snapcore/snapd

…ware-observe-2.27

interfaces: add udev netlink support to hardware-observe (2.27)

…s-2.27

interfaces/network-{control,observe}: allow receiving kobject_uevent() messages for 2.27

With the addition of seccomp argument filtering the socket syscall
will not allow NETLINK_KOBJECT_UEVENT anymore. But this is crucial
for the hardware-observe interface to monitor udev. This patch
adds it back.

…) messages

As part of the investigation for the livepatch regression and netlink socket
mediation, net/core/* from the Linux kernel sources shows that the kernel is
using kobject_uevent() for notifications. While we could force snaps to use
hardware-observe to view these, it makes sense in terms of completeness for
these interfaces and for compatibility with existing snaps to allow
'socket AF_NETLINK - NETLINK_KOBJECT_UEVENT' here as well.

Add networkManagerPermanentPlugSecComp that adds socket AF_NETLINK - KOBJECT_UEVENT to unbreak nmcli

hooks: do not error when hook handler is not registered (2.27)

When creating a @unrestricted filter we need to whitelist all
architectures or e.g. i386 apps on amd64 will fail.

See https://bugs.launchpad.net/snapd/+bug/1709536

interfaces: correctly backport the patch

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>

tests: remove TestInterfacesHelp as it breaks when go-flags changes (2.27)

interfaces: don't crash if content slot has no attributes (2.27)

This mirros an earlier fix to the plug sanitize that was not mirrored to
the slot side. My bad :/

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>

debian: do not build with -buildmode=pie on i386 (2.27)

…dson)

With -buildmode=pie mode on i386 snapd panics in spectacular
ways (LP: #1711052) so we need to disable it for the time
being.

See also https://forum.snapcraft.io/t/artful-i386-panics/

interfaces: backport broadcom-asic-control interface (2.27)

…2.27

store: do not resume a download when we already have the whole thing  (2.27)

…3640)

* store: do not resume a download when we already have the whole thing

Without this a .partial file that has been completely downloaded still
triggers a request to the server (which will then come back with a
416).

This lets you drop a .snap in /var/lib/snapd/snaps as a .partial,
which could be used to speed up tests. It'll still be checksummed
(twice), but it won't hit the network for the download unless the
store says it's got a delta.

Doing the same thing for delta downloads is left as an exercise to the
reader.

* store: address review feedback (thanks pedronis)

This patch backports the new interface to the 2.27.x release branch per
request of Canonical Commercial Engineering team.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>

While our package abstraction helper for spread tests does call dnf
makecache evidence in test failures shows that something is not quite
right and we fail to install packages that have since, in the archive,
been upgraded to a new revision and we attempt to install the old
version oblivious to that fact.

Neal Gompa suggested that we use the --refresh option on dnf install to
always ensure that the package cache is updated if it is out of date.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>

…rt, network-control (LP: #1679295) and mount-observe (#3715)

* interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT (LP: #1663221)

* QtSystems also needs 'bind' with NETLINK_KOBJECT_UEVENT

* interfaces/browser-support: update sysfs reads for newer browser versions

* interfaces/network-control: rw for ieee80211 advanced wireless (LP: #1679295)

* interfaces/mount-observe: allow read on sysfs entries for block devices

* fix comment in unity7 and x11

* actually provide rw on ieee80211