From 3d93cdbdc3dadedbf46e2ae5b13a358362549462 Mon Sep 17 00:00:00 2001 From: Maciek Borzecki Date: Dec 27 2021 09:00:56 +0000 Subject: snapd: update to 2.54.1 Update and drop glvnd patches as those are in the upstream release now. Signed-off-by: Maciek Borzecki --- diff --git a/.gitignore b/.gitignore index 4cab908..f09e083 100644 --- a/.gitignore +++ b/.gitignore @@ -78,3 +78,5 @@ /snapd_2.53.2.only-vendor.tar.xz /snapd_2.53.4.no-vendor.tar.xz /snapd_2.53.4.only-vendor.tar.xz +/snapd_2.54.1.no-vendor.tar.xz +/snapd_2.54.1.only-vendor.tar.xz diff --git a/0001-cmd-snap-confine-do-not-include-libglvnd-libraries-f.patch b/0001-cmd-snap-confine-do-not-include-libglvnd-libraries-f.patch deleted file mode 100644 index fc90af9..0000000 --- a/0001-cmd-snap-confine-do-not-include-libglvnd-libraries-f.patch +++ /dev/null @@ -1,482 +0,0 @@ -From f4cefc704d6c46f204b0a0651379e0766d478ba5 Mon Sep 17 00:00:00 2001 -Message-Id: -From: James Henstridge -Date: Thu, 2 Dec 2021 17:39:04 +0800 -Subject: [PATCH] cmd/snap-confine: do not include libglvnd libraries from the - host system - -* cmd/snap-confine: do not include libglvnd libraries from the host system - -* tests: we no longer symlink libGLX.so - -* cmd/snap-confine: include glvnd globs for old "base: core" snaps - -Ubuntu 16.04 did not include the glvnd driver multiplexing libraries, -and the Mesa version of libGL will not function with the Nvidia X -drivers. - -While the glvnd drivers may not be compatible with the libraries in the -snap's sandbox (e.g. we know that Ubuntu 21.10's libEGL uses new glibc -symbols), it is better than the nothing working. In particular, X11 -based OpenGL apps will function, which will cover the majority of these -old snaps. - -* tests: adjust opengl-nvidia test to use its own test snap. - -Also update to run on Ubuntu 20.04, and drop 14.04. Still todo: test -against the core20 test snap. - -* cmd/libsnap-confine-private: add a unit test for sc_cleanup_shallow_strv - -Signed-off-by: Maciej Borzecki - -* tests: don't specify base for gl-core16 test snap - -* tests: show that host system GLVND libraries are not exposed to snaps using newer bases - -* tests: do not run the gl-core20 part of the test on i386 - -* tests: show that the nvidia backend drivers are still available on core20 - -* tests: adjust spread test - -* tests: add back missing canary file - -* cmd/snap-confine: only create the globs array if NVIDIA_BIARCH||NVIDIA_MULTIARCH - -Co-authored-by: Maciej Borzecki -Signed-off-by: Maciej Borzecki ---- - .../cleanup-funcs-test.c | 22 ++++++ - cmd/libsnap-confine-private/cleanup-funcs.c | 8 ++ - cmd/libsnap-confine-private/cleanup-funcs.h | 10 +++ - cmd/snap-confine/mount-support-nvidia.c | 74 +++++++++++++------ - cmd/snap-confine/mount-support-nvidia.h | 2 +- - cmd/snap-confine/mount-support.c | 2 +- - .../gl-core16/bin/run | 3 + - .../gl-core16/meta/snap.yaml | 9 +++ - .../gl-core20/bin/run | 3 + - .../gl-core20/meta/snap.yaml | 10 +++ - tests/main/interfaces-opengl-nvidia/task.yaml | 54 +++++++++----- - 11 files changed, 157 insertions(+), 40 deletions(-) - create mode 100755 tests/main/interfaces-opengl-nvidia/gl-core16/bin/run - create mode 100644 tests/main/interfaces-opengl-nvidia/gl-core16/meta/snap.yaml - create mode 100755 tests/main/interfaces-opengl-nvidia/gl-core20/bin/run - create mode 100644 tests/main/interfaces-opengl-nvidia/gl-core20/meta/snap.yaml - -diff --git a/cmd/libsnap-confine-private/cleanup-funcs-test.c b/cmd/libsnap-confine-private/cleanup-funcs-test.c -index 203193e47792e2e0833b36f51515764ae0c7807c..509df3ee8a50b24a48dad0871495cfebe56b7aef 100644 ---- a/cmd/libsnap-confine-private/cleanup-funcs-test.c -+++ b/cmd/libsnap-confine-private/cleanup-funcs-test.c -@@ -142,6 +142,27 @@ static void test_cleanup_close(void) - g_assert_cmpint(fd, ==, -1); - } - -+static void test_cleanup_shallow_strv(void) -+{ -+ /* It is safe to use with a NULL pointer */ -+ sc_cleanup_shallow_strv(NULL); -+ -+ const char **argses = NULL; -+ /* It is ok of the pointer value is NULL */ -+ sc_cleanup_shallow_strv(&argses); -+ g_assert_null(argses); -+ -+ argses = calloc(10, sizeof(char *)); -+ g_assert_nonnull(argses); -+ /* Fill with bogus pointers so attempts to free them would segfault */ -+ for (int i = 0; i < 10; i++) { -+ argses[i] = (char *)0x100 + i; -+ } -+ sc_cleanup_shallow_strv(&argses); -+ g_assert_null(argses); -+ /* If we are alive at this point, most likely only the array was free'd */ -+} -+ - static void __attribute__((constructor)) init(void) - { - g_test_add_func("/cleanup/sanity", test_cleanup_sanity); -@@ -150,4 +171,5 @@ static void __attribute__((constructor)) init(void) - g_test_add_func("/cleanup/endmntent", test_cleanup_endmntent); - g_test_add_func("/cleanup/closedir", test_cleanup_closedir); - g_test_add_func("/cleanup/close", test_cleanup_close); -+ g_test_add_func("/cleanup/shallow_strv", test_cleanup_shallow_strv); - } -diff --git a/cmd/libsnap-confine-private/cleanup-funcs.c b/cmd/libsnap-confine-private/cleanup-funcs.c -index 369235cbcc17426372427d952b7f83a16515c268..d96a2ba0f3e4c5f80bb9b7fe9e699b0262508814 100644 ---- a/cmd/libsnap-confine-private/cleanup-funcs.c -+++ b/cmd/libsnap-confine-private/cleanup-funcs.c -@@ -28,6 +28,14 @@ void sc_cleanup_string(char **ptr) - } - } - -+void sc_cleanup_shallow_strv(const char ***ptr) -+{ -+ if (ptr != NULL && *ptr != NULL) { -+ free(*ptr); -+ *ptr = NULL; -+ } -+} -+ - void sc_cleanup_file(FILE ** ptr) - { - if (ptr != NULL && *ptr != NULL) { -diff --git a/cmd/libsnap-confine-private/cleanup-funcs.h b/cmd/libsnap-confine-private/cleanup-funcs.h -index b1fee959c5920d59f67e417795e9e8441378d5e2..43ef1515c9cf8ca0c06abbe051d6c8e73261c92f 100644 ---- a/cmd/libsnap-confine-private/cleanup-funcs.h -+++ b/cmd/libsnap-confine-private/cleanup-funcs.h -@@ -40,6 +40,16 @@ - **/ - void sc_cleanup_string(char **ptr); - -+/** -+ * Shallow free a dynamically allocated string vector. -+ * -+ * The strings in the vector will not be freed. -+ * This function is designed to be used with SC_CLEANUP() macro. -+ * The variable MUST be initialized for correct operation. -+ * The safe initialisation value is NULL. -+ */ -+void sc_cleanup_shallow_strv(const char ***ptr); -+ - /** - * Close an open file. - * -diff --git a/cmd/snap-confine/mount-support-nvidia.c b/cmd/snap-confine/mount-support-nvidia.c -index 2968e1f21a44c2c9d5ba2698afcb525ae91da7fc..75f7265f1bde49beac5725f3b2bf2a755479476c 100644 ---- a/cmd/snap-confine/mount-support-nvidia.c -+++ b/cmd/snap-confine/mount-support-nvidia.c -@@ -81,19 +81,10 @@ static const size_t egl_vendor_globs_len = - // FIXME: this doesn't yet work with libGLX and libglvnd redirector - // FIXME: this still doesn't work with the 361 driver - static const char *nvidia_globs[] = { -- "libEGL.so*", - "libEGL_nvidia.so*", -- "libGL.so*", -- "libOpenGL.so*", -- "libGLESv1_CM.so*", - "libGLESv1_CM_nvidia.so*", -- "libGLESv2.so*", - "libGLESv2_nvidia.so*", -- "libGLX_indirect.so*", - "libGLX_nvidia.so*", -- "libGLX.so*", -- "libGLdispatch.so*", -- "libGLU.so*", - "libXvMCNVIDIA.so*", - "libXvMCNVIDIA_dynamic.so*", - "libnvidia-cfg.so*", -@@ -162,6 +153,21 @@ static const char *nvidia_globs[] = { - static const size_t nvidia_globs_len = - sizeof nvidia_globs / sizeof *nvidia_globs; - -+static const char *glvnd_globs[] = { -+ "libEGL.so*", -+ "libGL.so*", -+ "libOpenGL.so*", -+ "libGLESv1_CM.so*", -+ "libGLESv2.so*", -+ "libGLX_indirect.so*", -+ "libGLX.so*", -+ "libGLdispatch.so*", -+ "libGLU.so*", -+}; -+ -+static const size_t glvnd_globs_len = -+ sizeof glvnd_globs / sizeof *glvnd_globs; -+ - #endif // defined(NVIDIA_BIARCH) || defined(NVIDIA_MULTIARCH) - - // Populate libgl_dir with a symlink farm to files matching glob_list. -@@ -351,7 +357,7 @@ static void sc_mkdir_and_mount_and_glob_files(const char *rootfs_dir, - // - // In non GLVND cases we just copy across the exposed libGLs and NVIDIA - // libraries from wherever we find, and clobbering is also harmless. --static void sc_mount_nvidia_driver_biarch(const char *rootfs_dir) -+static void sc_mount_nvidia_driver_biarch(const char *rootfs_dir, const char **globs, size_t globs_len) - { - - const char *native_sources[] = { -@@ -374,14 +380,14 @@ static void sc_mount_nvidia_driver_biarch(const char *rootfs_dir) - // Primary arch - sc_mkdir_and_mount_and_glob_files(rootfs_dir, - native_sources, native_sources_len, -- SC_LIBGL_DIR, nvidia_globs, -- nvidia_globs_len); -+ SC_LIBGL_DIR, globs, -+ globs_len); - - #if UINTPTR_MAX == 0xffffffffffffffff - // Alternative 32-bit support - sc_mkdir_and_mount_and_glob_files(rootfs_dir, lib32_sources, - lib32_sources_len, SC_LIBGL32_DIR, -- nvidia_globs, nvidia_globs_len); -+ globs, globs_len); - #endif - } - -@@ -501,7 +507,7 @@ static int sc_mount_nvidia_is_driver_in_dir(const char *dir) - return 0; - } - --static void sc_mount_nvidia_driver_multiarch(const char *rootfs_dir) -+static void sc_mount_nvidia_driver_multiarch(const char *rootfs_dir, const char **globs, size_t globs_len) - { - const char *native_libdir = NATIVE_LIBDIR "/" HOST_ARCH_TRIPLET; - const char *lib32_libdir = NATIVE_LIBDIR "/" HOST_ARCH32_TRIPLET; -@@ -519,8 +525,8 @@ static void sc_mount_nvidia_driver_multiarch(const char *rootfs_dir) - sc_mkdir_and_mount_and_glob_files(rootfs_dir, - native_sources, - native_sources_len, -- SC_LIBGL_DIR, nvidia_globs, -- nvidia_globs_len); -+ SC_LIBGL_DIR, globs, -+ globs_len); - - // Alternative 32-bit support - if ((strlen(HOST_ARCH32_TRIPLET) > 0) && -@@ -536,8 +542,8 @@ static void sc_mount_nvidia_driver_multiarch(const char *rootfs_dir) - lib32_sources, - lib32_sources_len, - SC_LIBGL32_DIR, -- nvidia_globs, -- nvidia_globs_len); -+ globs, -+ globs_len); - } - } else { - // Attempt mount of both the native and 32-bit variants of the driver if they exist -@@ -576,7 +582,7 @@ static void sc_mount_egl(const char *rootfs_dir) - egl_vendor_globs_len); - } - --void sc_mount_nvidia_driver(const char *rootfs_dir) -+void sc_mount_nvidia_driver(const char *rootfs_dir, const char *base_snap_name) - { - /* If NVIDIA module isn't loaded, don't attempt to mount the drivers */ - if (access(SC_NVIDIA_DRIVER_VERSION_FILE, F_OK) != 0) { -@@ -593,11 +599,37 @@ void sc_mount_nvidia_driver(const char *rootfs_dir) - die("cannot change ownership of " SC_LIB); - } - (void)sc_set_effective_identity(old); -+ -+#if defined(NVIDIA_BIARCH) || defined(NVIDIA_MULTIARCH) -+ /* We include the globs for the glvnd libraries for old snaps -+ * based on core, Ubuntu 16.04 did not include glvnd itself. -+ * -+ * While there is no guarantee that the host system's glvnd -+ * libGL will be compatible (as it is built with the host -+ * system's glibc), the Mesa libGL included with the snap will -+ * definitely not be compatible (as it expects to find the Mesa -+ * implementation of the GLX extension).. -+ */ -+ const char **globs = nvidia_globs; -+ size_t globs_len = nvidia_globs_len; -+ const char **full_globs SC_CLEANUP(sc_cleanup_shallow_strv) = NULL; -+ if (sc_streq(base_snap_name, "core")) { -+ full_globs = malloc(sizeof nvidia_globs + sizeof glvnd_globs); -+ if (full_globs == NULL) { -+ die("cannot allocate globs array"); -+ } -+ memcpy(full_globs, nvidia_globs, sizeof nvidia_globs); -+ memcpy(&full_globs[nvidia_globs_len], glvnd_globs, sizeof glvnd_globs); -+ globs = full_globs; -+ globs_len = nvidia_globs_len + glvnd_globs_len; -+ } -+#endif -+ - #ifdef NVIDIA_MULTIARCH -- sc_mount_nvidia_driver_multiarch(rootfs_dir); -+ sc_mount_nvidia_driver_multiarch(rootfs_dir, globs, globs_len); - #endif // ifdef NVIDIA_MULTIARCH - #ifdef NVIDIA_BIARCH -- sc_mount_nvidia_driver_biarch(rootfs_dir); -+ sc_mount_nvidia_driver_biarch(rootfs_dir, globs, globs_len); - #endif // ifdef NVIDIA_BIARCH - - // Common for both driver mechanisms -diff --git a/cmd/snap-confine/mount-support-nvidia.h b/cmd/snap-confine/mount-support-nvidia.h -index 56ec893f6c7d8c1cecfd0a16c17add2540bfb32b..9835fb42665b1e2c65a9b557c81e73e2f296aceb 100644 ---- a/cmd/snap-confine/mount-support-nvidia.h -+++ b/cmd/snap-confine/mount-support-nvidia.h -@@ -43,6 +43,6 @@ - * /usr/lib directory on the classic filesystem. After the pivot_root() call - * those symlinks rely on the /var/lib/snapd/hostfs directory as a "gateway". - **/ --void sc_mount_nvidia_driver(const char *rootfs_dir); -+void sc_mount_nvidia_driver(const char *rootfs_dir, const char *base_snap_name); - - #endif -diff --git a/cmd/snap-confine/mount-support.c b/cmd/snap-confine/mount-support.c -index 44dea9d9550b047f169b47647276c73425e4f7b6..d5331b2eebb1e612955131f66b6be7f6f217da15 100644 ---- a/cmd/snap-confine/mount-support.c -+++ b/cmd/snap-confine/mount-support.c -@@ -494,7 +494,7 @@ static void sc_bootstrap_mount_namespace(const struct sc_mount_config *config) - // code changes the nvidia code assumes it has access to the existing - // pre-pivot filesystem. - if (config->distro == SC_DISTRO_CLASSIC) { -- sc_mount_nvidia_driver(scratch_dir); -+ sc_mount_nvidia_driver(scratch_dir, config->base_snap_name); - } - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // pivot_root -diff --git a/tests/main/interfaces-opengl-nvidia/gl-core16/bin/run b/tests/main/interfaces-opengl-nvidia/gl-core16/bin/run -new file mode 100755 -index 0000000000000000000000000000000000000000..f07e1ec43b397bf78af6a20ab96a3d4cee87317f ---- /dev/null -+++ b/tests/main/interfaces-opengl-nvidia/gl-core16/bin/run -@@ -0,0 +1,3 @@ -+#!/bin/sh -+PS1='$ ' -+exec "$@" -diff --git a/tests/main/interfaces-opengl-nvidia/gl-core16/meta/snap.yaml b/tests/main/interfaces-opengl-nvidia/gl-core16/meta/snap.yaml -new file mode 100644 -index 0000000000000000000000000000000000000000..83851c75ef120a19d186c25ad421d5a06d6a876a ---- /dev/null -+++ b/tests/main/interfaces-opengl-nvidia/gl-core16/meta/snap.yaml -@@ -0,0 +1,9 @@ -+name: gl-core16 -+version: 1.0 -+summary: Test snap that plugs opengl and uses the core base snap -+confinement: strict -+ -+apps: -+ gl-core16: -+ command: bin/run -+ plugs: [ opengl ] -diff --git a/tests/main/interfaces-opengl-nvidia/gl-core20/bin/run b/tests/main/interfaces-opengl-nvidia/gl-core20/bin/run -new file mode 100755 -index 0000000000000000000000000000000000000000..f07e1ec43b397bf78af6a20ab96a3d4cee87317f ---- /dev/null -+++ b/tests/main/interfaces-opengl-nvidia/gl-core20/bin/run -@@ -0,0 +1,3 @@ -+#!/bin/sh -+PS1='$ ' -+exec "$@" -diff --git a/tests/main/interfaces-opengl-nvidia/gl-core20/meta/snap.yaml b/tests/main/interfaces-opengl-nvidia/gl-core20/meta/snap.yaml -new file mode 100644 -index 0000000000000000000000000000000000000000..422f183b8316d0dd32bac76e9d83fdc953c02645 ---- /dev/null -+++ b/tests/main/interfaces-opengl-nvidia/gl-core20/meta/snap.yaml -@@ -0,0 +1,10 @@ -+name: gl-core20 -+version: 1.0 -+summary: Test snap that plugs opengl and uses the core20 base snap -+confinement: strict -+base: core20 -+ -+apps: -+ gl-core20: -+ command: bin/run -+ plugs: [ opengl ] -diff --git a/tests/main/interfaces-opengl-nvidia/task.yaml b/tests/main/interfaces-opengl-nvidia/task.yaml -index 0767c587b4f8231c0deb7df4236de32ebc84e788..bad3ed4e3acfb8f603d676d6ab66a5584e3767b3 100644 ---- a/tests/main/interfaces-opengl-nvidia/task.yaml -+++ b/tests/main/interfaces-opengl-nvidia/task.yaml -@@ -1,6 +1,6 @@ - summary: Ensure that basic opengl works with faked nvidia - --systems: [ubuntu-14.04-*, ubuntu-16.04-*, ubuntu-18.04-*] -+systems: [ubuntu-16.04-*, ubuntu-18.04-*, ubuntu-20.04-*] - - environment: - NV_VERSION/stable: "123.456" -@@ -18,7 +18,7 @@ prepare: | - mkdir -p /usr/share/vulkan/icd.d - echo "canary-vulkan" > /usr/share/vulkan/icd.d/nvidia_icd.json - -- if os.query is-bionic; then -+ if ! os.query is-xenial; then - # mock GLVND EGL vendor file - echo "Test GLVND EGL vendor files access" - mkdir -p /usr/share/glvnd/egl_vendor.d -@@ -26,7 +26,7 @@ prepare: | - fi - - # mock nvidia libraries -- if os.query is-bionic; then -+ if ! os.query is-xenial; then - mkdir -p /usr/lib/"$(dpkg-architecture -qDEB_HOST_MULTIARCH)"/tls - mkdir -p /usr/lib/"$(dpkg-architecture -qDEB_HOST_MULTIARCH)"/vdpau - echo "canary-triplet" >> /usr/lib/"$(dpkg-architecture -qDEB_HOST_MULTIARCH)"/libGLX.so.0.0.1 -@@ -69,7 +69,7 @@ restore: | - umount -t tmpfs /sys/module - rm -rf /usr/share/vulkan - -- if os.query is-bionic; then -+ if ! os.query is-xenial; then - rm -rf /usr/share/glvnd/egl_vendor.d/10_nvidia.json - rm -rf /usr/lib/"$(dpkg-architecture -qDEB_HOST_MULTIARCH)"/tls - rm -rf /usr/lib/"$(dpkg-architecture -qDEB_HOST_MULTIARCH)"/vdpau -@@ -90,35 +90,55 @@ restore: | - rm -rf /usr/lib32/nvidia-123 - - execute: | -- "$TESTSTOOLS"/snaps-state install-local test-snapd-policy-app-consumer -+ "$TESTSTOOLS"/snaps-state install-local gl-core16 - - echo "When the interface is connected" -- snap connect test-snapd-policy-app-consumer:opengl core:opengl -+ snap connect gl-core16:opengl core:opengl - - echo "App can access nvidia library files" -- expected="canary-legacy" -- if os.query is-bionic; then -- expected="canary-triplet" -+ expected="canary-triplet" -+ if os.query is-xenial; then -+ expected="canary-legacy" - fi - files="libGLX.so.0.0.1 libGLX_nvidia.so.0.0.1 libnvidia-glcore.so.$NV_VERSION tls/libnvidia-tls.so.$NV_VERSION libnvidia-tls.so.$NV_VERSION vdpau/libvdpau_nvidia.so.$NV_VERSION" - for f in $files; do -- snap run test-snapd-policy-app-consumer.opengl -c "cat /var/lib/snapd/lib/gl/$f" | MATCH "$expected" -+ gl-core16 cat "/var/lib/snapd/lib/gl/$f" | MATCH "$expected" - done - - if os.query is-pc-amd64; then -- expected32="canary-32-legacy" -- if os.query is-bionic; then -- expected32="canary-32-triplet" -+ expected32="canary-32-triplet" -+ if os.query is-xenial; then -+ expected32="canary-32-legacy" - fi - for f in $files; do -- snap run test-snapd-policy-app-consumer.opengl -c "cat /var/lib/snapd/lib/gl32/$f" | MATCH "$expected32" -+ gl-core16 cat "/var/lib/snapd/lib/gl32/$f" | MATCH "$expected32" - done - fi - - echo "And vulkan ICD file" -- snap run test-snapd-policy-app-consumer.opengl -c "cat /var/lib/snapd/lib/vulkan/icd.d/nvidia_icd.json" | MATCH canary-vulkan -+ gl-core16 cat /var/lib/snapd/lib/vulkan/icd.d/nvidia_icd.json | MATCH canary-vulkan - -- if os.query is-bionic; then -+ if ! os.query is-xenial; then - echo "And GLVND EGL vendor file" -- snap run test-snapd-policy-app-consumer.opengl -c "cat /var/lib/snapd/lib/glvnd/egl_vendor.d/10_nvidia.json" | MATCH canary-egl -+ gl-core16 cat /var/lib/snapd/lib/glvnd/egl_vendor.d/10_nvidia.json | MATCH canary-egl -+ fi -+ -+ # There is no core20 snap on i386, so the following tests will not -+ # function there. -+ if os.query is-pc-i386; then -+ exit 0 -+ fi -+ -+ echo "For host systems using glvnd, the glvnd libraries are not exposed to snaps using newer bases" -+ "$TESTSTOOLS"/snaps-state install-local gl-core20 -+ snap connect gl-core20:opengl core:opengl -+ -+ echo "While glvnd frontend libraries are not available, the backend nvidia drivers are" -+ if ! os.query is-xenial; then -+ not gl-core20 test -f /var/lib/snapd/lib/gl/libGLX.so.0.0.1 -+ gl-core20 cat /var/lib/snapd/lib/gl/libGLX_nvidia.so.0.0.1 | MATCH canary-triplet -+ if os.query is-pc-amd64; then -+ not gl-core20 cat /var/lib/snapd/lib/gl32/libGLX.so.0.0.1 -+ gl-core20 cat /var/lib/snapd/lib/gl32/libGLX_nvidia.so.0.0.1 | MATCH canary-32-triplet -+ fi - fi --- -2.34.1 - diff --git a/snapd.spec b/snapd.spec index 4126b69..9f7cede 100644 --- a/snapd.spec +++ b/snapd.spec @@ -85,15 +85,13 @@ %{!?_systemd_system_env_generator_dir: %global _systemd_system_env_generator_dir %{_prefix}/lib/systemd/system-environment-generators} Name: snapd -Version: 2.53.4 +Version: 2.54.1 Release: 1%{?dist} Summary: A transactional software package manager License: GPLv3 URL: https://%{provider_prefix} Source0: https://%{provider_prefix}/releases/download/%{version}/%{name}_%{version}.no-vendor.tar.xz Source1: https://%{provider_prefix}/releases/download/%{version}/%{name}_%{version}.only-vendor.tar.xz -# cherry picked from https://github.com/snapcore/snapd/commit/f4cefc704d6c46f204b0a0651379e0766d478ba5 -Patch0: 0001-cmd-snap-confine-do-not-include-libglvnd-libraries-f.patch %if 0%{?with_goarches} # e.g. el6 has ppc64 arch without gcc-go, so EA tag is required @@ -586,7 +584,7 @@ popd # Build systemd units, dbus services, and env files pushd ./data -make BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" \ +make BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" DATADIR="%{_datadir}" \ SYSTEMDSYSTEMUNITDIR="%{_unitdir}" \ SNAP_MOUNT_DIR="%{_sharedstatedir}/snapd/snap" \ SNAPD_ENVIRONMENT_FILE="%{_sysconfdir}/sysconfig/snapd" @@ -667,7 +665,7 @@ popd # Install all systemd and dbus units, and env files pushd ./data -%make_install BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" \ +%make_install BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" DATADIR="%{_datadir}" \ SYSTEMDSYSTEMUNITDIR="%{_unitdir}" SYSTEMDUSERUNITDIR="%{_userunitdir}" \ SNAP_MOUNT_DIR="%{_sharedstatedir}/snapd/snap" \ SNAPD_ENVIRONMENT_FILE="%{_sysconfdir}/sysconfig/snapd" @@ -804,6 +802,7 @@ popd %{_datadir}/dbus-1/system.d/snapd.system-services.conf %{_datadir}/polkit-1/actions/io.snapcraft.snapd.policy %{_datadir}/applications/io.snapcraft.SessionAgent.desktop +%{_datadir}/fish/vendor_conf.d/snapd.fish %{_sysconfdir}/xdg/autostart/snap-userd-autostart.desktop %config(noreplace) %{_sysconfdir}/sysconfig/snapd %dir %{_sharedstatedir}/snapd @@ -835,6 +834,8 @@ popd # this is typically owned by zsh, but we do not want to explicitly require zsh %dir %{_datadir}/zsh %dir %{_datadir}/zsh/site-functions +# similar case for fish +%dir %{_datadir}/fish/vendor_conf.d %files -n snap-confine %doc cmd/snap-confine/PORTING @@ -943,6 +944,349 @@ fi %changelog +* Mon Dec 27 2021 Maciek Borzecki - 2.54.1-1 +- Release 2.54.1 to Fedora and EPEL +- Fixes for RHBZ#2035664 + +* Mon Dec 20 2021 Michael Vogt +- New upstream release 2.54.1 + - buid-aux: set version before calling ./generate-packaging-dir + This fixes the "dirty" suffix in the auto-generated version + +* Fri Dec 17 2021 Michael Vogt +- New upstream release 2.54 + - interfaces/builtin/opengl.go: add boot_vga sys/devices file + - o/configstate/configcore: add tmpfs.size option + - tests: moving to manual opensuse 15.2 + - cmd/snap-device-helper: bring back the device type identification + behavior, but for remove action fallback only + - cmd/snap-failure: use snapd from the snapd snap if core is not + present + - tests/core/failover: enable the test on core18 + - o/devicestate: ensure proper order when remodel does a simple + switch-snap-channel + - builtin/interfaces: add shared memory interface + - overlord: extend kernel/base success and failover with bootenv + checks + - o/snapstate: check disk space w/o store if possible + - snap-bootstrap: Mount snaps read only + - gadget/install: do not re-create partitions using OnDiskVolume + after deletion + - many: fix formatting w/ latest go version + - devicestate,timeutil: improve logging of NTP sync + - tests/main/security-device-cgroups-helper: more debugs + - cmd/snap: print a placeholder for version of broken snaps + - o/snapstate: mock system with classic confinement support + - cmd: Fixup .clangd to use correct syntax + - tests: run spread tests in fedora-35 + - data/selinux: allow snapd to access /etc/modprobe.d + - mount-control: step 2 + - daemon: add multiple snap sideload to API + - tests/lib/pkgdb: install dbus-user-session during prepare, drop + dbus-x11 + - systemd: provide more detailed errors for unimplemented method in + emulation mode + - tests: avoid checking TRUST_TEST_KEYS on restore on remodel-base + test + - tests: retry umounting /var/lib/snapd/seed on uc20 on fsck-on-boot + test + - o/snapstate: add hide/expose snap data to backend + - interfaces: kernel-module-load + - snap: add support for `snap watch + --last={revert,enable,disable,switch}` + - tests/main/security-udev-input-subsystem: drop info from udev + - tests/core/kernel-and-base-single-reboot-failover, + tests/lib/fakestore: verify failover scenario + - tests/main/security-device-cgroups-helper: collect some debug info + when the test fails + - tests/nested/manual/core20-remodel: wait for device to have a + serial before starting a remodel + - tests/main/generic-unregister: test re-registration if not blocked + - o/snapstate, assertsate: validation sets/undo on partial failure + - tests: ensure snapd can be downloaded as a module + - snapdtool, many: support additional key/value flags in info file + - data/env: improve fish shell env setup + - usersession/client: provide a way for client to send messages to a + subset of users + - tests: verify that simultaneous refresh of kernel and base + triggers a single reboot only + - devicestate: Unregister deletes the device key pair as well + - daemon,tests: support forgetting device serial via API + - asserts: change behavior of alternative attribute matcher + - configcore: relax validation rules for hostname + - cmd/snap-confine: do not include libglvnd libraries from the host + system + - overlord, tests: add managers and a spread test for UC20 to UC22 + remodel + - HACKING.md: adjust again for building the snapd snap + - systemd: add support for systemd unit alias names + - o/snapstate: add InstallPathMany + - gadget: allow EnsureLayoutCompatibility to ensure disk has all + laid out structsnow reject/fail: + - packaging/ubuntu, packaging/debian: depend on dbus-session-bus + provider (#11111) + - interfaces/interfaces/scsi_generic: add interface for scsi generic + de… (#10936) + - osutil/disks/mockdisk.go: add MockDevicePathToDiskMapping + - interfaces/microstack-support: set controlsDeviceCgroup to true + - network-setup-control: add netplan generate D-Bus rules + - interface/builtin/log_observe: allow to access /dev/kmsg + - .github/workflows/test.yaml: restore failing of spread tests on + errors (nested) + - gadget: tweaks to DiskStructureDeviceTraits + expand test cases + - tests/lib/nested.sh: allow tests to use their own core18 in extra- + snaps-path + - interfaces/browser-support: Update rules for Edge + - o/devicestate: during remodel first check pending download tasks + for snaps + - polkit: add a package to validate polkit policy files + - HACKING.md: document building the snapd snap and splicing it into + the core snap + - interfaces/udev: fix installing snaps inside lxd in 21.10 + - o/snapstate: refactor disk space checks + - tests: add (strict) microk8s smoke test + - osutil/strace: try to enable strace on more arches + - cmd/libsnap-confine-private: fix snap-device-helper device allow + list modification on cgroup v2 + - tests/main/snapd-reexec-snapd-snap: improve debugging + - daemon: write formdata file parts to snaps dir + - systemd: add support for .target units + - tests: run snap-disconnect on uc16 + - many: add experimental setting to allow using ~/.snap/data instead + of ~/snap + - overlord/snapstate: perform a single reboot when updating boot + base and kernel + - kernel/fde: add DeviceUnlockKernelHookDeviceMapperBackResolver, + use w/ disks pkg + - o/devicestate: introduce DeviceManager.Unregister + - interfaces: allow receiving PropertiesChanged on the mpris plug + - tests: new tool used to retrieve data from mongo db + - daemon: amend ssh keys coming from the store + - tests: Include the tools from snapd-testing-tools project in + "$TESTSTOOLS" + - tests: new workflow step used to report spread error to mongodb + - interfaces/builtin/dsp: update proc files for ambarella flavor + - gadget: replace ondisk implementation with disks package, refactor + part calcs + - tests: Revert "tests: disable flaky uc18 tests until systemd is + fixed" + - Revert: "many: Vendor apparmor-3.0.3 into the snapd snap" + - asserts: rename "white box" to "clear box" (woke checker) + - many: Vendor apparmor-3.0.3 into the snapd snap + - tests: reorganize the debug-each on the spread.yaml + - packaging: sync with downstream packaging in Fedora and openSUSE + - tests: disable flaky uc18 tests until systemd is fixed + - data/env: provide profile setup for fish shell + - tests: use ubuntu-image 1.11 from stable channel + - gadget/gadget.go: include disk schema in the disk device volume + traits too + - tests/main/security-device-cgroups-strict-enforced: extend the + comments + - README.md: point at bugs.launchpad.net/snapd instead of snappy + project + - osutil/disks: introduce RegisterDeviceMapperBackResolver + use for + crypt-luks2 + - packaging: make postrm script robust against `rm` failures + - tests: print extra debug on auto-refresh-gating test failure + - o/assertstate, api: move enforcing/monitoring from api to + assertstate, save history + - tests: skip the test-snapd-timedate-control-consumer.date to avoid + NTP sync error + - gadget/install: use disks functions to implement deviceFromRole, + also rename + - tests: the `lxd` test is failing right now on 21.10 + - o/snapstate: account for deleted revs when undoing install + - interfaces/builtin/block_devices: allow blkid to print block + device attributes + - gadget: include size + sector-size in DiskVolumeDeviceTraits + - cmd/libsnap-confine-private: do not deny all devices when reusing + the device cgroup + - interfaces/builtin/time-control: allow pps access + - o/snapstate/handlers: propagate read errors on "copy-snap-data" + - osutil/disks: add more fields to Partition, populate them during + discovery + - interfaces/u2f-devices: add Trezor and Trezor v2 keys + - interfaces: timezone-control, add permission for ListTimezones + DBus call + - o/snapstate: remove repeated test assertions + - tests: skip `snap advise-command` test if the store is overloaded + - cmd: create ~/snap dir with 0700 perms + - interfaces/apparmor/template.go: allow udevadm from merged usr + systems + - github: leave a comment documenting reasons for pipefail + - github: enable pipefail when running spread + - osutil/disks: add DiskFromPartitionDeviceNode + - gadget, many: add model param to Update() + - cmd/snap-seccomp: add riscv64 support + - o/snapstate: maintain a RevertStatus map in SnapState + - tests: enable lxd tests on impish system + - tests: (partially) revert the memory limits PR#r10241 + - o/assertstate: functions for handling validation sets tracking + history + - tests: some improvements for the spread log parser + - interfaces/network-manager-observe: Update for libnm / dart + clients + - tests: add ntp related debug around "auto-refresh" test + - boot: expand on the fact that reseal taking modeenv is very + intentional + - cmd/snap-seccomp/syscalls: update syscalls to match libseccomp + abad8a8f4 + - data/selinux: update the policy to allow snapd to talk to + org.freedesktop.timedate1 + - o/snapstate: keep old revision if install doesn't add new one + - overlord/state: add a unit test for a kernel+base refresh like + sequence + - desktop, usersession: observe notifications + - osutil/disks: add AllPhysicalDisks() + - timeutil,deviceutil: fix unit tests on systems without dbus or + without ntp-sync + - cmd/snap-bootstrap/README: explain all the things (well most of + them anyways) + - docs: add run-checks dependency install instruction + - o/snapstate: do not prune refresh-candidates if gate-auto-refresh- + hook feature is not enabled + - o/snapstate: test relink remodel helpers do a proper subset of + doInstall and rework the verify*Tasks helpers + - tests/main/mount-ns: make the test run early + - tests: add `--debug` to netplan apply + - many: wait for up to 10min for NTP synchronization before + autorefresh + - tests: initialize CHANGE_ID in _wait_autorefresh + - sandbox/cgroup: freeze and thaw cgroups related to services and + scopes only + - tests: add more debug around qemu-nbd + - o/hookstate: print cohort with snapctl refresh --pending (#10985) + - tests: misc robustness changes + - o/snapstate: improve install/update tests (#10850) + - tests: clean up test tools + - spread.yaml: show `journalctl -e` for all suites on debug + - tests: give interfaces-udisks2 more time for the loop device to + appear + - tests: set memory limit for snapd + - tests: increase timeout/add debug around nbd0 mounting (up, see + LP:#1949513) + - snapstate: add debug message where a snap is mounted + - tests: give nbd0 more time to show up in preseed-lxd + - interfaces/dsp: add more ambarella things + - cmd/snap: improve snap disconnect arg parsing and err msg + - tests: disable nested lxd snapd testing + - tests: disable flaky "interfaces-udisks2" on ubuntu-18.04-32 + - o/snapstate: avoid validationSetsSuite repeating snapmgrTestSuite + - sandbox/cgroup: wait for start transient unit job to finish + - o/snapstate: fix task order, tweak errors, add unit tests for + remodel helpers + - osutil/disks: re-org methods for end of usable region, size + information + - build-aux: ensure that debian packaging matches build-base + - docs: update HACKING.md instructions for snapd 2.52 and later + - spread: run lxd tests with version from latest/edge + - interfaces: suppress denial of sys_module capability + - osutil/disks: add methods to replace gadget/ondisk functions + - tests: split test tools - part 1 + - tests: fix nested tests on uc20 + - data/selinux: allow snap-confine to read udev's database + - i/b/common_test: refactor AppArmor features test + - tests: run spread tests on debian 11 + - o/devicestate: copy timesyncd clock timestamp during install + - interfaces/builtin: do not probe parser features when apparmor + isn't available + - interface/modem-manager: allow connecting to the mbim/qmi proxy + - tests: fix error message in run-checks + - tests: spread test for validation sets enforcing + - cmd/snap-confine: lazy set up of device cgroup, only when devices + were assigned + - o/snapstate: deduplicate snap names in remove/install/update + - tests/main/selinux-data-context: use session when performing + actions as test user + - packaging/opensuse: sync with openSUSE packaging, enable AppArmor + on 15.3+ + - interfaces: skip connection of netlink interface on older + systems + - asserts, o/snapstate: honor IgnoreValidation flag when checking + installed snaps + - tests/main/apparmor-batch-reload: fix fake apparmor_parser to + handle --preprocess + - sandbox/apparmor, interfaces/apparmor: detect bpf capability, + generate snippet for s-c + - release-tools/repack-debian-tarball.sh: fix c-vendor dir + - tests: test for enforcing with prerequisites + - tests/main/snapd-sigterm: fix race conditions + - spread: run lxd tests with version from latest/stable + - run-checks: remove --spread from help message + - secboot: use latest secboot with tpm legacy platform and v2 fully + optional + - tests/lib/pkgdb: install strace on Debian 11 and Sid + - tests: ensure systemd-timesyncd is installed on debian + - interfaces/u2f-devices: add Nitrokey 3 + - tests: update the ubuntu-image channel to candidate + - osutil/disks/labels: simplify decoding algorithm + - tests: not testing lxd snap anymore on i386 architecture + - o/snapstate, hookstate: print remaining hold time on snapctl + --hold + - cmd/snap: support --ignore-validation with snap install client + command + - tests/snapd-sigterm: be more robust against service restart + - tests: simplify mock script for apparmor_parser + - o/devicestate, o/servicestate: update gadget assets and cmdline + when remodeling + - tests/nested/manual/refresh-revert-fundamentals: re-enable + encryption + - osutil/disks: fix bug in BlkIDEncodeLabel, add BlkIDDecodeLabel + - gadget, osutil/disks: fix some bugs from prior PR'sin the dir. + - secboot: revert move to new version (revert #10715) + - cmd/snap-confine: die when snap process is outside of snap + specific cgroup + - many: mv MockDeviceNameDisksToPartitionMapping -> + MockDeviceNameToDiskMapping + - interfaces/builtin: Add '/com/canonical/dbusmenu' path access to + 'unity7' interface + - interfaces/builtin/hardware-observer: add /proc/bus/input/devices + too + - osutil/disks, many: switch to defining Partitions directly for + MockDiskMapping + - tests: remove extra-snaps-assertions test + - interface/modem-manager: add accept for MBIM/QMI proxy clients + - tests/nested/core/core20-create-recovery: fix passing of data to + curl + - daemon: allow enabling enforce mode + - daemon: use the syscall connection to get the socket credentials + - i/builtin/kubernetes_support: add access to Calico lock file + - osutil: ensure parent dir is opened and sync'd + - tests: using test-snapd-curl snap instead of http snap + - overlord: add managers unit test demonstrating cyclic dependency + between gadget and kernel updates + - gadget/ondisk.go: include the filesystem UUID in the returned + OnDiskVolume + - packaging: fixes for building on openSUSE + - o/configcore: allow hostnames up to 253 characters, with dot- + delimited elements + - gadget/ondisk.go: add listBlockDevices() to get all block devices + on a system + - gadget: add mapping trait types + functions to save/load + - interfaces: add polkit security backend + - cmd/snap-confine/snap-confine.apparmor.in: update ld rule for + s390x impish + - tests: merge coverage results + - tests: remove "features" from fde-setup.go example + - fde: add new device-setup support to fde-setup + - gadget: add `encryptedDevice` and add encryptedDeviceLUKS + - spread: use `bios: uefi` for uc20 + - client: fail fast on non-retryable errors + - tests: support running all spread tests with experimental features + - tests: check that a snap that doesn't have gate-auto-refresh hook + can call --proceed + - o/snapstate: support ignore-validation flag when updating to a + specific snap revision + - o/snapstate: test prereq update if started by old version + - tests/main: disable cgroup-devices-v1 and freezer tests on 21.10 + - tests/main/interfaces-many: run both variants on all possible + Ubuntu systems + - gadget: mv ensureLayoutCompatibility to gadget proper, add + gadgettest pkg + - many: replace state.State restart support with overlord/restart + - overlord: fix generated snap-revision assertions in remodel unit + tests + * Wed Dec 8 2021 Maciek Borzecki - 2.53.4-1 - Release 2.53.4 to Fedora - Cherry pick for nvidia glvnd incompatibility diff --git a/sources b/sources index 94665f7..be73875 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (snapd_2.53.4.no-vendor.tar.xz) = 2dad47146eaa1f41cd6ea40432cd7a118ca4ceeebe512fa22a722c185e8cd1fb347c935fed86cefd37e0628b54c538bbdddc3e816a14ca3e42c0fa1f3da78302 -SHA512 (snapd_2.53.4.only-vendor.tar.xz) = d6295e19007dd7d669ee8ee5767ab544e12940bcecf837fb776387d33cc4428af5240e4287d88b32304773e8e4f2a7d437948c68d553a04824ef60a3884d0763 +SHA512 (snapd_2.54.1.no-vendor.tar.xz) = 06ea5293198127c04a79ba01b0c17da0acf34a5bb8d9cea393ccf23d46f3e47ed0b0d822cbf151992661836c2b8a003924ada25a056468de8b64bf497413e86b +SHA512 (snapd_2.54.1.only-vendor.tar.xz) = feedfed418500a0309dd75022c1e8ac6abeba2c5feb71b3af42e747c6bb7c2e65e341f213a575ea95a3a85a074c87f043db04930e7490ab9d342b9585cec9c88