diff --git a/NEWS.md b/NEWS.md index 6bc3cb9af66..91bc9ac6042 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,3 +1,67 @@ +# New in snapd 2.68 +* FDE: add support for new and more extensible key format that is unified between TPM and FDE hook +* FDE: add support for adding passphrases during installation +* FDE: update secboot to 30317622bbbc +* Snap components: make kernel components available on firstboot after either initramfs or ephemeral rootfs style install +* Snap components: mount drivers tree from initramfs so kernel modules are available in early boot stages +* Snap components: support remodeling to models that contain components +* Snap components: support offline remodeling to models that contain components +* Snap components: support creating new recovery systems with components +* Snap components: support downloading components with 'snap download' command +* Snap components: support sideloading asserted components +* AppArmor Prompting(experimental): improve version checks and handling of listener notification protocol for communication with kernel AppArmor +* AppArmor Prompting(experimental): make prompt replies idempotent, and have at most one rule for any given path pattern, with potentially mixed outcomes and lifespans +* AppArmor Prompting(experimental): timeout unresolved prompts after a period of client inactivity +* AppArmor Prompting(experimental): return an error if a patch request to the API would result in a rule without any permissions +* AppArmor Prompting(experimental): warn if there is no prompting client present but prompting is enabled, or if a prompting-related error occurs during snapd startup +* AppArmor Prompting(experimental): do not log error when converting empty permissions to AppArmor permissions +* Confdb(experimental): rename registries to confdbs (including API /v2/registries => /v2/confdb) +* Confdb(experimental): support marking confdb schemas as ephemeral +* Confdb(experimental): add confdb-control assertion and feature flag +* Refresh App Awareness(experimental): LP: #2089195 prevent possibility of incorrect notification that snap will quit and update +* Confidential VMs: snap-bootstrap support for loading partition information from a manifest file for cloudimg-rootfs mode +* Confidential VMs: snap-bootstrap support for setting up cloudimg-rootfs as an overlayfs with integrity protection +* dm-verity for essential snaps: add support for snap-integrity assertion +* Interfaces: modify AppArmor template to allow owner read on @{PROC}/@{pid}/fdinfo/* +* Interfaces: LP: #2072987 modify AppArmor template to allow using setpriv to run daemon as non-root user +* Interfaces: add configfiles backend that ensures the state of configuration files in the filesystem +* Interfaces: add ldconfig backend that exposes libraries coming from snaps to either the rootfs or to other snaps +* Interfaces: LP: #1712808 LP: 1865503 disable udev backend when inside a container +* Interfaces: add auditd-support interface that grants audit_control capability and required paths for auditd to function +* Interfaces: add checkbox-support interface that allows unrestricted access to all devices +* Interfaces: fwupd | allow access to dell bios recovery +* Interfaces: fwupd | allow access to shim and fallback shim +* Interfaces: mount-control | add mount option validator to detect mount option conflicts early +* Interfaces: cpu-control | add read access to /sys/kernel/irq/ +* Interfaces: locale-control | changed to be implicit on Ubuntu Core Desktop +* Interfaces: microstack-support | support for utilizing of AMD SEV capabilities +* Interfaces: u2f | added missing OneSpan device product IDs +* Interfaces: auditd-support | grant seccomp setpriority +* Interfaces: opengl interface | enable parsing of nvidia driver information files +* Allow mksquashfs 'xattrs' when packing snap types os, core, base and snapd as part of work to support non-root snap-confine +* Upstream/downstream packaging changes and build updates +* Improve error logs for malformed desktop files to also show which desktop file is at fault +* Provide more precise error message when overriding channels with grade during seed creation +* Expose 'snap prepare-image' validation parameter +* Add snap-seccomp 'dump' command that dumps the filter rules from a compiled profile +* Add fallback release info location /etc/initrd-release +* Added core-initrd to snapd repo and fixed issues with ubuntu-core-initramfs deb builds +* Remove stale robust-mount-namespace-updates experimental feature flag +* Remove snapd-snap experimental feature (rejected) and it's feature flag +* Changed snap-bootstrap to mount base directly on /sysroot +* Mount ubuntu-seed mounted as no-{suid,exec,dev} +* Mapping volumes to disks: add support for volume-assignments in gadget +* Fix silently broken binaries produced by distro patchelf 0.14.3 by using locally build patchelf 0.18 +* Fix mismatch between listed refresh candidates and actual refresh due to outdated validation sets +* Fix 'snap get' to produce compact listing for tty +* Fix missing store-url by keeping it as part of auxiliary store info +* Fix snap-confine attempting to retrieve device cgroup setup inside container where it is not available +* Fix 'snap set' and 'snap get' panic on empty strings with early error checking +* Fix logger debug entries to show correct caller and file information +* Fix issue preventing hybrid systems from being seeded on first boot +* LP: #1966203 remove auto-import udev rules not required by deb package to avoid unwanted syslog errors +* LP: #1886414 fix progress reporting when stdout is on a tty, but stdin is not + # New in snapd 2.67.1 * Fix apparmor permissions to allow snaps access to kernel modules and firmware on UC24, which also fixes the kernel-modules-control interface on UC24 * AppArmor prompting (experimental): disallow /./ and /../ in path patterns diff --git a/packaging/arch/PKGBUILD b/packaging/arch/PKGBUILD index e9ea035a4f8..0a950e055cf 100644 --- a/packaging/arch/PKGBUILD +++ b/packaging/arch/PKGBUILD @@ -11,7 +11,7 @@ pkgdesc="Service and tools for management of snap packages." depends=('squashfs-tools' 'libseccomp' 'libsystemd' 'apparmor') optdepends=('bash-completion: bash completion support' 'xdg-desktop-portal: desktop integration') -pkgver=2.67.1 +pkgver=2.68 pkgrel=1 arch=('x86_64' 'i686' 'armv7h' 'aarch64') url="https://github.com/snapcore/snapd" diff --git a/packaging/debian-sid/changelog b/packaging/debian-sid/changelog index df651d93379..b62fe428220 100644 --- a/packaging/debian-sid/changelog +++ b/packaging/debian-sid/changelog @@ -1,3 +1,122 @@ +snapd (2.68-1) unstable; urgency=medium + + * New upstream release, LP: #2098137 + - FDE: add support for new and more extensible key format that is + unified between TPM and FDE hook + - FDE: add support for adding passphrases during installation + - FDE: update secboot to 30317622bbbc + - Snap components: make kernel components available on firstboot + after either initramfs or ephemeral rootfs style install + - Snap components: mount drivers tree from initramfs so kernel + modules are available in early boot stages + - Snap components: support remodeling to models that contain + components + - Snap components: support offline remodeling to models that contain + components + - Snap components: support creating new recovery systems with + components + - Snap components: support downloading components with 'snap + download' command + - Snap components: support sideloading asserted components + - AppArmor Prompting(experimental): improve version checks and + handling of listener notification protocol for communication with + kernel AppArmor + - AppArmor Prompting(experimental): make prompt replies idempotent, + and have at most one rule for any given path pattern, with + potentially mixed outcomes and lifespans + - AppArmor Prompting(experimental): timeout unresolved prompts after + a period of client inactivity + - AppArmor Prompting(experimental): return an error if a patch + request to the API would result in a rule without any permissions + - AppArmor Prompting(experimental): warn if there is no prompting + client present but prompting is enabled, or if a prompting-related + error occurs during snapd startup + - AppArmor Prompting(experimental): do not log error when converting + empty permissions to AppArmor permissions + - Confdb(experimental): rename registries to confdbs (including API + /v2/registries => /v2/confdb) + - Confdb(experimental): support marking confdb schemas as ephemeral + - Confdb(experimental): add confdb-control assertion and feature + flag + - Refresh App Awareness(experimental): LP: #2089195 prevent + possibility of incorrect notification that snap will quit and + update + - Confidential VMs: snap-bootstrap support for loading partition + information from a manifest file for cloudimg-rootfs mode + - Confidential VMs: snap-bootstrap support for setting up cloudimg- + rootfs as an overlayfs with integrity protection + - dm-verity for essential snaps: add support for snap-integrity + assertion + - Interfaces: modify AppArmor template to allow owner read on + @{PROC}/@{pid}/fdinfo/* + - Interfaces: LP: #2072987 modify AppArmor template to allow using + setpriv to run daemon as non-root user + - Interfaces: add configfiles backend that ensures the state of + configuration files in the filesystem + - Interfaces: add ldconfig backend that exposes libraries coming + from snaps to either the rootfs or to other snaps + - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when + inside a container + - Interfaces: add auditd-support interface that grants audit_control + capability and required paths for auditd to function + - Interfaces: add checkbox-support interface that allows + unrestricted access to all devices + - Interfaces: fwupd | allow access to dell bios recovery + - Interfaces: fwupd | allow access to shim and fallback shim + - Interfaces: mount-control | add mount option validator to detect + mount option conflicts early + - Interfaces: cpu-control | add read access to /sys/kernel/irq/ + - Interfaces: locale-control | changed to be implicit on Ubuntu Core + Desktop + - Interfaces: microstack-support | support for utilizing of AMD SEV + capabilities + - Interfaces: u2f | added missing OneSpan device product IDs + - Interfaces: auditd-support | grant seccomp setpriority + - Interfaces: opengl interface | enable parsing of nvidia driver + information files + - Allow mksquashfs 'xattrs' when packing snap types os, core, base + and snapd as part of work to support non-root snap-confine + - Upstream/downstream packaging changes and build updates + - Improve error logs for malformed desktop files to also show which + desktop file is at fault + - Provide more precise error message when overriding channels with + grade during seed creation + - Expose 'snap prepare-image' validation parameter + - Add snap-seccomp 'dump' command that dumps the filter rules from a + compiled profile + - Add fallback release info location /etc/initrd-release + - Added core-initrd to snapd repo and fixed issues with ubuntu-core- + initramfs deb builds + - Remove stale robust-mount-namespace-updates experimental feature + flag + - Remove snapd-snap experimental feature (rejected) and it's feature + flag + - Changed snap-bootstrap to mount base directly on /sysroot + - Mount ubuntu-seed mounted as no-{suid,exec,dev} + - Mapping volumes to disks: add support for volume-assignments in + gadget + - Fix silently broken binaries produced by distro patchelf 0.14.3 by + using locally build patchelf 0.18 + - Fix mismatch between listed refresh candidates and actual refresh + due to outdated validation sets + - Fix 'snap get' to produce compact listing for tty + - Fix missing store-url by keeping it as part of auxiliary store + info + - Fix snap-confine attempting to retrieve device cgroup setup inside + container where it is not available + - Fix 'snap set' and 'snap get' panic on empty strings with early + error checking + - Fix logger debug entries to show correct caller and file + information + - Fix issue preventing hybrid systems from being seeded on first + boot + - LP: #1966203 remove auto-import udev rules not required by deb + package to avoid unwanted syslog errors + - LP: #1886414 fix progress reporting when stdout is on a tty, but + stdin is not + + -- Ernest Lotter Thu, 13 Feb 2025 12:42:09 +0200 + snapd (2.67.1-1) unstable; urgency=medium * New upstream release, LP: #2089691 diff --git a/packaging/fedora/snapd.spec b/packaging/fedora/snapd.spec index d765372911f..3a28f24b617 100644 --- a/packaging/fedora/snapd.spec +++ b/packaging/fedora/snapd.spec @@ -104,7 +104,7 @@ %endif Name: snapd -Version: 2.67.1 +Version: 2.68 Release: 0%{?dist} Summary: A transactional software package manager License: GPL-3.0-only @@ -1003,6 +1003,122 @@ fi %changelog +* Thu Feb 13 2025 Ernest Lotter +- New upstream release 2.68 + - FDE: add support for new and more extensible key format that is + unified between TPM and FDE hook + - FDE: add support for adding passphrases during installation + - FDE: update secboot to 30317622bbbc + - Snap components: make kernel components available on firstboot + after either initramfs or ephemeral rootfs style install + - Snap components: mount drivers tree from initramfs so kernel + modules are available in early boot stages + - Snap components: support remodeling to models that contain + components + - Snap components: support offline remodeling to models that contain + components + - Snap components: support creating new recovery systems with + components + - Snap components: support downloading components with 'snap + download' command + - Snap components: support sideloading asserted components + - AppArmor Prompting(experimental): improve version checks and + handling of listener notification protocol for communication with + kernel AppArmor + - AppArmor Prompting(experimental): make prompt replies idempotent, + and have at most one rule for any given path pattern, with + potentially mixed outcomes and lifespans + - AppArmor Prompting(experimental): timeout unresolved prompts after + a period of client inactivity + - AppArmor Prompting(experimental): return an error if a patch + request to the API would result in a rule without any permissions + - AppArmor Prompting(experimental): warn if there is no prompting + client present but prompting is enabled, or if a prompting-related + error occurs during snapd startup + - AppArmor Prompting(experimental): do not log error when converting + empty permissions to AppArmor permissions + - Confdb(experimental): rename registries to confdbs (including API + /v2/registries => /v2/confdb) + - Confdb(experimental): support marking confdb schemas as ephemeral + - Confdb(experimental): add confdb-control assertion and feature + flag + - Refresh App Awareness(experimental): LP: #2089195 prevent + possibility of incorrect notification that snap will quit and + update + - Confidential VMs: snap-bootstrap support for loading partition + information from a manifest file for cloudimg-rootfs mode + - Confidential VMs: snap-bootstrap support for setting up cloudimg- + rootfs as an overlayfs with integrity protection + - dm-verity for essential snaps: add support for snap-integrity + assertion + - Interfaces: modify AppArmor template to allow owner read on + @{PROC}/@{pid}/fdinfo/* + - Interfaces: LP: #2072987 modify AppArmor template to allow using + setpriv to run daemon as non-root user + - Interfaces: add configfiles backend that ensures the state of + configuration files in the filesystem + - Interfaces: add ldconfig backend that exposes libraries coming + from snaps to either the rootfs or to other snaps + - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when + inside a container + - Interfaces: add auditd-support interface that grants audit_control + capability and required paths for auditd to function + - Interfaces: add checkbox-support interface that allows + unrestricted access to all devices + - Interfaces: fwupd | allow access to dell bios recovery + - Interfaces: fwupd | allow access to shim and fallback shim + - Interfaces: mount-control | add mount option validator to detect + mount option conflicts early + - Interfaces: cpu-control | add read access to /sys/kernel/irq/ + - Interfaces: locale-control | changed to be implicit on Ubuntu Core + Desktop + - Interfaces: microstack-support | support for utilizing of AMD SEV + capabilities + - Interfaces: u2f | added missing OneSpan device product IDs + - Interfaces: auditd-support | grant seccomp setpriority + - Interfaces: opengl interface | enable parsing of nvidia driver + information files + - Allow mksquashfs 'xattrs' when packing snap types os, core, base + and snapd as part of work to support non-root snap-confine + - Upstream/downstream packaging changes and build updates + - Improve error logs for malformed desktop files to also show which + desktop file is at fault + - Provide more precise error message when overriding channels with + grade during seed creation + - Expose 'snap prepare-image' validation parameter + - Add snap-seccomp 'dump' command that dumps the filter rules from a + compiled profile + - Add fallback release info location /etc/initrd-release + - Added core-initrd to snapd repo and fixed issues with ubuntu-core- + initramfs deb builds + - Remove stale robust-mount-namespace-updates experimental feature + flag + - Remove snapd-snap experimental feature (rejected) and it's feature + flag + - Changed snap-bootstrap to mount base directly on /sysroot + - Mount ubuntu-seed mounted as no-{suid,exec,dev} + - Mapping volumes to disks: add support for volume-assignments in + gadget + - Fix silently broken binaries produced by distro patchelf 0.14.3 by + using locally build patchelf 0.18 + - Fix mismatch between listed refresh candidates and actual refresh + due to outdated validation sets + - Fix 'snap get' to produce compact listing for tty + - Fix missing store-url by keeping it as part of auxiliary store + info + - Fix snap-confine attempting to retrieve device cgroup setup inside + container where it is not available + - Fix 'snap set' and 'snap get' panic on empty strings with early + error checking + - Fix logger debug entries to show correct caller and file + information + - Fix issue preventing hybrid systems from being seeded on first + boot + - LP: #1966203 remove auto-import udev rules not required by deb + package to avoid unwanted syslog errors + - LP: #1886414 fix progress reporting when stdout is on a tty, but + stdin is not + * Wed Jan 15 2025 Ernest Lotter - New upstream release 2.67.1 - Fix apparmor permissions to allow snaps access to kernel modules diff --git a/packaging/opensuse/snapd.changes b/packaging/opensuse/snapd.changes index 4da1b2ccb9b..cbde948c479 100644 --- a/packaging/opensuse/snapd.changes +++ b/packaging/opensuse/snapd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Feb 13 10:42:09 UTC 2025 - ernest.lotter@canonical.com + +- Update to upstream release 2.68 + ------------------------------------------------------------------- Wed Jan 15 20:02:37 UTC 2025 - ernest.lotter@canonical.com diff --git a/packaging/opensuse/snapd.spec b/packaging/opensuse/snapd.spec index 81906b4b75d..1bed9c15e2a 100644 --- a/packaging/opensuse/snapd.spec +++ b/packaging/opensuse/snapd.spec @@ -91,7 +91,7 @@ Name: snapd -Version: 2.67.1 +Version: 2.68 Release: 0 Summary: Tools enabling systems to work with .snap files License: GPL-3.0 diff --git a/packaging/ubuntu-14.04/changelog b/packaging/ubuntu-14.04/changelog index e6b2c569c6f..6aa999c3672 100644 --- a/packaging/ubuntu-14.04/changelog +++ b/packaging/ubuntu-14.04/changelog @@ -1,3 +1,122 @@ +snapd (2.68~14.04) trusty; urgency=medium + + * New upstream release, LP: #2098137 + - FDE: add support for new and more extensible key format that is + unified between TPM and FDE hook + - FDE: add support for adding passphrases during installation + - FDE: update secboot to 30317622bbbc + - Snap components: make kernel components available on firstboot + after either initramfs or ephemeral rootfs style install + - Snap components: mount drivers tree from initramfs so kernel + modules are available in early boot stages + - Snap components: support remodeling to models that contain + components + - Snap components: support offline remodeling to models that contain + components + - Snap components: support creating new recovery systems with + components + - Snap components: support downloading components with 'snap + download' command + - Snap components: support sideloading asserted components + - AppArmor Prompting(experimental): improve version checks and + handling of listener notification protocol for communication with + kernel AppArmor + - AppArmor Prompting(experimental): make prompt replies idempotent, + and have at most one rule for any given path pattern, with + potentially mixed outcomes and lifespans + - AppArmor Prompting(experimental): timeout unresolved prompts after + a period of client inactivity + - AppArmor Prompting(experimental): return an error if a patch + request to the API would result in a rule without any permissions + - AppArmor Prompting(experimental): warn if there is no prompting + client present but prompting is enabled, or if a prompting-related + error occurs during snapd startup + - AppArmor Prompting(experimental): do not log error when converting + empty permissions to AppArmor permissions + - Confdb(experimental): rename registries to confdbs (including API + /v2/registries => /v2/confdb) + - Confdb(experimental): support marking confdb schemas as ephemeral + - Confdb(experimental): add confdb-control assertion and feature + flag + - Refresh App Awareness(experimental): LP: #2089195 prevent + possibility of incorrect notification that snap will quit and + update + - Confidential VMs: snap-bootstrap support for loading partition + information from a manifest file for cloudimg-rootfs mode + - Confidential VMs: snap-bootstrap support for setting up cloudimg- + rootfs as an overlayfs with integrity protection + - dm-verity for essential snaps: add support for snap-integrity + assertion + - Interfaces: modify AppArmor template to allow owner read on + @{PROC}/@{pid}/fdinfo/* + - Interfaces: LP: #2072987 modify AppArmor template to allow using + setpriv to run daemon as non-root user + - Interfaces: add configfiles backend that ensures the state of + configuration files in the filesystem + - Interfaces: add ldconfig backend that exposes libraries coming + from snaps to either the rootfs or to other snaps + - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when + inside a container + - Interfaces: add auditd-support interface that grants audit_control + capability and required paths for auditd to function + - Interfaces: add checkbox-support interface that allows + unrestricted access to all devices + - Interfaces: fwupd | allow access to dell bios recovery + - Interfaces: fwupd | allow access to shim and fallback shim + - Interfaces: mount-control | add mount option validator to detect + mount option conflicts early + - Interfaces: cpu-control | add read access to /sys/kernel/irq/ + - Interfaces: locale-control | changed to be implicit on Ubuntu Core + Desktop + - Interfaces: microstack-support | support for utilizing of AMD SEV + capabilities + - Interfaces: u2f | added missing OneSpan device product IDs + - Interfaces: auditd-support | grant seccomp setpriority + - Interfaces: opengl interface | enable parsing of nvidia driver + information files + - Allow mksquashfs 'xattrs' when packing snap types os, core, base + and snapd as part of work to support non-root snap-confine + - Upstream/downstream packaging changes and build updates + - Improve error logs for malformed desktop files to also show which + desktop file is at fault + - Provide more precise error message when overriding channels with + grade during seed creation + - Expose 'snap prepare-image' validation parameter + - Add snap-seccomp 'dump' command that dumps the filter rules from a + compiled profile + - Add fallback release info location /etc/initrd-release + - Added core-initrd to snapd repo and fixed issues with ubuntu-core- + initramfs deb builds + - Remove stale robust-mount-namespace-updates experimental feature + flag + - Remove snapd-snap experimental feature (rejected) and it's feature + flag + - Changed snap-bootstrap to mount base directly on /sysroot + - Mount ubuntu-seed mounted as no-{suid,exec,dev} + - Mapping volumes to disks: add support for volume-assignments in + gadget + - Fix silently broken binaries produced by distro patchelf 0.14.3 by + using locally build patchelf 0.18 + - Fix mismatch between listed refresh candidates and actual refresh + due to outdated validation sets + - Fix 'snap get' to produce compact listing for tty + - Fix missing store-url by keeping it as part of auxiliary store + info + - Fix snap-confine attempting to retrieve device cgroup setup inside + container where it is not available + - Fix 'snap set' and 'snap get' panic on empty strings with early + error checking + - Fix logger debug entries to show correct caller and file + information + - Fix issue preventing hybrid systems from being seeded on first + boot + - LP: #1966203 remove auto-import udev rules not required by deb + package to avoid unwanted syslog errors + - LP: #1886414 fix progress reporting when stdout is on a tty, but + stdin is not + + -- Ernest Lotter Thu, 13 Feb 2025 12:42:09 +0200 + snapd (2.67.1~14.04) trusty; urgency=medium * New upstream release, LP: #2089691 diff --git a/packaging/ubuntu-16.04/changelog b/packaging/ubuntu-16.04/changelog index 074aad08f3e..1d59f014fda 100644 --- a/packaging/ubuntu-16.04/changelog +++ b/packaging/ubuntu-16.04/changelog @@ -1,3 +1,122 @@ +snapd (2.68) xenial; urgency=medium + + * New upstream release, LP: #2098137 + - FDE: add support for new and more extensible key format that is + unified between TPM and FDE hook + - FDE: add support for adding passphrases during installation + - FDE: update secboot to 30317622bbbc + - Snap components: make kernel components available on firstboot + after either initramfs or ephemeral rootfs style install + - Snap components: mount drivers tree from initramfs so kernel + modules are available in early boot stages + - Snap components: support remodeling to models that contain + components + - Snap components: support offline remodeling to models that contain + components + - Snap components: support creating new recovery systems with + components + - Snap components: support downloading components with 'snap + download' command + - Snap components: support sideloading asserted components + - AppArmor Prompting(experimental): improve version checks and + handling of listener notification protocol for communication with + kernel AppArmor + - AppArmor Prompting(experimental): make prompt replies idempotent, + and have at most one rule for any given path pattern, with + potentially mixed outcomes and lifespans + - AppArmor Prompting(experimental): timeout unresolved prompts after + a period of client inactivity + - AppArmor Prompting(experimental): return an error if a patch + request to the API would result in a rule without any permissions + - AppArmor Prompting(experimental): warn if there is no prompting + client present but prompting is enabled, or if a prompting-related + error occurs during snapd startup + - AppArmor Prompting(experimental): do not log error when converting + empty permissions to AppArmor permissions + - Confdb(experimental): rename registries to confdbs (including API + /v2/registries => /v2/confdb) + - Confdb(experimental): support marking confdb schemas as ephemeral + - Confdb(experimental): add confdb-control assertion and feature + flag + - Refresh App Awareness(experimental): LP: #2089195 prevent + possibility of incorrect notification that snap will quit and + update + - Confidential VMs: snap-bootstrap support for loading partition + information from a manifest file for cloudimg-rootfs mode + - Confidential VMs: snap-bootstrap support for setting up cloudimg- + rootfs as an overlayfs with integrity protection + - dm-verity for essential snaps: add support for snap-integrity + assertion + - Interfaces: modify AppArmor template to allow owner read on + @{PROC}/@{pid}/fdinfo/* + - Interfaces: LP: #2072987 modify AppArmor template to allow using + setpriv to run daemon as non-root user + - Interfaces: add configfiles backend that ensures the state of + configuration files in the filesystem + - Interfaces: add ldconfig backend that exposes libraries coming + from snaps to either the rootfs or to other snaps + - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when + inside a container + - Interfaces: add auditd-support interface that grants audit_control + capability and required paths for auditd to function + - Interfaces: add checkbox-support interface that allows + unrestricted access to all devices + - Interfaces: fwupd | allow access to dell bios recovery + - Interfaces: fwupd | allow access to shim and fallback shim + - Interfaces: mount-control | add mount option validator to detect + mount option conflicts early + - Interfaces: cpu-control | add read access to /sys/kernel/irq/ + - Interfaces: locale-control | changed to be implicit on Ubuntu Core + Desktop + - Interfaces: microstack-support | support for utilizing of AMD SEV + capabilities + - Interfaces: u2f | added missing OneSpan device product IDs + - Interfaces: auditd-support | grant seccomp setpriority + - Interfaces: opengl interface | enable parsing of nvidia driver + information files + - Allow mksquashfs 'xattrs' when packing snap types os, core, base + and snapd as part of work to support non-root snap-confine + - Upstream/downstream packaging changes and build updates + - Improve error logs for malformed desktop files to also show which + desktop file is at fault + - Provide more precise error message when overriding channels with + grade during seed creation + - Expose 'snap prepare-image' validation parameter + - Add snap-seccomp 'dump' command that dumps the filter rules from a + compiled profile + - Add fallback release info location /etc/initrd-release + - Added core-initrd to snapd repo and fixed issues with ubuntu-core- + initramfs deb builds + - Remove stale robust-mount-namespace-updates experimental feature + flag + - Remove snapd-snap experimental feature (rejected) and it's feature + flag + - Changed snap-bootstrap to mount base directly on /sysroot + - Mount ubuntu-seed mounted as no-{suid,exec,dev} + - Mapping volumes to disks: add support for volume-assignments in + gadget + - Fix silently broken binaries produced by distro patchelf 0.14.3 by + using locally build patchelf 0.18 + - Fix mismatch between listed refresh candidates and actual refresh + due to outdated validation sets + - Fix 'snap get' to produce compact listing for tty + - Fix missing store-url by keeping it as part of auxiliary store + info + - Fix snap-confine attempting to retrieve device cgroup setup inside + container where it is not available + - Fix 'snap set' and 'snap get' panic on empty strings with early + error checking + - Fix logger debug entries to show correct caller and file + information + - Fix issue preventing hybrid systems from being seeded on first + boot + - LP: #1966203 remove auto-import udev rules not required by deb + package to avoid unwanted syslog errors + - LP: #1886414 fix progress reporting when stdout is on a tty, but + stdin is not + + -- Ernest Lotter Thu, 13 Feb 2025 12:42:09 +0200 + snapd (2.67.1) xenial; urgency=medium * New upstream release, LP: #2089691