[ubuntu/jammy-proposed] snapd 2.72+ubuntu22.04 (Accepted)
Ernest Lotter
ernest.lotter at canonical.com
Fri Oct 17 13:50:48 UTC 2025
snapd (2.72+ubuntu22.04) jammy; urgency=medium
* New upstream release, LP: #2124239
- FDE: support replacing TPM protected keys at runtime via the
/v2/system-volumes endpoint
- FDE: support secboot preinstall check fix actions for 25.10+
hybrid installs via the /v2/system/{label} endpoint
- FDE: tweak polkit message to remove jargon
- FDE: ensure proper sealing with kernel command line defaults
- FDE: provide generic reseal function
- FDE: support using OPTEE for protecting keys, as an alternative to
existing fde-setup hooks (Ubuntu Core only)
- Confdb: 'snapctl get --view' supports passing default values
- Confdb: content sub-rules in confdb-schemas inherit their parent
rule's "access"
- Confdb: make confdb error kinds used in API more generic
- Confdb: fully support lists and indexed paths (including unset)
- Prompting: add notice backend for prompting types (unused for now)
- Prompting: include request cgroup in prompt
- Prompting: handle unsupported xattrs
- Prompting: add permission mapping for the camera interface
- Notices: read notices from state without state lock
- Notices: add methods to get notice fields and create, reoccur, and
deepcopy notice
- Notices: add notice manager to coordinate separate notice backends
- Notices: support draining notices from state when notice backend
registered as producer of a particular notice type
- Notices: query notice manager from daemon instead of querying
state for notices directly
- Packaging: Ubuntu | ignore .git directory
- Packaging: FIPS | bump deb Go FIPS to 1.23
- Packaging: snap | bump FIPS toolchain to 1.23
- Packaging: debian | sync most upstream changes
- Packaging: debian-sid | depends on libcap2-bin for postint
- Packaging: Fedora | drop fakeroot
- Packaging: snap | modify snapd.mk to pass build tags when running
unit tests
- Packaging: snap | modify snapd.mk to pass nooptee build tag
- Packaging: modify Makefile.am to fix snap-confine install profile
with 'make hack'
- Packaging: modify Makefile.am to fix out-of-tree use of 'make
hack'
- LP: #2122054 Snap installation: skip snap icon download when
running in a cloud or using a proxy store
- Snap installation: add timeout to http client when downloading
snap icon
- Snap installation: use http(s) proxy for icon downloads
- LP: #2117558 snap-confine: fix error message with /root/snap not
accessible
- snap-confine: fix non-suid limitation by switching to root:root to
operate v1 freezer
- core-initrd: do not use writable-paths when not available
- core-initrd: remove debian folder
- LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev
interface now with the more robust gpio-aggregator configfs kernel
interface
- Interfaces: gpio-chardev | exclusive snap connections, raise a
conflict when both gpio-chardev and gpio are connected
- Interfaces: gpio-chardev | fix gpio-aggregator module load order
- Interfaces: ros-snapd-support | grant access to /v2/changes
- Interfaces: uda-driver-libs, egl-driver-libs, gbm-driver-libs,
opengl-driver-libs, opengles-driver-libs | new interfaces to
support nvidia driver components
- Interfaces: microstack-support | allow DPDK (hugepage related
permissions)
- Interfaces: system-observe | allow reading additional files in
/proc, needed by node-exporter
- Interfaces: u2f | add Cano Key, Thesis FIDO2 BioFP+ Security Key
and Kensington VeriMark DT Fingerprint Key to device list
- Interfaces: snap-interfaces-requests-control | allow shell API
control
- Interfaces: fwupd | allow access to Intel CVS sysfs
- Interfaces: hardware-observe | allow read access to Kernel
Samepage Merging (KSM)
- Interfaces: xilinx-dma | support Multi Queue DMA (QDMA) IP
- Interfaces: spi | relax sysfs permission rules to allow access to
SPI device node attributes
- Interfaces: content | introduce compatibility label
- LP: #2121238 Interfaces: do not expose Kerberos tickets for
classic snaps
- Interfaces: ssh-public-keys | allow ro access to public host keys
with ssh-key
- Interfaces: Modify AppArmor template to allow listing systemd
credentials and invoking systemd-creds
- Interfaces: modify AppArmor template with workarounds for Go 1.35
cgroup aware GOMAXPROCS
- Interfaces: modify seccomp template to allow landlock_*
- Prevent snap hooks from running while relevant snaps are unlinked
- Make refreshes wait before unlinking snaps if running hooks can be
affected
- Fix systemd unit generation by moving "WantedBy=" from section
"unit" to "install"
- Add opt-in logging support for snap-update-ns
- Unhide 'snap help' sign and export-key under Development category
- LP: #2117121 Cleanly support socket activation for classic snap
- Add architecture to 'snap version' output
- Add 'snap debug api' option to disable authentication through
auth.json
- Show grade in notes for 'snap info --verbose'
- Fix preseeding failure due to scan-disk issue on RPi
- Support 'snap debug api' queries to user session agents
- LP: #2112626 Improve progress reporting for snap install/refresh
- Drop legacy BAMF_DESKTOP_FILE_HINT in desktop files
- Fix /v2/apps error for root user when user services are present
- LP: #2114704 Extend output to indicate when snap data snapshot was
created during remove
- Improve how we handle emmc volumes
- Improve handling of system-user extra assertions
Date: Thu, 18 Sep 2025 10:00:54 +0200
Changed-By: Ernest Lotter <ernest.lotter at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Andreas Hasenack <andreas.hasenack at canonical.com>
https://launchpad.net/ubuntu/+source/snapd/2.72+ubuntu22.04
-------------- next part --------------
Format: 1.8
Date: Thu, 18 Sep 2025 10:00:54 +0200
Source: snapd
Built-For-Profiles: noudeb
Architecture: source
Version: 2.72+ubuntu22.04
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Ernest Lotter <ernest.lotter at canonical.com>
Launchpad-Bugs-Fixed: 1916244 2112626 2114704 2117121 2117558 2121238 2122054 2124239
Changes:
snapd (2.72+ubuntu22.04) jammy; urgency=medium
.
* New upstream release, LP: #2124239
- FDE: support replacing TPM protected keys at runtime via the
/v2/system-volumes endpoint
- FDE: support secboot preinstall check fix actions for 25.10+
hybrid installs via the /v2/system/{label} endpoint
- FDE: tweak polkit message to remove jargon
- FDE: ensure proper sealing with kernel command line defaults
- FDE: provide generic reseal function
- FDE: support using OPTEE for protecting keys, as an alternative to
existing fde-setup hooks (Ubuntu Core only)
- Confdb: 'snapctl get --view' supports passing default values
- Confdb: content sub-rules in confdb-schemas inherit their parent
rule's "access"
- Confdb: make confdb error kinds used in API more generic
- Confdb: fully support lists and indexed paths (including unset)
- Prompting: add notice backend for prompting types (unused for now)
- Prompting: include request cgroup in prompt
- Prompting: handle unsupported xattrs
- Prompting: add permission mapping for the camera interface
- Notices: read notices from state without state lock
- Notices: add methods to get notice fields and create, reoccur, and
deepcopy notice
- Notices: add notice manager to coordinate separate notice backends
- Notices: support draining notices from state when notice backend
registered as producer of a particular notice type
- Notices: query notice manager from daemon instead of querying
state for notices directly
- Packaging: Ubuntu | ignore .git directory
- Packaging: FIPS | bump deb Go FIPS to 1.23
- Packaging: snap | bump FIPS toolchain to 1.23
- Packaging: debian | sync most upstream changes
- Packaging: debian-sid | depends on libcap2-bin for postint
- Packaging: Fedora | drop fakeroot
- Packaging: snap | modify snapd.mk to pass build tags when running
unit tests
- Packaging: snap | modify snapd.mk to pass nooptee build tag
- Packaging: modify Makefile.am to fix snap-confine install profile
with 'make hack'
- Packaging: modify Makefile.am to fix out-of-tree use of 'make
hack'
- LP: #2122054 Snap installation: skip snap icon download when
running in a cloud or using a proxy store
- Snap installation: add timeout to http client when downloading
snap icon
- Snap installation: use http(s) proxy for icon downloads
- LP: #2117558 snap-confine: fix error message with /root/snap not
accessible
- snap-confine: fix non-suid limitation by switching to root:root to
operate v1 freezer
- core-initrd: do not use writable-paths when not available
- core-initrd: remove debian folder
- LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev
interface now with the more robust gpio-aggregator configfs kernel
interface
- Interfaces: gpio-chardev | exclusive snap connections, raise a
conflict when both gpio-chardev and gpio are connected
- Interfaces: gpio-chardev | fix gpio-aggregator module load order
- Interfaces: ros-snapd-support | grant access to /v2/changes
- Interfaces: uda-driver-libs, egl-driver-libs, gbm-driver-libs,
opengl-driver-libs, opengles-driver-libs | new interfaces to
support nvidia driver components
- Interfaces: microstack-support | allow DPDK (hugepage related
permissions)
- Interfaces: system-observe | allow reading additional files in
/proc, needed by node-exporter
- Interfaces: u2f | add Cano Key, Thesis FIDO2 BioFP+ Security Key
and Kensington VeriMark DT Fingerprint Key to device list
- Interfaces: snap-interfaces-requests-control | allow shell API
control
- Interfaces: fwupd | allow access to Intel CVS sysfs
- Interfaces: hardware-observe | allow read access to Kernel
Samepage Merging (KSM)
- Interfaces: xilinx-dma | support Multi Queue DMA (QDMA) IP
- Interfaces: spi | relax sysfs permission rules to allow access to
SPI device node attributes
- Interfaces: content | introduce compatibility label
- LP: #2121238 Interfaces: do not expose Kerberos tickets for
classic snaps
- Interfaces: ssh-public-keys | allow ro access to public host keys
with ssh-key
- Interfaces: Modify AppArmor template to allow listing systemd
credentials and invoking systemd-creds
- Interfaces: modify AppArmor template with workarounds for Go 1.35
cgroup aware GOMAXPROCS
- Interfaces: modify seccomp template to allow landlock_*
- Prevent snap hooks from running while relevant snaps are unlinked
- Make refreshes wait before unlinking snaps if running hooks can be
affected
- Fix systemd unit generation by moving "WantedBy=" from section
"unit" to "install"
- Add opt-in logging support for snap-update-ns
- Unhide 'snap help' sign and export-key under Development category
- LP: #2117121 Cleanly support socket activation for classic snap
- Add architecture to 'snap version' output
- Add 'snap debug api' option to disable authentication through
auth.json
- Show grade in notes for 'snap info --verbose'
- Fix preseeding failure due to scan-disk issue on RPi
- Support 'snap debug api' queries to user session agents
- LP: #2112626 Improve progress reporting for snap install/refresh
- Drop legacy BAMF_DESKTOP_FILE_HINT in desktop files
- Fix /v2/apps error for root user when user services are present
- LP: #2114704 Extend output to indicate when snap data snapshot was
created during remove
- Improve how we handle emmc volumes
- Improve handling of system-user extra assertions
Checksums-Sha1:
d740f93d996d2ccdfb0472ef4ce02294eee0f733 3137 snapd_2.72+ubuntu22.04.dsc
71e846a0121440a2df19d24a2667e74df35d665c 10378660 snapd_2.72+ubuntu22.04.tar.xz
1e6c902d1f38de8722263abd04da063c134bae21 9539 snapd_2.72+ubuntu22.04_source.buildinfo
Checksums-Sha256:
20fab2539a1a7b73224652c688361b52bc6e541e453e9b80a34c13bebab0ba58 3137 snapd_2.72+ubuntu22.04.dsc
16d297625f14644d9e27c6f5f84d1237c16c9fe31dc21fe9f913b487559dd812 10378660 snapd_2.72+ubuntu22.04.tar.xz
aeb7dec903e16817ee85a2c1f2024d9ef13f77cb822bdc8106ea8cfcc7f946f9 9539 snapd_2.72+ubuntu22.04_source.buildinfo
Files:
8b87e8a4642edfb04a9c5d691a5ff6cd 3137 devel optional snapd_2.72+ubuntu22.04.dsc
3ff657c8cd462d349762705cbda45706 10378660 devel optional snapd_2.72+ubuntu22.04.tar.xz
76f2f446c0f55fb061f69ab5112c4635 9539 devel optional snapd_2.72+ubuntu22.04_source.buildinfo
More information about the jammy-changes
mailing list