A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * 'assert'=>'ack', 'asserts'=>'known' * unset/zero => immediately refresh try * - README.md: snappy => snap * - daemon,client,overlord: progress current => done * - image: bootstrapToRootDir => setupSeed * - many: use "SNAP.APP as ALIAS" instead of => when listing * - overlord/state: prevent change ready => unready * - release,store,daemon: no more default-channel, release=>series * curl: 7.68.0-1ubuntu2.13 => 7.68.0-1ubuntu2.14 * dbus: 1.12.16-2ubuntu2.2 => 1.12.16-2ubuntu2.3 * distro-info-data: 0.43ubuntu1.10 => 0.43ubuntu1.11 * fwupd: 1.7.5-3~20.04.1 => 1.7.9-1~20.04.1 * grub2-signed: 1.167.2+2.04-1ubuntu44.2 => 1.173.2~20.04.1+2.04-1ubuntu47.4 * grub2-unsigned: 2.04-1ubuntu44.2 => 2.04-1ubuntu47.4 * libksba: 1.3.5-2 => 1.3.5-2ubuntu0.20.04.1 * linux-meta: 5.4.0.131.131 => 5.4.0.132.132 * linux-signed: 5.4.0-131.147 => 5.4.0-132.148 * ntfs-3g: 1:2017.3.23AR.3-3ubuntu1.2 => 1:2017.3.23AR.3-3ubuntu1.3 * perl: 5.30.0-9ubuntu0.2 => 5.30.0-9ubuntu0.3 * snapd: 2.55.5+20.04 => 2.57.5+20.04 * sosreport: 4.3-1ubuntu0.20.04.2 => 4.4-1ubuntu0.20.04.1 * sqlite3: 3.31.1-4ubuntu0.4 => 3.31.1-4ubuntu0.5 * tzdata: 2022c-0ubuntu0.20.04.0 => 2022f-0ubuntu0.20.04.1 * ubuntu-advantage-tools: 27.11.2~20.04.1 => 27.11.3~20.04.1 The following is a complete changelog for this image. new: {'linux-headers-5.4.0-132': '5.4.0-132.148', 'libxmlb2:amd64': '0.3.6-2build1~20.04.1', 'linux-modules-5.4.0-132-generic': '5.4.0-132.148', 'linux-headers-5.4.0-132-generic': '5.4.0-132.148'} removed: {'linux-headers-5.4.0-131': '5.4.0-131.147', 'linux-headers-5.4.0-131-generic': '5.4.0-131.147', 'linux-modules-5.4.0-131-generic': '5.4.0-131.147'} changed: ['curl', 'dbus', 'dbus-user-session', 'distro-info-data', 'fwupd', 'grub-efi-amd64-bin', 'grub-efi-amd64-signed', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'libdbus-1-3:amd64', 'libfwupd2:amd64', 'libfwupdplugin5:amd64', 'libksba8:amd64', 'libntfs-3g883', 'libperl5.30:amd64', 'libsqlite3-0:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-132-generic', 'linux-image-virtual', 'linux-virtual', 'ntfs-3g', 'perl', 'perl-base', 'perl-modules-5.30', 'snapd', 'sosreport', 'tzdata', 'ubuntu-advantage-tools'] new snaps: {} removed snaps: {} changed snaps: ['core20', 'snapd'] ==== curl: 7.68.0-1ubuntu2.13 => 7.68.0-1ubuntu2.14 ==== ==== curl libcurl3-gnutls:amd64 libcurl4:amd64 * SECURITY UPDATE: POST following PUT confusion - debian/patches/CVE-2022-32221.patch: when POST is set, reset the 'upload' field in lib/setopt.c. - CVE-2022-32221 ==== dbus: 1.12.16-2ubuntu2.2 => 1.12.16-2ubuntu2.3 ==== ==== dbus dbus-user-session libdbus-1-3:amd64 * SECURITY UPDATE: Assertion failure in dbus-marshal-validate - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest correctly - CVE-2022-42010 * SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate - debian/patches/CVE-2022-42011.patch: Validate length of arrays of fixed-length items - CVE-2022-42011 * SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed - CVE-2022-42012 ==== distro-info-data: 0.43ubuntu1.10 => 0.43ubuntu1.11 ==== ==== distro-info-data * Add Ubuntu 23.04, Lunar Lobster (LP: #1993667) ==== fwupd: 1.7.5-3~20.04.1 => 1.7.9-1~20.04.1 ==== ==== fwupd libfwupd2:amd64 libfwupdplugin5:amd64 * New upstream release, and drop all patches since they are merged. * Properly fall back to use DMI instead of /sys/class/dmi interface. (LP: #1982103) * Build depends on mondemmanager 1.8 and libxmlb 0.3.6 to support EM120/160. (LP: #1980334) * Don't stderr-fail the autopkgtest on modprobe error as they are optional. (LP: #1966364) * Run fwupd-refresh under a dedicated fwupd-refresh user. This is fixed in 1.1.7, so it's automatically included. (LP: #1969976) ==== grub2-signed: 1.167.2+2.04-1ubuntu44.2 => 1.173.2~20.04.1+2.04-1ubuntu47.4 ==== ==== grub-efi-amd64-signed * No change rebuild against grub 2.04-1ubuntu47.4. * Actual no change rebuild against grub 2.04-1ubuntu47. * No change rebuild against grub 2.04-1ubuntu47. * No change rebuild against grub 2.04-1ubuntu46. * Update Vcs-Git to impish-devel. * key on grub-efi-$(DEB_HOST_ARCH) as the binary package for download-signed since grub-efi-* and grub2-common are now built from separate sources. * No chnage rebuild against grub 2.04-1ubuntu45. * Change branch name in VCS field to just $suite-devel. * Forward port debian/rules ifeq/else statement fixes from bionic&xenial. * Use debhelper-compat 9 for ease of SRUs to Bionic and earlier. LP: #1920008 * grub-efi-amd64-signed: add depends on grub2-common with support for R_X86_64_PLT32 relocations. LP: #1920008 * Rebuild against grub2 2.04-1ubuntu44. * Rebuild against grub2 2.04-1ubuntu43. * Rebuild against grub2 2.04-1ubuntu42. LP: #1915536 * Make maintainer scripts compatible with any grub2-common since precise. LP: #1915536 * Drop unused config_item function. * Only download signed binaries once. * Rebuild with correct permissions, and higher version number. * Rebuild against grub2 2.04-1ubuntu39 * Fix test directory existence race in download-signed, making FTBFS on arm64: - download-signed is run 3 times in parallel due to Makefile and download assets in a single directory. - testing the directory and then calling makedirs is not done atomically. - long term fix would be to run it once and collect/compared all signed files. * Rebuild against grub2 2.04-1ubuntu38 * Trim trailing whitespace. * Use secure copyright file specification URI. * Bump debhelper from deprecated 9 to 12. * Set debhelper-compat version in Build-Depends. * Drop unused bzr-builddeb.conf * Add postinst for the arm64 package (LP: #1914582) * Set series specific VCS field in debian/control * Rebuild against grub2 2.04-1ubuntu37 * Rebuild against grub2 2.04-1ubuntu36 * Rebuild against grub2 2.04-1ubuntu35 * Rebuild against grub2 2.04-1ubuntu33 * Rebuild against grub2 2.04-1ubuntu32 * Rebuild against grub2 2.04-1ubuntu31 * Rebuild against grub2 2.04-1ubuntu30. * Add check to compare that signed grub, matches monolithic builds, to avoid signing skew when copying grub2/grub2-signed to PPAs. * Rebuild against grub2 2.04-1ubuntu29. * Rebuild against grub2 2.04-1ubuntu28 * Rebuild against grub2 2.04-1ubuntu27 * Rebuild against grub2 2.04-1ubuntu26.2. * Rebuild against grub2 2.04-1ubuntu26.1. * Fix arm64 download, grub2 package doesn't exist on that arch, use grub2-common instead. * Support downloads from PPAs for additional signatures. LP: #1876875 * Rebuild against grub2 2.04-1ubuntu26. * Rebuild against grub2 2.04-1ubuntu25. * Fix postinst typpo. * Rebuild against grub2 2.04-1ubuntu24, enable installing to multiple ESPs (LP: #1871821) * Rebuild against grub2 2.04-1ubuntu23. * Rebuild against grub2 2.04-1ubuntu22. * Rebuild against grub2 2.04-1ubuntu21. * Rebuild against grub2 2.04-1ubuntu19. * Rebuild against grub2 2.04-1ubuntu18. * Rebuild against grub2 2.04-1ubuntu16. * Rebuild against grub2 2.04-1ubuntu15. * Rebuild against grub2 2.04-1ubuntu14. * Really rebuild against grub2 2.04-1ubuntu13 this time. (LP: #1845289) (LP: #1848892) * Rebuild against grub2 2.04-1ubuntu13. (LP: #1845289) (LP: #1848892) * Rebuild against grub2 2.04-1ubuntu12. * Rebuild against grub2 2.04-1ubuntu11. * Rebuild against grub2 2.04-1ubuntu10. * Rebuild against grub2 2.04-1ubuntu9. * Rebuild against grub2 2.04-1ubuntu8. * Rebuild against grub2 2.04-1ubuntu7. * Rebuild against grub2 2.04-1ubuntu6. (LP: #1845466) * Rebuild against grub2 2.04-1ubuntu5. * Rebuild against grub2 2.04-1ubuntu4. * Rebuild against grub2 2.04-1ubuntu3. * Rebuild against grub2 2.04-1ubuntu2. * Rebuild against grub2 2.04-1ubuntu1. * Rebuild against grub2 2.02+dfsg1-12ubuntu3. * Rebuild against grub2 2.02+dfsg1-12ubuntu2. * Rebuild against grub2 2.02+dfsg1-12ubuntu1. * Rebuild against grub2 2.02+dfsg1-5ubuntu11. (LP: #1814403) (LP: #1814575) * Rebuild against grub2 2.02+dfsg1-5ubuntu10. * Rebuild against grub2 2.02+dfsg1-5ubuntu9. * Rebuild against grub2 2.02+dfsg1-5ubuntu7. (LP: #1798171) * Rebuild against grub2 2.02+dfsg1-5ubuntu7. (LP: #1784363) * Rebuild against grub2 2.02+dfsg1-5ubuntu6. (LP: #1788727) * Rebuild against grub2 2.02+dfsg1-5ubuntu5. * Rebuild against grub2 2.02+dfsg1-5ubuntu4. (LP: #1792575) * Rebuild against grub2 2.02+dfsg1-5ubuntu3. (LP: #788298) * Rebuild against grub2 2.02+dfsg1-5ubuntu2. (LP: #1785033) * Rebuild against grub2 2.02+dfsg1-5ubuntu1. * Call grub-check-signatures before calling grub-install, not after, to avoid overwriting the boot loader on disk with one that will fail to load. LP: #1786491. * Rebuild against grub2 2.02-2ubuntu13. * Rebuild against grub2 2.02-2ubuntu12. (LP: #1258597) * debian/grub-efi-amd64-signed.postinst: run grub-check-signatures on update to ensure we have signed kernels installed. * Rebuild against grub2 2.02-2ubuntu11. * debian/control: add a dependency of grub-efi-amd64 | grub-pc to grub-efi-amd64-signed to make sure the grub postinst is triggered even for cases of old iso (without the fixed installer) installations with automatic download of updates enabled (LP: #1780897). * debian/control: switch the grub-efi-amd64 dependency of grub-efi-amd64-signed to grub-efi-amd64-bin. * debian/grub-efi-amd64-signed.postinst: invoke grub-install with --auto-nvram and pass the x86_64-efi target to it, making sure we always install the right target. * Rebuild against grub2 2.02-2ubuntu10. * Rebuild against grub2 2.02-2ubuntu9. * Rebuild against grub2 2.02-2ubuntu8. (LP: #1752767) * Rebuild against grub2 2.02-2ubuntu7. (LP: #1711452, #1723434) * Rebuild against grub2 2.02-2ubuntu6. (LP: #1743249) * Rebuild against grub2 2.02-2ubuntu5. (LP: #1743884) * Rebuild against grub2 2.02-2ubuntu3. (LP: #1675453) * Rebuild against grub2 2.02-2ubuntu3. (LP: #1708245) * Rebuild against grub2 2.02-2ubuntu2. (LP: #1734278) * Rebuild against grub2 2.02-2ubuntu1. * Rebuild against grub2 2.02~beta3-4ubuntu7. * Rebuild against grub2 2.02~beta3-4ubuntu6. * Rebuild against grub2 2.02~beta3-4ubuntu5. * Rebuild against grub2 2.02~beta3-4ubuntu4. * Rebuild against grub2 2.02~beta3-4ubuntu3. * Rebuild against grub2 2.02~beta3-4ubuntu2. (LP: #1401532) * Rebuild against grub2 2.02~beta3-4ubuntu1. * Rebuild against grub2 2.02~beta3-3ubuntu2. (LP: #1447500) * Rebuild against grub2 2.02~beta3-3ubuntu1. * Rebuild against grub2 2.02~beta3-3. * Rebuild against grub2 2.02~beta2-36ubuntu12. * Rebuild against grub2 2.02~beta2-36ubuntu11. * Rebuild against grub2 2.02~beta2-36ubuntu10. * Rebuild against grub2 2.02~beta2-36ubuntu9. * Rebuild against grub2 2.02~beta2-36ubuntu8. * Rebuild against grub2 2.02~beta2-36ubuntu7. * Rebuild against grub2 2.02~beta2-36ubuntu6. * Rebuild against grub2 2.02~beta2-36ubuntu5. * Rebuild against grub2 2.02~beta2-36ubuntu4. * Rebuild against grub2 2.02~beta2-36ubuntu3. (LP: #1559933) * Rebuild against grub2 2.02~beta2-36ubuntu2. * Rebuild against grub2 2.02~beta2-36ubuntu1. * Rebuild against grub2 2.02~beta2-36. * Rebuild against grub2 2.02~beta2-35ubuntu1. * Rebuild against grub2 2.02~beta2-35. * Rebuild against grub2 2.02~beta2-33. * Rebuild against grub2 2.02~beta2-32ubuntu1. * Rebuild against grub2 2.02~beta2-32. * Rebuild against grub2 2.02~beta2-31ubuntu1. * Rebuild against grub2 2.02~beta2-31. * Rebuild against grub2 2.02~beta2-29. * Rebuild against grub2 2.02~beta2-28. [ dann frazier ] * Add arm64 support. (LP: #1457178) [ Adam Conrad ] * Rebuild against grub-efi 2.02~beta2-26ubuntu5. * Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu3. * Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu2. * Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu1. * Rebuild against grub-efi-amd64 2.02~beta2-25ubuntu1. * Rebuild against grub-efi-amd64 2.02~beta2-25. * Rebuild against grub-efi-amd64 2.02~beta2-23. * Rebuild against grub-efi-amd64 2.02~beta2-22ubuntu1. * Rebuild against grub-efi-amd64 2.02~beta2-22. * Rebuild against grub-efi-amd64 2.02~beta2-21. * Rebuild against grub-efi-amd64 2.02~beta2-20. * Rebuild against grub-efi-amd64 2.02~beta2-19. * Rebuild against grub-efi-amd64 2.02~beta2-18. * Rebuild against grub-efi-amd64 2.02~beta2-17. * Rebuild against grub-efi-amd64 2.02~beta2-16. * Rebuild against grub-efi-amd64 2.02~beta2-15. * Rebuild against grub-efi-amd64 2.02~beta2-14. * Rebuild against grub-efi-amd64 2.02~beta2-11. * Rebuild against grub-efi-amd64 2.02~beta2-10. * Rebuild against grub-efi-amd64 2.02~beta2-9. * Rebuild against grub-efi-amd64 2.02~beta2-8. * Rebuild against grub-efi-amd64 2.02~beta2-7. * Rebuild against grub-efi-amd64 2.02~beta2-6. * Rebuild against grub-efi-amd64 2.02~beta2-5. * Rebuild against grub-efi-amd64 2.02~beta2-4. * Policy version 3.9.5: no changes required. * Rebuild against grub-efi-amd64 2.02~beta2-2. * Rebuild against grub-efi-amd64 2.00-22. * Rebuild against grub-efi-amd64 2.00-21. * Rebuild against grub-efi-amd64 2.00-20. * Rebuild against grub-efi-amd64 2.00-19ubuntu4. * Rebuild against grub-efi-amd64 2.00-19ubuntu3 LP: #1242417 * Rebuild against grub-efi-amd64 2.00-19ubuntu2. * Rebuild against grub-efi-amd64 2.00-19ubuntu2. * Rebuild against grub-efi-amd64 2.00-19ubuntu1. * Rebuild against grub-efi-amd64 2.00-18ubuntu4. * Add grubnetx64.efi.signed. * Rebuild against grub-efi-amd64 2.00-18ubuntu3. * Rebuild against grub-efi-amd64 2.00-18ubuntu1. * Rebuild against grub-efi-amd64 2.00-17ubuntu1. * Rebuild against grub-efi-amd64 2.00-15ubuntu2. (LP: #1184297) * Give grub-efi-amd64-signed a strict versioned dependency on the grub-efi-amd64 we're built against to force a paired migration. * Rebuild against grub-efi-amd64 2.00-15ubuntu1. * Rebuild against grub-efi-amd64 2.00-14ubuntu1. * Rebuild against grub-efi-amd64 2.00-12ubuntu1. * Recommend secureboot-db (LP: #1087843). * Rebuild against grub-efi-amd64 2.00-7ubuntu13. * Download the signed image from the correct pocket. * Rebuild against grub-efi-amd64 2.00-7ubuntu11. * Rebuild against grub-efi-amd64 2.00-7ubuntu10. * Rebuild against grub-efi-amd64 2.00-7ubuntu9. * Drop Depends back to grub-efi-amd64 (>= 2.00-7ubuntu4), which is good enough (grub-install extensions). * Build-depend on a current grub-efi-amd64-bin so that this upload can safely be accepted before grub2/amd64 binaries have published. * Rebuild against grub-efi-amd64 2.00-7ubuntu8. * Rebuild against grub-efi-amd64 2.00-7ubuntu7. * Rebuild against grub-efi-amd64 2.00-7ubuntu5. [ Colin Watson ] * Include gcdx64.efi.signed. * Depend on grub-efi-amd64 so that /etc/default/grub and /boot/grub/grub.cfg are updated. * Run grub-install on configure if appropriate. [ Steve Langasek ] * Adjust makefile so gcdx64.efi.signed actually gets included in the package, not just downloaded. * Add a Built-Using field, per policy 3.9.4. * Initial release. ==== grub2-unsigned: 2.04-1ubuntu44.2 => 2.04-1ubuntu47.4 ==== ==== grub-efi-amd64-bin [ Chris Coulson ] * SECURITY UPDATE: Crafted PNG grayscale images may lead to out-of-bounds write in heap. - 0248-video-readers-png-Drop-greyscale-support-to-fix-heap.patch: video/readers/png: Drop greyscale support to fix heap out-of-bounds write - CVE-2021-3695 * SECURITY UPDATE: Crafted PNG image may lead to out-of-bound write during huffman table handling. - 0249-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch: video/readers/png: Avoid heap OOB R/W inserting huff table items - CVE-2021-3696 * SECURITY UPDATE: Crafted JPEG image can lead to buffer underflow write in the heap. - 0254-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch: video/readers/jpeg: Block int underflow -> wild pointer write - CVE-2021-3697 * SECURITY UPDATE: Integer underflow in grub_net_recv_ip4_packets - 0257-net-ip-Do-IP-fragment-maths-safely.patch: net/ip: Do IP fragment maths safely - CVE-2022-28733 * SECURITY UPDATE: Out-of-bounds write when handling split HTTP headers - 0263-net-http-Fix-OOB-write-for-split-http-headers.patch: net/http: Fix OOB write for split http headers - CVE-2022-28734 * SECURITY UPDATE: use-after-free in grub_cmd_chainloader() - 0240-loader-efi-chainloader-simplify-the-loader-state.patch: loader/efi/chainloader: simplify the loader state - 0241-commands-boot-Add-API-to-pass-context-to-loader.patch: commands/boot: Add API to pass context to loader - 0242-loader-efi-chainloader-Use-grub_loader_set_ex.patch: loader/efi/chainloader: Use grub_loader_set_ex - 0243-loader-i386-efi-linux-Use-grub_loader_set_ex.patch: loader/i386/efi/linux: Use grub_loader_set_ex * Various fixes as a result of fuzzing and static analysis: - 0240-misc-Format-string-for-grub_error-should-be-a-litera.patch: misc: Format string for grub_error() should be a literal - 0239-loader-efi-chainloader-grub_load_and_start_image-doe.patch: loader/efi/chainloader: grub_load_and_start_image doesn't load and start - 0244-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch: loader/i386/efi/linux: Fix a memory leak in the initrd command - 0245-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch: kern/file: Do not leak device_name on error in grub_file_open() - 0246-video-readers-png-Abort-sooner-if-a-read-operation-f.patch: video/readers/png: Abort sooner if a read operation fails - 0247-video-readers-png-Refuse-to-handle-multiple-image-he.patch: video/readers/png: Refuse to handle multiple image headers - 0250-video-readers-png-Sanity-check-some-huffman-codes.patch: video/readers/png: Sanity check some huffman codes - 0251-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch: video/readers/jpeg: Abort sooner if a read operation fails - 0252-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch: video/readers/jpeg: Do not reallocate a given huff table - 0253-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch: video/readers/jpeg: Refuse to handle multiple start of streams - 0255-normal-charset-Fix-array-out-of-bounds-formatting-un.patch: normal/charset: Fix array out-of-bounds formatting unicode for display - 0256-net-netbuff-Block-overly-large-netbuff-allocs.patch: net/netbuff: Block overly large netbuff allocs - 0258-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch: net/dns: Fix double-free addresses on corrupt DNS response - 0259-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch: net/dns: Don't read past the end of the string we're checking against - 0260-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch: net/tftp: Prevent a UAF and double-free from a failed seek - 0261-net-tftp-Avoid-a-trivial-UAF.patch: net/tftp: Avoid a trivial UAF - 0262-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch: net/http: Do not tear down socket if it's already been torn down - 0264-net-http-Error-out-on-headers-with-LF-without-CR.patch: net/http: Error out on headers with LF without CR - 0265-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch: fs/f2fs: Do not read past the end of nat journal entries - 0266-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch: fs/f2fs: Do not read past the end of nat bitmap - 0267-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch: fs/f2fs: Do not copy file names that are too long - 0268-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch: fs/btrfs: Fix several fuzz issues with invalid dir item sizing - 0269-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch: fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing - 0270-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch: fs/btrfs: Fix more fuzz issues related to chunks * Bump SBAT generation: - update debian/sbat.csv.in * Make the grub2/no_efi_extra_removable setting work correctly - update debian/postinst.in * Build grub2-unsigned packages with xz compression for compatibility with xenial dpkg - update debian/rules [ Steve Langasek ] * Bump versioned dependency on grub2-common to 2.02~beta2-36ubuntu3.32 for necessary arm relocation support. LP: #1926748. * debian/postinst.in: Unconditionally call grub-install with --force-extra-removable on xenial and bionic, so that the \EFI\BOOT removable path as used in cloud images receives the updates. LP: #1930742. * Drop grub.cfg-400.patch (LP: #1933826) * debian/grub-common.service: change type to oneshot, add wantedby sleep.target, after sleep.target. The service will now start after resume from hybernation. LP: #1929860 * grub-initrd-fallback.service: add wantedby sleep.target, after sleep.target. The service will now start after resume from hybernation. LP: #1929860 * cherrypick upstream fix to make armhf efi boot work. LP: #1788940 * debian/rules: disable LTO. LP: #1922005 * grub-initrd-fallback.service, debian/grub-common.service: only start units when booted with grub. Use presence of /boot/grub/grub.cfg as proxy. LP: #1925507 * tests: patch qemu command to use ide-hd instead of the removed ide-drive. * Unapply all patches. * Stop using git-dpm. * Start using gbp pq import|export --no-patch-numbers, this brings grub2 packaging closer to other non-debian distributions. * It would be nice to separate patches into topic subdirs - i.e. reverts, upstream cherry picks, debian, ubuntu, rhel, security, etc. * Drop redundant dh-systemd build-dependency. * Compile grub-efi-amd64 installable i386 platform on hirsute, to make it available in bionic and earlier as part of onegrub builds. * SECURITY UPDATE: acpi command allows privilleged user to load crafted ACPI tables when secure boot is enabled. - 0126-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch: Don't register the acpi command when secure boot is enabled. - CVE-2020-14372 * SECURITY UPDATE: use-after-free in rmmod command - 0128-dl-Only-allow-unloading-modules-that-are-not-depende.patch: Don't allow rmmod to unload modules that are dependencies of other modules. - CVE-2020-25632 * SECURITY UPDATE: out-of-bound write in grub_usb_device_initialize() - 0129-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - CVE-2020-25647 * SECURITY UPDATE: Stack buffer overflow in grub_parser_split_cmdline - 0206-kern-parser-Introduce-process_char-helper.patch, 0207-kern-parser-Introduce-terminate_arg-helper.patch, 0208-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch, 0209-kern-buffer-Add-variable-sized-heap-buffer.patch, 0210-kern-parser-Fix-a-stack-buffer-overflow.patch: Add a variable sized heap buffer type and use this. - CVE-2020-27749 * SECURITY UPDATE: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled. - 0127-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch: Don't register cutmem and badram commands when secure boot is enabled. - CVE-2020-27779 * SECURITY UPDATE: heap out-of-bounds write in short form option parser. - 0173-lib-arg-Block-repeated-short-options-that-require-an.patch: Block repeated short options that require an argument. - CVE-2021-20225 * SECURITY UPDATE: heap out-of-bound write due to mis-calculation of space required for quoting. - 0175-commands-menuentry-Fix-quoting-in-setparams_prefix.patch: Fix quoting in setparams_prefix() - CVE-2021-20233 * Partially backport the lockdown framework to restrict certain features when secure boot is enabled. * Backport various fixes for Coverity defects. * Add SBAT metadata to the grub EFI binary. - Backport patches to support adding SBAT metadata with grub-mkimage: + 0212-util-mkimage-Remove-unused-code-to-add-BSS-section.patch + 0213-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch + 0214-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch + 0215-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch + 0216-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch + 0217-util-mkimage-Improve-data_size-value-calculation.patch + 0218-util-mkimage-Refactor-section-setup-to-use-a-helper.patch + 0219-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch - Add debian/sbat.csv.in - Update debian/build-efi-image and debian/rules [ Dimitri John Ledkov & Steve Langasek LP: #1915536 ] * Allow grub-efi-amd64|arm64 & -bin & -dbg be built by src:grub2-unsigned (potentially of a higher version number). * Add debian/rules generate-grub2-unsigned target to quickly build src:grub2-unsigned for binary-copy backports. * postinst: allow postinst to with with or without grub-multi-install binary. * postinst: allow using various grub-install options to achieve --no-extra-removable. * postinst: only call grub-check-signatures if it exists. * control: relax dependency on grub2-common, as maintainer script got fixed up to work with grub2-common/grub-common as far back as trusty. * control: allow higher version depdencies from grub-efi package. * dirs.in: create var/lib/grub/ucf in grub-efi-amd64 (and similar) as postinst script uses that directory, and yet relies on grub-common to create/ship it, which is not true in older releases. Also make sure dh_installdirs runs after the .dirs files are generated. * No-change rebuild to drop the udeb package. * Revert: rhboot-f34-tcp-add-window-scaling-support.patch, rhboot-f34-support-non-ethernet.patch, ubuntu-fixup-rhboot-f34-support-non-ethernet.patch, ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: these break MAAS LXD KVM pod deployments. LP: #1915288 * Cherrypick a bunch of patches: - fix crash in http LP: #1915288 - add bootp6 documentation - add support for UEFI boot protocols - use UEFI protocols for http & https networking - make netboot search for by-mac/by-uuid/by-ip for grub.cfg - update documentation for netboot search paths of grub.cfg * Make prebuilt netboot image look for MAAS grub.cfg * Fix grub-initrd-fallback.service thanks to JawnSmith LP: #1910815 [ Jean-Baptiste Lallement ] [ Didier Roche ] * Fix warnings during grub menu generation. Thanks wdoekes for the patch (LP: #1898177) - Fix warnings when bpool doesn't exist. - Fix warnings when snapshot name contains dashes. * Do not fail to generate grub menu when name of the snapshot contains spaces. (LP: #1903524) * debian/patches/grub-install-backup-and-restore.patch: Fix-up the patch to correctly initialyze the names of the modules to restore. LP: #1907085 * 10_linux: emit messages when initrdless boot is configured, attempted and fails triggering fallback. LP: #1901553 * grub-common.service: port init.d script to systemd unit. Add warning message, when initrdless boot fails triggering fallback. LP: #1901553 * debian/rules: undo po/ directory patching in override_dh_autoreconf_clean. * minilzo: built using the distribution's minilzo * ubuntu-fix-reproducible-squashfs-test.patch: fix squashfs-test with new squashfs-tools in hirsute. * rhboot-f34-make-exit-take-a-return-code.patch, rhboot-f34-dont-use-int-for-efi-status.patch: allow grub to exit non-zero under EFI, this should allow falling back to the next BootOrder BootEntry. * rhboot-f34-tcp-add-window-scaling-support.patch: speed up netboot transfer speed. * rhboot-f34-support-non-ethernet.patch, ubuntu-fixup-rhboot-f34-support-non-ethernet.patch, ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: add support for link layer addresses of up to 32-bytes. * rhboot-f34-make-pmtimer-tsc-calibration-fast.patch: speed up calibration time, especially when booting VMs. * Avoid "EFI stub: FIRMWARE BUG" message when booting >= 5.7 kernels on arm64 by setting the image base address before jumping to the PE/COFF entry point LP: #1900774 * Fix tftp timeouts when fetch large files. LP: #1900773 * postinst.in, grub-multi-install: fix logic of skipping installing onto any device, if one chose to not install bootloader on any device. LP: #1896608 * Do not finalize params twice on arm64. LP: #1897819 * configure.ac: one more dejavu font search path * Build-depend on fonts-dejavu-core, not obsolete ttf-dejavu-core. * ubuntu-linuxefi-arm64.patch: Fix build on armhf * ubuntu-linuxefi-arm64.patch: Restore arm64 parts of ubuntu-linuxefi.patch that got lost in the 2.04 rebase (LP: #1862279) * postinst.in: do not attempt to call grub-install upon fresh install of grub-pc because it it a job of installers to do that after fresh install. * grub-multi-install: fix non-interactive failures for grub-efi like it was fixed in postinst for grub-pc. * grub-install: cherry-pick patch from grub-devel to make grub-install fault tolerant. Create backup of files in /boot/grub, and restore them on failure to complete grub-install. LP: #1891680 * postinst.in: do not exit successfully when failing to show critical grub-pc/install_devices_failed and grub-pc/install_devices_empty prompts in non-interactive mode. This enables surfacing upgrade errors to the users and/or automation. LP: #1891680 * postinst.in: Fixup postinst.in, to attempt grub-install upon explicit dpkg-reconfigure grub-pc. LP: #1892526 * Ensure that grub-multi-install can always find templates (LP: #1879948) * Fix changelog entries for security update * debian/patches/ubuntu-flavour-order.patch: - Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel flavours as preferred, and specify an order between those preferred flavours (LP: #1882663) * debian/patches/ubuntu-zfs-enhance-support.patch: - Use version_find_latest for ordering kernels, so it also supports the GRUB_FLAVOUR_ORDER setting. * debian/patches/ubuntu-dont-verify-loopback-images.patch: - disk/loopback: Don't verify loopback images (LP: #1878541), Thanks to Chris Coulson for the patch * debian/patches/ubuntu-recovery-dis_ucode_ldr.patch - Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789) * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: - Merge changes from xnox to fix multiple initrds support (LP: #1878705) * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: - Remove, no longer needed thanks to xnox's patch * debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc package, since we cannot be certain that it will install to the correct disk and a grub-install failure will render the system unbootable. LP: #1889556. [ Julian Andres Klode ] * Move gettext patches out of git-dpm's way, so it does not delete them [ Chris Coulson ] * SECURITY UPDATE: Heap buffer overflow when encountering commands that cannot be tokenized to less than 8192 characters. - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make fatal lexer errors actually be fatal - CVE-2020-10713 * SECURITY UPDATE: Multiple integer overflow bugs that could result in heap buffer allocations that were too small and subsequent heap buffer overflows when handling certain filesystems, font files or PNG images. - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add arithmetic primitives that allow for overflows to be detected - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch: Make sure that there is always an overflow checking implementation of calloc() available - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where appropriate - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use overflow-safe arithmetic primitives when performing allocations based on the results of operations that might overflow - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in hfsplus - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix more potential integer overflows in lvm - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 * SECURITY UPDATE: Use-after-free when executing a command that causes a currently executing function to be redefined. - 0092-script-Remove-unused-fields-from-grub_script_functio.patch: Remove unused fields from grub_script_function - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch: Avoid a use-after-free when redefining a function during execution - CVE-2020-15706 * SECURITY UPDATE: Integer overflows that could result in heap buffer allocations that were too small and subsequent heap buffer overflows during initrd loading. - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix integer overflows in initrd size handling - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix integer overflows in linuxefi grub_cmd_initrd - CVE-2020-15707 * Various fixes as a result of code review and static analysis: - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a memory leak on realloc failures when processing symbolic links - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a memory leak when processing font files with more than one NAME section - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap after it is freed in order to avoid a potential double free later on - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an out-of-bounds read in LzmaEncode - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use priority queues and fix a double free - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix various arithmetic errors with malformed device paths - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix a NULL deref in the chainloader command introduced by a previous patch - 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a use-after-free in the halt and reboot commands by not freeing allocated memory in these paths - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch: Avoid a double free in the chainloader command when validation fails - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch: Protect grub_relocator_alloc_chunk_addr input arguments against integer overflow / underflow - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch: Protect grub_relocator_alloc_chunk_align max_addr argument against integer underflow - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix grub_relocator_alloc_chunk_align top memory allocation - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch: Avoid overflow on initrd size calculation [ Dimitri John Ledkov ] * SECURITY UPDATE: Grub does not enforce kernel signature validation when the shim protocol isn't present. - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch: Fail kernel validation if the shim protocol isn't available - CVE-2020-15705 [ Julian Andres Klode ] * Move /boot/efi -> debconf migration into wrapper, so it runs everywhere (LP: #1872077) * Display disk name and size in the ESP selection dialog, instead of ??? [ Sebastien Bacher ] * debian/patches/gettext, debian/patches/rules: - backport upstream patches to fix the list of translated strings, reported on the ubuntu-translators mailing list. The changes would be overwritten by autoreconf so applying from a rules override. [ Jean-Baptiste Lallement ] [ Didier Roche ] * debian/patches/ubuntu-zfs-enhance-support.patch: - fix trailing } when no advanced menu is printed - ensure we unmount all temporary snapshots path before zfs collect them out. * debian/patches/ubuntu-speed-zsys-history.patch: - Speed up navigating zsys history by reducing greatly grub.cfg file size. It used to take eg 80 seconds when loading 100 system snapshots. This is now instantaneous by using a function with parameters that the users can still easily edit. * Support installing to multiple ESPs (LP: #1871821) [ Jean-Baptiste Lallement ] [ Didier Roche ] * Performance improvements for update-grub on ZFS systems (LP: #1869885) * smbios: Add a --linux argument to apply linux modalias-like filtering * Make the linux command in EFI grub always try EFI handover; thanks to Chris Coulson for the patches (LP: #1864533) * Make ZFS menu generation depending on new zsysd binary instead of eoan zsys compatibility symlink. * build-efi-images: do not produce -installer.efi.signed. LP: #1863994 * uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings (LP: #1864547) * build-efi-images: add smbios module to the prebuilt signed EFI images (LP: #1856424) * Cherry-pick fix from Colin W. in debian to build with python3. * Fix ZFS menu generation with ZFS 0.8.x where mounted datasets cant list snapshots due to an upstream change. https://github.com/zfsonlinux/zfs/issues/9958 * Revert "Add smbios module to build-efi-images script" from previous upload, pending review see https://bugs.launchpad.net/bugs/1856424 * ubuntu-efi-allow-loopmount-chainload.patch: - Enable chainloading EFI apps from loopmounts * cherrypick-lsefisystab-define-smbios3.patch: * cherrypick-smbios-modules.patch: - Cherrypick from 2.05 module for retrieving SMBIOS information * cherrypick-lsefisystab-show-dtb.patch: - If dtb is provided by the firmware / DtbLoader driver, display it in human form, rather than just UUID * debian/patches/ubuntu-zfs-enhance-support.patch: - Handle the case where grub-probe returns several devices for a single pool (LP: #1848856). Thanks jpb for the report and the proposed patch. - Add savedefault to non-recovery entries (LP: #1850202). Thanks Deltik for the patch. - Do not crash on invalid fstab and report the invalid entry. (LP: #1849347) Thanks Deltik for the patch. - When a pool fails to import, catch and display the error message and continue with other pools. Import all the pools in readonly mode so we can import other pools with unsupported features (LP: #1848399) Thanks satmandu for the investigation and the proposed patch * debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch: treat "unknown" TPM errors as non-fatal, but still write up the details as debug messages so we can further track what happens with the systems throwing those up. (LP: #1848892) * debian/patches/ubuntu-linuxefi.patch: Drop extra check for Secure Boot status in linuxefi_secure_validate(); it's unnecessary and blocking boot in chainload (like chainloading Windows) when SB is disabled. (LP: #1845289) * Move our identifier to com.ubuntu As we are not going to own org.zsys, move our identifier under com.ubuntu.zsys (LP: #1847711) * Load all kernels (even those without .efi.signed) for secure boot mode as those are signed kernels on ubuntu, loaded by the shim. (LP: #1847581) * debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch: skip /dev/disk/by-id/lvm-pvm-uuid entries from device iteration. (LP: #1838525) * debian/patches/ubuntu-zfs-enhance-support.patch: - Handle case of pure zfs only snapshots giving additional "}", and as such, creating invalid grub menu. Spotted by grubzfs-testsuite autopkgtests. * debian/patches/install-signed.patch -> ubuntu-install-signed.patch: Really fix the installation of UEFI artefacts to the distributor path (we only want shim, grub, and MokManager, and shim's boot.csv there), and to the removable /EFI/BOOT path (where we want shim and fallback only). Rename the patch to ubuntu- like others that are Ubuntu-specific or otherwise modified to avoid such confusion at merge time in the future. * debian/patches/ubuntu-zfs-enhance-support.patch: Disable history entry under some conditions: - Don't show up if the system is a zsys one and zsys isn't installed (LP: #1845333) - Don't show for pure zfs systems: we identified multiple issues due to the mount generator in upstream zfs which makes it incompatible. Disable for now (LP: #1845913) * debian/patches/install-signed.patch: fix paths for MokManager/fallback; shim no longer ships these with a .signed suffix. (LP: #1845466) * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: fix mis-spelling of helper function in final computation of GRUB_DEVICE in multipath case. * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: when / is multipathed there will be multiple paths to the partition, so using root=UUID= exposes the boot process to udev races. In addition grub-probe --target device / in this case reports /dev/dm-1 or similar -- better to use a symlink that depends on the multipath name. (LP: #1429327) [ Mathieu Trudel-Lapierre ] * debian/patches/ubuntu-add-devicetree-command-support.patch: import patch into git-dpm: drop [PATCH] tag and add Patch-Name. [ Didier Roche ] * debian/patches/ubuntu-zfs-enhance-support.patch - Don't patch autoregenerated files. - rewrite generate MenuMeta implementation in shell (LP: #1834095) mawk doesn't support \s and other array features. + Change \s by their space or tab equivalent. + Rewrite the menumeta generation in pure shell, which is easier to debug, keeping globally the same algorithm + Support i18n in entry name generation. Co-authored with Jean-Baptiste. - Resplit all patches in debian/patches/*, so that we have upstreamable and non upstreamable parts separate. Also, any change in 10_linux patch will be reflected in 10_linux_zfs. - Always import pools (using force), as we don't mount them. Ensure also that we don't update the host cache, as we import all pools, and not only those attached to that system. * Add device-tree command support as installed by flash-kernel. * Merge against Debian; remaining changes: - debian/control: Update Vcs fields for code location on Ubuntu. - debian/control: Breaks shim (<< 13). - debian/patches/linuxefi.patch: Secure Boot support: use newer patchset from rhboot repo, flattened to a single patch. - debian/patches/install_signed.patch, grub-install-extra-removable.patch: - Make sure if we install shim; it should also be exported as the default bootloader to install later to a removable path, if we do. - Rework grub-install-extra-removable.patch to reverse its logic: in the default case, install the bootloader to /EFI/BOOT, unless we're trying to install on a removable device, or explicitly telling grub *not* to do it. - Install a BOOT.CSV for fallback to use. - Make sure postinst and templates know about the replacement of --force-extra-removable with --no-extra-removable. - debian/patches/ubuntu-support-initrd-less-boot.patch: allow non-initrd boot config. - debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: If a kernel fails to boot without initrd, we will fallback to trying to boot the kernel with an initrd. - debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch: make sure grub-mkconfig leaves a trace of what files were sourced to help generate the config we're building. - debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch: in EFI console, only set text-mode when we're actually going to need it. - debian/patches/ubuntu-zfs-enhance-support.patch: Better ZFS grub support. - Disable os-prober for ppc64el on the PowerNV platform, to reduce the number of entries/clutter from other OSes in Petitboot - debian/patches/ubuntu-shorter-version-info.patch: Only show the upstream version in menu and console, and hide the package one in a package_version variable. - Verify that the current and newer kernels are signed when grub is updated, to make sure people do not accidentally shutdown without a signed kernel. - debian/default/grub: replace GRUB_HIDDEN_* variables with the less confusing GRUB_TIMEOUT_STYLE=hidden. - debian/rules: shuffle files around for now to keep build artefacts for signing at the same location as they were expected by Launchpad. - debian/rules, debian/control: enable dh-systemd. - debian/grub-common.install.in: install the systemd unit that's part of initrd fallback handling, missed when the feature landed. - debian/build-efi-images: add http module to NET_MODULES. * debian/patches/linuxefi*.patch: Flatten linuxefi patches into one. * debian/patches: rename patches to use "-" as a separator rather than "_". * debian/patches: rename Ubuntu-specific patches and commits to add "ubuntu" so it's clearer which are new or changed when doing a merge. * debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch: fix FTBFS due to objcopy building an invalid binary padded with zeroes (LP: #1833234) * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: clear up invalid spacing for the initrd command when not using early initrds. * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: move the initrd boot success/failure service to start later at boot time. (LP: #1823391) * debian/patches/fix-lockdown.patch: Drop lockdown patch from Debian, which breaks with new linuxefi patchset. * debian/patches/ubuntu-temp-keep-auto-nvram.patch: Temporarily keep the --auto-nvram option we previously had as a supported option in grub-install (with no effect now), to avoid breaking upgrades. "auto-nvram" is default behavior now that we use libefivar instead of calling efibootmgr. [ James Clarke ] * Only Build-Depend on libefiboot-dev and libefivar-dev on Linux architectures, since they're Linux-only. * New upstream release. * debian/upstream/signing-key.asc: Add signing key of new upstream maintainer (Daniel Kiper). [ Will Thompson ] * Fix --disable-quiet-boot. [ Steve Langasek ] * If we don't have writable grubenv and we're on EFI, always show the menu (merged from Ubuntu). [ Steve McIntyre ] * Make all the signed EFI arches have a Recommends: from grub-efi-ARCH-signed to shim-signed, not just amd64. Closes: #931038 * Add myself to Uploaders [ Colin Watson ] * Squash linuxefi* patches into a single patch. [ Colin Watson ] * debian/build-efi-images: Add tpm on x86_64-efi (thanks, Chris Coulson). [ Steve McIntyre ] * Add the ntfs module to signed UEFI images. Closes: #923855 * Add the cpuid module to signed UEFI images. Closes: #928628 * Add the play module to signed UEFI images. Closes: #930290 * Add an extra di-specific version of the UEFI netboot image with a different baked-in prefix value. Helps to fix #928750. * Deal with --force-extra-removable with signed shim too. Closes: #930531 * New upstream release candidate. - getroot: Save/restore CWD more reliably on Unix (closes: #918700). * Rename patches to use "-" as a separator rather than "_" (except when referring to a file, function, or command containing a "_"). * Fix format of debian/copyright. [ Steve McIntyre ] * Make all the signed EFI arches have a Recommends: from grub-efi-ARCH-signed to shim-signed, not just amd64. Closes: #931038 * Add myself to Uploaders [ Colin Watson ] * Fix format of debian/copyright. [ Steve McIntyre ] * Add the ntfs module to signed UEFI images. Closes: #923855 * Add the cpuid module to signed UEFI images. Closes: #928628 * Add the play module to signed UEFI images. Closes: #930290 * Add an extra di-specific version of the UEFI netboot image with a different baked-in prefix value. Helps to fix #928750. * Deal with --force-extra-removable with signed shim too. Closes: #930531 * Apply patches from Alexander Graf to fix grub-efi-arm crash (closes: #927269): - arm: Move trampolines into code section - arm: Align section alignment with manual relocation offset code * Make grub2-common Breaks+Replaces grub-cloud-amd64 (<< 0.0.4) to work around that package shipping colliding configuration file names in stretch-backports (closes: #919915). * Apply patch from Peter Jones to forbid the "devicetree" command when Secure Boot is enabled (closes: #927888). * Make grub-efi-*-bin recommend efibootmgr. We don't actually use it any more, but it's helpful for debugging. * Fix -Wcast-align diagnostics on ARM. * Build-depend on libefiboot-dev and libefivar-dev, for EFI variable storage changes. * Drop now-unnecessary dependencies on efibootmgr. * Make signed packages depend on a matching version of grub-common, in an attempt to prevent incorrect testing migrations (closes: #924814). * Cherry-pick from upstream: - xfs: Accept filesystem with sparse inodes (closes: #924760). * Minimise writes to EFI variable storage (closes: #891434). * Add regexp module to signed UEFI images. * debian/signing-template.json.in: Use new extendable format. [ Debconf translations ] * [nb] Norwegian Bokml (Petter Reinholdtsen; closes: #924326). * debian/patches/zfs_enhance_support.patch: Enhance ZFS grub support: - Support multiple zfs systems (grouped by machine-id) - Group zfs snapshots and clones with latest dataset for a given installation. - Support "history" entry with one time boot, recovery mode and consecutive reboots. - Pin kernel to particular snapshot, trying to reboot with the exact same kernel and initrd. - Disable in 10_linux zfs support if 10_linux_zfs is installed so that we don't end up with the same installation multiple times. * debian/patches/*: - Apply ubuntu/debian specific changes of 10_linux to 10_linux_zfs. Work done with Jean-Baptiste. * debian/patches/efi-console-set-text-mode-as-needed.patch: in EFI console, only set text-mode when we're actually going to need it. * debian/build-efi-images: add http module to NET_MODULES. (LP: #1787630) * Merge against Debian unstable; remaining changes (LP: #564853): - debian/control: Update Vcs fields for code location on Ubuntu. - debian/control: Breaks shim (<< 13). - Secure Boot support: use newer patchset from rhboot repo: - many linuxefi_* patches added and modified - dropped debian/patches/linuxefi_require_shim.patch - renamed: debian/patches/no_insmod_on_sb.patch -> debian/patches/linuxefi_no_insmod_on_sb.patch - debian/patches/install_signed.patch, grub-install-extra-removable.patch: - Make sure if we install shim; it should also be exported as the default bootloader to install later to a removable path, if we do. - Rework grub-install-extra-removable.patch to reverse its logic: in the default case, install the bootloader to /EFI/BOOT, unless we're trying to install on a removable device, or explicitly telling grub *not* to do it. - Install a BOOT.CSV for fallback to use. - Make sure postinst and templates know about the replacement of --force-extra-removable with --no-extra-removable. - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the --auto-nvram option to grub-install for auto-detecting NVRAM availability before attempting NVRAM updates. - debian/build-efi-images: provide a new grub EFI image which enforces that loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is the same as grub$arch.efi minus the 'linux' module. Without fallback to 'linux' for unsigned loading, this makes it effectively enforce having a signed kernel. - Verify that the current and newer kernels are signed when grub is updated, to make sure people do not accidentally shutdown without a signed kernel. - debian/default/grub: replace GRUB_HIDDEN_* variables with the less confusing GRUB_TIMEOUT_STYLE=hidden. - debian/patches/support_initrd-less_boot.patch: Added knobs to allow non-initrd boot config. - Disable os-prober for ppc64el on the PowerNV platform, to reduce the number of entries/clutter from other OSes in Petitboot - debian/patches/shorter_version_info.patch: Only show the upstream version in menu and console, and hide the package one in a package_version variable. - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the 'text' payload if it's not supported but present in gfxpayload, such as on EFI systems. - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file fizes as block sizes in bufio: this avoids potentially seeking back in the files unnecessarily, which may require re-open files that cannot be seeked into, such as via TFTP. - debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize structs in bootpath parser. - debian/rules: shuffle files around for now to keep build artefacts for signing at the same location as they were expected by Launchpad. - debian/rules, debian/control: enable dh-systemd. - debian/grub-common.install.in: install the systemd unit that's part of initrd fallback handling, missed when the feature landed. - debian/patches/quick-boot-lvm.patch: If we don't have writable grubenv and we're on EFI, always show the menu. - debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig leaves a trace of what files were sourced to help generate the config we're building. - debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows 7 bootloader has inconsistent headers; truncate to the smaller, correct size to fix chainloading Windows 7. - debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in relocate_coff() causing issues with relocation of code in chainload. - debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less capabilities. If a kernel fails to boot without initrd, we will fallback to trying to boot the kernel with an initrd. Patch by Chris Glass. - debian/patches/grub-reboot-warn.patch: Warn when "for the next boot only" promise cannot be kept. * Refreshed patches and fixed up attribution to the right authors after merge with Debian. * debian/patches/linuxefi_missing_include.patch, debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional small fixes to casts, format strings, includes and Makefile to make sure the newer linuxefi patches apply and build properly. [ Colin Watson ] * Remove code to migrate grub-pc/install_devices to persistent device names under /dev/disk/by-id/. This migration happened in 1.98+20100702-1, which was in squeeze (four stable releases ago), so we no longer need to carry around this complex code. * Preserve previous answer to grub-pc/install_devices if we have to ask grub-pc/install_devices_disks_changed and the user chooses not to install to any devices, so that we can recover from temporary bugs that cause /dev/disk/by-id/ paths to change (closes: #919029). * debian/signing-template.json.in: Add trusted_certs key (empty, since GRUB has no hardcoded list of trusted certificates). * util: Detect more I/O errors (closes: #922741). [ Leif Lindholm ] * arm64/efi: Fix grub_efi_get_ram_base(). [ Steve McIntyre ] * grub-install: Check for arm-efi as a default target (closes: #922104). [ James Clarke ] * osdep/freebsd: Fix partition calculation for EBR entries (closes: #923253). [ Colin Watson ] * Apply patches from Alexander Graf to set arm64-efi code offset to EFI_PAGE_SIZE (closes: #919012, LP: #1812317). * Upgrade to debhelper v10. * Set Rules-Requires-Root: no. * Add help and ls modules to signed UEFI images (closes: #919955). * Fix application of answers from dpkg-reconfigure to /etc/default/grub (based loosely on a patch by Steve Langasek, for which thanks; closes: #921702). [ Steve McIntyre ] * Make grub-efi-amd64-signed recommend shim-signed (closes: #919067). [ Jeroen Dekkers ] * Initialize keyboard in at_keyboard module init if keyboard is ready (closes: #741464). [ John Paul Adrian Glaubitz ] * Include a.out header in assembly of sparc64 boot loader (closes: #921249). [ Herv Werner ] * Fix setup on Secure Boot systems where cryptodisk is in use (closes: #917117). [ Debconf translations ] * [de] German (Helge Kreutzmann and Holger Wansing; closes: #921018). * Apply patch from Heinrich Schuchardt (mentioned in #916695 though unrelated): - grub-core/loader/efi/fdt.c: do not copy random memory * Add luks modules to signed UEFI images (pointed out by Alex Griffin and Herv Werner; closes: #908162, LP: #1565950). * Keep track of the previous version of /usr/share/grub/default/grub and set UCF_FORCE_CONFFOLD=1 when running ucf if it hasn't changed; ucf can't figure this out for itself since we apply debconf-based customisations on top of the template configuration file (closes: #812574, LP: #564853). * Backport Xen PVH guest support from upstream (closes: #776450). Thanks to Hans van Kranenburg for testing. [ Colin Watson ] * Sync Maintainer/Uploaders in debian/signing-template/control.in with the main packaging. * Tell reportbug to submit bug reports against unsigned packages rather than generated signed packages. * Update Homepage, debian/copyright Source, and debian/watch to use HTTPS. * Move bash completions to /usr/share/bash-completion/completions/grub and add appropriate symlinks (closes: #912852). * Build with GCC 8 (closes: #915735). [ Leif Lindholm ] * Apply patch series (mostly) from upstream to switch the arm loader over to use the arm64 loader code and improve arm/arm64 initrd handling (closes: #907596, #909420, #915091). [ Matthew Garrett ] * Don't enforce Shim signature validation if Secure Boot is disabled. * Revise grub--bin and grub- package descriptions to try to explain better how they fit together and which one should be used (based loosely on work by Justin B Rye, for which thanks; closes: #630224). * Skip flaky grub_cmd_set_date test (closes: #906470). * Work around bug in obsolete init-select package: add Conflicts/Replaces from grub-common, and take over /etc/default/grub.d/init-select.cfg with a no-op stub (thanks to Guillem Jover for the suggestion; closes: #863801). * Build-depend on dosfstools and mtools on non-Linux variants of i386/amd64/arm64 as well, to match debian/rules. * Cherry-pick from upstream: - i386/linux: Add support for ext_lfb_base (LP: #1785033). * Don't source /etc/default/grub.d/*.cfg in config maintainer scripts, since otherwise we incorrectly merge settings from there into /etc/default/grub (closes: #872637, LP: #1797894). * Add xfs module to signed UEFI images (closes: #911147, LP: #1652822). * Cope with / being on a ZFS root dataset (closes: #886178). [ Debconf translations ] * [sv] Swedish (Martin Bagge and Anders Jonsson; closes: #851964). * Move kernel maintainer script snippets into grub2-common (thanks, Bastian Blank; closes: #910959). * Add cryptodisk and gcry_* modules to signed UEFI images (closes: #908162, LP: #1565950). * Remove dh_builddeb override to use xz compression; this has been the default since dpkg 1.17.0. * Only build *-signed packages on their native architecture for now, since otherwise we end up with clashing source packages (closes: #906596). * Refer to source packages in Built-Using, not binary packages (closes: #907483). [ Mathieu Trudel-Lapierre ] * debian/grub-check-signatures: properly account for DB showing as empty on some broken firmwares: Guard against mokutil --export --db failing, and do a better job at finding the DER certs for conversion to PEM format. (LP: #1814575) [ Steve Langasek ] * debian/patches/quick-boot-lvm.patch: checking the return value of 'lsefi' when the command doesn't exist does not do what's expected, so instead check the value of $grub_platform which is simpler anyway. LP: #1814403. * debian/grub-check-signatures: check kernel signatures against keys known in firmware, in case a kernel is signed but not using a key that will pass validation, such as when using kernels coming from a PPA. (LP: #1789918) [ Steve Langasek ] * debian/patches/quick-boot-lvm.patch: If we don't have writable grubenv and we're on EFI, always show the menu. Closes LP: #1800722. [ Mathieu Trudel-Lapierre ] * debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig leaves a trace of what files were sourced to help generate the config we're building. * debian/patches/grub-install-extra-removable.patch: install mmx64.efi to the EFI removable path to avoid boot failures after install when certs need to be enrolled and the system's firmware is confused. (LP: #1798171) [ Steve Langasek ] * debian/grub-common.install.in: install the systemd unit that's part of initrd fallback handling, missed when the feature landed. [ Mathieu Trudel-Lapierre ] * debian/rules: set DEFAULT_TIMEOUT to 0 if we've enabled FLICKER_FREE_BOOT, to avoid unnecessary delay at boot time. (LP: #1784363) [ Steve Langasek ] * debian/grub-check-signatures: Handle the case where we have unsigned vmlinuz and signed vmlinuz.efi.signed. (LP: #1788727) [ Mathieu Trudel-Lapierre ] * debian/patches/linuxefi_truncate_overlong_reloc_section.patch: The Windows 7 bootloader has inconsistent headers; truncate to the smaller, correct size to fix chainloading Windows 7. [ Steve Langasek ] * debian/rules, debian/control: enable dh-systemd. * debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less capabilities. If a kernel fails to boot without initrd, grub will fallback to trying to boot the kernel with an initrd. Patch by Chris Glass. * debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in relocate_coff() causing issues with relocation of code in chainload. (LP: #1792575) * debian/patches/grub-reboot-warn.patch: Warn when "for the next boot only" promise cannot be kept. (LP: #788298) * debian/patches/add_ext_lfb_base_support.patch: i386/linux: Add support for ext_lfb_base. (LP: #1785033) [ Mathieu Trudel-Lapierre] * Merge against Debian unstable; remaining changes: - debian/control: Update Vcs fields for code location on Ubuntu. - debian/control: Breaks shim (<< 13). - Secure Boot support: use newer patchset from rhboot repo: - many linuxefi_* patches added and modified - dropped debian/patches/linuxefi_require_shim.patch - renamed: debian/patches/no_insmod_on_sb.patch -> debian/patches/linuxefi_no_insmod_on_sb.patch - debian/patches/install_signed.patch, grub-install-extra-removable.patch: - Make sure if we install shim; it should also be exported as the default bootloader to install later to a removable path, if we do. - Rework grub-install-extra-removable.patch to reverse its logic: in the default case, install the bootloader to /EFI/BOOT, unless we're trying to install on a removable device, or explicitly telling grub *not* to do it. - Move installing fb$arch.efi to --no-extra-removable; as we don't want fallback to be installed unless we're also installing to /EFI/BOOT. (LP: #1684341) - Install a BOOT.CSV for fallback to use. - Make sure postinst and templates know about the replacement of --force-extra-removable with --no-extra-removable. - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the --auto-nvram option to grub-install for auto-detecting NVRAM availability before attempting NVRAM updates. - debian/build-efi-images: provide a new grub EFI image which enforces that loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is the same as grub$arch.efi minus the 'linux' module. Without fallback to 'linux' for unsigned loading, this makes it effectively enforce having a signed kernel. (LP: #1401532) - Verify that the current and newer kernels are signed when grub is updated, to make sure people do not accidentally shutdown without a signed kernel. - debian/default/grub: replace GRUB_HIDDEN_* variables with the less confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597) - debian/patches/support_initrd-less_boot.patch: Added knobs to allow non-initrd boot config. (LP: #1640878) - Disable os-prober for ppc64el on the PowerNV platform, to reduce the number of entries/clutter from other OSes in Petitboot (LP: #1447500) - debian/patches/shorter_version_info.patch: Only show the upstream version in menu and console, and hide the package one in a package_version variable. (LP: #1723434) - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the 'text' payload if it's not supported but present in gfxpayload, such as on EFI systems. (LP: #1711452) - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file fizes as block sizes in bufio: this avoids potentially seeking back in the files unnecessarily, which may require re-open files that cannot be seeked into, such as via TFTP. (LP: #1743249) * util/grub-install.c: Drop extra handling for x.efi.signed files for mok and fallback binaries: shim now installs them without the .signed extension. (LP: #1708245) - debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and the casting they do on some architectures: we don't want to fail build because of some of the warnings that can show up since we otherwise build with -Werror. * debian/rules: shuffle files around for now to keep putting build artefacts for signing at the same location as they were expected by Launchpad. [ Julian Andres Klode ] * debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize structs in bootpath parser. Fixes netboot issues on ppc64el. (LP: #1785859) [ Colin Watson ] * Change Maintainer to pkg-grub-devel@alioth-lists.debian.net, following Alioth lists migration. * Backport from upstream: - Use grub-file to figure out whether multiboot2 should be used for Xen.gz (closes: #898947). - x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32. * Fix some test failures: - Disable sercon in SeaBIOS. - Fix qemu options for UHCI test. [ Philipp Hahn ] * Disallow unsigned kernels if UEFI Secure Boot is enabled (patch by Linn Crosetto ) * Add patch to fix lockdown mode (patch by Luca Boccassi ) * Build monolithic EFI binaries for signing (closes: #851994) * Add template for signing monolithic EFI binaries * debian/build-efi-images: Use correct EFI vendor (closes: #769172) [ Luca Boccassi ] * template packages: install changelog and copyright * Override lintian error about template rules file * Add XB-Efi-Vendor metadata to efi-*-bin packages * Adjust restore_mkdevicemap.patch to fix format-overflow warning with GCC 7 (the overflow was in fact impossible in practice, but GCC couldn't prove that). * Cherry-pick upstream patch to disable -Wformat-truncation on GCC >= 7 in printf_unit_test. * Build with GCC 7 (closes: #892397). * sparc64: Don't use devspec to determine the OBP path (closes: #854568). * ieee1275: Fix crash in of_path_of_nvme when of_path is empty (closes: #891773). * sparc64: Limit nvme of_path_of_nvme to just SPARC. * Build-depend on libparted-dev on powerpc and ppc64 (closes: #891070). * Add support for modern sparc64 hardware (thanks, Eric Snowberg via John Paul Adrian Glaubitz; closes: #854568). * Build without PIE on sparc and sparc64 (thanks, John Paul Adrian Glaubitz; closes: #891733). * Switch to tracking debian/grub-extras/ using "git subtree" rather than submodules. * Update debian/README.source for Salsa migration. * Use pkg-config to find FreeType (closes: #887721). * Change various binary packages' priorities to optional, since "Priority: extra" is now deprecated. * Repack upstream tarball without grub-core/lib/libgcrypt*/cipher/crc.c, and provide a replacement implementation backported from more recent versions of libgcrypt (closes: #745409). * Cherry-pick upstream patch to avoid -Werror=unused-value build failure (closes: #890431). * Handle the case where udevadm exists but is non-functional, as warned about by Lintian 2.5.75. * Use current location for upstream signing key (debian/upstream/signing-key.asc). * Update upstream signing key to a non-expired version. * Install bootinfo.txt and grub.chrp in grub-ieee1275-bin for ppc64, and install and use prep-bootdev on powerpc and ppc64 as well as ppc64el (thanks, John Paul Adrian Glaubitz; closes: #881730). * Cherry-pick upstream patch to change the default TSC calibration method to pmtimer on EFI systems (closes: #883193). * Move VCS to salsa.debian.org. * Consistently create /boot/grub in the postinst of all grub- packages (closes: #884883). [ Debconf translations ] * [sq] Albanian (Silva Arapi; closes: #874497). * debian/patches/tests_update_for_new_qemu.patch: update qemu options to remove deprecated options that fail tests. * debian/patches: fix up busted patches due to git-dpm: - debian/patches/add-an-auto-nvram-option-to-grub-install.patch - debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch * debian/patches/r_x86_64_plt32-is-like-r_x86_64_pc32.patch: For the purpose of grub-mkimage, the R_X86_64_PLT32 relocation is basically the same as R_X86_64_PC32. Make R_X86_64_PLT32 supported. * debian/default/grub: replace GRUB_HIDDEN_* variables with the more concise and less confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597) * Verify that the current and newer kernels are signed when grub is updated, to make sure people do not accidentally shutdown without a signed kernel. * debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch: In the grub-shell test helper, disable seabios's serial console through fw_cfg runtime configuration as its boot output interferes with testing. (LP: #1775249) * debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the --auto-nvram option to grub-install for auto-detecting NVRAM availability before attempting NVRAM updates. * Drop debian/patches/mkconfig_keep_native_term_active.patch, which can lead to flickering between graphical and text mode when traversing the menu. (LP: #1752767) * debian/patches/yylex-explicitly_cast_fprintf_to_void.patch: Fix FTBFS with flex 2.6.4. [ Julian Andres Klode ] * debian/patches/shorter_version_info.patch: Only show the upstream version in menu and console, and hide the package one in a package_version variable. (LP: #1723434) [ Mathieu Trudel-Lapierre ] * debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the 'text' payload if it's not supported but present in gfxpayload, such as on EFI systems. (LP: #1711452) [ Steve Langasek ] * debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file fizes as block sizes in bufio: this avoids potentially seeking back in the files unnecessarily, which may require re-open files that cannot be seeked into, such as via TFTP. (LP: #1743249) * debian/patches/mkconfig_keep_native_term_active.patch: Keep the default EFI console active while enabling gfxterm. (LP: #1743884) * debian/patches/vt_handoff.patch: modify the existing patch to set vt.handoff=1 instead of vt.handoff=7 as we now start display managers on vt1 anyway. This also fixes issues with netboot installed server systems not displaying the login prompt on boot. (LP: #1675453) * util/grub-install.c: Drop extra handling for x.efi.signed files for mok and fallback binaries: shim now installs them without the .signed extension. (LP: #1708245) * debian/control: Breaks shim (<< 13). * Cherry-pick upstream patch to change the default TSC calibration method to pmtimer on EFI systems (LP: #1734278) * debian/control: Update Vcs fields for code location on Ubuntu. * Merge with Debian; remaining changes: - debian/patches/support_initrd-less_boot.patch: Added knobs to allow non-initrd boot config. (LP: #1640878) - Disable os-prober for ppc64el on the PowerNV platform, to reduce the number of entries/clutter from other OSes in Petitboot (LP: #1447500) - debian/build-efi-images: provide a new grub EFI image which enforces that loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is the same as grub$arch.efi minus the 'linux' module. Without fallback to 'linux' for unsigned loading, this makes it effectively enforce having a signed kernel. (LP: #1401532) - debian/patches/install_signed.patch, grub-install-extra-removable.patch: - Make sure if we install shim; it should also be exported as the default bootloader to install later to a removable path, if we do. - Rework grub-install-extra-removable.patch to reverse its logic: in the default case, install the bootloader to /EFI/BOOT, unless we're trying to install on a removable device, or explicitly telling grub *not* to do it. - Move installing fb$arch.efi to --no-extra-removable; as we don't want fallback to be installed unless we're also installing to /EFI/BOOT. (LP: #1684341) - Make sure postinst and templates know about the replacement of --force-extra-removable with --no-extra-removable. * Sync Secure Boot support patches with the upstream patch set from rhboot/grub2:master-sb. Renamed some patches and updated descriptions for the whole thing to make more sense, too: - dropped debian/patches/linuxefi_require_shim.patch - renamed: debian/patches/no_insmod_on_sb.patch -> debian/patches/linuxefi_no_insmod_on_sb.patch - debian/patches/linuxefi.patch - debian/patches/linuxefi_debug.patch - debian/patches/linuxefi_non_sb_fallback.patch - debian/patches/linuxefi_add_sb_to_efi_chainload.patch - debian/patches/linuxefi_cleanup_errors_in_loader.patch - debian/patches/linuxefi_fix_efi_validation_race.patch - debian/patches/linuxefi_handle_multiarch_boot.patch - debian/patches/linuxefi_honor_sb_mode.patch - debian/patches/linuxefi_move_fdt_helper.patch - debian/patches/linuxefi_load_arm_with_sb.patch - debian/patches/linuxefi_minor_cleanups.patch - debian/patches/linuxefi_re-enable_linux_cmd.patch - debian/patches/linuxefi_rework_linux16_cmd.patch - debian/patches/linuxefi_rework_linux_cmd.patch - debian/patches/linuxefi_rework_non-sb_efi_chainload.patch - debian/patches/linuxefi_rework_pe_loading.patch - debian/patches/linuxefi_use_dev_chainloader_target.patch * debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and the casting they do on some architectures: we don't want to fail build because of some of the warnings that can show up since we otherwise build with -Werror. * Comment out debian/watch lines for betas and pre-releases for now. * Cherry-pick upstream patch to allow mounting ext2/3/4 file systems that have the 'encrypt' feature enabled (closes: #840204). * New upstream release. - xen: Fix wrong register in relocator (closes: #799480). * Resolve symlinks for supported init paths as well as for /sbin/init (thanks, Felipe Sateler; closes: #842315). [ Debconf translations ] * [sr] Serbian (Karolina Kalic; closes: #691288). * [sr@latin] Serbian Latin (Karolina Kalic; closes: #691289). * [pt] Portuguese (Rui Branco - DebianPT; closes: #864171). [ Steve McIntyre ] * Make grub-install check for errors from efibootmgr (closes: #853234). There are probably still underlying issues in other similar reported bugs, but they're more effectively tracked elsewhere (e.g. efibootmgr) at this point (closes: #756253, #852513). [ Debconf translations ] * [ug] Uyghur (Abduqadir Abliz). * [es] Spanish (Manuel "Venturi" Porras Peralta; closes: #852977). * debian/patches/headers_for_device_macros.patch, debian/patches/fix_check_for_sys_macros.patch: make sure the right device macro header is included and that the deprecation warning is dealt with. LP: #1722955. * debian/patches/mount-ext4-fs-with-crypto-enabled.patch: Allow grub to mount an EXT4 partition that has the 'encrypt' feature enabled (closes: 840204) * debian/patches/linuxefi.patch: fix double-free caused by an extra grub_free() call in this patch (which the previous upload didn't change). * debian/patches/linuxefi_rework_non-sb_cases.patch, debian/patches/linuxefi_non_sb_fallback.patch: refreshed. * debian/patches: Rework linuxefi/SecureBoot support and sync with upstream SB patch set: - linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its chainloader. - linuxefi_fix_validation_race.patch: Fix a race in validating images. - linuxefi_chainloader_path.patch: honor the starting path for grub, so images do not need to be started from $root. - linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use when Secure Boot is enabled. - linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all loaders: don't load the commands when Secure Boot is enabled. - linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and initrd commands to automatically hand-off to linuxefi/initrdefi; re- enable the linux loader. - linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading "special" PE images, such as Windows'. - linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is disabled or shim validation is disabled so loading works as EFI binaries when it is supposed to. - Removed linuxefi_require_shim.patch; superseded by the above. * debian/patches/install_signed.patch, grub-install-extra-removable.patch: - Make sure if we install shim; it should also be exported as the default bootloader to install later to a removable path, if we do. - Rework grub-install-extra-removable.patch to reverse its logic: in the default case, install the bootloader to /EFI/BOOT, unless we're trying to install on a removable device, or explicitly telling grub *not* to do it. - Move installing fb$arch.efi to --no-extra-removable; as we don't want fallback to be installed unless we're also installing to /EFI/BOOT. (LP: #1684341) * debian/build-efi-images: provide a new grub EFI image which enforces that loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is the same as grub$arch.efi minus the 'linux' module. Without fallback to 'linux' for unsigned loading, this makes it effectively enforce having a signed kernel. (LP: #1401532) * Merge with Debian; remaining changes: - debian/patches/support_initrd-less_boot.patch: Added knobs to allow non-initrd boot config. (LP: #1640878) - Disable os-prober for ppc64el on the PowerNV platform, to reduce the number of entries/clutter from other OSes in Petitboot (LP: #1447500) [ Colin Watson ] * Drop build-dependency on libxen-dev, unnecessary now that upstream has taken a copy of the necessary public headers. * Ensure that build-efi-images has a suitable PATH for running mkfs.msdos (thanks, Luca Boccassi; closes: #852001). [ dann frazier ] * Add grub2/update_nvram template to allow users to disable NVRAM updates during package upgrades (LP: #1642298). [ Debconf translations ] * [ro] Romanian (Andrei POPESCU). * [kk] Kazakh (Baurzhan Muftakhidinov). * [lt] Lithuanian (Rimas Kudelis). * [th] Thai (Theppitak Karoonboonyanan). * [sl] Slovenian (Vanja Cvelbar). * [pl] Polish (ukasz Dulny). * [eu] Basque (Iaki Larraaga Murgoitio; closes: #851981). * [bg] Bulgarian (Damyan Ivanov; closes: #852024). * [de] German (Helge Kreutzmann; closes: #852027). * [vi] Vietnamese (Trn Ngc Qun). * [ko] Korean (Changwoo Ryu; closes: #852061). * [ru] Russian (Yuri Kozlov; closes: #852064). * [tr] Turkish (Mert Dirik). * [it] Italian (Luca Monducci; closes: #852073). * [cs] Czech (Miroslav Kure; closes: #852189). * [be] Belarusian (Viktar Siarheichyk; closes: #852286). * [eo] Esperanto (Felipe Castro). * [uk] Ukrainian (Yatsenko Alexandr). * [pt_BR] Brazilian Portuguese (Adriano Rafael Gomes; closes: #852325). * [hr] Croatian (Tomislav Krznar). * [ca] Catalan (Innocent De Marchi; closes: #852331). * [fr] French (Baptiste Jammet; closes: #852341). * [da] Danish (Joe Hansen; closes: #852349). * [nl] Dutch (Frans Spiesschaert; closes: #852403). [ Chad MILLER ] * Signal to zpool that it should emit full names of constituent devices (closes: #824974, LP: #1527727). [ Mathieu Trudel-Lapierre ] * Fix support for IPv6 PXE booting under UEFI (LP: #1229458): - misc-fix-invalid-char-strtol.patch: fix strto*l methods invalid chars. - net_read_bracketed_ipv6_addr.patch: read bracketed IPv6 addresses. - bootp_new_net_bootp6_command.patch: add new bootp6 commands. - efinet_uefi_ipv6_pxe_support.patch: teach efinet to allow bootp6. - bootp_process_dhcpack_http_boot.patch: process DHCPACK, support HTTP. - efinet_set_network_from_uefi_devpath.patch: configure network from the devpath provided by the UEFI firmware. - efinet_set_dns_from_uefi_proto.patch: set DNS nameservers and search domains from the UEFI protocol. * debian/patches/install_signed.patch: update patch for the new names of the EFI binaries from shim. * debian/control: Breaks shim (<< 0.9+1474479173.6c180c6-0ubuntu1~) due to the renamed binaries in the new shim. * debian/postinst.in: call on to update-secureboot-policy on configure to make sure users can disable shim validation if necessary. * debian/build-efi-images: add loopback and squash4 modules to the signed EFI images. * debian/watch: Switch URL scheme to HTTP. * Fix operator precedence in GRUB_DEVICE UUID tests (closes: #841680, #841741). [ Colin Watson ] * New upstream beta release. * syslinux_test: Fix out-of-tree build handling. * Drop "grub-shell: Pass -no-pad to xorriso when building floppy images". The floppy images built by grub-shell are no longer over the floppy limit, and this patch now itself causes fddboot_test failures. * Build with GCC 6 (closes: #835964). * linuxefi.patch: Adjust for libgcc removal. * Apply openSUSE patch to accept empty modules for now so that Xen builds work. [ Debconf translations ] * [ja] Japanese (Takuma Yamada; closes: #815203, #817084). [ Martin Pitt ] * debian/grub-common.init: Don't source /lib/init/vars.sh, we don't depend on initscripts (and don't want to). There is no reason why we would not use the LSB log_action_msg in non-verbose (default) mode, most other packages use it unconditionally (closes: #824875, LP: #1584134). [ Steve Beattie ] * debian/rules: Disable PIE builds for GRUB modules (closes: #837493). [ Colin Watson ] * Use HTTPS for Vcs-Git URL. * Add zfs, zfscrypt, and zfsinfo to signed EFI images (LP: #1542358). [ Martin Pitt ] * debian/postinst.in, debian/kernel/zz-update-grub: Call systemd-detect-virt (which works under any init system, despite the name) instead of the Ubuntu specific running-in-container wrapper. (LP: #1539016) * Apply the arm64 -mpc-relative-literal-loads workaround in configure rather than in debian/rules, to cope with toolchains that don't have the relevant patch applied. [ Colin Watson ] * Remove duplicate Replaces on grub-ieee1275 (<< 2.00-4) from grub2-common. * Refer to /usr/share/common-licenses/GPL-3 rather than /usr/share/common-licenses/GPL. * Cherry-pick upstream patches to add more ACPI opcodes to acpihalt (closes: #766853, LP: #1530648). * Drop build-dependency on libusb-dev, since it was currently unused in any case; also explicitly configure with --disable-grub-emu-usb to avoid possible future ambiguity (closes: #810421). * Use dpkg-maintscript-helper to convert directories to symlinks in various upgrade cases, in place of hand-coded equivalents. * Change versioned Conflicts from grub-common and grub2-common into Breaks or Breaks+Replaces as appropriate. * Remove pragmas related to -Wunreachable-code (closes: #812047). * Temporarily work around arm64 build failure with gcc-5 >= 5.3.1-4 using -mpc-relative-literal-loads. * Backport various ZFS improvements from trunk (closes: #706415, #772797; LP: #1451476, #1530457). [ Didier Roche ] * Use new plymouth theme path to set grub theme configuration. [ Mathieu Trudel-Lapierre ] * Cherry-picks to better handle TFTP timeouts on some arches: (LP: #1521612) - (7b386b7) efidisk: move device path helpers in core for efinet - (c52ae40) efinet: skip virtual IP devices when enumerating cards - (f348aee) efinet: enable hardware filters when opening interface [ Lee Trager ] * Add raid5rec and raid6rec to signed EFI images (closes: #807385). [ Colin Watson ] * CVE-2015-8370: Fix authentication bypass via backspace integer underflow (closes: #808122). [ Mathieu Trudel-Lapierre ] * Cherry-pick patch to add SAS disks to the device list from the ofdisk module. (LP: #1517586) [ dann frazier ] * Cherry-pick patch to open Simple Network Protocol exclusively. (LP: #1508893) [ Linn Crosetto ] * Install arm64 signed images if UEFI Secure Boot is enabled (closes: #806178). * Cherry-pick upstream patch to fix XFS alignment treatment. * Cherry-pick upstream patch to fix XFS handling of symlink with crc-enabled filesystem. [ dann frazier ] * arm64/setjmp: Add missing license macro. (LP: #1459871) [ Colin Watson ] * Cherry-pick upstream patches for XFS v5 support (closes: #772565). [ Linn Crosetto ] * Clean up docs, mpi, and other files (closes: #798607). [ dann frazier ] * progress: avoid NULL dereference for net files. (LP: #1459872) * Reduce the CFLAGS -O3 default on Ubuntu ppc64el to -O2; it introduces various -Werror failures and isn't worth it here. [ Felix Zielcke ] * Remove Robert Millan from Uploaders with his permission. Thanks for all the work he did for GRUB 2! * Stop forcing gcc-4.9 for building. * Update to Policy 3.9.6. * Update the Browser URL for our git repository. * Use dpkg-buildflags at least for the host binaries. * Simplify Build-Depends. [ Colin Watson ] * Go back to forcing a particular compiler version, but this time gcc-5. The reason for this is that new compiler versions often make slight changes to the size of compiled code which break delicate parts of GRUB, and we want to make sure that we test newer versions before switching to them. * Make builds that are not limited to architecture-dependent packages (i.e. dpkg-buildpackage -b) work on non-x86 architectures (closes: #744954). [ Mathieu Trudel-Lapierre ] * debian/build-efi-images: Look for grub.cfg in $cmdpath too in gcdx64.efi, to simplify embedded scenarios: putting a grub.cfg snippet that loads the right "real" grub.cfg can be useful. (LP: #1468111) * debian/patches/uefi_firmware_setup.patch: Take into account that the UEFI variable OsIndicationsSupported is a bit field, and as such should be compared as hex values in 30_uefi-firmware.in. (LP: #1456911) * Update quick boot logic to handle abstractions for which there is no write support. (LP: #1274320) [ dann frazier ] * d/p/arm64-set-correct-length-of-device-path-end-entry.patch: Fixes booting arm64 kernels on certain UEFI implementations. (LP: #1476882) [ Debconf translations ] * [lv] Latvian (Rudolfs Mazurs; closes: #777648). [ William Grant ] * Fix linuxefi module to be included on x86_64-efi rather than amd64-efi. amd64-efi isn't a thing. (LP: #1464959) [ Steven Chamberlain ] * Recognise Xen xbd and KVM virtio disks on kFreeBSD (closes: #786621). * Build-depend on dosfstools and mtools on arm64 as well as amd64. [ Mathieu Trudel-Lapierre ] * Fix handling of --disk-module option (cherry-pick from fa335308). (Closes: #746596, LP: #1309735) * Fix double-free of LV names for mdraid (cherry-pick from fc535b32). (LP: #1330963) [ dann frazier ] * Build image tarball on arm64 * Only include linuxefi module in images for amd64. This module doesn't exist on other platforms like arm64, where GRUB chainloads to the kernel EFI stub. [ Paulo Flabiano Smorigo ] * powerpc: Add a flag to avoid unnecessary optimizations (like vsx) (LP: #1459706). [ Debconf translations ] * [da] Danish (Joe Dalton; closes: #781333). [ Felix Zielcke ] * Run the tests with LC_MESSAGES=C.UTF-8. Some tests fail with non english locale. (Closes: #782580) [ Mathieu Trudel-Lapierre ] * Backport from upstream: - arp, icmp: Fix handling in case of oversized or invalid packets. (LP: #1428005) [ Robie Basak ] * Change the default GRUB_RECORDFAIL_TIMEOUT to 30, so interactive users still get the opporunity to intervene after a real boot failure, but headless users will not end up stuck after boot failures that were really power failures (closes: #782552, LP: #1443735). * Make grub-common's Suggests on grub-emu architecture-specific, to quieten debcheck. * Remove unnecessary feature test macros from hostfs, to fix building with glibc 2.20. * Backport from upstream: - Fix UEFI boot failure with some firmware that returns incorrect paths (closes: #735960). [ Mathieu Trudel-Lapierre ] * Fix overlap check in check_blocklists for load_env (backported patch from upstream commit 1f6af2a9; LP: #1311247). [ Steve McIntyre ] * Add support for running a 64-bit Linux kernel on a 32-bit EFI (closes: #775202). [ Colin Watson ] * Use mtmsr rather than mtmsrd in ppc64el-disable-vsx.patch, since the "VSX Available" bit is in the lower half of the MSR anyway, and mtmsrd faults on 32-bit systems (closes: #776400). [ Colin Watson ] * Generate alternative init entries in advanced menu (closes: #757298, #773173). * When configuring grub-pc, copy unicode.pf2 to /boot/grub/ even if /boot/grub/grub.cfg does not exist yet; this matches the behaviour of grub-efi-* (thanks, Luca Capello; closes: #617196). [ Debconf translations ] * [fi] Finnish (Timo Jyrinki; closes: #774060). * [mr] Marathi (sampada nakhare; closes: #773901). [ Steve McIntyre ] * Handle case insensitivity of VFAT filesystem on /boot/EFI when installing extra cpoy of grub-efi to the removable media path /boot/efi/EFI/BOOT/BOOT$ARCH.EFI (Closes: #773092) * Make the force_efi_extra_removable debconf prompt only show up when configuring grub-*efi*. Closes: #773004 [ Ian Campbell ] * Improvements to English wording of new debconf template from Justin B Rye. * Add debian/README.source. [ Debconf translations ] * [eu] Basque (Iaki Larraaga Murgoitio, Closes: #772946) * [be] Belarusian (Viktar Siarheichyk, Closes: #773054) * [pt_BR] Brazilian Portuguese (Adriano Rafael Gomes, Closes: #773682) * [bg] Bulgarian (Damyan Ivanov, Closes: #772878) * [cs] Czech (Miroslav Kure, Closes: #772924) * [nl] Dutch (Frans Spiesschaert, Closes: 773637) * [eo] Esperanto (Felipe Castro, Closes: #773096) * [fi] Finnish (Timo Jyrinki, Closes: #772921) * [fr] French (Christian PERRIER, Closes: #772771) * [de] German (Martin Eberhard Schauer, Closes: #773664) * [el] Greek (Panagiotis Georgakopoulos, Closes: #773068) * [he] Hebrew (Omer Zak, Closes: #773377) * [is] Icelandic (Sveinn Felli, Closes: #772922) * [it] Italian (Luca Monducci, Closes: #773553) * [kk] Kazakh (Baurzhan Muftakhidinov, Closes: #772916) * [lt] Lithuanian (Rimas Kudelis, Closes: #773060) * [pl] Polish (ukasz Dulny, Closes: #772930) * [ro] Romanian (Andrei POPESCU, Closes: #773349) * [ru] Russian (Yuri Kozlov, Closes: #773211) * [sl] Slovenian (Vanja Cvelbar, Closes: #773508) * [es] Spanish (Manuel "Venturi" Porras Peralta, Closes: #773222) * [sv] Swedish (Martin Bagge & Anders Jonsson, Closes: 773208) * [th] Thai (Theppitak Karoonboonyanan, Closes: #773160) * [zh_TW] Traditional Chinese (Vincent W. Chen, Closes: #773418) * [tr] Turkish (Mert Dirik, Closes: #773666) [ Steve McIntyre ] * Add support for forcing an extra copy of grub-efi to the removable media path /boot/efi/EFI/BOOT/BOOT$ARCH.EFI (#767037) [ Ian Campbell ] * Add myself to Uploaders. [ Colin Watson ] * Fix up some pointer-to-integer casts in linuxefi so that it can build on i386-efi. * Backport from upstream: - Fix typo (gettext_print instead of gettext_printf) (LP: #1390766). [ Ian Campbell ] * Correct syntax error in grub-xen-host bootstrap configuration file. * Log failure when grub-install fails in postinst, rather than failing the entire postinst. (Closes: #770412) * Arrange to insmod xzio and lzopio when booting a kernel as a Xen guest. (Closes: #755256) [ Ian Campbell ] * Provide prebuilt grub-xen binaries for host use in a new grub-xen-host package. * Build/Install binaries into /boot/xen when installing grub-xen. * Disable nvram installation again on chrp_ibm machines that are emulated by qemu; that doesn't have nvram devices so the nvram utility inevitably fails. * On architectures without a real GRUB port, just build the utilities. This makes tools such as grub-probe and grub-fstest available everywhere, and makes grub-mount available on all Linux and kFreeBSD architectures. * Remove .MIPS.abiflags section from images (thanks, Jurica Stanojkovic, although I used a slightly simpler approach; closes: #762307). * Include a text attribute reset in the clear command for ppc (LP: #1295255). * Disable VSX instruction on powerpc startup to fix booting on ppc64el. * Stop adding a CHRP note on chrp_ibm machines, since that apparently breaks PowerVM and isn't needed on other machine types as far as we can tell (LP: #1334793). * Refactor flicker-free-boot configuration in debian/rules to reduce duplication. * Disable flicker-free-boot on Ubuntu ppc64el for now, as it isn't needed there and causes too many problems (LP: #1338471). * Use nvram rather than nvsetenv on chrp_ibm machines, since that tool is better-supported and copes with such things as nvram being missing in qemu. * Remove brace-expansion from the postrm, and switch the preinst and postrm to /bin/sh (closes: #762940). * On ppc64el, look for a PReP partition and install the core image to the first one if found. For now this is done by borrowing prep-bootdev.c from grub-installer, incurring a dependency on libparted. * Drop gcc-4.9-multilib build-dependency on ppc64el again. [ Colin Watson ] * Point Vcs-* fields back at master. * Support grub-emu on x32 (closes: #760428). * Adjust packaging for x32: - Build-depend on cpio on x32 as well. - Make grub-efi-ia32-bin and grub-efi-amd64-bin depend on efibootmgr on any Linux architecture for which they are built (in practice, adding x32). - Build grub-mount-udeb on x32 as well. - Add Lintian binary-from-other-architecture overrides where appropriate. * Apply patches from Paulo Flabiano Smorigo to allow building a 32-bit big-endian loader on ppc64el using -m32 -mbig-endian, replacing the cross-compiler hack. [ Ian Campbell ] * Add dependency on efibootmgr to grub-efi-{arm,arm64}-bin. * Force grub-pc/mixed_legacy_and_grub2 to be reshown, rather than failing when it was already seen (closes: #749571). * Build with GCC 4.9 (closes: #748003). * Build for sparc64 (closes: #753784). * Fix an infinite loop in grub-mkconfig when kernel paths contain regex metacharacters. Thanks to Heimo Stranner for the report. * On upgrade, if we find that one of the install devices no longer exists, ask the debconf question at priority critical rather than high. [ Colin Watson ] * Add the true module to the signed image, since 05_debian_theme uses it. Thanks to Dimitri John Ledkov for the report. * Limit test suite parallelisation to 1; the test suite seems to have some isolation problems at higher levels at the moment (closes: #746856). * Simplify override_dh_install a bit. * Backport patches from upstream to make the network stack more responsive on busy networks (LP: #1314134). [ Dimitri John Ledkov ] * Add support for nvme device in grub-mkdevicemap (closes: #746396, LP: #1275162). [ Debconf translations ] * Korean (Changwoo Ryu, closes: #745559). * Backport from upstream: - Tolerate devices with no filesystem UUID returned by os-prober (LP: #1287436). [ Colin Watson ] * Backport from upstream: - ieee1275: check for IBM pseries emulated machine. - Fix partmap, cryptodisk, and abstraction handling in grub-mkconfig (closes: #735935). - btrfs: fix get_root key comparison failures due to endianness. * Build-depend on automake (>= 1.10.1) to ensure that it meets configure's requirements (LP: #1299041). * When installing an image for use with UEFI Secure Boot, generate a load.cfg even if there are no device abstractions in use (LP: #1298399). [ Jon Severinsson ] * Add Tanglu support, as in Debian except: - Enable splash screen by default (as Ubuntu) - Enable quiet and quick boot (as Ubuntu) - Enable the grub-common init script (as Ubuntu) - Enable dynamic gfxpayload (as Ubuntu) - Enable vt handover (as Ubuntu) - Use monochromatic theme by default (as Ubuntu) - Use Tanglu GRUB wallpaper by default. * Fix shift-held-down test not to clear other modifier key states (LP: #843804). * Explicitly pass an appropriate --target to grub-install in the postinst (suggested by Jordan Uggla). * Backport from upstream: - Use bootaa64.efi instead of bootaarch64.efi on arm64 to comply with EFI specification. Also use grubaa64.efi for consistency. * Install bootinfo.txt and grub.chrp into grub-ieee1275-bin on powerpc and ppc64el. * Port yaboot logic to improve installation for various powerpc machine types. * Improve parsing of /etc/default/grub.d/*.cfg in C utilities (LP: #1273694). * Run grub-install on install or upgrade on grub-ieee1275/ppc64el. * Add a number of EFI debugging commands to the signed image (lsefi, lsefimmap, lsefisystab, lssal). * Add gfxterm_background to the signed image so that background_image works in UEFI Secure Boot mode. Thanks to syscon-hh for the report. * Remove redundant build-dependencies on autoconf and automake, covered by dh-autoreconf. * In --enable-quick-boot mode, restore previous behaviour of using a hidden timeout if GRUB_HIDDEN_TIMEOUT=0 (thanks to Sebastien Bacher for the report). * Disable cpio test on kFreeBSD again for now; it fails within cpio itself with "field width not sufficient for storing rdev minor". * Copy shim.efi.signed to the correct path in UEFI Secure Boot mode. Thanks to syscon-hh for the report. * Pass VERBOSE=1 when running tests so that Automake will print test logs on failure. * Adjust Vcs-* fields to indicate the experimental branch. * Build-depend on cpio on architectures where we run the test suite, for tests/cpio_test.in. * Ignore EPERM when modifying kern.geom.debugflags on FreeBSD, fixing tests. * Convert patch handling to git-dpm. * Add bi-endian support to ELF parser (Tomohiro B Berry). * Adjust restore_mkdevicemap.patch to mark get_kfreebsd_version as static, to appease "gcc -Werror=missing-prototypes". * Cherry-pick from upstream: - Change grub-macbless' manual page section to 8. * Install grub-glue-efi, grub-macbless, grub-render-label, and grub-syslinux2cfg. * grub-shell: Pass -no-pad to xorriso when building floppy images. * New upstream beta release. * Drop qemu-utils build-dependency; the test suite no longer uses qemu-img. * Build grub-common, grub2-common, grub-themes-starfield, and grub-mount on ARM and ARM64 architectures. * Install grub-mkrescue in grub-common on all architectures. * Make grub-efi-ia32, grub-efi-amd64, and grub-efi-ia64 conflict with elilo. * Adjust the postinst of grub-efi-ia64, grub-efi-arm, and grub-efi-arm64 to keep the EFI System Partition up to date with grub-install after it has been run once, like grub-efi-ia32 and grub-efi-amd64 already do. * Regularise indentation of "recordfail" in /etc/grub.d/10_linux. * Add alpha.gnu.org to debian/watch, for pre-releases. * Add OpenPGP signature checking configuration to watch file. * Drop mkconfig_skip_dmcrypt.patch; it breaks GRUB_ENABLE_CRYPTODISK=y, which is a better fix for the original problem (closes: #732245). * Fix mismerge of mkconfig_loopback.patch. * Build for ppc64el, using a powerpc cross-compiler at least for now. * Don't run gettext_strings_test; this test is mainly useful as an upstream maintenance check. * Silence warning if /usr/share/locale-langpack does not exist (closes: #732595). * Remove debian/grub-common.preinst, superseded by .maintscript files. * Install grub-file in grub-common. * Fix crash due to pointer confusion in grub-mkdevicemap, introduced while converting away from nested functions in 2.00+20131208-1. * New upstream snapshot. - Skip issuing cursor on/off sequences on Macs (closes: #683068). - Move grub-mknetdir to /usr/bin (closes: #688799). - Apply program name transformations at build-time rather than at run-time (closes: #696465). - Add info documentation for grub-mount (closes: #666427). - Clean up dangling references to grub-setup (LP: #1082045). - Avoid installing to sectors matching the signature of an Acer registration utility with several sightings in the wild (LP: #987022). - Document the need for GRUB_DEFAULT=saved in grub-set-default(8) (LP: #1102925). - Fix missing PVs if they don't contain an "interesting" LV (probably closes: #650724, #707613). - Reimplement grub-reboot to not depend on saved_entry (closes: #707695, LP: #704406). - Fix Ctrl-u handling to copy the killed characters to the kill buffer as UCS4 stored as grub_uint32_t rather than as 8-bit characters stored as char (closes: #710076). - Fix inconsistent use of GRUB_CRYPTODISK_ENABLE and GRUB_ENABLE_CRYPTODISK (LP: #1232237). - Support GRUB_DISABLE_SUBMENU configuration, and document submenu usage in grub-reboot(8) (closes: #690538). - Don't decompress initrd when booting with Xen (closes: #700197). - Document how to delete the whole environment block (closes: #726265). - Revamp hidden timeout handling by adding a new timeout_style environment variable and a corresponding GRUB_TIMEOUT_STYLE configuration key for grub-mkconfig. This controls hidden-timeout handling more simply than the previous arrangements, and pressing any hotkeys associated with menu entries during the hidden timeout will now boot the corresponding menu entry immediately (LP: #1178618). As part of merging this, radically simplify the mess that quick_boot.patch had made of /etc/grub.d/30_os-prober; if it finds other OSes it can now just set timeout_style=menu and make sure the timeout is non-zero. - On Linux, read partition start offsets from sysfs if possible (LP: #1237519). - New ports to arm-uboot, arm-efi, arm64-efi, i386-xen, and x86_64-xen. * Add grub-uboot*, grub-efi-arm*, and grub-xen* binary packages. * Ignore functional test failures for now as they are broken. * Move working directories around (build/ -> obj/, build/stamps -> debian/stamps) so that "debian/rules build" still works after working directories have been created. * Drop "grub-mkrescue --diet" option; never merged upstream and only matters for floppies. Please let me know if you were using this. Explicitly use -no-pad to build grub-rescue-floppy.img, which has an equivalent effect on size. * Break lupin-support (<< 0.55) due to the rewrite of grub-install in C. * Remove build-dependency on autogen, no longer needed. * Compress GRUB files on grub-rescue-floppy.img using xz. * Build-depend on wamerican, newly required by the test suite. * Run tests with LC_CTYPE=C.UTF-8, so that grub-fs-tester can handle UTF-8 data correctly. * Update debian/legacy/update-grub to the version from grub 0.97-67. * Silence error message on initial installation when /etc/default/grub does not yet exist. * Add GRUB_RECOVERY_TITLE option, to allow the controversial "recovery mode" text to be customised (LP: #1240360). * Backport from upstream: - Sort gnumach kernels in version order (closes: #725451). * Move packaging to git, following upstream. Adjust Vcs-* fields. * Remove obsolete DM-Upload-Allowed field. * Merge (completely!) from Ubuntu: - Handle probing striped DM-RAID devices (thanks, Robert Collins; LP: #803658). - Unconditionally create grub.cfg on our EFI boot partition in Secure Boot mode; GRUB always needs some configuration in this case to find /boot/grub, since we can't modify the signed image at install time (Steve Langasek, LP: #1236625). - If MokManager is present on the host system, copy it onto the EFI boot partition for use (Steve Langasek). - Adjust UEFI installation to cope with Kubuntu setting GRUB_DISTRIBUTOR (LP: #1242417). - If building for Ubuntu: + Bypass menu unless other OSes are installed or Shift is pressed. + Show the boot menu if the previous boot failed. + Set GRUB_GFXPAYLOAD_LINUX=keep unless it's known to be unsupported on the current hardware. + Set vt.handoff=7 for smooth handoff to kernel graphical mode. + In recovery mode, add nomodeset to the Linux kernel arguments, and remove the 'set gfxpayload=keep' command. + Set default timeout to 10 seconds. + Enable hidden timeout support by default. - Migrate timeout settings from menu.lst. - Probe FusionIO devices (LP: #1237519). * Make grub.cfg world-unreadable if even hashed passwords are in use (closes: #632598). [ Colin Watson ] * Merge from Ubuntu: - debian/build-efi-images: Where possible, make use of the device path derived from the EFI Loaded Image Protocol to compute the prefix (LP: #1097570). - debian/build-efi-images: Add a netboot image target to our set of prebuilt EFI images (thanks, Steve Langasek). * Backport from upstream: - Handle partitions on non-512B EFI disks (LP: #1065281). [ Phillip Susi ] * restore_mkdevicemap.patch: Fix dmraid uuid check to look for "DMRAID-" anywhere instead of only at the start, since kpartx prefixes it with "partN-" (LP: #1183915). * Add gettext module to signed UEFI images (LP: #1104627). * Put the preprocessor definition for quiet-boot in the right place so that it actually takes effect. * Really include patches to reduce visual clutter in normal mode when building for Ubuntu. * Make reportbug script file robust against su authentication failures and missing LVM commands. * Backport from upstream: - Move @itemize after @subsection to satisfy texinfo-5.1. - grub-mkconfig: Fix detection of Emacs autosave files. - Fix spurious failure on Xen partition devices without disk devices (closes: #708614). * Merge from Ubuntu: - Treat Kubuntu as an alias for Ubuntu in GRUB_DISTRIBUTOR (Harald Sitter). - Make any EFI system boot into the shim (if installed) even if SecureBoot is disabled (Stphane Graber). - Allow Shift to interrupt 'sleep --interruptible'. - If building for Ubuntu: + Reduce visual clutter in normal mode. + Remove verbose messages printed before reading configuration. + Suppress kernel/initrd progress messages, except in recovery mode. + Suppress "GRUB loading" message unless Shift is held down. - Skip Windows os-prober entries on Wubi systems. * Consolidate debian/rules logic for when to build signed images. [ Colin Watson ] * Install reportbug presubj and script files in all binary packages. * Make grub-yeeloong.postinst explicitly install with --target=mipsel-loongson (closes: #708204). * Make grub-script-check fail on scripts containing no commands (closes: #713886). * Make the description of grub-firmware-qemu a little more generic, rather than assuming that bochsbios provides qemu's default BIOS image (closes: #714277). * Don't assume that the presence of /etc/default/grub or /etc/default/grub.d/*.cfg means that any particular item is set in it (LP: #1199731). [ Debconf translations ] * Hungarian (Dr. Nagy Elemr Kroly). * Merge from Ubuntu: - Don't call update-grub in the zz-update-grub kernel hook if /boot/grub/grub.cfg doesn't exist. - acpihalt: expand parser to handle SSDTs and some more opcodes. Fixes test suite hang with current seabios. * Remove kernel-specific grub.d conffiles that were dropped from packages built for all but their corresponding kernel type in 1.96+20090307-1 (closes: #703539). * Look for grub-bios-setup in /usr/lib/grub/i386-pc/ as well (closes: #705636). * Merge 1.99-27.1 (thanks, Steve McIntyre): - Add entries for Windows Boot Manager found via UEFI in os-prober (closes: #698914). * Backport from upstream: - Fix booting FreeBSD >= 9.1 amd64 kernels (closes: #699002). * Merge from Ubuntu: - Stop using the /usr/share/images/desktop-base/desktop-grub.png alternative as the fallback background if GRUB_DISTRIBUTOR is "Ubuntu". - source_grub2.py: Use attach_default_grub from apport's hookutils. - Output a menu entry for firmware setup on UEFI FastBoot systems. - Set a monochromatic theme and an appropriate background for Ubuntu. - Remove "GNU/Linux" from default distributor string for Ubuntu. - Apply Ubuntu GRUB Legacy changes to legacy update-grub script. - Apply patch from Fedora to add a "linuxefi" loader which boots kernels with EFI handover patches, avoiding ExitBootServices. - Temporarily make linuxefi refuse to validate kernels in the absence of a shim, until we get some other details worked out. - Automatically call linuxefi from linux if secure boot is enabled and the kernel is signed, to hand over to the kernel without calling ExitBootServices. Otherwise, linux will fall through to previous code, call ExitBootServices itself, and boot the kernel normally. - Generate configuration for signed UEFI kernels if available. - On Ubuntu amd64, add a raw-uefi custom upload tarball for signing. - Install signed images if available and UEFI Secure Boot is enabled. - Add "splash" to default boot options on Ubuntu. * Silence output from running-in-container. * Also skip update-grub when running in a container (LP: #1060404). [ Adam Conrad ] * debian/{postinst,config}.in: Don't fail if /etc/default/grub.d configuration snippets exist, but /etc/default/grub does not. [ Colin Watson ] * Merge wheezy branch up to 1.99-27, fixing overzealous removal of load_video call when GRUB_GFXPAYLOAD_LINUX is empty (closes: #661789). * Merge from Ubuntu: - If the postinst is running in a container, skip grub-install and all its associated questions (LP: #1060404). - Fix backslash-escaping in merge_debconf_into_conf (LP: #448413). Note that this differs slightly from the fix in Ubuntu, which corrected behaviour when amending an existing configuration item but accidentally over-escaped when adding a new one. - Replace "single" with "recovery" when friendly-recovery is installed (LP: #575469). - Adjust versions of grub-doc and grub-legacy-doc conflicts to tolerate Ubuntu's backport of the grub-doc split (LP: #493968). * Support parallel builds. * Remove /boot/grub/unicode.pf2 on purge of grub-efi-{amd64,i386} (closes: #697183). * Build with GCC 4.7. * Merge from Ubuntu: - Don't permit loading modules on UEFI Secure Boot (since in such a setup the GRUB core image must be signed but it has no provision for verifying module signatures). - Read /etc/default/grub.d/*.cfg after /etc/default/grub (LP: #901600). - Blacklist 1440x900x32 from VBE preferred mode handling until a better solution is available (LP: #701111). * Ensure /boot/grub exists before copying files to it for EFI installs (closes: #696962). * debian/apport/source_grub2.py: - Use context managers to avoid (harmless) file descriptor leaks. - Set a file encoding, per PEP 0263. * Drop grub-ieee1275-bin's dependency on bc in favour of powerpc-ibm-utils (>= 1.2.12-1) (cf. #625728). * Move powerpc-ibm-utils and powerpc-utils dependencies from grub-ieee1275-bin to grub-ieee1275 (closes: #693400). * Merge from Ubuntu: - Ignore symlink traversal failures in grub-mount readdir (LP: #1051306). - Fix incorrect initrd minimum address calculation (LP: #1055686). - Avoid assuming that gets is declared. * Copy unicode.pf2 to /boot/grub/ for EFI installs so that it is more likely to be readable by GRUB (closes: #661789). * Backport from upstream: - Fix stderr leakage from grub-probe in is_path_readable_by_grub. - Fix tftp endianness problem. * Merge from Ubuntu: - Prefer translations from language packs (LP: #537998). (No-op for Debian, but harmless.) - Avoid getting confused by inaccessible loop device backing paths (LP: #938724). [ Colin Watson ] * Adjust package descriptions to talk about update-grub, not update-grub2. * Backport from upstream: - Fix grub-emu build on FreeBSD. * Revert gcc-4.6-multilib build-dependency change from 2.00-1, since kfreebsd-i386 and hurd-i386 don't have gcc-4.6-multilib. Instead, make sure to only install efiemu32.o and efiemu64.o on (linux-)i386, kopensolaris-i386, and any-amd64. * Manually expand @PACKAGE@ symbols in grub-efi.postinst (closes: #688725), grub-linuxbios.postinst (closes: #688726), and grub2.postinst (closes: #688724). [ Debconf translations ] * Lithuanian (Rimas Kudelis). Closes: #675628 * Galician (Jorge Barreiro). Closes: #677389 * Welsh (Daffyd Tomos). * Greek (galaxico). Closes: #685201 * Romanian (Andrei POPESCU). Closes: #685477 * Finnish (Timo Jyrinki). [ Cyril Brulebois ] * Use xz compression for all binaries to save up some space on CD images (closes: #688773). * Backport from upstream: - Remove extra layer of escaping from grub_probe. - Add efifwsetup module to reboot into firmware setup menu. - Revert incorrect off-by-one fix when embedding in MBR (LP: #1051154). * Switch watch file to point to ftp.gnu.org. * Build-depend on liblzma-dev, enabling 'grub-mkimage -C xz'. * Adjust /etc/grub.d/30_os-prober to detect Ubuntu's use of "recovery" rather than "single". * Fix platform postinsts to handle new core.img location. * Only fix up powerpc key repeat on IEEE1275 machines. Fixes powerpc-emu compilation. * Move grub-install to grub2-common, since it's now common across platforms but clashes with grub-legacy. * Move grub-mknetdir to grub-common, since it's now common across platforms. * Make grub-install fall back to i386-pc if booted using EFI but the relevant *-efi target is not available (because only grub-pc is installed). * Use dh-autoreconf. * Bail out if trying to run grub-mkconfig during upgrade to 2.00 (e.g. while configuring a kernel image), since the old /etc/grub.d/00_header conffile breaks until such time as grub-common is configured. * Add -Wno-error=unused-result to HOST_CFLAGS for the moment, since at least grub-core/lib/crypto.c fails to compile on Ubuntu otherwise. * Update default/grub.md5sum to include Ubuntu maverick's default md5sum. * Autogenerate packaging files for grub-emu, in order that its postinst does not contain unexpanded @PACKAGE@ symbols. * Only try to install efiemu*.o into grub-emu on *-i386. [ Jordi Mallach, Colin Watson ] * New upstream release. - Add LUKS and GELI encrypted disk support (closes: #463107). - Lazy scanning to avoid accessing devices which aren't really used. This avoids boot delay due to slow device scanning (closes: #549905, #550015, #550083, #564252, #595059, #632408). - Don't override more informative errors when loading kernel/initrd (closes: #551630). - Support 4K-sector NTFS (closes: #567728). - Unify grub-mkrescue interface on powerpc with that on other architectures (closes: #570119). - Fix infinite recursion in gettext when translation fails (closes: #611537, #612454, #616487, #619618, #626853, #643608). - Add more missing quotes to grub-mkconfig (closes: #612417). - Import gnulib change to fix argp_help segfault with help filter (closes: #612692). - Support %1$d syntax in grub_printf (closes: #630647). - Use write-combining MTRR to speed up video with buggy BIOSes (closes: #630926). - Remove multiboot header from PXE images to avoid confusing ipxe (closes: #635877). - Fix crash when attempting to install to a non-BIOS disk (closes: #637208). - Fix handling of grub-mkrescue --xorriso= option (closes: #646788). - Use umask rather than chmod to create grub.cfg.new to avoid insecure grub.cfg (closes: #654599). - Improve font installation logic (closes: #654645). - Add grub-probe info documentation (closes: #666031). - Don't crash on canonicalize_file_name failure in grub-probe (closes: #677211). [ Colin Watson ] * Adjust debian/watch to point to xz-compressed tarballs. * debian/grub.d/05_debian_theme: Source grub-mkconfig_lib from /usr/share/grub, not the /usr/lib/grub compatibility link. * Convert to source format 3.0 (quilt). Developers, note that patches are stored applied in bzr; you may want to 'quilt pop -a' / 'quilt push -a' around merges. * Remove pointless debian/grub-mount-udeb.install.hurd-i386; grub-mount-udeb is not built on the Hurd. * Refactor debian/grub-common.install.hurd-i386 into .in files so that it imposes less of a maintenance burden. * Restore grub-mkdevicemap for now. While it's kind of a mess, requiring lots of OS-specific code to iterate over all possible devices, we use it in a number of scripts to discover devices and reimplementing those in terms of something else would be very complicated. * Add grub-efi-ia64-bin and grub-efi-ia64 packages. These are currently experimental, and grub-efi-ia64 does not automatically run grub-install. * Build-depend on gcc-4.6-multilib on kfreebsd-i386 and hurd-i386 as well as the other i386 architectures, since we need it to build efiemu32.o and efiemu64.o. * Add per-platform *-dbg packages containing files needed to use GRUB's GDB stub. These are relatively large and thus worth splitting out. * Build-depend on ttf-dejavu-core for the starfield theme. * Add a grub-theme-starfield package containing the starfield theme. * Backport from upstream: - Don't decrease efi_mmap_size (LP: #1046429). * grub-common Suggests: console-setup for grub-kbdcomp (closes: #686815). * Silence error messages when translations are unavailable. * Don't pass *.module to dpkg-shlibdeps, avoiding lots of build-time warnings. * Move transitional package to Section: oldlibs. * Acknowledge NMU (closes: #676609). [ Debconf translations ] * Lithuanian (Rimas Kudelis). Closes: #675628 * Galician (Jorge Barreiro). Closes: #677389 * Welsh (Daffyd Tomos). * Greek (galaxico). Closes: #685201 * Romanian (Andrei POPESCU). Closes: #685477 * Finnish (Timo Jyrinki). * NMU * Add entries for Windows Boot Manager found via UEFI in os-prober. Closes: #698914 before the Wheezy release. * Amend gfxpayload_keep_default.patch to no longer remove the call to load_video when GRUB_GFXPAYLOAD_LINUX is empty (closes: #661789). * Remove /boot/grub/unicode.pf2 on purge of grub-efi-{amd64,i386} (closes: #697183). * Ensure /boot/grub exists before copying files to it for EFI installs (closes: #696962). * Acknowledge NMU with thanks. * Fix namespace of EFI boot failure patch file added in NMU. * Copy unicode.pf2 to /boot/grub/ for EFI installs so that it is more likely to be readable by GRUB (closes: #661789). * Fix infinite recursion in gettext when translation fails (closes: #611537, #612454, #616487, #619618, #626853, #643608). * Fix grammar in Finnish translation (closes: #687681). * Non-maintainer upload. * Apply Ubuntu patch fixing some EFI boot failures (closes: #687320) - Thanks to Colin Watson. [ Debconf translations ] * Lithuanian (Rimas Kudelis). Closes: #675628 * Galician (Jorge Barreiro). Closes: #677389 * Welsh (Daffyd Tomos). * Greek (galaxico). Closes: #685201 * Romanian (Andrei POPESCU). Closes: #685477 * Finnish (Timo Jyrinki). [ Cyril Brulebois ] * Use xz compression for all binaries to save up some space on CD images (closes: #688773). [ Colin Watson ] * Autogenerate packaging files for grub-emu (closes: #688727), in order that its postinst does not contain unexpanded @PACKAGE@ symbols. * Manually expand @PACKAGE@ symbols in grub-efi.postinst (closes: #688725), grub-linuxbios.postinst (closes: #688726), and grub2.postinst (closes: #688724). * Non-maintainer upload. * Apply upstream patches for hurd-i386: - Test inode number (Closes: #634799). - Disable zfs code on GNU/Hurd (Closes: #670069). - Add userland partition support (Closes: #670186). * Fix packages build without libfuse (Closes: #670189). [ Debconf translations ] * Khmer added (Khoem Sokhem) * Slovenian (Vanja Cvelbar). Closes: #670616 * Traditional Chinese (Vincent Chen). * Vietnamese (Hai Lang). * Marathi (Sampada Nakhare) * Finnish (Timo Jyrinki). Closes: #673976 * Latvian (Rdolfs Mazurs). Closes: #674697 [ Colin Watson ] * Make apport hook compatible with Python 3. * Add upstream r3476 (fix memory leak in grub_disk_read_small) to 4k_sectors.patch, otherwise the larger disk cache due to efi_disk_cache.patch can cause EFI systems to run out of memory. * Backport from upstream: - Fix hook calling for unaligned segments (closes: #666992, LP: #972250). * Backport kFreeBSD support from upstream to 4k_sectors.patch. [ Colin Watson ] * Add grub-probe to grub-mount-udeb (LP: #963471). * Backport from upstream: - Restore CFLAGS after efiemu check (closes: #665772). - Include __ctzdi2 and __ctzsi2 from libgcc if present (closes: #665993). - Support non-512B sectors and agglomerate reads. [ Debconf translations ] * Croatian (Tomislav Krznar). [ Colin Watson ] * Ensure that /sbin and /usr/sbin are in $PATH when running tests (closes: #662916). * mkconfig_loopback.patch: Use different GRUB loop devices for different OS loop devices (thanks, bcbc; LP: #888281). * Backport from upstream: - Add support for LZO compression in btrfs (LP: #727535). - Fix efiemu configure check. [ Ilya Yanok ] * Backport from upstream: - Make FAT UUID uppercase to match Linux (LP: #948716). [ Debconf translations ] * Norwegian Bokml (Hans Fredrik Nordhaug). * Gujarati (Kartik Mistry). Closes: #663542 * efi_disk_cache.patch: Fix incorrect GRUB_DISK_CACHE_BITS (LP: #944347). * Backport from upstream: - Build with -fno-asynchronous-unwind-tables to save space (closes: #662787). [ Adam Conrad ] * grub.cfg_400.patch: Redirect grep stdout to /dev/null since grub-mkconfig is "exec > grub.cfg.new", which causes grep's input and output to be the same FD (LP: #934269) (closes: #652972) * efi_disk_cache.patch: Bump the disk cache on EFI systems to dramatically reduce load times for vmlinux/initrd (LP: #944347) [ Colin Watson ] * no_libzfs.patch: Use xasprintf rather than asprintf. * Backport from upstream: - Rewrite XFS btree parsing; fixes invalid BMAP (closes: #657776). - Handle newer autotools, and add some missing quotes in the process. (Note that this moves grub-mkconfig_lib and update-grub_lib to /usr/share/grub; I added links in /usr/lib/grub for compatibility.) - Fix incorrect identifiers in bash-completion (closes: #661415). - Add support for GRUB_CMDLINE_GNUMACH (closes: #660493). * Build with GCC 4.6 (closes: #654727). [ Debconf translations ] * Dutch (Jeroen Schot). Closes: #651275 * Bulgarian (Damyan Ivanov). Closes: #653356 * Icelandic (Sveinn Felli). * Ukrainian (Yatsenko Alexandr). Closes: #654294 * Italian (Luca Monducci). Closes: #654304 * Thai (Theppitak Karoonboonyanan). Closes: #656551 * Uyghur (Abduqadir Abliz) * Indonesian (Mahyuddin Susanto). Closes: #656705 * Hebrew (Omer Zak). Closes: #656852 * Turkish (Atila KO). Closes: #656907 * Polish (Micha Kuach). Closes: #657265 * Asturian (Mikel Gonzlez). * Dzongkha (Dawa Pemo) * Tamil (Dr.T.Vasudevan). * Belarusian (Viktar Siarhiejczyk). Closes: #662615 * Rewrite no_libzfs.patch using a different approach. (Closes: #648539) [ Debconf translations ] * Portuguese (Miguel Figueiredo). Closes: #641226 * German (Martin Eberhard Schauer). Closes: #641630 * Sinhala (Danishka Navin). Closes: #644080 * Uyghur (Gheyret Tohti). Closes: #627011 [ Robert Millan ] * LVM support for GNU/kFreeBSD. - kfreebsd_lvm.patch * Cherry-pick several ZFS updates from upstream Bazaar. - zfs_update.patch * Build without libzfs. [ Robert Millan ] * Fix grub-probe detection for LSI MegaRAID SAS devices on kFreeBSD. - kfreebsd_mfi_devices.patch [ Colin Watson ] * Backport from upstream: - Canonicalise the path argument to grub-probe (closes: #637768). - Skip */README* as well as README* (LP: #537123). * Backport from upstream: - Honour GRUB_CMDLINE_LINUX_XEN_REPLACE and GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT, which replace GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT (complementing the existing options which append; closes: #617538). * Mark la_array as packed. - zfs_packed_la_array.patch [ Colin Watson ] * Adjust apport hook to attach /boot/grub/device.map if it exists. * Fix regression in gfxterm background_color handling. * Improve detection of invalid shell syntax in apport hook. [ Debconf translations ] * Esperanto (Felipe E. F. de Castro). Closes: #632157 * Slovak (Slavko). [ Robert Millan ] * Enable grub-mount on kfreebsd-any. * Build grub-mount-udeb on kfreebsd-i386 and kfreebsd-amd64. [ Robert Millan ] * Avoid buggy versions of libgeom-dev (see #630107). Closes: #630197 * Fix grub-probe detection for ATA devices using `ata' driver on kFreeBSD 9. - kfreebsd-9_ada_devices.patch [ Colin Watson ] * Update ntldr-img from grub-extras: - Handle ext3 inode sizes other than 128. [ Debconf translations ] * Kazakh (Baurzhan Muftakhidinov). Closes: #630915 [ Debconf translations ] * Basque (Iaki Larraaga Murgoitio). Closes: #628716 * Swedish (Martin Bagge / brother). Closes: #628866 * Czech (Miroslav Kure). Closes: #628978 * Brazilian Portuguese (Flamarion Jorge). Closes: #629135 * Spanish (Francisco Javier Cuadrado). Closes: #629633 [ Colin Watson ] * Cope with btrfs / inside an encrypted block device (thanks, alexeagar; LP: #757631). * Merge from Ubuntu: - Give up scanning partitions after ten consecutive open failures (LP: #787461). [ Colin Watson ] * Update Vcs-* fields for Alioth changes. * Backport from upstream, removing the need for Breaks: udev (<< 168-1): - Don't stat devices unless we have to. [ Debconf translations ] * Catalan (Jordi Mallach). * Farsi (Behrad Eslamifar). Closes: #628648 [ Colin Watson ] * Change grub2/linux_cmdline and grub2/kfreebsd_cmdline descriptions to indicate that the command line is allowed to be empty, since this is a common source of confusion (thanks, Jordan Uggla). * On non-Ubuntu-derived systems, add Breaks: udev (<< 168-1) to grub-common, for the sake of (some?) users without initrds (closes: #627587). [ Debconf translations ] * French (Christian Perrier) * Russian (Yuri Kozlov). Closes: #628196 * Simplified Chinese (YunQiang Su). Closes: #628210 * Japanese (Hideki Yamane). Closes: #628382 * Danish (Joe Hansen). Closes: #628427 * Make grub--bin packages depend on grub-common rather than grub2-common, and add grub2-common dependencies to grub-. This ensures that grub--bin packages are coinstallable with grub-legacy, making it easier to use them as build-dependencies. * Stop trying to install the non-existent grub-ofpathname(8) on sparc for now. It will exist in the next upstream snapshot. * Ship grub-mkrescue on non-Linux amd64/i386 architectures. * Don't try to ship grub-mkrescue on sparc. * Drop boot_blocklist_hack.patch, fixed differently upstream some time ago by being smarter about filesystem-root-relative path conversion. * Include both old and new Lintian override styles for statically-linked-binary tag, since ftp-master has not yet been updated to 2.5.0~rc1. * New upstream release. - Ensure uniqueness of RAID array numbers even if some elements have a name (closes: #609804). - Remove unnecessary brackets from tr arguments (closes: #612564). - Add grub-mkrescue info documentation (closes: #612585). - Avoid generating invalid configuration when something that looks like a Xen hypervisor is present without any Xen kernels (closes: #612898). - Fix memory alignment when calling 'linux' multiple times on EFI (closes: #616638). - Fix grub-install on amd64 EFI systems (closes: #617388). - Automatically export pager variable (closes: #612995). - Fix parser error with "time" (closes: #612991). - Ignore case of bitmap extensions (closes: #611123). - Skip vmlinux-* on x86 platforms (closes: #536846, #546008). - Accept old-style Xen kernels (closes: #610428). - Skip damaged LVM volumes (closes: #544731). - Handle LVM mirroring (closes: #598441). - Detect spares and report them as not RAID members (closes: #611561). - Don't enable localisation unless gfxterm is available (closes: #604609). - Fix partitioned RAID support (closes: #595071, #613444). - Dynamically count the number of lines for the lower banner (closes: #606494). - Improve quoting in grub-mkconfig, to support background image file names containing spaces (closes: #612417). - Flush BIOS disk devices more accurately (closes: #623124). - Identify RAID devices by their UUID rather than by their guessed name (closes: #624232). - Add "SEE ALSO" sections to most man pages (closes: #551428). [ Christian Perrier ] * Drop extra word in French debconf translation. Thanks to David Prvt. * Fix spelling error in French debconf translation. Thanks to David Prvt. [ Colin Watson ] * Set PACKAGE_VERSION and PACKAGE_STRING using configure arguments rather than sedding configure.ac in debian/rules (which sometimes has annoying interactions with quilt, etc.). * Update branch_embed-sectors.patch: - Detect sector used by HighPoint RAID controller (closes: #394868). * Add debian/README.source (from quilt). * Make debian/rules more explicit about when autogen.sh is run. We need to be careful that all full builds run it, since we use GRUB extras. * Merge from Ubuntu: - Handle filesystems loop-mounted on file images. - On Wubi, don't ask for an install device, but just update wubildr using the diverted grub-install. - Add grub-mount-udeb, containing just grub-mount. This can be used by os-prober and other parts of d-i. - Artificially bump Replaces: grub-common versioning to account for grub-reboot/grub-set-default movement in Ubuntu. * Don't do a separate build pass for grub-common. It will be identical to the build for the default platform for the CPU architecture anyway, so reuse that. * Build with GCC 4.5 on all architectures. * Update Lintian overrides for changes in Lintian 2.5.0~rc1. * Invert how files are split among binary packages: rather than code in debian/rules to remove files we don't want, add dh_install configuration to declare the files we do want. This means a little more repetition for platform-specific programs, but it seems less confusing and easier to extend. * Drop versioned dependencies on base-files. GPL-3 has been there for two Debian releases now, and the dependency was never upgrade-critical anyway. * Create grub2-common package containing files that are common among GRUB platform packages but that would break GRUB Legacy, or that are too confusing when coinstalled with GRUB Legacy (closes: #564167). * Drop conflict on an ancient (pre-lenny/hardy) version of desktop-base. * Move /etc/grub.d/05_debian_theme to grub-common, to go with the other /etc/grub.d/* files. * Drop redundant Suggests: os-prober from several platform packages, as grub-common already Recommends: os-prober. * Create grub--bin packages corresponding to all grub- packages (except for grub-emu). These do not automatically install the boot loader or update grub.cfg, and they install their binaries to /usr/lib/grub/-/; this means that they can be installed in parallel, making it easier to use them to build GRUB-based disk images (e.g. d-i). The grub- packages now depend on these and include symlinks, so their behaviour will remain as before. * Make grub-emu depend on grub-common. * Make the documentation directory in most binary packages be a symlink to that in grub-common. * Drop lenny compatibility from grub2-common's dpkg/install-info dependency, since it produces a Lintian warning and using the current packaging on lenny is probably rather a stretch anyway. [ Updated translations ] * Belarusian (Viktar Siarheichyk). Closes: #606864 * Danish (Joe Hansen). Closes: #606879 * Romanian (Andrei POPESCU). Closes: #606888 * Italian (Luca Monducci). Closes: #606891 * Brazilian Portuguese (Flamarion Jorge). Closes: #610613 * Greek (Emmanuel Galatoulas). Closes: #604847 * Cherry-pick from upstream: - Use correct limits for mips initrd. * Run grub-install on install or upgrade of grub-yeeloong. * Update branch_fuse.patch: - Tell FUSE to run single-threaded, since GRUB code is not thread-safe (LP: #756297). * Update branch_butter.patch: - Fix filename comparison. - Take extent offset in account on uncompressed extents. - Use filled extent size if available. * Allow use of first sector on btrfs (LP: #757446). * Merge from Ubuntu: - Build part_msdos and vfat into EFI boot images (LP: #677758). * Update branch_fuse.patch: - Make grub-mount exit non-zero if opening the device or filesystem fails. - Translate GRUB error codes into OS error codes for FUSE (LP: #756456). * Merge from Ubuntu: - Fix use of freed memory when replacing existing loopback device (LP: #742967). * Update branch_butter.patch, fixing RAID1/duplicated chunk size calculation (thanks, Vladimir Serbinenko; LP: #732149). * Update branch_parse-color.patch, to blend text when any background is set as opposed to only when a stretched background is set (closes: #613120). * Make update-grub2 a symlink to update-grub, rather than bothering with a wrapper script. * Cherry-pick from upstream: - Check RAID superblock offset (closes: #610184). - Flush buffer cache on close and not on open (closes: #620663). - Handle special naming of yeeloong directory (closes: #620420). * Add grub-mount utility, from the upstream 'fuse' branch. * efibootmgr is only available on Linux architectures, so only make grub-efi-ia32 and grub-efi-amd64 depend on it on Linux. * Cherry-pick from upstream: - Fix FreeBSD compilation problem. * Add /proc/mdstat, LVM information, and listings of /dev/disk/by-id/ and /dev/disk/by-uuid/ to bug reports, by request of upstream. * Cherry-pick from upstream: - Use libgeom on FreeBSD to detect partitions (closes: #612128). - Copy the partition table zone if floppy support is disabled, even if no partition table is found (LP: #741867). - Fix an ext2 overflow affecting inodes past 2TiB. - Fix RAID-0 disk size calculation for metadata 1.x (LP: #743136). * Merge from Ubuntu: - Build with gcc-4.5 on ppc64. - Add apport hook for ProblemType = 'Package', thanks to Jean-Baptiste Lallement (LP: #591753). * Cherry-pick from upstream: - Fix crash when extending menu entry line beyond 79 characters (closes: #615893). - Account for FreeBSD module headers when calculating allocation size. - Switch back to framebuffer page zero before loading the kernel (thanks, Felix Kuehling). * Merge from Ubuntu: - If we're upgrading and /boot/grub/core.img doesn't exist, then don't ask where to install GRUB, since it probably means we're in some kind of specialised environment such as a live USB stick (LP: #591202). - Drop the default priority of grub2/linux_cmdline to medium. We only need to ask it if we're upgrading from GRUB Legacy and found an empty kopt in menu.lst (LP: #591202). * Update branch_embed-sectors.patch, avoiding consuming lots of space and time if the first partition is not near the start of the disk (closes: #619458, LP: #691569). * Update debian/legacy/update-grub to the version from grub 0.97-65. * Mark binary packages as Multi-Arch: foreign (for example, an amd64 kernel installed on an i386 system could use the native architecture's GRUB). * Rewrite find_root_device_from_mountinfo to cope with move-mounts (LP: #738345). [ Updated translations ] * Esperanto (Felipe Castro). Closes: #606524 * Thai (Theppitak Karoonboonyanan). Closes: #607706 * Don't touch /boot/grub/grub2-installed if using the --root-directory option to grub-install (thanks, Nicolas George; closes: #614927). * Update branch_devmapper.patch, adding partitioned MD RAID support (untested) and support for probing multipath disks. * Update ntldr-img from grub-extras: - Only call ntfs_fix_mmft if the attribute to find is AT_DATA. This matches GRUB's NTFS module. - Install grubinst as grub-ntldr-img. * Fix loading GRUB from lnxboot (LP: #693671). * Update branch_embed-sectors.patch to avoid straying into first partition when embedding-area sectors are in use (closes: #613409, LP: #730225). * Build for ppc64 (except for grub-emu, which doesn't build cleanly yet). * Suppress output from debconf-communicate in upgrade-from-grub-legacy. * Refer to the info documentation at the top of /etc/default/grub (closes: #612538). * We need at least freebsd-utils (>= 8.0-4) on kFreeBSD architectures for camcontrol, so depend on it. * Tolerate camcontrol failing to read capacity of IDE devices, until such time as we know how to do this properly (see #612128). * Adjust /etc/default/grub for rename of GRUB_DISABLE_LINUX_RECOVERY to GRUB_DISABLE_RECOVERY (closes: #612777). * Update ntldr-img from grub-extras: - Install g2hdr.bin and g2ldr.mbr (closes: #613245). * Merge 1.98+20100804-13 and 1.98+20100804-14, updating translations: - Kazakh (Baurzhan Muftakhidinov / Timur Birsh). * mkconfig_skip_dmcrypt.patch: Refer to GRUB_PRELOAD_MODULES rather than suggesting people write a /etc/grub.d/01_modules script (thanks, Jordan Uggla). * Handle empty dir passed to grub_find_root_device_from_mountinfo; fixes grub-mkrelpath on btrfs subvolumes (LP: #712029). * Add rootflags=subvol= if / is on a btrfs subvolume (LP: #712029). * Upload to unstable. [ Colin Watson ] * New upstream release candidate. [ Alexander Kurtz ] * 05_debian_theme: - If we find a background image and no colours were specified, use upstream defaults for color_normal and color_highlight rather than setting color_normal to black/black. - Make the code more readable by replacing code for handling alternatives. - Make the code for searching for pictures in /boot/grub more readable and robust (for example against newlines in the filename). - Don't try the other alternatives when $GRUB_BACKGROUND is set; you can now add GRUB_BACKGROUND= to /etc/default/grub to force no background image (closes: #608263). * New Bazaar snapshot. - Disable ieee1275_fb on sparc (closes: #560823). - Fix pf2 font generation on big-endian platforms (closes: #609818). * branch_butter.patch: Resolve the device returned by grub_find_root_device_from_mountinfo or find_root_device_from_libzfs using grub_find_device (closes: #609590, #609814, LP: #700147). * New Bazaar snapshot. - Don't check amount of low memory, as reportedly INT 12h can be broken and if low memory is too low we wouldn't have gotten into grub_machine_init anyway (closes: #588293, LP: #513528). - Submenu default support (LP: #691878). - Fix optimisation-dependent grub-mklayout crash (closes: #609584). * branch_butter.patch: Don't free an uninitialised pointer if /proc is unmounted (LP: #697493). * Add a po/LINGUAS file listing the translations we've synced from the TP (closes: #609671). * New Bazaar snapshot. - Check that named RAID array devices exist before using them (closes: #606035). - Clear terminfo output on initialisation (closes: #569678). - Fix grub-probe when btrfs is on / without a separate /boot. * Support long command lines as per the 2.06 Linux boot protocol, from the upstream 'longlinuxcmd' branch. * Add a background_color command, from the upstream 'parse-color' branch. * Update branch_devmapper.patch, adding a #include to fix a build failure on Ubuntu amd64. * When embedding the core image in a post-MBR gap, check for and avoid sectors matching any of a number of known signatures, from the upstream 'embed-sectors' branch. * New Bazaar snapshot. - Don't emit drivemap directive for Windows Server 2008 (closes: #607687). - Don't add spurious RAID array members (closes: #605357). - Improve presentation of Xen menu entries (closes: #607867). - Fix PCI probing hangs by skipping remaining functions on devices that do not implement function 0 (closes: #594967). - Fix typo in descriptions of extract_legacy_entries_source and extract_legacy_entries_configfile (LP: #696721). * Merge 1.98+20100804-12: - Use semicolons rather than commas to separate size from model in debconf disk and partition descriptions. * Add full btrfs support, from the upstream 'butter' branch. * Support partitioned loop devices and improve devmapper support, from the upstream 'devmapper' branch. * Add squashfs 4 support, from the upstream 'squash' branch. * New Bazaar snapshot. - Initialise next pointer when creating multiboot module (closes: #605567). - Fix gettext quoting to work with bash as /bin/sh, and make echo UTF-8-clean so that (at least) Catalan boot messages are displayed properly (closes: #605615). - Fix use of uninitialised memory in Reed-Solomon recovery code (LP: #686705). * Automatically remove MD devices from device.map on upgrade, since the BIOS cannot read from these and including them in device.map will break GRUB's ability to read from such devices (LP: #690030). * Merge 1.98+20100804-9, 1.98+20100804-10, and 1.98+20100804-11: - Apply debconf template review by debian-l10n-english and mark several more strings for translation, thanks to David Prvot and Justin B Rye. - Incorporate rewritten 05_debian_theme by Alexander Kurtz, which works when /usr is inaccessible by GRUB. * New Bazaar snapshot. - ZFS moved into grub-core. - Extend gettext to fall back from ll_CC to ll, and set lang to include country part by default so that Chinese works (LP: #686788). * Remove grub-mknetdir from grub-emu. * Exit silently from zz-update-grub kernel hook if update-grub does not exist (e.g. if grub-pc has been removed but not purged; closes: #606184). * New Bazaar snapshot (mipsel build fix, LVM-on-RAID probing fix). * Fix comma-separation in handling of grub-pc/install_devices. * New Bazaar snapshot (command priorities, build fixes, grub-mkdevicemap segfault). * Don't try to build grub-efi-amd64 on kfreebsd-i386 or hurd-i386 (requires gcc-4.4-multilib). * New Bazaar snapshot (build fixes). * Build-depend on qemu-utils and parted on non-Hurd architectures. * qemu_img_exists.patch: Skip partmap test if qemu-img doesn't exist (as is the case on the Hurd). * Make grub-efi-ia32 and grub-efi-amd64 depend on efibootmgr so that grub-install works properly. * Upgrade the installed core image when upgrading grub-efi-ia32 or grub-efi-amd64, although only if /boot/efi/EFI/ (where is an identifier based on GRUB_DISTRIBUTOR, e.g. 'debian') already exists. * Re-expand a couple of dpkg architecture wildcards to exclude certain special cases: gcc-4.4-multilib is not available on kfreebsd-i386 or hurd-i386, and qemu-system is not available on hurd-i386. [ Colin Watson ] * New Bazaar snapshot. Too many changes to list in full, but some of the more user-visible ones are as follows: - GRUB script: + Function parameters, "break", "continue", "shift", "setparams", "return", and "!". + "export" command supports multiple variable names. + Multi-line quoted strings support. + Wildcard expansion. - sendkey support. - USB hotunplugging and USB serial support. - Rename CD-ROM to cd on BIOS. - Add new --boot-directory option to grub-install, grub-reboot, and grub-set-default; the old --root-directory option is still accepted but was often confusing. - Basic btrfs detection/UUID support (but no file reading yet). - bash-completion for utilities. - If a device is listed in device.map, always assume that it is BIOS-visible rather than using extra layers such as LVM or RAID. - Add grub-mknetdir script (closes: #550658). - Remove deprecated "root" command. - Handle RAID devices containing virtio components. - GRUB Legacy configuration file support (via grub-menulst2cfg). - Keyboard layout support (via grub-mklayout and grub-kbdcomp). - Check generated grub.cfg for syntax errors before saving. - Pause execution for at most ten seconds if any errors are displayed, so that the user has a chance to see them. - Support submenus. - Write embedding zone using Reed-Solomon, so that it's robust against being partially overwritten (closes: #550702, #591416, #593347). - GRUB_DISABLE_LINUX_RECOVERY and GRUB_DISABLE_NETBSD_RECOVERY merged into a single GRUB_DISABLE_RECOVERY variable. - Fix loader memory allocation failure (closes: #551627). - Don't call savedefault on recovery entries (closes: #589325). - Support triple-indirect blocks on ext2 (closes: #543924). - Recognise DDF1 fake RAID (closes: #603354). [ Robert Millan ] * Use dpkg architecture wildcards. [ Updated translations ] * Slovenian (Vanja Cvelbar). Closes: #604003 * Dzongkha (dawa pemo via Tenzin Dendup). Closes: #604102 [ Updated translations ] * Kazakh (Baurzhan Muftakhidinov / Timur Birsh). Closes: #609187 [ Alexander Kurtz ] * 05_debian_theme: - If we find a background image and no colours were specified, use upstream defaults for color_normal and color_highlight rather than setting color_normal to black/black. - Don't try the other alternatives when $GRUB_BACKGROUND is set; you can now add GRUB_BACKGROUND= to /etc/default/grub to force no background image (closes: #608263). * Backport from upstream: - Don't add spurious RAID array members (closes: #605357). * Backport from upstream: - Support big ext2 files (closes: #543924). - Fix gettext quoting to work with bash as /bin/sh, and make echo UTF-8-clean so that (at least) Catalan boot messages are displayed properly (closes: #605615). - Initialise next pointer when creating multiboot module (closes: #605567). - Fix PCI probing hangs by skipping remaining functions on devices that do not implement function 0 (closes: #594967). * Use semicolons rather than commas to separate size from model in debconf disk and partition descriptions; commas are too easily confused with the multiselect choice separator, and in particular make it impossible to answer questions properly in the editor frontend (closes: #608449). Unfuzzy all translations where possible. * Exit silently from zz-update-grub kernel hook if update-grub does not exist (e.g. if grub-pc has been removed but not purged; closes: #606184). * Apply debconf template review by debian-l10n-english and mark several more strings for translation, thanks to David Prvot and Justin B Rye (closes: #605748). * Unfuzzy some translations that were not updated in this round (thanks, David Prvot; closes: #606921). * Incorporate rewritten 05_debian_theme by Alexander Kurtz, which works when /usr is inaccessible by GRUB (closes: #605705). * Backport from upstream: - Recognise DDF1 DM-RAID (closes: #603354). [ Updated translations ] * Chinese (YunQiang Su). Closes: #606426 * Indonesian (Arief S Fitrianto). Closes: #606431 * Slovenian (Vanja Cvelbar). Closes: #606445 * Swedish (Martin Bagge / brother). Closes: #606455 * Ukrainian (Yatsenko Alexandr). Closes: #606538 * Basque (Iaki Larraaga Murgoitio). Closes: #606644 * Slovak (Slavko). Closes: #606663 * Catalan (Jordi Mallach). * Bulgarian (Damyan Ivanov). Closes: #606452 * Persian (Morteza Fakhraee). Closes: #606672 * Russian (Yuri Kozlov). Closes: #606753 * Dutch (Paul Gevers). Closes: #606807 * Japanese (Hideki Yamane). Closes: #606836 * French (Christian Perrier). Closes: #606842 * Czech (Miroslav Kure). Closes: #606854 * Spanish (Francisco Javier Cuadrado). Closes: #606903 * Portuguese (Tiago Fernandes / Miguel Figueiredo). Closes: #606908 * German (Martin Eberhard Schauer). Closes: #606896 * fix_crash_condition_in_kfreebsd_loader.patch: Import from upstream. Fixes crash condition in case kfreebsd_* commands are used after kfreebsd has (gracefully) failed. [ Robert Millan ] * Import from upstream: - refuse_embedingless_cross_disk.patch: Refuse to do a cross-disk embeddingless install rather than creating a broken install. - fix_grub_install_error_msg.patch: Replace useless recomendation to pass --modules with a recomendation to report a bug. - message_refresh.patch: Make error messages visible again. (Closes: #605485) [ Jordi Mallach ] * Update Catalan translation with latest file from the Translation Project. [ Updated translations ] * Slovenian (Vanja Cvelbar). Closes: #604003 * Dzongkha (dawa pemo via Tenzin Dendup). Closes: #604102 [ Robert Millan ] * increase_disk_limit.patch: Increase SCSI/IDE disk limits to cope with Sun Fire X4500. * linux_mdraid_1x.patch: Support for Linux MD RAID v1.x. (Closes: #593652) * yeeloong_boot_info.patch: On Yeeloong, pass machine type information to Linux. [ Updated translations ] * Portuguese fixed by Christian Perrier (variable names were translated) [ Robert Millan ] * zfs_fix_mkrelpath.patch: Replace with proper fix from upstream Bazaar. (Closes: #601087) [ Updated translations ] * Vietnamese (Clytie Siddall). Closes: #598327 * Icelandic (Sveinn Felli). Closes: #600126 [ Robert Millan ] * zfs_v23.patch: Accept ZFS up to v23 (no changes required). * fix_usb_boot.patch: Fix boot on USB devices, for BIOSes that expose them as floppies. (Closes: #600580) * zfs_fix_mkrelpath.patch: Fix grub-mkrelpath for non-root ZFS. (Closes: #600578) [ Updated translations ] * Kazakh (kk.po) by Baurzhan Muftakhidinov via Timur Birsh (closes: #598188). * Portuguese (pt.po) by Tiago Fernandes via Rui Branco (closes: #599767). * Catalan (ca.po) by Jordi Mallach. [ Updated translations ] * Hebrew (he.po) by Omer Zak and Lior Kaplan (closes: #593855). * Romanian (ro.po) by ioan-eugen STAN (closes: #595727). * Esperanto (eo.po) by Felipe Castro (closes: #596171). [ Colin Watson ] * Make grub-efi-amd64 conflict with grub-pc as well as the other way round. * Backport upstream patches to fix DM-RAID support (closes: #594221, LP: #634840). [ Robert Millan ] * enable_zfs.patch: Fix grub-fstest build problem. * zfs_fix_label_arg.patch: Fix kfreebsd_device initialization on ZFS for non-main filesystems. [ Updated translations ] * Italian (it.po) by Luca Monducci (closes: #593685). * Finnish (fi.po) by Esko Arajrvi (closes: #593921). [ Colin Watson ] * Run update-grub from kernel hooks if DEB_MAINT_PARAMS is unset, for compatibility with old kernel packages. This may produce duplicate runs of update-grub, but that's better than not running it at all (closes: #594037). [ Updated translations ] * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge (closes: #592156). * Asturian (ast.po) by Maacub (closes: #592313). * Galician (gl.po) by Jorge Barreiro (closes: #592816). [ Robert Millan ] * Backport ZFS bugfixes from upstream Bazaar: - zfs_fix_chroot.patch: Fix breakage when running grub-probe inside chroot. - zfs_fix_label_arg.patch: Fix grub-probe fs_label argument. - zfs_fix_pathname.patch: Fix pathname for non-root ZFS filesystems. - zfs_fix_segfault.patch: Fix segfault when /dev is not mounted. [ Colin Watson ] * Escape single quotes when removing them from $mode in zz-update-grub, so that this works when /bin/sh is bash (thanks, Will Dyson; closes: #593242). * Add support for ext2 root on GNU/kFreeBSD (thanks, Aurelien Jarno; closes: #593467). [ Colin Watson ] * Make /etc/kernel/postrm.d/zz-update-grub a real file rather than a symlink (closes: #592076). [ Updated translations ] * Norwegian Bokml (nb.po) by Hans Nordhaug (closes: #591569). * New Bazaar snapshot. - Fix grub-emu build on GNU/kFreeBSD (closes: #591490). [ Colin Watson ] * Add kernel hook scripts and remove any uses of update-grub as a postinst_hook or postrm_hook in /etc/kernel-img.conf (closes: #554175). Thanks to Ben Hutchings for advice and to Harald Braumann for an early implementation. * Extend the existing GRUB_LEGACY_0_BASED_PARTITIONS handling to avoid new-style partition naming when generating output for GRUB Legacy (closes: #590554). [ Updated translations ] * Slovak (sk.po) by Slavko (closes: #591458). * New Bazaar snapshot. - Remove compatibility with terminal.mod prior to terminal_input/terminal_output separation (LP: #519358). - Enable `grub-probe -t device' resolution on ZFS. - Don't use UUID for LVM root when generating Xen entries (closes: #591093). - Restore missing whitespace to commands' --help output (closes: #590874). - Select unique numbers for named RAID arrays, for use as keys in the disk cache. [ Updated translations ] * German (Martin Eberhard Schauer). Closes: #590108 * Spanish (Francisco Javier Cuadrado). Closes: #590448 * Traditional Chinese (Tetralet). Closes: #591191 * Danish (Joe Hansen). Closes: #591223 * Dutch (Paul Gevers). Closes: #590864 * Japanese (Hideki Yamane). Closes: #591058 [ Robert Millan ] * postinst.in: Fill in device size and model information on GNU/kFreeBSD, using camcontrol. * patches/enable_zfs.patch: New patch. Link ZFS from grub-extras into grub-probe and grub-setup. * control: Build-Depend on libzfs-dev and libnvpair-dev on kfreebsd-*. [ Colin Watson ] * Offer RAID devices as GRUB installation targets if they contain /, /boot, or /boot/grub. * New Bazaar snapshot. - Don't count named RAID arrays when looking for unused array numbers. [ Colin Watson ] * Merge from Ubuntu: - grub-common Breaks: lupin-support (<< 0.30) due to a grub-mkimage syntax change (lupin-support isn't in Debian, but this is harmless anyway). * New Bazaar snapshot. - Link to Info documentation on changes from GRUB Legacy in README (closes: #502623). - Add support for mdadm metadata formats 1.x (closes: #492897). [ Aaron M. Ucko ] * Compare -trunk kernels earlier than numeric ABIs (closes: #568160). [ Colin Watson ] * Remove /boot/grub/device.map, /boot/grub/grubenv, /boot/grub/installed-version, and /boot/grub/locale/ on purge, if permitted (closes: #547679). * Convert from CDBS to dh. * Use exact-version dependencies in grub2 and grub-efi, to reduce potential confusion. * Raise priority of grub-common and grub-pc to optional (also done in archive overrides). * Copy-edit debian/presubj. * Use 'mktemp -t' rather than hardcoding /tmp (closes: #589537). [ Mario 'BitKoenig' Holbe ] * Update /etc/grub.d/05_debian_theme to handle multiple entries in GRUB_TERMINAL_OUTPUT (closes: #589322). [ Updated translations ] * Simplified Chinese (zh_CN.po) by YunQiang Su (closes: #589013). * Russian (ru.po) by Yuri Kozlov (closes: #589244). * Swedish (sv.po) by Martin Bagge / brother (closes: #589259). * Bulgarian (bg.po) by Damyan Ivanov (closes: #589272). * Indonesian (id.po) by Arief S Fitrianto (closes: #589318). * Arabic (ar.po) by Ossama M. Khayat. * Basque (eu.po) by Iaki Larraaga Murgoitio (closes: #589489). * Persian (fa.po) by Bersam Karbasion (closes: #589544). * Czech (cs.po) by Miroslav Kure (closes: #589568). * Belarusian (be.po) by Viktar Siarheichyk (closes: #589634). * New Bazaar snapshot. - Handle degraded RAID arrays in grub-probe and grub-setup. - Fix gfxterm pager handling. [ Fabian Greffrath ] * Get value of correct debconf question when deciding whether to purge /boot/grub (closes: #588331). [ Colin Watson ] * Generate device.map in something closer to the old ordering (thanks, Vadim Solomin). [ Updated translations ] * Croatian (hr.po) by Josip Rodin, closes: #588350. * French (fr.po) by Christian Perrier (closes: #588695). * New Bazaar snapshot. - USB hub support. - Fix GRUB_BACKGROUND configuration ordering. - Fix corruption of first entry name in a reiserfs directory. - Don't include MD devices when generating device.map (if you're using RAID and upgraded through 1.98+20100702-1 or 1.98+20100705-1, you may need to fix this up manually). * New Bazaar snapshot. - Bidi and diacritics support. + Use terminfo for ieee1275 terminals (closes: #586953). - Don't use empty grub_device in EFI grub-install (closes: #587838). - Fix grub-setup core.img comparison when not embedding (thanks, Matt Kraai and M. Vefa Bicakci; closes: #586621). * Update Source: in debian/copyright (thanks, Jrg Sommer). * Convert by-id disk device names from device.map to traditional device names for display (closes: #587951). * Set urgency=medium. We've cleared out most of the apparent regressions at this point, and #550704 is getting more and more urgent to fix in testing. * New Bazaar snapshot. - Use video functions in Linux loader rather than hardcoding UGA; load all available video backends (closes: #565576, probably). - Add support for initrd images on Fedora 13. - Output grub.cfg stanzas for Xen (closes: #505517). - Add 'cat --dos' option to treat DOS-style "\r\n" line endings as simple newlines (closes: #586358). - Change grub-mkdevicemap to emit /dev/disk/by-id/ names where possible on Linux. - Return CF correctly in mmap e820/e801 int15 hook (closes: #584846). - The info documentation now has no broken references, although of course it could still use more work (closes: #553460). - Support GRUB_BADRAM in grub-mkconfig. - Skip LVM snapshots (closes: #574863). [ Colin Watson ] * Mention grub-rescue-usb.img in grub-rescue-pc description (closes: #586462). * Add instructions for using grub-rescue-usb.img (closes: #586463). * Remove /usr/lib/grub/mips-* from grub-common rather than the incorrect /usr/lib/grub/mipsel-*, so that it stops clashing with grub-yeeloong; add a versioned Replaces to grub-yeeloong just in case (closes: #586526). * Remove qemu-system build-dependency on hurd-i386, where it doesn't seem to exist. Disable tests if qemu-system-i386 isn't available. * Mark "upgrade-from-grub-legacy" paragraph in grub-pc/chainload_from_menu.lst as untranslatable. * Update Homepage field (thanks, Sedat Dilek). * On Linux, if /boot/grub/device.map exists on upgrade to this version, regenerate it to use stable device names in /dev/disk/by-id/. If it had more than one entry, then display a critical-priority debconf note (sorry, but it's better than silently breaking boot menu entries) advising people to check custom boot menu entries and update them if necessary (closes: #583271). * Use 'set -e' rather than '#! /bin/sh -e' or '#! /bin/bash -e', to avoid accidents when debugging with 'sh -x'. * Store grub-pc/install_devices as persistent device names under /dev/disk/by-id/ (closes: #554790). Migrate previous device names to that, with explicit confirmation in non-trivial cases to make sure we got the right ones. If the devices we were told to install to ever go away, ask again. (This is based on the implementation in Ubuntu.) * If grub-install fails during upgrade-from-grub-legacy, allow the user to try again with a different device, but failing that cancel the upgrade (closes: #587790). * Remove numbering from patch files. The order is now explicit in a quilt series file, and renumbering from time to time is tedious. [ Updated translations ] * Ukrainian (uk.po) by Yatsenko Alexandr / Borys Yanovych (closes: #586611). * Indonesian (id.po) by Arief S Fitrianto (closes: #586799). * Swedish (sv.po) by Martin Bagge (closes: #586827). * Persian (fa.po) by Behrad Eslamifar (closes: #587085). * French (fr.po) by Christian Perrier (closes: #587383). * Galician (gl.po) by Jorge Barreiro (closes: #587796). [ Robert Millan ] * Add commented GRUB_BADRAM example in debian/default/grub. * New Bazaar snapshot. - Fix i386-pc prefix handling with nested partitions (closes: #585068). * When running grub-pc.postinst from upgrade-from-grub-legacy, tell it to disregard the fact that /boot/grub/stage2 and /boot/grub/menu.lst still exist (closes: #550477). * Touch a marker file when grub-install is run but GRUB Legacy files are still around. If that marker file is present, pretend that GRUB Legacy files are missing when upgrading. * If GRUB Legacy files are present when upgrading, scan boot sectors of all disks for GRUB 2. If we find GRUB 2 installed anywhere, then ask the user if they want to finish conversion to GRUB 2, and warn them that not doing so may render the system unbootable (closes: #586143). Thanks to Sedat Dilek for helping to narrow down this bug. * Leaving grub-pc/install_devices empty makes sense in some situations, but more often than not is a mistake. On the other hand, automatically selecting all disk devices would upset some people too. Compromise by simply asking for explicit confirmation if grub-pc/install_devices is left empty, defaulting to false so that simply selecting all the defaults in debconf can't leave you with an unbootable system (closes: #547944, #557425). * Build-depend on gcc-4.4-multilib on i386 and kopensolaris-i386 too, in order to build grub-efi-amd64. * Ignore non-option arguments in grub-mkconfig (closes: #586056). * New Bazaar snapshot. - Make target-related error messages from grub-mkimage slightly more helpful (closes: #584415). - Fix underquoting that broke savedefault (thanks, Mario 'BitKoenig' Holbe; closes: #584812). - Expand 'info grub' substantially, including a new section on configuring authentication (closes: #584822). - Give all manual pages proper NAME sections (closes: #496706). * Update 915resolution from grub-extras: - Fix a hang with 945GME (thanks, Sergio Perticone; closes: #582142). [ Colin Watson ] * Disable grub-emu on sparc for the time being. We're currently trying to use TARGET_* flags to build it, which won't work. * Don't build-depend on libsdl1.2-dev on hurd-i386. Although libsdl1.2-dev exists there, it's currently uninstallable due to missing libpulse-dev, and we can happily live without it for now. * kfreebsd-amd64 needs gcc-4.4-multilib too (closes: #585668). * Warn and return without error from prepare_grub_to_access_device if /boot is a dm-crypt device (thanks, Marc Haber; closes: #542165). * Make /etc/grub.d/05_debian_theme usable by shells other than bash (thanks, Alex Chiang; closes: #585561). * Remove grub-mkisofs leftovers from debian/copyright. * Fix reversed sense of DEB_BUILD_OPTIONS=nocheck handling. * Build-depend on qemu-system for grub-pc tests. * Only build-depend on libdevmapper-dev on Linux architectures. * Don't build-depend on libusb-dev on hurd-i386, where it doesn't seem to be available. * Fix printf format mismatch in disk/usbms.c (closes: #584474). * Fix verbose error output when device-mapper isn't supported by the running kernel (closes: #584196). * Prepend "part_" to partmap module names in grub-mkconfig, in line with grub-install (closes: #584426). * New Bazaar snapshot. - Add btrfs probing support, currently only in the single-device case (closes: #540786). - Fix grub-emu build on mips/powerpc/sparc. - Add safety check to make sure that /boot/grub/locale exists before trying to probe it (closes: #567211). - Several 'info grub' improvements, including a new section on configuration file generation using grub-mkconfig which documents the available keys in /etc/default/grub (closes: #497085). - Many USB fixes. [ Colin Watson ] * Reorganise configure and build targets in debian/rules to use stamp files. configure/* never existed and build/* was always a directory, so make never considered either of them up to date (closes: #450505). * Remove config.h.in from AUTOGEN_FILES, since autoheader doesn't necessarily update it. * Remove conf/gcry.mk from AUTOGEN_FILES, and conf/gcry.rmk from their dependencies. autogen.sh runs util/import_gcry.py after autoconf et al, so conf/gcry.rmk's timestamp will be later than some of the autogenerated outputs. * Go back to shipping rescue images in the grub-rescue-pc .deb itself rather than generating them in the postinst. This means that (a) they get removed when the package is removed (closes: #584176); (b) they are listed in package metadata, as is proper for files in /usr (closes: #584218); (c) grub-rescue-pc can potentially be used as a build-dependency for other packages that need to build GRUB images into installation media etc., without having to build-depend on grub-pc which isn't coinstallable with other platform variants and does invasive things in its postinst. * Add grub-mkrescue patch from Thomas Schmitt to allow reducing the size of xorriso-created images. Use this to ensure that grub-rescue-floppy.img fits well within size limits (closes: #548320). * Always override statically-linked-binary Lintian tag for kernel.img; dynamic linking makes no sense here. * kernel.img is stripped upstream where it can be, but override Lintian's error for the cases where it can't. * Override binary-from-other-architecture for kernel.img as well as *.mod when building grub-efi-amd64 on i386. * New Bazaar snapshot. - Support multiple terminals in grub-mkconfig, e.g. GRUB_TERMINAL='serial console' (closes: #506707). - Speed up consecutive hostdisk operations on the same device (closes: #508834, #574088). - Fix grammar error in grub-setup warning (closes: #559005). - Use xorriso for image creation rather than embedding a modified copy of mkisofs (closes: #570156). - Issue an error rather than segfaulting if only some LVM component devices are in device.map (closes: #577808). - Fix typo in make_device_name which caused grub-probe problems on systems with BSD disk labels (closes: #578201). - Add DM-RAID probe support (closes: #579919). - Include all gnumach kernels on Hurd, not just gnumach and gnumach.gz (closes: #581584). [ Colin Watson ] * Restore TEXTDOMAINDIR correction in grub.d files, lost by mistake in a merge. Noticed by Anthony Fok. * Don't fail on purge if the ucf association has already been taken over by a different grub package (closes: #574176). * Add debian/grub-extras/*/conf/*.mk to AUTOGEN_FILES. * Remove support for the lpia architecture, now removed from Ubuntu. * Conflict with grub (<< 0.97-54) as well as grub-legacy. * Build-depend on libdevmapper-dev for DM-RAID probe support. * Switch to quilt. * Suggest xorriso (>= 0.5.6.pl00) in grub-common, since grub-mkrescue now needs it. Depend on it in grub-rescue-pc. * Move grub-mkimage to grub-common, now that it only has one implementation. * Clean up temporary files used while building grub-firmware-qemu. * Make grub-probe work with symlinks under /dev/mapper (closes: #550704). * When upgrading a system where GRUB 2 is chainloaded from GRUB Legacy and upgrade-from-grub-legacy has not been run, upgrade the chainloaded image rather than confusing the user by prompting them where they want to install GRUB (closes: #546822). * Build-depend on libsdl1.2-dev for SDL support in grub-emu. * Don't leak debconf's file descriptor to update-grub, so that the LVM tools called from os-prober don't complain about it (closes: #549976). Other leaks are not this package's fault, may not be bugs at all, and in any case os-prober 1.36 suppresses the warnings. * Build-depend on flex (>= 2.5.35). * Build-depend on gcc-4.4-multilib on amd64. [ Updated translations ] * Slovenian (sl.po) by Vanja Cvelbar (closes: #570110). * Vietnamese (vi.po) by Clytie Siddall (closes: #574578). * Tamil (ta.po) by Tirumurti Vasudevan (closes: #578282). * Portuguese (pt.po) by Tiago Fernandes (closes: #580140). * Romanian (ro.po) by Eddy Petrior / Andrei Popescu (closes: #583185). * New upstream release (closes: #572898). - Fix grub-script-check to handle empty lines (closes: #572302). - Fix offset computation when reading last sectors. Partition reads and writes within and outside a partition (closes: #567469, #567884). - Fix script execution error handling bug that meant that an error in a menuentry's last statement caused the whole menuentry to fail (closes: #566538, LP: #464743). - Support GRUB_GFXPAYLOAD_LINUX (closes: #536453, LP: #416772). [ Samuel Thibault ] * Add GRUB_INIT_TUNE example to /etc/default/grub (closes: #570340). [ Colin Watson ] * Build-depend on libusb-dev so that grub-emu is reliably built with USB support (closes: #572854). * Update directions in debian/rules on exporting grub-extras to account for it being maintained in Bazaar nowadays. * Add myself to Uploaders. * Acknowledge NMUs, thanks to Torsten Landschoff and Julien Cristau. * Non-maintainer upload. * Stop setting gfxpayload=keep (closes: #567245). * Non-maintainer upload. * Apply trivial patch (already merged upstream) fixing the offset computation for non-cached reads (closes: #567637). * New Bazaar snapshot. - Fix corruption problem when reading files from CDROM. (Closes: #567219) [ Felix Zielcke ] * Never strip kernel.img in rules. Upstream already does it when it can be done. (Closes: #561933) * Bump Standards-Version to 3.8.4. [ Robert Millan ] * rules: Run the testsuite (make check) when building grub-pc. * New Bazaar snapshot. - Includes mipsel-yeeloong port. [ Robert Millan ] * config.in: Lower priority of grub2/linux_cmdline_default. [ Felix Zielcke ] * Drop `CFLAGS=-O0' workaround on powerpc. Should be fixed correctly now. * Ship grub-bin2h and grub-script-check in grub-common. * Terminate NEWS.Debian with a blank line like lintian would suggest if that check would be working correctly. * New Bazaar snapshot. - Includes savedefault / grub-reboot branch. - Includes Multiboot video support (from latest 1.x draft). * New Bazaar snapshot. [ Robert Millan ] * grub-rescue-pc.postinst: Fix image generation during upgrades. (Closes: #564261) * New Bazaar snapshot. [ Robert Millan ] * grub-rescue-pc.postinst: Use grub-mkrescue for floppy as well. [ Updated translations ] * Chinese (zh_TW.po) by Tetralet. (Closes: #564044) * New Bazaar snapshot. - Fix FTBS on sparc. [ Robert Millan ] * rules: Auto-update version from debian/changelog. [ Felix Zielcke ] * Add -O0 to CFLAGS on powerpc to avoid the `_restgpr_31_x in boot is not defined' FTBFS. * New Bazaar snapshot. - Fix slowness when $prefix uses an UUID. (Closes: #541145, LP: #420933) - Correctly set TARGET_CFLAGS. (Closes: #562953) [ Robert Millan ] * grub-rescue-pc.postinst: Build USB rescue image. * rules: Invoke configure with relative path. This makes binaries smaller, since dprintf strings are constructed using this path. [ Felix Zielcke ] * Urgency=high due to RC bug fix. * Fix version comparison in grub-common.preinst for handling obsolete /etc/grub.d/10_freebsd. (Closes: #562921) * New Baazar snapshot. - Make 30_os-prober again dash compatible. (Closes: #562034) * New Bazaar snapshot. - Fix search command failing on some broken BIOSes. (Closes: #530357) [ Felix Zielcke ] * Add Replaces:/Conflicts: grub-linuxbios to grub-coreboot. (Closes: #561811) * Delete obsolete /etc/grub.d/10_freebsd if it has not been modified, else disable it. (Closes: #560346) * Version bump. * New Bazaar snapshot. - patches/02_fix_mountpoints_in_mkrelpath.diff: Remove (merged). - Fixes FTBFS on powerpc (again) and sparc. - patches/903_grub_legacy_0_based_partitions.diff: Resync (merged into debian branch). * Fix dpkg dependency for lenny compatibility. * New Bazaar snapshot. * Enable ntldr-img from grub-extras. [ Updated translations ] * Bulgarian (bg.po) by Damyan Ivanovi (Closes: #558039) [ Robert Millan ] * control: Remove genisoimage from Build-Depends/Suggests (no longer used). * grub.d/05_debian_theme: Make output string distro-agnostic. [ Felix Zielcke ] * patches/02_fix_mountpoints_in_mkrelpath.diff: New patch to handle mount points like the old shell function did. (Closes: #558042) [ Robert Millan ] * New upstream snapshot. - Fixes script parser load error. * Add gettext to Build-Depends and gettext-base to grub-common's Depends. * New upstream snapshot. - Fix grub-mkisofs related FTBFS on powerpc. (Closes: #557704) - Create fake GRUB devices for devices not listed in device.map. This also makes dmraid and multipath work as long as search --fs-uuid works. (Closes: #442382, #540549, LP: #392136) - rules: grub-emu is now built as a port. [ Felix Zielcke ] * Change the bt-utf-source build dependency to xfonts-unifont. It's more complete, better maintained and grub-mkfont supports actually more then BDF fonts as input, thanks to libfreetype. * Use grub-probe to get the GRUB device of /boot/grub instead of passing (hd0) to grub-install when creating the core.img with chainloading. This avoids the (UUID=) hack slowness in case /boot/grub is on a different disk then (hd0) in device.map. * patches/903_grub_legacy_0_based_partitions.diff: Update. * Add a build dependency on automake and python. * Set TARGET_CC=$(CC) to really use gcc-4.4 everywhere. Also pass it and CC as arguments to ./configure instead of env vars so they get preserved. * Ship grub-mkrelpath in grub-common. * Ship the locale files in grub-common. * Add a dependency on 'dpkg (>= 1.15.4) | install-info' for grub-common as recommended by Policy and lintian. * New upstream snapshot. - Fix security problem with password checking. (Closes: #555195) - Fix the generated GNU/Hurd menu entries and also add support for it in 30_os-prober. (Closes: #555188) - Same grub-mkrescue for grub-pc and grub-coreboot, used by grub-rescue-pc during postinst now. (Closes: #501867) [ Felix Zielcke ] * Ship grub-mkisofs in grub-common. * patches/002_grub.d_freebsd.in.diff: Remove (merged upstream). * patches/906_grub_extras.diff: Remove. Superseded by GRUB_CONTRIB variable in recent upstream trunk. * rules: Export GRUB_CONTRIB to enable grub-extras add-ons. * Pass --force to grub-install in the postinst. (Closes: #553415) * Don't strip debug symbols from grub-emu. It's meant for debugging and with them it's much more useful. * Ship grub-mkfloppy in grub-pc. * Revert the Replaces: grub-common to (<= 1.96+20080413-1) on the grub-pc package. It was wrongly modified long ago. [ Robert Millan ] * copyright: Document mkisofs. * control: Update Vcs- fields (moved to Bazaar). * rules: Update debian/legacy/update-grub rule to Bazaar. [ Robert Millan ] * patches/905_setup_force.diff: Remove, no longer needed as of grub-installer >= 1.47. * grub.d/05_debian_theme: Attempt to source grub_background.sh from desktop-base (Needed for #495282, #495616, #500134, see also #550984). [ Felix Zielcke ] * Add a build dependency on texinfo. * Fix little typo in /etc/default/grub. (LP: #457703) [ Updated translations ] * Finnish (fi.po) by Esko Arajrvi. (Closes: #551912) * New upstream beta release. [ Felix Zielcke ] * Change the Recommends: os-prober to (>= 1.33). * patches/907_grub.cfg_400.diff: Really add it. Somehow it was a 0 byte file. (Closes: #547409) * Convert newlines back to spaces when parsing kopt from GRUB Legacy's menu.lst, before giving the value to Debconf. Thanks to Colin Watson. (Closes: #547649) * Ship the info docs in grub-common. (Closes: #484074) * Remove generated /usr/share/info/dir* files. * Update the presubj bug file and also install it for grub-common. [ Robert Millan ] * Enable ZFS and 915resolution in grub-extras (now requires explicit switch). * grub-common conflicts with grub-doc (<< 0.97-32) and grub-legacy-doc (<< 0.97-59). * Move grub-emu to a separate package. [ Updated translations ] * Japanese (ja.po) by Hideki Yamane. (Closes: #549599) * New upstream beta release. - Make it more clear how to use /etc/grub.d/40_custom. (Closes: #545153) - fix a serious memory corruption in the graphical subsystem. (Closes: #545364, #544155, #544639, #544822, LP: #424503) - patches/003_grub_probe_segfault.diff: Remove (merged). * Change the watch file so upstream beta releases are recognized. * Include /etc/default/grub in bug reports. * Recommend os-prober (>= 1.32). (Closes: #491872) * Change the gcc-multilib [sparc] build dependency to gcc-4.4-multilib [sparc]. * patches/907_grub.cfg_400.diff: New patch to make grub.cfg again mode 444 if it does not contain a password line. * Use `su' in the bug reporting script to read grub.cfg in case the user is not allowed to read it. * Readd grub-pc/kopt-extracted template. [ Updated translations ] * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge. * Japanese (ja.po) by Hideki Yamane. (Closes: #545331) * Spanish (es.po) by Francisco Javier Cuadrado. (Closes: #545566) * Italian (it.po) by Luca Monducci. (Closes: #546035) [ Updated translations ] * Dutch (nl.po) by Paul Gevers. (Closes: #545050) [ Felix Zielcke ] * Move GRUB Legacy's grub-set-default to /usr/lib/grub-legacy in preparation for GRUB 2's grub-set-default. * Remove password lines in bug script. [ Robert Millan ] * Do not conflict with `grub' dummy package (this prevented upgrades). * patches/003_grub_probe_segfault.diff: Disable file test codepath, which wasn't normally used before. * New upstream beta release. - Fix loading of FreeBSD modules. (Closes: #544305) [ Updated translations ] * French (fr.po) by Christian Perrier. (Closes: #544320) * Czech (cs.po) by Miroslav Kure. (Closes: #544327) * Belarusian (be.po) by Hleb Rubanau. * Arabic (ar.po) by Ossama M. Khayat. * Catalan (ca.po) by Juan Andrs Gimeno Crespo. * Russian (ru.po) by Yuri Kozlov. (Closes: #544730) * Swedish (sv.po) by Martin gren. (Closes: #544759) * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge. (Closes: #544810) * German (de.po) by Helge Kreutzmann. (Closes: #544912) [ Robert Millan ] * Build with GCC 4.4. * New upstream beta release. [ Updated translations ] * German (de.po) by Helge Kreutzmann. (Closes: #544261) * Asturian (ast.po) by Marcos. * Georgian (ka.po) by Aiet Kolkhi. [ Robert Millan ] * Merge config, templates, postinst, postrm, dirs and install files into a single source. * Disable Linux-specific strings on GNU/kFreeBSD. Enable translations in grub2/linux_cmdline_default. Add grub2/kfreebsd_* strings (still unused). * New SVN snapshot. - Fix filesystem mapping on GNU/kFreeBSD. (Closes: #543950) * New grub-extras SVN snapshot. - Add 915resolution support to the GMA500 (poulsbo) graphics chipset. Thanks to Pedro Bulach Gapski. (Closes: #543917) * Use `cp -p' to copy /usr/share/grub/default/grub to the temporary file to preverse permissions. * Remove also efiemu files from /boot/grub on purge if requested. * Check that GRUB_CMDLINE_LINUX and GRUB_CMDLINUX_LINUX_DEFAULT is at the start of line in *.postinst. * Don't check that $GRUB_CMDLINE_LINUX{,DEFAULT} are non empty strings in *.config. * Add empty GRUB_CMDLINE_LINUX to /usr/share/grub/default/grub. * Factorise the editing of the temporary file. Thanks to Martin F Krafft. * Read in /etc/default/grub in *.config files. [ Updated translations ] * French (fr.po) by Christian Perrier. (Closes: #544023) * Russian (ru.po) by Yuri Kozlov. (Closes: #544077) * Italian (it.po) by Luca Monducci. (Closes: #544200) * Add missing quotes in grub-pc.config and *.postinst. * Really use the correct templates in grub-pc.config. ARGS. * New SVN snapshot. * Use the right templates in grub-pc.config. (Closes: #543615) * New SVN snapshot. - Enable gfxterm only if there's a suitable video backend and don't print an error if not. (Closes: #520846) [ Felix Zielcke ] * Copy unicode.pf2 instead of ascii.pf2 to /boot/grub in grub-pc postinst (Closes: #542314). * Update Standards version to 3.8.3. * Use DEB_HOST_ARCH_CPU for the generation of the lintian overrides. * Fix calling the grub-pc/postrm_purge_boot_grub template in grub-pc.postinst. * Handle GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT via debconf. Thanks to Martin F. Krafft and Colin Watson for idea and hints. * Use ucfr --force when /etc/default/grub is registered to a grub-* package. * Use #!/bin/sh in *.config and fix a small bashism in grub-pc.config. [ Robert Millan ] * patches/907_terminal_output_workaround.diff: Remove. It seems that it wasn't really necessary. * grub-pc.postinst: Avoid printing an error if /etc/kernel-img.conf doesn't exist, because it is misleading. We simply refrain from fixing it and move along. * grub-pc.postinst: Don't schedule generation of grub.cfg via "grub-install" code path unless we actually run grub-install. * grub-pc.postinst: Only copy unicode.pf2 and moreblue-orbit-grub.png when /boot/grub/grub.cfg is scheduled to be generated. * legacy/upgrade-from-grub-legacy: Reset grub-pc/install_devices. Thanks Colin Watson. (Closes: #541230) * New SVN snapshot. - Fix XFS with inode size different then 256. (Closes: #528761) - Add support for multiple LVM metadata areas. (LP: #408580) - patches/008_dac_palette_width.diff: Remove. (merged) - Prefer unicode over ascii font. (LP: #352034) [ Felix Zielcke ] * Fix the generation of the lintian override for efiemu64.o. * Remove the Conflicts dmsetup. * Use ?= for setting DEB_HOST_ARCH. * Document GRUB_DISABLE_LINUX_RECOVERY in /etc/default/grub. (Closes: #476536 LP: #190207) * Add docs/grub.cfg to examples. * patches/01_uuids_and_lvm_dont_play_along_nicely.diff: Updated to also disable UUIDs on LVM over RAID. * Add a debconf prompt to remove all grub2 files from /boot/grub on purge. (Closes: #527068, #470400) * Move the Suggests: os-prober from grub-pc to grub-common. * patches/901_dpkg_version_comparison.diff: Updated. * Update the Replaces on grub-common for the other packages to (<< 1.96+20080831-1). (Closes: #540492) [ Robert Millan ] * Reorganize grub-pc.{config,postinst} logic. The idea being that if there's no trace of GRUB Legacy, the grub-pc/install_devices template will be shown even if this is the first install. * When setting grub-pc/install_devices, obtain input dynamically from grub-mkdevicemap (rather than devices.map). (Closes: #535525) * Add a note to grub-pc/install_devices template that it's also possible to install GRUB to a partition boot record. * patches/002_grub.d_freebsd.in.diff: New patch. Reimplement 10_freebsd.in to handle multiple kernel versions & acpi.ko. * New SVN snapshot. - Don't add drivemap call with Windows Vista/7. It breaks Win 7. (LP: #402154) [ Felix Zielcke ] * Don't build grub-efi-amd64 on hurd-i386. * Change DEB_BUILD_ARCH to DEB_HOST_ARCH in the check for sparc. * Don't add the lintian override for kernel.img for sparc and grub-pc. * Add a lintian override for binary-from-other-architecture for grub-efi-amd64 and grub-pc on i386. * Use wildcards in the lintian overrides. * Add a Conflicts/Replaces for all packages except grub-common. (Closes: #538177) [ Robert Millan ] * 008_dac_palette_width.diff: New patch. Fix blank screen when booting Linux with vga= parameter set to a packed color mode (<= 8-bit). (Closes: #535026) * Set urgency=high because #535026 affects 1.96+20090709-1 which is in testing now. * patches/907_terminal_output_workaround.diff: Work around recent regression with terminal_output command (not critical, just breaks gfxterm). * Place grub-ofpathname only in grub-common. (Closes: #537999) * Don't strip kernel.img on sparc. * Suggest efibootmgr on grub-efi-{amd64,ia32}. * Pass --disable-grub-fstest to configure. (Closes: #537897) * Add back Conflicts/Replaces grub. * New SVN snapshot. * Change License of my update-grub(8) and update-grub2(8) manpages to GPL3+ to match new copyright file. * Merge from Ubuntu: Don't build grub-efi-amd64 on lpia. * Don't pass `--enable-efiemu' to configure. On kfreebsd-i386 it won't compile and it should be now auto detected if it's compilable. (Closes: #536783) * Don't build grub-efi-amd64 on kfreebsd-i386. It lacks 64bit compiler support. * Rename the lintian override for kernel.elf to kernel.img. * Strip kernel.img not kernel.elf, but not in the case of grub-pc. * Rename the Conflicts/Replaces grub to grub-legacy. (Closes: #537824) * New SVN snapshot. * control (Build-Depends): Add gcc-multilib [sparc]. * copyright: Rewrite using DEP-5 format. * Merge grub-extras into the package, and integrate it with GRUB's build system. - patches/906_grub_extras.diff - rules - copyright * New SVN snapshot. * rules: Remove duplicated files in sparc64-ieee1275 port. * rules: Comment out -DGRUB_ASSUME_LINUX_HAS_FB_SUPPORT=1 setting. We'll re-evaluate using it when it's more mature. (Closes: #535026). * New SVN snapshot. - Misc fixes in Linux loader. * control (grub-firmware-qemu): Make it buildable only on i386/amd64. * control: Add sparc (grub-ieee1275), remove remnants of ppc64. * rules: Include all modules in grub-firmware-qemu build. * New SVN snapshot. * Re-enable QEMU port. * Disable QEMU port untill it goes through NEW. * Upload to unstable. * New SVN snapshot. - Fix parsing of --output in grub-mkconfig. (Closes: #532956) [ Felix Zielcke ] * Use ucfr --force in grub-ieee1275.postinst in case we're upgrading from previous version. It registered /etc/default/grub wrongly with package iee1275. * Drop the build dependency on libc6-dev-i386. * Remove ppc64 from the Architectures. It's totally dead. * Add a note to /etc/default/grub that update-grub needs to be run to update grub.cfg. (Closes: #533026) * Fix the svn-snapshot rule. * Update Standards version to 3.8.2. No changes needed. [ Robert Millan ] * legacy/upgrade-from-grub-legacy: Invoke grub-pc.postinst directly rather than dpkg-reconfigure. Since we pretend we're upgrading, it will DTRT. * Add grub-firmware-qemu package. - patches/008_qemu.diff: QEMU port (patch from upstream). - control (grub-firmware-qemu): New package. - rules: Add grub-firmware-qemu targets. - debian/grub-firmware-qemu.dirs - debian/grub-firmware-qemu.install * patches/906_revert_to_linux16.diff: Remove, now that gfxpayload is supported. * New SVN snapshot. * Append .diff to patches/01_uuids_and_lvm_dont_play_along_nicely so it gets really applied. * Drop completely the build dependency on gcc-multilib. * Instead of arborting in the preinst if /etc/kernel-img.conf still contains /sbin/update-grub, change the file with sed. Policy allows thisi, because it's not a conffile, according to Colin Watson. * Change /etc/default/grub to an ucf managed file instead of dpkg conffile. * New SVN snapshot. - Fix variable parsing inside strings. (Closes: #486180) - Add `true' command. (Closes: #530736) [ Robert Millan ] * Split grub-efi in grub-efi-ia32 and grub-efi-amd64, both available on i386 and amd64. (Closes: #524756) * Add kopensolaris-i386 to arch list. [ Felix Zielcke ] * Add a NEWS entry about the grub-efi split. * Drop the build dependency on gcc-multilib for all *i386. * Change upgrade-from-grub-legacy to use `dpkg-reconfigure grub-pc' to install grub2 into MBR. [ New translations ] * Catalan (ca.po) by Jordi Mallach. [ Updated translations ] * Spanish (es.po) by Francisco Javier Cuadrado. (Closes: #532407) * New SVN snapshot. * Abort the install of grub-pc if /etc/kernel-img.conf still contains /sbin/update-grub (Closes: #500631). * New SVN snapshot. [ Felix Zielcke ] * Skip floopies in the grub-install debconf prompt in grub-pc postinst. Patch by Fabian Greffrath. (Closes: #530848) [ Robert Millan ] * Change Vcs-Browser field to viewsvn. [ Felix Zielcke ] * Change Vcs-Svn field to point to the trunk. (Closes: #531391) * patches/01_uuids_and_lvm_dont_play_along_nicely: New patch. On Debian root=UUID= with lvm still doestn't work so disable it. (Closes: #530357) * Remove Otavio Salvador from Uploaders with his permission. * add grub-pc.preinst * New SVN snapshot. - Add drivemap command, similar to grub-legacy's map command. (Closes: 503630) - Export GRUB_TERMINAL_INPUT in grub-mkconfig. (Closes: #526741) [ Robert Millan ] * rules: Set GRUB_ASSUME_LINUX_HAS_FB_SUPPORT=1 in CFLAGS. * patches/905_setup_force.diff: Relax blocklist warnings. * patches/906_revert_to_linux16.diff: Keep using linux16 for now. [ Felix Zielcke ] * patches/07_core_in_fs.diff: Updated. * Remove /etc/grub.d/10_hurd on non-Hurd systems in the grub-common preinst. Likewise for 10_freebsd for non kFreebsd and 10_linux on kFreebsd and Hurd. (Closes: #523777) * New SVN snapshot. - Add support for parttool command, which can be used to hide partitions. (Closes: #505905) - Fix a segfault with LVM on RAID. (Closes: #520637) - Add support for char devices on (k)FreeBSD. (Closes: #521292) - patches/08_powerpc-ieee1275_build_fix.patch: Remove (merged). [ Updated translations ] * Basque (eu.po) by Piarres Beobide. (Closes: #522457) * German (de.po) by Helge Kreutzmann. (Closes: #522815) [ Robert Millan ] * Update my email address. * Remove 04_uuids_and_abstraction_dont_play_along_nicely.diff now that bugs #435983 and #455746 in mdadm and dmsetup have been fixed. [ Felix Zielcke ] * Place new grub-dumpbios in grub-common. * Add lpia to the archictectures to reduce the ubuntu delta. * Add a manpage for the update-grub and update-grub2 stubs, written by me. (Closes: #523876) * Suggest genisoimage on grub-pc and grub-ieee1275, because grub-mkrescue needs it to create a cd image. (Closes: #525845) * Add a dependency on $(AUTOGEN_FILES) for the configure/grub-common target, this is needed now that upstream removed the autogenerated files from SVN. * Add `--enable-efiemu to' `./configure' flags. * Add a build dependency on gcc-multilib for i386. * Drop alternate build dependency on gcc-4.1 (<< 4.1.2). * New SVN snapshot. - Fix regression in disk/raid.c. (Closes: #521897, #514338) - Fix handling of filename string lengths in HFS. (Really closes: #516458). * Add myself to Uploaders. * Add patch 08_powerpc-ieee1275_build_fix.patch to fix powerpc-ieee1275 builds which were lacking header files for kernel_elf_HEADERS. Thanks Vladimir Serbinenko. [ Felix Zielcke ] * New SVN snapshot. - Pass grub's gfxterm mode to Linux kernel. (Closes: #519506) - Fix ext4 extents on powerpc. (Closes: #520286) [ Robert Millan ] * Remove grub-of transitional package (Lenny had grub-ieee1275 already). * Fix kopt parsing in grub-pc.config. Thanks Marcus Obst. (Closes: #514837) * Add debconf template to automatically run grub-install during upgrades (prior user confirmation). (Closes: #514705) * New SVN snapshot. - Fix loading of files with underscore in HFS. (Closes: #516458) * Update Standards version to 3.8.1. No changes needed. [ Updated translations ] * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge. (Closes: #519417) * New SVN snapshot. * New SVN snapshot. - Add support for /dev/md/dNNpNN mdraid devices. (Closes: #509960) - Add new PF2 fontengine. (Closes: #510344) - Avoid mounting ext2 partitions with backward-incompatible features. (Closes: #502333) - Try to avoid false positives with FAT. (Closes: #514263) [ Felix Zielcke ] * Remove build-dependency on unifont package and add one for bf-utf-source package and libfreetype6-dev * grub-pc.postinst: Copy new ascii.pf2 instead of old ascii.pff to /boot/grub. * Add `--enable-grub-mkfont' to configure flags. * Put new grub-mkfont in grub-common package. * Add a dependency for ${misc:Depends} to all packages to make lintian a bit more happy. * Detect when grub-setup leaves core.img in filesystem, and include that info in bug report templates. - debian/patches/07_core_in_fs.diff - debian/script * Add myself to Uploads and add `DM-Upload-Allowed: yes' tag. [ Updated translations ] * Asturian (ast.po) by Marcos Alvarez Costales. (Closes: #511144) * Traditional Chinese (zh_TW.po) by Tetralet. (Closes: #513918) * Belarusian (be.po) by Pavel Piatruk. (Closes: #516243) * New SVN snapshot. * New SVN snapshot. * Update to new debian theme. - grub-pc.postinst: Switch to moreblue-orbit-grub.png. - grub.d/05_debian_theme: Likewise. * grub.d/05_debian_theme: - Update to use new grub-mkconfig_lib instead of the deprecated update-grub_lib. - Update to check if `GRUB_TERMINAL_OUTPUT' is `gfxterm' instead of `GRUB_TERMINAL'. [ Updated translations ] * Romanien (ro.po) by Eddy Petrior. (Closes: #506039) * New SVN snapshot. - Add support for /dev/md/N style mdraid devices. (Closes: #475585) - Handle LVM dash escaping. (Closes: #464215) - Use case insensitive match in NTFS. (Closes: #497889) - Use hd%d drive names in grub-mkdevicemap for all architectures. (Closes: #465365) - Handle LVM circular metadata. (Closes: #462835, #502953) - Fix NULL dereference and failure paths in LVM. Thanks Guillem Jover. (Closes: #500482) - Provides GRUB header files (only in grub-common). [ Updated translations ] * Dutch (nl.po) by Paul Gevers. (Closes: #500514) * French (fr.po) by Christian Perrier. (Closes: #503708) * Georgian (ka.po) by Aiet Kolkhi. (Closes: #503715) * Czech (cs.po) by Miroslav Kure. (Closes: #503809) * German (de.po) by Helge Kreutzmann. (Closes: #503841) * Japanese (ja.po) by Hideki Yamane. (Closes: #503869) * Italian (it.po) by Luca Monducci. (Closes: #504076) * Swedish (sv.po) by Martin gren. (Closes: #504207) * Arabic (ar.po) by Ossama Khayat. (Closes: #504254) * Portuguese (pt.po) by Miguel Figueiredo. (Closes: #504280) * Russian (ru.po) by Yuri Kozlov. (Closes: #504324) * Finnish (fi.po) by Esko Arajrvi. (Closes: #504310) * Basque (eu.po) by Piarres Beobide. (Closes: #504466) * Dutch (nl.po) by Paul Gevers. (Closes: #504683) [ Felix Zielcke ] * patches/01_grub_legacy_0_based_partitions.diff: Rename to * patches/903_grub_legacy_0_based_partitions.diff: this and adapt for s/biosdisk.c/hostdisk.c/ rename upstream. * patches/03_disable_floppies.diff patches/904_disable_floppies.diff: Likewise. * update-grub has been renamed to grub-mkconfig, so provide a stub for compatibility. * Make grub-pc/linux_cmdline debconf template translatable. (Closes: #503478) * Remove ro.po and ta.po. They don't contain a single translated message. [ Robert Millan ] * control: Make grub-common dependency = ${binary:Version}. * default/grub: Set GRUB_CMDLINE_LINUX=quiet to syncronize with default D-I settings. * New SVN snapshot. - patches/00_fix_double_prefix.diff: Remove (merged). (Closes: #487565) - patches/00_getline.diff: Remove (merged). (Closes: #493289) - Handle errors in RAID/LVM scan routine (rather than letting the upper layer cope with them). (Closes: #494501, #495049) - patches/901_linux_coreboot.diff: Remove (replaced). - Add support for GFXMODE variable (Closes: #493106) - Skips /dev/.* in grub-probe. (Closes: #486624) - RAID code has various fixes. (Closes: #496573) - Buffered file read is now used to read the background image faster. (Closes: #490584) * We are already using LZMA, because upstream includes it's own lzma encoder, so drop completely the liblzo handling in control and rules files. [ Felix Zielcke ] * Remove the 1.95 partition numbering transition debconf warning from grub2 package and removed it from all languages (*.po). (Closes: #493744) * Add a comment for the new GFXMODE in default/grub. * debian/rules: - Remove 2 ./configure options which it didn't understand. - New grub-mkelfimage belongs to grub-common. * debian/control: - Change debhelper compat level to 7 and build depend on it >= 7. - Remove ${misc:Depend} dependency on all packages except grub-pc which is the only one using debconf. - Replace deprecated ${Source-Version} with ${source:Version} for << dependency and with ${build:Version} for = ones. - Remove versioned dependency of Build-Depends patchutils and cdbs, because etch has newer versions then the one used. - Remove dpkg-dev completely from Build-Depends because it's build-essentail and a non versioned dependency results in a lintian error. - Remove Conflict/Replaces pupa, it has been removed from Debian 2004. - Change build-dependency of unifont-bin to unifont (>= 1:5.1.20080820), it's the new package containing unifont.hex and that version to avoid licensing problems (Closes: #496061) - Remove Jason Thomas from Uploaders with his permission. * Preserve arguments in update-grub2 stub. (Closes: #496610) [ Updated translations ] * Japanese (ja.po) by Hideki Yamane (Closes: #493347) [ Robert Millan ] * Move a few files to grub-common and remove them from the arch- specific packages. * patches/02_old_linux_version_comparison.diff: Replace with ... * patches/901_dpkg_version_comparison.diff: ... this. Use dpkg --compare-versions in update-grub. (Closes: #494158) * patches/03_disable_floppies.diff: Free .drive struct member when skipping floppy drives. (Closes: #496040) * patches/902_boot_blocklist_hack.diff: Support separate /boot when using blocklists. (Closes: #496820, #489287, #494589) * New SVN snapshot. - patches/00_fix_overflow.diff: Remove (merged). - patches/00_uuid_boot.diff: Remove (merged). - patches/00_raid_duped_disks.diff: Remove (merged). - patches/00_xfs.diff: Remove (merged). - patches/00_strengthen_apple_partmap_check.diff: Remove (merged). - patches/00_skip_dev_dm.diff: Remove (merged). * patches/901_linux_coreboot.diff: Implements Linux load on Coreboot (patch from Coresystems). * grub-linuxbios -> grub-coreboot rename again. * patches/00_fix_overflow.diff: fix overflow with a big grub.cfg. (Closes: #473543) [ Felix Zielcke ] * changed dependency for debconf to also support debconf-2.0. (Closes: #492543) * patches/00_xfs.diff: Fix "out of partition" error with XFS. (Closes: #436943) [ Robert Millan ] * patches/00_raid_duped_disks.diff: Do not abort when two RAID disks with the same number are found. (Closes: #492656) * patches/00_strengthen_apple_partmap_check.diff: Be more strict when probing for Apple partition maps (this prevents false positives on i386-pc installs). (Closes: #475718) [ Felix Zielcke ] * fixed lintian override for kernel.elf * debian/rules: changed cvs targets to use svn [ Robert Millan ] * patches/00_skip_dev_dm.diff: Skip /dev/dm-[0-9] devices also (implicitly) for RAID. (Closes: #491977) * patches/00_uuid_boot.diff: Fix cross-disk installs by using UUIDs. (Closes: #492204) * New SVN snapshot. - Support for ext4dev extents. - patches/00_speed_up_font_load.diff: Remove (merged). [ Felix Zielcke ] * upgrade-from-grub-legacy now calls update-grub if grub.cfg doestn't exist and prints a big warning if it failed. * Update Standards version to 3.8.0. No changes need. * Added Build-Dep for po-debconf and a lintian override, to make it happy. [ Updated translations ] * Swedish (sv.po) by Martin gren (Closes: #492056) [ Robert Millan ] * Revert r844. grub-coreboot is stuck on NEW, and it was too early for branching. * New SVN snapshot. - Provides LZMA support (not yet used in the package). - Fix grub-mkrescue manpage generation. (Closes: #489440) * Rename grub-linuxbios to grub-coreboot (and leave a dummy grub-linuxbios package to handle upgrades). [ Updated translations ] * Spanish (es.po) by Maria Germana Oliveira Blazetic (Closes: #489877) * Portuguese (pt.po) by Ricardo Silva (Closes: #489807) * patches/02_old_linux_version_comparison.diff: Set interpreter to /bin/bash. (Closes: #489426, #489446) * New SVN snapshot. * default/grub: Add commented example to disable graphical terminal. * Use substvars to support linking with liblzo1. * Bring 03_disable_floppies.diff to pre-r805 state. (Closes: #488375) * patches/02_old_linux_version_comparison.diff: New patch. Steal version comparison code from GRUB Legacy's update-grub. (Closes: #464086, #489133) * patches/00_speed_up_font_load.diff: New patch. Generate font files with only the needed characters. (Closes: #476479, #477083) * New CVS snapshot. - Avoids passing UUID to Linux when not using initrd. (Closes: #484228) - patches/04_uuids_and_abstraction_dont_play_along_nicely.diff: Resync. * Urgency set to "high" because of #482688. * New CVS snapshot. - Fix module load hook in prepare_grub_to_access_device(). (Closes: #486804) - Call prepare_grub_to_access_device() before accessing devices, never afterwards. (Closes: #487198) * grub.d/05_debian_theme: Prefer /boot/grub over /usr for image loading, since chances are it's less LVMed. * New CVS snapshot. - Supports IDA block devices. (Closes: #483858) - Fixes some problems in ext2/ext3. (Closes: #485068, #485065) - Uses EUID instead of UID in update-grub. (Closes: #486043, #486039, #486040, #486041). - Fixes incomplete I2O device support. Thanks Sven Mueller. (Closes: #486505) - Fixes recent regressions in fs/ext2.c. (Closes: #485279) - Only use UUIDs when requested device is not the same as the one providing /boot. (Closes: #486119) - patches/02_libgcc_powerpc_hack.diff: Remove. Probably not needed anymore. - patches/04_uuids_and_abstraction_dont_play_along_nicely.diff: Update. * patches/06_olpc_prefix_hack.diff: Hardcode prefix to (sd,1) on OLPC. * Refurbish 03_disable_floppy_support_in_util_biosdisk.diff into 03_disable_floppies.diff. * 04_run_grub_mkdevicemap_when_grub_probe_fails.diff: Remove. Argueably makes grub-probe unreliable and is quite annoying. * 04_uuids_and_abstraction_dont_play_along_nicely.diff: New patch. Disable UUID parameter to Linux when LVM or dmRAID is in use. (Closes: #484228) This is a workaround for bug #484297 in udev. * New CVS snapshot. - patches/06_backward_compat_in_uuid_support.diff: Merged. - Fixes NULL pointer dereference in biosdisk.c. (Closes: #483895, #483900) - Extends UUID support for XFS and ReiserFS. * New CVS snapshot. - Work around BIOS bug affecting keyboard on macbooks. (Closes: #482860) - Adjust grub.d/05_debian_theme to use the new UUID-compatible API. - default/grub: Add commented GRUB_DISABLE_LINUX_UUID variable. - patches/06_backward_compat_in_uuid_support.diff: New. Make update-grub generate code that is compatible with older GRUB installs. - util/biosdisk.c no longer complains about duplicated device.map entries. (Closes: #481236) [ Updated translations ] * Galician (gl.po) by Jacobo Tarrio (Closes: #480977) * New CVS snapshot. - Adds support for default-only Linux cmdline options. (Closes: #460843) - Supports Xen virtual block devices. (Closes: #456777) - Supports Virtio block devices. (Closes: #479056) - Supports CCISS block devices. (Closes: #479735) - Fixes handling of more LVM abnormal conditions. (Closes: #474343, #474931, #477175) * Switch to liblzo2 now that it's GPLv3-compatible. (Closes: #466375) * grub-pc.postinst: Escape \ and / in cmdline sed invokation. (Closes: #479279) [ Updated translations ] * Italian (it.po) by Luca Monducci (Closes: #480740) * New CVS snapshot. - Includes sample grub.cfg file; we use it for grub-rescue-pc. (Closes: #478324) * grub-common: Upgrade Replaces to << 1.96+20080426-3. (Closes: #478224, #478353, #478144) [ Updated translations ] * French (fr.po) by Christian Perrier (Closes: #471291) * New CVS snapshot. - Fixes syntax error when setting GRUB_PRELOAD_MODULES. (Closes: #476517) * Move os-prober to Suggests, to avoid trouble with #476184. (Closes: #476684) * patches/04_run_grub_mkdevicemap_when_grub_probe_fails.diff: New patch, does what its name says. (Closes: #467127) - Also move grub-mkdevicemap from grub-pc to grub-common, so that GRUB Legacy can use it. [ Updated translations ] * Basque (eu.po) by Piarres Beobide (Closes: #476708) * New CVS snapshot. - Provides 30_os-prober update-grub add-on. Thanks Fabian Greffrath. (Closes: #461442) - Improves robustness when handling LVM. (Closes: #474931, #474343) * patches/03_disable_floppy_support_in_util_biosdisk.diff: New. Does what its name says. (Closes: #475177) * New CVS snapshot. - grub-probe skips non-existant devices when processing device.map. (Closes: #473209) * control: Fix syntax error. [ Updated translations ] * Finnish (fi.po) by Esko Arajrvi (Closes: #468641) * New CVS snapshot. * Split grub-probe into grub-common package. Make all flavours depend on it. (Closes: #241972) * Suggest multiboot-doc. * patches/01_grub_legacy_0_based_partitions.diff: New patch. Add a hack that tells grub-probe you want 0-based partition count (GRUB_LEGACY_0_BASED_PARTITIONS variable) * Stop depending on lsb-release (too heavy! we don't need python in base). Instead of assuming it's there, try calling it and otherwise just echo Debian. * default/grub: Use lsb_release to support Debian derivatives. (Closes: #466561) * grub.d/05_debian_theme: Only setup background image when a reader for it is present in /boot/grub. (Closes: #467111) [ Updated translations ] * Russian (ru.po) by Yuri Kozlov (Closes: #467181) * grub-pc.postinst: Create /boot/grub if it doesn't exist. * New CVS snapshot. - Improves GPT support, allowing it to work without blocklists. * New CVS snapshot. - Fixes offset calculation issue when installing on GPT (urgency set to high because of this). * Fix Vcs-Browser tag. Thanks James. (Closes: #465697) * Only process grub-pc/linux_cmdline if /boot/grub/menu.lst exists. (Closes: #465708) [ Updated translations ] * French (fr.po) by Christian Perrier (Closes: #465706) * New CVS snapshot. - Failure to read one device in a RAID-1 array no longer causes boot to fail (so long as there's a member that works). (Closes: #426341) * script: For /proc/mounts, only report lines that start with /dev/. * Add new upgrade-from-grub-legacy script for the user to complete the upgrade process from GRUB Legacy, and advertise it prominently in menu.lst. (Closes: #464912) * Add a hack to support gfxterm / background_image on systems where /usr isn't accessible. (Closes: #464911, #463144) - grub-pc.postinst - grub.d/05_debian_theme * Fix a pair of spelling mistakes in debconf. (Closes: #465296) * Migrate kopt from menu.lst. (Closes: #461164, #464918) [ Updated translations ] * Portuguese (pt.po) by Ricardo Silva (Closes: #465137) * German (de.po) by Helge Kreutzmann (Closes: #465295) * New CVS snapshot. - Errors that cause GRUB to enter rescue mode are displayed now. (Closes: #425149) - Build LVM/RAID modules into a few commands that were missing them (notably, grub-setup). (Closes: #465033) * Fix license violation (incompatibility between GRUB and LZO2). (Closes: #465056) - Urgency set to high. - control: Move liblzo2-dev from Build-Depends to Build-Conflicts (leaving liblzo-dev as the only option). * New CVS snapshot. - Fix a root device setting issue in grub-setup. (Closes: #463391) - Fix partmap detection under LVM/RAID. - Add scripting commands that would allow user to implement hiddenmenu-like functionality (http://grub.enbug.org/Hiddenmenu). - Provide manpages for grub-setup, grub-emu, grub-mkimage and others. (Closes: #333516, #372890) * Fix a pair of spelling errors in debconf templates. Thanks Christian Perrier. (Closes: #464133) * Run debconf-updatepo. (Closes: #463918) * Lower base-files versioned dependency to >= 4.0.1~bpo40+1. * New CVS snapshot (and release, but we skipped that ;-)) - patches/01_regparm.diff: Delete. - Improved XFS support. - util/grub.d/00_header.in: Add runtime error detection (for gfxterm). - Fixes problem when chainloading to Vista. * Fix po-debconf errors. Thanks Thomas Huriaux. (Closes: #402972) * grub.d/05_debian_theme: - Add runtime error detection. - Detect/Enable PNG background when it is present. * control (grub-ieee1275): Remove versioned dependency on powerpc-ibm-utils. * New CVS snapshot. * presubj: Improve notice. * patches/01_regparm.diff: Fix CPU context corruption affecting fs/xfs.c. (Closes: #463081, #419766, #462159) * patches/02_libgcc_powerpc_hack.diff: Fix FTBFS on powerpc. (Closes: #457491) * patches/disable_xfs.diff: Actually remove this time... * New CVS snapshot. - Fixes bogus CLAIM problems on Apple firmware. (Closes: #449135, #422729) - grub-probe performs sanity checks to make sure our filesystem drivers are usable. (Closes: #462449) - patches/disable_ata.diff: Remove. ATA module isn't auto-loaded in rescue floppies now. - patches/disable_xfs.diff: Remove. See above (about grub-probe). * Bring back grub-emu; it can help a lot with debugging feedback. - control - rules * grub.d/05_debian_theme: Enable swirlish beauty. * rules: Obtain debian/legacy/update-grub dynamicaly from GRUB Legacy svn. * New CVS snapshot. - update-grub ignores stale *.dpkg-* files. (Closes: #422708, #424223) - LVM/RAID now working properly (except when it affects /boot). (Closes: #425666) - Fixes flickery in timeout message. (Closes: #437275) * grub-pc.postinst: Use `--no-floppy' whenever possible. Die, floppies, die! * Resync with latest version of GRUB Legacy's update-grub. This time, using the $LET_US_TRY_GRUB_2 hack to reuse the same script both for addition of core.img and its removal. * grub-*.install: Add update-grub2 stub. Packages providing /etc/grub.d/ scripts should invoke update-grub2 in both postinst and postrm (whenever it is found, of course). * control: Reorganize a bit, including a complete rewrite of the package descriptions. * control (grub-ieee1275): Enable for i386/amd64. * New CVS snapshot. - Supports ReiserFS. (Closes: #430742) - patches/disable_ata.diff: Resync. * grub-pc.postinst: Fix covered assumption that menu.lst exists. (Closes: #459247) * copyright: Fix copyright/license reference. * New CVS snapshot. - Fixes install on non-devfs systems with devfs-style paths (ouch). (Closes: #450709). - Fixes boot of "Linux" zImages (including memtest86+). (Closes: #436113). - Corrects usage message in grub-setup. (Closes: #458600). - patches/menu_color.diff: Remove. Made obsolete by `menu_color_normal' and `menu_color_highlight' variables. Add/install grub.d/05_debian_theme to make use of them. * Reestructure grub-pc.postinst. Notably: - Do not touch menu.lst unless user has confirmed it (via debconf). (Closes: #459247) - When we do, keep a backup in /boot/grub/menu.lst_backup_by_grub2_postinst. * New CVS snapshot. - patches/disable_xfs.diff: Rewrite in a way that won't collide with upstream changes so often. - unifont.hex now processed by upstream. - rules: Disable build of unifont.pff. - *.install: Remove build/unifont.pff line. - patches/menu_color.diff: Change menu color to our traditional blue theme. * Support new dpkg fields (Homepage, Vcs-Svn, Vcs-Browser). * patches/disable_ata.diff: Prevent ATA module from being built on i386-pc. * New CVS snapshot. - patches/linuxbios.diff: Remove (supported in upstream now). * Rename debian/grub-of.* to debian/grub-ieee1275.*. * Add debian/grub-linuxbios.{postinst,dirs,install}. * rules: Fix/Overrride lintian warnings (unstripped-binary-or-object). * Remove grub-linuxbios.postinst. * New CVS snapshot. * Add grub-linuxbios package. - patches/linuxbios.diff - control - rules * Rename grub-of to grub-ieee1275 to match with upstream conventions. - control - rules * New CVS snapshot. - Includes fix for parallel builds. * rules: Append -j flag to $(MAKE) to take advantage of >1 processors. * Add reference to /usr/share/common-licenses. - debian/copyright - debian/control (all packages): Add base-files (>= 4.0.1) dependency. * control (grub-of): Make depends on powerpc-ibm-utils versioned as >= 1.0.6 (older versions don't have -a flag). * New CVS snapshot. - Adds ntfs support. - Fixes a pair of issues indirectly breaking grub-probe on powerpc. (Closes: #431488) - patches/disable_xfs.diff: Resync. - copyright: License upgraded to GPLv3. * control (grub-of Depends): Add powerpc-utils (for nvsetenv) and bc. * New CVS snapshot. - More fixes to cope with unreadable /. (Closes: #427289) - update-grub supports multiple terminals. * control (Build-Depends): Add genisoimage. * patches/partmap_fallback.diff: Remove. It didn't archieve anything as it also needs support for proper identification of raid / lvm (this is being worked on). * patches/disable_xfs.diff: Disable xfs in grub-probe. * grub-rescue-pc.README.Debian: New. Explain how to use the rescue images. * New CVS snapshot. - update-grub is tollerant to unreadable / (as long as /boot is accessible). (Closes: #427289) * grub-pc.postinst: Generate new grub.cfg when menu.lst exists. * New package grub-rescue-pc. - control: Add it. - README.Debian.in: Remove obsolete documentation. - rules: Build rescue images using grub-mkrescue. - grub-rescue-pc.dirs: Prepare their directory. - grub-rescue-pc.install: Install them. * legacy/update-grub: Fix core.img detection on separate /boot. * New CVS snapshot. - patches/grub_probe_for_everyone.diff: Remove (merged). - update-grub exports user-defined GRUB_CMDLINE_LINUX. (Closes: #425453) - Fix those nasty powerpc bugs. (Closes: #422729) * New CVS snapshot. - LVM / RAID fixes. (Closes: #423648, #381150) - Fix memory management bug. (Closes: #423409) - patches/efi.diff: Remove (merged). - patches/grub_probe_for_everyone.diff: Use the new paths for util/grub-probe.c, util/biosdisk.c, util/getroot.c. Enable grub-mkdevicemap. (Closes: #424985) * legacy/update-grub: Get rid of all grub-set-default calls. (Closes: #425054) * grub-{pc,efi,of}.postinst: Only run update-grub if grub.cfg already exists. * grub-pc.postinst: Only run GRUB Legacy compat stuff if menu.lst is found. * patches/partmap_fallback.diff: New. Implement fallback "pc gpt" for partmap detection failures. (Closes: #423022) * control: Update XS-Vcs-* fields. Thanks Sam Morris . (Closes: #425146) * grub-{pc,efi,of}.{dirs,postinst}: Move unifont.pff to /usr/share/grub. * New CVS snapshot. - Fix assumptions about /, /boot and /boot/grub being the same device. (Closes: #423268, #422459) - Proper sorting of Linux images. (Closes: #422580) - update-grub lets /etc/default/grub override its variables now. (Closes: #423649) - update-grub mentions /etc/default/grub in the grub.cfg header. (Closes: #423651) - update-grub sets 800x600x16 as the default gfxmode. (Closes: #422794) - update-grub runs grub-mkdevicemap before attempting to use grub-probe (part of #423217) [ Otavio Salvador ] * Add support to DEB_BUILD_OPTIONS=noopt. Thanks to Sam Morris for the patch. (Closes: #423005) * Add Robert Millan as uploader. * Change build-dependency from liblzo-dev to liblzo2-dev. (Closes: #423358) [ Robert Millan ] * grub-pc.postinst: - Remove /boot/grub/device.map before running grub-install. (Closes: #422851) - Always run update-grub after grub-install. (part of #423217) - Use grub-mkdevicemap instead of removing device.map, since update-grub needs it but grub-install is not run unconditionaly. - Redirect grub-install invocation to /dev/null, since it can mislead users into thinking that MBR was overwritten. (part of #423217) * default/grub: Stop exporting the variables (update-grub does that now). * Misc EFI fixes, including new grub-install. - patches/efi.diff: New. - patches/grub_probe_for_everyone.diff: Move some bits to efi.diff. - grub-efi.install: Stop installing dummy grub-install. - grub-install: Remove. * grub-pc.postinst: Avoid generating core.img when menu.lst is not present, to avoid duplicated work (this is specialy important for d-i). (part of #423217). * See multiple references above. (Closes: #423217) * grub-{pc,efi,of}.{dirs,install}: Install presubj in the right directory to make it work again (oops). * Add reportbug script to gather debugging information. (Closes: #423218) - script: New. - grub-{pc,efi,of}.install: Install it. * Install the reportbug scripts for grub2 too, since users might still use it for bugfiling. - grub2.dirs - grub2.install * Fix some lintian warnings. - control (grub2): Depend on debconf. - README.Debian.in: Fix mispell. - grub2.templates: Remove extra dot. [ Robert Millan ] * New CVS snapshot. - patches/build_neq_src.diff: Remove (merged). * Fix debhelper files to ensure each package gets the right thing. * Enable gfxterm/unifont support. * On grub-pc, if there's no core.img setup, create one (but do not risk writing to MBR). * On grub-pc, if menu.lst is found, regenerate it to include our core.img. [ Otavio Salvador ] * Move debian/update-grub to debian/legacy/update-grub otherwise the source gets messy. * Split postinst into grub2.postinst (with the transition warning) and postinst.in, with update-grub invocation for grub-{pc,efi,of}. - postinst.in - grub2.postinst - rules * Add EFI build of GRUB. - control: Restructure to provide 3 packages: grub-pc (x86), grub-efi (x86) and grub-of (powerpc). - rules: Handle a separate build for each package. - patches/build_neq_src.diff: Fix builddir == srcdir assumptions. - patches/grub_probe_for_everyone.diff: New (superceds powerpc_probe.diff). Enable grub-probe on powerpc and i386-efi. - grub-install: Dummy informational grub-install for EFI. - grub-efi.install: Installs it. * New CVS snapshot. * patches/powerpc_probe.diff: Add partmap/gpt.c to grub-probe. * control (Architecture): Temporarily disable powerpc. Sorry, but runtime is currently broken and we don't have the hardware to debug it. Will be re-enabled in next upload. * New CVS snapshot. - Improved grub.cfg parser. (Closes: #381215) - patches/fix-grub-install.diff: Remove (merged). - control (Build-Depends): Remove libncurses5-dev (no longer needed). - provides update-grub2. (Closes: #419151) - Supports GPT in PC/BIOS systems. (Closes: #409073) * control (Build-Depends): Add gcc-multilib to fix FTBFS. * control (Description): Make it less scary, and more informative. * postinst: Run update-grub to ensure the latest improvements always are applied. * patches/powerpc_probe.diff: Attempt at making grub-probe build/install on powerpc (and hopefuly update-grub). * Fix FTBFS on kFreeBSD. Thanks to Aurelien Jarno by providing the patch. Closes: #416408 * Fix powerpc grub-install binary path. Closes: #402838 [ Christian Perrier ] * Switch to po-debconf for debconf templates. Closes: #402972 * Depend on ${misc:Depends} and not "debconf" to allow cdebconf to be used * Debconf translations: - French - Czech. Closes: #413327 - Galician. Closes: #413323 - Swedish. Closes: #413325 - Portuguese. Closes: #413332 - German. Closes: #413365 - Tamil. Closes: #413478 - Russian. Closes: #413542 - Italian. Closes: #413904 - Romanian. Closes: #414443 [ Robert Millan ] * update-grub: Fix for Xen hypervisor entries, thanks Aaron Schrab. (Closes: #394706) * Transition to new numbering scheme for partitions. (Closes: #395019) - update-grub: Don't substract 1 when converting partition device names to grub drives. - Add debconf warning explaining the situation. * Rewrite Architecture line back to hardcoded list :(. (Closes: #398060) * New upstream release. - patches/03_revert_partition_numbering.diff: Delete (obsoleted). * New CVS snapshot. [ Otavio Salvador ] * Change debhelper compatibility mode to 5: - debian/compat: setted to 5; * control (Build-Depends): Add lib32ncurses5-dev for ppc64. Closes: #389873 * Set urgency=high since it's experimental stuff and tagged likewise. It also solved a serious bug on PowerPC that leave users with a black screen. [ Robert Millan ] * control (Depends): Add powerpc-ibm-utils for powerpc/ppc64. (Closes: #372186) * New CVS snapshot. - Command-line editting fix (Closes: #381214). - Fixes runtime breakage on amd64 (not in BTS). - Delete a few patches (merged). [ Robert Millan ] * Set urgency=high. Might seem like a rush, but it can't possibly be worse than 1.94-5 (broken on systems that use udev, broken on amd64...). * Pure ppc64 support. - control (Architecture): Add any-ppc64. - control (Build-Depends): Add libc6-dev-powerpc [ppc64]. * rules: Remove moddep.lst install command (no longer needed). * patches/03_revert_partition_numbering.diff: New. Revert a commit that broke grub-probefs. * Add bug template to encourage sending upstream stuff directly to upstream. - presubj: New. [ Otavio Salvador ] * Add XS-X-Vcs-Svn on control file and point it to our current svn repository. * Add cvs-snapshot to rules. [ Robert Millan ] * update-grub: Set interpreter to /bin/bash to cope with non-POSIX extensions. (mentioned in #361929) * patches/03_avoid_recursing_into_dot_static.diff: New. Avoid recursing into dotdirs (e.g. ".static"). * patches/04_mkdevicemap_dont_assume_floppies.diff: New. Don't assume /dev/fd0 exists when generating device.map. [ Robert Millan ] * control (Build-Depends): s/any-amd64/amd64 kfreebsd-amd64/g (this seems to confuse buildds). * 02_not_remove_menu_lst.patch: New patch. Skip menu.lst removal in grub-install. (Closes: #372934) [ Otavio Salvador ] * 01_fix_amd64_building.patch: dropped since it now supports amd64 native building. * Remove convert_kernel26 usage since it's not necessary anymore and due initramfs-tools changes it's bug too. [ Robert Millan ] * Fork update-grub from grub legacy, and tweak a few commands in output to make it work for grub2. * Update README.Debian.in with more recent (and easier) install instructions. * Add grub to Conflicts/Replaces. Too many commands with the same name, even if they don't use the same path yet (but will likely do in the future, see #361929). * Get rid of control.in, which I introduced in 0.6+20040805-1 and turned out to be an endless source of problems (and forbidden by policy as well). * Fix FTBFS on amd64. Really closes: #372548. * Fix FTBFS in amd64. Closes: 372548 * Update grub images paths in README.Debian * 01_fix_grub-install.patch: add to fix a problem with PowerPC installation. Refs: #371069 * Fix FTBFS in amd64. Closes: #370803 * New upstream release. - Fix powerpc building. Closes: #370259 - 01_fix_grub-install.patch: merged upstream. - Moved modules to /usr/lib/grub since they are architecture dependent. * Leave CDBS set debhelper compatibility level. * Allow amd64 build to happen. Closes: #364956 * Enforce building in 32bits while running in x86_64 machines. * Update Standards version to 3.7.2. No changes need. * New upstream release. - Added support to PowerPC. Closes: #357853 - 01_fix_grub-install.patch: rediff. * Update Standards version to 3.6.2. No changes need. * Start to use new dpkg architecture definition. Closes: #360134 * Add bison on build-depends field. Closes: #346178 * Add more fixes in 01_fix_grub-install.patch. Closes: #346177 * New upstream release. - Add support for GPT partition table format. - Add a new command "play" to play an audio file on PC. - Add support for Linux/ADFS partition table format. - Add support for BASH-like scripting. - Add support for Apple HFS+ filesystems. * 01_fix_grub-install.patch: Added. Fix grub-install to use /bin/grub-mkimage instead of /sbin/grub-mkimage. Closes: #338824 * Do not use CDBS tarball mode anymore. Closes: #344272 * New upstream release. Closes: #331211 * debian/watch: added. * debian/control.in, debian/control: Add libncurses5-dev in Build-Depends. Closes: #304638 * Remove Robert Millan as uploader; * Add myself as uploader; * Disable for powerpc. Reportedly it fails to boot. * New upstream snapshot. * Install moddep.lst properly in a cpu-independant way. (Closes: #264115) * Use cdbs debian/control autogeneration. - Set DEB_AUTO_UPDATE_DEBIAN_CONTROL = yes. - Move control to control.in. - Add a @cdbs@ tag and replace Architecture with Cpu/System. * control.in (Build-Depends): Add ruby. * New upstream snapshot. * Uploading to unstable so that powerpc users can be blessed by GRUB too. * Use type-handling to generate dpkg arch list. - control.in - rules * New upstream snapshot. - Fix FTBFS on powerpc. * New upstream snapshot. - control (Architecture): Add powerpc. * New upstream snapshot. - patches/multiboot.diff: Nuked. - install,docs: Update directory name. * control (Maintainer): Set to pkg-grub-devel mailing list. * control (Uploaders): Add myself. * control (Architecture): Add freebsd-i386 and netbsd-i386. * New upstream snapshot. - README.Debian: s/fat/ext2/g (We now have ext2fs support). * Add multiboot support, thanks to Jeroen Dekkers for his patch. - patches/multiboot.diff: New. - control (Architecture): Add hurd-i386 (which needed multiboot). * Rename package to grub2 (to follow upstream tendency). - control: Ditto. - README.Debian: Likewise. * Switch to tarball mode. - rules: Ditto. - docs: Prefix paths in order to workaround dh_installdocs bug. - install: Likewise, but not because of bug (should be in rules, actualy). * Fix FTBFS. (Closes: #213868) - control (Build-Depends): Add autoconf. - control (Build-Conflicts): Add autoconf2.13. * New upstream snapshot. * Uploading to experimental. * debian/control: Add Jason Thomas to Uploaders. * Initial Release. (Closes: #211030) ==== libksba: 1.3.5-2 => 1.3.5-2ubuntu0.20.04.1 ==== ==== libksba8:amd64 * SECURITY UPDATE: integer overflow when reading tag-length objects - debian/patches/CVE-2022-3515.patch: check for integer overflow directly in the TLV parser - CVE-2022-3515 ==== linux-meta: 5.4.0.131.131 => 5.4.0.132.132 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.4.0-132 ==== linux-signed: 5.4.0-131.147 => 5.4.0-132.148 ==== ==== linux-image-5.4.0-132-generic * Master version: 5.4.0-132.148 ==== ntfs-3g: 1:2017.3.23AR.3-3ubuntu1.2 => 1:2017.3.23AR.3-3ubuntu1.3 ==== ==== libntfs-3g883 ntfs-3g * SECURITY UPDATE: code execution via incorrect validation of metadata - debian/patches/CVE-2022-40284-1.patch: rejected zero-sized runs in libntfs-3g/runlist.c. - debian/patches/CVE-2022-40284-2.patch: avoided merging runlists with no runs in libntfs-3g/runlist.c. - CVE-2022-40284 ==== perl: 5.30.0-9ubuntu0.2 => 5.30.0-9ubuntu0.3 ==== ==== libperl5.30:amd64 perl perl-base perl-modules-5.30 * SECURITY UPDATE: Signature verification bypass - debian/patches/CVE-2020-16156-1.patch: signature verification type CANNOT_VERIFY was not recognized in cpan/CPAN/lib/CPAN/Distribution.pm. - debia/patches/CVE-2020-16156-2.patch: add two new failure modes in cpan/CPAN/lib/CPAN/Distribution.pm. - debian/patches/CVE-2020-16156-3.patch: use gpg to disentangle data and signature in cpan/CPAN/lib/CPAN/Distribution.pm. - debian/patches/CVE-2020-16156-4.patch: replacing die with mydie in three spots in cpan/CPAN/lib/CPAN/Distribution.pm. - debian/patches/CVE-2020-16156-5.patch: disambiguate the call to gpg --output by adding --verify in cpan/CPAN/lib/CPAN/Distribution.pm. - debian/patches/CVE-2020-16156-6.patch: corrects typo in cpan/CPAN/lib/CPAN/Distribution.pm. - debian/patches/CVE-2020-16156-7.patch: corrects typo in cpan/CPAN/lib/CPAN/Distribution.pm. - CVE-2020-16156 ==== snapd: 2.55.5+20.04 => 2.57.5+20.04 ==== ==== snapd * New upstream release, LP: #1983035 - image: clean snapd mount after preseeding - wrappers,snap/quota: clear LogsDirectory= in the service unit for journal namespaces - cmd/snap,daemon: allow zero values from client to daemon for journal rate-limit - interfaces: steam-support allow pivot /run/media and /etc/nvidia mount - o/ifacestate: introduce DebugAutoConnectCheck hook - release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2 - autopkgtests: fix running autopkgtest on kinetic - interfaces: add microceph interface - interfaces: steam-support allow additional mounts - many: add stub services - interfaces: add kconfig paths to system-observe - i/b/system_observe: honour root dir when checking for /boot/config-* - interfaces: grant access to speech-dispatcher socket - interfaces: rework logic of unclashMountEntries * New upstream release, LP: #1983035 - release, snapd-apparmor: fixed outdated WSL detection - overlord/ifacestate: fix conflict detection of auto-connection - overlord: run install-device hook during factory reset - image/preseed/preseed_linux: add missing new line - boot: add factory-reset cases for boot-flags. - interfaces: added read/write access to /proc/self/coredump_filter for process-control - interfaces: add read access to /proc/cgroups and /proc/sys/vm/swappiness to system-observe - fde: run fde-reveal-key with `DefaultDependencies=no` - snapdenv: added wsl to userAgent - tests: fix restore section for persistent-journal-namespace - i/b/mount-control: add optional `/` to umount rules - cmd/snap-bootstrap: changes to be able to boot classic rootfs - cmd/snap-bootstrap: add CVM mode * New upstream release, LP: #1983035 - wrappers: journal namespaces did not honor journal.persistent - snap/quota,wrappers: allow using 0 values for the journal rate to override the system default values - multiple: clear up naming convention for cpu-set quota - i/b/mount-control: allow custom filesystem types - i/b/system-observe: allow reading processes security label - sandbox/cgroup: don't check V1 cgroup if V2 is active - asserts,boot,secboot: switch to a secboot version measuring classic * New upstream release, LP: #1983035 - store/tooling,tests: support UBUNTU_STORE_URL override env var - packaging/*/tests/integrationtests: reload ssh.service, not sshd.service - tests: check snap download with snapcraft v7+ export-login auth data - store/tooling: support using snapcraft v7+ base64-encoded auth data - many: progress bars should use the overridable stdouts - many: refactor store code to be able to use simpler form of auth creds - snap,store: drop support/consideration for anonymous download urls - data: include snapd/mounts in preseeded blob - many: Set SNAPD_APPARMOR_REEXEC=1 - overlord: track security profiles for non-active snaps * New upstream release, LP: #1983035 - cmd/snap-update-ns: handle mountpoint removal failures with EBUSY - cmd/snap-update-ns: print current mount entries - cmd/snap-update-ns: check the unused mounts with a cleaned path - snap-confine: disable -Werror=array-bounds in __overflow tests to fix build error on Ubuntu 22.10 - systemd: add `WantedBy=default.target` to snap mount units (LP: #1983528) * New upstream release, LP: #1983035 - tests: Fix calls to systemctl is-system-running - osutil/disks: handle GPT for 4k disk and too small tables - packaging: import change from the 2.54.3-1.1 upload - many: revert "features: disable refresh-app-awarness by default again" - tests: improve robustness of preparation for regression/lp-1803542 - tests: get the ubuntu-image binary built with test keys - tests: remove commented code from lxd test - interfaces/builtin: add more permissions for steam-support - tests: skip interfaces-network-control on i386 - tests: tweak the "tests/nested/manual/connections" test - interfaces: posix-mq: allow specifying message queue paths as an array - bootloader/assets: add ttyS0,115200n8 to grub.cfg - i/b/desktop,unity7: remove name= specification on D-Bus signals - tests: ensure that microk8s does not produce DENIED messages - many: support non-default provenance snap-revisions in DeriveSideInfo - tests: fix `core20-new-snapd-does-not-break-old-initrd` test - many: device and provenance revision authority cross checks - tests: fix nested save-data test on 22.04 - sandbox/cgroup: ignore container slices when tracking snaps - tests: improve 'ignore-running' spread test - tests: add `debug:` section to `tests/nested/manual/connections` - tests: remove leaking `pc-kernel.snap` in `repack_kernel_snap` - many: preparations for revision authority cross checks including device scope - daemon,overlord/servicestate: followup changes from PR #11960 to snap logs - cmd/snap: fix visual representation of 'AxB%' cpu quota modifier. - many: expose and support provenance from snap.yaml metadata - overlord,snap: add support for per-snap storage on ubuntu-save - nested: fix core-early-config nested test - tests: revert lxd change to support nested lxd launch - tests: add invariant check for leftover cgroup scopes - daemon,systemd: introduce support for namespaces in 'snap logs' - cmd/snap: do not track apps that wish to stay outside of the life- cycle system - asserts: allow classic + snaps models and add distribution to model - cmd/snap: add snap debug connections/connection commands - data: start snapd after time-set.target - tests: remove ubuntu 21.10 from spread tests due to end of life - tests: Update the whitebox word to avoid inclusive naming issues - many: mount gadget in run folder - interfaces/hardware-observe: clean up reading access to sysfs - tests: use overlayfs for interfaces-opengl-nvidia test - tests: update fake-netplan-apply test for 22.04 - tests: add executions for ubuntu 22.04 - tests: enable centos-9 - tests: make more robust the files check in preseed-core20 test - bootloader/assets: add fallback entry to grub.cfg - interfaces/apparmor: add permissions for per-snap directory on ubuntu-save partition - devicestate: add more path to `fixupWritableDefaultDirs()` - boot,secboot: reset DA lockout counter after successful boot - many: Revert "overlord,snap: add support for per-snap storage on ubuntu-save" - overlord,snap: add support for per-snap storage on ubuntu-save - tests: exclude centos-7 from kernel-module-load test - dirs: remove unused SnapAppArmorAdditionalDir - boot,device: extract SealedKey helpers from boot to device - boot,gadget: add new `device.TpmLockoutAuthUnder()` and use it - interfaces/display-control: allow changing brightness value - asserts: add more context to key expiry error - many: introduce IsUndo flag in LinkContext - i/apparmor: allow calling which.debianutils - tests: new profile id for apparmor in test preseed-core20 - tests: detect 403 in apt-hooks and skip test in this case - overlord/servicestate: restart the relevant journald service when a journal quota group is modified - client,cmd/snap: add journal quota frontend (5/n) - gadget/device: introduce package which provides helpers for locations of things - features: disable refresh-app-awarness by default again - many: install bash completion files in writable directory - image: fix handling of var/lib/extrausers when preseeding uc20 - tests: force version 2.48.3 on xenial ESM - tests: fix snap-network-erros on uc16 - cmd/snap-confine: be compatible with a snap rootfs built as a tmpfs - o/snapstate: allow install of unasserted gadget/kernel on dangerous models - interfaces: dynamic loading of kernel modules - many: add optional primary key provenance to snap-revision, allow delegating via snap-declaration revision-authority - tests: fix boringcripto errors in centos7 - tests: fix snap-validate-enforce in opensuse-tumbleweed - test: print User-Agent on failed checks - interfaces: add memory stats to system_observe - interfaces/pwm: Remove implicitOnCore/implicitOnClassic - spread: add openSUSE Leap 15.4 - tests: disable core20-to-core22 nested test - tests: fix nested/manual/connections test - tests: add spread test for migrate-home command - overlord/servicestate: refresh security profiles when services are affected by quotas - interfaces/apparmor: add missing apparmor rules for journal namespaces - tests: add nested test variant that adds 4k sector size - cmd/snap: fix test failing due to timezone differences - build-aux/snap: build against the snappy-dev/image PPA - daemon: implement api handler for refresh with enforced validation sets - preseed: suggest to install "qemu-user-static" - many: add migrate-home debug command - o/snapstate: support passing validation sets to storehelpers via RevisionOptions - cmd/snapd-apparmor: fix unit tests on distros which do not support reexec - o/devicestate: post factory reset ensure, spread test update - tests/core/basic20: Enable on uc22 - packaging/arch: install snapd-apparmor - o/snapstate: support migrating snap home as change - tests: enable snapd.apparmor service in all the opensuse systems - snapd-apparmor: add more integration-ish tests - asserts: store required revisions for missing snaps in CheckInstalledSnaps - overlord/ifacestate: fix path for journal redirect - o/devicestate: factory reset with encryption - cmd/snapd-apparmor: reimplement snapd-apparmor in Go - squashfs: improve error reporting when `unsquashfs` fails - o/assertstate: support multiple extra validation sets in EnforcedValidationSets - tests: enable mount-order-regression test for arm devices - tests: fix interfaces network control - interfaces: update AppArmor template to allow read the memory - cmd/snap-update-ns: add /run/systemd to unrestricted paths - wrappers: fix LogNamespace being written to the wrong file - boot: release the new PCR handles when sealing for factory reset - tests: add support fof uc22 in test uboot-unpacked-assets - boot: post factory reset cleanup - tests: add support for uc22 in listing test - spread.yaml: add ubuntu-22.04-06 to qemu-nested - gadget: check also mbr type when testing for implicit data partition - interfaces/system-packages-doc: allow read-only access to /usr/share/cups/doc-root/ and /usr/share/gimp/2.0/help/ - tests/nested/manual/core20-early-config: revert changes that disable netplan checks - o/ifacestate: warn if the snapd.apparmor service is disabled - tests: add spread execution for fedora 36 - overlord/hookstate/ctlcmd: fix timestamp coming out of sync in unit tests - gadget/install: do not assume dm device has same block size as disk - interfaces: update network-control interface with permissions required by resolvectl - secboot: stage and transition encryption keys - secboot, boot: support and use alternative PCR handles during factory reset - overlord/ifacestate: add journal bind-mount snap layout when snap is in a journal quota group (4/n) - secboot/keymgr, cmd/snap-fde-keymgr: two step encryption key change - cmd/snap: cleanup and make the code a bit easier to read/maintain for quota options - overlord/hookstate/ctlcmd: add 'snapctl model' command (3/3) - cmd/snap-repair: fix snap-repair tests silently failing - spread: drop openSUSE Leap 15.2 - interfaces/builtin: remove the name=org.freedesktop.DBus restriction in cups-control AppArmor rules - wrappers: write journald config files for quota groups with journal quotas (3/n) - o/assertstate: auto aliases for apps that exist - o/state: use more detailed NoStateError in state - tests/main/interfaces-browser-support: verify jupyter notebooks access - o/snapstate: exclude services from refresh app awareness hard running check - tests/main/nfs-support: be robust against umount failures - tests: update centos images and add new centos 9 image - many: print valid/invalid status on snap validate --monitor - secboot, boot: TPM provisioning mode enum, introduce reprovisioning - tests: allow to re-execute aborted tests - cmd/snapd-apparmor: add explicit WSL detection to is_container_with_internal_policy - tests: avoid launching lxd inside lxd on cloud images - interfaces: extra htop apparmor rules - gadget/install: encrypted system factory reset support - secboot: helpers for dealing with PCR handles and TPM resources - systemd: improve error handling for systemd-sysctl command - boot, secboot: separate the TPM provisioning and key sealing - o/snapstate: fix validation sets restoring and snap revert on failed refresh - interfaces/builtin/system-observe: extend access for htop - cmd/snap: support custom apparmor features dir with snap prepare- image - interfaces/mount-observe: Allow read access to /run/mount/utab - cmd/snap: add help strings for set-quota options - interfaces/builtin: add README file - cmd/snap-confine: mount support cleanups - overlord: execute snapshot cleanup in task - i/b/accounts_service: fix path of introspectable objects - interfaces/opengl: update allowed PCI accesses for RPi - configcore: add core.system.ctrl-alt-del-action config option - many: structured startup timings - spread: switch back to building ubuntu-image from source - many: optional recovery keys - tests/lib/nested: fix unbound variable - run-checks: fail on equality checks w/ ErrNoState - snap-bootstrap: Mount as private - tests: Test for gadget connections - tests: set `br54.dhcp4=false` in the netplan-cfg test - tests: core20 preseed/nested spread test - systemd: remove the systemctl stop timeout handling - interfaces/shared-memory: Update AppArmor permissions for mmap+link - many: replace ErrNoState equality checks w/ errors.Is() - cmd/snap: exit w/ non-zero code on missing snap - systemd: fix snapd systemd-unit stop progress notifications - .github: Trigger daily riscv64 snapd edge builds - interfaces/serial-port: add ttyGS to serial port allow list - interfaces/modem-manager: Don't generate DBus plug policy - tests: add spread test to test upgrade from release snapd to current - wrappers: refactor EnsureSnapServices - testutil: add ErrorIs test checker - tests: import spread shellcheck changes - cmd/snap-fde-keymgr: best effort idempotency of add-recovery-key - interfaces/udev: refactor handling of udevadm triggers for input - secboot: support for changing encryption keys via keymgr * New upstream release, LP: #1974147 - devicestate: add more path to `fixupWritableDefaultDirs()` - many: introduce IsUndo flag in LinkContext - i/apparmor: allow calling which.debianutils - interfaces: update AppArmor template to allow reading snap's memory statistics - interfaces: add memory stats to system_observe - i/b/{mount,system}-observe: extend access for htop - features: disable refresh-app-awarness by default again - image: fix handling of var/lib/extrausers when preseeding uc20 - interfaces/modem-manager: Don't generate DBus policy for plugs - interfaces/modem-manager: Only generate DBus plug policy on Core - interfaces/serial_port_test: fix static-checks errors - interfaces/serial-port: add USB gadget serial devices (ttyGSX) to allowed list - interface/serial_port_test: adjust variable IDs * New upstream release, LP: #1974147 - o/snapstate: exclude services from refresh app awareness hard running check - cmd/snap: support custom apparmor features dir with snap prepare-image * New upstream release, LP: #1974147 - gadget/install: do not assume dm device has same block size as disk - gadget: check also mbr type when testing for implicit data partition - interfaces: update network-control interface with permissions required by resolvectl - interfaces/builtin: remove the name=org.freedesktop.DBus restriction in cups-control AppArmor rules - many: print valid/invalid status on snap validate --monitor ... - o/snapstate: fix validation sets restoring and snap revert on failed refresh - interfaces/opengl: update allowed PCI accesses for RPi - interfaces/shared-memory: Update AppArmor permissions for mmap+linkpaths * New upstream release, LP: #1974147 - portal-info: Add CommonID Field - asserts/info,mkversion.sh: capture max assertion formats in snapd/info - tests: improve the unit testing workflow to run in parallel - interfaces: allow map and execute permissions for files on removable media - tests: add spread test to verify that connections are preserved if snap refresh fails - tests: Apparmor sandbox profile mocking - cmd/snap-fde-keymgr: support for multiple devices and authorizations for add/remove recovery key - cmd/snap-bootstrap: Listen to keyboard added after start and handle switch root - interfaces,overlord: add support for adding extra mount layouts - cmd/snap: replace existing code for 'snap model' to use shared code in clientutil (2/3) - interfaces: fix opengl interface on RISC-V - interfaces: allow access to the file locking for cryptosetup in the dm-crypt interface - interfaces: network-manager: add AppArmor rule for configuring bridges - i/b/hardware-observe.go: add access to the thermal sysfs - interfaces: opengl: add rules for NXP i.MX GPU drivers - i/b/mount_control: add an optional "/" to the mount target rule - snap/quota: add values for journal quotas (journal quota 2/n) - tests: spread test for uc20 preseeding covering snap prepare-image - o/snapstate: remove deadcode breaking static checks - secboot/keymgr: extend unit tests, add helper for identify keyslot used error - tests: use new snaps.name and snaps.cleanup tools - interfaces: tweak getPath() slightly and add some more tests - tests: update snapd testing tools - client/clientutil: add shared code for printing model assertions as yaml or json (1/3) - debug-tools: list all snaps - cmd/snap: join search terms passed in the command line - osutil/disks: partition UUID lookup - o/snapshotstate: refactor snapshot read/write logic - interfaces: Allow locking in block-devices - daemon: /v2/system-recovery-keys remove API - snapstate: do not auto-migrate to ~/Snap for core22 just yet - tests: run failed tests by default - o/snapshotstate: check installed snaps before running 'save' tasks - secboot/keymgr: remove recovery key, authorize with existing key - deps: bump libseccomp to include build fixes, run unit tests using CC=clang - cmd/snap-seccomp: only compare the bottom 32-bits of the flags arg of copy_file_range - osutil/disks: helper for obtaining the UUID of a partition which is a mount point source - image/preseed: umount the base snap last after writable paths - tests: new set of nested tests for uc22 - tests: run failed tests on nested suite - interfaces: posix-mq: add new interface - tests/main/user-session-env: remove openSUSE-specific tweaks - tests: skip external backend in mem-cgroup-disabled test - snap/quota: change the journal quota period to be a time.Duration - interfaces/apparmor: allow executing /usr/bin/numfmt in the base template - tests: add lz4 dependency for jammy to avoid issues repacking kernel - snap-bootstrap, o/devicestate: use seed parallelism - cmd/snap-update-ns: correctly set sticky bit on created directories where applicable - tests: install snapd while restoring in snap-mgmt - .github: skip misspell and ineffassign on go 1.13 - many: use UC20+/pre-UC20 in user messages as needed - o/devicestate: use snap handler for copying and checksuming preseeded snaps - image, cmd/snap-preseed: allow passing custom apparmor features path - o/assertstate: fix handling of validation set tracking update in enforcing mode - packaging: restart our units only after the upgrade - interfaces: add a steam-support interface - gadget/install, o/devicestate: do not create recovery and reinstall keys during installation - many: move recovery key responsibility to devicestate/secboot, prepare for a future with just optional recovery key - tests: do not run mem-cgroup-disabled on external backends - snap: implement "star" developers - o/devicestate: fix install tests on systems with /var/lib/snapd/snap - cmd/snap-fde-keymgr, secboot: followup cleanups - seed: let SnapHandler provided a different final path for snaps - o/devicestate: implement maybeApplyPreseededData function to apply preseed artifact - tests/lib/tools: add piboot to boot_path() - interfaces/builtin: shared-memory drop plugs allow-installation: true - tests/main/user-session-env: for for opensuse - cmd/snap-fde-keymgr, secboot: add a tiny FDE key manager - tests: re-execute the failed tests when "Run failed" label is set in the PR - interfaces/builtin/custom-device: fix unit tests on hosts with different libexecdir - sandbox: move profile load/unload to sandbox/apparmor - cmd/snap: handler call verifications for cmd_quota_tests - secboot/keys: introduce a package for secboot key types, use the package throughout the code base - snap/quota: add journal quotas to resources.go - many: let provide a SnapHandler to Seed.Load*Meta* - osutil: allow setting desired mtime on the AtomicFile, preserve mtime on copy - systemd: add systemd.Run() wrapper for systemd-run - tests: test fresh install of core22-based snap (#11696) - tests: initial set of tests to uc22 nested execution - o/snapstate: migration overwrites existing snap dir - tests: fix interfaces-location-control tests leaking provider.py process - tests/nested: fix custom-device test - tests: test migration w/ revert, refresh and XDG dir creation - asserts,store: complete support for optional primary key headers for assertions - seed: support parallelism when loading/verifying snap metadata - image/preseed, cmd/snap-preseed: create and sign preseed assertion - tests: Initial changes to run nested tests on uc22 - o/snapstate: fix TestSnapdRefreshTasks test after two r-a-a PRs - interfaces: add ACRN hypervisor support - o/snapstate: exclude TypeSnapd and TypeOS snaps from refresh-app- awareness - features: enable refresh-app-awareness by default - libsnap-confine-private: show proper error when aa_change_onexec() fails - i/apparmor: remove leftover comment - gadget: drop unused code in unit tests - image, store: move ToolingStore to store/tooling package - HACKING: update info for snapcraft remote build - seed: return all essential snaps found if no types are given to LoadEssentialMeta - i/b/custom_device: fix generation of udev rules - tests/nested/manual/core20-early-config: disable netplan checks - bootloader/assets, tests: add factory-reset mode, test non- encrypted factory-reset - interfaces/modem-manager: add support for Cinterion modules - gadget: fully support multi-volume gadget asset updates in Update() on UC20+ - i/b/content: use slot.Lookup() as suggested by TODO comment - tests: install linux-tools-gcp on jammy to avoid bpftool dependency error - tests/main: add spread tests for new cpu and thread quotas - snap-debug-info: print validation sets and validation set assertions - many: renaming related to inclusive language part 2 - c/snap-seccomp: update syscalls to match libseccomp 2657109 - github: cancel workflows when pushing to pull request branches - .github: use reviewdog action from woke tool - interfaces/system-packages-doc: allow read-only access to /usr/share/gtk-doc - interfaces: add max_map_count to system-observe - o/snapstate: print pids of running processes on BusySnapError - .github: run woke tool on PR's - snapshots: follow-up on exclusions PR - cmd/snap: add check switch for snap debug state - tests: do not run mount-order-regression test on i386 - interfaces/system-packages-doc: allow read-only access to /usr/share/xubuntu-docs - interfaces/hardware_observe: add read access for various devices - packaging: use latest go to build spread - tests: Enable more tests for UC22 - interfaces/builtin/network-control: also allow for mstp and bchat devices too - interfaces/builtin: update apparmor profile to allow creating mimic over /usr/share* - data/selinux: allow snap-update-ns to mount on top of /var/snap inside the mount ns - interfaces/cpu-control: fix apparmor rules of paths with CPU ID - tests: remove the file that configures nm as default - tests: fix the change done for netplan-cfg test - tests: disable netplan-cfg test - cmd/snap-update-ns: apply content mounts before layouts - overlord/state: add a helper to detect cyclic dependencies between tasks in change - packaging/ubuntu-16.04/control: recommend `fuse3 | fuse` - many: change "transactional" flag to a "transaction" option - b/piboot.go: check EEPROM version for RPi4 - snap/quota,spread: raise lower memory quota limit to 640kb - boot,bootloader: add missing grub.cfg assets mocks in some tests - many: support --ignore-running with refresh many - tests: skip the test interfaces-many-snap-provided in trusty - o/snapstate: rename XDG dirs during HOME migration - cmd/snap,wrappers: fix wrong implementation of zero count cpu quota - i/b/kernel_module_load: expand $SNAP_COMMON in module options - interfaces/u2f-devices: add Solo V2 - overlord: add missing grub.cfg assets mocks in manager_tests.go - asserts: extend optional primary keys support to the in-memory backend - tests: update the lxd-no-fuse test - many: fix failing golangci checks - seed,many: allow to limit LoadMeta to snaps of a precise mode - tests: allow ubuntu-image to be built with a compatible snapd tree - o/snapstate: account for repeat migration in ~/Snap undo - asserts: start supporting optional primary keys in fs backend, assemble and signing - b/a: do not set console in kernel command line for arm64 - tests/main/snap-quota-groups: fix spread test - sandbox,quota: ensure cgroup is available when creating mem quotas - tests: add debug output what keeps `/home` busy - sanity: rename "sanity.Check" to "syscheck.CheckSystem" - interfaces: add pkcs11 interface - o/snapstate: undo migration on 'snap revert' - overlord: snapshot exclusions - interfaces: add private /dev/shm support to shared-memory interface - gadget/install: implement factory reset for unencrypted system - packaging: install Go snap from 1.17 channel in the integration tests - snap-exec: fix detection if `cups` interface is connected - tests: extend gadget-config-defaults test with refresh.retain - cmd/snap,strutil: move lineWrap to WordWrapPadded - bootloader/piboot: add support for armhf - snap,wrappers: add `sigint{,-all}` to supported stop-modes - packaging/ubuntu-16.04/control: depend on fuse3 | fuse - interfaces/system-packages-doc: allow read-only access to /usr/share/libreoffice/help - daemon: add a /v2/accessories/changes/{ID} endpoint - interfaces/appstream-metadata: Re-create app-info links to swcatalog - debug-tools: add script to help debugging GCE instances which fail to boot - gadget/install, kernel: more ICE helpers/support - asserts: exclude empty snap id from duplicates lookup with preseed assert - cmd/snap, signtool: move key-manager related helpers to signtool package - tests/main/snap-quota-groups: add 219 as possible exit code - store: set validation-sets on actions when refreshing - github/workflows: update golangci-lint version - run-check: use go install instead of go get - tests: set as manual the interfaces-cups-control test - interfaces/appstream-metadata: Support new swcatalog directory names - image/preseed: migrate tests from cmd/snap-preseed - tests/main/uc20-create-partitions: update the test for new Go versions - strutil: move wrapGeneric function to strutil as WordWrap - many: small inconsequential tweaks - quota: detect/error if cpu-set is used with cgroup v1 - tests: moving ubuntu-image to candidate to fix uc16 tests - image: integrate UC20 preseeding with image.Prepare - cmd/snap,client: frontend for cpu/thread quotas - quota: add test for `Resource.clone()` - many: replace use of "sanity" with more inclusive naming (part 2) - tests: switch to "test-snapd-swtpm" - i/b/network-manager: split rule with more than one peers - tests: fix restore of the BUILD_DIR in failover test on uc18 - cmd/snap/debug: sort changes by their spawn times - asserts,interfaces/policy: slot-snap-id allow-installation constraints - o/devicestate: factory reset mode, no encryption - debug-tools/snap-debug-info.sh: print message if no gadget snap found - overlord/devicestate: install system cleanups - cmd/snap-bootstrap: support booting into factory-reset mode - o/snapstate, ifacestate: pass preseeding flag to AddSnapdSnapServices - o/devicestate: restore device key and serial when assertion is found - data: add static preseed.json file - sandbox: improve error message from `ProbeCgroupVersion()` - tests: fix the nested remodel tests - quota: add some more unit tests around Resource.Change() - debug-tools/snap-debug-info.sh: add debug script - tests: workaround lxd issue lp:10079 (function not implemented) on prep-snapd-in-lxd - osutil/disks: blockdev need not be available in the PATH - cmd/snap-preseed: address deadcode linter - tests/lib/fakestore/store: return snap base in details - tests/lib/nested.sh: rm core18 snap after download - systemd: do not reload system when enabling/disabling services - i/b/kubernetes_support: add access to Java certificates * New upstream release, LP: #1965808 - snapstate: do not auto-migrate to ~/Snap for core22 just yet - cmd/snap-seccomp: add copy_file_range to syscallsWithNegArgsMaskHi32 - cmd/snap-update-ns: correctly set sticky bit on created directories where applicable - .github: Skip misspell and ineffassign on go 1.13 - tests: add lz4 dependency for jammy to avoid issues repacking kernel - interfaces: posix-mq: add new interface * New upstream release, LP: #1965808 - tests: do not run mount-order-regression test on i386 - c/snap-seccomp: update syscalls - o/snapstate: overwrite ~/.snap subdir when migrating - o/assertstate: fix handling of validation set tracking update in enforcing mode - packaging: restart our units only after the upgrade - interfaces: add a steam-support interface - features: enable refresh-app-awareness by default - i/b/custom_device: fix generation of udev rules - interfaces/system-packages-doc: allow read-only access to /usr/share/gtk-doc - interfaces/system-packages-doc: allow read-only access to /usr/share/xubuntu-docs - interfaces/builtin/network-control: also allow for mstp and bchat devices too - interfaces/builtin: update apparmor profile to allow creating mimic over /usr/share - data/selinux: allow snap-update-ns to mount on top of /var/snap inside the mount ns - interfaces/cpu-control: fix apparmor rules of paths with CPU ID * New upstream release, LP: #1965808 - cmd/snap-update-ns: apply content mounts before layouts - many: change "transactional" flag to a "transaction" option - b/piboot.go: check EEPROM version for RPi4 - snap/quota,spread: raise lower memory quota limit to 640kb - boot,bootloader: add missing grub.cfg assets mocks in some tests - many: support --ignore-running with refresh many - cmd/snap,wrappers: fix wrong implementation of zero count cpu quota - quota: add some more unit tests around Resource.Change() - quota: detect/error if cpu-set is used with cgroup v1 - quota: add test for `Resource.clone() - cmd/snap,client: frontend for cpu/thread quotas - tests: update spread test to check right XDG dirs - snap: set XDG env vars to new dirs - o/snapstate: initialize XDG dirs in HOME migration - i/b/kernel_module_load: expand $SNAP_COMMON in module options - overlord: add missing grub.cfg assets mocks in manager_tests.go - o/snapstate: account for repeat migration in ~/Snap undo - b/a: do not set console in kernel command line for arm64 - sandbox: improve error message from `ProbeCgroupVersion()` - tests/main/snap-quota-groups: fix spread test - interfaces: add pkcs11 interface - o/snapstate: undo migration on 'snap revert' - overlord: snapshot exclusions - interfaces: add private /dev/shm support to shared-memory interface - packaging: install Go snap from 1.17 channel in the integration tests - snap-exec: fix detection if `cups` interface is connected - bootloader/piboot: add support for armhf - interfaces/system-packages-doc: allow read-only access to /usr/share/libreoffice/help - daemon: add a /v2/accessories/changes/{ID} endpoint - interfaces/appstream-metadata: Re-create app-info links to swcatalog - tests/main/snap-quota-groups: add 219 as possible exit code - store: set validation-sets on actions when refreshing - interfaces/appstream-metadata: Support new swcatalog directory names - asserts,interfaces/policy: slot-snap-id allow-installation constraints - i/b/network-manager: change rule for ResolveAddress to check only label - cmd/snap-bootstrap: support booting into factory-reset mode - systemd: do not reload system when enabling/disabling services * New upstream release, LP: #1965808 - cmd/snap-update-ns: actually use entirely non-existent dirs * New upstream release, LP: #1965808 - cmd/snap-update-ns/change_test.go: use non-exist name foo-runtime instead * New upstream release, LP: #1965808 - kernel/fde: add PartitionName to various structs - osutil/disks: calculate the last usable LBA instead of reading it - snap/quota: additional validation in resources.go - o/snapstate: avoid setting up single reboot when update includes base, kernel and gadget - overlord/state: add helper for aborting unready lanes - snap-bootstrap: Partially revert simplifications of mount dependencies - cmd/snap-update-ns/change.go: sort needed, desired and not reused mount entries - cmd/snap-preseed, image: move preseeding code to image/preseed - interfaces/docker-support: make generic rules not conflict with snap-confine - i/b/modem-manager: provide access to ObjectManager - i/b/network_{control,manager}.go: add more access to resolved - overlord/state: drop unused lanes field - cmd/snap: make 1.18 vet happy - o/snapstate: allow installing the snapd-desktop-integration snap even if the user-daemons feature is otherwise disabled - snap/quota: fix bug in quota group tree validation code - o/snapstate: make sure that snapd is a prerequisite for updating base snaps - bootloader: add support for piboot - i/seccomp/template.go: add close_range to the allowed syscalls - snap: add new cpu quotas - boot: support factory-reset when sealing and resealing - tests: fix test to avoid editing the test-snapd-tools snap.yaml file - dirs: remove unused SnapMetaDir variable - overlord: extend single reboot test to include a non-base, non- kernel snap - github: replace "sanity check" with "quick check" in workflow - fde: add new DeviceUnlock() call - many: replace use of "sanity" with more inclusive naming in comments - asserts: minimal changes to disable authority-delegation before full revert - tests: updating the test-snapd-cups-control-consumer snap to core20 based - many: replace use of "sanity" for interface implementation checks - cmd/snap-preseed: support for core20 preseeding - cmd: set core22 migration related env vars and update spread test - interface/opengl: allow read on /proc/sys/dev/i915/perf_stream_paranoid - tests/lib/tools/report-mongodb: fix typo in help text - tests: Include the source github url as part of the mongo db issues - o/devicestate: split mocks to separate calls for creating a model and a gadget - snap: Add missing zlib - cmd/snap: add support for rebooting to factory-reset - interfaces/apparmor: Update base template for systemd-machined - i/a/template.go: add ld path for jammy - o/devicestate, daemon: introduce factory-reset mode, allow switching - o/state: fix undo with independent tasks in same change and lane - tests: validate tests tools just on google and qemu backends - tests/lib/external/snapd-testing-tools: update from upstream - tests: skip interfaces-cups-control from debian-sid - Increase the times in snapd-sigterm for arm devices - interfaces/browser-support: allow RealtimeKit's MakeThreadRealtimeWithPID - cmd: misc analyzer fixes - interfaces/builtin/account-control: allow to execute pam_tally2 - tests/main/user-session-env: special case bash profile on Tumbleweed - o/snapstate: implement transactional lanes for prereqs - o/snapstate: add core22 migration logic - tests/main/mount-ns: unmount /run/qemu - release: 2.54.4 changelog to master - gadget: add buildVolumeStructureToLocation, volumeStructureToLocationMap - interfaces/apparmor: add missing unit tests for special devmode rules/behavior - cmd/snap-confine: coverity fixes - interfaces/systemd: use batch systemd operations - tests: small adjustments to fix vuln spread tests - osutil/disks: trigger udev on the partition device node - interfaces/network-control: add D-Bus rules for resolved too - interfaces/cpu-control: add extra idleruntime data/reset files to cpu-control - packaging/ubuntu-16.04/rules: don't run unit tests on riscv64 - data/selinux: allow the snap command to run systemctl - boot: mock amd64 arch for mabootable 20 suite - testutil: add Backup helper to save/restore values, usually for mocking - tests/nested/core/core20-reinstall-partitions: update test summary - asserts: return an explicit error when key cannot be found - interfaces: custom-device - Fix snap-run-gdbserver test by retrying the check - overlord, boot: fix unit tests on arches other than amd64 - Get lxd snap from candidate channel - bootloader: allow different names for the grub binary in different archs - cmd/snap-mgmt, packaging: trigger daemon reload after purging unit files - tests: add test to ensure consecutive refreshes do garbage collection of old revs - o/snapstate: deal with potentially invalid type of refresh.retain value due to lax validation - seed,image: changes necessary for ubuntu-image to support preseeding extra snaps in classic images - tests: add debugging to snap-confine-tmp-mount - o/snapstate: add ~/Snap init related to backend - data/env: cosmetic tweak for fish - tests: include new testing tools and utils - wrappers: do not reload the deamon or restart snapd services when preseeding on core - Fix smoke/install test for other architectures than pc - tests: skip boot loader check during testing preparation on s390x - t/m/interfaces-network-manager: use different channel depending on system - o/devicestate: pick system from seed systems/ for preseeding (1/N) - asserts: add preseed assertion type - data/env: more workarounds for even older fish shells, provide reasonable defaults - tests/main/snap-run-devmode-classic: reinstall snapcraft to clean up - gadget/update.go: add buildNewVolumeToDeviceMapping for existing devices - tests: allow run spread tests using a private ppaTo validate it - interfaces/{cpu,power}-control: add more accesses for commercial device tuning - gadget: add searchForVolumeWithTraits + tests - gadget/install: measure and save disk volume traits during install.Run() - tests: fix "undo purging" step in snap-run-devmode-classic - many: move call to shutdown to the boot package - spread.yaml: add core22 version of rsync to skip - overlord, o/snapstate: fix mocking on systems without /snap - many: move boot.Device to snap.Device - tests: smoke test support for core22 - tests/nested/snapd-removes-vulnerable-snap-confine-revs: use newer snaps - snapstate: make "remove vulnerable version" message more friendly - o/devicestate/firstboot_preseed_test.go: remove deadcode - o/devicestate: preseeding test cleanup - gadget: refactor StructureEncryption to have a concrete type instead of map - tests: add created_at timestamp to mongo issues - tests: fix security-udev-input-subsystem test - o/devicestate/handlers_install.go: use --all to get binary data too for logs - o/snapstate: rename "corecore" -> "core" - o/snapstate: implement transactional flag - tests: skip ~/.snap migration test on openSUSE - asserts,interfaces/policy: move and prepare DeviceScopeConstraint for reuse - asserts: fetching code should fetch authority-delegation assertions with signing keys as needed - tests: prepare and restore nested tests - asserts: first-class support for formatting/encoding signatory-id - asserts: remove unused function, fix for linter - gadget: identify/match encryption parts, include in traits info - asserts,cmd/snap-repair: support delegation when validating signatures - many: fix leftover empty snap dirs - libsnap-confine-private: string functions simplification - tests/nested/manual/core20-cloud-init-maas-signed-seed-data: add gadget variant - interfaces/u2f-devices: add U2F-TOKEN - tests/core/mem-cgroup-disabled: minor fixups - data/env: fix fish env for all versions of fish, unexport local vars, export XDG_DATA_DIRS - tests: reboot test running remodel - Add extra disk space to nested images to "avoid No space left on device" error - tests: add regression tests for disabled memory cgroup operation - many: fix issues flagged by golangci and configure it to fail build - docs: fix incorrect link - cmd/snap: rename the verbose logging flag in snap run - docs: cosmetic cleanups - cmd/snap-confine: build const data structures at compile- time - o/snapstate: reduce maxInhibition for raa by 1s to avoid confusing notification - snap-bootstrap: Cleanup dependencies in systemd mounts - interfaces/seccomp: Add rseq to base seccomp template - cmd/snap-confine: remove mention of "legacy mode" from comment - gadget/gadget_test.go: fix variable type - gadget/gadget.go: add AllDiskVolumeDeviceTraits - spread: non-functional cleanup of go1.6 legacy - cmd/snap-confine: update ambiguous comment - o/snapstate: revert migration on refresh if flag is disabled - packaging/fedora: sync with downstream, packaging improvements - tests: updated the documentation to run spread tests using external backend - osutil/mkfs: Expose more fakeroot flags - interfaces/cups: add cups-socket-directory attr, use to specify mount rules in backend - tests/main/snap-system-key: reset-failed snapd and snapd.socket - gadget/install: add unit tests for install.Run() - tests/nested/manual/remodel-cross-store,remodel-simple: wait for serial - vscode: added integrated support for MS VSCODE - cmd/snap/auto-import: use osutil.LoadMountInfo impl instead - gadget/install: add unit tests for makeFilesystem, allow mocking mkfs.Make() - systemd: batched operations - gadget/install/partition.go: include DiskIndex in synthesized OnDiskStructure - gadget/install: rm unused support for writing non-filesystem structures - cmd/snap: close refresh notifications after trying to run a snap while inhibited - o/servicestate: revert #11003 checking for memory cgroup being disabled - tests/core/failover: verify failover handling with the kernel snap - snap-confine: allow numbers in hook security tag - cmd/snap-confine: mount bpffs under /sys/fs/bpf if needed - spread: switch to CentOS 8 Stream image - overlord/servicestate: disallow mixing snaps and subgroups. - cmd/snap: add --debug to snap run - gadget: mv modelCharateristics to gadgettest.ModelCharacteristics - cmd/snap: remove use of zenity, use notifications for snap run inhibition - o/devicestate: verify that the new model is self contained before remodeling - usersession/userd: query xdg-mime to check for fallback handlers of a given scheme - gadget, gadgettest: reimplement tests to use new gadgettest examples.go file - asserts: start implementing authority-delegationTODO in later PRs: - overlord: skip manager tests on riscv for now - o/servicestate: quota group error should be more explanative when memory cgroup is disabled - i/builtin: allow modem-manager interface to access some files in sysfs - tests: ensure that interface hook works with hotplug plug - tests: fix repair test failure when run in a loop - o/snapstate: re-write state after undo migration - interfaces/opengl: add support for ARM Mali - tests: enable snap-userd-reexec on ubuntu and debian - tests: skip bind mount in snapd-snap test when the core snap in not repacked - many: add transactional flag to snapd API - tests: new Jammy image for testing - asserts: start generalizing attrMatcherGeneralization is along - tests: ensure the ca-certificates package is installed - devicestate: ensure permissions of /var/lib/snapd/void are correct - many: add altlinux support - cmd/snap-update-ns: convert some unexpected decimal file mode constants to octal. - tests: use system ubuntu-21.10-64 in nested tests - tests: skip version check on lp-1871652 for sru validation - snap/quota: add positive tests for the quota.Resources logic - asserts: start splitting out attrMatcher for reuse to constraint.go - systemd: actually test the function passed as a parameter - tests: fix snaps-state test for sru validation - many: add Transactional to snapstate.Flags - gadget: rename DiskVolume...Opts to DiskVolume...Options - tests: Handle PPAs being served from ppa.launchpadcontent.net - tests/main/cgroup-tracking-failure: Make it pass when run alone - tests: skip migration test on centOS - tests: add back systemd-timesyncd to newer debian distros - many: add conversion for interface attribute values - many: unit test fix when SNAPD_DEBUG=1 is set - gadget/install/partition.go: use device rescan trick only when gadget says to - osutil: refactoring the code exporting mocking APIs to other packages - mkversion: check that snapd is a git source tree before guessing the version - overlord: small refactoring of group quota implementation in preparation of multiple quota values - tests: drop 21.04 tests (it's EOL) - osutil/mkfs: Expose option for --lib flag in fakeroot call - cmd/snapd-apparmor: fix bad variable initialization - packaging, systemd: fix socket (re-)start race - tests: fix running tests.invariant on testflinger systems - tests: spread test snap dir migration - interfaces/shared-memory: support single wild-cards in the read/write paths - tests: cross store remodel - packaging,tests: fix running autopkgtest - spread-shellcheck: add a caching layer - tests: add jammy to spread executions - osutils: deal with ENOENT in UserMaybeSudoUser() - packaging/ubuntu-16.04/control: adjust libfuse3 dependency as suggested - gadget/update.go: add DiskTraitsFromDeviceAndValidate - tests/lib/prepare.sh: add debug kernel command line params via gadget on UC20 - check-commit-email: do not fail when current dir is not under git - configcore: implement netplan write support via dbus - run-checks, check-commit-email.py: check commit email addresses for validity - tests: setup snapd remodel testing bits - cmd/snap: adjust /cmd to migration changes - systemd: enable batched calls for systemd calls operation on units - o/ifacestate: add convenience Active() method to ConnectionState struct - o/snapstate: migrate to hidden dir on refresh/install - store: fix flaky test - i/builtin/xilinx-dma: add interface for Xilinx DMA driver - go.mod: tidy up - overlord/h/c/umount: remove handling of required parameter - systemd: add NeedDaemonReload to the unit state - mount-control: step 3 - tests/nested/manual/minimal-smoke: bump mem to 512 for unencrypted case too - gadget: fix typo with filesystem message - gadget: misc helper fixes for implicit system-data role handling - tests: fix uses of fakestore new-snap-declaration - spread-shellcheck: use safe_load rather than load with a loder - interfaces: allow access to new at-spi socket location in desktop- legacy - cmd/snap: setup tracking cgroup when invoking a service directly as a user - tests/main/snap-info: use yaml.safe_load rather than yaml.load - cmd/snap: rm unnecessary validation - tests: fix `tests/core/create-user` on testflinger pi3 - tests: fix parallel-install-basic on external UC16 devices - tests: ubuntu-image 2.0 compatibility fixes - tests/lib/prepare-restore: use go install rather than go get - cmd/snap, daemon: add debug command for getting OnDiskVolume dump - gadget: resolve index ambiguity between OnDiskStructure and LaidOutStructuretype: bare structures). - tests: workaround missing bluez snap - HACKING.md: add dbus-x11 to packages needed to run unit tests - spread.yaml: add debian-{10,11}, drop debian-9 - cmd/snap/quota: fix typo in the help message - gadget: allow gadget struct with unspecified filesystem to match part with fs - tests: re-enable kernel-module-load tests on arm - tests/lib/uc20-create-partitions/main.go: setup a logger for messages - cmd: support installing multiple local snaps - usersession: implement method to close notifications via usersession REST API - data/env: treat XDG_DATA_DIRS like PATH for fish - cmd/snap, cmd/snap-confine: extend manpage, update links - tests: fix fwupd interface test in debian sid - tests: do not run k8s smoke test on 32 bit systems - tests: fix testing in trusty qemu - packaging: merge 2.54.2 changelog back to master - overlord: fix issue with concurrent execution of two snapd processes - interfaces: add a polkit interface - gadget/install/partition.go: wait for udev settle when creating partitions too - tests: exclude interfaces-kernel-module load on arm - tests: ensure that test-snapd-kernel-module-load is removed - tests: do not test microk8s-smoke on arm - packaging, bloader, github: restore cleanliness of snapd info file; check in GA workflow - tests/lib/tools/tests.invariant: simplify check - tests/nested/manual/core20-to-core22: wait for device to be initialized before starting a remodel - build-aux/snap/snapcraft.yaml: use build-packages, don't fail dirty builds - tests/lib/tools/tests.invariant: add invariant for detecting broken snaps - tests/core/failover: replace boot-state with snap debug boot-vars - tests: fix remodel-kernel test when running on external devices - data/selinux: allow poking /proc/xen - gadget: do not crash if gadget.yaml has an empty Volumes section - i/b/mount-control: support creating tmpfs mounts - packaging: Update openSUSE spec file with apparmor-parser and datadir for fish - cmd/snap-device-helper: fix variable name typo in the unit tests - tests: fixed an issue with retrieval of the squashfuse repo - release: 2.54.1 - tests: tidy up the top-level of ubuntu-seed during tests - build-aux: detect/fix dirty git revisions while snapcraft building - release: 2.54 * New upstream release, LP: #1955137 - t/m/interfaces-network-manager: use different channel depending on system - many: backport attrer interface changes to 2.54 - tests: skip version check on lp-1871652 for sru validation - i/builtin: allow modem-manager interface to access some files in sysfs - snapstate: make "remove vulnerable version" message more friendly - tests: fix "undo purging" step in snap-run-devmode-classic - o/snapstate: deal with potentially invalid type of refresh.retain value due to lax validation - interfaces: custom-device - packaging/ubuntu-16.04/control: adjust libfuse3 dependency - data/env: fix fish env for all versions of fish - packaging/ubuntu-16.04/snapd.postinst: start socket and service first - interfaces/u2f-devices: add U2F-TOKEN - interfaces/seccomp: Add rseq to base seccomp template - tests: remove disabled snaps before calling save_snapd_state - overlord: skip manager tests on riscv for now - interfaces/opengl: add support for ARM Mali - devicestate: ensure permissions of /var/lib/snapd/void are correct - cmd/snap-update-ns: convert some unexpected decimal file mode constants to octal. - interfaces/shared-memory: support single wild-cards in the read/write paths - packaging: fix running autopkgtest - i/builtin/xilinx-dma-host: add interface for Xilinx DMA driver - tests: fix `tests/core/create-user` on testflinger pi3 - tests: fix parallel-install-basic on external UC16 devices - tests: re-enable kernel-module-load tests on arm - tests: do not run k8s smoke test on 32 bit systems * SECURITY UPDATE: Local privilege escalation - snap-confine: Add validations of the location of the snap-confine binary within snapd. - snap-confine: Fix race condition in snap-confine when preparing a private mount namespace for a snap. - CVE-2021-44730 - CVE-2021-44731 * SECURITY UPDATE: Data injection from malicious snaps - interfaces: Add validations of snap content interface and layout paths in snapd. - CVE-2021-4120 - LP: #1949368 * New upstream release, LP: #1955137 - tests: exclude interfaces-kernel-module load on arm - tests: ensure that test-snapd-kernel-module-load is removed - tests: do not test microk8s-smoke on arm - tests/core/failover: replace boot-state with snap debug boot-vars - tests: use snap info|awk to extract tracking channel - tests: fix remodel-kernel test when running on external devices - .github/workflows/test.yaml: also check internal snapd version for cleanliness - packaging/ubuntu-16.04/rules: eliminate seccomp modification - bootloader/assets/grub_*cfg_asset.go: update Copyright - build-aux/snap/snapcraft.yaml: adjust comment about get-version - .github/workflows/test.yaml: add check in github actions for dirty snapd snaps - build-aux/snap/snapcraft.yaml: use build-packages, don't fail dirty builds - data/selinux: allow poking /proc/xen * New upstream release, LP: #1955137 - buid-aux: set version before calling ./generate-packaging-dir This fixes the "dirty" suffix in the auto-generated version * New upstream release, LP: #1955137 - interfaces/builtin/opengl.go: add boot_vga sys/devices file - o/configstate/configcore: add tmpfs.size option - tests: moving to manual opensuse 15.2 - cmd/snap-device-helper: bring back the device type identification behavior, but for remove action fallback only - cmd/snap-failure: use snapd from the snapd snap if core is not present - tests/core/failover: enable the test on core18 - o/devicestate: ensure proper order when remodel does a simple switch-snap-channel - builtin/interfaces: add shared memory interface - overlord: extend kernel/base success and failover with bootenv checks - o/snapstate: check disk space w/o store if possible - snap-bootstrap: Mount snaps read only - gadget/install: do not re-create partitions using OnDiskVolume after deletion - many: fix formatting w/ latest go version - devicestate,timeutil: improve logging of NTP sync - tests/main/security-device-cgroups-helper: more debugs - cmd/snap: print a placeholder for version of broken snaps - o/snapstate: mock system with classic confinement support - cmd: Fixup .clangd to use correct syntax - tests: run spread tests in fedora-35 - data/selinux: allow snapd to access /etc/modprobe.d - mount-control: step 2 - daemon: add multiple snap sideload to API - tests/lib/pkgdb: install dbus-user-session during prepare, drop dbus-x11 - systemd: provide more detailed errors for unimplemented method in emulation mode - tests: avoid checking TRUST_TEST_KEYS on restore on remodel-base test - tests: retry umounting /var/lib/snapd/seed on uc20 on fsck-on-boot test - o/snapstate: add hide/expose snap data to backend - interfaces: kernel-module-load - snap: add support for `snap watch --last={revert,enable,disable,switch}` - tests/main/security-udev-input-subsystem: drop info from udev - tests/core/kernel-and-base-single-reboot-failover, tests/lib/fakestore: verify failover scenario - tests/main/security-device-cgroups-helper: collect some debug info when the test fails - tests/nested/manual/core20-remodel: wait for device to have a serial before starting a remodel - tests/main/generic-unregister: test re-registration if not blocked - o/snapstate, assertsate: validation sets/undo on partial failure - tests: ensure snapd can be downloaded as a module - snapdtool, many: support additional key/value flags in info file - data/env: improve fish shell env setup - usersession/client: provide a way for client to send messages to a subset of users - tests: verify that simultaneous refresh of kernel and base triggers a single reboot only - devicestate: Unregister deletes the device key pair as well - daemon,tests: support forgetting device serial via API - asserts: change behavior of alternative attribute matcher - configcore: relax validation rules for hostname - cmd/snap-confine: do not include libglvnd libraries from the host system - overlord, tests: add managers and a spread test for UC20 to UC22 remodel - HACKING.md: adjust again for building the snapd snap - systemd: add support for systemd unit alias names - o/snapstate: add InstallPathMany - gadget: allow EnsureLayoutCompatibility to ensure disk has all laid out structsnow reject/fail: - packaging/ubuntu, packaging/debian: depend on dbus-session-bus provider (#11111) - interfaces/interfaces/scsi_generic: add interface for scsi generic de (#10936) - osutil/disks/mockdisk.go: add MockDevicePathToDiskMapping - interfaces/microstack-support: set controlsDeviceCgroup to true - network-setup-control: add netplan generate D-Bus rules - interface/builtin/log_observe: allow to access /dev/kmsg - .github/workflows/test.yaml: restore failing of spread tests on errors (nested) - gadget: tweaks to DiskStructureDeviceTraits + expand test cases - tests/lib/nested.sh: allow tests to use their own core18 in extra- snaps-path - interfaces/browser-support: Update rules for Edge - o/devicestate: during remodel first check pending download tasks for snaps - polkit: add a package to validate polkit policy files - HACKING.md: document building the snapd snap and splicing it into the core snap - interfaces/udev: fix installing snaps inside lxd in 21.10 - o/snapstate: refactor disk space checks - tests: add (strict) microk8s smoke test - osutil/strace: try to enable strace on more arches - cmd/libsnap-confine-private: fix snap-device-helper device allow list modification on cgroup v2 - tests/main/snapd-reexec-snapd-snap: improve debugging - daemon: write formdata file parts to snaps dir - systemd: add support for .target units - tests: run snap-disconnect on uc16 - many: add experimental setting to allow using ~/.snap/data instead of ~/snap - overlord/snapstate: perform a single reboot when updating boot base and kernel - kernel/fde: add DeviceUnlockKernelHookDeviceMapperBackResolver, use w/ disks pkg - o/devicestate: introduce DeviceManager.Unregister - interfaces: allow receiving PropertiesChanged on the mpris plug - tests: new tool used to retrieve data from mongo db - daemon: amend ssh keys coming from the store - tests: Include the tools from snapd-testing-tools project in "$TESTSTOOLS" - tests: new workflow step used to report spread error to mongodb - interfaces/builtin/dsp: update proc files for ambarella flavor - gadget: replace ondisk implementation with disks package, refactor part calcs - tests: Revert "tests: disable flaky uc18 tests until systemd is fixed" - Revert: "many: Vendor apparmor-3.0.3 into the snapd snap" - asserts: rename "white box" to "clear box" (woke checker) - many: Vendor apparmor-3.0.3 into the snapd snap - tests: reorganize the debug-each on the spread.yaml - packaging: sync with downstream packaging in Fedora and openSUSE - tests: disable flaky uc18 tests until systemd is fixed - data/env: provide profile setup for fish shell - tests: use ubuntu-image 1.11 from stable channel - gadget/gadget.go: include disk schema in the disk device volume traits too - tests/main/security-device-cgroups-strict-enforced: extend the comments - README.md: point at bugs.launchpad.net/snapd instead of snappy project - osutil/disks: introduce RegisterDeviceMapperBackResolver + use for crypt-luks2 - packaging: make postrm script robust against `rm` failures - tests: print extra debug on auto-refresh-gating test failure - o/assertstate, api: move enforcing/monitoring from api to assertstate, save history - tests: skip the test-snapd-timedate-control-consumer.date to avoid NTP sync error - gadget/install: use disks functions to implement deviceFromRole, also rename - tests: the `lxd` test is failing right now on 21.10 - o/snapstate: account for deleted revs when undoing install - interfaces/builtin/block_devices: allow blkid to print block device attributes - gadget: include size + sector-size in DiskVolumeDeviceTraits - cmd/libsnap-confine-private: do not deny all devices when reusing the device cgroup - interfaces/builtin/time-control: allow pps access - o/snapstate/handlers: propagate read errors on "copy-snap-data" - osutil/disks: add more fields to Partition, populate them during discovery - interfaces/u2f-devices: add Trezor and Trezor v2 keys - interfaces: timezone-control, add permission for ListTimezones DBus call - o/snapstate: remove repeated test assertions - tests: skip `snap advise-command` test if the store is overloaded - cmd: create ~/snap dir with 0700 perms - interfaces/apparmor/template.go: allow udevadm from merged usr systems - github: leave a comment documenting reasons for pipefail - github: enable pipefail when running spread - osutil/disks: add DiskFromPartitionDeviceNode - gadget, many: add model param to Update() - cmd/snap-seccomp: add riscv64 support - o/snapstate: maintain a RevertStatus map in SnapState - tests: enable lxd tests on impish system - tests: (partially) revert the memory limits PR#r10241 - o/assertstate: functions for handling validation sets tracking history - tests: some improvements for the spread log parser - interfaces/network-manager-observe: Update for libnm / dart clients - tests: add ntp related debug around "auto-refresh" test - boot: expand on the fact that reseal taking modeenv is very intentional - cmd/snap-seccomp/syscalls: update syscalls to match libseccomp abad8a8f4 - data/selinux: update the policy to allow snapd to talk to org.freedesktop.timedate1 - o/snapstate: keep old revision if install doesn't add new one - overlord/state: add a unit test for a kernel+base refresh like sequence - desktop, usersession: observe notifications - osutil/disks: add AllPhysicalDisks() - timeutil,deviceutil: fix unit tests on systems without dbus or without ntp-sync - cmd/snap-bootstrap/README: explain all the things (well most of them anyways) - docs: add run-checks dependency install instruction - o/snapstate: do not prune refresh-candidates if gate-auto-refresh- hook feature is not enabled - o/snapstate: test relink remodel helpers do a proper subset of doInstall and rework the verify*Tasks helpers - tests/main/mount-ns: make the test run early - tests: add `--debug` to netplan apply - many: wait for up to 10min for NTP synchronization before autorefresh - tests: initialize CHANGE_ID in _wait_autorefresh - sandbox/cgroup: freeze and thaw cgroups related to services and scopes only - tests: add more debug around qemu-nbd - o/hookstate: print cohort with snapctl refresh --pending (#10985) - tests: misc robustness changes - o/snapstate: improve install/update tests (#10850) - tests: clean up test tools - spread.yaml: show `journalctl -e` for all suites on debug - tests: give interfaces-udisks2 more time for the loop device to appear - tests: set memory limit for snapd - tests: increase timeout/add debug around nbd0 mounting (up, see LP:#1949513) - snapstate: add debug message where a snap is mounted - tests: give nbd0 more time to show up in preseed-lxd - interfaces/dsp: add more ambarella things - cmd/snap: improve snap disconnect arg parsing and err msg - tests: disable nested lxd snapd testing - tests: disable flaky "interfaces-udisks2" on ubuntu-18.04-32 - o/snapstate: avoid validationSetsSuite repeating snapmgrTestSuite - sandbox/cgroup: wait for start transient unit job to finish - o/snapstate: fix task order, tweak errors, add unit tests for remodel helpers - osutil/disks: re-org methods for end of usable region, size information - build-aux: ensure that debian packaging matches build-base - docs: update HACKING.md instructions for snapd 2.52 and later - spread: run lxd tests with version from latest/edge - interfaces: suppress denial of sys_module capability - osutil/disks: add methods to replace gadget/ondisk functions - tests: split test tools - part 1 - tests: fix nested tests on uc20 - data/selinux: allow snap-confine to read udev's database - i/b/common_test: refactor AppArmor features test - tests: run spread tests on debian 11 - o/devicestate: copy timesyncd clock timestamp during install - interfaces/builtin: do not probe parser features when apparmor isn't available - interface/modem-manager: allow connecting to the mbim/qmi proxy - tests: fix error message in run-checks - tests: spread test for validation sets enforcing - cmd/snap-confine: lazy set up of device cgroup, only when devices were assigned - o/snapstate: deduplicate snap names in remove/install/update - tests/main/selinux-data-context: use session when performing actions as test user - packaging/opensuse: sync with openSUSE packaging, enable AppArmor on 15.3+ - interfaces: skip connection of netlink interface on older systems - asserts, o/snapstate: honor IgnoreValidation flag when checking installed snaps - tests/main/apparmor-batch-reload: fix fake apparmor_parser to handle --preprocess - sandbox/apparmor, interfaces/apparmor: detect bpf capability, generate snippet for s-c - release-tools/repack-debian-tarball.sh: fix c-vendor dir - tests: test for enforcing with prerequisites - tests/main/snapd-sigterm: fix race conditions - spread: run lxd tests with version from latest/stable - run-checks: remove --spread from help message - secboot: use latest secboot with tpm legacy platform and v2 fully optional - tests/lib/pkgdb: install strace on Debian 11 and Sid - tests: ensure systemd-timesyncd is installed on debian - interfaces/u2f-devices: add Nitrokey 3 - tests: update the ubuntu-image channel to candidate - osutil/disks/labels: simplify decoding algorithm - tests: not testing lxd snap anymore on i386 architecture - o/snapstate, hookstate: print remaining hold time on snapctl --hold - cmd/snap: support --ignore-validation with snap install client command - tests/snapd-sigterm: be more robust against service restart - tests: simplify mock script for apparmor_parser - o/devicestate, o/servicestate: update gadget assets and cmdline when remodeling - tests/nested/manual/refresh-revert-fundamentals: re-enable encryption - osutil/disks: fix bug in BlkIDEncodeLabel, add BlkIDDecodeLabel - gadget, osutil/disks: fix some bugs from prior PR'sin the dir. - secboot: revert move to new version (revert #10715) - cmd/snap-confine: die when snap process is outside of snap specific cgroup - many: mv MockDeviceNameDisksToPartitionMapping -> MockDeviceNameToDiskMapping - interfaces/builtin: Add '/com/canonical/dbusmenu' path access to 'unity7' interface - interfaces/builtin/hardware-observer: add /proc/bus/input/devices too - osutil/disks, many: switch to defining Partitions directly for MockDiskMapping - tests: remove extra-snaps-assertions test - interface/modem-manager: add accept for MBIM/QMI proxy clients - tests/nested/core/core20-create-recovery: fix passing of data to curl - daemon: allow enabling enforce mode - daemon: use the syscall connection to get the socket credentials - i/builtin/kubernetes_support: add access to Calico lock file - osutil: ensure parent dir is opened and sync'd - tests: using test-snapd-curl snap instead of http snap - overlord: add managers unit test demonstrating cyclic dependency between gadget and kernel updates - gadget/ondisk.go: include the filesystem UUID in the returned OnDiskVolume - packaging: fixes for building on openSUSE - o/configcore: allow hostnames up to 253 characters, with dot- delimited elements - gadget/ondisk.go: add listBlockDevices() to get all block devices on a system - gadget: add mapping trait types + functions to save/load - interfaces: add polkit security backend - cmd/snap-confine/snap-confine.apparmor.in: update ld rule for s390x impish - tests: merge coverage results - tests: remove "features" from fde-setup.go example - fde: add new device-setup support to fde-setup - gadget: add `encryptedDevice` and add encryptedDeviceLUKS - spread: use `bios: uefi` for uc20 - client: fail fast on non-retryable errors - tests: support running all spread tests with experimental features - tests: check that a snap that doesn't have gate-auto-refresh hook can call --proceed - o/snapstate: support ignore-validation flag when updating to a specific snap revision - o/snapstate: test prereq update if started by old version - tests/main: disable cgroup-devices-v1 and freezer tests on 21.10 - tests/main/interfaces-many: run both variants on all possible Ubuntu systems - gadget: mv ensureLayoutCompatibility to gadget proper, add gadgettest pkg - many: replace state.State restart support with overlord/restart - overlord: fix generated snap-revision assertions in remodel unit tests * New upstream release, LP: #1929842 - devicestate: mock devicestate.MockTimeutilIsNTPSynchronized to avoid host env leaking into tests - timeutil: return NoTimedate1Error if it can't connect to the system bus * New upstream release, LP: #1929842 - devicestate: Unregister deletes the device key pair as well - daemon,tests: support forgetting device serial via API - configcore: relax validation rules for hostname - o/devicestate: introduce DeviceManager.Unregister - packaging/ubuntu, packaging/debian: depend on dbus-session-bus provider - many: wait for up to 10min for NTP synchronization before autorefresh - interfaces/interfaces/scsi_generic: add interface for scsi generic devices - interfaces/microstack-support: set controlsDeviceCgroup to true - interface/builtin/log_observe: allow to access /dev/kmsg - daemon: write formdata file parts to snaps dir - spread: run lxd tests with version from latest/edge - cmd/libsnap-confine-private: fix snap-device-helper device allow list modification on cgroup v2 - interfaces/builtin/dsp: add proc files for monitoring Ambarella DSP firmware - interfaces/builtin/dsp: update proc file accordingly * New upstream release, LP: #1946127 - interfaces/builtin/block_devices: allow blkid to print block device attributes/run/udev/data/b{major}:{minor} - cmd/libsnap-confine-private: do not deny all devices when reusing the device cgroup - interfaces/builtin/time-control: allow pps access - interfaces/u2f-devices: add Trezor and Trezor v2 keys - interfaces: timezone-control, add permission for ListTimezones DBus call - interfaces/apparmor/template.go: allow udevadm from merged usr systems - interface/modem-manager: allow connecting to the mbim/qmi proxy - interfaces/network-manager-observe: Update for libnm client library - cmd/snap-seccomp/syscalls: update syscalls to match libseccomp abad8a8f4 - sandbox/cgroup: freeze and thaw cgroups related to services and scopes only - o/hookstate: print cohort with snapctl refresh --pending - cmd/snap-confine: lazy set up of device cgroup, only when devices were assigned - tests: ensure systemd-timesyncd is installed on debian - tests/lib/pkgdb: install strace on Debian 11 and Sid - tests/main/snapd-sigterm: flush, use retry - tests/main/snapd-sigterm: fix race conditions - release-tools/repack-debian-tarball.sh: fix c-vendor dir - data/selinux: allow snap-confine to read udev's database - interfaces/dsp: add more ambarella things* interfaces/dsp: add more ambarella things * New upstream release, LP: #1946127 - spread: run lxd tests with version from latest/stable - secboot: use latest secboot with tpm legacy platform and v2 fully optional (#10946) - cmd/snap-confine: die when snap process is outside of snap specific cgroup (2.53) - interfaces/u2f-devices: add Nitrokey 3 - Update the ubuntu-image channel to candidate - Allow hostnames up to 253 characters, with dot-delimited elements (as suggested by man 7 hostname). - Disable i386 until it is possible to build snapd using lxd - o/snapstate, hookstate: print remaining hold time on snapctl --hold - tests/snapd-sigterm: be more robust against service restart - tests: add a regression test for snapd hanging on SIGTERM - daemon: use the syscall connection to get the socket credentials - interfaces/builtin/hardware-observer: add /proc/bus/input/devices too - cmd/snap-confine/snap-confine.apparmor.in: update ld rule for s390x impish - interface/modem-manager: add accept for MBIM/QMI proxy clients - secboot: revert move to new version * New upstream release, LP: #1946127 - overlord: fix generated snap-revision assertions in remodel unit tests - snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk` - interfaces/modem-manager: add access to PCIe modems - overlord/devicestate: record recovery capable system on a successful remodel - o/snapstate: use device ctx in prerequisite install/update - osutil/disks: support filtering by mount opts in MountPointsForPartitionRoot - many: support an API flag system-restart-immediate to make snap ops proceed immediately with system restarts - osutil/disks: add RootMountPointsForPartition - overlord/devicestate, tests: enable UC20 remodel, add spread tests - cmd/snap: improve snap run help message - o/snapstate: support ignore validation flag on install/update - osutil/disks: add Disk.FindMatchingPartitionWith{Fs,Part}Label - desktop: implement gtk notification backend and provide minimal notification api - tests: use the latest cpu family for nested tests execution - osutil/disks: add Partition struct and Disks.Partitions() - o/snapstate: prevent install hang if prereq install fails - osutil/disks: add Disk.KernelDevice{Node,Path} methods - disks: add `Size(path)` helper - tests: reset some mount units failing on ubuntu impish - osutil/disks: add DiskFromDevicePath, other misc changes - interfaces/apparmor: do not fail during initialization when there is no AppArmor profile for snap-confine - daemon: implement access checkers for themes API - interfaces/seccomp: add clone3 to default template - interfaces/u2f-devices: add GoTrust Idem Key - o/snapstate: validation sets enforcing on update - o/ifacestate: don't fail remove if disconnect hook fails - tests: fix error trying to create the extra-snaps dir which already exists - devicestate: use EncryptionType - cmd/libsnap-confine-private: workaround BPF memory accounting, update apparmor profile - tests: skip system-usernames-microk8s when TRUST_TEST_KEYS is false - interfaces/dsp: add a usb rule to the ambarella flavor - interfaces/apparmor/template.go: allow inspection of dbus mediation level - tests/main/security-device-cgroups: fix when both variants run on the same host - cmd/snap-confine: update s-c apparmor profile to allow versioned ld.so - many: rename systemd.Kind to Backend for a bit more clarity - cmd/libsnap-confine-private: fix set but unused variable in the unit tests - tests: fix netplan test on i386 architecture - tests: fix lxd-mount-units test which is based on core20 in ubuntu focal system - osutil/disks: add new `CreateLinearMapperDevice` helper - cmd/snap: wait while inhibition file is present - tests: cleanup the job workspace as first step of the actions workflow - tests: use our own image for ubuntu impish - o/snapstate: update default provider if missing required content - o/assertstate, api: update validation set assertions only when updating all snaps - fde: add HasDeviceUnlock() helper - secboot: move to new version - o/ifacestate: don't lose connections if snaps are broken - spread: display information about current device cgroup in debug dump - sysconfig: set TMPDIR in tests to avoid cluttering the real /tmp - tests, interfaces/builtin: introduce 21.10 cgroupv2 variant, tweak tests for cgroupv2, update builtin interfaces - sysconfig/cloud-init: filter MAAS c-i config from ubuntu-seed on grade signed - usersession/client: refactor doMany() method - interfaces/builtin/opengl.go: add libOpenGL.so* too - o/assertstate: check installed snaps when refreshing validation set assertions - osutil: helper for injecting run time faults in snapd - tests: update test nested tool part 2 - libsnap-confine: use the pid parameter - gadget/gadget.go: LaidOutSystemVolumeFromGadget -> LaidOutVolumesFromGadget - tests: update the time tolerance to fix the snapd-state test - .github/workflows/test.yaml: revert #10809 - tests: rename interfaces-hooks-misbehaving spread test to install- hook-misbehaving - data/selinux: update the policy to allow s-c to manipulate BPF map and programs - overlord/devicestate: make settle wait longer in remodel tests - kernel/fde: mock systemd-run in unit test - o/ifacestate: do not create stray task in batchConnectTasks if there are no connections - gadget: add VolumeName to Volume and VolumeStructure - cmd/libsnap-confine-private: use root when necessary for BPF related operations - .github/workflows/test.yaml: bump action-build to 1.0.9 - o/snapstate: enforce validation sets/enforce on InstallMany - asserts, snapstate: return full validation set keys from CheckPresenceRequired and CheckPresenceInvalid - cmd/snap: only log translation warnings in debug/testing - tests/main/preseed: update for new base snap of the lxd snap - tests/nested/manual: use loop for checking for initialize-system task done - tests: add a local snap variant to testing prepare-image gating support - tests/main/security-device-cgroups-strict-enforced: demonstrate device cgroup being enforced - store: one more tweak for the test action timeout - github: do not fail when codecov upload fails - o/devicestate: fix flaky test remodel clash - o/snapstate: add ChangeID to conflict error - tests: fix regex of TestSnapActionTimeout test - tests: fix tests for 21.10 - tests: add test for store.SnapAction() request timeout - tests: print user sessions info on debug-each - packaging: backports of golang-go 1.13 are good enough - sysconfig/cloudinit: add cloudDatasourcesInUseForDir - cmd: build gdb shims as static binaries - packaging/ubuntu: pass GO111MODULE to dh_auto_test - cmd/libsnap-confine-private, tests, sandbox: remove warnings about cgroup v2, drop forced devmode - tests: increase memory quota in quota-groups-systemd-accounting - tests: be more robust against a new day stepping in - usersession/xdgopenproxy: move PortalLauncher class to own package - interfaces/builtin: fix microstack unit tests on distros using /usr/libexec - cmd/snap-confine: handle CURRENT_TAGS on systems that support it - cmd/libsnap-confine-private: device cgroup v2 support - o/servicestate: Update task summary for restart action - packaging, tests/lib/prepare-restore: build packages without network access, fix building debs with go modules - systemd: add AtLeast() method, add mocking in systemdtest - systemd: use text.template to generate mount unit - o/hookstate/ctlcmd: Implement snapctl refresh --show-lock command - o/snapstate: optimize conflicts around snaps stored on conditional-auto-refresh task - tests/lib/prepare.sh: download core20 for UC20 runs via BASE_CHANNEL - mount-control: step 1 - go: update go.mod dependencies - o/snapstate: enforce validation sets on snap install - tests: revert revert manual lxd removal - tests: pre-cache snaps in classic and core systems - tests/lib/nested.sh: split out additional helper for adding files to VM imgs - tests: update nested tool - part1 - image/image_linux.go: add newline - interfaces/block-devices: support to access the state of block devices - o/hookstate: require snap-refresh-control interface for snapctl refresh --proceed - build-aux: stage libgcc1 library into snapd snap - configcore: add read-only netplan support - tests: fix fakedevicesvc service already exists - tests: fix interfaces-libvirt test - tests: remove travis leftovers - spread: bump delta ref to 2.52 - packaging: ship the `snapd.apparmor.service` unit in debian - packaging: remove duplicated `golang-go` build-dependency - boot: record recovery capable systems in recovery bootenv - tests: skip overlord tests on riscv64 due to timeouts. - overlord/ifacestate: fix arguments in unit tests - ifacestate: undo repository connection if doConnect fails - many: remove unused parameters - tests: failure of prereqs on content interface doesn't prevent install - tests/nested/manual/refresh-revert-fundamentals: fix variable use - strutil: add Intersection() - o/ifacestate: special-case system-files and force refreshing its static attributes - interface/builtin: add qualcomm-ipc-router interface for AF_QIPCRTR socket protocol - tests: new snapd-state tool - codecov: fix files pathnames - systemd: add mock systemd helper - tests/nested/core/extra-snaps-assertions: fix the match pattern - image,c/snap,tests: support enforcing validations in prepare-image via --customize JSON validation enforce(|ignore) - o/snapstate: enforce validation sets assertions when removing snaps - many: update deps - interfaces/network-control: additional ethernet rule - tests: use host-scaled settle timeout for hookstate tests - many: move to go modules - interfaces: no need for snapRefreshControlInterface struct - interfaces: introduce snap-refresh-control interface - tests: move interfaces-libvirt test back to 16.04 - tests: bump the number of retries when waiting for /dev/nbd0p1 - tests: add more space on ubuntu xenial - spread: add 21.10 to qemu, remove 20.10 (EOL) - packaging: add libfuse3-dev build dependency - interfaces: add microstack-support interface - wrappers: fix a bunch of duplicated service definitions in tests - tests: use host-scaled timeout to avoid riscv64 test failure - many: fix run-checks gofmt check - tests: spread test for snapctl refresh --pending/--proceed from the snap - o/assertstate,daemon: refresh validation sets assertions with snap declarations - tests: migrate tests that are only executed on xenial to bionic - tests: remove opensuse-15.1 and add opensuse-15.3 from spread runs - packaging: update master changelog for 2.51.7 - sysconfig/cloudinit: fix bug around error state of cloud-init - interfaces, o/snapstate: introduce AffectsPlugOnRefresh flag - interfaces/interfaces/ion-memory-control: add: add interface for ion buf - interfaces/dsp: add /dev/ambad into dsp interface - tests: new spread log parser - tests: check files and dirs are cleaned for each test - o/hookstate/ctlcmd: unify the error message when context is missing - o/hookstate: support snapctl refresh --pending from snap - many: remove unused/dead code - cmd/libsnap-confine-private: add BPF support helpers - interfaces/hardware-observe: add some dmi properties - snapstate: abort kernel refresh if no gadget update can be found - many: shellcheck fixes - cmd/snap: add Size column to refresh --list - packaging: build without dwarf debugging data - snapstate: fix misleading `assumes` error message - tests: fix restore in snapfuse spread tests - o/assertstate: fix missing 'scheduled' header when auto refreshing assertions - o/snapstate: fail remove with invalid snap names - o/hookstate/ctlcmd: correct err message if missing root - .github/workflows/test.yaml: fix logic - o/snapstate: don't hold some snaps if not all snaps can be held by the given gating snap - c-vendor.c: new c-vendor subdir - store: make sure expectedZeroFields in tests gets updated - overlord: add manager test for "assumes" checking - store: deal correctly with "assumes" from the store raw yaml - sysconfig/cloudinit.go: add functions for filtering cloud-init config - cgroup-support: allow to hide cgroupv2 warning via ENV - gadget: Export mkfs functions for use in ubuntu-image - tests: set to 10 minutes the kill timeout for tests failing on slow boards - .github/workflows/test.yaml: test github.events key - i18n/xgettext-go: preserve already escaped quotes - cmd/snap-seccomp/syscalls: update syscalls list to libseccomp v2.2.0-428-g5c22d4b - github: do not try to upload coverage when working with cached run - tests/main/services-install-hook-can-run-svcs: shellcheck issue fix - interfaces/u2f-devices: add Nitrokey FIDO2 - testutil: add DeepUnsortedMatches Checker - cmd, packaging: import BPF headers from kernel, detect whether host headers are usable - tests: fix services-refresh-mode test - tests: clean snaps.sh helper - tests: fix timing issue on security-dev-input-event-denied test - tests: update systems for sru validation - .github/workflows: add codedov again - secboot: remove duplicate import - tests: stop the service when is active in test interfaces- firewall-control test - packaging: remove TEST_GITHUB_AUTOPKGTEST support - packaging: merge 2.51.6 changelog back to master - secboot: use half the mem for KDF in AddRecoveryKey - secboot: switch main key KDF memory cost to 32KB - tests: remove the test user just when it was installed on create- user-2 test - spread: temporarily fix the ownership of /home/ubuntu/.ssh on 21.10 - daemon, o/snapstate: handle IgnoreValidation flag on install (2/3) - usersession/agent: refactor common JSON validation into own function - o/hookstate: allow snapctl refresh --proceed from snaps - cmd/libsnap-confine-private: fix issues identified by coverity - cmd/snap: print logs in local timezone - packaging: changelog for 2.51.5 to master - build-aux: build with go-1.13 in the snapcraft build too - config: rename "virtual" config to "external" config - devicestate: add `snap debug timings --ensure=install-system` - interfaces/builtin/raw_usb: fix platform typo, fix access to usb devices accessible through platform - o/snapstate: remove commented out code - cmd/snap-device-helper: reimplement snap-device-helper - cmd/libsnap-confine-private: fix coverity issues in tests, tweak uses of g_assert() - o/devicestate/handlers_install.go: add workaround to create dirs for install - o/assertstate: implement ValidationSetAssertionForEnforce helper - clang-format: stop breaking my includes - o/snapstate: allow auto-refresh limited to snaps affected by a specific gating snap - tests: fix core-early-config test to use tests.nested tool - sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init datasource - c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags to snap/snapctl - corecfg: add "system.hostname" setting to the system settings - wrappers: measure time to enable services in StartServices() - configcore: fix early config timezone handling - tests/nested/manual: enable serial assertions on testkeys nested VM's - configcore: fix a bunch of incorrect error returns - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap - packaging: merge 2.51.4 changelog back to master - {device,snap}state: skip kernel extraction in seeding - vendor: move to snapshot-4c814e1 branch and set fixed KDF options - tests: use bigger storage on ubuntu 21.10 - snap: support links map in snap.yaml (and later from the store API) - o/snapstate: add AffectedByRefreshCandidates helper - configcore: register virtual config for timezone reading - cmd/libsnap-confine-private: move device cgroup files, add helper to deny a device - tests: fix cached-results condition in github actions workflow - interfaces/tee: add support for Qualcomm qseecom device node - packaging: fix build failure on bionic and simplify rules - o/snapstate: affectedByRefresh tweaks - tests: update nested wait for snapd command - interfaces/builtin: allow access to per-user GTK CSS overrides - tests/main/snapd-snap: install 4.x snapcraft to build the snapd snap - snap/squashfs: handle squashfs-tools 4.5+ - asserts/snapasserts: CheckPresenceInvalid and CheckPresenceRequired methods - cmd/snap-confine: refactor device cgroup handling to enable easier v2 integration - tests: skip udp protocol on latest ubuntus - cmd/libsnap-confine-private: g_spawn_check_exit_status is deprecated since glib 2.69 - interfaces: s/specifc/specific/ - github: enable gofmt for Go 1.13 jobs - overlord/devicestate: UC20 specific set-model, managers tests - o/devicestate, sysconfig: refactor cloud-init config permission handling - config: add "virtual" config via config.RegisterVirtualConfig - packaging: switch ubuntu to use golang-1.13 - snap: change `snap login --help` to not mention "buy" - tests: removing Ubuntu 20.10, adding 21.04 nested in spread - tests/many: remove lxd systemd unit to prevent unexpected leftovers - tests/main/services-install-hook-can-run-svcs: make variants more obvious - tests: force snapd-session-agent.socket to be re-generated * New upstream release, LP: #1942646 - snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk` for the disk (if not present already) - many: support an API flag system-restart-immediate to make snap ops proceed immediately with system restarts - cmd/libsnap-confine-private: g_spawn_check_exit_status is deprecated since glib 2.69 - interfaces/seccomp: add clone3 to default template - interfaces/apparmor/template.go: allow inspection of dbus mediation level - interfaces/dsp: add a usb rule to the ambarella flavor - cmd/snap-confine: update s-c apparmor profile to allow versioned ld.so - o/ifacestate: don't lose connections if snaps are broken - interfaces/builtin/opengl.go: add libOpenGL.so* too - interfaces/hardware-observe: add some dmi properties - build-aux: stage libgcc1 library into snapd snap - interfaces/block-devices: support to access the state of block devices - packaging: ship the `snapd.apparmor.service` unit in debian * New upstream release, LP: #1942646 - interface/builtin: add qualcomm-ipc-router interface for AF_QIPCRTR socket protocol - o/ifacestate: special-case system-files and force refreshing its static attributes - interfaces/network-control: additional ethernet rule - packaging: update 2.52 changelog with 2.51.7 - interfaces/interfaces/ion-memory-control: add: add interface for ion buf - packaging: merge 2.51.6 changelog back to 2.52 - secboot: use half the mem for KDF in AddRecoveryKey - secboot: switch main key KDF memory cost to 32KB - many: merge release/2.51 change to release/2.52 - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap - o/servicestate: use snap app names for ExplicitServices of ServiceAction - tests/main/services-install-hook-can-run-svcs: add variant w/o --enable - o/servicestate: revert only start enabled services - tests: adding Ubuntu 21.10 to spread test suite - interface/modem-manager: add support for MBIM/QMI proxy clients - cmd/snap/model: support storage-safety and snaps headers too - o/assertstate: Implement EnforcedValidationSets helper - tests: using retry tool for nested tests - gadget: check for system-save with multi volumes if encrypting correctly - interfaces: make the service naming entirely internal to systemd BE - tests/lib/reset.sh: fix removing disabled snaps - store/store_download.go: use system snap provided xdelta3 priority + fallback - packaging: merge changelog from 2.51.3 back to master - overlord: only start enabled services - interfaces/builtin: add sd-control interface - tests/nested/cloud-init-{never-used,nocloud}-not-vuln: fix tests, use 2.45 - tests/lib/reset.sh: add workaround from refresh-vs-services tests for all tests - o/assertstate: check for conflicts when refreshing and committing validation set asserts - devicestate: add support to save timings from install mode - tests: new tests.nested commands copy and wait-for - install: add a bunch of nested timings - tests: drop any-python wrapper - store: set ResponseHeaderTimeout on the default transport - tests: fix test-snapd-user-service-sockets test removing snap - tests: moving nested_exec to nested.tests exec - tests: add tests about services vs snapd refreshes - client, cmd/snap, daemon: refactor REST API for quotas to match CLI org - c/snap,asserts: create/delete-key external keypair manager interaction - tests: revert disable of the delta download tests - tests/main/system-usernames-microk8s: disable on centos 7 too - boot: support device change - o/snapstate: remove unused refreshSchedule argument for isRefreshHeld helper - daemon/api_quotas.go: handle conflicts, returning conflict response - tests: test for gate-auto-refresh hook error resulting in hold - release: 2.51.2 - snapstate/check_snap: add snap_microk8s to shared system- usernames - snapstate: remove temporary snap file for local revisions early - interface: allows reading sd cards internal info from block- devices interface - tests: Renaming tool nested-state to tests.nested - testutil: fix typo in json checker unit tests - tests: ack assertions by default, add --noack option - overlord/devicestate: try to pick alternative recovery labels during remodel - bootloader/assets: update recovery grub to allow system labels generated by snapd - tests: print serial log just once for nested tests - tests: remove xenial 32 bits - sandbox/cgroup: do not be so eager to fail when paths do not exist - tests: run spread tests in ubuntu bionic 32bits - c/snap,asserts: start supporting ExternalKeypairManager in the snap key-related commands - tests: refresh control spread test - cmd/libsnap-confine-private: do not fail on ENOENT, better getline error handling - tests: disable delta download tests for now until the store is fixed - tests/nested/manual/preseed: fix for cloud images that ship without core18 - boot: properly handle tried system model - tests/lib/store.sh: revert #10470 - boot, seed/seedtest: tweak test helpers - o/servicestate: TODO and fix preexisting typo - o/servicestate: detect conflicts for quota group operations - cmd/snap/quotas: adjust help texts for quota commands - many/quotas: little adjustments - tests: add spread test for classic snaps content slots - o/snapstate: fix check-rerefresh task summary when refresh control is used - many: use changes + tasks for quota group operations - tests: fix test snap-quota-groups when checking file cgroupProcsFile - asserts: introduce ExternalKeypairManager - o/ifacestate: do not visit same halt tasks in waitChainSearch to avoid cycles - tests/lib/store.sh: fix make_snap_installable_with_id() - overlord/devicestate, overlord/assertstate: use a temporary DB when creating recovery systems - corecfg: allow using `# snapd-edit: no` header to disable pi- config# snapd-edit: no - tests/main/interfaces-ssh-keys: tweak checks for openSUSE Tumbleweed - cmd/snap: prevent cycles in waitChainSearch with snap debug state - o/snapstate: fix populating of affectedSnapInfo.AffectingSnaps for marking self as affecting - tests: new parameter used by retry tool to set env vars - tests: support parameters for match-log on journal-state tool - configcore: ignore system.pi-config.* setting on measured kernels - sandbox/cgroup: support freezing groups with unified hierarchy - tests: fix preseed test to used core20 snap on latest systems - testutil: introduce a checker which compares the type after having passed them through a JSON marshaller - store: tweak error message when store.Sections() download fails - o/servicestate: stop setting DoneStatus prematurely for quota- control - cmd/libsnap-confine-private: bump max depth of groups hierarchy to 32 - many: turn Contact into an accessor - store: make the log with download size a debug one - cmd/snap-update-ns: Revert "cmd/snap-update-ns: add SRCDIR to include search path" - o/devicestate: move SystemMode method before first usage - tests: skip tests when the sections cannot be retrieved - boot: support resealing with a try model - o/hookstate: dedicated handler for gate-auto-refresh hook - tests: make sure the /root/snap dir is backed up on test snap- user-dir-perms-fixed - cmd/snap-confine: make mount ns use check cgroup v2 compatible - snap: fix TestInstallNoPATH unit test failure when SUDO_UID is set - cmd/libsnap-confine-private/cgroup-support.c: Fix typo - cmd/snap-confine, cmd/snapd-generator: fix issues identified by sparse - o/snapstate: make conditional-auto-refresh conflict with other tasks via affected snaps - many: pass device/model info to configcore via sysconfig.Device interface - o/hookstate: return bool flag from Error function of hook handler to ignore hook errors - cmd/snap-update-ns: add SRCDIR to include search path - tests: fix for tests/main/lxd-mount-units test and enable ubuntu-21.04 - overlord, o/devicestate: use a single test helper for resetting to a post boot state - HACKING.md: update instructions for go1.16+ - tests: fix restore for security-dev-input-event-denied test - o/servicestate: move SetStatus to doQuotaControl - tests: fix classic-prepare-image test - o/snapstate: prune gating information and refresh-candidates on snap removal - o/svcstate/svcstatetest, daemon/api_quotas: fix some tests, add mock helper - cmd: a bunch of tweaks and updates - o/servicestate: refactor meter handling, eliminate some common parameters - o/hookstate/ctlcmd: allow snapctl refresh --pending --proceed syntax. - o/snapstate: prune refresh candidates in check-rerefresh - osutil: pass --extrausers option to groupdel - o/snapstate: remove refreshed snap from snaps-hold in snapstate.doInstall - tests/nested: add spread test for uc20 cloud.conf from gadgets - boot: drop model from resealing and boostate - o/servicestate, snap/quota: eliminate workaround for buggy systemds, add spread test - o/servicestate: introduce internal and servicestatetest - o/servicestate/quota_control.go: enforce minimum of 4K for quota groups - overlord/servicestate: avoid unnecessary computation of disabled services - o/hookstate/ctlcmd: do not call ProceedWithRefresh immediately from snapctl - o/snapstate: prune hold state during autoRefreshPhase1 - wrappers/services.go: do not restart disabled or inactive services - sysconfig/cloudinit.go: allow installing both gadget + ubuntu-seed config - spread: switch LXD back to latest/candidate channel - interfaces/opengl: add support for Imagination PowerVR - boot: decouple model from seal/reseal handling via an auxiliary type - spread, tests/main/lxd: no longer manual, switch to latest/stable - github: try out golangci-lint - tests: set lxd test to manual until failures are fixed - tests: connect 30% of the interfaces on test interfaces-many-core- provided - packaging/debian-sid: update snap-seccomp patches for latest master - many: fix imports order (according to gci) - o/snapstate: consider held snaps in autoRefreshPhase2 - o/snapstate: unlock the state before calling backend in undoStartSnapServices - tests: replace "not MATCH" by NOMATCH in tests - README.md: refer to new IRC server - cmd/snap-preseed: provide more error info if snap-preseed fails early on mount - daemon: add a Daemon argument to AccessChecker.CheckAccess - c/snap-bootstrap: add bind option with tests - interfaces/builtin/netlink_driver_test.go: add test snippet - overlord/devicestate: set up recovery system tasks when attempting a remodel - osutil,strutil,testutil: fix imports order (according to gci) - release: merge 2.51.1 changelog - cmd: fix imports order (according to gci) - tests/lib/snaps/test-snapd-policy-app-consumer: remove dsp-control interface - o/servicestate: move handlers tests to quota_handlers_test.go file instead - interfaces: add netlink-driver interface - interfaces: remove leftover debug print - systemd: refactor property parsers for int values in CurrentTasksCount, etc. - tests: fix debug section for postrm-purge test - tests/many: change all cloud-init passwords for ubuntu to use plain_test_passwd - asserts,interfaces,snap: fix imports order (according to gci) - o/servicestate/quota_control_test.go: test the handlers directly - tests: fix issue when checking the udev tag on test security- device-cgroups - many: introduce Store.SnapExists and use it in /v2/accessories/themes - o/snapstate: update LastRefreshTime in doLinkSnap handler - o/hookstate: handle snapctl refresh --proceed and --hold - boot: fix model inconsistency check in modeenv, extend unit tests - overlord/servicestate: improve test robustness with locking - tests: first part of the cleanup - tests: new note in HACKING file to clarify about yamlordereddictloader dependency - daemon: make CheckAccess return an apiError - overlord: fix imports ordering (according to gci) - o/servicestate: add quotastate handlers - boot: track model's sign key ID, prepare infra for tracking candidate model - daemon: have apiBaseSuite.errorReq return *apiError directly - o/servicestate/service_control.go: add comment about ExplicitServices - interfaces: builtin: add dm-crypt interface to support external storage encryption - daemon: split out error response code from response*.go to errors*.go - interfaces/dsp: fix typo in udev rule - daemon,o/devicestate: have DeviceManager.SystemMode take an expectation on the system - o/snapstate: add helpers for setting and querying holding time for snaps - many: fix quota groups for centos 7, amazon linux 2 w/ workaround for buggy systemd - overlord/servicestate: mv ensureSnapServicesForGroup to new file - overlord/snapstate: lock the mutex before returning from stop snap services undo - daemon: drop resp completely in favor of using respJSON consistently - overlord/devicestate: support for snap downloads in recovery system handlers - daemon: introduce a separate findResponse, simplify SyncRespone and drop Meta - overlord/snapstate, overlord/devicestate: exclusive change conflict check - wrappers, packaging, snap-mgmt: handle removing slices on purge too - services: remember if acting on the entire snap - store: extend context and action objects of SnapAction with validation-sets - o/snapstate: refresh control - autorefresh phase2 - cmd/snap/quota: refactor quota CLI as per new design - interfaces: opengl: change path for Xilinx zocl driver - tests: update spread images for ubuntu-core-20 and ubuntu-21.04 - o/servicestate/quota_control_test.go: change helper escaping - o/configstate/configcore: support snap set system swap.size=... - o/devicestate: require serial assertion before remodeling can be started - systemd: improve systemctl error reporting - tests/core/remodel: use model assertions signed with valid keys - daemon: use apiError for more of the code - store: fix typo in snapActionResult struct json tag - userd: mock `systemd --version` in privilegedDesktopLauncherSuite - packaging/fedora: sync with downstream packaging - daemon/api_quotas.go: include current memory usage information in results - daemon: introduce StructuredResponse and apiError - o/patch: check if we have snapd snap with correct snap type already in snapstate - tests/main/snapd-snap: build the snapd snap on all platforms with lxd - tests: new commands for snaps-state tool - tests/main/snap-quota-groups: add functional spread test for quota groups - interfaces/dsp: add /dev/cavalry into dsp interface - cmd/snap/cmd_info_test.go: make test robust against TZ changes - tests: moving to tests directories snaps built locally - part 2 - usersession/userd: fix unit tests on systems using /var/lib/snapd - sandbox/cgroup: wait for pid to be moved to the desired cgroup - tests: fix snap-user-dir-perms-fixed vs format checks - interfaces/desktop-launch: support confined snaps launching other snaps - features: enable dbus-activation by default - usersession/autostart: change ~/snap perms to 0700 on startup - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-data nosuid - tests: new test static checker - release-tool/changelog.py: misc fixes from real world usage - release-tools/changelog.py: add function to generate github release template - spread, tests: Fedora 32 is EOL, drop it - o/snapstate: bump max postponement from 60 to 95 days - interfaces/apparmor: limit the number of jobs when running with a single CPU - packaging/fedora/snapd.spec: correct date format in changelog - packaging: merge 2.51 changelog back to master - packaging/ubuntu-16.04/changelog: add 2.50 and 2.50.1 changelogs, placeholder for 2.51 - interfaces: allow read access to /proc/tty/drivers to modem- manager and ppp/dev/tty * New upstream release, LP: #1929842 - cmd/snap-seccomp/syscalls: update syscalls list to libseccomp v2.2.0-428-g5c22d4b1 - tests: cherry-pick shellcheck fix `bd730fd4` - interfaces/dsp: add /dev/ambad into dsp interface - many: shellcheck fixes - snapstate: abort kernel refresh if no gadget update can be found - overlord: add manager test for "assumes" checking - store: deal correctly with "assumes" from the store raw yaml * New upstream release, LP: #1929842 - secboot: use half the mem for KDF in AddRecoveryKey - secboot: switch main key KDF memory cost to 32KB * New upstream release, LP: #1929842 - snap/squashfs: handle squashfs-tools 4.5+ - tests/core20-install-device-file-install-via-hook-hack: adjust test for 2.51 - o/devicestate/handlers_install.go: add workaround to create dirs for install - tests: fix linter warning - tests: update other spread tests for new behaviour - tests: ack assertions by default, add --noack option - release-tools/changelog.py: also fix opensuse changelog date format - release-tools/changelog.py: fix typo in function name - release-tools/changelog.py: fix fedora date format - release-tools/changelog.py: handle case where we don't have a TZ - release-tools/changelog.py: fix line length check - release-tools/changelog.py: specify the LP bug for the release as an arg too - interface/modem-manager: add support for MBIM/QMI proxy clients - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd snap * New upstream release, LP: #1929842 - {device,snap}state: skip kernel extraction in seeding - vendor: move to snapshot-4c814e1 branch and set fixed KDF options - tests/interfaces/tee: fix HasLen check for udev snippets - interfaces/tee: add support for Qualcomm qseecom device node - gadget: check for system-save with multi volumes if encrypting correctly - gadget: drive-by: drop unnecessary/supported passthrough in test gadget.yaml * New upstream release, LP: #1929842 - interfaces/builtin: add sd-control interface - store: set ResponseHeaderTimeout on the default transport * New upstream release, LP: #1929842 - snapstate: remove temporary snap file for local revisions early - interface: allows reading sd cards internal info from block- devices interface - o/ifacestate: do not visit same halt tasks in waitChainSearch to avoid slow convergence (or unlikely cycles) - corecfg: allow using `# snapd-edit: no` header to disable pi- config - configcore: ignore system.pi-config.* setting on measured kernels - many: pass device/model info to configcore via sysconfig.Device interface - o/configstate/configcore: support snap set system swap.size=... - store: make the log with download size a debug one - interfaces/opengl: add support for Imagination PowerVR * New upstream release, LP: #1929842 - interfaces: add netlink-driver interface - interfaces: builtin: add dm-crypt interface to support external storage encryption - interfaces/dsp: fix typo in udev rule - overlord/snapstate: lock the mutex before returning from stop snap services undo - interfaces: opengl: change path for Xilinx zocl driver - interfaces/dsp: add /dev/cavalry into dsp interface - packaging/fedora/snapd.spec: correct date format in changelog * New upstream release, LP: #1929842 - cmd/snap: stacktraces debug endpoint - secboot: deactivate volume again when model checker fails - store: extra log message, a few minor cleanups - packaging/debian-sid: update systemd patch - snapstate: adjust update-gadget-assets user visible message - tests/nested/core/core20-create-recovery: verify that recovery system can be created at runtime - gadget: support creating vfat partitions during bootstrap - daemon/api_quotas.go: support updating quotas with ensure action - daemon: tighten access to a couple of POST endpoints that should be really be root-only - seed/seedtest, overlord/devicestate: move seed validation helper to seedtest - overlord/hookstate/ctlcmd: remove unneeded parameter - snap/quota: add CurrentMemoryUsage for current memory usage of a quota group - systemd: add CurrentMemoryUsage to get current memory usage for a unit - o/snapstate: introduce minimalInstallInfo interface - o/hookstate: print pending info (ready, inhibited or none) - osutil: a helper to find out the total amount of memory in the system - overlord, overlord/devicestate: allow for reloading modeenv in devicemgr when testing - daemon: refine access testing - spread: disable unattended-upgrades on debian - tests/lib/reset: make nc exit after a while when connection is idle - daemon: replace access control flags on commands with access checkers - release-tools/changelog.py: refactor regexp + file reading/writing - packaging/debian-sid: update locale patch for the latest master - overlord/devicestate: tasks for creating recovery systems at runtime - release-tools/changelog.py: implement script to update all the changelog files - tests: change machine type used for nested testsPrices: - cmd/snap: include locale when linting description being lower case - o/servicestate: add RemoveSnapFromQuota - interfaces/serial-port: add Qualcomm serial port devices to allowed list - packaging: merge 2.50.1 changelog back - interfaces/builtin: introduce raw-input interface - tests: remove tests.cleanup prepare from nested test - cmd/snap-update-ns: fix linter errors - asserts: fix errors reported by linter - o/hookstate/ctlcmd: allow system-mode for non-root - overlord/devicestate: comment why explicit system mode check is needed in ensuring tried recovery systems (#10275) - overlord/devicesate: observe snap writes when creating recovery systems - packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1 - tests: moving to tests directories snaps built locally - part 1 - seed/seedwriter: fail early when system seed directory exists - o/snapstate: autorefresh phase1 for refresh-control - c/snap: more precise message for ErrorKindSystemRestart op != reboot - tests: simplify the tests.cleanup tool - boot: helpers for manipulating current and good recovery systems list - o/hookstate, o/snapstate: print revision, version, channel with snapctl --pending - overlord: unit test tweaks, use well known snap IDs, setup snap declarations for most common snaps - tests/nested/manual: add test for install-device + snapctl reboot - o/servicestate: restart slices + services on modifications - tests: update mount-ns test to support changes in the distro - interfaces: fix linter issues - overlord: mock logger in managers unit tests - tests: adding support for fedora-34 - tests: adding support for debian 10 on gce - boot: reseal given keys when the respective boot chain has changed - secboot: switch encryption key size to 32 byte (thanks to Chris) - interfaces/dbus: allow claiming 'well-known' D-Bus names with a wildcard suffix - spread: bump delta reference version - interfaces: builtin: update permitted paths to be compatible with UC20 - overlord: fix errors reported by linter - tests: remove old fedora systems from tests - tests: update spread url - interfaces/camera: allow devices in /sys/devices/platform/**/usb* - interfaces/udisks2: Allow access to the login manager via dbus - cmd/snap: exit normally if "snap changes" has no changes (LP #1823974) - tests: more fixes for spread suite on openSUSE - tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed - daemon: fix linter errors - spread: add Fedora 34, leave a TODO about dropping Fedora 32 - interfaces: fix linter errors - tests: use op.paths tools instead of dirs.sh helper - part 2 - client: Fix linter errors - cmd/snap: Fix errors reported by linter - cmd/snap-repair: fix linter issues - cmd/snap-bootstrap: Fix linter errors - tests: update permission denied message for test-snapd-event on ubuntu 2104 - cmd/snap: small tweaks based on previous reviews - snap/snaptest: helper that mocks both the squashfs file and a snap directory - overlord/devicestate: tweak comment about creating recovery systems, formatting tweaks - overlord/devicestate: move devicemgr base suite helpers closer to test suite struct - overlord/devicestate: keep track of tried recovery system - seed/seedwriter: clarify in the diagram when SetInfo is called - overlord/devicestate: add helper for creating recovery systems at runtime - snap-seccomp: update syscalls.go list - boot,image: support image.Customizations.BootFlags - overlord: support snapctl --halt|--poweroff in gadget install- device - features,servicestate: add experimental.quota-groups flag - o/servicestate: address comments from previous PR - tests: basic spread test for snap quota commands - tests: moving the snaps which are not locally built to the store directory - image,c/snap: implement prepare-image --customize - daemon: implement REST API for quota groups (create / list / get) - cmd/snap, client: snap quotas command - o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods and snapctl system-mode - o/servicestate/quota_control.go: introduce (very) basic group manipulation methods - cmd/snap, client: snap remove-quota command - wrappers, quota: implement quota groups slice generation - snap/quotas: followups from previous PR - cmd/snap: introduce 'snap quota' command - o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in uc20 run mode - o/servicestate: test has internal ordering issues, consider both cases - o/servicestate/quotas: add functions for getting and setting quotas in state - tests: new buckets for snapd-spread project on gce - spread.yaml: update the gce project to start using snapd-spread - quota: new package for managing resource groups - many: bind and check keys against models when using FDE hooks v2 - many: move responsibilities down seboot -> kernel/fde and boot -> secboot - packaging: add placeholder changelog - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu Core system - many: hide EncryptionKey size and refactors for fde hook v2 next steps - tests: adding debug info for create user tests - o/hookstate: add "refresh" command to snapctl (hidden, not complete yet) - systemd: wait for zfs mounts (LP #1922293) - testutil: support referencing files in FileEquals checker - many: refactor to kernel/fde and allow `fde-setup initial-setup` to return json - o/snapstate: store refresh-candidates in the state - o/snapstate: helper for creating gate-auto-refresh hooks - bootloader/bootloadertest: provide interface implementation as mixins, provide a mock for recovery-aware-trusted-asses bootloader - tests/lib/nested: do not compress images, return early when restored from pristine image - boot: split out a helper for making recovery system bootable - tests: update os.query check to match new bullseye codename used on sid images - o/snapstate: helper for getting snaps affected by refresh, define new hook - wrappers: support in EnsureSnapServices a callback to observe changes (#10176) - gadget: multi line support in gadget's cmdline file - daemon: test that requesting restart from (early) Ensure works - tests: use op.paths tools instead of dirs.sh helper - part 1 - tests: add new command to snaps-state to get current core, kernel and gadget - boot, gadget: move opening the snap container into the gadget helper - tests, overlord: extend unit tests, extend spread tests to cover full command line support - interfaces/builtin: introduce dsp interface - boot, bootloader, bootloader/assets: support for full command line override from gadget - overlord/devicestate, overlord/snapstate: add task for updating kernel command lines from gadget - o/snapstate: remove unused DeviceCtx argument of ensureInstallPreconditions - tests/lib/nested: proper status return for tpm/secure boot checks - cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars - wrappers/services.go: refactor helper lambda function to separate function - boot/flags.go: add HostUbuntuDataForMode - boot: handle updating of components that contribute to kernel command line - tests: add 20.04 to systems for nested/core - daemon: add new accessChecker implementations - boot, overlord/devicestate: consider gadget command lines when updating boot config - tests: fix prepare-image-grub-core18 for arm devices - tests: fix gadget-kernel-refs-update-pc test on arm and when $TRUST_TEST_KEY is false - tests: enable help test for all the systems - boot: set extra command line arguments when preparing run mode - boot: load bits of kernel command line from gadget snaps - tests: update layout for tests - part 2 - tests: update layout for tests - part 1 - tests: remove the snap profiler from the test suite - boot: drop gadget snap yaml which is already defined elsewhere in the tests - boot: set extra kernel command line arguments when making a recovery system bootable - boot: pass gadget path to command line helpers, load gadget from seed - tests: new os.paths tool - daemon: make ucrednetGet() return a *ucrednet structure - boot: derive boot variables for kernel command lines - cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from initramfs * New upstream release, LP: #1926005 - interfaces: update permitted /lib/.. paths to be compatible with UC20 - interfaces: builtin: update permitted paths to be compatible with UC20 - interfaces/greengrass-support: delete white spaces at the end of lines - snap-seccomp: update syscalls.go list - many: backport kernel command line for 2.50 - interfaces/dbus: allow claiming 'well-known' D-Bus names with a wildcard suffix - interfaces/camera: allow devices in /sys/devices/platform/**/usb* - interfaces/builtin: introduce dsp interface * New upstream release, LP: #1926005 - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu Core system - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug - o/servicestate/servicemgr.go: add ensure loop for snap service units - wrappers/services.go: introduce EnsureSnapServices() - snapstate: add "kernel-assets" to featureSet - systemd: wait for zfs mounts - overlord: make servicestate responsible to compute SnapServiceOptions - boot,tests: move where we write boot-flags one level up - o/configstate: don't pass --root=/ when masking/unmasking/enabling/disabling services - cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to /run - gadget: be more flexible with kernel content resolving - boot, cmd/snap: include extra cmdline args in debug boot-vars output - boot: support read/writing boot-flags from userspace/initramfs - interfaces/pwm: add PWM interface - tests/lib/prepare-restore.sh: clean out snapd changes and snaps before purging - systemd: enrich UnitStatus returned by systemd.Status() with Installed flag - tests: updated restore phase of spread tests - part 1 - gadget: add support for kernel command line provided by the gadget - tests: Using GO111MODULE: "off" in spread.yaml - features: add gate-auto-refresh-hook feature flag - spread: ignore linux kernel upgrade in early stages for arch preparation - tests: use snaps-state commands and remove them from the snaps helper - o/configstate: fix panic with a sequence of config unset ops over same path - api: provide meaningful error message on connect/disconnect for non-installed snap - interfaces/u2f-devices: add HyperFIDO Pro - tests: add simple sanity check for systemctl show --property=UnitFileState for unknown service - tests: use tests.session tool on interfaces-desktop-document- portal test - wrappers: install D-Bus service activation files for snapd session tools on core - many: add x-gvfs-hide option to mount units - interfaces/builtin/gpio_test.go: actually test the generated gpio apparmor - spread: tentative workaround for arch failure caused by libc upgrade and cgroups v2 - tests: add spread test for snap validate against store assertions - tests: remove snaps which are not used in any test - ci: set the accept-existing-contributors parameter for the cla- check action - daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and some apiBaseSuite cosmetics) - o/devicestate/devicemgr: register install-device hook, run if present in install - o/configstate/configcore: simple refactors in preparation for new function - tests: unifying the core20 nested suite with the core nested suite - tests: uboot-unpacked-assets updated to reflect the real path used to find the kernel - daemon: switch api_test.go to daemon_test and various other cleanups - o/configstate/configcore/picfg.go: add hdmi_cvt support - interfaces/apparmor: followup cleanups, comments and tweaks - boot: cmd/snap-bootstrap: handle a candidate recovery system v2 - overlord/snapstate: skip catalog refresh when snappy testing is enabled - overlord/snapstate, overlord/ifacestate: move late security profile removal to ifacestate - snap-seccomp: fix seccomp test on ppc64el - interfaces, interfaces/apparmor, overlord/snapstate: late removal of snap-confine apparmor profiles - cmd/snap-bootstrap/initramfs-mounts: move time forward using assertion times - tests: reset the system while preparing the test suite - tests: fix snap-advise-command check for 429 - gadget: policy for gadget/kernel refreshes - o/configstate: deal with no longer valid refresh.timer=managed - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 - cla-check: Use has-signed-canonical-cla GitHub Action - tests: validation sets spread test - tests: simplify the reset.sh logic by removing not needed command - overlord/snapstate: make sure that snapd current symlink is not removed during refresh - tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20 - tests/lib/fde-setup-hook: also verify that fde-reveal-key key data is base64 - o/devicestate: split off ensuring next boot goes to run mode into new task - tests: fix cgroup-tracking test - boot: export helper for clearing tried system state, add tests - cmd/snap: use less aggressive client timeouts in unit tests - daemon: fix signing key validity timestamp in unit tests - o/{device,hook}state: encode fde-setup-request key as base64 string - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ - cmd/snap/pack: unhide the compression option - boot: extend set try recovery system unit tests - cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use secboot's implicit fallback - o/configstate/configcore: add hdmi_timings to pi-config - snapstate: reduce reRefreshRetryTimeout to 1/2 second - interfaces/tee: add TEE/OPTEE interface - o/snapstate: update validation sets assertions with auto-refresh - vendor: update go-tpm2/secboot to latest version - seed: ReadSystemEssentialAndBetterEarliestTime - tests: replace while commands with the retry tool - interfaces/builtin: update unit tests to use proper distro's libexecdir - tests: run the reset.sh helper and check test invariants while the test is restored - daemon: switch preexisting daemon_test tests to apiBaseSuite and .req - boot, o/devicestate: split makeBootable20 into two parts - interfaces/docker-support: add autobind unix rules to docker- support - interfaces/apparmor: allow reading /proc/sys/kernel/random/entropy_avail - tests: use retry tool instead a loops - tests/main/uc20-create-partitions: fix tests cleanup - asserts: mode where Database only assumes cur time >= earliest time - daemon: validation sets/api tests cleanup - tests: improve tests self documentation for nested test suite - api: local assertion fallback when it's not in the store - api: validation sets monitor mode - tests: use fs-state tool in interfaces tests - daemon: move out /v2/login|logout and errToResponse tests from api_test.go - boot: helper for inspecting the outcome of a recovery system try - o/configstate, o/snapshotstate: fix handling of nil snap config on snapshot restore - tests: update documentation and checks for interfaces tests - snap-seccomp: add new `close_range` syscall - boot: revert #10009 - gadget: remove `device-tree{,-origin}` from gadget tests - boot: simplify systems test setup - image: write resolved-content from snap prepare-image - boot: reseal the run key for all recovery systems, but recovery keys only for the good ones - interfaces/builtin/network-setup-{control,observe}: allow using netplan directly - tests: improve sections prepare and restore - part 1 - tests: update details on task.yaml files - tests: revert os.query usage in spread.yaml - boot: export bootAssetsMap as AssetsMap - tests/lib/prepare: fix repacking of the UC20 kernel snap for with ubuntu-core-initramfs 40 - client: protect against reading too much data from stdin - tests: improve tests documentation - part 2 - boot: helper for setting up a try recover system - tests: improve tests documentation - part 1 - tests/unit/go: use tests.session wrapper for running tests as a user - tests: improvements for snap-seccomp-syscalls - gadget: simplify filterUpdate (thanks to Maciej) - tests/lib/prepare.sh: use /etc/group and friends from the core20 snap - tests: fix tumbleweed spread tests part 2 - tests: use new commands of os.query tool on tests - o/snapshotstate: create snapshots directory on import - tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list - packaging: drop 99-snapd.conf via dpkg-maintscript-helper - osutil: add SetTime() w/ 32-bit and 64-bit implementations - interfaces/wayland: rm Xwayland Xauth file access from wayland slot - packaging/ubuntu-16.04/rules: turn modules off explicitly - gadget,devicestate: perform kernel asset update for $kernel: style refs - cmd/recovery: small fix for `snap recovery` tab output - bootloader/lkenv: add recovery systems related variables - tests: fix new tumbleweed image - boot: fix typo, should be systems - o/devicestate: test that users.create.automatic is configured early - asserts: use Fetcher in AddSequenceToUpdate - daemon,o/c/configcore: introduce users.create.automatic - client, o/servicestate: expose enabled state of user daemons - boot: helper for checking and marking tried recovery system status from initramfs - asserts: pool changes for validation-sets (#9930) - daemon: move the last api_foo_test.go to daemon_test - asserts: include the assertion timestamp in error message when outside of signing key validity range - ovelord/snapshotstate: keep a few of the last line tar prints before failing - gadget/many: rm, delay sector size + structure size checks to runtime - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors - interfaces: add allegro-vcu and media-control interfaces - interfaces: opengl: add Xilinx zocl bits - mkversion: check that version from changelog is set before overriding the output version - many: fix new ineffassign warnings - .github/workflows/labeler.yaml: try work-around to not sync labels - cmd/snap, boot: add debug set-boot-vars - interfaces: allow reading the Xauthority file KDE Plasma writes for Wayland sessions - tests/main/snap-repair: test running repair assertion w/ fakestore - tests: disable lxd tests for 21.04 until the lxd images are published for the system - tests/regression/lp-1910456: cleanup the /snap symlink when done - daemon: move single snap querying and ops to api_snaps.go - tests: fix for preseed and dbus tests on 21.04 - overlord/snapshotstate: include the last message printed by tar in the error - interfaces/system-observe: Allow reading /proc/zoneinfo - interfaces: remove apparmor downgrade feature - snap: fix unit tests on Go 1.16 - spread: disable Go modules support in environment - tests: use new path to find kernel.img in uc20 for arm devices - tests: find files before using cat command when checking broadcom- asic-control interface - boot: introduce good recovery systems, provide compatibility handling - overlord: add manager gadget refresh test - tests/lib/fakestore: support repair assertions too - github: temporarily disable action labeler due to issues with labels being removed - o/devicestate,many: introduce DeviceManager.preloadGadget for EarlyConfig - tests: enable ubuntu 21.04 for spread tests - snap: provide a useful error message if gdbserver is not installed - data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1 - tests/lib/prepare.sh: split reflash.sh into two parts - packaging/opensuse: sync with openSUSE packaging - packaging: disable Go modules in snapd.mk - snap: add deprecation noticed to "snap run --gdb" - daemon: add API for checking and installing available theme snaps - tests: using labeler action to add automatically a label to run nested tests - gadget: improve error handling around resolving content sources - asserts: repeat the authority cross-check in CheckSignature as well - interfaces/seccomp/template.go: allow copy_file_range - o/snapstate/check_snap.go: add support for many subversions in assumes snapdX.. - daemon: move postSnap and inst.dispatch tests to api_snaps_test.go - wrappers: use proper paths for mocked mount units in tests - snap: rename gdbserver option to `snap run --gdbserver` - store: support validation sets with fetch-assertions action - snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky - packaging/fedora: sync with downstream packaging in Fedora - many: add Delegate=true to generated systemd units for special interfaces (master) - boot: use a common helper for mocking boot assets in cache - api: validate snaps against validation set assert from the store - wrappers: don't generate an [Install] section for timer or dbus activated services - tests/nested/core20/boot-config-update: skip when snapd was not built with test features - o/configstate,o/devicestate: introduce devicestate.EarlyConfig implemented by configstate.EarlyConfig - cmd/snap-bootstrap/initramfs-mounts: fix typo in func name - interfaces/builtin: mock distribution in fontconfig cache unit tests - tests/lib/prepare.sh: add another console= to the reflash magic grub entry - overlord/servicestate: expose dbus activators of a service - desktop/notification: test against a real session bus and notification server implementation - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for recover+install - HACKING.md: explain how to run UC20 spread tests with QEMU - asserts: introduce AtSequence - overlord/devicestate: task for updating boot configs, spread test - gadget: fix documentation/typos - gadget: cleanup MountedFilesystem{Writer,Updater} - gadget: use ResolvedSource in MountedFilesystemWriter - snap/info.go: add doc-comment for SortServices - interfaces: add an optional mount-host-font-cache plug attribute to the desktop interface - osutil: skip TestReadBuildGo inside sbuild - o/hookstate/ctlcmd: add optional --pid and --apparmor-label arguments to "snapctl is-connected" - data/env/snapd: use quoting in case PATH contains spaces - boot: do not observe successful boot assets if not in run mode - tests: fix umount for snapd snap on fsck-on-boot testumount: /run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount - misc: little tweaks - snap/info.go: ignore unknown daemons in SortSnapServices - devicestate: keep log from install-mode on installed system - seed: add LoadEssentialMeta to seed16 and allow all of its implementations to be called multiple times - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in seeds - tests/core/uc20-recovery: move recover mode helpers to generic testslib script - interfaces/fwupd: allow any distros to access fw files via fwupd - store: method for fetching validation set assertion - store: switch to v2/assertions api - gadget: add new ResolvedContent and populate from LayoutVolume() - spread: use full format when listing processes - osutil/many: make all test pkgs osutil_test instead of "osutil" - tests/unit/go: drop unused environment variables, skip coverage - OpenGL interface: Support more Tegra libs - gadget,overlord: pass kernelRoot to install.Run() - tests: run unit tests in Focal instead of Xenial - interfaces/browser-support: allow sched_setaffinity with browser- sandbox: true - daemon: move query /snaps/ tests to api_snaps_test.go - cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair runner - systemd/systemd.go: support journald JSON messages with arrays for values - cmd: make string/error code more robust against errno leaking - github, run-checks: do not collect coverage data on subsequent test runs - boot: boot config update & reseal - o/snapshotstate: handle conflicts between snapshot forget, export and import - osutil/stat.go: add RegularFileExists - cmd/snapd-generator: don't create mount overrides for snap-try snaps inside lxc - gadget/gadget.go: rename ubuntu-* to system-* in doc-comment - tests: use 6 spread workers for centos8 - bootloader/assets: support injecting bootloader assets in testing builds of snapd - gadget: enable multi-volume uc20 gadgets in LaidOutSystemVolumeFromGadget; rename too - overlord/devicestate, sysconfig: do nothing when cloud-init is not present - cmd/snap-repair: filter repair assertions based on bases + modes - snap-confine: make host /etc/ssl available for snaps on classic * New upstream release, LP: #1915248 - interfaces/tee: add TEE/OPTEE interface - o/configstate/configcore: add hdmi_timings to pi-config - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 - snap-seccomp: fix seccomp test on ppc64el - interfaces{,/apparmor}, overlord/snapstate: late removal of snap-confine apparmor profiles - overlord/snapstate, wrappers: add dependency on usr-lib- snapd.mount for services on core with snapd snap - o/configstate: deal with no longer valid refresh.timer=managed - overlord/snapstate: make sure that snapd current symlink is not removed during refresh - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ - o/{device,hook}state: encode fde-setup-request key as base64 - snapstate: reduce reRefreshRetryTimeout to 1/2 second - tests/main/uc20-create-partitions: fix tests cleanup - o/configstate, o/snapshotstate: fix handling of nil snap config on snapshot restore - snap-seccomp: add new `close_range` syscall * New upstream release, LP: #1915248 - tests: turn modules off explicitly in spread go unti test - o/snapshotstate: create snapshots directory on import - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors - interfaces: add allegro-vcu and media-control interfaces - interfaces: opengl: add Xilinx zocl bits - many: fix new ineffassign warnings - interfaces/seccomp/template.go: allow copy_file_range - interfaces: allow reading the Xauthority file KDE Plasma writes for Wayland sessions - data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1 - Remove apparmor downgrade feature - Support tmp and log dirs on Yocto/Poky * New upstream release, LP: #1915248 - many: add Delegate=true to generated systemd units for special interfaces - cmd/snap-bootstrap: rename ModeenvFromModel to EphemeralModeenvForModel - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for recover+install - osutil: skip TestReadBuildGo inside sbuild - tests: fix umount for snapd snap on fsck-on-boot test - snap/info_test.go: add unit test cases for bug - tests/main/services-after-before: add regression spread test - snap/info.go: ignore unknown daemons in SortSnapServices - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in seeds - OpenGL interface: Support more Tegra libs - interfaces/browser-support: allow sched_setaffinity with browser- sandbox: true - cmd: make string/error code more robust against errno leaking - o/snapshotstate: handle conflicts between snapshot forget, export and import - cmd/snapd-generator: don't create mount overrides for snap-try snaps inside lxc - tests: update test pkg for fedora and centos - gadget: pass sector size in to mkfs family of functions, use to select block sz - o/snapshotstate: fix returning of snap names when duplicated snapshot is detected - tests/main/snap-network-errors: skip flushing dns cache on centos-7 - interfaces/builtin: Allow DBus property access on org.freedesktop.Notifications - cgroup-support.c: fix link to CGROUP DELEGATION - osutil: update go-udev package - packaging: fix arch-indep build on debian-sid - {,sec}boot: pass "key-name" to the FDE hooks - asserts: sort by revision with Sort interface - gadget: add gadget.ResolveContentPaths() - cmd/snap-repair: save base snap and mode in device info; other misc cleanups - tests: cleanup the run-checks script - asserts: snapasserts method to validate installed snaps against validation sets - tests: normalize test tools - part 1 - snapshotstate: detect duplicated snapshot imports - interfaces/builtin: fix unit test expecting snap-device-helper at /usr/lib/snapd - tests: apply workaround done for snap-advise-command to apt-hooks test - tests: skip main part of snap-advise test if 429 error is encountered - many: clarify gadget role-usage consistency checks for UC16/18 vs UC20 - sandbox/cgroup, tess/main: fix unit tests on v2 system, disable broken tests on sid - interfaces/builtin: more drive by fixes, import ordering, removing dead code - tests: skip interfaces-openvswitch spread test on debian sid - interfaces/apparmor: drive by comment fix - cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree usage - cmd/libsnap-confine-private: make unit tests execute happily in a container - interfaces, wrappers: misc comment fixes, etc. - asserts/repair.go: add "bases" and "modes" support to the repair assertion - interfaces/opengl: allow RPi MMAL video decoding - snap: skip help output tests for go-flags v1.4.0 - gadget: add validation for "$kernel:ref" style content - packaging/deb, tests/main/lxd-postrm-purge: fix purge inside containers - spdx: update to SPDX license list version: 3.11 2020-11-25 - tests: improve hotplug test setup on classic - tests: update check to verify is the current system is arm - tests: use os-query tool to check debian, trusty and tumbleweed - daemon: start moving implementation to api_snaps.go - tests/main/snap-validate-basic: disable test on Fedora due to go- flags panics - tests: fix library path used for tests.pkgs - tests/main/cohorts: replace yq with a Python snippet - run-checks: update to match new argument syntax of ineffassign - tests: use apiBaseSuite for snapshots tests, fix import endpoint path - many: separate consistency/content validation into gadget.Validate|Content - o/{device,snap}state: enable devmode snaps with dangerous model assertions secboot: add test for when systemd-run does not honor RuntimeMaxSec - secboot: add workaround for snapcore/core-initrd issue #13 - devicestate: log checkEncryption errors via logger.Noticef - o/daemon: validation sets api and basic spread test - gadget: move BuildPartitionList to install and make it unexported - tests: add nested spread end-to-end test for fde-hooks - devicestate: implement checkFDEFeatures() - boot: tweak resealing with fde-setup hooks - tests: add os query commands for subsystems and architectures - o/snapshotstate: don't set auto flag in the snapshot file - tests: use os.query tool instead of comparing the system var - testutil: use the original environment when calling shellcheck - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- init restrict file - gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and instead set the implicit labels when loading the yaml - secboot: add new LockSealedKeys() that uses either TPM/fde-reveal- key - gadget/quantity: introduce Offset, start using it for offset related fields in the gadget - gadget: use "sealed-keys" to determine what method to use for reseal - tests/main/fake-netplan-apply: disable test on xenial for now - daemon: start splitting snaps op tests out of api_test.go - testutil: make DBusTest use a custom bus configuration file - tests: replace pkgdb.sh (library) with tests.pkgs (program) - gadget: prepare gadget kernel refs (0/N) - interfaces/builtin/docker-support: allow /run/containerd/s/... - cmd/snap-preseed: reset run inhibit locks on --reset. - boot: add sealKeyToModeenvUsingFdeSetupHook() - daemon: reorg snap.go and split out sections and icons support from api.go - sandbox/seccomp: use snap-seccomp's stdout for getting version info - daemon: split find support to its own api_*.go files and move some helpers - tests: move snapstate config defaults tests to a separate file. - bootloader/{lk,lkenv}: followups from #9695 - daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite - gadget,o/devicestate: set implicit values for schema and role directly instead of relying on Effective* accessors - daemon: split aliases support to its own api_*.go files - gadget: start separating rule/convention validation from basic soundness - cmd/snap-update-ns: add better unit test for overname sorting - secboot: use `fde-reveal-key` if available to unseal key - tests: fix lp-1899664 test when snapd_x1 is not installed in the system - tests: fix the scenario when the "$SRC".orig file does not exist - cmd/snap-update-ns: fix sorting of overname mount entries wrt other entries - devicestate: add runFDESetupHook() helper - bootloader/lk: add support for UC20 lk bootloader with V2 lkenv structs - daemon: split unsupported buy implementation to its own api_*.go files - tests: download timeout spread test - gadget,o/devicestate: hybrid 18->20 ready volume setups should be valid - o/devicestate: save model with serial in the device save db - bootloader: add check for prepare-image time and more tests validating options - interfaces/builtin/log_observe.go: allow controlling apparmor audit levels - hookstate: refactor around EphemeralRunHook - cmd/snap: implement 'snap validate' command - secboot,devicestate: add scaffoling for "fde-reveal-key" support - boot: observe successful command line update, provide a default - tests: New queries for the os tools - bootloader/lkenv: specify backup file as arg to NewEnv(), use "" as path+"bak" - osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk iface - daemon: split out snapctl support and snap configuration support to their own api_*.go files - snapshotstate: improve handling of multiple errors - tests: sign new nested-18|20* models to allow for generic serials - bootloader: remove installableBootloader interface and methods - seed: cleanup/drop some no longer valid TODOS, clarify some other points - boot: set kernel command line in modeenv during install - many: rename disks.FindMatching... to FindMatching...WithFsLabel and err type - cmd/snap: suppress a case of spurious stdout logging from tests - hookstate: add new HookManager.EphemeralRunHook() - daemon: move some more api tests from daemon to daemon_test - daemon: split apps and logs endpoints to api_apps.go and tests - interfaces/utf: Add Ledger to U2F devices - seed/seedwriter: consider modes when checking for deps availability - o/devicestate,daemon: fix reboot system action to not require a system label - cmd/snap-repair,store: increase initial retry time intervals, stalling TODOs - daemon: split interfacesCmd to api_interfaces.go - github: run nested suite when commit is pushed to release branch - client: reduce again the /v2/system-info timeout - tests: reset fakestore unit status - update-pot: fix typo in plural keyword spec - tests: remove workarounds that add "ubuntu-save" if missing - tests: add unit test for auto-refresh with validate-snap failure - osutil: add helper for getting the kernel command line - tests/main/uc20-create-partitions: verify ubuntu-save encryption keys, tweak not MATCH - boot: add kernel command lines to the modeenv file - spread: bump delta ref, tweak repacking to make smaller delta archives - bootloader/lkenv: add v2 struct + support using it - snapshotstate: add cleanup of abandonded snapshot imports - tests: fix uc20-create-parition-* tests for updated gadget - daemon: split out /v2/interfaces tests to api_interfaces_test.go - hookstate: implement snapctl fde-setup-{request,result} - wrappers, o/devicestate: remove EnableSnapServices - tests: enable nested on 20.10 - daemon: simplify test helpers Get|PostReq into Req - daemon: move general api to api_general*.go - devicestate: make checkEncryption fde-setup hook aware - client/snapctl, store: fix typos - tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files before doing apt ops - cmd/snap-bootstrap: update model cross-check considerations - client,snapctl: add naive support for "stdin" - many: add new "install-mode: disable" option - osutil/disks: allow building on mac os - data/selinux: update the policy to allow operations on non-tmpfs /tmp - boot: add helper for generating candidate kernel lines for recovery system - wrappers: generate D-Bus service activation files - bootloader/many: rm ConfigFile, add Present for indicating presence of bloader - osutil/disks: allow mocking DiskFromDeviceName - daemon: start cleaning up api tests - packaging/arch: sync with AUR packaging - bootloader: indicate when boot config was updated - tests: Fix snap-debug-bootvars test to make it work on arm devices and core18 - tests/nested/manual/core20-save: verify handling of ubuntu-save with different system variants - snap: use the boot-base for kernel hooks - devicestate: support "storage-safety" defaults during install - bootloader/lkenv: mv v1 to separate file, include/lk/snappy_boot_v1.h: little fixups - interfaces/fpga: add fpga interface - store: download timeout - vendor: update secboot repo to avoid including secboot.test binary - osutil: add KernelCommandLineKeyValue - gadget/gadget.go: allow system-recovery-{image,select} as roles in gadget.yaml - devicestate: implement boot.HasFDESetupHook - osutil/disks: add DiskFromName to get a disk using a udev name - usersession/agent: have session agent connect to the D-Bus session bus - o/servicestate: preserve order of services on snap restart - o/servicestate: unlock state before calling wrappers in doServiceControl - spread: disable unattended-upgrades on ubuntu - tests: testing new fedora 33 image - tests: fix fsck on boot on arm devices - tests: skip boot state test on arm devices - tests: updated the systems to run prepare-image-grub test - interfaces/raw_usb: allow read access to /proc/tty/drivers - tests: unmount /boot/efi in fsck-on-boot test - strutil/shlex,osutil/udev/netlink: minimally import go-check - tests: fix basic20 test on arm devices - seed: make a shared seed system label validation helper - tests/many: enable some uc20 tests, delete old unneeded tests or TODOs - boot/makebootable.go: set snapd_recovery_mode=install at image- build time - tests: migrate test from boot.sh helper to boot-state tool - asserts: implement "storage-safety" in uc20 model assertion - bootloader: use ForGadget when installing boot config - spread: UC20 no longer needs 2GB of mem - cmd/snap-confine: implement snap-device-helper internally - bootloader/grub: replace old reference to Managed...Blr... with Trusted...Blr... - cmd/snap-bootstrap: add readme for snap-bootstrap + real state diagram - interfaces: fix greengrass attr namingThe flavor attribute names are now as follows: - tests/lib/nested: poke the API to get the snap revisions - tests: compare options of mount units created by snapd and snapd- generator - o/snapstate,servicestate: use service-control task for service actions - sandbox: track applications unconditionally - interfaces/greengrass-support: add additional "process" flavor for 1.11 update - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test * New upstream release, LP: #1906690 - tests: sign new nested-18|20* models to allow for generic serials - secboot: add extra paranoia when waiting for that fde-reveal-key - tests: backport netplan workarounds from #9785 - secboot: add workaround for snapcore/core-initrd issue #13 - devicestate: log checkEncryption errors via logger.Noticef - tests: add nested spread end-to-end test for fde-hooks - devicestate: implement checkFDEFeatures() - boot: tweak resealing with fde-setup hooks - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- init restrict file - secboot: add new LockSealedKeys() that uses either TPM or fde-reveal-key - gadget: use "sealed-keys" to determine what method to use for reseal - boot: add sealKeyToModeenvUsingFdeSetupHook() - secboot: use `fde-reveal-key` if available to unseal key - cmd/snap-update-ns: fix sorting of overname mount entries wrt other entries - o/devicestate: save model with serial in the device save db - devicestate: add runFDESetupHook() helper - secboot,devicestate: add scaffoling for "fde-reveal-key" support - hookstate: add new HookManager.EphemeralRunHook() - update-pot: fix typo in plural keyword spec - store,cmd/snap-repair: increase initial expontential time intervals - o/devicestate,daemon: fix reboot system action to not require a system label - github: run nested suite when commit is pushed to release branch - tests: reset fakestore unit status - tests: fix uc20-create-parition-* tests for updated gadget - hookstate: implement snapctl fde-setup-{request,result} - devicestate: make checkEncryption fde-setup hook aware - client,snapctl: add naive support for "stdin" - devicestate: support "storage-safety" defaults during install - snap: use the boot-base for kernel hooks - vendor: update secboot repo to avoid including secboot.test binary * New upstream release, LP: #1906690 - gadget: disable ubuntu-boot role validation check * New upstream release, LP: #1904098 - osutil: add KernelCommandLineKeyValue - devicestate: implement boot.HasFDESetupHook - boot/makebootable.go: set snapd_recovery_mode=install at image- build time - bootloader: use ForGadget when installing boot config - interfaces/raw_usb: allow read access to /proc/tty/drivers - boot: add scaffolding for "fde-setup" hook support for sealing - tests: fix basic20 test on arm devices - seed: make a shared seed system label validation helper - snap: add new "fde-setup" hooktype - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test - secboot,cmd/snap-bootstrap: fix degraded mode cases with better device handling - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some messiness - tests/nested/manual/refresh-revert-fundamentals: temporarily disable secure boot - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all boot modes - many: address degraded recover mode feedback, cleanups - tests: Use systemd-run on tests part2 - tests: set the opensuse tumbleweed system as manual in spread.yaml - secboot: call BlockPCRProtectionPolicies even if the TPM is disabled - vendor: update to current secboot - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and save - spread.yaml: increase number of workers on 20.10 - snap: add new `snap recovery --show-keys` option - tests: minor test tweaks suggested in the review of 9607 - snapd-generator: set standard snapfuse options when generating units for containers - tests: enable lxd test on ubuntu-core-20 and 16.04-32 - interfaces: share /tmp/.X11-unix/ from host or provider - tests: enable main lxd test on 20.10 - cmd/s-b/initramfs-mounts: refactor recover mode to implement degraded mode - gadget/install: add progress logging - packaging: keep secboot/encrypt_dummy.go in debian - interfaces/udev: use distro specific path to snap-device-helper - o/devistate: fix chaining of tasks related to regular snaps when preseeding - gadget, overlord/devicestate: validate that system supports encrypted data before install - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core ESP layout - many: add /v2/system-recovery-keys API and client - secboot, many: return UnlockMethod from Unlock* methods for future usage - many: mv keys to ubuntu-boot, move model file, rename keyring prefix for secboot - tests: using systemd-run instead of manually create a systemd unit - part 1 - secboot, cmd/snap-bootstrap: enable or disable activation with recovery key - secboot: refactor Unlock...IfEncrypted to take keyfile + check disks first - secboot: add LockTPMSealedKeys() to lock access to keys independently - gadget: correct sfdisk arguments - bootloader/assets/grub: adjust fwsetup menuentry label - tests: new boot state tool - spread: use the official image for Ubuntu 20.10, no longer an unstable system - tests/lib/nested: enable snapd logging to console for core18 - osutil/disks: re-implement partition searching for disk w/ non- adjacent parts - tests: using the nested-state tool in nested tests - many: seal a fallback object to the recovery boot chain - gadget, gadget/install: move helpers to install package, refactor unit tests - dirs: add "gentoo" to altDirDistros - update-pot: include file locations in translation template, and extract strings from desktop files - gadget/many: drop usage of gpt attr 59 for indicating creation of partitions - gadget/quantity: tweak test name - snap: fix failing unittest for quantity.FormatDuration() - gadget/quantity: introduce a new package that captures quantities - o/devicestate,a/sysdb: make a backup of the device serial to save - tests: fix rare interaction of tests.session and specific tests - features: enable classic-preserves-xdg-runtime-dir - tests/nested/core20/save: check the bind mount and size bump - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20 - tests: rename hasHooks to hasInterfaceHooks in the ifacestate tests - o/devicestate: unit test tweaks - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save - testutil, cmd/snap/version: fix misc little errors - overlord/devicestate: bind mount ubuntu-save under /var/lib/snapd/save on startup - gadget/internal: tune ext4 setting for smaller filesystems - tests/nested/core20/save: a test that verifies ubuntu-save is present and set up - tests: update google sru backend to support groovy - o/ifacestate: handle interface hooks when preseeding - tests: re-enable the apt hooks test - interfaces,snap: use correct type: {os,snapd} for test data - secboot: set metadata and keyslots sizes when formatting LUKS2 volumes - tests: improve uc20-create-partitions-reinstall test - client, daemon, cmd/snap: cleanups from #9489 + more unit tests - cmd/snap-bootstrap: mount ubuntu-save during boot if present - secboot: fix doc comment on helper for unlocking volume with key - tests: add spread test for refreshing from an old snapd and core18 - o/snapstate: generate snapd snap wrappers again after restart on refresh - secboot: version bump, unlock volume with key - tests/snap-advise-command: re-enable test - cmd/snap, snapmgr, tests: cleanups after #9418 - interfaces: deny connected x11 plugs access to ICE - daemon,client: write and read a maintenance.json file for when snapd is shut down - many: update to secboot v1 (part 1) - osutil/disks/mockdisk: panic if same mountpoint shows up again with diff opts - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the reseal tests - many: implement snap routine console-conf-start for synchronizing auto-refreshes - dirs, boot: add ubuntu-save directories and related locations - usersession: fix typo in test name - overlord/snapstate: refactor ihibitRefresh - overlord/snapstate: stop warning about inhibited refreshes - cmd/snap: do not hardcode snapshot age value - overlord,usersession: initial notifications of pending refreshes - tests: add a unit test for UpdateMany where a single snap fails - o/snapstate/catalogrefresh.go: don't refresh catalog in install mode uc20 - tests: also check snapst.Current in undo-unlink tests - tests: new nested tool - o/snapstate: implement undo handler for unlink-snap - tests: clean systems.sh helper and migrate last set of tests - tests: moving the lib section from systems.sh helper to os.query tool - tests/uc20-create-partitions: don't check for grub.cfg - packaging: make sure that static binaries are indeed static, fix openSUSE - many: have install return encryption keys for data and save, improve tests - overlord: add link participant for linkage transitions - tests: lxd smoke test - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu- seed too - tests: moving main suite from systems.sh to os.query tool - tests: moving the core test suite from systems.sh to os.query tool - cmd/snap-confine: mask host's apparmor config - o/snapstate: move setting updated SnapState after error paths - tests: add value to INSTANCE_KEY/regular - spread, tests: tweaks for openSUSE - cmd/snap-confine: update path to snap-device-helper in AppArmor profile - tests: new os.query tool - overlord/snapshotstate/backend: specify tar format for snapshots - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested UC20 - client,daemon,snap: auto-import does not error on managed devices - interfaces: PTP hardware clock interface - tests: use tests.backup tool - many: verify that unit tests work with nosecboot tag and without secboot package - wrappers: do not error out on read-only /etc/dbus-1/session.d filesystem on core18 - snapshots: import of a snapshot set - tests: more output for sbuild test - o/snapstate: re-order remove tasks for individual snap revisions to remove current last - boot: skip some unit tests when running as root - o/assertstate: introduce ValidationTrackingKey/ValidationSetTracking and basic methods - many: allow ignoring running apps for specific request - tests: allow the searching test to fail under load - overlord/snapstate: inhibit startup while unlinked - seed/seedwriter/writer.go: check DevModeConfinement for dangerous features - tests/main/sudo-env: snap bin is available on Fedora - boot, overlord/devicestate: list trusted and managed assets upfront - gadget, gadget/install: support for ubuntu-save, create one during install if needed - spread-shellcheck: temporary workaround for deadlock, drop unnecessary test - snap: support different exit-code in the snap command - logger: use strutil.KernelCommandLineSplit in debugEnabledOnKernelCmdline - logger: fix snapd.debug=1 parsing - overlord: increase refresh postpone limit to 14 days - spread-shellcheck: use single thread pool executor - gadget/install,secboot: add debug messages - spread-shellcheck: speed up spread-shellcheck even more - spread-shellcheck: process paths from arguments in parallel - tests: tweak error from tests.cleanup - spread: remove workaround for openSUSE go issue - o/configstate: create /etc/sysctl.d when applying early config defaults - tests: new tests.backup tool - tests: add tests.cleanup pop sub-command - tests: migration of the main suite to snaps-state tool part 6 - tests: fix journal-state test - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc recover files - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for same IP addr - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for building snapd - boot, gadget, bootloader: observer preserves managed bootloader configs - tests/nested/manual: add uc20 grade signed cloud-init test - o/snapstate/autorefresh.go: eliminate race when launching autorefresh - daemon,snapshotstate: do not return "size" from Import() - daemon: limit reading from snapshot import to Content-Length - many: set/expect Content-Length header when importing snapshots - github: switch from ::set-env command to environment file - tests: migration of the main suite to snaps-state tool part 5 - client: cleanup the Client.raw* and Client.do* method families - tests: moving main suite to snaps-state tool part 4 - client,daemon,snap: use constant for snapshot content-type - many: fix typos and repeated "the" - secboot: fix tpm connection leak when it's not enabled - many: scaffolding for snapshots import API - run-checks: run spread-shellcheck too - interfaces: update network-manager interface to allow ObjectManager access from unconfined clients - tests: move core and regression suites to snaps-state tool - tests: moving interfaces tests to snaps-state tool - gadget: preserve files when indicated by content change observer - tests: moving smoke test suite and some tests from main suite to snaps-state tool - o/snapshotstate: pass set id to backend.Open, update tests - asserts/snapasserts: introduce ValidationSets - o/snapshotstate: improve allocation of new set IDs - boot: look at the gadget for run mode bootloader when making the system bootable - cmd/snap: allow snap help vs --all to diverge purposefully - usersession/userd: separate bus name ownership from defining interfaces - o/snapshotstate: set snapshot set id from its filename - o/snapstate: move remove-related tests to snapstate_remove_test.go - desktop/notification: switch ExpireTimeout to time.Duration - desktop/notification: add unit tests - snap: snap help output refresh - tests/nested/manual/preseed: include a system-usernames snap when preseeding - tests: fix sudo-env test - tests: fix nested core20 shellcheck bug - tests/lib: move to new directory when restoring PWD, cleanup unpacked unpacked snap directories - desktop/notification: add bindings for FDO notifications - dbustest: fix stale comment references - many: move ManagedAssetsBootloader into TrustedAssetsBootloader, drop former - snap-repair: add uc20 support - tests: print all the serial logs for the nested test - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid bug in test - cmd/snap/auto-import: stop importing system user assertions from initramfs mnts - osutil/group.go: treat all non-nil errs from user.Lookup{Group,} as Unknown* - asserts: deserialize grouping only once in Pool.AddBatch if needed - gadget: allow content observer to have opinions about a change - tests: new snaps-state command - part1 - o/assertstate: support refreshing any number of snap-declarations - boot: use test helpers - tests/core/snap-debug-bootvars: also check snap_mode - many/apparmor: adjust rules for reading profile/ execing new profiles for new kernel - tests/core/snap-debug-bootvars: spread test for snap debug boot- vars - tests/lib/nested.sh: more little tweaks - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, recover modes - overlord: explicitly set refresh-app-awareness in tests - kernel: remove "edition" from kernel.yaml and add "update" - spread: drop vendor from the packed project archive - boot: fix debug bootloader variables dump on UC20 systems - wrappers, systemd: allow empty root dir and conditionally do not pass --root to systemctl - tests/nested/manual: add test for grades above signed booting with testkeys - tests/nested: misc robustness fixes - o/assertstate,asserts: use bulk refresh to refresh snap- declarations - tests/lib/prepare.sh: stop patching the uc20 initrd since it has been updated now - tests/nested/manual/refresh-revert-fundamentals: re-enable test - update-pot: ignore .go files inside .git when running xgettext-go - tests: disable part of the lxd test completely on 16.04. - o/snapshotstate: tweak comment regarding snapshot filename - o/snapstate: improve snapshot iteration - bootloader: lk cleanups - tests: update to support nested kvm without reboots on UC20 - tests/nested/manual/preseed: disable system-key check for 20.04 image - spread.yaml: add ubuntu-20.10-64 to qemu - store: handle v2 error when fetching assertions - gadget: resolve device mapper devices for fallback device lookup - tests/nested/cloud-init-many: simplify tests and unify helpers/seed inputs - tests: copy /usr/lib/snapd/info to correct directory - check-pr-title.py * : allow "*" in the first part of the title - many: typos and small test tweak - tests/main/lxd: disable cgroup combination for 16.04 that is failing a lot - tests: make nested signing helpers less confusing - tests: misc nested changes - tests/nested/manual/refresh-revert-fundamentals: disable temporarily - tests/lib/cla_check: default to Python 3, tweaks, formatting - tests/lib/cl_check.py: use python3 compatible code * New upstream release, LP: #1895929 - o/configstate: create /etc/sysctl.d when applying early config defaults - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for same IP addr - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for building snapd - cmd/snap: allow snap help vs --all to diverge purposefully - snap: snap help output refresh * New upstream release, LP: #1895929 - tests: fix nested core20 shellcheck bug - many/apparmor: adjust rule for reading apparmor profile for new kernel - snap-repair: add uc20 support - cmd/snap/auto-import: stop importing system user assertions from initramfs mnts - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, recover modes - gadget: resolve device mapper devices for fallback device lookup - secboot: add boot manager profile to pcr protection profile - sysconfig,o/devicestate: mv DisableNoCloud to DisableAfterLocalDatasourcesRun - tests: make gadget-reseal more robust - tests: skip nested images pre-configuration by default - tests: fix for basic20 test running on external backend and rpi - tests: improve kernel reseal test - boot: adjust comments, naming, log success around reseal - tests/nested, fakestore: changes necessary to run nested uc20 signed/secured tests - tests: add nested core20 gadget reseal test - boot/modeenv: track unknown keys in Read and put back into modeenv during Write - interfaces/process-control: add sched_setattr to seccomp - boot: with unasserted kernels reseal if there's a hint modeenv changed - client: bump the default request timeout to 120s - configcore: do not error in console-conf.disable for install mode - boot: streamline bootstate20.go reseal and tests changes - boot: reseal when changing kernel - cmd/snap/model: specify grade in the model command output - tests: simplify repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks - test: improve logging in nested tests - nested: add support to telnet to serial port in nested VM - secboot: use the snapcore/secboot native recovery key type - tests/lib/nested.sh: use more focused cloud-init config for uc20 - tests/lib/nested.sh: wait for the tpm socket to exist - spread.yaml, tests/nested: misc changes - tests: add more checks to disk space awareness spread test - tests: disk space awareness spread test - boot: make MockUC20Device use a model and MockDevice more realistic - boot,many: reseal only when meaningful and necessary - tests/nested/core20/kernel-failover: add test for failed refresh of uc20 kernel - tests: fix nested to work with qemu and kvm - boot: reseal when updating boot assets - tests: fix snap-routime-portal-info test - boot: verify boot chain file in seal and reseal tests - tests: use full path to test-snapd-refresh.version binary - boot: store boot chains during install, helper for checking whether reseal is needed - boot: add call to reseal an existing key - boot: consider boot chains with unrevisioned kernels incomparable - overlord: assorted typos and miscellaneous changes - boot: group SealKeyModelParams by model, improve testing - secboot: adjust parameters to buildPCRProtectionProfile - strutil: add SortedListsUniqueMergefrom the doc comment: - snap/naming: upgrade TODO to TODO:UC20 - secboot: add call to reseal an existing key - boot: in seal.go adjust error message and function names - o/snapstate: check available disk space in RemoveMany - boot: build bootchains data for sealing - tests: remove "set -e" from function only shell libs - o/snapstate: disk space check on UpdateMany - o/snapstate: disk space check with snap update - snap: implement new `snap reboot` command - boot: do not reorder boot assets when generating predictable boot chains and other small tweaks - tests: some fixes and improvements for nested execution - tests/core/uc20-recovery: fix check for at least specific calls to mock-shutdown - boot: be consistent using bootloader.Role* consts instead of strings - boot: helper for generating secboot load chains from a given boot asset sequence - boot: tweak boot chains to support a list of kernel command lines, keep track of model and kernel boot file - boot,secboot: switch to expose and use snapcore/secboot load event trees - tests: use `nested_exec` in core{20,}-early-config test - devicestate: enable cloud-init on uc20 for grade signed and secured - boot: add "rootdir" to baseBootenvSuite and use in tests - tests/lib/cla_check.py: don't allow users.noreply.github.com commits to pass CLA - boot: represent boot chains, helpers for marshalling and equivalence checks - boot: mark successful with boot assets - client, api: handle insufficient space error - o/snapstate: disk space check with single snap install - configcore: "service.console-conf.disable" is gadget defaults only - packaging/opensuse: fix for /usr/libexec on TW, do not hardcode AppArmor profile path - tests: skip udp protocol in nfs-support test on ubuntu-20.10 - packaging/debian-sid: tweak code preparing _build tree - many: move seal code from gadget/install to boot - tests: remove workaround for cups on ubuntu-20.10 - client: implement RebootToSystem - many: seed.Model panics now if called before LoadAssertions - daemon: add /v2/systems "reboot" action API - github: run tests also on push to release branches - interfaces/bluez: let slot access audio streams - seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with new seed.ReadSystemEssential - interfaces: allow snap-update-ns to read /proc/cmdline - tests: new organization for nested tests - o/snapstate, features: add feature flags for disk space awareness - tests: workaround for cups issue on 20.10 where default printer is not configured. - interfaces: update cups-control and add cups for providing snaps - boot: keep track of the original asset when observing updates - tests: simplify and fix tests for disk space checks on snap remove - sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for cloud.conf - tests/main: mv core specific tests to core suite - tests/lib/nested.sh: reset the TPM when we create the uc20 vm - devicestate: rename "mockLogger" to "logbuf" - many: introduce ContentChange for tracking gadget content in observers - many: fix partion vs partition typo - bootloader: retrieve boot chains from bootloader - devicestate: add tests around logging in RequestSystemAction - boot: handle canceled update - bootloader: tweak doc comments (thanks Samuele) - seed/seedwriter: test local asserted snaps with UC20 grade signed - sysconfig/cloudinit.go: add DisableNoCloud to CloudInitRestrictOptions - many: use BootFile type in load sequences - boot,bootloader: clarifications after the changes to introduce bootloader.Options.Role - boot,bootloader,gadget: apply new bootloader.Options.Role - o/snapstate, features: add feature flag for disk space check on remove - testutil: add checkers for symbolic link target - many: refactor tpm seal parameter setting - boot/bootstate20: reboot to rollback to previous kernel - boot: add unit test helpers - boot: observe update & rollback of trusted assets - interfaces/utf: Add MIRKey to u2f devices - o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20 cloud-init tests - many: check that users of BaseTest don't forget to consume cleanups - tests/nested/core20/tpm: verify trusted boot assets tracking - github: run macOS job with Go 1.14 - many: misc doc-comment changes and typo fixes - o/snapstate: disk space check with InstallMany - many: cloud-init cleanups from previous PR's - tests: running tests on opensuse leap 15.2 - run-checks: check for dirty build tree too - vendor: run ./get-deps.sh to update the secboot hash - tests: update listing test for "-dirty" versions - overlord/devicestate: do not release the state lock when updating gadget assets - secboot: read kernel efi image from snap file - snap: add size to the random access file return interface - daemon: correctly parse Content-Type HTTP header. - tests: account for apt-get on core18 - cmd/snap-bootstrap/initramfs-mounts: compute string outside of loop - mkversion.sh: simple hack to include dirty in version if the tree is dirty - cgroup,snap: track hooks on system bus only - interfaces/systemd: compare dereferenced Service - run-checks: only check files in git for misspelling - osutil: add a package doc comment (via doc.go) - boot: complain about reused asset name during initial install - snapstate: installSize helper that calculates total size of snaps and their prerequisites - snapshots: export of snapshots - boot/initramfs_test.go: reset boot vars on the bootloader for each iteration * New upstream release, LP: #1891134 - interfaces: allow snap-update-ns to read /proc/cmdline - github: run macOS job with Go 1.14 - o/snapstate, features: add feature flag for disk space check on remove - tests: account for apt-get on core18 - mkversion.sh: include dirty in version if the tree is dirty - interfaces/systemd: compare dereferenced Service - vendor.json: update mysterious secboot SHA again * New upstream release, LP: #1891134 - logger: add support for setting snapd.debug=1 on kernel cmdline - o/snapstate: check disk space before creating automatic snapshot on remove - boot, o/devicestate: observe existing recovery bootloader trusted boot assets - many: use transient scope for tracking apps and hooks - features: add HiddenSnapFolder feature flag - tests/lib/nested.sh: fix partition typo, unmount the image on uc20 too - runinhibit: open the lock file in read-only mode in IsLocked - cmd/s-b/initramfs-mounts: make recover -> run mode transition automatic - tests: update spread test for unknown plug/slot with snapctl is- connected - osutil: add OpenExistingLockForReading - kernel: add kernel.Validate() - interfaces: add vcio interface - interfaces/{docker,kubernetes}-support: load overlay and support systemd cgroup driver - tests/lib/nested.sh: use more robust code for finding what loop dev we mounted - cmd/snap-update-ns: detach all bind-mounted file - snap/snapenv: set SNAP_REAL_HOME - packaging: umount /snap on purge in containers - interfaces: misc policy updates xlvi - secboot,cmd/snap-bootstrap: cross-check partitions before unlocking, mounting - boot: copy boot assets cache to new root - gadget,kernel: add new kernel.{Info,Asset} struct and helpers - o/hookstate/ctlcmd: make is-connected check whether the plug or slot exists - tests: find -ignore_readdir_race when scanning cgroups - interfaces/many: deny arbitrary desktop files and misc from /usr/share - tests: use "set -ex" in prep-snapd-in-lxd.sh - tests: re-enable udisks test on debian-sid - cmd/snapd-generator: use PATH fallback if PATH is not set - tests: disable udisks2 test on arch linux - github: use latest/stable go, not latest/edge - tests: remove support for ubuntu 19.10 from spread tests - tests: fix lxd test wrongly tracking 'latest' - secboot: document exported functions - cmd: compile snap gdbserver shim correctly - many: correctly calculate the desktop file prefix everywhere - interfaces: add kernel-crypto-api interface - corecfg: add "system.timezone" setting to the system settings - cmd/snapd-generator: generate drop-in to use fuse in container - cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments from previous PR - interfaces/many: miscellaneous updates for strict microk8s - secboot,cmd/snap-bootstrap: don't import boot package from secboot - cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of the-tool - tests: work around broken update of systemd-networkd - tests/main/install-fontconfig-cache-gen: enhance test by verifying, add fonts to test - o/devicestate: wrap asset update observer error - boot: refactor such that bootStateUpdate20 mainly carries Modeenv - mkversion.sh: disallow changelog versions that have git in it, if we also have git version - interfaces/many: miscellaneous updates for strict microk8s - snap: fix repeated "cannot list recovery system" and add test - boot: track trusted assets during initial install, assets cache - vendor: update secboot to fix key data validation - tests: unmount FUSE file-systems from XDG runtime dir - overlord/devicestate: workaround non-nil interface with nil struct - sandbox/cgroup: remove temporary workaround for multiple cgroup writers - sandbox/cgroup: detect dangling v2 cgroup - bootloader: add helper for creating a bootloader based on gadget - tests: support different images on nested execution - many: reorg cmd/snapinfo.go into snap and new client/clientutil - packaging/arch: use external linker when building statically - tests: cope with ghost cgroupv2 - tests: fix issues related to restarting systemd-logind.service - boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to gadget updates - vendor: update github.com/kr/pretty to fix diffs of values with pointer cycles - boot: move bootloaderKernelState20 impls to separate file - .github/workflows: move snap building to test.yaml as separate cached job - tests/nested/manual/minimal-smoke: run core smoke tests in a VM meeting minimal requirements - osutil: add CommitAs to atomic file - gadget: introduce content update observer - bootloader: introduce TrustedAssetsBootloader, implement for grub - o/snapshotstate: helpers for calculating disk space needed for an automatic snapshot - gadget/install: retrieve command lines from bootloader - boot/bootstate20: unify commit method impls, rm bootState20MarkSuccessful - tests: add system information and image information when debug info is displayed - tests/main/cgroup-tracking: try to collect some information about cgroups - boot: introduce current_boot_assets and current_recovery_boot_assets to modeenv - tests: fix for timing issues on journal-state test - many: remove usage and creation of hijacked pid cgroup - tests: port regression-home-snap-root-owned to tests.session - tests: run as hightest via tests.session - github: run CLA checks on self-hosted workers - github: remove Ubuntu 19.10 from actions workflow - tests: remove End-Of-Life opensuse/fedora releases - tests: remove End-Of-Life releases from spread.yaml - tests: fix debug section of appstream-id test - interfaces: check !b.preseed earlier - tests: work around bug in systemd/debian - boot: add deepEqual, Copy helpers for Modeenv to simplify bootstate20 refactor - cmd: add new "snap recovery" command - interfaces/systemd: use emulation mode when preseeding - interfaces/kmod: don't load kernel modules in kmod backend when preseeding - interfaces/udev: do not reload udevadm rules when preseeding - cmd/snap-preseed: use snapd from the deb if newer than from seeds - boot: fancy marshaller for modeenv values - gadget, osutil: use atomic file copy, adjust tests - overlord: use new tracking cgroup for refresh app awareness - github: do not skip gofmt with Go 1.9/1.10 - many: introduce content write observer, install mode glue, initial seal stubs - daemon,many: switch to use client.ErrorKind and drop the local errorKind... - tests: new parameters for nested execution - client: move all error kinds into errors.go and add doc strings - cmd/snap: display the error in snap debug seeding if seeding is in error - cmd/snap/debug/seeding: use unicode for proper yaml - tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty recovery_mode - osutil/disks: add mock disk and tests for happy path of mock disks - tests: refresh/revert snapd in uc20 - osutil/disks: use a dedicated error to indicate a fs label wasn't found - interfaces/system-key: in WriteSystemKey during tests, don't call ParserFeatures - boot: add current recovery systems to modeenv - bootloader: extend managed assets bootloader interface to compose a candidate command line - interfaces: make the unmarshal test match more the comment - daemon/api: use pointers to time.Time for debug seeding aspect - o/ifacestate: update security profiles in connect undo handler - interfaces: add uinput interface - cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit tests - o/devicestate: save seeding/preseeding times for use with debug seeding api - cmd/snap/debug: add "snap debug seeding" command for preseeding debugging - tests/main/selinux-clean: workaround SELinux denials triggered by linger setup on Centos8 - bootloader: compose command line with mode and extra arguments - cmd/snap, daemon: detect and bail purge on multi-snap - o/ifacestate: fix bug in snapsWithSecurityProfiles - interfaces/builtin/multipass: replace U+00A0 no-break space with simple space - bootloader/assets: generate bootloader assets from files - many/tests/preseed: reset the preseeded images before preseeding them - tests: drop accidental accents from e - secboot: improve key sealing tests - tests: replace _wait_for_file_change with retry - tests: new fs-state which replaces the files.sh helper - sysconfig/cloudinit_test.go: add test for initramfs case, rm "/" from path - cmd/snap: track started apps and hooks - tests/main/interfaces-pulseaudio: disable start limit checking for pulseaudio service - api: seeding debug api - .github/workflows/snap-build.yaml: build the snapd snap via GH Actions too - tests: moving journalctl.sh to a new journal-state tool - tests/nested/manual: add spread tests for cloud-init vuln - bootloader/assets: helpers for registering per-edition snippets, register snippets for grub - data,packaging,wrappers: extend D-Bus service activation search path - spread: add opensuse 15.2 and tumbleweed for qemu - overlord,o/devicestate: restrict cloud-init on Ubuntu Core - sysconfig/cloudinit: add RestrictCloudInit - cmd/snap-preseed: check that target path exists and is a directory on --reset - tests: check for pids correctly - gadget,gadget/install: refactor partition table update - sysconfig/cloudinit: add CloudInitStatus func + CloudInitState type - interface/fwupd: add more policies for making fwupd upstream strict - tests: new to-one-line tool which replaces the strings.sh helper - interfaces: new helpers to get and compare system key, for use with seeding debug api - osutil, many: add helper for checking whether the process is a go test binary - cmd/snap-seccomp/syscalls: add faccessat2 - tests: adjust xdg-open after launcher changes - tests: new core config helper - usersession/userd: do not modify XDG_DATA_DIRS when calling xdg- open - cmd/snap-preseed: handle relative chroot path - snapshotstate: move sizer to osutil.Sizer() - tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref kernel tests - gadget/install,secboot: use snapcore/secboot luks2 api - boot/initramfs_test.go: add Commentf to more Assert()'s - tests/lib: account for changes in arch package file name extension - bootloader/bootloadertest: fix comment typo - bootloader: add helper for getting recovery system environment variables - tests: preinstall shellcheck and run tests on focal - strutil: add a helper for parsing kernel command line - osutil: add CheckFreeSpace helper - secboot: update tpm connection error handling - packaging, cmd/snap-mgmt, tests: remove modules files on purge - tests: add tests.cleanup helper - packaging: add "ca-certificates" to build-depends - tests: more checks in core20 early config spread test - tests: fix some snapstate tests to use pointers for snapmgrTestSuite - boot: better naming of helpers for obtaining kernel command line - many: use more specific check for unit test mocking - systemd/escape: fix issues with "" and "\t" handling - asserts: small improvements and corrections for sequence-forming assertions' support - boot, bootloader: query kernel command line of run mod and recovery mode systems - snap/validate.go: disallow snap layouts with new top-level directories - tests: allow to add a new label to run nested tests as part of PR validation - tests/core/gadget-update-pc: port to UC20 - tests: improve nested tests flexibility - asserts: integer headers: disallow prefix zeros and make parsing more uniform - asserts: implement Database.FindSequence - asserts: introduce SequenceMemberAfter in the asserts backstores - spread.yaml: remove tests/lib/tools from PATH - overlord: refuse to install snaps whose activatable D-Bus services conflict with installed snaps - tests: shorten lxd-state undo-mount-changes - snap-confine: don't die if a device from sysfs path cannot be found by udev - tests: fix argument handling of apt-state - tests: rename lxd-tool to lxd-state - tests: rename user-tool to user-state, fix --help - interfaces: add gconf interface - sandbox/cgroup: avoid parsing security tags twice - tests: rename version-tool to version-compare - cmd/snap-update-ns: handle anomalies better - tests: fix call to apt.Package.mark_install(auto_inst=True) - tests: rename mountinfo-tool to mountinfo.query - tests: rename memory-tool to memory-observe-do - tests: rename invariant-tool to tests.invariant - tests: rename apt-tool to apt-state - many: managed boot config during run mode setup - asserts: introduce the concept of sequence-forming assertion types - tests: tweak comments/output in uc20-recovery test - tests/lib/pkgdb: do not use quiet when purging debs - interfaces/apparmor: allow snap-specific /run/lock - interfaces: add system-source-code for access to /usr/src - sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data - gadget/install: move udev trigger to gadget/install - many: make nested spread tests more reliable - tests/core/uc20-recovery: apply hack to get gopath in recover mode w/ external backend - tests: enable tests on uc20 which now work with the real model assertion - tests: enable system-snap-refresh test on uc20 - gadget, bootloader: preserve managed boot assets during gadget updates - tests: fix leaked dbus-daemon in selinux-clean - tests: add servicestate.Control tests - tests: fix "restart.service" - wrappers: helper for enabling services - extract and move enabling of services into a helper - tests: new test to validate refresh and revert of kernel and gadget on uc20 - tests/lib/prepare-restore: collect debug info when prepare purge fails - bootloader: allow managed bootloader to update its boot config - tests: Remove unity test from nightly test suite - o/devicestate: set mark-seeded to done in the task itself - tests: add spread test for disconnect undo caused by failing disconnect hook - sandbox/cgroup: allow discovering PIDs of given snap - osutil/disks: support IsDecryptedDevice for mountpoints which are dm devices - osutil: detect autofs mounted in /home - spread.yaml: allow amazon-linux-2-64 qemu with ec2-user/ec2-user - usersession: support additional zoom URL schemes - overlord: mock timings.DurationThreshold in TestNewWithGoodState - sandbox/cgroup: add tracking helpers - tests: detect stray dbus-daemon - overlord: refuse to install snaps providing user daemons on Ubuntu 14.04 - many: move encryption and installer from snap-boostrap to gadget - o/ifacestate: fix connect undo handler - interfaces: optimize rules of multiple connected iio/i2c/spi plugs - bootloader: introduce managed bootloader, implement for grub - tests: fix incorrect check in smoke/remove test - asserts,seed: split handling of essential/not essential model snaps - gadget: fix typo in mounted filesystem updater - gadget: do only one mount point lookup in mounted fs updater - tests/core/snap-auto-mount: try to make the test more robust - tests: adding ubuntu-20.04 to google-sru backend - o/servicestate: add updateSnapstateServices helper - bootloader: pull recovery grub config from internal assets - tests/lib/tools: apply linger workaround when needed - overlord/snapstate: graceful handling of denied "managed" refresh schedule - snapstate: fix autorefresh from classic->strict - overlord/configstate: add system.kernel.printk.console-loglevel option - tests: fix assertion disk handling for nested UC systems - snapstate: use testutil.HostScaledTimeout() in snapstate tests - tests: extra worker for google-nested backend to avoid timeout error on uc20 - snapdtool: helper to check whether the current binary is reexeced from a snap - tests: mock servicestate in api tests to avoid systemctl checks - many: rename back snap.Info.GetType to Type - tests/lib/cla_check: expect explicit commit range - osutil/disks: refactor diskFromMountPointImpl a bit - o/snapstate: service-control task handler - osutil: add disks pkg for associating mountpoints with disks/partitions - gadget,cmd/snap-bootstrap: move partitioning to gadget - seed: fix LoadEssentialMeta when gadget is not loaded - cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo secure_path - asserts: introduce new assertion validation-set - asserts,daemon: add support for "serials" field in system-user assertion - data/sudo: drop a failed sudo secure_path workaround - gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat - boot, snap-bootstrap: move initramfs-mounts logic to boot pkg - spread.yaml: update secure boot attribute name - interfaces/block_devices: add NVMe subsystem devices, support multipath paths - tests: use the "jq" snap from the edge channel - tests: simplify the tpm test by removing the test-snapd-mokutil snap - boot/bootstate16.go: clean snap_try_* vars when not in Trying status too - tests/main/sudo-env: check snap path under sudo - tests/main/lxd: add test for snaps inside nested lxd containers not working - asserts/internal: expand errors about invalid serialized grouping labels - usersession/userd: add msteams url support - tests/lib/prepare.sh: adjust comment about sgdisk - tests: fix how gadget pc is detected when the snap does not exist and ls fails - tests: move a few more tests to snapstate_update_test.go - tests/main: add spread test for running svc from install hook - tests/lib/prepare: increase the size of the uc16/uc18 partitions - tests/special-home-can-run-classic-snaps: re-enable - workflow: test PR title as part of the static checks again - tests/main/xdg-open-compat: backup and restore original xdg-open - tests: move update-related tests to snapstate_update_test.go - cmd,many: move Version and bits related to snapd tools to snapdtool, merge cmdutil - tests/prepare-restore.sh: reset-failed systemd-journald before restarting - interfaces: misc small interface updates - spread: use find rather than recursive ls, skip mounted snaps - tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls /var/lib/snapd - tests: enable snap-auto-mount test on core20 - cmd/snap: do not show $PATH warning when executing under sudo on a known distro - asserts/internal: add some iteration benchmarks - sandbox/cgroup: improve pid parsing code - snap: add new `snap run --experimental-gdbserver` option - asserts/internal: limit Grouping size switching to a bitset representationWe don't always use the bit-set representation because: - snap: add an activates-on property to apps for D-Bus activation - dirs: delete unused Cloud var, fix typo - sysconfig/cloudinit: make callers of DisableCloudInit use WritableDefaultsDir - tests: fix classic ubuntu core transition auth - tests: fail in setup_reflash_magic() if there is snapd state left - tests: port interfaces-many-core-provided to tests.session - tests: wait after creating partitions with sfdisk - bootloader: introduce bootloarder assets, import grub.cfg with an edition marker - riscv64: bump timeouts - gadget: drop dead code, hide exports that are not used externally - tests: port 2 uc20 part1 - tests: fix bug waiting for snap command to be ready - tests: move try-related tests to snapstate_try_test.go - tests: add debug for 20.04 prepare failure - travis.yml: removed, all our checks run in GH actions now - tests: clean up up the use of configcoreSuite in the configcore tests - sandbox/cgroup: remove redundant pathOfProcPidCgroup - sandbox/cgroup: add tests for ParsePids - tests: fix the basic20 test for uc20 on external backend - tests: use configcoreSuite in journalSuite and remove some duplicated code - tests: move a few more tests to snapstate_install_test - tests: assorted small patches - dbusutil/dbustest: separate license from package - interfaces/builtin/time-control: allow POSIX clock API - usersession/userd: add "slack" to the white list of URL schemes handled by xdg-open - tests: check that host settings like hostname are settable on core - tests: port xdg-settings test to tests.session - tests: port snap-handle-link test to tests.session - arch: add riscv64 - tests: core20 early defaults spread test - tests: move install tests from snapstate_test.go to snapstate_install_test.go - github: port macOS sanity checks from travis - data/selinux: allow checking /var/cache/app-info - o/devicestate: core20 early config from gadget defaults - tests: autoremove after removing lxd in preseed-lxd test - secboot,cmd/snap-bootstrap: add tpm sealing support to secboot - sandbox/cgroup: move FreezerCgroupDir from dirs.go - tests: update the file used to detect the boot path on uc20 - spread.yaml: show /var/lib/snapd in debug - cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock + netplan files - snap/naming: add helpers to parse app and hook security tags - tests: modernize retry tool - tests: fix and trim debug section in xdg-open-portal - tests: modernize and use snapd.tool - vendor: update to latest github.com/snapcore/bolt for riscv64 - cmd/snap-confine: add support for libc6-lse - interfaces: miscellaneous policy updates xlv - interfaces/system-packages-doc: fix typo in variable names - tests: port interfaces-calendar-service to tests.session - tests: install/run the lzo test snap too - snap: (small) refactor of `snap download` code for testing/extending - data: fix shellcheck warnings in snapd.sh.in - packaging: disable buildmode=pie for riscv64 - tests: install test-snapd-rsync snap from edge channel - tests: modernize tests.session and port everything using it - tests: add ubuntu 20.10 to spread tests - cmd/snap/remove: mention snap restore/automatic snapshots - dbusutil: move all D-Bus helpers and D-Bus test helpers - wrappers: pass 'disable' flag to StopServices wrapper - osutil: enable riscv64 build - snap/naming: add ParseSecurityTag and friends - tests: port document-portal-activation to session-tool - bootloader: rename test helpers to reflect we are mocking EFI boot locations - tests: disable test of nfs v3 with udp proto on debian-sid - tests: plan to improve the naming and uniformity of utilities - tests: move *-tool tests to their own suite - snap-bootstrap: remove sealed key file on reinstall - bootloader/ubootenv: don't panic with an empty uboot env - systemd: rename actualFsTypeAndMountOptions to hostFsTypeAndMountOptions - daemon: fix filtering of service-control changes for snap.app - tests: spread test for preseeding in lxd container - tests: fix broken snapd.session agent.socket - wrappers: add RestartServices function and ReloadOrRestart to systemd - o/cmdstate: handle ignore flag on exec-command tasks - gadget: make ext4 filesystems with or without metadata checksum - tests: update statx test to run on all LTS releases - configcore: show better error when disabling services - interfaces: add hugepages-control - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ - tests: run ubuntu-20.04-* tests on all ubuntu-2* releases - tests: skip interfaces-openvswitch for centos 8 in nightly suite - tests: reload systemd --user for root, if present - tests: reload systemd after editing /etc/fstab - tests: add missing dependencies needed for sbuild test on debian - tests: reload systemd after removing pulseaudio - image, tests: core18 early config. - interfaces: add system-packages-doc interface - cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when preseeding - interfaces/fwupd: allow bind mount to /boot on core - tests: improve oom-vitality tests - tests: add fedora 32 to spread.yaml - config: apply vitality-hint immediately when the config changes - tests: port snap-routine-portal-info to session-tool - configcore: add "service.console-conf.disable" config option - tests: port xdg-open to session-tool - tests: port xdg-open-compat to session-tool - tests: port interfaces-desktop-* to session-tool - spread.yaml: apply yaml formatter/linter - tests: port interfaces-wayland to session-tool - o/devicestate: refactor current system handling - snap-mgmt: perform cleanup of user services - snap/snapfile,squashfs: followups from 8729 - boot, many: require mode in modeenv - data/selinux: update policy to allow forked processes to call getpw*() - tests: log stderr from dbus-monitor - packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers tag - snap/squashfs: also symlink snap Install with uc20 seed snap dir layout - interfaces/builtin/desktop: do not mount fonts cache on distros with quirks - data/selinux: allow snapd to remove/create the its socket - testutil/exec.go: set PATH after running shellcheck - tests: silence stderr from dbus-monitor - snap,many: mv Open to snapfile pkg to support add'l options to Container methods - devicestate, sysconfig: revert support for cloud.cfg.d/ in the gadget - github: remove workaround for bug 133 in actions/cache - tests: remove dbus.sh - cmd/snap-preseed: improve mountpoint checks of the preseeded chroot - spread.yaml: add ps aux to debug section - github: run all spread systems in a single go with cached results - test: session-tool cli tweaks - asserts: rest of the Pool API - tests: port interfaces-network-status-classic to session-tool - packaging: remove obsolete 16.10,17.04 symlinks - tests: setup portals before starting user session - o/devicestate: typo fix - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed devices - cmd/snap/model: support store, system-user-authority keys in --verbose - o/devicestate: raise conflict when requesting system action while seeding - tests: detect signs of crashed snap-confine - tests: sign kernel and gadget to run nested tests using current snapd code - tests: remove gnome-online-accounts we install - tests: fix the issue where all the tests were executed on secboot system - tests: port interfaces-accounts-service to session-tool - interfaces/network-control: bring /var/lib/dhcp from host - image,cmd/snap,tests: add support for store-wide cohort keys - configcore: add nomanagers buildtag for conditional build - tests: port interfaces-password-manager-service to session-tool - o/devicestate: cleanup system actions supported by recover mode - snap-bootstrap: remove create-partitions and update tests - tests: fix nested tests - packaging/arch: update PKGBUILD to match one in AUR - tests: port interfaces-location-control to session-tool - tests: port interfaces-contacts-service to session-tool - state: log task errors in the journal too - o/devicestate: change how current system is reported for different modes - devicestate: do not report "ErrNoState" for seeded up - tests: add a note about broken test sequence - tests: port interfaces-autopilot-introspection to session-tool - tests: port interfaces-dbus to session-tool - packaging: update sid packaging to match 16.04+ - tests: enable degraded test on uc20 - c/snaplock/runinhibit: add run inhibition operations - tests: detect and report root-owned files in /home - tests: reload root's systemd --user after snapd tests - tests: test registration with serial-authority: [generic] - cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon- key in recover - tests/mount-ns: stop binfmt_misc mount unit - cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition uuid if available - daemon, tests: indicate system mode, test switching to recovery and back to run - interfaces/desktop: silence more /var/lib/snapd/desktop/icons denials - tests/mount-ns: update to reflect new UEFI boot mode - usersession,tests: clean ups for userd/settings.go and move xdgopenproxy under usersession - tests: disable mount-ns test - tests: test user belongs to systemd-journald, on core20 - tests: run core/snap-set-core-config on uc20 too - tests: remove generated session-agent units - sysconfig: use new _writable_defaults dir to create cloud config - cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for future work - asserts: make clearer that with label we mean a serialized label - cmd/snap-bootstrap: tweak recovery trigger log messages - asserts: introduce PoolTo - userd: allow setting default-url-scheme-handler - secboot: append uuid to ubuntu-data when decrypting - o/configcore: pass extra options to FileSystemOnlyApply - tests: add dbus-user-session to bionic and reorder package names - boot, bootloader: adjust comments, expand tests - tests: improve debugging of user session agent tests - packaging: add the inhibit directory - many: add core.resiliance.vitality-hint config setting - tests: test adjustments and fixes for recently published images - cmd/snap: coldplug auto-import assertions from all removable devices - secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to secboot - tests: not fail when boot dir cannot be determined - tests: new directory used to store the cloud images on gce - tests: inject snapd from edge into seeds of the image in manual preseed test - usersession/agent,wrappers: fix races between Shutdown and Serve - tests: add dependency needed for next upgrade of bionic - tests: new test user is used for external backend - cmd/snap: fix the order of positional parameters in help output - tests: don't create root-owned things in ~test - tests/lib/prepare.sh: delete patching of the initrd - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy as well - progress: tweak multibyte label unit test data - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline - gadget: fix fallback device lookup for 'mbr' type structures - configcore: only reload journald if systemd is new enough - cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data - wrappers: allow user mode systemd daemons - progress: fix progress bar with multibyte duration units - tests: fix raciness in pulseaudio test - asserts/internal: introduce Grouping and Groupings - tests: remove user.sh - tests: pair of follow-ups from earlier reviews - overlord/snapstate: warn of refresh/postpone events - configcore,tests: use daemon-reexec to apply watchdog config - c/snap-bootstrap: check mount states via initramfsMountStates - store: implement DownloadAssertions - tests: run smoke test with different bases - tests: port user-mounts test to session-tool - store: handle error-list in fetch-assertions results - tests: port interfaces-audio-playback-record to session-tool - data/completion: add `snap` command completion for zsh - tests/degraded: ignore failure in systemd-vconsole-setup.service - image: stub implementation of image.Prepare for darwin - tests: session-tool --restore -u stops user-$UID.slice - o/ifacestate/handlers.go: fix typo - tests: port pulseaudio test to session-tool - tests: port user-session-env to session-tool - tests: work around journald bug in core16 - tests: add debug to core-persistent-journal test - tests: port selinux-clean to session-tool - tests: port portals test to session-tool, fix portal tests on sid - tests: adding option --no-install-recommends option also when install all the deps - tests: add session-tool --has-systemd-and-dbus - packaging/debian-sid: add gcc-multilib to build deps - osutil: expand FileLock to support shared locks and more - packaging: stop depending on python-docutils - store,asserts,many: support the new action fetch-assertions - tests: port snap-session-agent-* to session-tool - packaging/fedora: disable FIPS compliant crypto for static binaries - tests: fix for preseeding failures * New upstream release, LP: #1875071 - o/ifacestate: fix bug in snapsWithSecurityProfiles - tests/main/selinux-clean: workaround SELinux denials triggered by linger setup on Centos8 * New upstream release, LP: #1875071 - many: backport _writable_defaults dir changes - tests: fix incorrect check in smoke/remove test - cmd/snap-bootstrap,seed: backport of uc20 PRs - tests: avoid exit when nested type var is not defined - cmd/snap-preseed: backport fixes - interfaces: optimize rules of multiple connected iio/i2c/spi plugs - many: cherry-picks for 2.45, gh-action, test fixes - tests/lib: account for changes in arch package file name extension - postrm, snap-mgmt: cleanup modules and other cherry-picks - snap-confine: don't die if a device from sysfs path cannot be found by udev - data/selinux: update policy to allow forked processes to call getpw*() - tests/main/interfaces-time-control: exercise setting time via date - interfaces/builtin/time-control: allow POSIX clock API - usersession/userd: add "slack" to the white list of URL schemes handled by xdg-open * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open implementation - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment variable modification when calling the system xdg-open. Patch thanks to James Henstridge - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is restarted. Patch thanks to Michael Vogt - CVE-2020-11934 - LP: #1880085 * SECURITY UPDATE: arbitrary code execution vulnerability on core devices with access to physical removable media - devicestate: Disable/restrict cloud-init after seeding. - CVE-2020-11933 - LP: #1879530 * New upstream release, LP: #1875071 - data/selinux: allow checking /var/cache/app-info - cmd/snap-confine: add support for libc6-lse - interfaces: miscellaneous policy updates xlv - snap-bootstrap: remove sealed key file on reinstall - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ - gadget: make ext4 filesystems with or without metadata checksum - interfaces/fwupd: allow bind mount to /boot on core - tests: cherry-pick test fixes from master - snap/squashfs: also symlink snap Install with uc20 seed snap dir layout - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed devices - snap,many: mv Open to snapfile pkg to support add'l options to Container methods - interfaces/builtin/desktop: do not mount fonts cache on distros with quirks - devicestate, sysconfig: revert support for cloud.cfg.d/ in the gadget - data/completion, packaging: cherry-pick zsh completion - state: log task errors in the journal too - devicestate: do not report "ErrNoState" for seeded up - interfaces/desktop: silence more /var/lib/snapd/desktop/icons denials - packaging/fedora: disable FIPS compliant crypto for static binaries - packaging: stop depending on python-docutils * New upstream release, LP: #1875071 - o/devicestate: support doing system action reboots from recover mode - vendor: update to latest secboot - tests: not fail when boot dir cannot be determined - configcore: only reload journald if systemd is new enough - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data when decrypting - tests/lib/prepare.sh: delete patching of the initrd - cmd/snap: coldplug auto-import assertions from all removable devices - cmd/snap: fix the order of positional parameters in help output - c/snap-bootstrap: port mount state mocking to the new style on master - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy as well - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline, unlock in recover mode initramfs - progress: tweak multibyte label unit test data - gadget: fix fallback device lookup for 'mbr' type structures - progress: fix progress bar with multibyte duration units - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20 - many: put the sealed keys in a directory on seed for tidiness - cmd/snap-bootstrap: measure epoch and model before unlocking encrypted data - o/configstate: core config handler for persistent journal - bootloader/uboot: use secondary ubootenv file boot.sel for uc20 - packaging: add "$TAGS" to dh_auto_test for debian packaging - tests: ensure $cache_dir is actually available - secboot,cmd/snap-bootstrap: add model to pcr protection profile - devicestate: do not use snap-boostrap in devicestate to install - tests: fix a typo in nested.sh helper - devicestate: add support for cloud.cfg.d config from the gadget - cmd/snap-bootstrap: cleanups, naming tweaks - testutil: add NewDBusTestConn - snap-bootstrap: lock access to sealed keys - overlord/devicestate: preserve the current model inside ubuntu- boot - interfaces/apparmor: use differently templated policy for non-core bases - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing syscalls - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first, other misc changes - o/snapstate: tweak "waiting for restart" message - boot: store model model and grade information in modeenv - interfaces/firewall-control: allow -legacy and -nft for core20 - boot: enable makeBootable20RunMode for EnvRefExtractedKernel bootloaders - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20 implementation - daemon: fix error message from `snap remove-user foo` on classic - overlord: have a variant of Mock that can take a state.State - tests: 16.04 and 18.04 now have mediating pulseaudio (again) - seed: clearer errors for missing essential snapd or core snap - cmd/snap-bootstrap/initramfs-mounts: support EnvRefExtractedKernelBootloader's - gadget, cmd/snap-bootstrap: MBR schema support - image: improve/adjust DownloadSnap doc comment - asserts: introduce ModelGrade.Code - tests: ignore user-12345 slice and service - image,seed/seedwriter: support redirect channel aka default tracks - bootloader: use binary.Read/Write - tests: uc20 nested suite part II - tests/boot: refactor to make it easier for new bootloaderKernelState20 impl - interfaces/openvswitch: support use of ovs-appctl - snap-bootstrap: copy auth data from real ubuntu-data in recovery mode - snap-bootstrap: seal and unseal encryption key using tpm - tests: disable special-home-can-run-classic-snaps due to jenkins repo issue - packaging: fix build on Centos8 to support BUILDTAGS - boot/bootstate20: small changes to bootloaderKernelState20 - cmd/snap: Implement a "snap routine file-access" command - spread.yaml: switch back to latest/candidate for lxd snap - boot/bootstate20: re-factor kernel methods to use new interface for state - spread.yaml,tests/many: use global env var for lxd channel - boot/bootstate20: fix bug in try-kernel cleanup - config: add system.store-certs.[a-zA-Z0-9] support - secboot: key sealing also depends on secure boot enabled - httputil: fix client timeout retry tests - cmd/snap-update-ns: handle EBUSY when unlinking files - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20 vars - secboot: add tpm support helpers - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for kernel and gadget - cmd/snap-bootstrap: switch to a 64-byte key for unlocking - tests: preserve size for centos images on spread.yaml - github: partition the github action workflows - run-checks: use consistent "Checking ..." style messages - bootloader: add efi pkg for reading efi variables - data/systemd: do not run snapd.system-shutdown if finalrd is available - overlord: update tests to work with latest go - cmd/snap: do not hide debug boot-vars on core - cmd/snap-bootstrap: no error when not input devices are found - snap-bootstrap: fix partition numbering in create-partitions - httputil/client_test.go: add two TLS version tests - tests: ignore user@12345.service hierarchy - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things - tests: rewrite timeserver-control test - tests: fix racy pulseaudio tests - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS - tests: update snap-preseed --reset logic to accommodate for 2.44 change - cmd/snap: don't wait for system key when stopping - sandbox/cgroup: avoid making arrays we don't use - osutil: mock proc/self/mountinfo properly everywhere - selinux: export MockIsEnforcing; systemd: use in tests - tests: add 32 bit machine to GH actions - tests/session-tool: kill cron session, if any - asserts: it should be possible to omit many snap-ids if allowed, fix - boot: cleanup more things, simplify code - github: skip spread jobs when corresponding label is set - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor pkg - tests/session-tool: add session-tool --dump - github: allow cached debian downloads to restore - tests/session-tool: session ordering is non-deterministic - tests: enable unit tests on debian-sid again - github: move spread to self-hosted workers - secboot: import secboot on ubuntu, provide dummy on !ubuntu - overlord/devicestate: support for recover and run modes - snap/naming: add validator for snap security tag - interfaces: add case for rootWritableOverlay + NFS - tests/main/uc20-create-partitions: tweaks, renames, switch to 20.04 - github: port CLA check to Github Actions - interfaces/many: miscellaneous policy updates xliv - configcore,tests: fix setting watchdog options on UC18/20 - tests/session-tool: collect information about services on startup - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create- partitions - state: add state.CopyState() helper - tests/session-tool: stop anacron.service in prepare - interfaces: don't use the owner modifier for files shared via document portal - systemd: move the doc comments to the interface so they are visible - cmd/snap-recovery-chooser: tweaks - interfaces/docker-support: add overlayfs file access - packaging: use debian/not-installed to ignore snap-preseed - travis.yml: disable unit tests on travis - store: start splitting store.go and store_test.go into subtopic files - tests/session-tool: stop cron/anacron from meddling - github: disable fail-fast as spread cannot be interrupted - github: move static checks and spread over - tests: skip "/etc/machine-id" in "writablepaths" test - snap-bootstrap: store encrypted partition recovery key - httputil: increase testRetryStrategy max timelimit to 5s - tests/session-tool: kill leaking closing session - interfaces: allow raw access to USB printers - tests/session-tool: reset failed session-tool units - httputil: increase httpclient timeout in TestRetryRequestTimeoutHandling - usersession: extend timerange in TestExitOnIdle - client: increase timeout in client tests to 100ms - many: disentagle release and snapdenv from sandbox/* - boot: simplify modeenv mocking to always write a modeenv - snap-bootstrap: expand data partition on install - o/configstate: add backlight option for core config - cmd/snap-recovery-chooser: add recovery chooser - features: enable robust mount ns updates - snap: improve TestWaitRecovers test - sandbox/cgroup: add ProcessPathInTrackingCgroup - interfaces/policy: fix comment in recent new test - tests: make session tool way more robust - interfaces/seccomp: allow passing an address to setgroups - o/configcore: introduce core config handlers (3/N) - interfaces: updates to login-session-observe, network-manager and modem-manager interfaces - interfaces/policy/policy_test.go: add more tests'allow- installation: false' and we grant based on interface attributes - packaging: detect/disable broken seed in the postinst - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia library - tests: remove google-tpm backend from spread.yaml - tests: install dependencies with apt using --no-install-recommends - usersession/userd: add zoommtg url support - snap-bootstrap: fix disk layout sanity check - snap: add `snap debug state --is-seeded` helper - devicestate: generate warning if seeding fails - config, features: move and rename config.GetFeatureFlag helper to features.Flag - boot, overlord/devicestate, daemon: implement requesting boot into a given recovery system - xdgopenproxy: forward requests to the desktop portal - many: support immediate reboot - store: search v2 tweaks - tests: fix cross build tests when installing dependencies - daemon: make POST /v2/systems/