Skip to content

Latest commit

 

History

History
224 lines (204 loc) · 11.8 KB

NEWS.md

File metadata and controls

224 lines (204 loc) · 11.8 KB

In progress:

  • Installation of local snap components

New in snapd 2.63:

  • Support for snap services to show the current status of user daemons

New in snapd 2.63:

  • system-observe now allows listing systemd units and querying their properties over DBus

New in snapd 2.62:

  • Aspects based configuration schema support (experimental)
  • Refresh app awareness support for UI (experimental)
  • Support for user daemons by introducing new control switches --user/--system/--users for service start/stop/restart (experimental)
  • Add AppArmor prompting experimental flag (feature currently unsupported)
  • Installation of local snap components of type test
  • Packaging of components with snap pack
  • Expose experimental features supported/enabled in snapd REST API endpoint /v2/system-info
  • Support creating and removing recovery systems for use by factory reset
  • Enable API route for creating and removing recovery systems using /v2/systems with action create and /v2/systems/{label} with action remove
  • Lift requirements for fde-setup hook for single boot install
  • Enable single reboot gadget update for UC20+
  • Allow core to be removed on classic systems
  • Support for remodeling on hybrid systems
  • Install desktop files on Ubuntu Core and update after snapd upgrade
  • Upgrade sandbox features to account for cgroup v2 device filtering
  • Support snaps to manage their own cgroups
  • Add support for AppArmor 4.0 unconfined profile mode
  • Add AppArmor based read access to /etc/default/keyboard
  • Upgrade to squashfuse 0.5.0
  • Support useradd utility to enable removing Perl dependency for UC24+
  • Support for recovery-chooser to use console-conf snap
  • Add support for --uid/--gid using strace-static
  • Add support for notices (from pebble) and expose via the snapd REST API endpoints /v2/notices and /v2/notice
  • Add polkit authentication for snapd REST API endpoints /v2/snaps/{snap}/conf and /v2/apps
  • Add refresh-inhibit field to snapd REST API endpoint /v2/snaps
  • Add refresh-inhibited select query to REST API endpoint /v2/snaps
  • Take into account validation sets during remodeling
  • Improve offline remodeling to use installed revisions of snaps to fulfill the remodel revision requirement
  • Add rpi configuration option sdtv_mode
  • When snapd snap is not installed, pin policy ABI to 4.0 or 3.0 if present on host
  • Fix gadget zero-sized disk mapping caused by not ignoring zero sized storage traits
  • Fix gadget install case where size of existing partition was not correctly taken into account
  • Fix trying to unmount early kernel mount if it does not exist
  • Fix restarting mount units on snapd start
  • Fix call to udev in preseed mode
  • Fix to ensure always setting up the device cgroup for base bare and core24+
  • Fix not copying data from newly set homedirs on revision change
  • Fix leaving behind empty snap home directories after snap is removed (resulting in broken symlink)
  • Fix to avoid using libzstd from host by adding to snapd snap
  • Fix autorefresh to correctly handle forever refresh hold
  • Fix username regex allowed for system-user assertion to not allow '+'
  • Fix incorrect application icon for notification after autorefresh completion
  • Fix to restart mount units when changed
  • Fix to support AppArmor running under incus
  • Fix case of snap-update-ns dropping synthetic mounts due to failure to match desired mount dependencies
  • Fix parsing of base snap version to enable pre-seeding of Ubuntu Core Desktop
  • Fix packaging and tests for various distributions
  • Add remoteproc interface to allow developers to interact with Remote Processor Framework which enables snaps to load firmware to ARM Cortex microcontrollers
  • Add kernel-control interface to enable controlling the kernel firmware search path
  • Add nfs-mount interface to allow mounting of NFS shares
  • Add ros-opt-data interface to allow snaps to access the host /opt/ros/ paths
  • Add snap-refresh-observe interface that provides refresh-app-awareness clients access to relevant snapd API endpoints
  • steam-support interface: generalize Pressure Vessel root paths and allow access to driver information, features and container versions
  • steam-support interface: make implicit on Ubuntu Core Desktop
  • desktop interface: improved support for Ubuntu Core Desktop and limit autoconnection to implicit slots
  • cups-control interface: make autoconnect depend on presence of cupsd on host to ensure it works on classic systems
  • opengl interface: allow read access to /usr/share/nvidia
  • personal-files interface: extend to support automatic creation of missing parent directories in write paths
  • network-control interface: allow creating /run/resolveconf
  • network-setup-control and network-setup-observe interfaces: allow busctl bind as required for systemd 254+
  • libvirt interface: allow r/w access to /run/libvirt/libvirt-sock-ro and read access to /var/lib/libvirt/dnsmasq/**
  • fwupd interface: allow access to IMPI devices (including locking of device nodes), sysfs attributes needed by amdgpu and the COD capsule update directory
  • uio interface: allow configuring UIO drivers from userspace libraries
  • serial-port interface: add support for NXP Layerscape SoC
  • lxd-support interface: add attribute enable-unconfined-mode to require LXD to opt-in to run unconfined
  • block-devices interface: add support for ZFS volumes
  • system-packages-doc interface: add support for reading jquery and sphinx documentation
  • system-packages-doc interface: workaround to prevent autoconnect failure for snaps using base bare
  • microceph-support interface: allow more types of block devices to be added as an OSD
  • mount-observe interface: allow read access to /proc/{pid}/task/{tid}/mounts and proc/{pid}/task/{tid}/mountinfo
  • polkit interface: changed to not be implicit on core because installing policy files is not possible
  • upower-observe interface: allow stats refresh
  • gpg-public-keys interface: allow creating lock file for certain gpg operations
  • shutdown interface: allow access to SetRebootParameter method
  • media-control interface: allow device file locking
  • u2f-devices interface: support for Trustkey G310H, JaCarta U2F, Kensington VeriMark Guard, RSA DS100, Google Titan v2

New in snapd 2.61.3:

  • Install systemd files in correct location for 24.04

New in snapd 2.61.2:

  • Fix to enable plug/slot sanitization for prepare-image
  • Fix panic when device-service.access=offline
  • Support offline remodeling
  • Allow offline update only remodels without serial
  • Fail early when remodeling to old model revision
  • Fix to enable plug/slot sanitization for validate-seed
  • Allow removal of core snap on classic systems
  • Fix network-control interface denial for file lock on /run/netns
  • Add well-known core24 snap-id
  • Fix remodel snap installation order
  • Prevent remodeling from UC18+ to UC16
  • Fix cups auto-connect on classic with cups snap installed
  • u2f-devices interface support for GoTrust Idem Key with USB-C
  • Fix to restore services after unlink failure
  • Add libcudnn.so to Nvidia libraries
  • Fix skipping base snap download due to false snapd downgrade conflict

New in snapd 2.61.1:

  • Stop requiring default provider snaps on image building and first boot if alternative providers are included and available
  • Fix auth.json access for login as non-root group ID
  • Fix incorrect remodelling conflict when changing track to older snapd version
  • Improved check-rerefresh message
  • Fix UC16/18 kernel/gadget update failure due volume mismatch with installed disk
  • Stop auto-import of assertions during install modes
  • Desktop interface exposes GetIdletime
  • Polkit interface support for new polkit versions
  • Fix not applying snapd snap changes in tracked channel when remodelling

New in snapd 2.61:

  • Fix control of activated services in 'snap start' and 'snap stop'
  • Correctly reflect activated services in 'snap services'
  • Disabled services are no longer enabled again when snap is refreshed
  • interfaces/builtin: added support for Token2 U2F keys
  • interfaces/u2f-devices: add Swissbit iShield Key
  • interfaces/builtin: update gpio apparmor to match pattern that contains multiple subdirectories under /sys/devices/platform
  • interfaces: add a polkit-agent interface
  • interfaces: add pcscd interface
  • Kernel command-line can now be edited in the gadget.yaml
  • Only track validation-sets in run-mode, fixes validation-set issues on first boot.
  • Added support for using store.access to disable access to snap store
  • Support for fat16 partition in gadget
  • Pre-seed authority delegation is now possible
  • Support new system-user name daemon
  • Several bug fixes and improvements around remodelling
  • Offline remodelling support

New in snapd 2.60.4:

  • Switch to plug/slot in the "qualcomm-ipc-router" interface but keeping backward compatibility
  • Fix "custom-device" udev KERNEL values
  • Allow firmware-updater snap to install user-daemons
  • Allow loopback as a block device

NEW in snapd 2.60.3:

  • Fix bug in the "private" plug attribute of the shared-memory interface that can result in a crash when upgrading from an old version of snapd.
  • Fix missing integration of the /etc/apparmor.d/tunables/home.d/ apparmor to support non-standard home directories

New in snapd 2.60.2:

  • Performance improvements for apparmor_parser to compensate for the slower -O expr-simplify default used. This should bring the performance back to the 2.60 level and even increase it for many use-cases.
  • Bugfixes

New in snapd 2.60.1:

  • Bugfixes
  • Use "aes-cbc-essiv:sha256" in cryptsetup on arm 32bit devices to increase speed on devices with CAAM support
  • Stop using -O no-expr-simplify in apparmor_parser to avoid potential exponential memory use. This can lead to slower policy complication in some cases but it is much safer on low memory devices.

New in snapd 2.60:

  • Support for dynamic snapshot data exclusions
  • Apparmor userspace is vendored inside the snapd snap
  • Added a default-configure hook that exposes gadget default configuration options to snaps during first install before services are started
  • Allow install from initrd to speed up the initial installation for systems that do not have a install-device hook
  • New snap sign --chain flag that appends the account and account-key assertions
  • Support validation-sets in the model assertion
  • Support new "min-size" field in gadget.yaml
  • New interface: "userns"

New in snapd 2.59.5:

  • Explicitly disallow the use of ioctl + TIOCLINUX This fixes CVE-2023-1523.

New in snapd 2.59.4:

  • Retry when looking for disk label on non-UEFI systems
  • Fix remodel from UC20 to UC22

New in snapd 2.59.3:

  • Fix quiet boot
  • Ignore case for vfat paritions when validating
  • Restart always enabled units

New in snapd 2.59.2:

  • Notify users when a user triggered auto refresh finished

New in snapd 2.59.1:

  • Add udev rules from steam-devices to steam-support interface
  • Bugfixes for layout path checking, dm_crypt permissions, mount-control interface parameter checking, kernel commandline parsing, docker-support, refresh-app-awareness

New in snapd 2.59:

  • Support setting extra kernel command line parameters via snap configuration and under a gadget allow-list
  • Support for Full-Disk-Encryption using ICE
  • Support for arbitrary home dir locations via snap configuration
  • New nvidia-drivers-support interface
  • Support for udisks2 snap
  • Pre-download of snaps ready for refresh and automatic refresh of the snap when all apps are closed
  • New microovn interface
  • Support uboot with CONFIG_SYS_REDUNDAND_ENV=n
  • Make "snap-preseed --reset" re-exec when needed
  • Update the fwupd interface to support fully confined fwupd
  • The memory,cpu,thread quota options are no longer experimental
  • Support debugging snap client requests via the SNAPD_CLIENT_DEBUG_HTTP environment variable
  • Support ssh listen-address via snap configuration
  • Support for quotas on single services
  • prepare-image now takes into account snapd versions going into the image, including in the kernel initrd, to fetch supported assertion formats