release: 2.68.2 changelogs #15156
Open
release: 2.68.2 changelogs #15156
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* secboot,overlord/fdestate: seal with boot mode for FDE hooks Set the authorized boot modes for FDE hook keys. For now the run+recover key allows "run" and "recover", while the recover key allows "recover" and "factory-reset". * overlord/fdestate/backend: split profiles for data and save partitions There should be 3 different keys for FDE hooks. The run+recover key should be allowed for boot modes "run" and "recover". While recover key on data disk should be allowed on "recover". And finally recovery on save disk should be allowed in "recover" and "factory-reset". Here we split the profiles for "recover" for disks "data" and "save", so that we can set different authorized boot modes. * fixup! overlord/fdestate/backend: split profiles for data and save partitions
…15068) * Add more kernel fusion driver files * Fix permissions for kfd uevent read-only file
* secboot: add argon2 out-of-process command helpers Signed-off-by: Zeyad Gouda <[email protected]> * cmd/{snapd,snap-bootstrap}: add argon2 out-of-process special mode sub-commands Signed-off-by: Zeyad Gouda <[email protected]> * Revert "secboot: default to pbkdf2 instead of argon2id (canonical#15058)" This reverts commit ec60555. * fixup! secboot: use --argon2-proc arg instead of run-argon2 sub-command Signed-off-by: Zeyad Gouda <[email protected]> * fixup! secboot: handle error directly in MaybeRunArgon2OutOfProcessRequestHandler Signed-off-by: Zeyad Gouda <[email protected]> * fixup! secboot: disable argon2 out-of-process tests when built with nosecboot Signed-off-by: Zeyad Gouda <[email protected]> * fixup! secboot: set argon2 kdf from MaybeRunArgon2OutOfProcessRequestHandler Signed-off-by: Zeyad Gouda <[email protected]> * fixup! secboot: allow passing matching args for argon2 special mode Signed-off-by: Zeyad Gouda <[email protected]> * fixup! secboot: address review comments Signed-off-by: Zeyad Gouda <[email protected]> --------- Signed-off-by: Zeyad Gouda <[email protected]>
) * image, seed: check snap-bootstrap compatibility for FDE Snapd 2.68 or later is not compatible in the same seed as snap-boostrap 2.67 or before. We need to make it a bit more obvious to image builders by forbidding that combination. * image,seed: tweak error message, fail on snap-bootstrap issue and allow controlling the behaviour of the erroring out with a cli switch and environmental variable (for easier testing in spread) --------- Co-authored-by: Philip Meulengracht <[email protected]>
…anonical#15116) * boot: drive-by: fix typo in isModeenvLocked * boot: have a separate mutex for the sections writing a fresh modeenv when we write a fresh modeenv and seal we are operating on the modeenv of not the current system, so it was wrong to use the same mutext this now mostly avoid overlapping operations of this kind, which shouldn't happen, but is the most conservative change we need to rethink the modeenv mutexes as naively releasing the state lock while holding them can create deadlocks when we try to reacquire the former
The posix-mq interface was merged a while ago without any dedicated tests. Historically there were a number of issues around mediation of mqueue and having this sort of test provided earlier might have saved us some time later. The test verifies runtime correctness of the read, write, create and delete permissions specific to the posix-mq interface, using the test-snapd-posix-mq snap. The snap has been issued with a snap declaration assertion to use the posix-mq interface slots, which are super-privileged. All slots grant access to the /test POSIX message queue, with the relevant permission, read, write, create or delete. The tests is skipped on Ubuntu Core 18 and earlier, and equivalent, due to a bug (referenced). Technically the interface apparmor elements require apparmor_parser version 4.0.1 or newer present in snapd snap. The interface does not work with host-provided apparmor as snapd explicitly constrains it to ABI 3.0 which does not support mqueue. In addition also remove posix-mq plug of test-snapd-policy-app-consumer as that is required by static checker: Dedicated test 'tests/main/interfaces-posix-mq' found for 'posix-mq'. Please remove 'posix-mq' from 'tests/lib/snaps/test-snapd-policy-app-consumer/meta/snap.yaml'. Signed-off-by: Zygmunt Krynicki <[email protected]>
Signed-off-by: Zeyad Gouda <[email protected]>
* go.mod: bump secboot to rev e07f4ae48e98 Bump secboot to include a fix from canonical/secboot#384 Signed-off-by: Maciej Borzecki <[email protected]> * secboot: update to match canonical/secboot API changes Signed-off-by: Maciej Borzecki <[email protected]> --------- Signed-off-by: Maciej Borzecki <[email protected]>
* confdb: support pruning ephemeral data This introduces a PruneEphemeral function to schemas that takes raw data and removes paths that the schema has marked as ephemeral. Signed-off-by: Miguel Pires <[email protected]> * confdb: fix pruning of alternatives Signed-off-by: Miguel Pires <[email protected]> * confdb: extend doc Signed-off-by: Miguel Pires <[email protected]> --------- Signed-off-by: Miguel Pires <[email protected]>
Allow alternatives to mix ephemeral and non-ephemeral types and process each type in order, taking the first matching alternative's ephemeral tag in consideration when pruning. Signed-off-by: Miguel Pires <[email protected]>
We want to be more precise when controlling the posix-mq interface. Since the apparmor side implements both posix and sysv mediation we want to be extra careful about using the type qualifier correctly in the posix-mqueue interface. At present that is bound to generic mqueue rule. With this type-aware probe we should be able to switch that to POSIX-only. Signed-off-by: Zygmunt Krynicki <[email protected]>
The interface was emitting apparmor mqueue rules that allow both posix and sysv message queues. It was always the documented intent to allow posix message queues only. Change the verified apparmor feature to our self-named mqueue-posix. Signed-off-by: Zygmunt Krynicki <[email protected]>
It was possible to have snapd extend the posixMQDefaultPlugPerms, []string value that was meant to be constant, to contain the "open" permission. A plug connected to a slot without explicit permissions is granted the default permissions but then any set of permissions without the open permission is extended, by appending to the slice, to ensure that open is always allowed. This might allow an attacker to trick snapd into granting the open permission incorrectly. Signed-off-by: Zygmunt Krynicki <[email protected]>
Those attributes mediate ability to access data exposed and manipulated by mq_getsetattr system call - the configuration of the queue as well as the non-blocking flag. Historically those were implicitly granted by the kernel, as a consequence of the file access rules (mqueue is present in both file and policy DFAs) but with the introduction of separate getattr/setattr mediation patches this is no longer the case. Presence of read auto-grants getattr, the same is done for setattr and write. This is to ensure continuity should the kernel change behavior and require providing those permissions explicitly. Note that slots which grant all the permissions possible, are now also permission-extended to include attribute permissions. Signed-off-by: Zygmunt Krynicki <[email protected]>
canonical#14952) * tests/lib/snaps/store/test-snapd-efitools: test snap for manipulating efi variables Signed-off-by: Maciej Borzecki <[email protected]> * tests/nested/manual/core20-fde-dbx: perform actual DBX update Update the test to be more realistic and perform an actual update of DBX EFI variable. Signed-off-by: Maciej Borzecki <[email protected]> * tests/nested/manual/core20-fde-dbx: workaround inconsistent dbx content on UC20/UC22+ There is a discrepancy in the content of dbx between UC20 and later releases, that shows up only after booting the system. It is suspected that some component of boot chain injects additional keys. Signed-off-by: Maciej Borzecki <[email protected]> * tests/nested/manual/core20-fde-dbx: add scenario with a full update cycle followed by reboot Signed-off-by: Maciej Borzecki <[email protected]> --------- Signed-off-by: Maciej Borzecki <[email protected]>
… v2 (canonical#15081) * Update cla-check.yaml * Update cla-check.yaml
canonical#15082) The wait timeout is used to configure the time that spread waits until the instances is allocated with ACTIVE state (and ready to be used). This is needed to deal with timeouts trying to allocate instances.
As libfwupd2 is not available any more for tumbleweed, we need to install libfwupd3 instead. This missing lib is breaking tests in tumbleweed currently
…ogle-nested Use anchor to pull in system definitions from google-nested to google-nested-dev. Signed-off-by: Maciej Borzecki <[email protected]>
Include the output of df so that we know how much space is left on disk. Signed-off-by: Maciej Borzecki <[email protected]>
Check how much data is in /var/tmp/work-dir, which is the default path for NESTED_WORK_DIR. Signed-off-by: Maciej Borzecki <[email protected]>
Signed-off-by: Maciej Borzecki <[email protected]>
Split unit-tests to Go and C specific workflows. Signed-off-by: Maciej Borzecki <[email protected]>
…al#15062) This change is needed because it is including in the output a huge list of tests when doing spread_list="$($SPREAD -list $RUN_TESTS 2>&1 || true)"
Spread test for a hybrid system and a DBX update Signed-off-by: Maciej Borzecki <[email protected]>
Signed-off-by: Maciej Borzecki <[email protected]>
* updates needed to be applied on master for sru * remove extra SNAPD_NO_MEMORY_LIMIT * Update exit message for prompting tests * updated the check for ubuntu 22.04 * move exit in apparmor-prompting-integration-tests * extra chacks for apparmor promtping are gonna be done in a following pr
Previously we looked at the model and mounted base/rootfs directly if it was Ubuntu 24+. Now, we check instead an environment variable that is set if the initramfs is 24+. This is done so now the kernels that contain the 24+ initramfs can be booted in older Ubuntu releases with older bases. This situation is not something we really support, as the systemd of the initramfs will not match the one in the system, but it is something that could happen while remodeling and it seems safer to allow this at least temporarily.
…nit-active.conf Signed-off-by: Oliver Calder <[email protected]>
Add -D_GNU_SOURCE so that clangd doesn't complain about O_PATH. Signed-off-by: Maciej Borzecki <[email protected]>
Remove the quota group on restore so that it does not leak into subsequent tests. Signed-off-by: Maciej Borzecki <[email protected]>
We were hitting the 32 characters limit in the version because now the kernel uses very long strings as version, line 5.15.0-130.140.1+1+535.216.03.
* updates needed to be applied on master for sru * remove extra SNAPD_NO_MEMORY_LIMIT * Update exit message for prompting tests * updated the check for ubuntu 22.04 * move exit in apparmor-prompting-integration-tests * extra chacks for apparmor promtping are gonna be done in a following pr * tests: new test apparmor-prompting-support This new test is used to validate the systems support for the apparmor prompting feature. Also as part of this change, some tests are updated to avoid checking many times the same conditions. * adding missing test * add support for other non ubuntu systems * updated the check for ubuntu 22+ * updated the tests based on latest comments * updated interfaces-snap-interfaces-requests-control * removed if to check non-ubuntu * Minor changes in documentation * run interfaces-snap-interfaces-requests-control just in ubuntu-2* * fix support test for 20.04
* tests: switch to github-hosted arm runners * tests: changed arm64 to arm in runner name check
We want to start to build for plucky. Additionally, update changelogs with the new entries for latest upload of the ubuntu-core-initramfs source package to the snappy-dev/image PPA.
…store (canonical#15135) Despite groups not being assigned to any snaps, there are quota groups related files created by system under /sys/fs/cgroup/. Make sure to remove all groups and check that no files are left behind. Signed-off-by: Maciej Borzecki <[email protected]>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #15156 +/- ##
==========================================
- Coverage 78.11% 78.06% -0.06%
==========================================
Files 1176 1183 +7
Lines 158146 158250 +104
==========================================
+ Hits 123540 123541 +1
- Misses 26931 27029 +98
- Partials 7675 7680 +5
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
Sat Mar 1 04:23:16 UTC 2025 Spread tests skipped |
ernestl
force-pushed
the
changelogs-2.68.2
branch
from
c965a8e to
3141522
Compare
ernestl
added
Simple 😃
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merged master back into changelogs-2.68.2 branch which is based off tip of release/2.68
This is required to introduce the commit history that includes the release tagged commit so that it is searchable on the master branch.
Merge changelogs back into master, please use a regular “merge” to merge it to retain commit history