[ubuntu/cosmic-security] snapd 2.37.4+18.10.1 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Thu Mar 21 20:56:59 UTC 2019


snapd (2.37.4+18.10.1) cosmic-security; urgency=medium

  * No change rebuild for cosmic-security (LP: #1812973)
    - CVE-2019-7303

snapd (2.37.4+18.10) cosmic; urgency=medium

  * New upstream release, LP: #1817949
    - squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
    - overlord/ifacestate: fix migration of connections on upgrade from
      ubuntu-core
    - tests: fix upgrade-from-2.15 with kernel 4.15
    - interfaces/seccomp: increase filter precision
    - tests: remove snapweb from tests

snapd (2.37.3) xenial; urgency=medium

  * New upstream release, LP: #1811233
    - interfaces/seccomp: generate global seccomp profile
    - overlord/snapstate: add some randomness to the catalog refresh
    - tests: add upgrade test from 2.15.2ubuntu1 -> current snapd
    - snap-confine: fix fallback to ubuntu-core
    - packaging: avoid race in snapd.postinst
    - overlord/snapstate: discard mount namespace when undoing 1st link
      snap
    - cmd/snap-confine: allow writes to /var/lib/** again
    - tests: stop catalog-update/apt-hooks test until the catlog refresh
      is randomized
    - debian: ensure leftover usr.lib.snapd.snap-confine is gone

snapd (2.37.2) xenial; urgency=medium

  * New upstream release, LP: #1811233
    - cmd/snap, overlord/snapstate: silently ignore classic flag when a
      snap is strictly confined
    - snap-confine: remove special handling of /var/lib/jenkins
    - cmd/snap-confine: handle death of helper process gracefully
    - snap-confine: fix classic snaps for users with /var/lib/* homedirs
      like jenkins/postgres
    - packaging: disable systemd environment generator on 18.04
    - tests: update smoke/sandbox test for armhf
    - cmd/snap-confine: refactor and cleanup of seccomp loading
    - snap-confine: increase locking timeout to 30s
    - snap-confine: fix incorrect "sanity timeout 3s" message
    - snap: fix hook autodiscovery for parallel installed snaps
    - tests: iterate getting journal logs to support delay on boards on
      daemon-notify test
    - interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
    - interfaces: add u2f-devices interface

snapd (2.37.1) xenial; urgency=medium

  * New upstream release, LP: #1811233
    - cmd/snap-confine: add special case for Jenkins
    - tests: workaround missing go dependencies in debian-9
    - daemon, polkit: pid_t is signed
    - interfaces: add display-control interface
    - interfaces: add block-devices interface
    - tests/main/searching: video section got renamed to photo-and-video
    - interfaces/camera: allow reading vendor/etc info from
      /run/udev/data/+usb
    - interfaces/dbus: be less strict about alternations for well-known
      names
    - interfaces/home: allow dac_read_search with 'read: all'
    - interfaces/pulseaudio: allow reading subdirectories of
      /etc/pulse
    - interfaces/system-observe: allow read on
      /proc/locks
    - tests: get test-snapd-dbus-{provider,consumer} from the beta
      channel
    - interfaces/apparmor: mock presence of overlayfs root
    - packaging/{fedora,opensuse,ubuntu}: add /var/lib/snapd/lib/glvnd

snapd (2.37) xenial; urgency=medium

  * New upstream release, LP: #1811233
    - snapd: fix race in TestSanityFailGoesIntoDegradedMode test
    - cmd: fix snap-device-helper to deal correctly with hooks
    - tests: various fixes for external backend
    - interface: raw-usb: Adding ttyACM[0-9]* as many serial devices
      have device node /dev/ttyACM[0-9]
    - tests: fix enable-disable-unit-gpio test on external boards
    - tests: define new "tests/smoke" suite and use that for
      autopkgtests
    - interfaces/builtin/opengl: allow access to NVIDIA VDPAU
      library
    - snapshotstate: don't task.Log without the lock
    - overlord/configstate/configcore: support - and _ in cloud init
      field names
    - cmd/snap-confine: use makedev instead of MKDEV
    - tests: review/fix the autopkgtest failures in disco
    - systemd: allow only a single daemon-reload at the same time
    - cmd/snap: only auto-enable unicode to a tty
    - cmd/snap: right-align revision and size in info's channel map
    - dirs, interfaces/builtin/desktop: system fontconfig cache path is
      different on Fedora
    - tests: fix "No space left on device" issue on amazon-linux
    - store: undo workaround for timezone-less released-at
    - store, snap, cmd/snap: channels have released-at
    - snap-confine: fix incorrect use "src" var in mount-support.c
    - release: support probing SELinux state
    - release-tools: display self-help
    - interface: add new `{personal,system}-files` interface
    - snap: give Epoch an Equal method
    - many: remove unused interface code
    - interfaces/many: use 'unsafe' with docker-support change_profile
      rules
    - run-checks: stop running HEAD of staticcheck
    - release: use sync.Once around lazy intialized state
    - overlord/ifacestate: include interface name in the hotplug-
      disconnect task summary
    - spread: show free space in debug output
    - cmd/snap: attempt to restore SELinux context of snap user
      directories
    - image: do not write empty etc/cloud
    - tests: skip snapd snap on reset for core systems
    - cmd/snap-discard-ns: fix umount(2) typo
    - overlord/ifacestate: hotplug-remove-slot task handler
    - overlord/ifacestate: handler for hotplug-disconnect task
    - ifacestate/hotplug: updateDevice helper
    - tests: reset snapd state on tests restore
    - interfaces: return security setup errors
    - overlord: make InstallMany work like UpdateMany, issuing a single
      request to get candidates
    - systemd/systemd.go: add missing tests for systemd.IsActive
    - overlord/ifacestate: addHotplugSeqWaitTask helper
    - cmd/snap-confine: refactor call to snap-update-ns --user-mounts
    - tests: new backend used to run upgrade test suite
    - travis: short circuit failures in static and unit tests travis job
    - cmd: automatically fix localized <option>s to <option>
    - overlord/configstate,features: expose features to snapd tools
    - selinux: package to query SELinux status and verify/restore file
      contexts
    - wrappers: use new systemd.IsActive in core18 early boot
    - cmd: add tests for lintArg and lintDesc
    - httputil: retry on temporary net errors
    - cmd/snap-confine: remove unused sc_discard_preserved_mount_ns
    - wrappers: only restart service in core18 when they are active
    - overlord/ifacestate: helpers for serializing hotplug changes
    - packaging/{fedora,opensuse}: own /var/lib/snapd/cookie
    - systemd: start snapd.autoimport.service in --no-block mode
    - data/selinux: fix syntax error in definition of snappy_admin
      interface
    - snap/info: bind global plugs/slots to implicit hooks
    - cmd/snap-confine: remove SC_NS_MNT_FILE
    - spread: record each tests/upgrade job
    - osutil: do not import dirs
    - cmd/snap-confine: fix typo "a pipe"
    - tests: make security-device-cgroups-{devmode,jailmode} work on arm
      devices
    - tests: force test-snapd-daemon-notify exit 0 when the interface is
      not connected
    - overlord/snapstate: run 'remove' hook before 'auto-disconnect'
    - centos: enable SELinux support on CentOS 7
    - apparmor: allow hard link to snap-specific semaphore files
    - tests/lib/pkgdb: disable weak deps on Fedora
    - release: detect too old apparmor_parser
    - tests: improve how the log is checked to see if the system is
      waiting for a reboot
    - cmd, dirs, interfaces/apparmor: update distro identification to
      support ID="archlinux"
    - spread, tests: add Fedora 29
    - cmd/snap-confine: refactor calling snapd tools into helper module
    - apparmor: allow snap-update-ns access to common devices
    - cmd/snap-confine: capture initialized per-user mount ns
    - tests: reduce verbosity around package installation
    - data: set KillMode=process for snapd
    - cmd/snap: handle DNS error gracefully
    - spread, tests: use checkpoints when dumping audit log
    - tests/lib/prepare: make sure that SELinux context of repacked core
      snap is controlled
    - testutils: split checkers, tweak tests
    - tests: fix for tests test-*-cgroup
    - spread: show AVC audits when debugging, start auditd on Fedora
    - spread: drop Fedora 27, add Fedora 29
    - tests/lib/reset: restore context of removed snapd directories
    - testutil: add File{Present,Absent} checkers
    - snap: add new `snap run --trace-exec`
    - tests: fix for failover test on how logs are checked
    - snapctl: add "services"
    - overlord/snapstate: use file timestamp to initialize timer
    - cmd/libsnap: introduce and use sc_strdup
    - interfaces: let NM access ifindex/ifupdown files
    - overlord/snapstate: on refresh, check new rev can read current
    - client, store: don't use store from client (use client from store)
    - tests/main/parallel-install-store: verify installation of more
      than one instance at a time
    - overlord: don't write system key if security setup fails
    - packaging/fedora/snapd.spec: fix bogus date in changelog
    - snapstate: update fontconfig caches on install
    - interfaces/apparmor/backend.go:411:38: regular expression does not
      contain any meta characters (SA6004)
    - asserts/header_checks.go:199:35: regular expression does not
      contain any meta characters (SA6004)
    - run staticcheck every time :-)
    - tests/lib/systemd-escape/main.go:46:14: printf-style function with
      dynamic first argument and no further arguments should use print-
      style function instead (SA1006)
    - tests/lib/fakestore/cmd/fakestore/cmd_run.go:66:15: the channel
      used with signal.Notify should be buffered (SA1017)
    - tests/lib/fakedevicesvc/main.go:55:15: the channel used with
      signal.Notify should be buffered (SA1017)
    - spdx/parser.go:30:1: only the first constant has an explicit type
      (SA9004)
    - overlord/snapstate/snapmgr.go:553:21: printf-style function with
      dynamic first argument and no further arguments should use print-
      style function instead (SA1006)
    - overlord/patch/patch3.go:44:70: printf-style function with dynamic
      first argument and no further arguments should use print-style
      function instead (SA1006)
    - cmd/snap/cmd_advise.go:200:2: empty branch (SA9003)
    - osutil/udev/netlink/conn.go:120:5: ineffective break statement.
      Did you mean to break out of the outer loop? (SA4011)
    - daemon/api.go:992:22: printf-style function with dynamic first
      argument and no further arguments should use print-style function
      instead (SA1006)
    - cmd/snapd/main.go:94:5: ineffective break statement. Did you mean
      to break out of the outer loop? (SA4011)
    - cmd/snap/cmd_userd.go:73:15: the channel used with signal.Notify
      should be buffered (SA1017)
    - cmd/snap/cmd_help.go:102:7: io.Writer.Write must not modify the
      provided buffer, not even temporarily (SA1023)
    - release: probe apparmor features lazily
    - overlord,daemon: mock security backends for testing
    - cmd/libsnap: move apparmor-support to libsnap
    - cmd: drop cruft from snap-discard-ns build rules
    - cmd/snap-confine: use snap-discard-ns ns to discard stale
      namespaces
    - cmd/snap-confine: handle mounted shared /run/snapd/ns
    - many: fix composite literals with unkeyed fields
    - dirs, wrappers, overlord/snapstate: make completion + bases work
    - tests: revert "tests: restore in restore, not prepare"
    - many: validate title
    - snap: make description maximum in runes, not bytes
    - tests: discard mount namespaces in reset.sh
    - tests/lib: sync cla check back from snapcraft
    - Revert "cmd/snap, tests/main/snap-info: highlight the current
      channel"
    - daemon: remove enableInternalInterfaceActions
    - mkversion: use "test -n" rather than "! test -z"
    - run-checks: assorted fixes
    - tests: restore in restore, not in prepare
    - cmd/snap: fix missing newline in "snap keys" error message
    - snap: epoch lists must contain no duplicate entries
    - interfaces/avahi_observe: Fix typo in comment
    - tests: add SPREAD_JOB to the description of
      systemd_create_and_start_unit
    - daemon, vendor: bump github.com/coreos/go-systemd/activation,
      handle API changes
    - Revert "cmd/snap-confine: don't allow mapping lib{uuid,blkid}"
    - packaging/fedora: use %_sysctldir macro
    - cmd/snap-confine: remove unneeded unshare
    - sanity: extend the kernel version check to cover CentOS/RHEL
      kernels
    - wrappers: remove all desktop files from a snap on removal
    - snap: add an explicit check for `epoch: null` loading
    - snap: check max description length in validate
    - spread, tests: add CentOS support
    - cmd/snap-confine: allow mapping more libc shards
    - cmd/snap-discard-ns: add support for --from-snap-confine
    - tests: make tinyproxy support systemd notify
    - tests: fix shellcheck
    - snap, store: rename `snap.Epoch`'s `Unset` to `IsZero`
    - store: add a test for a non-zero epoch refresh (with epoch bump)
    - store: v1 search doesn't send epoch, stop pretending it does
    - snap: make any "0" epoch be Unset, and marshalled to {[0],[0]}
    - overlord/snapstate: amend test should send local revision
    - tests: use mock-gpio.py in enable-disable-units-gpio test
    - snap: enforce minimal snap name len of 2
    - cmd/libsnap: add sc_verify_snap_lock
    - cmd/snap-update-ns: extra debugging of trespassing events
    - userd: force zenity width if the text displayed is long
    - overlord/snapstate, store: always send epochs
    - cmd/snap-confine,snap-update-ns: discard quirks
    - cmd/snap: add nanosleep to blacklisted syscalls when running with
      --strace
    - cmd/snap-update-ns, tests: clean trespassing paths
    - nvidia, interfaces/builtin: OpenCL fixes
    - ifacestate/hotplug: removeDevice helper
    - cmd: install snap-discard-ns in "make hack"
    - overlord/ifacestate: setup security backends phased by backends
      first
    - ifacestate/helpers: added SystemSnapName mapper helper method
    - overlord/ifacestate: set hotplug-key of the connection when
      connecting hotplug slots
    - snapd: allow snap-update-ns to read /proc/version
    - cmd: handle tumbleweed and leap in autogen.sh
    - interfaces/tests: MockHotplugSlot test helper
    - store,daemon: make UserInfo,LoginUser part of the store interface
    - overlord/ifacestate: use remapper when checking if system snap is
      installed
    - tests: fix how pinentry is prepared for new gpg v 2.1 and 2.2
    - packaging/arch: fix bash completions path
    - interfaces/builtin: add device-buttons interface for accessing
      events
    - tests, fakestore: extend refresh tests with parallel installed
      snaps
    - snap, store, overlord/snapshotstate: drop epoch pointers
    - snap: make Epoch default to {[0],[0]} on load from yaml
    - data/completion: pass documented arguments to completion functions
    - tests: skip opensuse from interfaces-openvswitch-support test
    - tests: simple reproducer for snap try and hooks bug
    - snapstate: do not allow classic mode for strict snaps
    - snap: make Epoch's MarshalJSON not simplify
    - store: remove unused currentSnap and currentSnapJSON
    - many: some small doc comment fixes in recent hotplug code
    - ifacestate/udevmonitor: added callback to signal end of
      enumeration
    - cmd/libsnap: add simplified feature flag checker
    - interfaces/opengl: add additional accesses for cuda
    - tests: add core18 only hooks test and fix running core18 only on
      classic
    - sanity, release, cmd/snap: refuse to try to do things on WSL.
    - cmd: make coreSupportsReExec faster
    - overlord/ifacestate: don't remove the dash when generating unique
      slot name
    - cmd/snap-seccomp: add full complement of ptrace constants
    - cmd: update autogen.sh for opensuse
    - interfaces/apparmor: allow access to /run/snap.$SNAP_INSTANCE_NAME
    - spread.yaml: add more systems to the autopkgtest and qemu backends
    - daemon: spool sideloaded snap into blob dir
      overlord/snapstate: address review feedback
    - packaging/opensuse: stop using golang-packaging
    - overlord/snapshots: survive an unknown user
    - wrappers: fix generating of service units with multiple `before`
      dependencies
    - data: run snapd.autoimport.service only after seeding
    - cmd/snap: unhide --name parameter to snap install, tweak help
      message
    - packaging/fedora: Merge changes from Fedora Dist-Git
    - tests/main/snap-service-after-before-install: verify after/before
      in snap install
    - overlord/ifacestate: mark connections disconnected by hotplug with
      hotplug-gone
    - ifacestate/ifacemgr: don't reload hotplug-gone connections on
      startup
    - tests: install dependencies during prepare
    - tests,store,daemon: ensure proxy settings are honored in
      auth/userinfo too
    - tests: core 18 does not support classic confinement
    - tests: add debug output for degraded test
    - strutil: make VersionCompare faster
    - overlord/snapshotstate/backend: survive missing directories
    - overlord/ifacestate: use map[string]*connState when passing conns
      around
    - tests: move fedora 28 to manual
    - overlord/snapshotstate/backend: be more verbose when
      SNAPPY_TESTING=1
    - tests: removing fedora 26 system from spread.yaml
    - tests: linode execution is not needed anymore
    - tests/lib: adjust to changed systemctl behaviour on debian-9
    - tests: fixes and new backend for tests on nested suite
    - strutil: let MatchCounter work with a nil regexp
    - ifacestate/helpers: findConnsForHotplugKey helper
    - many: move regexp.(Must)Compile out of non-init functions into
      variables
    - store: also make snaps downloaded via deltas 0600
    - snap: use Lstat to determine snap size, remove
      ReadSnapInfoExceptSize
    - interfaces/builtin: add adb-support interface
    - tests: fail if install_snap_local fails
    - strutil: add extra test to CommaSeparatedList as suggested by
      mborzecki
    - cmd/snap, daemon, strutil: use CommaSeparatedList to split a CSL
    - ifacestate: optimize disconnect hooks
    - cmd/snap-update-ns: parse the -u <uid> command line option
    - cmd/snap, tests: snapshots for all
    - client, cmd/daemon: allow disabling keepalive, improve degraded
      mode unit tests
    - snap: only show "next" refresh time if its after the hold time
    - overlord/snapstate: run tests for classic snaps even on systems
      that don't support classic
    - overlord/standby: fix a race between standby goroutine and stop
    - cmd/snap-exec: don't fail on some try mode snaps
    - cmd/snap, userd, testutil: tweak DBus tests to use private session
      bus connection
    - cmd: remove remnants of sc_should_populate_mount_ns
    - client, daemon, cmd/snap: indicate that services are socket/timer
      activated
    - cmd/snap-seccomp: only look for PTRACE_GETFPX?REGS where available
    - cmd/snap-confine: remove SC_NS_FAIL_GRACEFULLY
    - snap/pack, cmd/snap: allow specifying the filename of 'snap pack'
    - cmd/snap-discard-ns: add support for per-user mount namespaces
    - cmd/snap-confine: remove stale mount profile along stale namespace
    - data/apt: close stderr when calling snap in the apt install hook.
    - tests/main: fixes for the new shellcheck
    - testutil, cmd/snap: introduce and use testutil.EqualsWrapped and
      fly
    - tests: initial setup for testing current branch on nested vm and
      hotplug management
    - cmd: refactor IPC and lifecycle of the helper process
    - tests/main/parallel-install-store: the store has caught up, do not
      expect failures
    - overlord/snapstate, snap, wrappers: start services in the right
      order during install
    - interfaces/browser-support, cmd/snap-seccomp: Allow read-only
      ptrace, for the Breakpad crash reporter
    - snap,client: use a different exit code for retryable errors
    - overlord/ifacestate: don't conflict on own discard-snap tasks when
      refreshing & doing garbage collection
    - cmd/snap: tweak `snap services` output when there is no services
    - interfaces/many: updates to support k8s worker nodes
    - cmd/snap: gnome-software install via snap:// handler
    - overlord/many: cleanup use of snapName vs. instanceName
    - snapstate: add command-chain to supported featureset
    - daemon, snap: mark screenshots as deprecated
    - interfaces: fix decoding of json numbers for static/dynamic
      attributes* ifstate: fix decoding of json numbers
    - cmd/snap: try not to panic on error from "snap try"
    - tests: new cosmic image for spread tests on gce
    - interfaces/system-key: add parser mtime and only discover features
      on write
    - overlord/snapshotstate/backend: detect path to tar in unit tests
    - tests/unit/gccgo: drop gccgo unit tests
    - cmd: use relative file names in locking APIs
    - interfaces: fix NormalizeInterfaceAttributes, add tests
    - overlord/snapshotstate/backend: fall back on sudo when no runuser
    - cmd/snap-confine: reduce verbosity of debug and error messages
    - systemd: extend Status() to work for socket and timer units
    - interfaces: typo 'allows' for consistency with other ifaces
    - systemd,wrappers: don't start disabled services
    - ifacestate: simplify task chaining in ifacestate.Connect
    - tests: ensure that goa-daemon is off
    - snap/pack, snap/squashfs: remove extra copy before mksquashfs
    - cmd/snap: block 'snap help <cmd> --all'
    - asserts, image: ensure kernel, gadget, base and required-snaps use
      valid snap names
    - apparmor: add unit test for probeAppArmorParser and simplify code
    - interfaces/apparmor: conditionally add explicit deny rules for
      ptrace
    - po: sync translations from launchpad
    - osutil: tweak handling of error adduser errors
    - cmd: rename ns_group to mount_ns
    - tests/main/interfaces-accounts-service: more debugging
    - snap/pack, snap/squashfs: use type to determine mksquashfs args
    - data/systemd, wrappers: tweak system-shutdown helper for core18
    - tests: show list of processes when ifaces-accounts-service fails
    - tests: do not run degraded test in autopkgtest env
    - snap: overhaul validation error messages
    - ifacestate/hooks: only create interface hook tasks if hooks exist
    - osutil: workaround overlayfs on ubuntu 18.10
    - interfaces/home: don't allow snaps to write to $HOME/bin
    - interfaces: improve Attr error further
    - snapstate: tweak GetFeatureFlagBool() to have a default argument
    - many: cleanup remaining parallel installs TODOs
    - image: improve validation of extra snaps

snapd (2.36.3) xenial; urgency=medium

  * New upstream release, LP: #1795590
    - wrappers: use new systemd.IsActive in core18 early boot
    - httputil: retry on temporary net errors
    - wrappers: only restart service in core18 when they are active
    - systemd: start snapd.autoimport.service in --no-block mode
    - data/selinux: fix syntax error in definition of snappy_admin
      interfacewhen installing selinux-policy-devel package.
    - centos: enable SELinux support on CentOS 7
    - cmd, dirs, interfaces/apparmor: update distro identification to
      support ID="archlinux"
    - apparmor: allow hard link to snap-specific semaphore files
    - overlord,apparmor: new syskey behaviour + non-ignored snap-confine
      profile errors
    - snap: add new `snap run --trace-exec` call
    - interfaces/backends: detect too old apparmor_parser

snapd (2.36.2) xenial; urgency=medium

  * New upstream release, LP: #1795590
    - daemon, vendor: bump github.com/coreos/go-systemd/activation,
      handle API changes
    - snapstate: update fontconfig caches on install
    - overlord,daemon: mock security backends for testing
    - sanity, spread, tests: add CentOS
    - Revert "cmd/snap, tests/main/snap-info: highlight the current
      channel"
    - cmd/snap: add nanosleep to blacklisted syscalls when running with
      --strace
    - tests: add regression test for LP #1803535
    - snap-update-ns: fix trailing slash bug on trespassing error
    - interfaces/builtin/opengl: allow reading /etc/OpenCL/vendors
    - cmd/snap-confine: nvidia: pick up libnvidia-opencl.so
    - interfaces/opengl: add additional accesses for cuda

snapd (2.36.1) xenial; urgency=medium

  * New upstream release, LP: #1795590
    - tests,snap-confine: add core18 only hooks test and fix running
      core18 only hooks on classic
    - interfaces/apparmor: allow access to
      /run/snap.$SNAP_INSTANCE_NAME
    - spread.yaml: add more systems to the autopkgtest and qemu backends
    - daemon: spool sideloaded snap into blob dir
    - wrappers: fix generating of service units with multiple `before`
      dependencies
    - data: run snapd.autoimport.service only after seeding
    - tests,store,daemon: ensure proxy settings are honored in
      auth/userinfo too
    - packaging/fedora: Merge changes from Fedora Dist-Git
    - tests/lib: adjust to changed systemctl behaviour on debian-9
    - tests/main/interfces-accounts-service: switch to busctl, more
      debugging
    - store: also make snaps downloaded via deltas 0600
    - cmd/snap-exec: don't fail on some try mode snaps
    - cmd/snap, userd, testutil: tweak DBus tests to use private session
      bus connection
    - tests/main: fixes for the new shellcheck
    - cmd/snap-confine: remove stale mount profile along stale namespace
    - data/apt: close stderr when calling snap in the apt install hook

snapd (2.36) xenial; urgency=medium

  * New upstream release, LP: #1795590
    - overlord/snapstate, snap, wrappers: start services in the right
      order during install
    - tests: the store has caught up, drop gccgo test, update cosmic
      image
    - cmd/snap: try not to panic on error from "snap try"`--devmode`
    - overlord/ifacestate: don't conflict on own discard-snap tasks when
      refreshing & doing garbage collection
    - snapstate: add command-chain to supported featureset
    - daemon, snap: mark screenshots as deprecated
    - interfaces: fix decoding of json numbers for static/dynamic
      attributes
    - data/systemd, wrappers: tweak system-shutdown helper for core18
    - interfaces/system-key: add parser mtime and only discover features
      on write
    - interfaces: fix NormalizeInterfaceAttributes, add tests
    - systemd,wrappers: don't start disabled services
    - ifacestate/hooks: only create interface hook tasks if hooks exist
    - tests: do not run degraded test in autopkgtest env
    - osutil: workaround overlayfs on ubuntu 18.10
    - interfaces: include invalid type in Attr error
    - many: enable layouts by default
    - interfaces/default: don't scrub with change_profile with classic
    - cmd/snap: speed up unit tests
    - vendor, cmd/snap: refactor to accommodate the new less buggy go-
      flags
    - daemon: expose snapshots to the API
    - interfaces: updates for default, screen-inhibit-control, tpm,
      {hardware,system,network}-observe
    - interfaces/hotplug: rename HotplugDeviceKey method to HotplugKey,
      update test interface
    - interfaces/tests: use TestInterface instead of a custom local
      helper
    - overlord/snapstate: export getFeatureFlagBool.
    - osutil,asserts,daemon: support force password change in system-
      user assertion
    - snap, wrappers: support restart-delay, generate RestartSec=<value>
      in service units
    - tests/ifacestate: moved asserts-related mocking into helper
    - image: fetch device store assertion if available
    - many: enable AppArmor on Arch
    - interfaces/repo: two helper methods for hotplug
    - overlord/ifacestate: add hotplug slots with implicit slots
    - interfaces/hotplug: helpers and struct updates
    - tests: run the snapd tests on Ubuntu 18.10
    - snapstate: only report errors if there is an actual error
    - store: speedup unit tests
    - spread-shellcheck: fix interleaved error messages, tweaks
    - apparmor: create SnapAppArmorDir in setupSnapConfineReexec
    - ifacestate: implementation of defaultDeviceKey function for
      hotplug
    - cmd/snap-update-ns: remove empty placeholders used for mounting
    - snapshotstate: restore to current revision
    - tests/lib: rework the CLA checker
    - many: support and consider store friendly-stores when checking
      device scope constraints
    - overlord/snapstate: block parallel installs of snapd, core, base,
      kernel, gadget snaps
    - overlord/patch: patch for static plug/slot attributes
    - interfaces: honor static attributes when reloading conns
    - osutils: unit tests speedup; introduce «run-checks --short-
      unit».
    - systemd, wrappers: speed up wrappers unit tests
    - client: speedup unit tests
    - spread-shellcheck: use threads to parallelise
    - snap: validate plug and slot names
    - osutil, interfaces/apparmor: add and use of osutil.UnlinkMany
    - wrappers: do not depend on network.taget in socket units, tweak
      generated units
    - interfaces/apparmor: (un)load profiles in one apparmor_parser call
    - store: gracefully handle unexpected errors in 'action'
      response
    - cmd: put our manpages in section 8
    - overlord: don't make become-operational interfere with user
      requests
    - store: tweak unmatched refresh result error log
    - snap, client, daemon, store: use and expose "media" more
    - tests,cmd/snap-update-ns: add test showing mount update bug
      cmd/snap-update-ns: better detection of snapd-made tmpfs
    - tests: spread tests for aliases with parallel installed snaps
    - interfaces/seccomp: allow using statx by default
    - store: gracefully handle unexpected errors in 'action' response
    - overlord/snapshotstate: chown the tempdir
    - cmd/snap: attempt to start the document portal if running with a
      session bus
    - snap: detect layouts vs layout in snap.yaml
    - interfaces/apparmor: handle overlayfs snippet for snap-update-ns
    - snapcraft.yaml: set grade to stable
    - tests: shellchecks, final round
    - interfaces/apparmor: handle overlayfs snippet for snap-update-ns
    - snap: detect layouts vs layout in snap.yaml
    - overlord/snapshotstate: store epoch in snapshot, check on restore
    - cmd/snap: tweak UX of snap refresh --list
    - overlord/snapstate: improve consistency, use validateInfoAndFlags
      also in InstallPath
    - snap: give Epoch a CanRead helper
    - overlord/snapshotstate: small refactor of internal helpers
    - interfaces/builtin: adding missing permission to create
      /run/wpa_supplicant directory
    - interfaces/builtin: avahi interface update
    - client, daemon: support passing of 'unaliased' option when
      installing from local files
    - selftest: rename selftest.Run() to sanity.Check()
    - interfaces/apparmor: report apparmor support level and policy
    - ifacestate: helpers for generating slot names for hotplug
    - overlord/ifacestate: make sure to pass in the Model assertion when
      enforcing policies
    - overlord/snapshotstate: store the SnapID in snapshot, block
      restore if changed
    - interfaces: generalize writable mimic profile
    - asserts,interfaces/policy: add support for on-store/on-brand/on-
      model plug/slot rule constraints
    - many: fetch the device store assertion together and in the context
      of interpreting snap-declarations
    - tests: disable gccgo tests on 18.04 for now, until dh-golang vs
      gccgo is fixed
    - tests/main/parallel-install-services: add spread test for snaps
      with services
    - tests/main/snap-env: extend to cover parallel installations of
      snaps
    - tests/main/parallel-install-local: rename from *-sideload, extend
      to run snaps
    - cmd/snapd,daemon,overlord: without snaps, stop and wait for socket
    - cmd/snap: tame the help zoo
    - tests/main/parallel-install-store: run installed snap
    - cmd/snap: add a bunch of TRANSLATORS notes (and a little more
      i18n)
    - cmd: fix C formatting
    - tests: remove unneeded cleanup from layout tests
    - image: warn on missing default-providers
    - selftest: add test to ensure selftest.checks is up-to-date
    - interfaces/apparmor, interfaces/builtin: tweaks for parallel snap
      installs
    - userd: extend the list of supported XDG Desktop properties when
      autostarting user applications
    - cmd/snap-update-ns: enforce trespassing checks
    - selftest: actually run the kernel version selftest
    - snapd: go into degraded mode when the selftest fails
    - tests: add test that runs snapctl with a core18 snap
    - tests: add snap install hook with base: core18
    - overlord/{snapstate,assertstate}: parallel instances and
      refresh validation
    - interfaces/docker-support: add rules to read apparmor macros
    - tests: make nfs test available for more systems
    - tests: cleanup copy/paste dup in interfaces-network-setup-control
    - tests: using single sh snap in interface tests
    - overlord/snapstate: improve cleaup in mount-snap handler
    - tests: don't fail interfaces-bluez test if bluez is already
      installed
    - tests: find snaps just for edge and beta channels
    - daemon, snapstate: consistent snap list [--all] output with broken
      snaps
    - tests: fix listing to allow extra things in the notes column
    - cmd/snap: improve UX when removing specific snap revision
    - cmd/snap, tests/main/snap-info: highlight the current channel
    - interfaces/testiface: added TestHotplugInterface
    - snap: tweak commands
    - interfaces/hotplug: hotplug spec takes one slot definition
    - overlord/snapstate, snap: handle shared snap directories when
      installing/remove snaps with instance key
    - interfaces/opengl: misc accesses for VA-API
    - client, cmd/snap: expose warnings to the world
    - cmd/snap-update-ns: introduce trespassing state tracking
    - cmd/snap: commands no longer build their own client
    - tests: try to build cmd/snap for darwin
    - daemon: make error responders not printf when called with 1
      argument
    - many: return real snap name in API response
    - overlord/state: return latest LastAdded time in WarningsSummary
    - many: mount namespace mapping for parallel installs of snaps
    - ifacestate/autoconnect: do not self-conflict on setup-profiles if
      core-phase-2
    - client, cmd/snap: on !linux, exit when the client tries to Do
      something
    - tests: refactor for nested suite and tests fixed
    - tests: use lxd's waitready instead of polling lxd socket
    - ifacestate: don't initialize udev monitor until we have a system
      snap
    - interfaces: extra argument for static attrs in
      NewConnectedPlug/NewConnectedSlot
    - packaging/arch: sync packaging with AUR
    - snapstate/tests: serialize all appends in fake backend
    - snap-confine: make /lib/modules optional
    - cmd/snap: handle "snap interfaces core" better
    - store: move download tests into downloadSuite
    - tests,interfaces: run interfaces-account-control on UC18
    - tests: fix install snaps test by adding link to /snap
    - tests: fix for nested test suite
    - daemon: fix snap list --all with parallel snap instances
    - snapstate: refactor tests to use SetModel*
    - wrappers: fix snap services order in tests
    - many: provide salt for generating instance-key in store requests
    - ifacestate: fix hang when retrying content providers
    - snapd-env-generator: fix when PATH is empty or unset
    - overlord/assertstate: propagate TaskSnapSetup error
    - client: catch and expose logs errors
    - overlord: integrate device enumeration with udev monitor
    - daemon, overlord/state: warnings pipeline
    - tests: add publisher regex to fix the snap-info test pass on sru
    - cmd: use systemdsystemgeneratorsdir, cleanup automake complaints,
      tweaks
    - cmd/snap-update-ns: remove the unused Secure type
    - osutil, o/snapshotstate, o/sss/backend: quick fixes
    - tests: update the listing expression to support core from
      different channels
    - store: use stable instance key in store refresh requests
    - cmd/snap-update-ns: detach Mk{Prefix,{File,Dir,Symlink{,All}}}
    - overlord/patch: support for sublevel patches
    - tests: update prepare/restore for nightly suite
    - cmd/snap-update-ns: detach BindMount from the Secure type
    - cmd/snap-update-ns: re-factor pair of helpers to call fstatfs once
    - ifacestate: retry on "discard-snap" in autoconnect conflict check
    - cmd/snap-update-ns: separate OpenPath from the Secure struct
    - wrappers: remove Wants=network-online.target
    - tests: add new core16-base test
    - store: refactor tests so that they work as store_test package
    - many: add refresh.rate-limit core option
    - tests: run account-control test with different bases
    - tests: port proxy test to use python tinyproxy
    - overlord: introduce snapshotstate.
    - testutil: allow Fstatfs results to vary over time
    - snap-update-ns: add comments about the "deadcode" in bootstrap.go
    - overlord: add chg.Err() in testUpdateWithAutoconnectRetry
    - many: remove deadcode
    - tests: also run unit/gccgo in 18.04
    - tests: introduce a helper for installing local snaps with --name
    - tests: avoid removing core snap on reset
    - snap: use snap.SideInfo in test to fix build with gccgo
    - partition: remove unused runCommand
    - image: fix incorrect error when using local bases
    - overlord/snapstate: fix format
    - cmd: fix format
    - tests: setting "storage: preserve-size" just for amazon-linux
      system
    - tests: test for the hostname interface
    - interfaces/modem-manager: allow access to more USB strings
    - overlord: instantiate UDevMonitor
    - interfaces/apparmor: tweak naming, rename to AddLayout()
    - interfaces: take instance name in ifacetest.InstallSnap
    - snapcraft: do not use --dirty in mkversion
    - cmd: add systemd environment generator
    - devicestate: support getting (http) proxy from core config
    - many: rename ClientOpts to ClientOptions
    - prepare-image-grub-core18: remove image root in restore
    - overlord/ifacestate: remove "old-conn" from connect/undo connect
      handlers
    - packaging/fedora: Merge changes from Fedora Dist-Git
    - image: handle errors when downloadedSnapsInfoForBootConfig has no
      data
    - tests: use official core18 model assertion in tests
    - snap-confine: map /var/lib/extrausers into snaps mount-namespace
    - overlord,store: support proxy settings internally too
    - cmd/snap: bring back 'snap version'
    - interfaces/mount: tweak naming of things
    - strutil: fix MatchCounter to also work with buffer reuse
    - cmd,interfaces,tests: add /mnt to removable-media interface
    - systemd: do not run "snapd.snap-repair.service.in on firstboot
      bootstrap
    - snap/snapenv: drop some instance specific variables, use instance-
      specific ones for user locations
    - firstboot: sort by type when installing the firstboot snaps
    - cmd, cmd/snap: better support for non-linux
    - strutil: add new ParseByteSize
    - image: detect and error if bases are missing
    - interfaces/apparmor: do not downgrade confinement on arch with
      linux-hardened 4.17.4+
    - daemon: add pokeStateLock helper to the daemon tests
    - snap/squashfs: improve error message from Build on mksquashfs
      failure
    - tests: remove /etc/alternatives from dirs-not-shared-with-host
    - cmd: support re-exec into the "snapd" snap
    - spdx: remove "Other Open Source" from the support licenses
    - snap: add new type "TypeSnapd" and attach to the snapd snap
    - interfaces: retain order of inserted security backends
    - tests: spread test for parallel-installs desktop file handling
    - overlord/devicestate: use OpenSSL's PEM format when generating
      keys
    - cmd: remove --skip-command-chain from snap run and snap-exec
    - selftest: detect if apparmor is unusable and error
    - snap,snap-exec: support command-chain for hooks
    - tests: significantly reduce execution time for managers test
    - snapstate: use new "snap.ByType" sorting
    - overlord/snapstate: fix UpdateMany() to work with parallel
      instances
    - testutil: have File* checker produce more useful error output
    - overlord/ifacestate: introduce connectOpts
    - interfaces: parallel instances support, extend unit tests
    - tests: normalize tests
    - snapstate: make InstallPath() return *snap.Info too
    - snap: add ByType sorting
    - interfaces: add cifs-mount interface
    - tests: use file based markers in snap-service-stop-mode
    - osutil: reorg and stub out things to get it building on darwin
    - tests/main/layout: cleanup after the test
    - osutil/sys: small tweaks to let it build on darwin
    - daemon, overlord/snapstate: set instance name when installing from
      snap file
    - many: move Uname to osutil, for more DRY and easier porting.
    - cmd/snap: create snap user directory when running parallel
      installed snaps
    - cmd/snap-confine: switch to validation of SNAP_INSTANCE_NAME
    - tests: basic test for parallel installs from the store
    - image: download the gadget from the model.GadgetTrack()
    - snapstate: add support for gadget tracks in model assertion
    - image: add support for "gadget=track"
    - overlord: handle sigterm during shutdown better
    - tests: add the original function to fix the errors on new kernels
    - tests/main/lxd: pull lxd from candidate; reënable i386
    - wayland: add extra sockets that are used by older toolkits (e.g.
      gtk3)
    - asserts: add support for gadget tracks in the model assertion
    - overlord/snapstate: improve feature flag validation
    - tests/main/lxd: run ubuntu-16.04 only on 64 bit variant
    - interfaces: workaround for activated services and newer DBus
    - tests: get the linux-image-extra available for the current kernel
    - interfaces: add new "sysfs-name" to i2c interfaces code
    - interfaces: disconnect hooks
    - cmd/libsnap: unify detection of core/classic with go
    - tests: fix autopkgtest failures in cosmic
    - snap: fix advice json
    - overlord/snapstate: parallel snap install
    - store: backward compatible instance-key handling for non-instance
      snaps
    - interfaces: add screencast-legacy for video and audio recording
    - tests: skip unsupported architectures for fedora-base-smoke test
    - tests: avoid using the journalctl cursor when it has not been
      created yet
    - snapstate: ensure normal snaps wait for the "snapd" snap on
      refresh
    - tests: enable lxd again everywhere
    - tests: new test for udisks2 interface
    - interfaces: add cpu-control for setting CPU tunables
    - overlord/devicestate: fix tests, set seeded in registration
      through proxy tests
    - debian: add missing breaks on cosmic
    - devicestate: only run device-hook when fully seeded
    - seccomp: conditionally add socketcall() based on system and base
    - tests: new test for juju client observe interface
    - overlord/devicestate: DTRT w/a snap proxy to reach a serial vault
    - snapcraft: set version information for the snapd snap
    - cmd/snap, daemon: error out if trying to install a snap using
      empty name
    - hookstate: simplify some hook tests
    - cmd/snap-confine: extend security tag validation to cover instance
      names
    - snap: fix mocking of systemkey in snap-run tests
    - packaging/opensuse: fix static build of snap-update-ns and snap-
      exec
    - interfaces/builtin: addtl network-manager resolved DBus fix
    - udev: skip TestParseUdevEvent on ppc
    - interfaces: miscellaneous policy updates
    - debian: add tzdata to build-dep to ensure snapd builds correctly
    - cmd/libsnap-confine-private: intoduce helpers for validating snap
      instance name and instance key
    - snap,snap-exec: support command-chain for app
    - interfaces/builtin: network-manager resolved DBus changes
    - snap: tweak `snap wait` command
    - cmd/snap-update-ns: introduce validation of snap instance names
    - cmd/snap: fix some corner-case test setup weirdness
    - cmd,dirs: fix various issues discovered by a Fedora base snap
    - tests/lib/prepare: fix extra snaps test

Date: 2019-03-18 14:38:13.699716+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/+source/snapd/2.37.4+18.10.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Cosmic-changes mailing list