diff --git a/.gitignore b/.gitignore index 6d215bd..981b550 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ -/snapd_2.67.no-vendor.tar.xz -/snapd_2.67.only-vendor.tar.xz +/snapd_2.71.no-vendor.tar.xz +/snapd_2.71.only-vendor.tar.xz +/snapd_2.72.no-vendor.tar.xz +/snapd_2.72.only-vendor.tar.xz diff --git a/snapd.spec b/snapd.spec index 5f43183..073ba90 100644 --- a/snapd.spec +++ b/snapd.spec @@ -52,27 +52,32 @@ %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider_prefix} -%global snappy_svcs snapd.service snapd.socket snapd.autoimport.service snapd.seeded.service snapd.mounts.target snapd.mounts-pre.target +%global snappy_svcs snapd.service snapd.socket snapd.seeded.service snapd.apparmor.service snapd.mounts.target snapd.mounts-pre.target %global snappy_user_svcs snapd.session-agent.service snapd.session-agent.socket +# Note that packaging for Fedora does omit cap_setgid and cap_setuid that are +# only required to use snapd in user namespaces when the host system uses +# cgroup-v1 hierarchy. Since no actively supported Fedora release uses cgroup +# v1, those capabilities are omitted. +%global snap_confine_caps cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin=p # Until we have a way to add more extldflags to gobuild macro... # Always use external linking when building static binaries. %if 0%{?fedora} || 0%{?rhel} >= 8 -%define gobuild_static(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags -static'" -a -v -x %{?**}; +%define gobuild_static(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags -static'" -a -v %{?**}; %endif %if 0%{?rhel} == 7 # no pass PIE flags due to https://bugzilla.redhat.com/show_bug.cgi?id=1634486 -%define gobuild_static(o:) go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags -static'" -a -v -x %{?**}; +%define gobuild_static(o:) go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags -static'" -a -v %{?**}; %endif # These macros are missing BUILDTAGS in RHEL 8/9, see RHBZ#1825138 %if 0%{?rhel} >= 8 -%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags'" -a -v -x %{?**}; +%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags'" -a -v %{?**}; %endif # These macros are not defined in RHEL 7 %if 0%{?rhel} == 7 -%define gobuild(o:) go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags'" -a -v -x %{?**}; +%define gobuild(o:) go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags'" -a -v %{?**}; %define gotest() go test -compiler gc %{?**}; %endif @@ -83,8 +88,8 @@ %{!?_tmpfilesdir: %global _tmpfilesdir %{_prefix}/lib/tmpfiles.d} Name: snapd -Version: 2.67 -Release: 0%{?dist} +Version: 2.72 +Release: 1%{?dist} Summary: A transactional software package manager License: GPL-3.0-only URL: https://%{provider_prefix} @@ -135,8 +140,8 @@ Provides: %{name}-login-service%{?_isa} = 1.33 BuildRequires: golang(go.etcd.io/bbolt) BuildRequires: golang(github.com/bmatcuk/doublestar/v4) BuildRequires: golang(github.com/coreos/go-systemd/activation) -BuildRequires: golang(github.com/godbus/dbus) -BuildRequires: golang(github.com/godbus/dbus/introspect) +BuildRequires: golang(github.com/godbus/dbus/v5) +BuildRequires: golang(github.com/godbus/dbus/v5/introspect) BuildRequires: golang(github.com/gorilla/mux) BuildRequires: golang(github.com/jessevdk/go-flags) BuildRequires: golang(github.com/juju/ratelimit) @@ -159,6 +164,7 @@ BuildRequires: golang(gopkg.in/tomb.v2) BuildRequires: golang(gopkg.in/yaml.v2) BuildRequires: golang(gopkg.in/yaml.v3) %endif +BuildRequires: go-rpm-macros %description Snappy is a modern, cross-distribution, transactional package manager @@ -226,19 +232,21 @@ BuildArch: noarch %endif %if ! 0%{?with_bundled} -Requires: golang(go.etcd.io/bbolt) Requires: golang(github.com/bmatcuk/doublestar/v4) Requires: golang(github.com/coreos/go-systemd/activation) -Requires: golang(github.com/godbus/dbus) -Requires: golang(github.com/godbus/dbus/introspect) +Requires: golang(github.com/godbus/dbus/v5) +Requires: golang(github.com/godbus/dbus/v5/introspect) Requires: golang(github.com/gorilla/mux) Requires: golang(github.com/jessevdk/go-flags) Requires: golang(github.com/juju/ratelimit) Requires: golang(github.com/kr/pretty) Requires: golang(github.com/kr/text) +Requires: golang(github.com/mattn/go-runewidth) Requires: golang(github.com/mvo5/goconfigparser) +Requires: golang(github.com/rivo/uniseg) Requires: golang(github.com/seccomp/libseccomp-golang) Requires: golang(github.com/snapcore/go-gettext) +Requires: golang(go.etcd.io/bbolt) Requires: golang(golang.org/x/crypto/openpgp/armor) Requires: golang(golang.org/x/crypto/openpgp/packet) Requires: golang(golang.org/x/crypto/sha3) @@ -255,20 +263,21 @@ Requires: golang(gopkg.in/yaml.v3) %else # These Provides are unversioned because the sources in # the bundled tarball are unversioned (they go by git commit) -# *sigh*... I hate golang... -Provides: bundled(golang(go.etcd.io/bbolt)) Provides: bundled(golang(github.com/bmatcuk/doublestar/v4)) Provides: bundled(golang(github.com/coreos/go-systemd/activation)) -Provides: bundled(golang(github.com/godbus/dbus)) -Provides: bundled(golang(github.com/godbus/dbus/introspect)) +Provides: bundled(golang(github.com/godbus/dbus/v5)) +Provides: bundled(golang(github.com/godbus/dbus/v5/introspect)) Provides: bundled(golang(github.com/gorilla/mux)) Provides: bundled(golang(github.com/jessevdk/go-flags)) Provides: bundled(golang(github.com/juju/ratelimit)) Provides: bundled(golang(github.com/kr/pretty)) Provides: bundled(golang(github.com/kr/text)) +Provides: bundled(golang(github.com/mattn/go-runewidth)) Provides: bundled(golang(github.com/mvo5/goconfigparser)) +Provides: bundled(golang(github.com/rivo/uniseg)) Provides: bundled(golang(github.com/seccomp/libseccomp-golang)) Provides: bundled(golang(github.com/snapcore/go-gettext)) +Provides: bundled(golang(go.etcd.io/bbolt)) Provides: bundled(golang(golang.org/x/crypto/openpgp/armor)) Provides: bundled(golang(golang.org/x/crypto/openpgp/packet)) Provides: bundled(golang(golang.org/x/crypto/sha3)) @@ -476,7 +485,7 @@ providing packages with %{import_path} prefix. %if ! 0%{?with_bundled} %setup -q # Ensure there's no bundled stuff accidentally leaking in... -rm -rf vendor/* +rm -rf vendor c-vendor %else # Extract each tarball properly %setup -q -D -b 1 @@ -500,47 +509,95 @@ export GOPATH=$(pwd):%{gopath} # FIXME: move spec file really to a go.mod world instead of this hack rm -f go.mod export GO111MODULE=off +# Ensure we do not pass -mod=foo argument to go, as we disable modules and go +# does not allow us to do both. +sed -e 's/-mod=readonly//g' -e 's/-mod=vendor//g' packaging/snapd2.mk # Generate version files -./mkversion.sh "%{version}-%{release}" +cat <snapdtool/version_generated.go +package snapdtool -# see https://github.com/gofed/go-macros/blob/master/rpm/macros.d/macros.go-compilers-golang -BUILDTAGS= -%if 0%{?with_test_keys} -BUILDTAGS="withtestkeys nosecboot" -%else -BUILDTAGS="nosecboot" -%endif +func init() { + Version = "%{version}-%{release}" +} +EOF + +cat <cmd/VERSION +%{version}-%{release} +EOF + +cat <data/info +VERSION=%{version}-%{release} +SNAPD_APPARMOR_REEXEC=0 +SNAPD_ASSERTS_FORMATS='{"account-key":1,"snap-declaration":6,"system-user":2}' +EOF %if ! 0%{?with_bundled} # We don't need the snapcore fork for bolt - it is just a fix on ppc sed -e "s:github.com/snapcore/bolt:github.com/boltdb/bolt:g" -i advisor/*.go %endif -# We have to build snapd first to prevent the build from -# building various things from the tree without additional -# set tags. -%gobuild -o bin/snapd $GOFLAGS %{import_path}/cmd/snapd -BUILDTAGS="${BUILDTAGS} nomanagers" -%gobuild -o bin/snap $GOFLAGS %{import_path}/cmd/snap -%gobuild -o bin/snap-failure $GOFLAGS %{import_path}/cmd/snap-failure - -# To ensure things work correctly with base snaps, -# snap-exec, snap-update-ns, and snapctl need to be built statically -( %if 0%{?rhel} >= 7 # since RH Developer tools 2018.4 (and later releases), # the go-toolset module is built with FIPS compliance that # defaults to using libcrypto.so which gets loaded at runtime via dlopen(), # disable that functionality for statically built binaries - BUILDTAGS="${BUILDTAGS} no_openssl" + EXTRA_TAGS="${EXTRA_TAGS} no_openssl" %endif - %gobuild_static -o bin/snap-exec $GOFLAGS %{import_path}/cmd/snap-exec - %gobuild_static -o bin/snap-update-ns $GOFLAGS %{import_path}/cmd/snap-update-ns - %gobuild_static -o bin/snapctl $GOFLAGS %{import_path}/cmd/snapctl -) -%gobuild -o bin/snap-seccomp $GOFLAGS %{import_path}/cmd/snap-seccomp +# Generate snapd.defines.mk, this file is included by snapd.mk. It contains a +# number of variable definitions that are set based on their RPM equivalents. +# Since we can apply any conditional overrides here in the spec file we can +# maintain one consistent set of variables across the spec and makefile worlds. +cat >snapd.defines.mk <<__DEFINES__ +# This file is generated by Fedora's snapd.spec +# Directory variables. +prefix = %{_prefix} +bindir = %{_bindir} +sbindir = %{_sbindir} +libexecdir = %{_libexecdir} +mandir = %{_mandir} +datadir = %{_datadir} +localstatedir = %{_localstatedir} +sharedstatedir = %{_sharedstatedir} +unitdir = %{_unitdir} +builddir = %{_builddir} +# Build configuration +with_core_bits = 0 +with_alt_snap_mount_dir = 1 +with_apparmor = 1 +with_testkeys = %{with_test_keys} +with_vendor = %{with_bundled} +# follow what %%gobuild does +EXTRA_GO_BUILD_FLAGS = -v -x -compiler gc +EXTRA_GO_LDFLAGS = -linkmode external -extldflags '%__global_ldflags' +EXTRA_GO_STATIC_LDFLAGS = -linkmode external -extldflags '%__global_ldflags -static' +EXTRA_GO_BUILD_TAGS = rpm_crashtraceback $EXTRA_TAGS +__DEFINES__ + +# Generate version files + +cat <snapdtool/version_generated.go +package snapdtool + +// generated by snapd.spec; do not edit + +func init() { + Version = "%{version}-%{release}" +} +EOF + +cat <cmd/VERSION +%{version}-%{release} +EOF + +# FIXME: We paste a fixed string but we should run some go code to generate the +# real value. We don't want to do that as that code needs to use host's +# libraries without talking to the proxy. +cat <data/info +SNAPD_APPARMOR_REEXEC=0 +SNAPD_ASSERTS_FORMATS='{"account-key":1,"snap-declaration":6,"system-user":2}' +EOF ( %if 0%{?rhel} == 7 @@ -561,7 +618,6 @@ BUILDTAGS="${BUILDTAGS} nomanagers" # Build snap-confine pushd ./cmd autoreconf --force --install --verbose -# FIXME: add --enable-caps-over-setuid as soon as possible (setuid discouraged!) %configure \ --disable-apparmor \ --enable-selinux \ @@ -577,6 +633,11 @@ autoreconf --force --install --verbose %make_build %{!?with_valgrind:HAVE_VALGRIND=} popd +# Build snap, snapd and other tools +%make_build -f packaging/snapd2.mk \ + SNAPD_DEFINES_DIR=$PWD \ + all + # Build systemd units, dbus services, and env files pushd ./data make BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" DATADIR="%{_datadir}" \ @@ -621,24 +682,10 @@ install -d -p %{buildroot}%{_datadir}/polkit-1/actions install -d -p %{buildroot}%{_datadir}/selinux/devel/include/contrib install -d -p %{buildroot}%{_datadir}/selinux/packages -# Install snap and snapd -install -p -m 0755 bin/snap %{buildroot}%{_bindir} -install -p -m 0755 bin/snap-exec %{buildroot}%{_libexecdir}/snapd -install -p -m 0755 bin/snap-failure %{buildroot}%{_libexecdir}/snapd -install -p -m 0755 bin/snapd %{buildroot}%{_libexecdir}/snapd -install -p -m 0755 bin/snap-update-ns %{buildroot}%{_libexecdir}/snapd -install -p -m 0755 bin/snap-seccomp %{buildroot}%{_libexecdir}/snapd -# Ensure /usr/bin/snapctl is a symlink to /usr/libexec/snapd/snapctl -install -p -m 0755 bin/snapctl %{buildroot}%{_libexecdir}/snapd/snapctl -ln -sf %{_libexecdir}/snapd/snapctl %{buildroot}%{_bindir}/snapctl - # Install SELinux module install -p -m 0644 data/selinux/snappy.if %{buildroot}%{_datadir}/selinux/devel/include/contrib install -p -m 0644 data/selinux/snappy.pp.bz2 %{buildroot}%{_datadir}/selinux/packages -# Install snap(8) man page -bin/snap help --man > %{buildroot}%{_mandir}/man8/snap.8 - # Install the "info" data file with snapd version install -m 644 -D data/info %{buildroot}%{_libexecdir}/snapd/info @@ -668,6 +715,12 @@ pushd ./data SNAPD_ENVIRONMENT_FILE="%{_sysconfdir}/sysconfig/snapd" popd +# Install snap, snapd and tools +# auto-remove unnecessary files and service units +%make_install -f packaging/snapd2.mk \ + SNAPD_DEFINES_DIR=$PWD \ + install + %if 0%{?rhel} == 7 # Install kernel tweaks # See: https://access.redhat.com/articles/3128691 @@ -675,21 +728,19 @@ install -m 644 -D data/sysctl/rhel7-snap.conf %{buildroot}%{_sysctldir}/99-snap. %endif # Remove snappy core specific units -rm -fv %{buildroot}%{_unitdir}/snapd.system-shutdown.service -rm -fv %{buildroot}%{_unitdir}/snapd.snap-repair.* -rm -fv %{buildroot}%{_unitdir}/snapd.core-fixup.* -rm -fv %{buildroot}%{_unitdir}/snapd.recovery-chooser-trigger.service +rm -fv %{buildroot}%{_unitdir}/snapd.failure.service -# Remove snappy core specific scripts and binaries -rm %{buildroot}%{_libexecdir}/snapd/snapd.core-fixup.sh -rm %{buildroot}%{_libexecdir}/snapd/system-shutdown - -# Remove snapd apparmor service -rm -f %{buildroot}%{_unitdir}/snapd.apparmor.service -rm -f %{buildroot}%{_libexecdir}/snapd/snapd-apparmor +# Remove gpio-chardev ordering target +rm -f %{buildroot}%{_unitdir}/snapd.gpio-chardev-setup.target # Disable re-exec by default -echo 'SNAP_REEXEC=0' > %{buildroot}%{_sysconfdir}/sysconfig/snapd +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig +cat <<'EOF' > %{buildroot}%{_sysconfdir}/sysconfig/snapd +# Snapd daemon can reexec into the binary from the snapd snap, if +# it is newer than the version installed through distro packaging. +# Set to 1 to enable reexec. The default is 0. +#SNAP_REEXEC=0 +EOF # Create state.json and the README file to be ghosted touch %{buildroot}%{_sharedstatedir}/snapd/state.json @@ -731,25 +782,20 @@ sort -u -o devel.file-list devel.file-list %check for binary in snap-exec snap-update-ns snapctl; do - ldd bin/$binary 2>&1 | grep 'not a dynamic executable' + ldd %{_builddir}/$binary 2>&1 | grep 'not a dynamic executable' done # snapd tests %if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel} -%if ! 0%{?with_bundled} -export GOPATH=%{buildroot}/%{gopath}:%{gopath} -%else -export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath} -%endif -# FIXME: we are in the go.mod world now but without this things fall apart -export GO111MODULE=off -%gotest %{import_path}/... +%make_build -f packaging/snapd2.mk \ + SNAPD_DEFINES_DIR=$PWD \ + check %endif # snap-confine tests (these always run!) -pushd ./cmd -make check -popd +make -C cmd -k check +# and data files +make -C data -k check %files #define license tag if not already defined @@ -766,9 +812,9 @@ popd %{_libexecdir}/snapd/snapctl %{_libexecdir}/snapd/snapd %{_libexecdir}/snapd/snap-exec -%{_libexecdir}/snapd/snap-failure %{_libexecdir}/snapd/info %{_libexecdir}/snapd/snap-mgmt +%{_libexecdir}/snapd/snapd-apparmor %{_libexecdir}/snapd/snap-mgmt-selinux %{_mandir}/man8/snap.8* %{_datadir}/applications/snap-handle-link.desktop @@ -782,9 +828,8 @@ popd %{_systemd_system_env_generator_dir}/snapd-env-generator %{_unitdir}/snapd.socket %{_unitdir}/snapd.service -%{_unitdir}/snapd.autoimport.service -%{_unitdir}/snapd.failure.service %{_unitdir}/snapd.seeded.service +%{_unitdir}/snapd.apparmor.service %{_unitdir}/snapd.mounts.target %{_unitdir}/snapd.mounts-pre.target %{_userunitdir}/snapd.session-agent.service @@ -821,13 +866,19 @@ popd %dir %{_sharedstatedir}/snapd/mount %dir %{_sharedstatedir}/snapd/seccomp %dir %{_sharedstatedir}/snapd/seccomp/bpf +%ghost %{_sharedstatedir}/snapd/seccomp/bpf/global.bin %dir %{_sharedstatedir}/snapd/snaps %dir %{_sharedstatedir}/snapd/snap %ghost %dir %{_sharedstatedir}/snapd/snap/bin -%dir %{_localstatedir}/cache/snapd -%dir %{_localstatedir}/snap %ghost %{_sharedstatedir}/snapd/state.json +%ghost %{_sharedstatedir}/snapd/system-key +%ghost %{_sharedstatedir}/snapd/snap/bin %ghost %{_sharedstatedir}/snapd/snap/README +%dir %{_localstatedir}/cache/snapd +%ghost %{_localstatedir}/cache/snapd/commands +%ghost %{_localstatedir}/cache/snapd/names +%ghost %{_localstatedir}/cache/snapd/sections +%dir %{_localstatedir}/snap # this is typically owned by zsh, but we do not want to explicitly require zsh %dir %{_datadir}/zsh %dir %{_datadir}/zsh/site-functions @@ -838,9 +889,9 @@ popd %doc cmd/snap-confine/PORTING %license COPYING %dir %{_libexecdir}/snapd -# For now, we can't use caps -# FIXME: Switch to "%%attr(0755,root,root) %%caps(cap_sys_admin=pe)" asap! -%attr(4755,root,root) %{_libexecdir}/snapd/snap-confine +%caps(%{snap_confine_caps}) %{_libexecdir}/snapd/snap-confine +%{_libexecdir}/snapd/snap-confine.caps +%{_libexecdir}/snapd/snap-confine.v2-only.caps %{_libexecdir}/snapd/snap-device-helper %{_libexecdir}/snapd/snap-discard-ns %{_libexecdir}/snapd/snap-gdb-shim @@ -940,6 +991,554 @@ if [ $1 -eq 0 ]; then fi %changelog +* Thu Nov 13 2025 Ernest Lotter +- New upstream release 2.72 + - FDE: support replacing TPM protected keys at runtime via the + /v2/system-volumes endpoint + - FDE: support secboot preinstall check fix actions for 25.10+ + hybrid installs via the /v2/system/{label} endpoint + - FDE: tweak polkit message to remove jargon + - FDE: ensure proper sealing with kernel command line defaults + - FDE: provide generic reseal function + - FDE: support using OPTEE for protecting keys, as an alternative to + existing fde-setup hooks (Ubuntu Core only) + - Confdb: 'snapctl get --view' supports passing default values + - Confdb: content sub-rules in confdb-schemas inherit their parent + rule's "access" + - Confdb: make confdb error kinds used in API more generic + - Confdb: fully support lists and indexed paths (including unset) + - Prompting: add notice backend for prompting types (unused for now) + - Prompting: include request cgroup in prompt + - Prompting: handle unsupported xattrs + - Prompting: add permission mapping for the camera interface + - Notices: read notices from state without state lock + - Notices: add methods to get notice fields and create, reoccur, and + deepcopy notice + - Notices: add notice manager to coordinate separate notice backends + - Notices: support draining notices from state when notice backend + registered as producer of a particular notice type + - Notices: query notice manager from daemon instead of querying + state for notices directly + - Packaging: Ubuntu | ignore .git directory + - Packaging: FIPS | bump deb Go FIPS to 1.23 + - Packaging: snap | bump FIPS toolchain to 1.23 + - Packaging: debian | sync most upstream changes + - Packaging: debian-sid | depends on libcap2-bin for postint + - Packaging: Fedora | drop fakeroot + - Packaging: snap | modify snapd.mk to pass build tags when running + unit tests + - Packaging: snap | modify snapd.mk to pass nooptee build tag + - Packaging: modify Makefile.am to fix snap-confine install profile + with 'make hack' + - Packaging: modify Makefile.am to fix out-of-tree use of 'make + hack' + - LP: #2122054 Snap installation: skip snap icon download when + running in a cloud or using a proxy store + - Snap installation: add timeout to http client when downloading + snap icon + - Snap installation: use http(s) proxy for icon downloads + - LP: #2117558 snap-confine: fix error message with /root/snap not + accessible + - snap-confine: fix non-suid limitation by switching to root:root to + operate v1 freezer + - core-initrd: do not use writable-paths when not available + - core-initrd: remove debian folder + - LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev + interface now with the more robust gpio-aggregator configfs kernel + interface + - Interfaces: gpio-chardev | exclusive snap connections, raise a + conflict when both gpio-chardev and gpio are connected + - Interfaces: gpio-chardev | fix gpio-aggregator module load order + - Interfaces: ros-snapd-support | grant access to /v2/changes + - Interfaces: uda-driver-libs, egl-driver-libs, gbm-driver-libs, + opengl-driver-libs, opengles-driver-libs | new interfaces to + support nvidia driver components + - Interfaces: microstack-support | allow DPDK (hugepage related + permissions) + - Interfaces: system-observe | allow reading additional files in + /proc, needed by node-exporter + - Interfaces: u2f | add Cano Key, Thesis FIDO2 BioFP+ Security Key + and Kensington VeriMark DT Fingerprint Key to device list + - Interfaces: snap-interfaces-requests-control | allow shell API + control + - Interfaces: fwupd | allow access to Intel CVS sysfs + - Interfaces: hardware-observe | allow read access to Kernel + Samepage Merging (KSM) + - Interfaces: xilinx-dma | support Multi Queue DMA (QDMA) IP + - Interfaces: spi | relax sysfs permission rules to allow access to + SPI device node attributes + - Interfaces: content | introduce compatibility label + - LP: #2121238 Interfaces: do not expose Kerberos tickets for + classic snaps + - Interfaces: ssh-public-keys | allow ro access to public host keys + with ssh-key + - Interfaces: Modify AppArmor template to allow listing systemd + credentials and invoking systemd-creds + - Interfaces: modify AppArmor template with workarounds for Go 1.35 + cgroup aware GOMAXPROCS + - Interfaces: modify seccomp template to allow landlock_* + - Prevent snap hooks from running while relevant snaps are unlinked + - Make refreshes wait before unlinking snaps if running hooks can be + affected + - Fix systemd unit generation by moving "WantedBy=" from section + "unit" to "install" + - Add opt-in logging support for snap-update-ns + - Unhide 'snap help' sign and export-key under Development category + - LP: #2117121 Cleanly support socket activation for classic snap + - Add architecture to 'snap version' output + - Add 'snap debug api' option to disable authentication through + auth.json + - Show grade in notes for 'snap info --verbose' + - Fix preseeding failure due to scan-disk issue on RPi + - Support 'snap debug api' queries to user session agents + - LP: #2112626 Improve progress reporting for snap install/refresh + - Drop legacy BAMF_DESKTOP_FILE_HINT in desktop files + - Fix /v2/apps error for root user when user services are present + - LP: #2114704 Extend output to indicate when snap data snapshot was + created during remove + - Improve how we handle emmc volumes + - Improve handling of system-user extra assertions + +* Fri Oct 10 2025 Alejandro Sáez - 2.71-1 +- rebuild + +* Fri Aug 22 2025 Ernest Lotter +- New upstream release 2.71 + - FDE: auto-repair when recovery key is used + - FDE: revoke keys on shim update + - FDE: revoke old TPM keys when dbx has been updated + - FDE: do not reseal FDE hook keys every time + - FDE: store keys in the kernel keyring when installing from initrd + - FDE: allow disabled DMA on Core + - FDE: snap-bootstrap: do not check for partition in scan-disk on + CVM + - FDE: support secboot preinstall check for 25.10+ hybrid installs + via the /v2/system/{label} endpoint + - FDE: support generating recovery key at install time via the + /v2/systems/{label} endpoint + - FDE: update passphrase quality check at install time via the + /v2/systems/{label} endpoint + - FDE: support replacing recovery key at runtime via the new + /v2/system-volumes endpoint + - FDE: support checking recovery keys at runtime via the /v2/system- + volumes endpoint + - FDE: support enumerating keyslots at runtime via the /v2/system- + volumes endpoint + - FDE: support changing passphrase at runtime via the /v2/system- + volumes endpoint + - FDE: support passphrase quality check at runtime via the + /v2/system-volumes endpoint + - FDE: update secboot to revision 3e181c8edf0f + - Confdb: support lists and indexed paths on read and write + - Confdb: alias references must be wrapped in brackets + - Confdb: support indexed paths in confdb-schema assertion + - Confdb: make API errors consistent with options + - Confdb: fetch confdb-schema assertion on access + - Confdb: prevent --previous from being used in read-side hooks + - Components: fix snap command with multiple components + - Components: set revision of seed components to x1 + - Components: unmount extra kernel-modules components mounts + - AppArmor Prompting: add lifespan "session" for prompting rules + - AppArmor Prompting: support restoring prompts after snapd restart + - AppArmor Prompting: limit the extra information included in probed + AppArmor features and system key + - Notices: refactor notice state internals + - SELinux: look for restorecon/matchpathcon at all known locations + rather than current PATH + - SELinux: update policy to allow watching cgroups (for RAA), and + talking to user session agents (service mgmt/refresh) + - Refresh App Awareness: Fix unexpected inotify file descriptor + cleanup + - snap-confine: workaround for glibc fchmodat() fallback and handle + ENOSYS + - snap-confine: add support for host policy for limiting users able + to run snaps + - LP: #2114923 Reject system key mismatch advise when not yet seeded + - Use separate lanes for essential and non-essential snaps during + seeding and allow non-essential installs to retry + - Fix bug preventing remodel from core18 to core18 when snapd snap + is unchanged + - LP: #2112551 Make removal of last active revision of a snap equal + to snap remove + - LP: #2114779 Allow non-gpt in fallback mode to support RPi + - Switch from using systemd LogNamespace to manually controlled + journal quotas + - Change snap command trace logging to only log the command names + - Grant desktop-launch access to /v2/snaps + - Update code for creating the snap journal stream + - Switch from using core to snapd snap for snap debug connectivity + - LP: #2112544 Fix offline remodel case where we switched to a + channel without an actual refresh + - LP: #2112332 Exclude snap/snapd/preseeding when generating preseed + tarball + - LP: #1952500 Fix snap command progress reporting + - LP: #1849346 Interfaces: kerberos-tickets | add new interface + - Interfaces: u2f | add support for Thetis Pro + - Interfaces: u2f | add OneSpan device and fix older device + - Interfaces: pipewire, audio-playback | support pipewire as system + daemon + - Interfaces: gpg-keys | allow access to GPG agent sockets + - Interfaces: usb-gadget | add new interface + - Interfaces: snap-fde-control, firmware-updater-support | add new + interfaces to support FDE + - Interfaces: timezone-control | extend to support timedatectl + varlink + - Interfaces: cpu-control | fix rules for accessing IRQ sysfs and + procfs directories + - Interfaces: microstack-support | allow SR-IOV attachments + - Interfaces: modify AppArmor template to allow snaps to read their + own systemd credentials + - Interfaces: posix-mq | allow stat on /dev/mqueue + - LP: #2098780 Interfaces: log-observe | add capability + dac_read_search + - Interfaces: block-devices | allow access to ZFS pools and datasets + - LP: #2033883 Interfaces: block-devices | opt-in access to + individual partitions + - Interfaces: accel | add new interface to support accel kernel + subsystem + - Interfaces: shutdown | allow client to bind on its side of dbus + socket + - Interfaces: modify seccomp template to allow pwritev2 + - Interfaces: modify AppArmor template to allow reading + /proc/sys/fs/nr_open + - Packaging: drop snap.failure service for openSUSE + - Packaging: add SELinux support for openSUSE + - Packaging: disable optee when using nooptee build tag + - Packaging: add support for static PIE builds in snapd.mk, drop + pie.patch from openSUSE + - Packaging: add libcap2-bin runtime dependency for ubuntu-16.04 + - Packaging: use snapd.mk for packaging on Fedora + - Packaging: exclude .git directory + - Packaging: fix DPKG_PARSECHANGELOG assignment + - Packaging: fix building on Fedora with dpkg installed + +* Fri Aug 15 2025 Maxwell G - 2.70-3 +- Rebuild for golang-1.25.0 + +* Fri Jul 25 2025 Fedora Release Engineering - 2.70-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Tue Jun 03 2025 Ernest Lotter +- New upstream release 2.70 + - FDE: Fix reseal with v1 hook key format + - FDE: set role in TPM keys + - AppArmor prompting (experimental): add handling for expired + requests or listener in the kernel + - AppArmor prompting: log the notification protocol version + negotiated with the kernel + - AppArmor prompting: implement notification protocol v5 (manually + disabled for now) + - AppArmor prompting: register listener ID with the kernel and + resend notifications after snapd restart (requires protocol v5+) + - AppArmor prompting: select interface from metadata tags and set + request interface accordingly (requires protocol v5+) + - AppArmor prompting: include request PID in prompt + - AppArmor prompting: move the max prompt ID file to a subdirectory + of the snap run directory + - AppArmor prompting: avoid race between closing/reading socket fd + - Confdb (experimental): make save/load hooks mandatory if affecting + ephemeral + - Confdb: clear tx state on failed load + - Confdb: modify 'snap sign' formats JSON in assertion bodies (e.g. + confdb-schema) + - Confdb: add NestedEphemeral to confdb schemas + - Confdb: add early concurrency checks + - Simplify building Arch package + - Enable snapd.apparmor on Fedora + - Build snapd snap with libselinux + - Emit snapd.apparmor warning only when using apparmor backend + - When running snap, on system key mismatch e.g. due to network + attached HOME, trigger and wait for a security profiles + regeneration + - Avoid requiring state lock to get user, warnings, or pending + restarts when handling API requests + - Start/stop ssh.socket for core24+ when enabling/disabling the ssh + service + - Allow providing a different base when overriding snap + - Modify snap-bootstrap to mount snapd snap directly to /snap + - Modify snap-bootstrap to mount /lib/{modules,firmware} from snap + as fallback + - Modify core-initrd to use systemctl reboot instead of /sbin/reboot + - Copy the initramfs 'manifest-initramfs.yaml' to initramfs file + creation directory so it can be copied to the kernel snap + - Build the early initrd from installed ucode packages + - Create drivers tree when remodeling from UC20/22 to UC24 + - Load gpio-aggregator module before the helper-service needs it + - Run 'systemctl start' for mount units to ensure they are run also + when unchanged + - Update godbus version to 'v5 v5.1.0' + - Add support for POST to /v2/system-info with system-key-mismatch + indication from the client + - Add 'snap sign --update-timestamp' flag to update timestamp before + signing + - Add vfs support for snap-update-ns to use to simulate and evaluate + mount sequences + - Add refresh app awareness debug logging + - Add snap-bootstrap scan-disk subcommand to be called from udev + - Add feature to inject proxy store assertions in build image + - Add OP-TEE bindings, enable by default in ARM and ARM64 builds + - Fix systemd dependency options target to go under 'unit' section + - Fix snap-bootstrap reading kernel snap instead of base resulting + in bad modeenv + - Fix a regression during seeding when using early-config + - LP: #2107443 reset SHELL to /bin/bash in non-classic snaps + - Make Azure kernels reboot upon panic + - Fix snap-confine to not drop capabilities if the original user is + already root + - Fix data race when stopping services + - Fix task dependency issue by temporarily disable re-refresh on + prerequisite updates + - Fix compiling against op-tee on armhf + - Fix dbx update when not using FDE + - Fix potential validation set deadlock due to bases waiting on + snaps + - LP: #2104066 Only cancel notices requests on stop/shutdown + - Interfaces: bool-file | fix gpio glob pattern as required for + '[XXXX]*' format + - Interfaces: system-packages-doc | allow access to + /usr/local/share/doc + - Interfaces: ros-snapd-support interface | added new interface + - Interfaces: udisks2 | allow chown capability + - Interfaces: system-observe | allow reading cpu.max + - Interfaces: serial-port | add ttyMAXX to allowed list + - Interfaces: modified seccomp template to disallow + 'O_NOTIFICATION_PIPE' + - Interfaces: fwupd | add support for modem-manager plugin + - Interfaces: gpio-chardev | make unsupported and remove + experimental flag to hide this feature until gpio-aggregator is + available + - Interfaces: hardware-random | fix udev match rule + - Interfaces: timeserver-control | extend to allow timedatectl + timesync commands + - Interfaces: add symlinks backend + - Interfaces: system key mismatch handling + +* Tue Apr 08 2025 Ernest Lotter +- New upstream release 2.69 + - FDE: re-factor listing of the disks based on run mode model and + model to correctly resolve paths + - FDE: run snapd from snap-failure with the correct keyring mode + - Snap components: allow remodeling back to an old snap revision + that includes components + - Snap components: fix remodel to a kernel snap that is already + installed on the system, but not the current kernel due to a + previous remodel. + - Snap components: fix for snapctl inputs that can crash snapd + - Confdb (experimental): load ephemeral data when reading data via + snapctl get + - Confdb (experimental): load ephemeral data when reading data via + snap get + - Confdb (experimental): rename {plug}-view-changed hook to observe- + view-{plug} + - Confdb (experimental): rename confdb assertion to confdb-schema + - Confdb (experimental): change operator grouping in confdb-control + assertion + - Confdb (experimental): add confdb-control API + - AppArmor: extend the probed features to include the presence of + files, as well as directories + - AppArmor prompting (experimental): simplify the listener + - AppArmor metadata tagging (disabled): probe parser support for + tags + - AppArmor metadata tagging (disabled): implement notification + protocol v5 + - Confidential VMs: sysroot.mount is now dynamically created by + snap-bootstrap instead of being a static file in the initramfs + - Confidential VMs: Add new implementation of snap integrity API + - Non-suid snap-confine: first phase to replace snap-confine suid + with capabilities to achieve the required permissions + - Initial changes for dynamic security profiles updates + - Provide snap icon fallback for /v2/icons without requiring network + access at runtime + - Add eMMC gadget update support + - Support reexec when using /usr/libexec/snapd on the host (Arch + Linux, openSUSE) + - Auto detect snap mount dir location on unknown distributions + - Modify snap-confine AppArmor template to allow all glibc HWCAPS + subdirectories to prevent launch errors + - LP: #2102456 update secboot to bf2f40ea35c4 and modify snap- + bootstrap to remove usage of go templates to reduce size by 4MB + - Fix snap-bootstrap to mount kernel snap from + /sysroot/writable/system-data + - LP: #2106121 fix snap-bootstrap busy loop + - Fix encoding of time.Time by using omitzero instead of omitempty + (on go 1.24+) + - Fix setting snapd permissions through permctl for openSUSE + - Fix snap struct json tags typo + - Fix snap pack configure hook permissions check incorrect file mode + - Fix gadget snap reinstall to honor existing sizes of partitions + - Fix to update command line when re-executing a snapd tool + - Fix 'snap validate' of specific missing newline and add error on + missed case of 'snap validate --refresh' without another action + - Workaround for snapd-confine time_t size differences between + architectures + - Disallow pack and install of snapd, base and os with specific + configure hooks + - Drop udev build dependency that is no longer required and add + missing systemd-dev dependency + - Build snap-bootstrap with nomanagers tag to decrease size by 1MB + - Interfaces: polkit | support custom polkit rules + - Interfaces: opengl | LP: #2088456 fix GLX on nvidia when xorg is + confined by AppArmor + - Interfaces: log-observe | add missing udev rule + - Interfaces: hostname-control | fix call to hostnamectl in core24 + - Interfaces: network-control | allow removing created network + namespaces + - Interfaces: scsi-generic | re-enable base declaration for scsi- + generic plug + - Interfaces: u2f | add support for Arculus AuthentiKey + +* Wed Apr 02 2025 Ernest Lotter +- New upstream release 2.68.4 + - Snap components: LP: #2104933 workaround for classic 24.04/24.10 + models that incorrectly specify core22 instead of core24 + - Update build dependencies + +* Mon Mar 10 2025 Ernest Lotter +- New upstream release 2.68.3 + - FDE: LP: #2101834 snapd 2.68+ and snap-bootstrap <2.68 fallback to + old keyring path + - Fix Plucky snapd deb build issue related to /var/lib/snapd/void + permissions + - Fix snapd deb build complaint about ifneq with extra bracket + +* Thu Feb 27 2025 Ernest Lotter +- New upstream release 2.68.2 + - FDE: use boot mode for FDE hooks + - FDE: add snap-bootstrap compatibility check to prevent image + creation with incompatible snapd and kernel snap + - FDE: add argon2 out-of-process KDF support + - FDE: have separate mutex for the sections writing a fresh modeenv + - FDE: LP: #2099709 update secboot to e07f4ae48e98 + - Confdb: support pruning ephemeral data and process alternative + types in order + - core-initrd: look at env to mount directly to /sysroot + - core-initrd: prepare for Plucky build and split out 24.10 + (Oracular) + - Fix missing primed packages in snapd snap manifest + - Interfaces: posix-mq | fix incorrect clobbering of global variable + and make interface more precise + - Interfaces: opengl | add more kernel fusion driver files + +* Mon Feb 24 2025 Ernest Lotter +- New upstream release 2.68.1 + - Fix snap-confine type specifier type mismatch on armhf + +* Thu Feb 13 2025 Ernest Lotter +- New upstream release 2.68 + - FDE: add support for new and more extensible key format that is + unified between TPM and FDE hook + - FDE: add support for adding passphrases during installation + - FDE: update secboot to 30317622bbbc + - Snap components: make kernel components available on firstboot + after either initramfs or ephemeral rootfs style install + - Snap components: mount drivers tree from initramfs so kernel + modules are available in early boot stages + - Snap components: support remodeling to models that contain + components + - Snap components: support offline remodeling to models that contain + components + - Snap components: support creating new recovery systems with + components + - Snap components: support downloading components with 'snap + download' command + - Snap components: support sideloading asserted components + - AppArmor Prompting(experimental): improve version checks and + handling of listener notification protocol for communication with + kernel AppArmor + - AppArmor Prompting(experimental): make prompt replies idempotent, + and have at most one rule for any given path pattern, with + potentially mixed outcomes and lifespans + - AppArmor Prompting(experimental): timeout unresolved prompts after + a period of client inactivity + - AppArmor Prompting(experimental): return an error if a patch + request to the API would result in a rule without any permissions + - AppArmor Prompting(experimental): warn if there is no prompting + client present but prompting is enabled, or if a prompting-related + error occurs during snapd startup + - AppArmor Prompting(experimental): do not log error when converting + empty permissions to AppArmor permissions + - Confdb(experimental): rename registries to confdbs (including API + /v2/registries => /v2/confdb) + - Confdb(experimental): support marking confdb schemas as ephemeral + - Confdb(experimental): add confdb-control assertion and feature + flag + - Refresh App Awareness(experimental): LP: #2089195 prevent + possibility of incorrect notification that snap will quit and + update + - Confidential VMs: snap-bootstrap support for loading partition + information from a manifest file for cloudimg-rootfs mode + - Confidential VMs: snap-bootstrap support for setting up cloudimg- + rootfs as an overlayfs with integrity protection + - dm-verity for essential snaps: add support for snap-integrity + assertion + - Interfaces: modify AppArmor template to allow owner read on + @{PROC}/@{pid}/fdinfo/* + - Interfaces: LP: #2072987 modify AppArmor template to allow using + setpriv to run daemon as non-root user + - Interfaces: add configfiles backend that ensures the state of + configuration files in the filesystem + - Interfaces: add ldconfig backend that exposes libraries coming + from snaps to either the rootfs or to other snaps + - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when + inside a container + - Interfaces: add auditd-support interface that grants audit_control + capability and required paths for auditd to function + - Interfaces: add checkbox-support interface that allows + unrestricted access to all devices + - Interfaces: fwupd | allow access to dell bios recovery + - Interfaces: fwupd | allow access to shim and fallback shim + - Interfaces: mount-control | add mount option validator to detect + mount option conflicts early + - Interfaces: cpu-control | add read access to /sys/kernel/irq/ + - Interfaces: locale-control | changed to be implicit on Ubuntu Core + Desktop + - Interfaces: microstack-support | support for utilizing of AMD SEV + capabilities + - Interfaces: u2f | added missing OneSpan device product IDs + - Interfaces: auditd-support | grant seccomp setpriority + - Interfaces: opengl interface | enable parsing of nvidia driver + information files + - Allow mksquashfs 'xattrs' when packing snap types os, core, base + and snapd as part of work to support non-root snap-confine + - Upstream/downstream packaging changes and build updates + - Improve error logs for malformed desktop files to also show which + desktop file is at fault + - Provide more precise error message when overriding channels with + grade during seed creation + - Expose 'snap prepare-image' validation parameter + - Add snap-seccomp 'dump' command that dumps the filter rules from a + compiled profile + - Add fallback release info location /etc/initrd-release + - Added core-initrd to snapd repo and fixed issues with ubuntu-core- + initramfs deb builds + - Remove stale robust-mount-namespace-updates experimental feature + flag + - Remove snapd-snap experimental feature (rejected) and it's feature + flag + - Changed snap-bootstrap to mount base directly on /sysroot + - Mount ubuntu-seed mounted as no-{suid,exec,dev} + - Mapping volumes to disks: add support for volume-assignments in + gadget + - Fix silently broken binaries produced by distro patchelf 0.14.3 by + using locally build patchelf 0.18 + - Fix mismatch between listed refresh candidates and actual refresh + due to outdated validation sets + - Fix 'snap get' to produce compact listing for tty + - Fix missing store-url by keeping it as part of auxiliary store + info + - Fix snap-confine attempting to retrieve device cgroup setup inside + container where it is not available + - Fix 'snap set' and 'snap get' panic on empty strings with early + error checking + - Fix logger debug entries to show correct caller and file + information + - Fix issue preventing hybrid systems from being seeded on first + boot + - LP: #1966203 remove auto-import udev rules not required by deb + package to avoid unwanted syslog errors + - LP: #1886414 fix progress reporting when stdout is on a tty, but + stdin is not + * Wed Jan 22 2025 Zygmunt Krynicki - The changelog date and author have been modified to maintain linearity. - Drop 0001-data-selinux-remove-timedatex.patch - applied upstream. @@ -1023,6 +1622,20 @@ fi * Sun Jan 19 2025 Fedora Release Engineering - 2.66.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild +* Wed Jan 15 2025 Ernest Lotter +- New upstream release 2.67.1 + - Fix apparmor permissions to allow snaps access to kernel modules + and firmware on UC24, which also fixes the kernel-modules-control + interface on UC24 + - AppArmor prompting (experimental): disallow /./ and /../ in path + patterns + - Fix 'snap run' getent based user lookup in case of bad PATH + - Fix snapd using the incorrect AppArmor version during undo of an + refresh for regenerating snap profiles + - Add new syscalls to base templates + - hardware-observe interface: allow riscv_hwprobe syscall + - mount-observe interface: allow listmount and statmount syscalls + * Tue Dec 03 2024 Orion Poplawski - Drop RestartMode from snapd.service on EL8 (rhbz#2315759) diff --git a/sources b/sources index 238e744..5ba5479 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (snapd_2.67.no-vendor.tar.xz) = 517b8559edf2a1792f551ca4ccb3c1b026ea2f56b58c95c3cdaa4bdce690629dc9e917b388718b3c76d2fdf314ba6eaea16ba1c9fd8f910f3cb22880810aabb8 -SHA512 (snapd_2.67.only-vendor.tar.xz) = 56642733f89fe62a81081856eb878186d0bd6269af31aa453d65478934b4032dce1e04c8682d1164ad9a371f48da014cb5a5a6a27062cda27a93d6fe0541f4d5 +SHA512 (snapd_2.72.no-vendor.tar.xz) = fb556bdb60877a2536cd8e53a7e137935ba27afb5b04efff06d8f858c47cec82a8f1df01fb621f644f0c2abe056a2b0612fabd70ae2d909b2e960692763b8bff +SHA512 (snapd_2.72.only-vendor.tar.xz) = f80b5def82553c044027fbb208fc5d5f76633afe71a8210abc33b48b189fd9347fd1d04bc868c58dc5d0b7fe8c68f6e316edbb6d2a2e060f375a5cdc851c2278