From 635e8856c417ac58768fa7a347ec46e76dfba3f9 Mon Sep 17 00:00:00 2001 From: Neal Gompa Date: Aug 11 2017 02:40:32 +0000 Subject: Release 2.27 to Fedora (RH#1458086) --- diff --git a/.gitignore b/.gitignore index 5a7430a..9b07f53 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ /snapd-2.24.tar.gz /snapd-2.25.tar.gz /snapd-2.26.3.tar.gz +/snapd-2.27.tar.gz diff --git a/snap-mgmt.sh b/snap-mgmt.sh deleted file mode 100644 index 0ccf0f3..0000000 --- a/snap-mgmt.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/bash - -# Overlord management of snapd for package manager actions. -# Implements actions that would be invoked in %pre(un) actions for snapd. -# Derived from the snapd.postrm scriptlet used in the Ubuntu packaging for -# snapd. - -set -e - -SNAP_MOUNT_DIR="/var/lib/snapd/snap" -SNAP_UNIT_PREFIX="$(systemd-escape -p ${SNAP_MOUNT_DIR})" - -systemctl_stop() { - unit="$1" - if systemctl is-active -q "$unit"; then - echo "Stoping $unit" - systemctl stop -q "$unit" || true - fi -} - -if [ "$1" = "purge" ]; then - # undo any bind mount to ${SNAP_MOUNT_DIR} that resulted from LP:#1668659 - if grep -q "${SNAP_MOUNT_DIR} ${SNAP_MOUNT_DIR}" /proc/self/mountinfo; then - umount -l "${SNAP_MOUNT_DIR}" || true - fi - - mounts=$(systemctl list-unit-files --full | grep "^${SNAP_UNIT_PREFIX}[-.].*\.mount" | cut -f1 -d ' ') - services=$(systemctl list-unit-files --full | grep "^${SNAP_UNIT_PREFIX}[-.].*\.service" | cut -f1 -d ' ') - for unit in $services $mounts; do - # ensure its really a snap mount unit or systemd unit - if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then - echo "Skipping non-snapd systemd unit $unit" - continue - fi - - echo "Stopping $unit" - systemctl_stop "$unit" - - # if it is a mount unit, we can find the snap name in the mount - # unit (we just ignore unit files) - snap=$(grep "Where=${SNAP_MOUNT_DIR}/" "/etc/systemd/system/$unit"|cut -f3 -d/) - rev=$(grep "Where=${SNAP_MOUNT_DIR}/" "/etc/systemd/system/$unit"|cut -f4 -d/) - if [ -n "$snap" ]; then - echo "Removing snap $snap" - # aliases - if [ -d "${SNAP_MOUNT_DIR}/bin" ]; then - find "${SNAP_MOUNT_DIR}/bin" -maxdepth 1 -lname "$snap" -delete - find "${SNAP_MOUNT_DIR}/bin" -maxdepth 1 -lname "$snap.*" -delete - fi - # generated binaries - rm -f "${SNAP_MOUNT_DIR}/bin/$snap" - rm -f "${SNAP_MOUNT_DIR}/bin/$snap".* - # snap mount dir - umount -l "${SNAP_MOUNT_DIR}/$snap/$rev" 2> /dev/null || true - rm -rf "${SNAP_MOUNT_DIR}/$snap/$rev" - rm -f "${SNAP_MOUNT_DIR}/$snap/current" - # snap data dir - rm -rf "/var/snap/$snap/$rev" - rm -rf "/var/snap/$snap/common" - rm -f "/var/snap/$snap/current" - # opportunistic remove (may fail if there are still revisions left) - for d in "${SNAP_MOUNT_DIR}/$snap" "/var/snap/$snap"; do - if [ -d "$d" ]; then - rmdir --ignore-fail-on-non-empty "$d" - fi - done - fi - - echo "Removing $unit" - rm -f "/etc/systemd/system/$unit" - rm -f "/etc/systemd/system/multi-user.target.wants/$unit" - done - - echo "Discarding preserved snap namespaces" - # opportunistic as those might not be actually mounted - for mnt in /run/snapd/ns/*.mnt; do - umount -l "$mnt" || true - done - umount -l /run/snapd/ns/ || true - - - echo "Removing downloaded snaps" - rm -rf /var/lib/snapd/snaps/* - - echo "Final directory cleanup" - rm -rf "${SNAP_MOUNT_DIR}"/* - rm -rf /var/snap/* - - echo "Removing leftover snap shared state data" - rm -rf /var/lib/snapd/desktop/applications/* - rm -rf /var/lib/snapd/seccomp/profiles/* - rm -rf /var/lib/snapd/device/* - rm -rf /var/lib/snapd/assertions/* - -fi diff --git a/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch b/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch deleted file mode 100644 index c264639..0000000 --- a/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch +++ /dev/null @@ -1,28 +0,0 @@ -From a604e6e94cca5251a1a1ae31907832e023b38fa7 Mon Sep 17 00:00:00 2001 -From: Simon Fels -Date: Wed, 17 May 2017 16:18:54 +0200 -Subject: [PATCH] interfaces/seccomp: allow bind() for Fedora and openSUSE - ---- - interfaces/seccomp/template.go | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/interfaces/seccomp/template.go b/interfaces/seccomp/template.go -index f9a0ed6..a52ab6f 100644 ---- a/interfaces/seccomp/template.go -+++ b/interfaces/seccomp/template.go -@@ -548,4 +548,14 @@ pwritev - # This is an older interface and single entry point that can be used instead - # of socket(), bind(), connect(), etc individually. - socketcall -+ -+# Allow bind() as the golang net package uses this on initialization when -+# loaded the first time and on systems without an LSM system this kills -+# snapctl when executed in a hook when the network-bind interface isn't -+# plugged. See https://forum.snapcraft.io/t/hooks-calling-snapctl-are-broken-with-just-seccomp-enabled/658/ -+# for more details. -+# -+# NOTE: This is only meant for Fedora and openSUSE and shouldn't be -+# applied upstream. -+bind - `) diff --git a/snapd.spec b/snapd.spec index 4f801df..5205d1c 100644 --- a/snapd.spec +++ b/snapd.spec @@ -6,10 +6,15 @@ %bcond_without vendorized %endif +# A switch to allow building the package with support for testkeys which +# are used for the spread test suite of snapd. +%bcond_with testkeys + %global with_devel 1 %global with_debug 1 %global with_check 0 %global with_unit_test 0 +%global with_test_keys 0 # For the moment, we don't support all golang arches... %global with_goarches 0 @@ -20,6 +25,12 @@ %global with_bundled 1 %endif +%if ! %{with testkeys} +%global with_test_keys 0 +%else +%global with_test_keys 1 +%endif + %if 0%{?with_debug} %global _dwz_low_mem_die_limit 0 %else @@ -37,8 +48,8 @@ %global snappy_svcs snapd.service snapd.socket snapd.autoimport.service snapd.refresh.timer snapd.refresh.service Name: snapd -Version: 2.26.3 -Release: 5%{?dist} +Version: 2.27 +Release: 1%{?dist} Summary: A transactional software package manager Group: System Environment/Base License: GPLv3 @@ -48,15 +59,10 @@ Source0: https://%{provider_prefix}/archive/%{version}/%{name}-%{version} %else Source0: https://%{provider_prefix}/releases/download/%{version}/%{name}_%{version}.vendor.orig.tar.xz %endif -# Script to implement certain package management actions -Source1: snap-mgmt.sh # Upstream proposed PR: https://github.com/snapcore/snapd/pull/3162 Patch0001: 0001-cmd-use-libtool-for-the-internal-library.patch -# Temporary patch until properly fixed in 2.27 -Patch0100: snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch - %if 0%{?with_goarches} # e.g. el6 has ppc64 arch without gcc-go, so EA tag is required ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}} @@ -87,6 +93,7 @@ BuildRequires: golang(github.com/gorilla/mux) BuildRequires: golang(github.com/jessevdk/go-flags) BuildRequires: golang(github.com/mvo5/uboot-go/uenv) BuildRequires: golang(github.com/ojii/gettext.go) +BuildRequires: golang(github.com/seccomp/libseccomp-golang) BuildRequires: golang(golang.org/x/crypto/openpgp/armor) BuildRequires: golang(golang.org/x/crypto/openpgp/packet) BuildRequires: golang(golang.org/x/crypto/sha3) @@ -124,6 +131,7 @@ BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(udev) BuildRequires: xfsprogs-devel BuildRequires: glibc-static +BuildRequires: libseccomp-static BuildRequires: valgrind BuildRequires: %{_bindir}/rst2man %if 0%{?fedora} >= 25 @@ -170,6 +178,7 @@ Requires: golang(github.com/gorilla/mux) Requires: golang(github.com/jessevdk/go-flags) Requires: golang(github.com/mvo5/uboot-go/uenv) Requires: golang(github.com/ojii/gettext.go) +Requires: golang(github.com/seccomp/libseccomp-golang) Requires: golang(golang.org/x/crypto/openpgp/armor) Requires: golang(golang.org/x/crypto/openpgp/packet) Requires: golang(golang.org/x/crypto/sha3) @@ -191,6 +200,7 @@ Provides: bundled(golang(github.com/coreos/go-systemd/activation)) Provides: bundled(golang(github.com/gorilla/mux)) Provides: bundled(golang(github.com/jessevdk/go-flags)) Provides: bundled(golang(github.com/mvo5/uboot-go/uenv)) +Provides: bundled(golang(github.com/mvo5/libseccomp-golang)) Provides: bundled(golang(github.com/ojii/gettext.go)) Provides: bundled(golang(golang.org/x/crypto/openpgp/armor)) Provides: bundled(golang(golang.org/x/crypto/openpgp/packet)) @@ -328,11 +338,23 @@ export GOPATH=$(pwd):%{gopath} export GOPATH=$(pwd):$(pwd)/Godeps/_workspace:%{gopath} %endif -%gobuild -o bin/snap %{import_path}/cmd/snap -%gobuild -o bin/snap-exec %{import_path}/cmd/snap-exec -%gobuild -o bin/snapctl %{import_path}/cmd/snapctl -%gobuild -o bin/snapd %{import_path}/cmd/snapd -%gobuild -o bin/snap-update-ns %{import_path}/cmd/snap-update-ns +GOFLAGS= +%if 0%{?with_test_keys} +GOFLAGS="$GOFLAGS -tags withtestkeys" +%endif + +# We have to build snapd first to prevent the build from +# building various things from the tree without additional +# set tags. +%gobuild -o bin/snapd $GOFLAGS %{import_path}/cmd/snapd +%gobuild -o bin/snap $GOFLAGS %{import_path}/cmd/snap +%gobuild -o bin/snap-exec $GOFLAGS %{import_path}/cmd/snap-exec +%gobuild -o bin/snapctl $GOFLAGS %{import_path}/cmd/snapctl +%gobuild -o bin/snap-update-ns $GOFLAGS %{import_path}/cmd/snap-update-ns + +# We don't need mvo5 fork for seccomp, as we have seccomp 2.3.x +sed -e "s:github.com/mvo5/libseccomp-golang:github.com/seccomp/libseccomp-golang:g" -i cmd/snap-seccomp/*.go +%gobuild -o bin/snap-seccomp %{import_path}/cmd/snap-seccomp # Build SELinux module pushd ./data/selinux @@ -356,6 +378,7 @@ popd # Build systemd units pushd ./data/systemd make BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" \ + SYSTEMDSYSTEMUNITDIR="%{_unitdir}" \ SNAP_MOUNT_DIR="%{_sharedstatedir}/snapd/snap" \ SNAPD_ENVIRONMENT_FILE="%{_sysconfdir}/sysconfig/snapd" popd @@ -372,7 +395,7 @@ install -d -p %{buildroot}%{_sharedstatedir}/snapd/desktop/applications install -d -p %{buildroot}%{_sharedstatedir}/snapd/device install -d -p %{buildroot}%{_sharedstatedir}/snapd/hostfs install -d -p %{buildroot}%{_sharedstatedir}/snapd/mount -install -d -p %{buildroot}%{_sharedstatedir}/snapd/seccomp/profiles +install -d -p %{buildroot}%{_sharedstatedir}/snapd/seccomp/bpf install -d -p %{buildroot}%{_sharedstatedir}/snapd/snaps install -d -p %{buildroot}%{_sharedstatedir}/snapd/snap/bin install -d -p %{buildroot}%{_localstatedir}/snap @@ -385,6 +408,7 @@ install -p -m 0755 bin/snap-exec %{buildroot}%{_libexecdir}/snapd install -p -m 0755 bin/snapctl %{buildroot}%{_bindir}/snapctl install -p -m 0755 bin/snapd %{buildroot}%{_libexecdir}/snapd install -p -m 0755 bin/snap-update-ns %{buildroot}%{_libexecdir}/snapd +install -p -m 0755 bin/snap-seccomp %{buildroot}%{_libexecdir}/snapd # Install SELinux module install -p -m 0644 data/selinux/snappy.if %{buildroot}%{_datadir}/selinux/devel/include/contrib @@ -412,11 +436,16 @@ popd # Install all systemd units pushd ./data/systemd -%make_install SYSTEMDSYSTEMUNITDIR="%{_unitdir}" +%make_install SYSTEMDSYSTEMUNITDIR="%{_unitdir}" BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" # Remove snappy core specific units rm -fv %{buildroot}%{_unitdir}/snapd.system-shutdown.service +rm -fv %{buildroot}%{_unitdir}/snap-repair.* +rm -fv %{buildroot}%{_unitdir}/snapd.core-fixup.* popd +# Remove snappy core specific scripts +rm %{buildroot}%{_libexecdir}/snapd/snapd.core-fixup.sh + # Put /var/lib/snapd/snap/bin on PATH # Put /var/lib/snapd/desktop on XDG_DATA_DIRS cat << __SNAPD_SH__ > %{buildroot}%{_sysconfdir}/profile.d/snapd.sh @@ -433,7 +462,7 @@ __SNAPD_SH__ echo 'SNAP_REEXEC=0' > %{buildroot}%{_sysconfdir}/sysconfig/snapd # Install snap management script -install -pm 0755 %{SOURCE1} %{buildroot}%{_libexecdir}/snapd/snap-mgmt +install -pm 0755 packaging/fedora/snap-mgmt.sh %{buildroot}%{_libexecdir}/snapd/snap-mgmt # Create state.json file to be ghosted touch %{buildroot}%{_sharedstatedir}/snapd/state.json @@ -517,7 +546,7 @@ popd %dir %{_sharedstatedir}/snapd/hostfs %dir %{_sharedstatedir}/snapd/mount %dir %{_sharedstatedir}/snapd/seccomp -%dir %{_sharedstatedir}/snapd/seccomp/profiles +%dir %{_sharedstatedir}/snapd/seccomp/bpf %dir %{_sharedstatedir}/snapd/snaps %dir %{_sharedstatedir}/snapd/snap %ghost %dir %{_sharedstatedir}/snapd/snap/bin @@ -532,6 +561,7 @@ popd # FIXME: Switch to "%%attr(0755,root,root) %%caps(cap_sys_admin=pe)" asap! %attr(4755,root,root) %{_libexecdir}/snapd/snap-confine %{_libexecdir}/snapd/snap-discard-ns +%{_libexecdir}/snapd/snap-seccomp %{_libexecdir}/snapd/snap-update-ns %{_libexecdir}/snapd/system-shutdown %{_mandir}/man5/snap-confine.5* @@ -580,7 +610,7 @@ fi # Remove all Snappy content if snapd is being fully uninstalled if [ $1 -eq 0 ]; then - %{_libexecdir}/snapd/snap-mgmt purge || : + %{_libexecdir}/snapd/snap-mgmt --purge || : fi @@ -602,6 +632,272 @@ fi %changelog +* Thu Aug 10 2017 Neal Gompa - 2.27-1 +- Release 2.27 to Fedora (RH#1458086) + +* Thu Aug 10 2017 Michael Vogt +- New upstream release 2.27 + - fix build failure on 32bit fedora + - interfaces: add password-manager-service implicit classic interface + - interfaces/greengrass-support: adjust accesses now that have working + snap + - interfaces/many, cmd/snap-confine: miscellaneous policy updates + - interfaces/unity7: allow receiving media key events in (at least) + gnome-shell + - cmd: fix re-exec bug when starting from snapd 2.21 + - tests: restore interfaces-account-control properly + - cmd: fix tests that assume /snap mount + - cmd: mark arch as non-reexecing distro + - snap-confine: don't share /etc/nsswitch from host + - store: talk to api.snapcraft.io for purchases + - hooks: support for install and remove hooks + - packaging: fix Fedora support + - tests: add bluetooth-control interface test + - store: talk to api.snapcraft.io for assertions + - tests: remove snapd before building from branch + - tests: add avahi-observe interface test + - store: orders API now checks if customer is ready + - cmd/snap: snap find only searches stable + - interfaces: updates default, mir, optical-observe, system-observe, + screen-inhibit-control and unity7 + - tests: speedup prepare statement part 1 + - store: do not send empty refresh requests + - asserts: fix error handling in snap-developer consistency check + - systemd: add explicit sync to snapd.core-fixup.sh + - snapd: generate snap cookies on startup + - cmd,client,daemon: expose "force devmode" in sysinfo + - many: introduce and use strutil.ListContains and also + strutil.SortedListContains + - assserts,overlord/assertstate: test we don't accept chains of + assertions founded on a self-signed key coming externally + - interfaces: enable access to bridge settings + - interfaces: fix copy-pasted iio vs io in io-ports-control + - cmd/snap-confine: various small fixes and tweaks to seccomp + support code + - interfaces: bring back seccomp argument filtering + - systemd, osutil: rework systemd logs in preparation for services + commands + - tests: store /etc/systemd/system/snap-*core*.mount in snapd- + state.tar.gz + - tests: shellcheck improvements for tests/main tasks - first set of + tests + - cmd/snap: `--last` for abort and watch, and aliases + (search→find, change→tasks) + - tests: shellcheck improvements for tests/lib scripts + - tests: create ramdisk if it's not present + - tests: shellcheck improvements for nightly upgrade and regressions + tests + - snapd: fix for snapctl get panic on null config values. + - tests: fix for rng-tools service not restarting + - systemd: add snapd.core-fixup.service unit + - cmd: avoid using current symlink in InternalToolPath + - tests: fix timeout issue for test refresh core with hanging … + - intefaces: control bridged vlan/ppoe-tagged traffic + - cmd/snap: include snap type in notes + - overlord/state: Abort() only visits each task once + - tests: extend find-private test to cover more cases + - snap-seccomp: skip socket() tests on systems that use socketcall() + instead of socket() + - many: support snap title as localized/title-cased name + - snap-seccomp: deal with mknod on aarch64 in the seccomp tests + - interfaces: put base policy fragments inside each interface + - asserts: introduce NewDecoderWithTypeMaxBodySize + - tests: fix snapd-notify when it takes more time to restart + - snap-seccomp: fix snap-seccomp tests in artful + - tests: fix for create-key task to avoid rng-tools service ramains + alive + - snap-seccomp: make sure snap-seccomp writes the bpf file + atomically + - tests: do not disable ipv6 on core systems + - arch: the kernel architecture name is armv7l instead of armv7 + - snap-confine: ensure snap-confine waits some seconds for seccomp + security profiles + - tests: shellcheck improvements for tests/nested tasks + - wrappers: add SyslogIdentifier to the service unit files. + - tests: shellcheck improvements for unit tasks + - asserts: implement FindManyTrusted as well + - asserts: open up and optimize Encoder to help avoiding unnecessary + copying + - interfaces: simplify snap-confine by just loading pre-generated + bpf code + - tests: restart rng-tools services after few seconds + - interfaces, tests: add mising dbus abstraction to system-observe + and extend spread test + - store: change main store host to api.snapcraft.io + - overlord/cmdstate: new package for running commands as tasks. + - spread: help libapt resolve installing libudev-dev + - tests: show the IP from .travis.yaml + - tests/main: use pkgdb function in more test cases + - cmd,daemon: add debug command for displaying the base policy + - tests: prevent quoting error on opensuse + - tests: fix nightly suite + - tests: add linode-sru backend + - snap-confine: validate SNAP_NAME against security tag + - tests: fix ipv6 disable for ubuntu-core + - tests: extend core-revert test to cover bluez issues + - interfaces/greengrass-support: add support for Amazon Greengrass + as a snap + - asserts: support timestamp and optional disabled header on repair + - tests: reboot after upgrading to snapd on the -proposed pocket + - many: fix test cases to work with different DistroLibExecDir + - tests: reenable help test on ubuntu and debian systems + - packaging/{opensuse,fedora}: allow package build with testkeys + included + - tests/lib: generalize RPM build support + - interfaces/builtin: sync connected slot and permanent slot snippet + - tests: fix snap create-key by restarting automatically rng-tools + - many: switch to use http numeric statuses as agreed + - debian: add missing Type=notify in 14.04 packaging + - tests: mark interfaces-openvswitch as manual due to prepare errors + - debian: unify built_using between the 14.04 and 16.04 packaging + branch + - tests: pull from urandom when real entropy is not enough + - tests/main/manpages: install missing man package + - tests: add refresh --time output check + - debian: add missing "make -C data/systemd clean" + - tests: fix for upgrade test when it is repeated + - tests/main: use dir abstraction in a few more test cases + - tests/main: check for confinement in a few more interface tests + - spread: add fedora snap bin dir to global PATH + - tests: check that locale-control is not present on core + - many: snapctl outside hooks + - tests: add whoami check + - interfaces: compose the base declaration from interfaces + - tests: fix spread flaky tests linode + - tests,packaging: add package build support for openSUSE + - many: slight improvement of some snap error messaging + - errtracker: Include /etc/apparmor.d/usr.lib.snap-confine md5sum in + err reports + - tests: fix for the test postrm-purge + - tests: restoring the /etc/environment and service units config for + each test + - daemon: make snapd a "Type=notify" daemon and notify when startup + is done + - cmd/snap-confine: add support for --base snap + - many: derive implicit slots from interface meta-data + - tests: add core revert test + - tests,packaging: add package build support for Fedora for our + spread setup + - interfaces: move base declaration to the policy sub-package + - tests: fix for snapd-reexec test cheking for restart info on debug + log + - tests: show available entropy on error + - tests: clean journalctl logs on trusty + - tests: fix econnreset on staging + - tests: modify core before calling set + - tests: add snap-confine privilege test + - tests: add staging snap-id + - interfaces/builtin: silence ptrace denial for network-manager + - tests: add alsa interface spread test + - tests: prefer ipv4 over ipv6 + - tests: fix for econnreset test checking that the download already + started + - httputil,store: extract retry code to httputil, reorg usages + - errtracker: report if snapd did re-execute itself + - errtracker: include bits of snap-confine apparmor profile + - tests: take into account staging snap-ids for snap-info + - cmd: add stub new snap-repair command and add timer + - many: stop "snap refresh $x --channel invalid" from working + - interfaces: revert "interfaces: re-add reverted ioctl and quotactl + - snapstate: consider connect/disconnect tasks in + CheckChangeConflict. + - interfaces: disable "mknod |N" in the default seccomp template + again + - interfaces,overlord/ifacestate: make sure installing slots after + plugs works similarly to plugs after slots + - interfaces/seccomp: add bind() syscall for forced-devmode systems + - packaging/fedora: Sync packaging from Fedora Dist-Git + - tests: move static and unit tests to spread task + - many: error types should be called FooError, not ErrFoo. + - partition: add directory sync to the save uboot.env file code + - cmd: test everything (100% coverage \o/) + - many: make shell scripts shellcheck-clean + - tests: remove additional setup for docker on core + - interfaces: add summary to each interface + - many: remove interface meta-data from list of connections + - logger (& many more, to accommodate): drop explicit syslog. + - packaging: import packaging bits for opensuse + - snapstate,many: implement snap install --unaliased + - tests/lib: abstract build dependency installation a bit more + - interfaces, osutil: move flock code from interfaces/mount to + osutil + - cmd: auto import assertions only from ext4,vfat file systems + - many: refactor in preparation for 'snap start' + - overlord/snapstate: have an explicit code path last-refresh + unset/zero => immediately refresh try + - tests: fixes for executions using the staging store + - tests: use pollinate to seed the rng + - cmd/snap,tests: show the sha3-384 of the snap for snap info + --verbose SNAP-FILE + - asserts: simplify and adjust repair assertion definition + - cmd/snap,tests: show the snap id if available in snap info + - daemon,overlord/auth: store from model assertion wins + - cmd/snap,tests/main: add confinement switch instead of spread + system blacklisting + - many: cleanup MockCommands and don't leave a process around after + hookstate tests + - tests: update listing test to the core version number schema + - interfaces: allow snaps to use the timedatectl utility + - packaging: Add Fedora packaging files + - tests/libs: add distro_auto_remove_packages function + - cmd/snap: correct devmode note for anomalous state + - tests/main/snap-info: use proper pkgdb functions to install distro + packages + - tests/lib: use mktemp instead of tempfile to work cross-distro + - tests: abstract common dirs which differ on distributions + - many: model and expose interface meta-data. + - overlord: make config defaults from gadget work also at first boot + - interfaces/log-observe: allow using journalctl from hostfs for + classic distro + - partition,snap: add support for android boot + - errtracker: small simplification around readMachineID + - snap-confine: move rm_rf_tmp to test-utils. + - tests/lib: introduce pkgdb helper library + - errtracker: try multiple paths to read machine-id + - overlord/hooks: make sure only one hook for given snap is executed + at a time. + - cmd/snap-confine: use SNAP_MOUNT_DIR to setup /snap inside the + confinement env + - tests: bump kill-timeout and remove quiet call on build + - tests/lib/snaps: add a test store snap with a passthrough + configure hook + - daemon: teach the daemon to wait on active connections when + shutting down + - tests: remove unit tests task + - tests/main/completion: source from /usr/share/bash-completion + - assertions: add "repair" assertion + - interfaces/seccomp: document Backend.NewSpecification + - wrappers: make StartSnapServices cleanup any services that were + added if a later one fails + - overlord/snapstate: avoid creating command aliases for daemons + - vendor: remove unused packages + - vendor,partition: fix panics from uenv + - cmd,interfaces/mount: run snap-update-ns and snap-discard-ns from + core if possible + - daemon: do not allow to install ubuntu-core anymore + - wrappers: service start/stop were inconsistent + - tests: fix failing tests (snap core version, syslog changes) + - cmd/snap-update-ns: add actual implementation + - tests: improve entropy also for ubuntu + - cmd/snap-confine: use /etc/ssl from the core snap + - wrappers: don't convert between []byte and string needlessly. + - hooks: default timeout + - overlord/snapstate: Enable() was ignoring the flags from the + snap's state, resulting in losing "devmode" on disable/enable. + - difs,interfaces/mount: add support for locking namespaces + - interfaces/mount: keep track of kept mount entries + - tests/main: move a bunch of greps over to MATCH + - interfaces/builtin: make all interfaces private + - interfaces/mount: spell unmount correctly + - tests: allow 16-X.Y.Z version of core snap + - the timezone_control interface only allows changing /etc/timezone + and /etc/writable/timezone. systemd-timedated also updated the + link of /etc/localtime and /etc/writable/localtime ... allow + access to this file too + - cmd/snap-confine: aggregate operations holding global lock + - api, ifacestate: resolve disconnect early + - interfaces/builtin: ensure we don't register interfaces twice + * Thu Aug 03 2017 Fedora Release Engineering - 2.26.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild diff --git a/sources b/sources index 9a2ab90..7cf1573 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (snapd-2.26.3.tar.gz) = 24cec72d8c6a118db38727860d667122f95ff00382c33d516f9e2a2de594c5b507b5fa29e25bbbc702d37762c4b0a5e5e9103d03a37963cc753a5d85a02fbd0e +SHA512 (snapd-2.27.tar.gz) = 9ab30e08f4e956406a3e5621e71ec253ee8dfb81fb5fa7db665967cbf4ba49af2e6445fa0e5b11d115eccd0c66cac003577d6d8645c52566c56c9e9548f990b6