Sat, 09 Nov 2024 21:47:13 UTC | login

Information for build snapd-2.65.1-0.fc41

ID339869
Package Namesnapd
Version2.65.1
Release0.fc41
Epoch
Sourcegit+https://src.fedoraproject.org/rpms/snapd.git#fc5296778e513eb17e5c98c24ecdd33049123dc0
SummaryA transactional software package manager
DescriptionSnappy is a modern, cross-distribution, transactional package manager designed for working with self-contained, immutable packages.
Built bydavidlt
State failed
Volume DEFAULT
StartedSun, 27 Oct 2024 16:08:53 UTC
CompletedSun, 27 Oct 2024 18:57:22 UTC
Taskbuild (f41, /rpms/snapd.git:fc5296778e513eb17e5c98c24ecdd33049123dc0)
Extra{'source': {'original_url': 'git+https://src.fedoraproject.org/rpms/snapd.git#fc5296778e513eb17e5c98c24ecdd33049123dc0'}}
Tags No tags
RPMs No RPMs
Changelog * Sat Aug 24 2024 Ernest Lotter <ernest.lotter@canonical.com> - New upstream release 2.65.1 - Support building snapd using base Core22 (Snapcraft 8.x) - FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled - AppArmor: update to latest 4.0.2 release - AppArmor: enable using ABI 4.0 from host parser - AppArmor: fix parser lookup - AppArmor: support AppArmor snippet priorities - AppArmor: allow reading cgroup memory.max file - AppArmor: allow using snap-exec coming from the snapd snap when starting a confined process with jailmode - AppArmor prompting (experimental): add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes - AppArmor prompting (experimental): include prompt prefix in AppArmor rules if prompting is supported and enabled - AppArmor prompting (experimental): add common types, constraints, and mappings from AppArmor permissions to abstract permissions - AppArmor prompting (experimental): add path pattern parsing and matching - AppArmor prompting (experimental): add path pattern precedence based on specificity - AppArmor prompting (experimental): add packages to manage outstanding request prompts and rules - AppArmor prompting (experimental): add prompting API and notice types, which require snap-interfaces-requests-control interface - AppArmor prompting (experimental): feature flag can only be enabled if prompting is supported, handler service connected, and the service can be started - Registry views (experimental): rename from aspects to registries - Registry views (experimental): support reading registry views and setting/unsetting registry data using snapctl - Registry views (experimental): fetch and refresh registry assertions as needed - Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns - Snap components: support installing snaps and components from files at the same time (no REST API/CLI) - Snap components: support downloading components related assertions from the store - Snap components: support installing components from the store - Snap components: support removing components individually and during snap removal - Snap components: support kernel modules as components - Snap components: support for component install, pre-refresh and post-refresh hooks - Snap components: initial support for building systems that contain components - Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps - Refresh app awareness (experimental): use the app name from .desktop file in notifications - Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint - Improve snap-confine compatibility with nvidia drivers - Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing - Allow mixing revision and channel on snap install - Generate GNU build ID for Go binaries - Add missing etelpmoc.sh for shell completion - Do not attempt to run snapd on classic when re-exec is disabled - Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse - Add snap debug API command to enable running raw queries - Enable snap-confine snap mount directory detection - Replace global seccomp filter with deny rules in standard seccomp template - Remove support for Ubuntu Core Launcher (superseded by snap- confine) - Support creating pending serial bound users after serial assertion becomes available - Support disabling cloud-init using kernel command-line - In hybrid systems, apps can refresh without waiting for restarts required by essential snaps - Ship snap-debug-info.sh script used for system diagnostics - Improve error messages when attempting to run non-existent snap - Switch to -u UID:GID for strace-static - Support enabling snapd logging with snap set system debug.snapd.{log,log-level} - Add options system.coredump.enable and system.coredump.maxuse to support using systemd-coredump on Ubuntu Core - Provide documentation URL for 'snap interface ' - Fix snapd riscv64 build - Fix restarting activated services instead of their activator units (i.e. sockets, timers) - Fix potential unexpected auto-refresh of snap on managed schedule - Fix potential segfault by guarding against kernel command-line changes on classic system - Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable - Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store - Fix devmode seccomp deny regression that caused spamming the log instead of actual denies - Fix snap lock leak during refresh - Fix not re-pinning validation sets that were already pinned when enforcing new validation sets - Fix handling of unexpected snapd runtime failure - Fix /v2/notices REST API skipping notices with duplicate timestamps - Fix comparing systemd versions that may contain pre-release suffixes - Fix udev potentially starting before snap-device-helper is made available - Fix race in snap seed metadata loading - Fix treating cloud-init exit status 2 as error - Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected - Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values - Fix stop service failure when the service is not actually running anymore - Fix parsing /proc/PID/mounts with spaces - Add registry interface that provides snaps access to a particular registry view - Add snap-interfaces-requests-control interface to enable prompting client snaps - steam-support interface: remove all AppArmor and seccomp restrictions to improve user experience - opengl interface: improve compatibility with nvidia drivers - home interface: autoconnect home on Ubuntu Core Desktop - serial-port interface: support RPMsg tty - display-control interface: allow changing LVDS backlight power and brightness - power-control interface: support for battery charging thesholds, type/status and AC type/status - cpu-control interface: allow CPU C-state control - raw-usb interface: support RPi5 and Thinkpad x13s - custom-device interface: allow device file locking - lxd-support interface: allow LXD to self-manage its own cgroup - network-manager interface: support MPTCP sockets - network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus - network-control interface: allow wpa_supplicant dbus api - gpio-control interface: support gpiochip* devices - polkit interface: fix "rw" mount option check - u2f-devices interface: enable additional security keys - desktop interface: enable kde theming support * Fri Aug 23 2024 Ernest Lotter <ernest.lotter@canonical.com> - New upstream release 2.65 - Support building snapd using base Core22 (Snapcraft 8.x) - FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled - AppArmor: update to latest 4.0.2 release - AppArmor: enable using ABI 4.0 from host parser - AppArmor: fix parser lookup - AppArmor: support AppArmor snippet priorities - AppArmor: allow reading cgroup memory.max file - AppArmor: allow using snap-exec coming from the snapd snap when starting a confined process with jailmode - AppArmor prompting (experimental): add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes - AppArmor prompting (experimental): include prompt prefix in AppArmor rules if prompting is supported and enabled - AppArmor prompting (experimental): add common types, constraints, and mappings from AppArmor permissions to abstract permissions - AppArmor prompting (experimental): add path pattern parsing and matching - AppArmor prompting (experimental): add path pattern precedence based on specificity - AppArmor prompting (experimental): add packages to manage outstanding request prompts and rules - AppArmor prompting (experimental): add prompting API and notice types, which require snap-interfaces-requests-control interface - AppArmor prompting (experimental): feature flag can only be enabled if prompting is supported, handler service connected, and the service can be started - Registry views (experimental): rename from aspects to registries - Registry views (experimental): support reading registry views and setting/unsetting registry data using snapctl - Registry views (experimental): fetch and refresh registry assertions as needed - Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns - Snap components: support installing snaps and components from files at the same time (no REST API/CLI) - Snap components: support downloading components related assertions from the store - Snap components: support installing components from the store - Snap components: support removing components individually and during snap removal - Snap components: support kernel modules as components - Snap components: support for component install, pre-refresh and post-refresh hooks - Snap components: initial support for building systems that contain components - Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps - Refresh app awareness (experimental): use the app name from .desktop file in notifications - Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint - Improve snap-confine compatibility with nvidia drivers - Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing - Allow mixing revision and channel on snap install - Generate GNU build ID for Go binaries - Add missing etelpmoc.sh for shell completion - Do not attempt to run snapd on classic when re-exec is disabled - Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse - Add snap debug API command to enable running raw queries - Enable snap-confine snap mount directory detection - Replace global seccomp filter with deny rules in standard seccomp template - Remove support for Ubuntu Core Launcher (superseded by snap- confine) - Support creating pending serial bound users after serial assertion becomes available - Support disabling cloud-init using kernel command-line - In hybrid systems, apps can refresh without waiting for restarts required by essential snaps - Ship snap-debug-info.sh script used for system diagnostics - Improve error messages when attempting to run non-existent snap - Switch to -u UID:GID for strace-static - Support enabling snapd logging with snap set system debug.snapd.{log,log-level} - Add options system.coredump.enable and system.coredump.maxuse to support using systemd-coredump on Ubuntu Core - Provide documentation URL for 'snap interface ' - Fix restarting activated services instead of their activator units (i.e. sockets, timers) - Fix potential unexpected auto-refresh of snap on managed schedule - Fix potential segfault by guarding against kernel command-line changes on classic system - Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable - Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store - Fix devmode seccomp deny regression that caused spamming the log instead of actual denies - Fix snap lock leak during refresh - Fix not re-pinning validation sets that were already pinned when enforcing new validation sets - Fix handling of unexpected snapd runtime failure - Fix /v2/notices REST API skipping notices with duplicate timestamps - Fix comparing systemd versions that may contain pre-release suffixes - Fix udev potentially starting before snap-device-helper is made available - Fix race in snap seed metadata loading - Fix treating cloud-init exit status 2 as error - Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected - Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values - Fix stop service failure when the service is not actually running anymore - Fix parsing /proc/PID/mounts with spaces - Add registry interface that provides snaps access to a particular registry view - Add snap-interfaces-requests-control interface to enable prompting client snaps - steam-support interface: remove all AppArmor and seccomp restrictions to improve user experience - opengl interface: improve compatibility with nvidia drivers - home interface: autoconnect home on Ubuntu Core Desktop - serial-port interface: support RPMsg tty - display-control interface: allow changing LVDS backlight power and brightness - power-control interface: support for battery charging thesholds, type/status and AC type/status - cpu-control interface: allow CPU C-state control - raw-usb interface: support RPi5 and Thinkpad x13s - custom-device interface: allow device file locking - lxd-support interface: allow LXD to self-manage its own cgroup - network-manager interface: support MPTCP sockets - network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus - network-control interface: allow wpa_supplicant dbus api - gpio-control interface: support gpiochip* devices - polkit interface: fix "rw" mount option check - u2f-devices interface: enable additional security keys - desktop interface: enable kde theming support * Mon Jul 29 2024 Miroslav Suchý <msuchy@redhat.com> - 2.63-3 - convert license to SPDX * Fri Jul 26 2024 Miroslav Suchý <msuchy@redhat.com> - 2.63-2 - convert license to SPDX * Wed Jul 24 2024 Ernest Lotter <ernest.lotter@canonical.com> - New upstream release 2.64 - Support building snapd using base Core22 (Snapcraft 8.x) - FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled - AppArmor: update to AppArmor 4.0.1 - AppArmor: support AppArmor snippet priorities - AppArmor prompting: add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes - AppArmor prompting: include prompt prefix in AppArmor rules if prompting is supported and enabled - AppArmor prompting: add common types, constraints, and mappings from AppArmor permissions to abstract permissions - AppArmor prompting: add path pattern parsing and matching - Registry views (experimental): rename from aspects to registries - Registry views (experimental): support reading registry views using snapctl - Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns - Snap components: support installing snaps and components from files at the same time (no REST API/CLI) - Snap components: support downloading components related assertions from the store - Snap components: support installing components from the store (no REST API/CLI) - Snap components: support removing components (REST API, no CLI) - Snap components: started support for component hooks - Snap components: support kernel modules as components - Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps - Refresh app awareness (experimental): use the app name from .desktop file in notifications - Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint - Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing - Generate GNU build ID for Go binaries - Add missing etelpmoc.sh for shell completion - Do not attempt to run snapd on classic when re-exec is disabled - Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse - Add snap debug api command to enable running raw queries - Enable snap-confine snap mount directory detection - Replace global seccomp filter with deny rules in standard seccomp template - Remove support for Ubuntu Core Launcher (superseded by snap- confine) - Support creating pending serial bound users after serial assertion becomes available - Support disabling cloud-init using kernel command-line - In hybrid systems, apps can refresh without waiting for restarts required by essential snaps - Ship snap-debug-info.sh script used for system diagnostics - Improve error messages when attempting to run non-existent snap - Switch to -u UID:GID for strace-static - Support enabling snapd logging with snap set system debug.snapd.{log,log-level} - Fix restarting activated services instead of their activator units (i.e. sockets, timers) - Fix potential unexpected auto-refresh of snap on managed schedule - Fix potential segfault by guarding against kernel command-line changes on classic system - Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable - Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store - Fix devmode seccomp deny regression that caused spamming the log instead of actual denies - Fix snap lock leak during refresh - Fix not re-pinning validation sets that were already pinned when enforcing new validation sets - Fix handling of unexpected snapd runtime failure - Fix /v2/notices REST API skipping notices with duplicate timestamps - Fix comparing systemd versions that may contain pre-release suffixes - Fix udev potentially starting before snap-device-helper is made available - Fix race in snap seed metadata loading - Fix treating cloud-init exit status 2 as error - Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected - Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values - Fix stop service failure when the service is not actually running anymore - Add registry interface that provides snaps access to a particular registry view - steam-support interface: relaxed AppArmor and seccomp restrictions to improve user experience - home interface: autoconnect home on Ubuntu Core Desktop - serial-port interface: support RPMsg tty - display-control interface: allow changing LVDS backlight power and brightness - power-control interface: support for battery charging thesholds, type/status and AC type/status - cpu-control interface: allow CPU C-state control - raw-usb interface: support RPi5 and Thinkpad x13s - custom-device interface: allow device file locking - lxd-support interface: allow LXD to self-manage its own cgroup - network-manager interface: support MPTCP sockets - network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus * Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.63-1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Wed Apr 24 2024 Ernest Lotter <ernest.lotter@canonical.com> - New upstream release 2.63 - Support for snap services to show the current status of user services (experimental) - Refresh app awareness: record snap-run-inhibit notice when starting app from snap that is busy with refresh (experimental) - Refresh app awareness: use warnings as fallback for desktop notifications (experimental) - Aspect based configuration: make request fields in the aspect- bundle's rules optional (experimental) - Aspect based configuration: make map keys conform to the same format as path sub-keys (experimental) - Aspect based configuration: make unset and set behaviour similar to configuration options (experimental) - Aspect based configuration: limit nesting level for setting value (experimental) - Components: use symlinks to point active snap component revisions - Components: add model assertion support for components - Components: fix to ensure local component installation always gets a new revision number - Add basic support for a CIFS remote filesystem-based home directory - Add support for AppArmor profile kill mode to avoid snap-confine error - Allow more than one interface to grant access to the same API endpoint or notice type - Allow all snapd service's control group processes to send systemd notifications to prevent warnings flooding the log - Enable not preseeded single boot install - Update secboot to handle new sbatlevel - Fix to not use cgroup for non-strict confined snaps (devmode, classic) - Fix two race conditions relating to freedesktop notifications - Fix missing tunables in snap-update-ns AppArmor template - Fix rejection of snapd snap udev command line by older host snap- device-helper - Rework seccomp allow/deny list - Clean up files removed by gadgets - Remove non-viable boot chains to avoid secboot failure - posix_mq interface: add support for missing time64 mqueue syscalls mq_timedreceive_time64 and mq_timedsend_time64 - password-manager-service interface: allow kwalletd version 6 - kubernetes-support interface: allow SOCK_SEQPACKET sockets - system-observe interface: allow listing systemd units and their properties - opengl interface: enable use of nvidia container toolkit CDI config generation * Thu Mar 21 2024 Ernest Lotter <ernest.lotter@canonical.com> - New upstream release 2.62 - Aspects based configuration schema support (experimental) - Refresh app awareness support for UI (experimental) - Support for user daemons by introducing new control switches --user/--system/--users for service start/stop/restart (experimental) - Add AppArmor prompting experimental flag (feature currently unsupported) - Installation of local snap components of type test - Packaging of components with snap pack - Expose experimental features supported/enabled in snapd REST API endpoint /v2/system-info - Support creating and removing recovery systems for use by factory reset - Enable API route for creating and removing recovery systems using /v2/systems with action create and /v2/systems/{label} with action remove - Lift requirements for fde-setup hook for single boot install - Enable single reboot gadget update for UC20+ - Allow core to be removed on classic systems - Support for remodeling on hybrid systems - Install desktop files on Ubuntu Core and update after snapd upgrade - Upgrade sandbox features to account for cgroup v2 device filtering - Support snaps to manage their own cgroups - Add support for AppArmor 4.0 unconfined profile mode - Add AppArmor based read access to /etc/default/keyboard - Upgrade to squashfuse 0.5.0 - Support useradd utility to enable removing Perl dependency for UC24+ - Support for recovery-chooser to use console-conf snap - Add support for --uid/--gid using strace-static - Add support for notices (from pebble) and expose via the snapd REST API endpoints /v2/notices and /v2/notice - Add polkit authentication for snapd REST API endpoints /v2/snaps/{snap}/conf and /v2/apps - Add refresh-inhibit field to snapd REST API endpoint /v2/snaps - Add refresh-inhibited select query to REST API endpoint /v2/snaps - Take into account validation sets during remodeling - Improve offline remodeling to use installed revisions of snaps to fulfill the remodel revision requirement - Add rpi configuration option sdtv_mode - When snapd snap is not installed, pin policy ABI to 4.0 or 3.0 if present on host - Fix gadget zero-sized disk mapping caused by not ignoring zero sized storage traits - Fix gadget install case where size of existing partition was not correctly taken into account - Fix trying to unmount early kernel mount if it does not exist - Fix restarting mount units on snapd start - Fix call to udev in preseed mode - Fix to ensure always setting up the device cgroup for base bare and core24+ - Fix not copying data from newly set homedirs on revision change - Fix leaving behind empty snap home directories after snap is removed (resulting in broken symlink) - Fix to avoid using libzstd from host by adding to snapd snap - Fix autorefresh to correctly handle forever refresh hold - Fix username regex allowed for system-user assertion to not allow '+' - Fix incorrect application icon for notification after autorefresh completion - Fix to restart mount units when changed - Fix to support AppArmor running under incus - Fix case of snap-update-ns dropping synthetic mounts due to failure to match desired mount dependencies - Fix parsing of base snap version to enable pre-seeding of Ubuntu Core Desktop - Fix packaging and tests for various distributions - Add remoteproc interface to allow developers to interact with Remote Processor Framework which enables snaps to load firmware to ARM Cortex microcontrollers - Add kernel-control interface to enable controlling the kernel firmware search path - Add nfs-mount interface to allow mounting of NFS shares - Add ros-opt-data interface to allow snaps to access the host /opt/ros/ paths - Add snap-refresh-observe interface that provides refresh-app- awareness clients access to relevant snapd API endpoints - steam-support interface: generalize Pressure Vessel root paths and allow access to driver information, features and container versions - steam-support interface: make implicit on Ubuntu Core Desktop - desktop interface: improved support for Ubuntu Core Desktop and limit autoconnection to implicit slots - cups-control interface: make autoconnect depend on presence of cupsd on host to ensure it works on classic systems - opengl interface: allow read access to /usr/share/nvidia - personal-files interface: extend to support automatic creation of missing parent directories in write paths - network-control interface: allow creating /run/resolveconf - network-setup-control and network-setup-observe interfaces: allow busctl bind as required for systemd 254+ - libvirt interface: allow r/w access to /run/libvirt/libvirt-sock- ro and read access to /var/lib/libvirt/dnsmasq/** - fwupd interface: allow access to IMPI devices (including locking of device nodes), sysfs attributes needed by amdgpu and the COD capsule update directory - uio interface: allow configuring UIO drivers from userspace libraries - serial-port interface: add support for NXP Layerscape SoC - lxd-support interface: add attribute enable-unconfined-mode to require LXD to opt-in to run unconfined - block-devices interface: add support for ZFS volumes - system-packages-doc interface: add support for reading jquery and sphinx documentation - system-packages-doc interface: workaround to prevent autoconnect failure for snaps using base bare - microceph-support interface: allow more types of block devices to be added as an OSD - mount-observe interface: allow read access to /proc/{pid}/task/{tid}/mounts and proc/{pid}/task/{tid}/mountinfo - polkit interface: changed to not be implicit on core because installing policy files is not possible - upower-observe interface: allow stats refresh - gpg-public-keys interface: allow creating lock file for certain gpg operations - shutdown interface: allow access to SetRebootParameter method - media-control interface: allow device file locking - u2f-devices interface: support for Trustkey G310H, JaCarta U2F, Kensington VeriMark Guard, RSA DS100, Google Titan v2 * Wed Mar 06 2024 Ernest Lotter <ernest.lotter@canonical.com> - New upstream release 2.61.3 - Install systemd files in correct location for 24.04 * Fri Feb 16 2024 Ernest Lotter <ernest.lotter@canonical.com> - New upstream release 2.61.2 - Fix to enable plug/slot sanitization for prepare-image - Fix panic when device-service.access=offline - Support offline remodeling - Allow offline update only remodels without serial - Fail early when remodeling to old model revision - Fix to enable plug/slot sanitization for validate-seed - Allow removal of core snap on classic systems - Fix network-control interface denial for file lock on /run/netns - Add well-known core24 snap-id - Fix remodel snap installation order - Prevent remodeling from UC18+ to UC16 - Fix cups auto-connect on classic with cups snap installed - u2f-devices interface support for GoTrust Idem Key with USB-C - Fix to restore services after unlink failure - Add libcudnn.so to Nvidia libraries - Fix skipping base snap download due to false snapd downgrade conflict * Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 2.61.1-2 - Rebuild for golang 1.22.0 * Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.61.1-1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jan 18 2024 Zygmunt Krynicki <me@zygoon.pl> - 2.61.1-1 - Changelog resynchronization * Wed Jan 17 2024 Zygmunt Krynicki <me@zygoon.pl> - 2.58.3-3 - Require xdelta on Fedora or EPEL >= 9 (for delta updates) * Fri Nov 24 2023 Ernest Lotter <ernest.lotter@canonical.com> - New upstream release 2.61.1 - Stop requiring default provider snaps on image building and first boot if alternative providers are included and available - Fix auth.json access for login as non-root group ID - Fix incorrect remodelling conflict when changing track to older snapd version - Improved check-rerefresh message - Fix UC16/18 kernel/gadget update failure due volume mismatch with installed disk - Stop auto-import of assertions during install modes - Desktop interface exposes GetIdletime - Polkit interface support for new polkit versions - Fix not applying snapd snap changes in tracked channel when remodelling * Fri Oct 13 2023 Philip Meulengracht <philip.meulengracht@canonical.com> - New upstream release 2.61 - Fix control of activated services in 'snap start' and 'snap stop' - Correctly reflect activated services in 'snap services' - Disabled services are no longer enabled again when snap is refreshed - interfaces/builtin: added support for Token2 U2F keys - interfaces/u2f-devices: add Swissbit iShield Key - interfaces/builtin: update gpio apparmor to match pattern that contains multiple subdirectories under /sys/devices/platform - interfaces: add a polkit-agent interface - interfaces: add pcscd interface - Kernel command-line can now be edited in the gadget.yaml - Only track validation-sets in run-mode, fixes validation-set issues on first boot. - Added support for using store.access to disable access to snap store - Support for fat16 partition in gadget - Pre-seed authority delegation is now possible - Support new system-user name daemon - Several bug fixes and improvements around remodelling - Offline remodelling support * Fri Sep 15 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.60.4 - i/b/qualcomm_ipc_router.go: switch to plug/slot and add socket permission - interfaces/builtin: fix custom-device udev KERNEL values - overlord: allow the firmware-updater snap to install user daemons - interfaces: allow loopback as a block-device * Fri Aug 25 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.60.3 - i/b/shared-memory: handle "private" plug attribute in shared- memory interface correctly - i/apparmor: support for home.d tunables from /etc/ * Fri Aug 04 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.60.2 - i/builtin: allow directories in private /dev/shm - i/builtin: add read access to /proc/task/schedstat in system- observe - snap-bootstrap: print version information at startup - go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948 - snap, store: filter out invalid snap edited links from store info and persisted state - o/configcore: write netplan defaults to 00-snapd-config on seeding - snapcraft.yaml: pull in apparmor_parser optimization patches from https://gitlab.com/apparmor/apparmor/-/merge_requests/711 - snap-confine: fix missing \0 after readlink - cmd/snap: hide append-integrity-data - interfaces/opengl: add support for ARM Mali * Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.58.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jul 04 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.60.1 - install: fallback to lazy unmount() in writeFilesystemContent - data: include "modprobe.d" and "modules-load.d" in preseeded blob - gadget: fix install test on armhf - interfaces: fix typo in network_manager_observe - sandbox/apparmor: don't let vendored apparmor conflict with system - gadget/update: set parts in laid out data from the ones matched - many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor - many: stop using `-O no-expr-simplify` in apparmor_parser - go.mod: update secboot to latest uc22 branch * Thu Jun 15 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.60 - Support for dynamic snapshot data exclusions - Apparmor userspace is vendored inside the snapd snap - Added a default-configure hook that exposes gadget default configuration options to snaps during first install before services are started - Allow install from initrd to speed up the initial installation for systems that do not have a install-device hook - New `snap sign --chain` flag that appends the account and account-key assertions - Support validation-sets in the model assertion - Support new "min-size" field in gadget.yaml - New interface: "userns" * Sat May 27 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.59.5 - Explicitly disallow the use of ioctl + TIOCLINUX This fixes CVE-2023-1523. * Fri May 12 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.59.4 - Retry when looking for disk label on non-UEFI systems (LP: #2018977) - Fix remodel from UC20 to UC22 * Wed May 03 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.59.3 - Fix quiet boot - i/b/physical_memory_observe: allow reading virt-phys page mappings - gadget: warn instead of returning error if overlapping with GPT header - overlord,wrappers: restart always enabled units - go.mod: update github.com/snapcore/secboot to latest uc22 - boot: make sure we update assets for the system-seed-null role - many: ignore case for vfat partitions when validating * Tue Apr 18 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.59.2 - Notify users when a user triggered auto refresh finished * Tue Mar 28 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.59.1 - Add udev rules from steam-devices to steam-support interface - Bugfixes for layout path checking, dm_crypt permissions, mount-control interface parameter checking, kernel commandline parsing, docker-support, refresh-app-awareness * Fri Mar 10 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.59 - Support setting extra kernel command line parameters via snap configuration and under a gadget allow-list - Support for Full-Disk-Encryption using ICE - Support for arbitrary home dir locations via snap configuration - New nvidia-drivers-support interface - Support for udisks2 snap - Pre-download of snaps ready for refresh and automatic refresh of the snap when all apps are closed - New microovn interface - Support uboot with `CONFIG_SYS_REDUNDAND_ENV=n` - Make "snap-preseed --reset" re-exec when needed - Update the fwupd interface to support fully confined fwupd - The memory,cpu,thread quota options are no longer experimental - Support debugging snap client requests via the `SNAPD_CLIENT_DEBUG_HTTP` environment variable - Support ssh listen-address via snap configuration - Support for quotas on single services - prepare-image now takes into account snapd versions going into the image, including in the kernel initrd, to fetch supported assertion formats * Sat Feb 25 2023 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.58.3-1 - Releate 2.58.3 to Fedora RHBZ#2173056 * Tue Feb 21 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.58.3 - interfaces/screen-inhibit-control: Add support for xfce-power- manager - interfaces/network-manager: do not show ptrace read denials - interfaces: relax rules for mount-control `what` for functionfs - cmd/snap-bootstrap: add support for snapd_system_disk - interfaces/modem-manager: add net_admin capability - interfaces/network-manager: add permission for OpenVPN - httputil: fix checking x509 certification error on go 1.20 - i/b/fwupd: allow reading host os-release - boot: on classic+modes `MarkBootSuccessfull` does not need a base - boot: do not include `base=` in modeenv for classic+modes installs - tests: add spread test that validates revert on boot for core does not happen on classic+modes - snapstate: only take boot participants into account in UpdateBootRevisions - snapstate: refactor UpdateBootRevisions() to make it easier to check for boot.SnapTypeParticipatesInBoot() * Wed Jan 25 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.58.2 - bootloader: fix dirty build by hardcoding copyright year * Mon Jan 23 2023 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.58.1 - secboot: detect lockout mode in CheckTPMKeySealingSupported - cmd/snap-update-ns: prevent keeping unneeded mountpoints - o/snapstate: do not infinitely retry when an update fails during seeding - interfaces/modem-manager: add permissions for NETLINK_ROUTE - systemd/emulation.go: use `systemctl --root` to enable/disable - snap: provide more error context in `NotSnapError` - interfaces: add read access to /run for cryptsetup - boot: avoid reboot loop if there is a bad try kernel - devicestate: retry serial acquire on time based certificate errors - o/devicestate: run systemctl daemon-reload after install-device hook - cmd/snap,daemon: add 'held' to notes in 'snap list' - o/snapshotstate: check snapshots are self-contained on import - cmd/snap: show user+gating hold info in 'snap info' - daemon: expose user and gating holds at /v2/snaps/{name} * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.57.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Dec 16 2022 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.57.6-2 - Fix for RHBZ#2152903 * Thu Dec 01 2022 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.58 - many: Use /tmp/snap-private-tmp for per-snap private tmps - data: Add systemd-tmpfiles configuration to create private tmp dir - cmd/snap: test allowed and forbidden refresh hold values - cmd/snap: be more consistent in --hold help and err messages - cmd/snap: error on refresh holds that are negative or too short - o/homedirs: make sure we do not write to /var on build time - image: make sure file customizations happen also when we have defaultscause - tests/fde-on-classic: set ubuntu-seed label in seed partitions - gadget: system-seed-null should also have fs label ubuntu-seed - many: gadget.HasRole, ubuntu-seed can come also from system-seed- null - o/devicestate: fix paths for retrieving recovery key on classic - cmd/snap-confine: do not discard const qualifier - interfaces: allow python3.10+ in the default template - o/restart: fix PendingForSystemRestart - interfaces: allow wayland slot snaps to access shm files created by Firefox - o/assertstate: add Sequence() to val set tracking - o/assertstate: set val set 'Current' to pinned sequence - tests: tweak the libvirt interface test to work on 22.10 - tests: use system-seed-null role on classic with modes tests - boot: add directory for data on install - o/devicestate: change some names from esp to seed/seed-null - gadget: add system-seed-null role - o/devicestate: really add error to new error message - restart,snapstate: implement reboot-required notifications on classic - many: avoid automatic system restarts on classic through new overlord/restart logic - release: Fix WSL detection in LXD - o/state: introduce WaitStatus - interfaces: Fix desktop interface rules for document portal - client: remove classic check for `snap recovery --show- keys` - many: create snapd.mounts targets to schedule mount units - image: enable sysfs overlay for UC preseeding - i/b/network-control: add permissions for using AF_XDP - i/apparmor: move mocking of home and overlay conditions to osutil - tests/main/degraded: ignore man-db update failures in CentOS - cmd/snap: fix panic when running snap w/ flag but w/o subcommand - tests: save snaps generated during image preaparation - tests: skip building snapd based on new env var - client: remove misleading comments in ValidateApplyOptions - boot/seal: add debug traces for bootchains - bootloader/assets: fix grub.cfg when there are no labels - cmd/snap: improve refresh hold's output - packaging: enable BPF in RHEL9 - packaging: do not traverse filesystems in postrm script - tests: get microk8s from another branch - bootloader: do not specify Core version in grub entry - many: refresh --hold follow-up - many: support refresh hold/unhold to API and CLI - many: expand fully handling links mapping in all components, in the API and in snap info - snap/system_usernames,tests: Azure IoT Edge system usernames - interface: Allow access to org.freedesktop.DBus.ListActivatableNames via system-observe interface - o/devicestate,daemon: use the expiration date from the assertion in user-state and REST api (user-removal 4/n) - gadget: add unit tests for new install functions for FDE on classic - cmd/snap-seccomp: fix typo in AF_XDP value - tests/connected-after-reboot-revert: run also on UC16 - kvm: allow read of AMD-SEV parameters - data: tweak apt integration config var - o/c/configcore: add faillock configuration - tests: use dbus-daemon instead of dbus-launch - packaging: remove unclean debian-sid patch - asserts: add keyword 'user-presence' keyword in system-user assertion (auto-removal 3/n) - interfaces: steam-support allow pivot /run/media and /etc/nvidia mount - aspects: initial code - overlord: process auto-import assertion at first boot - release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2 - tests: fix lxd-mount-units in ubuntu kinetic - tests: new variable used to configure the kernel command line in nested tests - go.mod: update to newer secboot/uc22 branch - autopkgtests: fix running autopkgtest on kinetic - tests: remove squashfs leftovers in fakeinstaller - tests: create partition table in fakeinstaller - o/ifacestate: introduce DebugAutoConnectCheck hook - tests: use test-snapd-swtpm instead of swtpm-mvo snap in nested helper - interfaces/polkit: do not require polkit directory if no file is needed - o/snapstate: be consistent not creating per-snap save dirs for classic models - inhibit: use hintFile() - tests: use `snap prepare-image` in fde-on-classic mk-image.sh - interfaces: add microceph interface - seccomp: allow opening XDP sockets - interfaces: allow access to icon subdirectories - tests: add minimal-smoke test for UC22 and increase minimal RAM - overlord: introduce hold levels in the snapstate.Hold* API - o/devicestate: support mounting ubuntu-save also on classic with modes - interfaces: steam-support allow additional mounts - fakeinstaller: format SystemDetails result with %+v - cmd/libsnap-confine-private: do not panic on chmod failure - tests: ensure that fakeinstaller put the seed into the right place - many: add stub services for prompting - tests: add libfwupd and libfwupdplugin5 to openSUSE dependencies - o/snapstate: fix snaps-hold pruning/reset in the presence of system holding - many: add support for setting up encryption from installer - many: support classic snaps in the context of classic and extended models - cmd/snap,daemon: allow zero values from client to daemon for journal rate limit - boot,o/devicestate: extend HasFDESetupHook to consider unrelated kernels - cmd/snap: validation set refresh-enforce CLI support + spread test - many: fix filenames written in modeenv for base/gadget plus drive- by TODO - seed: fix seed test to use a pseudo-random byte sequence - cmd/snap-confine: remove setuid calls from cgroup init code - boot,o/devicestate: introduce and use MakeRunnableStandaloneSystem - devicestate,boot,tests: make `fakeinstaller` test work - store: send Snap-Device-Location header with cloud information - overlord: fix unit tests after merging master in - o/auth: move HasUserExpired into UserState and name it HasExpired, and add unit tests for this - o/auth: rename NewUserData to NewUserParams - many: implementation of finish install step handlers - overlord: auto-resolve validation set enforcement constraints - i/backends,o/ifacestate: cleanup backends.All - cmd/snap-confine: move bind-mount setup into separate function - tests/main/mount-ns: update namespace for 18.04 - o/state: Hold pseudo-error for explicit holding, concept of pending changes in prune logic - many: support extended classic models that omit kernel/gadget - data/selinux: allow snapd to detect WSL - overlord: add code to remove users that has an expiration date set - wrappers,snap/quota: clear LogsDirectory= in the service unit for journal namespaces - daemon: move user add, remove operations to overlord device state - gadget: implement write content from gadget information - {device,snap}state: fix ineffectual assignments - daemon: support validation set refresh+enforce in API - many: rename AddAffected* to RegisterAffected*, add Change|State.Has, fix a comment - many: reset store session when setting proxy.store - overlord/ifacestate: fix conflict detection of auto-connection - interfaces: added read/write access to /proc/self/coredump_filter for process-control - interfaces: add read access to /proc/cgroups and /proc/sys/vm/swappiness to system-observe - fde: run fde-reveal-key with `DefaultDependencies=no` - many: don't concatenate non-constant format strings - o/devicestate: fix non-compiling test - release, snapd-apparmor: fixed outdated WSL detection - many: add todos discussed in the review in tests/nested/manual/fde-on-classic, snapstate cleanups - overlord: run install-device hook during factory reset - i/b/mount-control: add optional `/` to umount rules - gadget/install: split Run in several functions - o/devicestate: refactor some methods as preparation for install steps implementation - tests: fix how snaps are cached in uc22 - tests/main/cgroup-tracking-failure: fix rare failure in Xenial and Bionic - many: make {Install,Initramfs}{{,Host},Writable}Dir a function - tests/nested/manual/core20: fix manual test after changes to 'tests.nested exec' - tests: move the unit tests system to 22.04 in github actions workflow - tests: fix nested errors uc20 - boot: rewrite switch in SnapTypeParticipatesInBoot() - gadget: refactor to allow usage from the installer - overlord/devicestate: support for mounting ubuntu-save before the install-device hook - many: allow to install/update kernels/gadgets on classic with modes - tests: fix issues related to dbus session and localtime in uc18 - many: support home dirs located deeper under /home - many: refactor tests to use explicit strings instead of boot.Install{Initramfs,Host}{Writable,FDEData}Dir - boot: add factory-reset cases for boot-flags - tests: disable quota tests on arm devices using ubuntu core - tests: fix unbound SPREAD_PATH variable on nested debug session - overlord: start turning restart into a full state manager - boot: apply boot logic also for classic with modes boot snaps - tests: fix snap-env test on debug section when no var files were created - overlord,daemon: allow returning errors when requesting a restart - interfaces: login-session-control: add further D-Bus interfaces - snapdenv: added wsl to userAgent - o/snapstate: support running multiple ops transactionally - store: use typed valset keys in store package - daemon: add `ensureStateSoon()` when calling systems POST api - gadget: add rules for validating classic with modes gadget.yaml files - wrappers: journal namespaces did not honor journal.persistent - many: stub devicestate.Install{Finish,SetupStorageEncryption}() - sandbox/cgroup: don't check V1 cgroup if V2 is active - seed: add support to load auto import assertion - tests: fix preseed tests for arm systems - include/lk: update LK recovery environment definition to include device lock state used by bootloader - daemon: return `storage-encryption` in /systems/<label> reply - tests: start using remote tools from snapd-testing-tools project in nested tests - tests: fix non mountable filesystem error in interfaces-udisks2 - client: clarify what InstallStep{SetupStorageEncryption,Finish} do - client: prepare InstallSystemOptions for real use - usersession: Remove duplicated struct - o/snapstate: support specific revisions in UpdateMany/InstallMany - i/b/system_packages_doc: restore access to Libreoffice documentation - snap/quota,wrappers: allow using 0 values for the journal rate limit - tests: add kinetic images to the gce bucket for preseed test - multiple: clear up naming convention for thread quota - daemon: implement stub `"action": "install"` - tests/main/snap-quota-{install/journal}: fix unstable spread tests - tests: remove code for old systems not supported anymore - tests: third part of the nested helper cleanup - image: clean snapd mount after preseeding - tests: use the new ubuntu kinetic image - i/b/system_observe: honour root dir when checking for /boot/config-* - tests: restore microk8s test on 16.04 - tests: run spread tests on arm64 instances in google cloud - tests: skip interfaces-udisks2 in fedora - asserts,boot,secboot: switch to a secboot version measuring classic - client: add API for GET /systems/<label> - overlord: frontend for --quota-group support (2/2) - daemon: add GET support for `/systems/<seed-label>` - i/b/system-observe: allow reading processes security label - many: support '--purge' when removing multiple snaps - snap-confine: remove obsolete code - interfaces: rework logic of unclashMountEntries - data/systemd/Makefile: add comment warning about "snapd." prefix - interfaces: grant access to speech-dispatcher socket (bug 1787245) - overlord/servicestate: disallow removal of quota group with any limits set - data: include snapd/mounts in preseeded blob - many: Set SNAPD_APPARMOR_REEXEC=1 - store/tooling,tests: support UBUNTU_STORE_URL override env var - multiple: clear up naming convention for cpu-set quota - tests: improve and standardize debug section on tests - device: add new DeviceManager.encryptionSupportInfo() - tests: check snap download with snapcraft v7+ export-login auth data - cmd/snap-bootstrap: changes to be able to boot classic rootfs - tests: fix debug section for test uc20-create-partitions - overlord: --quota-group support (1/2) - asserts,cmd/snap-repair: drop not pursued AuthorityDelegation/signatory-id - snap-bootstrap: add CVM mode* snap-bootstrap: add classic runmode - interfaces: make polkit implicit on core if /usr/libexec/polkitd exists - multiple: move arguments for auth.NewUser into a struct (auto- removal 1/n) - overlord: track security profiles for non-active snaps - tests: remove NESTED_IMAGE_ID from nested manual tests - tests: add extra space to ubuntu bionic - store/tooling: support using snapcraft v7+ base64-encoded auth data - overlord: allow seeding in the case of classic with modes system - packaging/*/tests/integrationtests: reload ssh.service, not sshd.service - tests: rework snap-logs-journal test and add missing cleanup - tests: add spread test for journal quotas - tests: run spread tests in ubuntu kinetic - o/snapstate: extend support for holding refreshes - devicestate: return an error in checkEncryption() if KernelInfo fails - tests: fix sbuild test on debian sid - o/devicestate: do not run tests in this folder twice - sandbox/apparmor: remove duplicate hook into testing package - many: refactor store code to be able to use simpler form of auth creds - snap,store: drop support/consideration for anonymous download urls - data/selinux: allow snaps to read certificates - many: add Is{Core,Classic}Boot() to DeviceContext - o/assertstate: don't refresh enforced validation sets during check - go.mod: replace maze.io/x/crypto with local repo - many: fix unnecessary use of fmt.Sprintf - bootloader,systemd: fix `don't use Yoda conditions (ST1017)` - HACKING.md: extend guidelines with common review comments - many: progress bars should use the overridable stdouts - tests: remove ubuntu 21.10 from sru validation - tests: import remote tools - daemon,usersession: switch from HeaderMap to Header in tests - asserts: add some missing `c.Check()` in the asserts test - strutil: fix VersionCompare() to allow multiple `-` in the version - testutil: remove unneeded `fmt.Sprintf` - boot: remove some unneeded `fmt.Sprintf()` calls - tests: implement prepare_gadget and prepare_base and unify all the version - o/snapstate: refactor managed refresh schedule logic - o/assertstate, snapasserts: implementation of assertstate.TryEnforceValidationSets function - interfaces: add kconfig paths to system-observe - dbusutil: move debian patch into dbustest - many: change name and input of CheckProvenance to clarify usage - tests: Fix a missing parameter in command to wait for device - tests: Work-around non-functional --wait on systemctl - tests: unify the way the snapd/core and kernel are repacked in nested helper - tests: skip interfaces-ufisks2 on centos-9 - i/b/mount-control: allow custom filesystem types - interfaces,metautil: make error handling in getPaths() more targeted - cmd/snap-update-ns: handle mountpoint removal failures with EBUSY - tests: fix pc-kernel repacking - systemd: add `WantedBy=default.target` to snap mount units - tests: disable microk8s test on 16.04 * Wed Nov 30 2022 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.57.6-1 - Release 2.57.6 to Fedora * Tue Nov 15 2022 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.57.6 - SECURITY UPDATE: Local privilege escalation - snap-confine: Fix race condition in snap-confine when preparing a private tmp mount namespace for a snap - CVE-2022-3328 * Mon Oct 17 2022 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.57.5 - image: clean snapd mount after preseeding - wrappers,snap/quota: clear LogsDirectory= in the service unit for journal namespaces - cmd/snap,daemon: allow zero values from client to daemon for journal rate-limit - interfaces: steam-support allow pivot /run/media and /etc/nvidia mount - o/ifacestate: introduce DebugAutoConnectCheck hook - release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2 - autopkgtests: fix running autopkgtest on kinetic - interfaces: add microceph interface - interfaces: steam-support allow additional mounts - many: add stub services - interfaces: add kconfig paths to system-observe - i/b/system_observe: honour root dir when checking for /boot/config-* - interfaces: grant access to speech-dispatcher socket - interfaces: rework logic of unclashMountEntries * Thu Sep 29 2022 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.57.4 - release, snapd-apparmor: fixed outdated WSL detection - overlord/ifacestate: fix conflict detection of auto-connection - overlord: run install-device hook during factory reset - image/preseed/preseed_linux: add missing new line - boot: add factory-reset cases for boot-flags. - interfaces: added read/write access to /proc/self/coredump_filter for process-control - interfaces: add read access to /proc/cgroups and /proc/sys/vm/swappiness to system-observe - fde: run fde-reveal-key with `DefaultDependencies=no` - snapdenv: added wsl to userAgent - tests: fix restore section for persistent-journal-namespace - i/b/mount-control: add optional `/` to umount rules - cmd/snap-bootstrap: changes to be able to boot classic rootfs - cmd/snap-bootstrap: add CVM mode * Thu Sep 15 2022 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.57.3 - wrappers: journal namespaces did not honor journal.persistent - snap/quota,wrappers: allow using 0 values for the journal rate to override the system default values - multiple: clear up naming convention for cpu-set quota - i/b/mount-control: allow custom filesystem types - i/b/system-observe: allow reading processes security label - sandbox/cgroup: don't check V1 cgroup if V2 is active - asserts,boot,secboot: switch to a secboot version measuring classic * Fri Sep 02 2022 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.57.2 - store/tooling,tests: support UBUNTU_STORE_URL override env var - packaging/*/tests/integrationtests: reload ssh.service, not sshd.service - tests: check snap download with snapcraft v7+ export-login auth data - store/tooling: support using snapcraft v7+ base64-encoded auth data - many: progress bars should use the overridable stdouts - many: refactor store code to be able to use simpler form of auth creds - snap,store: drop support/consideration for anonymous download urls - data: include snapd/mounts in preseeded blob - many: Set SNAPD_APPARMOR_REEXEC=1 - overlord: track security profiles for non-active snaps