New bugfix release 2.53.4

New snapd release 2.53.4

See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.

• devicestate: mock devicestate.MockTimeutilIsNTPSynchronized to avoid host env leaking into tests
• timeutil: return NoTimedate1Error if it can't connect to the system bus

And thus ends the terrible reign of snapd 2.53.3 which failed to build in launchpad giving birth to snapd 2.53.4

New bugfix release 2.53.3

New snapd release 2.53.3

See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.

• devicestate: Unregister deletes the device key pair as well
• daemon,tests: support forgetting device serial via API
• configcore: relax validation rules for hostname
• o/devicestate: introduce DeviceManager.Unregister
• packaging/ubuntu, packaging/debian: depend on dbus-session-bus provider
• many: wait for up to 10min for NTP synchronization before autorefresh
• interfaces/interfaces/scsi_generic: add interface for scsi generic devices
• interfaces/microstack-support: set controlsDeviceCgroup to true
• interface/builtin/log_observe: allow to access /dev/kmsg
• daemon: write formdata file parts to snaps dir
• spread: run lxd tests with version from latest/edge
• cmd/libsnap-confine-private: fix snap-device-helper device allow list modification on cgroup v2
• interfaces/builtin/dsp: add proc files for monitoring Ambarella DSP firmware
• interfaces/builtin/dsp: update proc file accordingly

Full Changelog: 2.53.2...2.53.3

New bugfix release 2.53.2

New snapd release 2.53.2

See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.

• interfaces/builtin/block_devices: allow blkid to print block device attributes/run/udev/data/b{major}:{minor}
• cmd/libsnap-confine-private: do not deny all devices when reusing the device cgroup
• interfaces/builtin/time-control: allow pps access
• interfaces/u2f-devices: add Trezor and Trezor v2 keys
• interfaces: timezone-control, add permission for ListTimezones DBus call
• interfaces/apparmor/template.go: allow udevadm from merged usr systems
• interface/modem-manager: allow connecting to the mbim/qmi proxy
• interfaces/network-manager-observe: Update for libnm client library
• cmd/snap-seccomp/syscalls: update syscalls to match libseccomp abad8a8f4
• sandbox/cgroup: freeze and thaw cgroups related to services and scopes only
• o/hookstate: print cohort with snapctl refresh --pending
• cmd/snap-confine: lazy set up of device cgroup, only when devices were assigned
• tests: ensure systemd-timesyncd is installed on debian
• tests/lib/pkgdb: install strace on Debian 11 and Sid
• tests/main/snapd-sigterm: flush, use retry
• tests/main/snapd-sigterm: fix race conditions
• release-tools/repack-debian-tarball.sh: fix c-vendor dir
• data/selinux: allow snap-confine to read udev's database
• interfaces/dsp: add more ambarella things* interfaces/dsp: add more ambarella things

Full Changelog: 2.53.1...2.53.2

New bugfix release 2.53.1

What's Changed

• tests: force snapd-session-agent.socket to be re-generated by @sergiocazzolato in #10556
• tests/main/services-install-hook-can-run-svcs: make variants more obvious by @anonymouse64 in #10558
• tests/many: remove lxd systemd unit to prevent unexpected leftovers by @sergiocazzolato in #10560
• tests: removing Ubuntu 20.10, adding 21.04 nested in spread by @sergiocazzolato in #10555
• snap: change snap login --help to not mention "buy" by @mvo5 in #10533
• packaging: switch ubuntu to use golang-1.13 by @mvo5 in #10440
• config: add "virtual" config via config.RegisterVirtualConfig by @mvo5 in #10264
• o/devicestate, sysconfig: refactor cloud-init config permission handling by @anonymouse64 in #10536
• overlord/devicestate: UC20 specific set-model, managers tests by @bboozzoo in #10510
• github: enable gofmt for Go 1.13 jobs by @bboozzoo in #10569
• interfaces: s/specifc/specific/ by @woodrow-shen in #10566
• cmd/libsnap-confine-private: g_spawn_check_exit_status is deprecated since glib 2.69 by @bboozzoo in #10565
• tests: skip udp protocol on latest ubuntus by @sergiocazzolato in #10564
• cmd/snap-confine: refactor device cgroup handling to enable easier v2 integration by @bboozzoo in #10547
• asserts/snapasserts: CheckPresenceInvalid and CheckPresenceRequired methods by @stolowski in #10535
• snap/squashfs: handle squashfs-tools 4.5+ by @bboozzoo in #10567
• tests/main/snapd-snap: install 4.x snapcraft to build the snapd snap by @anonymouse64 in #10579
• interfaces/builtin: allow access to per-user GTK CSS overrides by @jhenstridge in #10574
• tests: update nested wait for snapd command by @sergiocazzolato in #10582
• o/snapstate: affectedByRefresh tweaks by @stolowski in #10578
• packaging: fix build failure on bionic and simplify rules by @mvo5 in #10568
• interfaces/tee: add support for Qualcomm qseecom device node by @kubiko in #10585
• tests: fix cached-results condition in github actions workflow by @sergiocazzolato in #10587
• cmd/libsnap-confine-private: move device cgroup files, add helper to deny a device by @bboozzoo in #10576
• configcore: register virtual config for timezone reading by @mvo5 in #10562
• o/snapstate: add AffectedByRefreshCandidates helper by @stolowski in #10581
• snap: support links map in snap.yaml (and later from the store API) by @pedronis in #10467
• tests: use bigger storage on ubuntu 21.10 by @sergiocazzolato in #10596
• vendor: move to snapshot-4c814e1 branch and set fixed KDF options by @mvo5 in #10591
• {device,snap}state: skip kernel extraction in seeding by @mvo5 in #10595
• packaging: merge 2.51.4 changelog back to master by @anonymouse64 in #10603
• .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap by @anonymouse64 in #10601
• configcore: fix a bunch of incorrect error returns by @mvo5 in #10600
• tests/nested/manual: enable serial assertions on testkeys nested VM's by @anonymouse64 in #10542
• configcore: fix early config timezone handling by @mvo5 in #10599
• wrappers: measure time to enable services in StartServices() by @mvo5 in #10604
• corecfg: add "system.hostname" setting to the system settings by @mvo5 in #9094
• c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags to snap/snapctl by @MiguelPires in #10593
• sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init datasource by @anonymouse64 in #10572
• tests: fix core-early-config test to use tests.nested tool by @sergiocazzolato in #10612
• o/snapstate: allow auto-refresh limited to snaps affected by a specific gating snap by @stolowski in #10515
• clang-format: stop breaking my includes by @bboozzoo in #10618
• o/assertstate: implement ValidationSetAssertionForEnforce helper by @stolowski in #10563
• o/devicestate/handlers_install.go: add workaround to create dirs for install by @anonymouse64 in #10608
• cmd/libsnap-confine-private: fix coverity issues in tests, tweak uses of g_assert() by @bboozzoo in #10616
• cmd/snap-device-helper: reimplement snap-device-helper by @bboozzoo in #10577
• o/snapstate: remove commented out code by @stolowski in #10627
• interfaces/builtin/raw_usb: fix platform typo, fix access to usb devices accessible through platform by @bboozzoo in #10624
• devicestate: add snap debug timings --ensure=install-system by @mvo5 in #10529
• config: rename "virtual" config to "external" config by @mvo5 in #10597
• build-aux: build with go-1.13 in the snapcraft build too by @mvo5 in #10629
• packaging: changelog for 2.51.5 to master by @anonymouse64 in #10621
• cmd/snap: print logs in local timezone by @MiguelPires in #10625
• cmd/libsnap-confine-private: fix issues identified by coverity by @bboozzoo in #10631
• o/hookstate: allow snapctl refresh --proceed from snaps by @stolowski in #10528
• usersession/agent: refactor common JSON validation into own function by @mardy in #10623
• daemon, o/snapstate: handle IgnoreValidation flag on install (2/3) by @stolowski in #10546
• spread: temporarily fix the ownership of /home/ubuntu/.ssh on 21.10 by @bboozzoo in #10632
• tests: remove the test user just when it was installed on create-user-2 test by @sergiocazzolato in #10637
• secboot: switch main key KDF memory cost to 32KB by @mvo5 in #10645
• secboot: use half the mem for KDF in AddRecoveryKey by @mvo5 in #10619
• packaging: merge 2.51.6 changelog back to master by @anonymouse64 in #10650
• packaging: remove TEST_GITHUB_AUTOPKGTEST support by @mvo5 in #10641
• tests: stop the service when is active in test interfaces-firewall-control test by @sergiocazzolato in #10638
• secboot: remove duplicate import by @xnox in #10654
• .github/workflows: add codedov again by @anonymouse64 in #10648
• tests: update systems for sru validation by @sergiocazzolato in #10635
• tests: fix timing issue on security-dev-input-event-denied test by @sergiocazzolato in #10652
• tests: clean snaps.sh helper by @sergiocazzolato in #10343
• tests: fix services-refresh-mode test by @sergiocazzolato in #10646
• cmd, packaging: import BPF headers from kernel, detect whether host headers are usable by @bboozzoo in #10640
• testutil: add DeepUnsortedMatches Checker by @MiguelPires in #10643
• interfaces/u2f-devices: add Nitrokey FIDO2 by @kkeijzer in #10642
• tests/main/services-install-hook-can-run-svcs: shellcheck issue fix by @bboozzoo in #10663
• github: do not try to upload coverage when working with cached run by @bboozzoo in #10665
• cmd/snap-seccomp/syscalls: update syscalls list to libseccomp v2.2.0-428-g5c22d4b by @bboozzoo in #10667
• i18n/xgettext-go: preserve already escaped quotes by @MiguelPires in #10668
• .github/workflows/test.yaml: test github.events key by @anonymouse64 in #10662
• tests: set to 10 minutes the kill timeout for tests failing on slow boards by @sergiocazzolato in #10664
• gadget: Export mkfs functions for use in ubuntu-image by @GlenPickle in #10592
• cgroup-sup...

New major release 2.53

New major release

New bugfix release 2.52.1

Bugfixes:

• snap-bootstrap: wait in mountNonDataPartitionMatchingKernelDisk for the disk (if not present already)
• many: support an API flag system-restart-immediate to make snap ops proceed immediately with system restarts
• cmd/libsnap-confine-private: g_spawn_check_exit_status is deprecated since glib 2.69
• interfaces/seccomp: add clone3 to default template
• interfaces/apparmor/template.go: allow inspection of dbus mediation level
• interfaces/dsp: add a usb rule to the ambarella flavor
• cmd/snap-confine: update s-c apparmor profile to allow versioned ld.so
• o/ifacestate: don't lose connections if snaps are broken
• interfaces/builtin/opengl.go: add libOpenGL.so* too
• interfaces/hardware-observe: add some dmi properties
• build-aux: stage libgcc1 library into snapd snap
• interfaces/block-devices: support to access the state of block devices
• packaging: ship the snapd.apparmor.service unit in debian

New snapd major release 2.52

New snapd release 2.52

See https://forum.snapcraft.io/t/the-snapd-roadmap/1973 for high-level overview.

• interface/builtin: add qualcomm-ipc-router interface for AF_QIPCRTR socket protocol
• o/ifacestate: special-case system-files and force refreshing its static attributes
• interfaces/network-control: additional ethernet rule
• packaging: update 2.52 changelog with 2.51.7
• interfaces/interfaces/ion-memory-control: add: add interface for ion buf
• packaging: merge 2.51.6 changelog back to 2.52
• secboot: use half the mem for KDF in AddRecoveryKey
• secboot: switch main key KDF memory cost to 32KB
• many: merge release/2.51 change to release/2.52
• .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap
• o/servicestate: use snap app names for ExplicitServices of ServiceAction
• tests/main/services-install-hook-can-run-svcs: add variant w/o --enable
• o/servicestate: revert only start enabled services
• tests: adding Ubuntu 21.10 to spread test suite
• interface/modem-manager: add support for MBIM/QMI proxy clients
• cmd/snap/model: support storage-safety and snaps headers too
• o/assertstate: Implement EnforcedValidationSets helper
• tests: using retry tool for nested tests
• gadget: check for system-save with multi volumes if encrypting correctly
• interfaces: make the service naming entirely internal to systemd BE
• tests/lib/reset.sh: fix removing disabled snaps
• store/store_download.go: use system snap provided xdelta3 priority + fallback
• packaging: merge changelog from 2.51.3 back to master
• overlord: only start enabled services
• interfaces/builtin: add sd-control interface
• tests/nested/cloud-init-{never-used,nocloud}-not-vuln: fix tests, use 2.45
• tests/lib/reset.sh: add workaround from refresh-vs-services tests for all tests
• o/assertstate: check for conflicts when refreshing and committing validation set asserts
• devicestate: add support to save timings from install mode
• tests: new tests.nested commands copy and wait-for
• install: add a bunch of nested timings
• tests: drop any-python wrapper
• store: set ResponseHeaderTimeout on the default transport
• tests: fix test-snapd-user-service-sockets test removing snap
• tests: moving nested_exec to nested.tests exec
• tests: add tests about services vs snapd refreshes
• client, cmd/snap, daemon: refactor REST API for quotas to match CLI org
• c/snap,asserts: create/delete-key external keypair manager interaction
• tests: revert disable of the delta download tests
• tests/main/system-usernames-microk8s: disable on centos 7 too
• boot: support device change
• o/snapstate: remove unused refreshSchedule argument for isRefreshHeld helper
• daemon/api_quotas.go: handle conflicts, returning conflict response
• tests: test for gate-auto-refresh hook error resulting in hold
• release: 2.51.2
• snapstate/check_snap: add snap_microk8s to shared system- usernames
• snapstate: remove temporary snap file for local revisions early
• interface: allows reading sd cards internal info from block-devices interface
• tests: Renaming tool nested-state to tests.nested
• testutil: fix typo in json checker unit tests
• tests: ack assertions by default, add --noack option
• overlord/devicestate: try to pick alternative recovery labels during remodel
• bootloader/assets: update recovery grub to allow system labels generated by snapd
• tests: print serial log just once for nested tests
• tests: remove xenial 32 bits
• sandbox/cgroup: do not be so eager to fail when paths do not exist
• tests: run spread tests in ubuntu bionic 32bits
• c/snap,asserts: start supporting ExternalKeypairManager in the snap key-related commands
• tests: refresh control spread test
• cmd/libsnap-confine-private: do not fail on ENOENT, better getline error handling
• tests: disable delta download tests for now until the store is fixed
• tests/nested/manual/preseed: fix for cloud images that ship without core18
• boot: properly handle tried system model
• tests/lib/store.sh: revert #10470
• boot, seed/seedtest: tweak test helpers
• o/servicestate: TODO and fix preexisting typo
• o/servicestate: detect conflicts for quota group operations
• cmd/snap/quotas: adjust help texts for quota commands
• many/quotas: little adjustments
• tests: add spread test for classic snaps content slots
• o/snapstate: fix check-rerefresh task summary when refresh control is used
• many: use changes + tasks for quota group operations
• tests: fix test snap-quota-groups when checking file cgroupProcsFile
• asserts: introduce ExternalKeypairManager
• o/ifacestate: do not visit same halt tasks in waitChainSearch to avoid cycles
• tests/lib/store.sh: fix make_snap_installable_with_id()
• overlord/devicestate, overlord/assertstate: use a temporary DB when creating recovery systems
• corecfg: allow using # snapd-edit: no header to disable pi-config# snapd-edit: no
• tests/main/interfaces-ssh-keys: tweak checks for openSUSE Tumbleweed
• cmd/snap: prevent cycles in waitChainSearch with snap debug state
• o/snapstate: fix populating of affectedSnapInfo.AffectingSnaps for marking self as affecting
• tests: new parameter used by retry tool to set env vars
• tests: support parameters for match-log on journal-state tool
• configcore: ignore system.pi-config.* setting on measured kernels
• sandbox/cgroup: support freezing groups with unified hierarchy
• tests: fix preseed test to used core20 snap on latest systems
• testutil: introduce a checker which compares the type after having passed them through a JSON marshaller
• store: tweak error message when store.Sections() download fails
• o/servicestate: stop setting DoneStatus prematurely for quota-control
• cmd/libsnap-confine-private: bump max depth of groups hierarchy to 32
• many: turn Contact into an accessor
• store: make the log with download size a debug one
• cmd/snap-update-ns: Revert "cmd/snap-update-ns: add SRCDIR to include search path"
• o/devicestate: move SystemMode method before first usage
• tests: skip tests when the sections cannot be retrieved
• boot: support resealing with a try model
• o/hookstate: dedicated handler for gate-auto-refresh hook
• tests: make sure the /root/snap dir is backed up on test snap-user-dir-perms-fixed
• cmd/snap-confine: make mount ns use check cgroup v2 compatible
• snap: fix TestInstallNoPATH unit test failure when SUDO_UID is set
• cmd/libsnap-confine-private/cgroup-support.c: Fix typo
• cmd/snap-confine, cmd/snapd-generator: fix issues identified by sparse
• o/snapstate: make conditional-auto-refresh conflict with other tasks via affected snaps
• many: pass device/model info to configcore via sysconfig.Device interface
• o/hookstate: return bool flag from Error function of hook handler to ignore hook errors
• cmd/snap-update-ns: add SRCDIR to include search path
• tests: fix for tests/main/lxd-mount-units test and enable ubuntu-21.04
• overlord, o/devicestate: use a single test helper for resetting to a post boot state
• HACKING.md: update instructions for go1.16+
• tests: fix restore for security-dev-input-event-denied test
• o/servicestate: move SetStatus to doQuotaControl
• tests: fix classic-prepare-image test
• o/snapstate: prune gating information and refresh-candidates on snap removal
• o/svcstate/svcstatetest, daemon/api_quotas: fix some tests, add mock helper
• cmd: a bunch of tweaks and updates
• o/servicestate: refactor meter handling, eliminate some common parameters
• o/hookstate/ctlcmd: allow snapctl refresh --pending --proceed syntax.
• o/snapstate: prune refresh candidates in check-rerefresh
• osutil: pass --extrausers option to groupdel
• o/snapstate: remove refreshed snap from snaps-hold in snapstate.doInstall
• tests/nested: add spread test for uc20 cloud.conf from gadgets
• boot: drop model from resealing and boostate
• o/servicestate, snap/quota: eliminate workaround for buggy systemds, add spread test
• o/servicestate: introduce internal and servicestatetest
• o/servicestate/quota_control.go: enforce minimum of 4K for quota groups
• overlord/servicestate: avoid unnecessary computation of disabled services
• o/hookstate/ctlcmd: do not call ProceedWithRefresh immediately from snapctl
• o/snapstate: prune hold state during autoRefreshPhase1
• wrappers/services.go: do not restart disabled or inactive services
• sysconfig/cloudinit.go: allow installing both gadget + ubuntu-seed config
• spread: switch LXD back to latest/candidate channel
• interfaces/opengl: add support for Imagination PowerVR
• boot: decouple model from seal/reseal handling via an auxiliary type
• spread, tests/main/lxd: no longer manual, switch to latest/stable
• github: try out golangci-lint
• tests: set lxd test to manual until failures are fixed
• tests: connect 30% of the interfaces on test interfaces-many-core-provided
• packaging/debian-sid: update snap-seccomp patches for latest master
• many: fix imports order (according to gci)
• o/snapstate: consider held snaps in autoRefreshPhase2
• o/snapstate: unlock the state before calling backend in undoStartSnapServices
• tests: replace "not MATCH" by NOMATCH in tests
• README.md: refer to new IRC server
• cmd/snap-preseed: provide more error info if snap-preseed fails early on mount
• daemon: add a Daemon argument to AccessChecker.CheckAccess
• c/snap-bootstrap: add bind option with tests
• interfaces/builtin/netlink_driver_test.go: add test snippet
• overlord/devicestate: set up recovery system tasks when attempting a remodel
• osutil,strutil,testutil: fix imports order (according to gci)
• release: merge 2.51.1 changelog
• cmd: fix imports order (according to gci)
• tests/lib/snaps/test-snapd-policy-app-consumer: remove dsp-control interface
• o/servicestate: move handlers tests to quota_handlers_test.go file instead
• interfaces: add netlink-driver interface
• interfaces: remove leftover debug print
• systemd: ref...

New bugfix release 2.51.7

New bugfix release 2.51.7

• cmd/snap-seccomp/syscalls: update syscalls list to libseccomp v2.2.0-428-g5c22d4b1
• tests: cherry-pick shellcheck fix bd730fd4
• interfaces/dsp: add /dev/ambad into dsp interface
• many: shellcheck fixes
• snapstate: abort kernel refresh if no gadget update can be found
• overlord: add manager test for "assumes" checking
• store: deal correctly with "assumes" from the store raw yaml

New bugfix release 2.51.6

New bugfix release 2.51.6

- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB

New bugfix release 2.51.5

New bugfix release 2.51.5

- snap/squashfs: handle squashfs-tools 4.5+
- tests/core20-install-device-file-install-via-hook-hack: adjust test for 2.51
- o/devicestate/handlers_install.go: add workaround to create dirs for install
- tests: fix linter warning
- tests: update other spread tests for new behaviour
- tests: ack assertions by default, add --noack option
- release-tools/changelog.py: also fix opensuse changelog date format
- release-tools/changelog.py: fix typo in function name
- release-tools/changelog.py: fix fedora date format
- release-tools/changelog.py: handle case where we don't have a TZ
- release-tools/changelog.py: fix line length check
- release-tools/changelog.py: specify the LP bug for the release as an arg too
- interface/modem-manager: add support for MBIM/QMI proxy clients
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap