-
Notifications
You must be signed in to change notification settings - Fork 601
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
545 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,122 @@ | ||
| snapd (2.68-1) unstable; urgency=medium | ||
|
|
||
| * New upstream release, LP: #2098137 | ||
| - FDE: add support for new and more extensible key format that is | ||
| unified between TPM and FDE hook | ||
| - FDE: add support for adding passphrases during installation | ||
| - FDE: update secboot to 30317622bbbc | ||
| - Snap components: make kernel components available on firstboot | ||
| after either initramfs or ephemeral rootfs style install | ||
| - Snap components: mount drivers tree from initramfs so kernel | ||
| modules are available in early boot stages | ||
| - Snap components: support remodeling to models that contain | ||
| components | ||
| - Snap components: support offline remodeling to models that contain | ||
| components | ||
| - Snap components: support creating new recovery systems with | ||
| components | ||
| - Snap components: support downloading components with 'snap | ||
| download' command | ||
| - Snap components: support sideloading asserted components | ||
| - AppArmor Prompting(experimental): improve version checks and | ||
| handling of listener notification protocol for communication with | ||
| kernel AppArmor | ||
| - AppArmor Prompting(experimental): make prompt replies idempotent, | ||
| and have at most one rule for any given path pattern, with | ||
| potentially mixed outcomes and lifespans | ||
| - AppArmor Prompting(experimental): timeout unresolved prompts after | ||
| a period of client inactivity | ||
| - AppArmor Prompting(experimental): return an error if a patch | ||
| request to the API would result in a rule without any permissions | ||
| - AppArmor Prompting(experimental): warn if there is no prompting | ||
| client present but prompting is enabled, or if a prompting-related | ||
| error occurs during snapd startup | ||
| - AppArmor Prompting(experimental): do not log error when converting | ||
| empty permissions to AppArmor permissions | ||
| - Confdb(experimental): rename registries to confdbs (including API | ||
| /v2/registries => /v2/confdb) | ||
| - Confdb(experimental): support marking confdb schemas as ephemeral | ||
| - Confdb(experimental): add confdb-control assertion and feature | ||
| flag | ||
| - Refresh App Awareness(experimental): LP: #2089195 prevent | ||
| possibility of incorrect notification that snap will quit and | ||
| update | ||
| - Confidential VMs: snap-bootstrap support for loading partition | ||
| information from a manifest file for cloudimg-rootfs mode | ||
| - Confidential VMs: snap-bootstrap support for setting up cloudimg- | ||
| rootfs as an overlayfs with integrity protection | ||
| - dm-verity for essential snaps: add support for snap-integrity | ||
| assertion | ||
| - Interfaces: modify AppArmor template to allow owner read on | ||
| @{PROC}/@{pid}/fdinfo/* | ||
| - Interfaces: LP: #2072987 modify AppArmor template to allow using | ||
| setpriv to run daemon as non-root user | ||
| - Interfaces: add configfiles backend that ensures the state of | ||
| configuration files in the filesystem | ||
| - Interfaces: add ldconfig backend that exposes libraries coming | ||
| from snaps to either the rootfs or to other snaps | ||
| - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when | ||
| inside a container | ||
| - Interfaces: add auditd-support interface that grants audit_control | ||
| capability and required paths for auditd to function | ||
| - Interfaces: add checkbox-support interface that allows | ||
| unrestricted access to all devices | ||
| - Interfaces: fwupd | allow access to dell bios recovery | ||
| - Interfaces: fwupd | allow access to shim and fallback shim | ||
| - Interfaces: mount-control | add mount option validator to detect | ||
| mount option conflicts early | ||
| - Interfaces: cpu-control | add read access to /sys/kernel/irq/ | ||
| - Interfaces: locale-control | changed to be implicit on Ubuntu Core | ||
| Desktop | ||
| - Interfaces: microstack-support | support for utilizing of AMD SEV | ||
| capabilities | ||
| - Interfaces: u2f | added missing OneSpan device product IDs | ||
| - Interfaces: auditd-support | grant seccomp setpriority | ||
| - Interfaces: opengl interface | enable parsing of nvidia driver | ||
| information files | ||
| - Allow mksquashfs 'xattrs' when packing snap types os, core, base | ||
| and snapd as part of work to support non-root snap-confine | ||
| - Upstream/downstream packaging changes and build updates | ||
| - Improve error logs for malformed desktop files to also show which | ||
| desktop file is at fault | ||
| - Provide more precise error message when overriding channels with | ||
| grade during seed creation | ||
| - Expose 'snap prepare-image' validation parameter | ||
| - Add snap-seccomp 'dump' command that dumps the filter rules from a | ||
| compiled profile | ||
| - Add fallback release info location /etc/initrd-release | ||
| - Added core-initrd to snapd repo and fixed issues with ubuntu-core- | ||
| initramfs deb builds | ||
| - Remove stale robust-mount-namespace-updates experimental feature | ||
| flag | ||
| - Remove snapd-snap experimental feature (rejected) and it's feature | ||
| flag | ||
| - Changed snap-bootstrap to mount base directly on /sysroot | ||
| - Mount ubuntu-seed mounted as no-{suid,exec,dev} | ||
| - Mapping volumes to disks: add support for volume-assignments in | ||
| gadget | ||
| - Fix silently broken binaries produced by distro patchelf 0.14.3 by | ||
| using locally build patchelf 0.18 | ||
| - Fix mismatch between listed refresh candidates and actual refresh | ||
| due to outdated validation sets | ||
| - Fix 'snap get' to produce compact listing for tty | ||
| - Fix missing store-url by keeping it as part of auxiliary store | ||
| info | ||
| - Fix snap-confine attempting to retrieve device cgroup setup inside | ||
| container where it is not available | ||
| - Fix 'snap set' and 'snap get' panic on empty strings with early | ||
| error checking | ||
| - Fix logger debug entries to show correct caller and file | ||
| information | ||
| - Fix issue preventing hybrid systems from being seeded on first | ||
| boot | ||
| - LP: #1966203 remove auto-import udev rules not required by deb | ||
| package to avoid unwanted syslog errors | ||
| - LP: #1886414 fix progress reporting when stdout is on a tty, but | ||
| stdin is not | ||
|
|
||
| -- Ernest Lotter <[email protected]> Thu, 13 Feb 2025 12:42:09 +0200 | ||
|
|
||
| snapd (2.67.1-1) unstable; urgency=medium | ||
|
|
||
| * New upstream release, LP: #2089691 | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -104,7 +104,7 @@ | |
| %endif | ||
|
|
||
| Name: snapd | ||
| Version: 2.67.1 | ||
| Version: 2.68 | ||
| Release: 0%{?dist} | ||
| Summary: A transactional software package manager | ||
| License: GPL-3.0-only | ||
|
|
@@ -1003,6 +1003,122 @@ fi | |
|
|
||
|
|
||
| %changelog | ||
| * Thu Feb 13 2025 Ernest Lotter <[email protected]> | ||
| - New upstream release 2.68 | ||
| - FDE: add support for new and more extensible key format that is | ||
| unified between TPM and FDE hook | ||
| - FDE: add support for adding passphrases during installation | ||
| - FDE: update secboot to 30317622bbbc | ||
| - Snap components: make kernel components available on firstboot | ||
| after either initramfs or ephemeral rootfs style install | ||
| - Snap components: mount drivers tree from initramfs so kernel | ||
| modules are available in early boot stages | ||
| - Snap components: support remodeling to models that contain | ||
| components | ||
| - Snap components: support offline remodeling to models that contain | ||
| components | ||
| - Snap components: support creating new recovery systems with | ||
| components | ||
| - Snap components: support downloading components with 'snap | ||
| download' command | ||
| - Snap components: support sideloading asserted components | ||
| - AppArmor Prompting(experimental): improve version checks and | ||
| handling of listener notification protocol for communication with | ||
| kernel AppArmor | ||
| - AppArmor Prompting(experimental): make prompt replies idempotent, | ||
| and have at most one rule for any given path pattern, with | ||
| potentially mixed outcomes and lifespans | ||
| - AppArmor Prompting(experimental): timeout unresolved prompts after | ||
| a period of client inactivity | ||
| - AppArmor Prompting(experimental): return an error if a patch | ||
| request to the API would result in a rule without any permissions | ||
| - AppArmor Prompting(experimental): warn if there is no prompting | ||
| client present but prompting is enabled, or if a prompting-related | ||
| error occurs during snapd startup | ||
| - AppArmor Prompting(experimental): do not log error when converting | ||
| empty permissions to AppArmor permissions | ||
| - Confdb(experimental): rename registries to confdbs (including API | ||
| /v2/registries => /v2/confdb) | ||
| - Confdb(experimental): support marking confdb schemas as ephemeral | ||
| - Confdb(experimental): add confdb-control assertion and feature | ||
| flag | ||
| - Refresh App Awareness(experimental): LP: #2089195 prevent | ||
| possibility of incorrect notification that snap will quit and | ||
| update | ||
| - Confidential VMs: snap-bootstrap support for loading partition | ||
| information from a manifest file for cloudimg-rootfs mode | ||
| - Confidential VMs: snap-bootstrap support for setting up cloudimg- | ||
| rootfs as an overlayfs with integrity protection | ||
| - dm-verity for essential snaps: add support for snap-integrity | ||
| assertion | ||
| - Interfaces: modify AppArmor template to allow owner read on | ||
| @{PROC}/@{pid}/fdinfo/* | ||
| - Interfaces: LP: #2072987 modify AppArmor template to allow using | ||
| setpriv to run daemon as non-root user | ||
| - Interfaces: add configfiles backend that ensures the state of | ||
| configuration files in the filesystem | ||
| - Interfaces: add ldconfig backend that exposes libraries coming | ||
| from snaps to either the rootfs or to other snaps | ||
| - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when | ||
| inside a container | ||
| - Interfaces: add auditd-support interface that grants audit_control | ||
| capability and required paths for auditd to function | ||
| - Interfaces: add checkbox-support interface that allows | ||
| unrestricted access to all devices | ||
| - Interfaces: fwupd | allow access to dell bios recovery | ||
| - Interfaces: fwupd | allow access to shim and fallback shim | ||
| - Interfaces: mount-control | add mount option validator to detect | ||
| mount option conflicts early | ||
| - Interfaces: cpu-control | add read access to /sys/kernel/irq/ | ||
| - Interfaces: locale-control | changed to be implicit on Ubuntu Core | ||
| Desktop | ||
| - Interfaces: microstack-support | support for utilizing of AMD SEV | ||
| capabilities | ||
| - Interfaces: u2f | added missing OneSpan device product IDs | ||
| - Interfaces: auditd-support | grant seccomp setpriority | ||
| - Interfaces: opengl interface | enable parsing of nvidia driver | ||
| information files | ||
| - Allow mksquashfs 'xattrs' when packing snap types os, core, base | ||
| and snapd as part of work to support non-root snap-confine | ||
| - Upstream/downstream packaging changes and build updates | ||
| - Improve error logs for malformed desktop files to also show which | ||
| desktop file is at fault | ||
| - Provide more precise error message when overriding channels with | ||
| grade during seed creation | ||
| - Expose 'snap prepare-image' validation parameter | ||
| - Add snap-seccomp 'dump' command that dumps the filter rules from a | ||
| compiled profile | ||
| - Add fallback release info location /etc/initrd-release | ||
| - Added core-initrd to snapd repo and fixed issues with ubuntu-core- | ||
| initramfs deb builds | ||
| - Remove stale robust-mount-namespace-updates experimental feature | ||
| flag | ||
| - Remove snapd-snap experimental feature (rejected) and it's feature | ||
| flag | ||
| - Changed snap-bootstrap to mount base directly on /sysroot | ||
| - Mount ubuntu-seed mounted as no-{suid,exec,dev} | ||
| - Mapping volumes to disks: add support for volume-assignments in | ||
| gadget | ||
| - Fix silently broken binaries produced by distro patchelf 0.14.3 by | ||
| using locally build patchelf 0.18 | ||
| - Fix mismatch between listed refresh candidates and actual refresh | ||
| due to outdated validation sets | ||
| - Fix 'snap get' to produce compact listing for tty | ||
| - Fix missing store-url by keeping it as part of auxiliary store | ||
| info | ||
| - Fix snap-confine attempting to retrieve device cgroup setup inside | ||
| container where it is not available | ||
| - Fix 'snap set' and 'snap get' panic on empty strings with early | ||
| error checking | ||
| - Fix logger debug entries to show correct caller and file | ||
| information | ||
| - Fix issue preventing hybrid systems from being seeded on first | ||
| boot | ||
| - LP: #1966203 remove auto-import udev rules not required by deb | ||
| package to avoid unwanted syslog errors | ||
| - LP: #1886414 fix progress reporting when stdout is on a tty, but | ||
| stdin is not | ||
|
|
||
| * Wed Jan 15 2025 Ernest Lotter <[email protected]> | ||
| - New upstream release 2.67.1 | ||
| - Fix apparmor permissions to allow snaps access to kernel modules | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,8 @@ | ||
| ------------------------------------------------------------------- | ||
| Thu Feb 13 10:42:09 UTC 2025 - [email protected] | ||
|
|
||
| - Update to upstream release 2.68 | ||
|
|
||
| ------------------------------------------------------------------- | ||
| Wed Jan 15 20:02:37 UTC 2025 - [email protected] | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.