Merge branch 'master' into bugfix/snapd-debug

.travis.yml

@@ -16,7 +16,7 @@ env:
 
 install:
   - sudo apt-get update -qq
-  - sudo apt-get install -qq squashfs-tools
+  - sudo apt-get install -qq squashfs-tools xdelta3
   - sudo apt-get install -qq gnupg1 || sudo apt-get install -qq gnupg
 
 script: ./run-checks --$RUN

HACKING.md

@@ -158,21 +158,7 @@ To test the `snapd` REST API daemon on a snappy system you need to
 transfer it to the snappy system and then run:
 
     sudo systemctl stop snapd.service snapd.socket
-    sudo /lib/systemd/systemd-activate -E SNAPD_DEBUG=1 -E SNAPD_DEBUG_HTTP=3 -l /run/snapd.socket -l /run/snapd-snap.socket ./snapd
-
-or with systemd version >= 230
-
-    sudo systemctl stop snapd.service snapd.socket
-    sudo systemd-socket-activate -E SNAPD_DEBUG=1 -E SNAPD_DEBUG_HTTP=3 -l /run/snapd.socket -l /run/snapd-snap.socket ./snapd
-
-This will stop the installed snapd and activate the new one. Once it's
-printed out something like `Listening on /run/snapd.socket as 3.` you
-should then
-
-    sudo chmod 0666 /run/snapd*.socket
-
-so the socket has the right permissions (otherwise you need `sudo` to
-connect).
+    sudo SNAPD_DEBUG=1 SNAPD_DEBUG_HTTP=3 ./snapd
 
 To debug interaction with the snap store, you can set `SNAP_DEBUG_HTTP`.
 It is a bitfield: dump requests: 1, dump responses: 2, dump bodies: 4.

cmd/autogen.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+# Welcome to the Happy Maintainer's Utility Script
+set -eux
+
+# We need the VERSION file to configure
+if [ ! -e VERSION ]; then
+	( cd .. && ./mkversion.sh )
+fi
+
+# Sanity check, are we in the right directory?
+test -f configure.ac
+
+# Regenerate the build system
+rm -f config.status
+autoreconf -i -f
+
+# Configure the build
+extra_opts=
+. /etc/os-release
+case "$ID" in
+	arch)
+		extra_opts="--libexecdir=/usr/lib/snapd --enable-nvidia-arch"
+		;;
+	debian)
+		extra_opts="--libexecdir=/usr/lib/snapd"
+		;;
+	ubuntu)
+		extra_opts="--libexecdir=/usr/lib/snapd --enable-nvidia-ubuntu"
+		;;
+esac
+
+./configure --enable-maintainer-mode --prefix=/usr $extra_opts

cmd/cmd.go

@@ -56,6 +56,12 @@ func ExecInCoreSnap() {
 
 	// should we re-exec? no option in the environment means yes
 	if !osutil.GetenvBool(key, true) {
+		logger.Debugf("re-exec disabled by user")
+		return
+	}
+
+	// did we already re-exec?
+	if osutil.GetenvBool("SNAP_DID_REEXEC") {
 		return
 	}
 
@@ -104,6 +110,6 @@ func ExecInCoreSnap() {
 
 	logger.Debugf("restarting into %q", full)
 
-	env := append(os.Environ(), key+"=0")
+	env := append(os.Environ(), "SNAP_DID_REEXEC=1")
 	panic(syscall.Exec(full, os.Args, env))
 }

cmd/configure.ac

@@ -162,7 +162,7 @@ AS_IF([test "x$enable_caps_over_setuid" = "xyes"], [
     AC_DEFINE([CAPS_OVER_SETUID], [1],
         [Use capabilities rather than setuid bit])])
 
-AC_PATH_PROG([HAVE_RST2MAN],[rst2man])
+AC_PATH_PROGS([HAVE_RST2MAN],[rst2man rst2man.py])
 AS_IF([test "x$HAVE_RST2MAN" = "x"], [AC_MSG_ERROR(["cannot find the rst2man tool, install python-docutils or similar"])])
 
 AC_CONFIG_FILES([Makefile snap-confine/Makefile snap-confine/tests/Makefile snap-confine/manpages/Makefile])

cmd/snap-confine/manpages/Makefile.am

@@ -4,7 +4,7 @@ CLEANFILES = snap-confine.5 snap-discard-ns.5 ubuntu-core-launcher.1
 EXTRA_DIST = snap-confine.rst snap-discard-ns.rst ubuntu-core-launcher.rst
 
 %.5: %.rst
-	rst2man $^ > $@
+	$(HAVE_RST2MAN) $^ > $@
 
 ubuntu-core-launcher.1: ubuntu-core-launcher.rst
-	rst2man $^ > $@
+	$(HAVE_RST2MAN) $^ > $@

debian/changelog

@@ -1,3 +1,106 @@
+snapd (2.21) xenial; urgency=medium
+
+  * New upstream release, LP: #1656382
+    - daemon: re-enable reexec
+    - interfaces: allow reading installed files from previous revisions
+      by default
+    - daemon: make activation optional
+    - tests: run all snap-confine tests in c-unit-tests task
+    - many: fix abbreviated forms of disconnect
+    - tests: switch more tests to MATCH
+    - store: export userAgent. daemon: print store.UserAgent() on
+      startup.
+    - tests: test classic confinement `snap list` and  `snap info`
+      output
+    - debian: skip snap-confine unit tests on nocheck
+    - overlord/snapstate: share code between Update and UpdateMany, so
+      that it deals with auto-aliases correctly
+    - interfaces: upower-observe: refactor to allow snaps to provide a
+      slot
+    - tests: add end-to-end store test for classic confinement
+    - overlord,overlord/snapstate: have UpdateMany retire/enable auto-
+      aliases even without new revision
+    - interfaces/browser-support: add @{PROC}/@{pid}/fd/[0-9] w and misc
+      /run/udev
+    - interfaces/builtin: add physical-memory-* and io-ports-control
+    - interfaces: allow getsockopt by default since it is so commonly
+      used
+    - cmd/snap, daemon, overlord/snapstate: tests and fixes for "snap
+      refresh" of a classic snap
+    - interfaces: allow read/write access of real-time clock with time-
+      control interface
+    - store: request no CDN via a header using SNAPPY_STORE_NO_CDN
+      envvar
+    - snap: add information about tracking channel (not just actual
+      channel)
+    - interfaces: use fewer dot imports
+    - overlord/snapstate: remove restrictions on ResetAliases
+    - overlord, store: move confinement filtering to the overlord (from
+      The Store)
+    - many: move interface test helpers to ifacetest package
+    - many: implement 'snap aliases'
+    - vet: fix for unkeyed fields error on aliases_test.go
+    - interfaces: miscellaneous policy updates for network-control,
+      unity7, pulseaudio, default and home
+    - tests: test for auto-aliases
+    - interface hooks: connect plug slot hooks (step 2)
+    - cmd/snap: fix internal naming in snap connect
+    - snap: use "size" as the json tag in snap.ChannelSnapInfo
+    - tests: restore the missing initialization of iface manager causing
+      race
+    - snap: fix missing sizes in `snap info <remote-snap>`
+    - tests: improve cleanup for c-unit-tests
+    - cmd/snap-confine: build non-installed libsnap-confine-private.a
+    - cmd/snap-confine: small tweaks to seccomp support code
+    - interfaces/docker-support: allow /run/shm/aufs.xeno for 14.04
+    - many: obtain installed snaps developer/publisher username through
+      assertions
+    - store: setting of fields for details endpoint
+    - cmd/snap-confine: check for rst2man on configure
+    - snap: show `snap --help` output when just running `snap`
+    - interface/builtin: drop the obsolete checks in udisks2
+      SanitizeSlot
+    - cmd/snap: remove currency switch following UX review
+    - spread: find top-level directory before running generate-
+      packaging-dir
+    - interface hooks: prepare plug slot hooks (step 1)
+    - i18n: use github.com/mvo5/gettext.go (pure go) for i18n to avoid
+      cgo
+    - many: put a marker in the User-Agent sent by snapd/snap when under
+      testingThe User-Agent will look like:
+    - tests: fix -reuse and -resend when govendor is missing
+    - snap: provide friendlier `snap find` message when no snaps are
+      found
+    - tests: fix mkversions.sh failure on zesty
+    - spread: install build-essential unconditionally
+    - spread: improve qemu ubuntu-14.04-{32,64} support
+    - overlord/snapstate,daemon: implement GET /v2/aliases handling
+    - store: retry user info request
+    - tests: port more snap-confine regression tests
+    - tests: cancel the scheduled reboot on ubuntu-core-upgrade-no-gc
+      and restore state
+    - tests: debug zesty autopkgtest failures
+    - overlord/snapstate: use keyed fields on literals
+    - tests: use MATCH in install-remove-multi
+    - tests: increase wait time for service to be up
+    - tests: make debug-each succeed if DENIED doesn't match
+    - tests: skip packaging dir generation for non-git based autopkgtest
+      runs
+    - tests: port refresh-all-undo to MATCH
+    - tests: improve snap connect test
+    - tests: port additional snap-confine regression tests
+    - tests: show --version when it matches unknown
+    - tests: optionally use apt proxy for qemu
+    - tests: add hello-classic test
+    - many: behave more consistently when pointed to staging and
+      possibly the fake store
+    - overlord/ifacestate: remove stale comments
+    - interfaces/apparmor: ignore snippets in classic confinement
+    - tests: port first regression test from snap-confine
+    - cmd/snap-confine: disable old tests
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 13 Jan 2017 19:39:51 +0100
+
 snapd (2.20.1) xenial; urgency=medium
 
   * New upstream release, LP: #1648520

debian/control

@@ -13,6 +13,7 @@ Build-Depends: autoconf,
                dh-systemd,
                fakeroot,
                gettext,
+               grub-common,
                gnupg2,
                golang-any (>=2:1.6) | golang-1.6,
                indent,

interfaces/apparmor/backend.go

@@ -55,8 +55,8 @@ import (
 type Backend struct{}
 
 // Name returns the name of the backend.
-func (b *Backend) Name() string {
-	return "apparmor"
+func (b *Backend) Name() interfaces.SecuritySystem {
+	return interfaces.SecurityAppArmor
 }
 
 // Setup creates and loads apparmor profiles specific to a given snap.
@@ -205,3 +205,7 @@ func unloadProfiles(profiles []string) error {
 	}
 	return nil
 }
+
+func (b *Backend) NewSpecification() interfaces.Specification {
+	panic(fmt.Errorf("%s is not using specifications yet", b.Name()))
+}

interfaces/apparmor/backend_test.go

@@ -105,7 +105,7 @@ func (s *backendSuite) TearDownTest(c *C) {
 // Tests for Setup() and Remove()
 
 func (s *backendSuite) TestName(c *C) {
-	c.Check(s.Backend.Name(), Equals, "apparmor")
+	c.Check(s.Backend.Name(), Equals, interfaces.SecurityAppArmor)
 }
 
 func (s *backendSuite) TestInstallingSnapWritesAndLoadsProfiles(c *C) {

interfaces/backend.go

@@ -69,7 +69,7 @@ type ConfinementOptions struct {
 type SecurityBackend interface {
 	// Name returns the name of the backend.
 	// This is intended for diagnostic messages.
-	Name() string
+	Name() SecuritySystem
 
 	// Setup creates and loads security artefacts specific to a given snap.
 	// The snap can be in one of three kids onf confinement (strict mode,
@@ -84,4 +84,7 @@ type SecurityBackend interface {
 	//
 	// This method should be called during the process of removing a snap.
 	Remove(snapName string) error
+
+	// NewSpecification returns a new specification associated with this backend.
+	NewSpecification() Specification
 }

interfaces/core.go

@@ -157,6 +157,18 @@ type Interface interface {
 	AutoConnect(plug *Plug, slot *Slot) bool
 }
 
+// Specification describes interactions between backends and interfaces.
+type Specification interface {
+	// AddPermanentSlot records side-effects of having a slot.
+	AddPermanentSlot(iface Interface, slot *Slot) error
+	// AddPermanentPlug records side-effects of having a plug.
+	AddPermanentPlug(iface Interface, plug *Plug) error
+	// AddConnectedSlot records side-effects of having a connected slot.
+	AddConnectedSlot(iface Interface, plug *Plug, slot *Slot) error
+	// AddConnectedPlug records side-effects of having a connected plug.
+	AddConnectedPlug(iface Interface, plug *Plug, slot *Slot) error
+}
+
 // SecuritySystem is a name of a security system.
 type SecuritySystem string
 

interfaces/dbus/backend.go

@@ -42,7 +42,7 @@ import (
 type Backend struct{}
 
 // Name returns the name of the backend.
-func (b *Backend) Name() string {
+func (b *Backend) Name() interfaces.SecuritySystem {
 	return "dbus"
 }
 
@@ -131,3 +131,7 @@ func addContent(securityTag string, executableSnippets [][]byte, content map[str
 		Mode:    0644,
 	}
 }
+
+func (b *Backend) NewSpecification() interfaces.Specification {
+	panic(fmt.Errorf("%s is not using specifications yet", b.Name()))
+}

interfaces/dbus/backend_test.go

@@ -61,7 +61,7 @@ func (s *backendSuite) TearDownTest(c *C) {
 
 // Tests for Setup() and Remove()
 func (s *backendSuite) TestName(c *C) {
-	c.Check(s.Backend.Name(), Equals, "dbus")
+	c.Check(s.Backend.Name(), Equals, interfaces.SecurityDBus)
 }
 
 func (s *backendSuite) TestInstallingSnapWritesConfigFiles(c *C) {

interfaces/ifacetest/testbackend.go → interfaces/ifacetest/backend.go

@@ -45,7 +45,7 @@ type TestSetupCall struct {
 }
 
 // Name returns the name of the security backend.
-func (b *TestSecurityBackend) Name() string {
+func (b *TestSecurityBackend) Name() interfaces.SecuritySystem {
 	return "test"
 }
 
@@ -66,3 +66,7 @@ func (b *TestSecurityBackend) Remove(snapName string) error {
 	}
 	return b.RemoveCallback(snapName)
 }
+
+func (b *TestSecurityBackend) NewSpecification() interfaces.Specification {
+	return &Specification{}
+}