Skip to content

New bugfix release 2.53.1
Compare
Choose a tag to compare
@anonymouse64 anonymouse64 released this 21 Oct 22:56
· 8434 commits to master since this release
2.53.1
This tag was signed with the committer’s verified signature.
anonymouse64 Ian Johnson
GPG key ID: ED0B377231FA2A52
Learn about vigilant mode.
cb29ff9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

  • tests: force snapd-session-agent.socket to be re-generated by @sergiocazzolato in #10556
  • tests/main/services-install-hook-can-run-svcs: make variants more obvious by @anonymouse64 in #10558
  • tests/many: remove lxd systemd unit to prevent unexpected leftovers by @sergiocazzolato in #10560
  • tests: removing Ubuntu 20.10, adding 21.04 nested in spread by @sergiocazzolato in #10555
  • snap: change snap login --help to not mention "buy" by @mvo5 in #10533
  • packaging: switch ubuntu to use golang-1.13 by @mvo5 in #10440
  • config: add "virtual" config via config.RegisterVirtualConfig by @mvo5 in #10264
  • o/devicestate, sysconfig: refactor cloud-init config permission handling by @anonymouse64 in #10536
  • overlord/devicestate: UC20 specific set-model, managers tests by @bboozzoo in #10510
  • github: enable gofmt for Go 1.13 jobs by @bboozzoo in #10569
  • interfaces: s/specifc/specific/ by @woodrow-shen in #10566
  • cmd/libsnap-confine-private: g_spawn_check_exit_status is deprecated since glib 2.69 by @bboozzoo in #10565
  • tests: skip udp protocol on latest ubuntus by @sergiocazzolato in #10564
  • cmd/snap-confine: refactor device cgroup handling to enable easier v2 integration by @bboozzoo in #10547
  • asserts/snapasserts: CheckPresenceInvalid and CheckPresenceRequired methods by @stolowski in #10535
  • snap/squashfs: handle squashfs-tools 4.5+ by @bboozzoo in #10567
  • tests/main/snapd-snap: install 4.x snapcraft to build the snapd snap by @anonymouse64 in #10579
  • interfaces/builtin: allow access to per-user GTK CSS overrides by @jhenstridge in #10574
  • tests: update nested wait for snapd command by @sergiocazzolato in #10582
  • o/snapstate: affectedByRefresh tweaks by @stolowski in #10578
  • packaging: fix build failure on bionic and simplify rules by @mvo5 in #10568
  • interfaces/tee: add support for Qualcomm qseecom device node by @kubiko in #10585
  • tests: fix cached-results condition in github actions workflow by @sergiocazzolato in #10587
  • cmd/libsnap-confine-private: move device cgroup files, add helper to deny a device by @bboozzoo in #10576
  • configcore: register virtual config for timezone reading by @mvo5 in #10562
  • o/snapstate: add AffectedByRefreshCandidates helper by @stolowski in #10581
  • snap: support links map in snap.yaml (and later from the store API) by @pedronis in #10467
  • tests: use bigger storage on ubuntu 21.10 by @sergiocazzolato in #10596
  • vendor: move to snapshot-4c814e1 branch and set fixed KDF options by @mvo5 in #10591
  • {device,snap}state: skip kernel extraction in seeding by @mvo5 in #10595
  • packaging: merge 2.51.4 changelog back to master by @anonymouse64 in #10603
  • .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap by @anonymouse64 in #10601
  • configcore: fix a bunch of incorrect error returns by @mvo5 in #10600
  • tests/nested/manual: enable serial assertions on testkeys nested VM's by @anonymouse64 in #10542
  • configcore: fix early config timezone handling by @mvo5 in #10599
  • wrappers: measure time to enable services in StartServices() by @mvo5 in #10604
  • corecfg: add "system.hostname" setting to the system settings by @mvo5 in #9094
  • c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags to snap/snapctl by @miguelpires in #10593
  • sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init datasource by @anonymouse64 in #10572
  • tests: fix core-early-config test to use tests.nested tool by @sergiocazzolato in #10612
  • o/snapstate: allow auto-refresh limited to snaps affected by a specific gating snap by @stolowski in #10515
  • clang-format: stop breaking my includes by @bboozzoo in #10618
  • o/assertstate: implement ValidationSetAssertionForEnforce helper by @stolowski in #10563
  • o/devicestate/handlers_install.go: add workaround to create dirs for install by @anonymouse64 in #10608
  • cmd/libsnap-confine-private: fix coverity issues in tests, tweak uses of g_assert() by @bboozzoo in #10616
  • cmd/snap-device-helper: reimplement snap-device-helper by @bboozzoo in #10577
  • o/snapstate: remove commented out code by @stolowski in #10627
  • interfaces/builtin/raw_usb: fix platform typo, fix access to usb devices accessible through platform by @bboozzoo in #10624
  • devicestate: add snap debug timings --ensure=install-system by @mvo5 in #10529
  • config: rename "virtual" config to "external" config by @mvo5 in #10597
  • build-aux: build with go-1.13 in the snapcraft build too by @mvo5 in #10629
  • packaging: changelog for 2.51.5 to master by @anonymouse64 in #10621
  • cmd/snap: print logs in local timezone by @miguelpires in #10625
  • cmd/libsnap-confine-private: fix issues identified by coverity by @bboozzoo in #10631
  • o/hookstate: allow snapctl refresh --proceed from snaps by @stolowski in #10528
  • usersession/agent: refactor common JSON validation into own function by @mardy in #10623
  • daemon, o/snapstate: handle IgnoreValidation flag on install (2/3) by @stolowski in #10546
  • spread: temporarily fix the ownership of /home/ubuntu/.ssh on 21.10 by @bboozzoo in #10632
  • tests: remove the test user just when it was installed on create-user-2 test by @sergiocazzolato in #10637
  • secboot: switch main key KDF memory cost to 32KB by @mvo5 in #10645
  • secboot: use half the mem for KDF in AddRecoveryKey by @mvo5 in #10619
  • packaging: merge 2.51.6 changelog back to master by @anonymouse64 in #10650
  • packaging: remove TEST_GITHUB_AUTOPKGTEST support by @mvo5 in #10641
  • tests: stop the service when is active in test interfaces-firewall-control test by @sergiocazzolato in #10638
  • secboot: remove duplicate import by @xnox in #10654
  • .github/workflows: add codedov again by @anonymouse64 in #10648
  • tests: update systems for sru validation by @sergiocazzolato in #10635
  • tests: fix timing issue on security-dev-input-event-denied test by @sergiocazzolato in #10652
  • tests: clean snaps.sh helper by @sergiocazzolato in #10343
  • tests: fix services-refresh-mode test by @sergiocazzolato in #10646
  • cmd, packaging: import BPF headers from kernel, detect whether host headers are usable by @bboozzoo in #10640
  • testutil: add DeepUnsortedMatches Checker by @miguelpires in #10643
  • interfaces/u2f-devices: add Nitrokey FIDO2 by @kkeijzer in #10642
  • tests/main/services-install-hook-can-run-svcs: shellcheck issue fix by @bboozzoo in #10663
  • github: do not try to upload coverage when working with cached run by @bboozzoo in #10665
  • cmd/snap-seccomp/syscalls: update syscalls list to libseccomp v2.2.0-428-g5c22d4b by @bboozzoo in #10667
  • i18n/xgettext-go: preserve already escaped quotes by @miguelpires in #10668
  • .github/workflows/test.yaml: test github.events key by @anonymouse64 in #10662
  • tests: set to 10 minutes the kill timeout for tests failing on slow boards by @sergiocazzolato in #10664
  • gadget: Export mkfs functions for use in ubuntu-image by @GlenPickle in #10592
  • cgroup-support: allow to hide cgroupv2 warning via ENV by @slyon in #10589
  • sysconfig/cloudinit.go: add functions for filtering cloud-init config by @anonymouse64 in #10588
  • store: deal correctly with "assumes" from the store raw yaml by @mvo5 in #10659
  • overlord: add manager test for "assumes" checking by @mvo5 in #10660
  • store: make sure expectedZeroFields in tests gets updated by @pedronis in #10672
  • c-vendor.c: new c-vendor subdir by @mvo5 in #10639
  • o/snapstate: don't hold some snaps if not all snaps can be held by the given gating snap by @stolowski in #10644
  • .github/workflows/test.yaml: fix logic by @anonymouse64 in #10673
  • o/hookstate/ctlcmd: correct err message if missing root by @miguelpires in #10669
  • o/snapstate: fail remove with invalid snap names by @miguelpires in #10647
  • o/assertstate: fix missing 'scheduled' header when auto refreshing assertions by @miguelpires in #10584
  • tests: fix restore in snapfuse spread tests by @miguelpires in #10679
  • snapstate: fix misleading assumes error message by @mvo5 in #10677
  • packaging: build without dwarf debugging data by @zyga in #10158
  • cmd/snap: add Size column to refresh --list by @miguelpires in #10617
  • many: shellcheck fixes by @mvo5 in #10682
  • snapstate: abort kernel refresh if no gadget update can be found by @mvo5 in #10666
  • interfaces/hardware-observe: add some dmi properties by @anonymouse64 in #10681
  • cmd/libsnap-confine-private: add BPF support helpers by @bboozzoo in #10658
  • many: remove unused/dead code by @miguelpires in #10686
  • o/hookstate: support snapctl refresh --pending from snap by @stolowski in #10626
  • o/hookstate/ctlcmd: unify the error message when context is missing by @mardy in #10606
  • tests: check files and dirs are cleaned for each test by @sergiocazzolato in #10443
  • tests: new spread log parser by @sergiocazzolato in #10552
  • interfaces/dsp: add /dev/ambad into dsp interface by @woodrow-shen in #10683
  • interfaces/interfaces/ion-memory-control: add: add interface for ion buf by @kubiko in #10586
  • interfaces, o/snapstate: introduce AffectsPlugOnRefresh flag by @stolowski in #10636
  • sysconfig/cloudinit: fix bug around error state of cloud-init by @anonymouse64 in #10674
  • packaging: update master changelog for 2.51.7 by @anonymouse64 in #10694
  • tests: remove opensuse-15.1 and add opensuse-15.3 from spread runs by @sergiocazzolato in #10692
  • tests: migrate tests that are only executed on xenial to bionic by @sergiocazzolato in #10675
  • o/assertstate,daemon: refresh validation sets assertions with snap declarations by @stolowski in #10680
  • tests: spread test for snapctl refresh --pending/--proceed from the snap by @stolowski in #10633
  • many: fix run-checks gofmt check by @miguelpires in #10685
  • tests: use host-scaled timeout to avoid riscv64 test failure by @stolowski in #10700
  • wrappers: fix a bunch of duplicated service definitions in tests by @mvo5 in #10698
  • interfaces: add microstack-support interface by @dshcherb in #8926
  • packaging: add libfuse3-dev build dependency by @mvo5 in #10524
  • spread: add 21.10 to qemu, remove 20.10 (EOL) by @mvo5 in #10709
  • tests: add more space on ubuntu xenial by @sergiocazzolato in #10710
  • tests: bump the number of retries when waiting for /dev/nbd0p1 by @stolowski in #10711
  • tests: move interfaces-libvirt test back to 16.04 by @mvo5 in #10714
  • interfaces: introduce snap-refresh-control interface by @stolowski in #10702
  • interfaces: no need for snapRefreshControlInterface struct by @stolowski in #10720
  • many: move to go modules by @mvo5 in #10634
  • tests: use host-scaled settle timeout for hookstate tests by @stolowski in #10713
  • interfaces/network-control: additional ethernet rule by @anonymouse64 in #10719
  • many: update deps by @miguelpires in #10724
  • o/snapstate: enforce validation sets assertions when removing snaps by @stolowski in #10678
  • image,c/snap,tests: support enforcing validations in prepare-image via --customize JSON validation enforce(|ignore) by @pedronis in #10590
  • tests/nested/core/extra-snaps-assertions: fix the match pattern by @bboozzoo in #10727
  • systemd: add mock systemd helper by @mardy in #10726
  • codecov: fix files pathnames by @mardy in #10729
  • tests: new snapd-state tool by @sergiocazzolato in #10670
  • interface/builtin: add qualcomm-ipc-router interface for AF_QIPCRTR socket protocol by @tsunghanliu in #10580
  • o/ifacestate: special-case system-files and force refreshing its static attributes by @stolowski in #10723
  • packaging: merge 2.52 changelog to master by @anonymouse64 in #10735
  • strutil: add Intersection() by @anonymouse64 in #10730
  • tests/nested/manual/refresh-revert-fundamentals: fix variable use by @bboozzoo in #10722
  • tests: failure of prereqs on content interface doesn't prevent install by @stolowski in #10243
  • many: remove unused parameters by @miguelpires in #10701
  • ifacestate: undo repository connection if doConnect fails by @mvo5 in #10728
  • overlord/ifacestate: fix arguments in unit tests by @bboozzoo in #10744
  • tests: skip overlord tests on riscv64 due to timeouts. by @stolowski in #10736
  • boot: record recovery capable systems in recovery bootenv by @bboozzoo in #10545
  • packaging: remove duplicated golang-go build-dependency by @mvo5 in #10747
  • packaging: ship the snapd.apparmor.service unit in debian by @mvo5 in #10745
  • spread: bump delta ref to 2.52 by @bboozzoo in #10746
  • tests: remove travis leftovers by @sergiocazzolato in #10749
  • tests: fix interfaces-libvirt test by @sergiocazzolato in #10717
  • tests: fix fakedevicesvc service already exists by @sergiocazzolato in #10743
  • configcore: add read-only netplan support by @mvo5 in #10688
  • build-aux: stage libgcc1 library into snapd snap by @mwhudson in #10757
  • o/hookstate: require snap-refresh-control interface for snapctl refresh --proceed by @stolowski in #10725
  • interfaces/block-devices: support to access the state of block devices by @woodrow-shen in #10741
  • image/image_linux.go: add newline by @anonymouse64 in #10758
  • tests: update nested tool - part1 by @sergiocazzolato in #10742
  • tests/lib/nested.sh: split out additional helper for adding files to VM imgs by @anonymouse64 in #10732
  • tests: pre-cache snaps in classic and core systems by @sergiocazzolato in #10763
  • tests: revert revert manual lxd removal by @sergiocazzolato in #10561
  • o/snapstate: enforce validation sets on snap install by @stolowski in #10697
  • go: update go.mod dependencies by @stolowski in #10766
  • mount-control: step 1 by @mardy in #10653
  • tests/lib/prepare.sh: download core20 for UC20 runs via BASE_CHANNEL by @anonymouse64 in #10718
  • o/snapstate: optimize conflicts around snaps stored on conditional-auto-refresh task by @stolowski in #10761
  • o/hookstate/ctlcmd: Implement snapctl refresh --show-lock command by @stolowski in #10738
  • systemd: use text.template to generate mount unit by @mardy in #10770
  • systemd: add AtLeast() method, add mocking in systemdtest by @mardy in #10748
  • packaging, tests/lib/prepare-restore: build packages without network access, fix building debs with go modules by @bboozzoo in #10754
  • o/servicestate: Update task summary for restart action by @mardy in #10762
  • cmd/libsnap-confine-private: device cgroup v2 support by @bboozzoo in #10661
  • cmd/snap-confine: handle CURRENT_TAGS on systems that support it by @bboozzoo in #10540
  • interfaces/builtin: fix microstack unit tests on distros using /usr/libexec by @bboozzoo in #10773
  • usersession/xdgopenproxy: move PortalLauncher class to own package by @mardy in #10628
  • tests: be more robust against a new day stepping in by @mardy in #10759
  • tests: increase memory quota in quota-groups-systemd-accounting by @mardy in #10764
  • cmd/libsnap-confine-private, tests, sandbox: remove warnings about cgroup v2, drop forced devmode by @bboozzoo in #10776
  • packaging/ubuntu: pass GO111MODULE to dh_auto_test by @bboozzoo in #10775
  • cmd: build gdb shims as static binaries by @bboozzoo in #10778
  • sysconfig/cloudinit: add cloudDatasourcesInUseForDir by @anonymouse64 in #10731
  • packaging: backports of golang-go 1.13 are good enough by @xnox in #10792
  • tests: print user sessions info on debug-each by @sergiocazzolato in #10786
  • tests: add test for store.SnapAction() request timeout by @stolowski in #10785
  • tests: fix tests for 21.10 by @bboozzoo in #10781
  • tests: fix regex of TestSnapActionTimeout test by @stolowski in #10793
  • o/snapstate: add ChangeID to conflict error by @miguelpires in #10784
  • o/devicestate: fix flaky test remodel clash by @miguelpires in #10796
  • github: do not fail when codecov upload fails by @bboozzoo in #10798
  • store: one more tweak for the test action timeout by @bboozzoo in #10800
  • tests/main/security-device-cgroups-strict-enforced: demonstrate device cgroup being enforced by @bboozzoo in #10703
  • tests: add a local snap variant to testing prepare-image gating support by @pedronis in #10787
  • tests/nested/manual: use loop for checking for initialize-system task done by @anonymouse64 in #10779
  • tests/main/preseed: update for new base snap of the lxd snap by @anonymouse64 in #10799
  • cmd/snap: only log translation warnings in debug/testing by @miguelpires in #10756
  • asserts, snapstate: return full validation set keys from CheckPresenceRequired and CheckPresenceInvalid by @stolowski in #10774
  • o/snapstate: enforce validation sets/enforce on InstallMany by @stolowski in #10765
  • .github/workflows/test.yaml: bump action-build to 1.0.9 by @anonymouse64 in #10809
  • cmd/libsnap-confine-private: use root when necessary for BPF related operations by @bboozzoo in #10801
  • gadget: add VolumeName to Volume and VolumeStructure by @anonymouse64 in #10790
  • o/ifacestate: do not create stray task in batchConnectTasks if there are no connections by @stolowski in #10782
  • kernel/fde: mock systemd-run in unit test by @mardy in #10772
  • overlord/devicestate: make settle wait longer in remodel tests by @bboozzoo in #10805
  • data/selinux: update the policy to allow s-c to manipulate BPF map and programs by @bboozzoo in #10802
  • tests: rename interfaces-hooks-misbehaving spread test to install-hook-misbehaving by @stolowski in #10806
  • .github/workflows/test.yaml: revert #10809 by @anonymouse64 in #10813
  • tests: update the time tolerance to fix the snapd-state test by @sergiocazzolato in #10811
  • gadget/gadget.go: LaidOutSystemVolumeFromGadget -> LaidOutVolumesFromGadget by @anonymouse64 in #10791
  • libsnap-confine: use the pid parameter by @mardy in #10817
  • tests: update test nested tool part 2 by @sergiocazzolato in #10769
  • osutil: helper for injecting run time faults in snapd by @bboozzoo in #10740
  • o/assertstate: check installed snaps when refreshing validation set assertions by @stolowski in #10795
  • interfaces/builtin/opengl.go: add libOpenGL.so* too by @anonymouse64 in #10819
  • usersession/client: refactor doMany() method by @mardy in #10797
  • sysconfig/cloud-init: filter MAAS c-i config from ubuntu-seed on grade signed by @anonymouse64 in #10573
  • tests, interfaces/builtin: introduce 21.10 cgroupv2 variant, tweak tests for cgroupv2, update builtin interfaces by @bboozzoo in #10803
  • sysconfig: set TMPDIR in tests to avoid cluttering the real /tmp by @mvo5 in #10823
  • spread: display information about current device cgroup in debug dump by @bboozzoo in #10822
  • o/ifacestate: don't lose connections if snaps are broken by @stolowski in #10814
  • secboot: move to new version by @xnox in #10715
  • fde: add HasDeviceUnlock() helper by @mvo5 in #10815
  • o/assertstate, api: update validation set assertions only when updating all snaps by @stolowski in #10810
  • o/snapstate: update default provider if missing required content by @miguelpires in #10630
  • tests: use our own image for ubuntu impish by @sergiocazzolato in #10829
  • tests: cleanup the job workspace as first step of the actions workflow by @sergiocazzolato in #10828
  • cmd/snap: wait while inhibition file is present by @zyga in #7700
  • osutil/disks: add new CreateLinearMapperDevice helper by @mvo5 in #10831
  • tests: fix lxd-mount-units test which is based on core20 in ubuntu focal system by @sergiocazzolato in #10835
  • tests: fix netplan test on i386 architecture by @sergiocazzolato in #10834
  • cmd/libsnap-confine-private: fix set but unused variable in the unit tests by @bboozzoo in #10837
  • many: rename systemd.Kind to Backend for a bit more clarity by @pedronis in #10788
  • cmd/snap-confine: update s-c apparmor profile to allow versioned ld.so by @bboozzoo in #10839
  • tests/main/security-device-cgroups: fix when both variants run on the same host by @bboozzoo in #10840
  • interfaces/apparmor/template.go: allow inspection of dbus mediation level by @anonymouse64 in #10842
  • interfaces/dsp: add a usb rule to the ambarella flavor by @anonymouse64 in #10841
  • tests: skip system-usernames-microk8s when TRUST_TEST_KEYS is false by @sergiocazzolato in #10832
  • cmd/libsnap-confine-private: workaround BPF memory accounting, update apparmor profile by @bboozzoo in #10826
  • devicestate: use EncryptionType by @mvo5 in #10820
  • tests: fix error trying to create the extra-snaps dir which already exists by @sergiocazzolato in #10833
  • o/ifacestate: don't fail remove if disconnect hook fails by @miguelpires in #10812
  • o/snapstate: validation sets enforcing on update by @stolowski in #10737
  • interfaces/u2f-devices: add GoTrust Idem Key (https://launchpad.net/bugs/1945182) by @oSoMoN in #10848
  • interfaces/seccomp: add clone3 to default template by @bboozzoo in #10845
  • daemon: implement access checkers for themes API by @jhenstridge in #10571
  • interfaces/apparmor: do not fail during initialization when there is no AppArmor profile for snap-confine by @bboozzoo in #9773
  • osutil/disks: add DiskFromDevicePath, other misc changes by @anonymouse64 in #10852
  • tests: reset some mount units failing on ubuntu impish by @sergiocazzolato in #10855
  • disks: add Size(path) helper by @mvo5 in #10844
  • osutil/disks: add Disk.KernelDevice{Node,Path} methods by @anonymouse64 in #10856
  • o/snapstate: prevent install hang if prereq install fails by @miguelpires in #10849
  • osutil/disks: add Partition struct and Disks.Partitions() by @anonymouse64 in #10857
  • tests: use the latest cpu family for nested tests execution by @sergiocazzolato in #10853
  • desktop: implement gtk notification backend and provide minimal notification api by @stolowski in #10846
  • osutil/disks: add Disk.FindMatchingPartitionWith{Fs,Part}Label by @anonymouse64 in #10858
  • o/snapstate: support ignore validation flag on install/update by @stolowski in #10760
  • cmd/snap: improve snap run help message by @bboozzoo in #10865
  • overlord/devicestate, tests: enable UC20 remodel, add spread tests by @bboozzoo in #10534
  • osutil/disks: add RootMountPointsForPartition by @anonymouse64 in #10862
  • many: support an API flag system-restart-immediate to make snap ops proceed immediately with system restarts by @pedronis in #10871
  • osutil/disks: support filtering by mount opts in MountPointsForPartitionRoot by @anonymouse64 in #10872
  • o/snapstate: use device ctx in prerequisite install/update by @miguelpires in #10869
  • overlord/devicestate: record recovery capable system on a successful remodel by @bboozzoo in #10870
  • interfaces/modem-manager: add access to PCIe modems by @alfonsosanchezbeato in #10777
  • snap-bootstrap: wait in mountNonDataPartitionMatchingKernelDisk by @mvo5 in #10861
  • release: merge 2.52.1 changelog into master by @mvo5 in #10887
  • release: 2.53 by @mvo5 in #10889
  • cmd/snap-confine: die when snap process is outside of snap specific cgroup (2.53) by @bboozzoo in #10942
  • release: 2.53.1 by @anonymouse64 in #10963

New Contributors

Full Changelog: 2.52.1...2.53.1

Contributors

xnox, bboozzoo, and 19 other contributors
Assets 5
Loading