release: 2.68.2 #15141
Merged
release: 2.68.2 #15141
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* secboot,overlord/fdestate: seal with boot mode for FDE hooks Set the authorized boot modes for FDE hook keys. For now the run+recover key allows "run" and "recover", while the recover key allows "recover" and "factory-reset". * overlord/fdestate/backend: split profiles for data and save partitions There should be 3 different keys for FDE hooks. The run+recover key should be allowed for boot modes "run" and "recover". While recover key on data disk should be allowed on "recover". And finally recovery on save disk should be allowed in "recover" and "factory-reset". Here we split the profiles for "recover" for disks "data" and "save", so that we can set different authorized boot modes. * fixup! overlord/fdestate/backend: split profiles for data and save partitions
…15068) * Add more kernel fusion driver files * Fix permissions for kfd uevent read-only file
* secboot: add argon2 out-of-process command helpers Signed-off-by: Zeyad Gouda <[email protected]> * cmd/{snapd,snap-bootstrap}: add argon2 out-of-process special mode sub-commands Signed-off-by: Zeyad Gouda <[email protected]> * Revert "secboot: default to pbkdf2 instead of argon2id (canonical#15058)" This reverts commit ec60555. * fixup! secboot: use --argon2-proc arg instead of run-argon2 sub-command Signed-off-by: Zeyad Gouda <[email protected]> * fixup! secboot: handle error directly in MaybeRunArgon2OutOfProcessRequestHandler Signed-off-by: Zeyad Gouda <[email protected]> * fixup! secboot: disable argon2 out-of-process tests when built with nosecboot Signed-off-by: Zeyad Gouda <[email protected]> * fixup! secboot: set argon2 kdf from MaybeRunArgon2OutOfProcessRequestHandler Signed-off-by: Zeyad Gouda <[email protected]> * fixup! secboot: allow passing matching args for argon2 special mode Signed-off-by: Zeyad Gouda <[email protected]> * fixup! secboot: address review comments Signed-off-by: Zeyad Gouda <[email protected]> --------- Signed-off-by: Zeyad Gouda <[email protected]>
) * image, seed: check snap-bootstrap compatibility for FDE Snapd 2.68 or later is not compatible in the same seed as snap-boostrap 2.67 or before. We need to make it a bit more obvious to image builders by forbidding that combination. * image,seed: tweak error message, fail on snap-bootstrap issue and allow controlling the behaviour of the erroring out with a cli switch and environmental variable (for easier testing in spread) --------- Co-authored-by: Philip Meulengracht <[email protected]>
…anonical#15116) * boot: drive-by: fix typo in isModeenvLocked * boot: have a separate mutex for the sections writing a fresh modeenv when we write a fresh modeenv and seal we are operating on the modeenv of not the current system, so it was wrong to use the same mutext this now mostly avoid overlapping operations of this kind, which shouldn't happen, but is the most conservative change we need to rethink the modeenv mutexes as naively releasing the state lock while holding them can create deadlocks when we try to reacquire the former
The posix-mq interface was merged a while ago without any dedicated tests. Historically there were a number of issues around mediation of mqueue and having this sort of test provided earlier might have saved us some time later. The test verifies runtime correctness of the read, write, create and delete permissions specific to the posix-mq interface, using the test-snapd-posix-mq snap. The snap has been issued with a snap declaration assertion to use the posix-mq interface slots, which are super-privileged. All slots grant access to the /test POSIX message queue, with the relevant permission, read, write, create or delete. The tests is skipped on Ubuntu Core 18 and earlier, and equivalent, due to a bug (referenced). Technically the interface apparmor elements require apparmor_parser version 4.0.1 or newer present in snapd snap. The interface does not work with host-provided apparmor as snapd explicitly constrains it to ABI 3.0 which does not support mqueue. In addition also remove posix-mq plug of test-snapd-policy-app-consumer as that is required by static checker: Dedicated test 'tests/main/interfaces-posix-mq' found for 'posix-mq'. Please remove 'posix-mq' from 'tests/lib/snaps/test-snapd-policy-app-consumer/meta/snap.yaml'. Signed-off-by: Zygmunt Krynicki <[email protected]>
Signed-off-by: Zeyad Gouda <[email protected]>
* go.mod: bump secboot to rev e07f4ae48e98 Bump secboot to include a fix from canonical/secboot#384 Signed-off-by: Maciej Borzecki <[email protected]> * secboot: update to match canonical/secboot API changes Signed-off-by: Maciej Borzecki <[email protected]> --------- Signed-off-by: Maciej Borzecki <[email protected]>
* confdb: support pruning ephemeral data This introduces a PruneEphemeral function to schemas that takes raw data and removes paths that the schema has marked as ephemeral. Signed-off-by: Miguel Pires <[email protected]> * confdb: fix pruning of alternatives Signed-off-by: Miguel Pires <[email protected]> * confdb: extend doc Signed-off-by: Miguel Pires <[email protected]> --------- Signed-off-by: Miguel Pires <[email protected]>
Allow alternatives to mix ephemeral and non-ephemeral types and process each type in order, taking the first matching alternative's ephemeral tag in consideration when pruning. Signed-off-by: Miguel Pires <[email protected]>
We want to be more precise when controlling the posix-mq interface. Since the apparmor side implements both posix and sysv mediation we want to be extra careful about using the type qualifier correctly in the posix-mqueue interface. At present that is bound to generic mqueue rule. With this type-aware probe we should be able to switch that to POSIX-only. Signed-off-by: Zygmunt Krynicki <[email protected]>
The interface was emitting apparmor mqueue rules that allow both posix and sysv message queues. It was always the documented intent to allow posix message queues only. Change the verified apparmor feature to our self-named mqueue-posix. Signed-off-by: Zygmunt Krynicki <[email protected]>
It was possible to have snapd extend the posixMQDefaultPlugPerms, []string value that was meant to be constant, to contain the "open" permission. A plug connected to a slot without explicit permissions is granted the default permissions but then any set of permissions without the open permission is extended, by appending to the slice, to ensure that open is always allowed. This might allow an attacker to trick snapd into granting the open permission incorrectly. Signed-off-by: Zygmunt Krynicki <[email protected]>
Those attributes mediate ability to access data exposed and manipulated by mq_getsetattr system call - the configuration of the queue as well as the non-blocking flag. Historically those were implicitly granted by the kernel, as a consequence of the file access rules (mqueue is present in both file and policy DFAs) but with the introduction of separate getattr/setattr mediation patches this is no longer the case. Presence of read auto-grants getattr, the same is done for setattr and write. This is to ensure continuity should the kernel change behavior and require providing those permissions explicitly. Note that slots which grant all the permissions possible, are now also permission-extended to include attribute permissions. Signed-off-by: Zygmunt Krynicki <[email protected]>
ernestl
added
Needs Samuele review
ernestl
requested review from
bboozzoo,
zyga,
pedronis,
alfonsosanchezbeato,
miguelpires and
ZeyadYasser
|
Thu Feb 27 01:26:40 UTC 2025 Failures:Preparing:
Executing:
|
olivercalder
approved these changes
Feb 26, 2025
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## release/2.68 #15141 +/- ##
===============================================
Coverage ? 78.06%
===============================================
Files ? 1183
Lines ? 157654
Branches ? 0
===============================================
Hits ? 123076
Misses ? 26930
Partials ? 7648
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
Went through commits, there are many more test fixes that would make like easier, also some content that was missing. Started the process of picking these, will complete tomorrow morning. |
Add -D_GNU_SOURCE so that clangd doesn't complain about O_PATH. Signed-off-by: Maciej Borzecki <[email protected]>
Remove the quota group on restore so that it does not leak into subsequent tests. Signed-off-by: Maciej Borzecki <[email protected]>
We were hitting the 32 characters limit in the version because now the kernel uses very long strings as version, line 5.15.0-130.140.1+1+535.216.03.
* updates needed to be applied on master for sru * remove extra SNAPD_NO_MEMORY_LIMIT * Update exit message for prompting tests * updated the check for ubuntu 22.04 * move exit in apparmor-prompting-integration-tests * extra chacks for apparmor promtping are gonna be done in a following pr * tests: new test apparmor-prompting-support This new test is used to validate the systems support for the apparmor prompting feature. Also as part of this change, some tests are updated to avoid checking many times the same conditions. * adding missing test * add support for other non ubuntu systems * updated the check for ubuntu 22+ * updated the tests based on latest comments * updated interfaces-snap-interfaces-requests-control * removed if to check non-ubuntu * Minor changes in documentation * run interfaces-snap-interfaces-requests-control just in ubuntu-2* * fix support test for 20.04
* tests: switch to github-hosted arm runners * tests: changed arm64 to arm in runner name check
We want to start to build for plucky. Additionally, update changelogs with the new entries for latest upload of the ubuntu-core-initramfs source package to the snappy-dev/image PPA.
…store (canonical#15135) Despite groups not being assigned to any snaps, there are quota groups related files created by system under /sys/fs/cgroup/. Make sure to remove all groups and check that no files are left behind. Signed-off-by: Maciej Borzecki <[email protected]>
ernestl
force-pushed
the
prepare-release-2.68.2
branch
from
d18bb09 to
d15a958
Compare
|
Thu Feb 27 10:08:51 UTC 2025 Failures:Preparing:
Executing:
Restoring:
|
ZeyadYasser
approved these changes
Feb 27, 2025
|
Consider adding this if it gets done in time: #15146 |
ernestl
force-pushed
the
prepare-release-2.68.2
branch
from
d15a958 to
88bf1d1
Compare
|
Thu Feb 27 21:18:19 UTC 2025 Failures:Executing:
Restoring:
|
|
Regarding the google:ubuntu-22.04-64:tests/main/prepare-image-classic spread failure, this is caused by an extra warning for incompatible snapd 2.68+ with and older kernel containing snapd prior to 2.68 which was added in #15106. It is safe to ignore this, since it only fails when counting output lines from Fix PR merged: #15150 |
|
@ernestl cgroup failures are due to gce kernel misalignment, they all pass with normal ubuntu images in qemu. The socket activation failure is due to apparmor release, not affecting snapd, just tests. I've prepared a fix locally. |
zyga
approved these changes
Feb 28, 2025
|
Info from Zyga: Socket activitation issue relates to apparmor update in base distro, not a snapd regression. |
|
@ernestl The |
|
Info from Alfonso: The core20-remodel problem in this case is the seed partition size, that is specified in the gadget, so a test issue. We will test in parallel after increasing the size, to ensure this is the only problem, but not hold back release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated changelogs with:
DEBEMAIL="Ernest Lotter [email protected]" release-tools/changelog.py 2.68.2 2098137 NEWS.md
Cherry-picks:
Functional improvements:
Tests improvements:
SRU Bug: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2098137
Jira: https://warthogs.atlassian.net/browse/SNAPDENG-34578
Requires rebase merge