnect conflict check - cmd/snap-update-ns: separate OpenPath from the Secure struct - wrappers: remove Wants=network-online.target - tests: add new core16-base test - store: refactor tests so that they work as store_test package - many: add refresh.rate-limit core option - tests: run account-control test with different bases - tests: port proxy test to use python tinyproxy - overlord: introduce snapshotstate. - testutil: allow Fstatfs results to vary over time - snap-update-ns: add comments about the "deadcode" in bootstrap.go - overlord: add chg.Err() in testUpdateWithAutoconnectRetry - many: remove deadcode - tests: also run unit/gccgo in 18.04 - tests: introduce a helper for installing local snaps with --name - tests: avoid removing core snap on reset - snap: use snap.SideInfo in test to fix build with gccgo - partition: remove unused runCommand - image: fix incorrect error when using local bases - overlord/snapstate: fix format - cmd: fix format - tests: setting "storage: preserve-size" just for amazon-linux system - tests: test for the hostname interface - interfaces/modem-manager: allow access to more USB strings - overlord: instantiate UDevMonitor - interfaces/apparmor: tweak naming, rename to AddLayout() - interfaces: take instance name in ifacetest.InstallSnap - snapcraft: do not use --dirty in mkversion - cmd: add systemd environment generator - devicestate: support getting (http) proxy from core config - many: rename ClientOpts to ClientOptions - prepare-image-grub-core18: remove image root in restore - overlord/ifacestate: remove "old-conn" from connect/undo connect handlers - packaging/fedora: Merge changes from Fedora Dist-Git - image: handle errors when downloadedSnapsInfoForBootConfig has no data - tests: use official core18 model assertion in tests - snap-confine: map /var/lib/extrausers into snaps mount-namespace - overlord,store: support proxy settings internally too - cmd/snap: bring back 'snap version' - interfaces/mount: tweak naming of things - strutil: fix MatchCounter to also work with buffer reuse - cmd,interfaces,tests: add /mnt to removable-media interface - systemd: do not run "snapd.snap-repair.service.in on firstboot bootstrap - snap/snapenv: drop some instance specific variables, use instance- specific ones for user locations - firstboot: sort by type when installing the firstboot snaps - cmd, cmd/snap: better support for non-linux - strutil: add new ParseByteSize - image: detect and error if bases are missing - interfaces/apparmor: do not downgrade confinement on arch with linux-hardened 4.17.4+ - daemon: add pokeStateLock helper to the daemon tests - snap/squashfs: improve error message from Build on mksquashfs failure - tests: remove /etc/alternatives from dirs-not-shared-with-host - cmd: support re-exec into the "snapd" snap - spdx: remove "Other Open Source" from the support licenses - snap: add new type "TypeSnapd" and attach to the snapd snap - interfaces: retain order of inserted security backends - tests: spread test for parallel-installs desktop file handling - overlord/devicestate: use OpenSSL's PEM format when generating keys - cmd: remove --skip-command-chain from snap run and snap-exec - selftest: detect if apparmor is unusable and error - snap,snap-exec: support command-chain for hooks - tests: significantly reduce execution time for managers test - snapstate: use new "snap.ByType" sorting - overlord/snapstate: fix UpdateMany() to work with parallel instances - testutil: have File* checker produce more useful error output - overlord/ifacestate: introduce connectOpts - interfaces: parallel instances support, extend unit tests - tests: normalize tests - snapstate: make InstallPath() return *snap.Info too - snap: add ByType sorting - interfaces: add cifs-mount interface - tests: use file based markers in snap-service-stop-mode - osutil: reorg and stub out things to get it building on darwin - tests/main/layout: cleanup after the test - osutil/sys: small tweaks to let it build on darwin - daemon, overlord/snapstate: set instance name when installing from snap file - many: move Uname to osutil, for more DRY and easier porting. - cmd/snap: create snap user directory when running parallel installed snaps - cmd/snap-confine: switch to validation of SNAP_INSTANCE_NAME - tests: basic test for parallel installs from the store - image: download the gadget from the model.GadgetTrack() - snapstate: add support for gadget tracks in model assertion - image: add support for "gadget=track" - overlord: handle sigterm during shutdown better - tests: add the original function to fix the errors on new kernels - tests/main/lxd: pull lxd from candidate; re��nable i386 - wayland: add extra sockets that are used by older toolkits (e.g. gtk3) - asserts: add support for gadget tracks in the model assertion - overlord/snapstate: improve feature flag validation - tests/main/lxd: run ubuntu-16.04 only on 64 bit variant - interfaces: workaround for activated services and newer DBus - tests: get the linux-image-extra available for the current kernel - interfaces: add new "sysfs-name" to i2c interfaces code - interfaces: disconnect hooks - cmd/libsnap: unify detection of core/classic with go - tests: fix autopkgtest failures in cosmic - snap: fix advice json - overlord/snapstate: parallel snap install - store: backward compatible instance-key handling for non-instance snaps - interfaces: add screencast-legacy for video and audio recording - tests: skip unsupported architectures for fedora-base-smoke test - tests: avoid using the journalctl cursor when it has not been created yet - snapstate: ensure normal snaps wait for the "snapd" snap on refresh - tests: enable lxd again everywhere - tests: new test for udisks2 interface - interfaces: add cpu-control for setting CPU tunables - overlord/devicestate: fix tests, set seeded in registration through proxy tests - debian: add missing breaks on cosmic - devicestate: only run device-hook when fully seeded - seccomp: conditionally add socketcall() based on system and base - tests: new test for juju client observe interface - overlord/devicestate: DTRT w/a snap proxy to reach a serial vault - snapcraft: set version information for the snapd snap - cmd/snap, daemon: error out if trying to install a snap using empty name - hookstate: simplify some hook tests - cmd/snap-confine: extend security tag validation to cover instance names - snap: fix mocking of systemkey in snap-run tests - packaging/opensuse: fix static build of snap-update-ns and snap- exec - interfaces/builtin: addtl network-manager resolved DBus fix - udev: skip TestParseUdevEvent on ppc - interfaces: miscellaneous policy updates - debian: add tzdata to build-dep to ensure snapd builds correctly - cmd/libsnap-confine-private: intoduce helpers for validating snap instance name and instance key - snap,snap-exec: support command-chain for app - interfaces/builtin: network-manager resolved DBus changes - snap: tweak `snap wait` command - cmd/snap-update-ns: introduce validation of snap instance names - cmd/snap: fix some corner-case test setup weirdness - cmd,dirs: fix various issues discovered by a Fedora base snap - tests/lib/prepare: fix extra snaps test * Mon Oct 15 2018 Michael Vogt mvo@ubuntu.com - New upstream release 2.35.5 - interfaces/home: don't allow snaps to write to $HOME/bin - osutil: workaround overlayfs on ubuntu 18.10 * Fri Oct 5 2018 Michael Vogt mvo@ubuntu.com - New upstream release 2.35.4 - wrappers: do not depend on network.taget in socket units, tweak generated units * Fri Oct 5 2018 Michael Vogt mvo@ubuntu.com - New upstream release 2.35.3 - overlord: don't make become-operational interfere with user requests - docker_support.go: add rules to read apparmor macros - interfaces/apparmor: handle overlayfs snippet for snap-update- nsFixes: - snapcraft.yaml: add workaround to fix snapcraft build - interfaces/opengl: misc accesses for VA-API * Wed Sep 12 2018 Michael Vogt mvo@ubuntu.com - New upstream release 2.35.2 - cmd,overlord/snapstate: go 1.11 format fixes - ifacestate: fix hang when retrying content providers - snap-env-generator: do nothing when PATH is unset - interfaces/modem-manager: allow access to more USB strings * Mon Sep 3 2018 Michael Vogt mvo@ubuntu.com - New upstream release 2.35.1 - packaging/fedora: Merge changes from Fedora Dist-Git - snapcraft: do not use --diry in mkversion.sh - cmd: add systemd environment generator - snap-confine: map /var/lib/extrausers into snaps mount-namespace - tests: cherry-pick test fixes from master for 2.35 - systemd: do not run "snapd.snap-repair.service.in on firstboot bootstrap - interfaces: retain order of inserted security backends - selftest: detect if apparmor is unusable and error --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-3b5ba1cd3f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org