snapd: update to 2.63

.gitignore

@@ -1,106 +1,2 @@
-/snapcore-selinux-6331fd4.tar.gz
-/snapd-2.16.tar.gz
-/snapcore-selinux-e5c1177.tar.gz
-/snapcore-selinux-4566045.tar.gz
-/snapd-2.23.6.tar.gz
-/snapd-2.24.tar.gz
-/snapd-2.25.tar.gz
-/snapd-2.26.3.tar.gz
-/snapd-2.27.tar.gz
-/snapd-2.27.1.tar.gz
-/snapd-2.27.2.tar.gz
-/snapd-2.27.5.tar.gz
-/snapd-2.27.6.tar.gz
-/snapd-2.28.1.tar.gz
-/snapd-2.28.4.tar.gz
-/snapd-2.28.5.tar.gz
-/snapd-2.29.4.tar.gz
-/snapd-2.30.tar.gz
-/snapd-2.31.1.tar.gz
-/snapd-2.32.4.tar.gz
-/snapd-2.33.1.tar.gz
-/snapd-2.35.tar.gz
-/snapd-2.36.tar.gz
-/snapd_2.36.only-vendor.tar.xz
-/snapd-2.36.3.tar.gz
-/snapd_2.36.3.only-vendor.tar.xz
-/snapd-2.37.2.tar.gz
-/snapd_2.37.2.only-vendor.tar.xz
-/snapd-2.37.3.tar.gz
-/snapd_2.37.3.only-vendor.tar.xz
-/snapd-2.37.4.tar.gz
-/snapd_2.37.4.only-vendor.tar.xz
-/snapd_2.38.no-vendor.tar.xz
-/snapd_2.38.only-vendor.tar.xz
-/snapd_2.39.no-vendor.tar.xz
-/snapd_2.39.only-vendor.tar.xz
-/snapd_2.39.1.no-vendor.tar.xz
-/snapd_2.39.1.only-vendor.tar.xz
-/snapd_2.39.2.no-vendor.tar.xz
-/snapd_2.39.2.only-vendor.tar.xz
-/snapd_2.41.no-vendor.tar.xz
-/snapd_2.41.only-vendor.tar.xz
-/snapd_2.42.no-vendor.tar.xz
-/snapd_2.42.only-vendor.tar.xz
-/snapd_2.42.1.no-vendor.tar.xz
-/snapd_2.42.1.only-vendor.tar.xz
-/snapd_2.42.2.no-vendor.tar.xz
-/snapd_2.42.2.only-vendor.tar.xz
-/snapd_2.43.3.no-vendor.tar.xz
-/snapd_2.43.3.only-vendor.tar.xz
-/snapd_2.45.no-vendor.tar.xz
-/snapd_2.45.only-vendor.tar.xz
-/snapd_2.45.1.no-vendor.tar.xz
-/snapd_2.45.1.only-vendor.tar.xz
-/snapd_2.45.2.no-vendor.tar.xz
-/snapd_2.45.2.only-vendor.tar.xz
-/snapd_2.45.3.1.no-vendor.tar.xz
-/snapd_2.45.3.1.only-vendor.tar.xz
-/snapd_2.46.1.no-vendor.tar.xz
-/snapd_2.46.1.only-vendor.tar.xz
-/snapd_2.47.1.no-vendor.tar.xz
-/snapd_2.47.1.only-vendor.tar.xz
-/snapd_2.48.2.no-vendor.tar.xz
-/snapd_2.48.2.only-vendor.tar.xz
-/snapd_2.49.no-vendor.tar.xz
-/snapd_2.49.only-vendor.tar.xz
-/snapd_2.50.no-vendor.tar.xz
-/snapd_2.50.only-vendor.tar.xz
-/snapd_2.51.no-vendor.tar.xz
-/snapd_2.51.only-vendor.tar.xz
-/snapd_2.51.7.no-vendor.tar.xz
-/snapd_2.51.7.only-vendor.tar.xz
-/snapd_2.52.no-vendor.tar.xz
-/snapd_2.52.only-vendor.tar.xz
-/snapd_2.53.1.no-vendor.tar.xz
-/snapd_2.53.1.only-vendor.tar.xz
-/snapd_2.53.2.no-vendor.tar.xz
-/snapd_2.53.2.only-vendor.tar.xz
-/snapd_2.53.4.no-vendor.tar.xz
-/snapd_2.53.4.only-vendor.tar.xz
-/snapd_2.54.1.no-vendor.tar.xz
-/snapd_2.54.1.only-vendor.tar.xz
-/snapd_2.54.2.no-vendor.tar.xz
-/snapd_2.54.2.only-vendor.tar.xz
-/snapd_2.54.3.no-vendor.tar.xz
-/snapd_2.54.3.only-vendor.tar.xz
-/snapd_2.54.4.no-vendor.tar.xz
-/snapd_2.54.4.only-vendor.tar.xz
-/snapd_2.55.2.no-vendor.tar.xz
-/snapd_2.55.2.only-vendor.tar.xz
-/snapd_2.55.3.no-vendor.tar.xz
-/snapd_2.55.3.only-vendor.tar.xz
-/snapd_2.56.2.no-vendor.tar.xz
-/snapd_2.56.2.only-vendor.tar.xz
-/snapd_2.57.5.no-vendor.tar.xz
-/snapd_2.57.5.only-vendor.tar.xz
-/snapd_2.57.6.no-vendor.tar.xz
-/snapd_2.57.6.only-vendor.tar.xz
-/snapd_2.58.3.no-vendor.tar.xz
-/snapd_2.58.3.only-vendor.tar.xz
-/snapd_2.61.1.no-vendor.tar.xz
-/snapd_2.61.1.only-vendor.tar.xz
-/snapd_2.61.2.no-vendor.tar.xz
-/snapd_2.61.2.only-vendor.tar.xz
-/snapd_2.62.no-vendor.tar.xz
-/snapd_2.62.only-vendor.tar.xz
+/snapd_2.63.no-vendor.tar.xz
+/snapd_2.63.only-vendor.tar.xz

snapd.spec

@@ -101,7 +101,7 @@
 %endif
 
 Name:           snapd
-Version:        2.62
+Version:        2.63
 Release:        1%{?dist}.1
 Summary:        A transactional software package manager
 License:        GPLv3
@@ -157,7 +157,7 @@ Provides:       %{name}-login-service%{?_isa} = 1.33
 %endif
 
 %if ! 0%{?with_bundled}
-BuildRequires: golang(github.com/boltdb/bolt)
+BuildRequires: golang(go.etcd.io/bbolt)
 BuildRequires: golang(github.com/coreos/go-systemd/activation)
 BuildRequires: golang(github.com/godbus/dbus)
 BuildRequires: golang(github.com/godbus/dbus/introspect)
@@ -253,7 +253,7 @@ BuildArch:     noarch
 %endif
 
 %if ! 0%{?with_bundled}
-Requires:      golang(github.com/boltdb/bolt)
+Requires:      golang(go.etcd.io/bbolt)
 Requires:      golang(github.com/coreos/go-systemd/activation)
 Requires:      golang(github.com/godbus/dbus)
 Requires:      golang(github.com/godbus/dbus/introspect)
@@ -282,7 +282,7 @@ Requires:      golang(gopkg.in/yaml.v3)
 # These Provides are unversioned because the sources in
 # the bundled tarball are unversioned (they go by git commit)
 # *sigh*... I hate golang...
-Provides:      bundled(golang(github.com/snapcore/bolt))
+Provides:      bundled(golang(go.etcd.io/bbolt))
 Provides:      bundled(golang(github.com/coreos/go-systemd/activation))
 Provides:      bundled(golang(github.com/godbus/dbus))
 Provides:      bundled(golang(github.com/godbus/dbus/introspect))
@@ -562,10 +562,8 @@ BUILDTAGS="${BUILDTAGS} nomanagers"
     %gobuild_static -o bin/snapctl $GOFLAGS %{import_path}/cmd/snapctl
 )
 
-%if 0%{?rhel}
-# There's no static link library for libseccomp in RHEL/CentOS...
-sed -e "s/-Bstatic -lseccomp/-Bstatic/g" -i cmd/snap-seccomp/*.go
-%endif
+# We need -D_GNU_SOURCE to include  xfs/linux.h for fallocate.
+sed -e 's,//#cgo CFLAGS: -D_FILE_OFFSET_BITS=64,//#cgo CFLAGS: -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE,' -i cmd/snap-seccomp/main.go
 %gobuild -o bin/snap-seccomp $GOFLAGS %{import_path}/cmd/snap-seccomp
 
 %if 0%{?with_selinux}
@@ -852,6 +850,7 @@ popd
 %dir %{_sharedstatedir}/snapd
 %dir %{_sharedstatedir}/snapd/assertions
 %dir %{_sharedstatedir}/snapd/cookie
+%dir %{_sharedstatedir}/snapd/cgroup
 %dir %{_sharedstatedir}/snapd/dbus-1
 %dir %{_sharedstatedir}/snapd/dbus-1/services
 %dir %{_sharedstatedir}/snapd/dbus-1/system-services
@@ -998,6 +997,57 @@ fi
 
 
 %changelog
+* Fri Jun 07 2024 Maciek Borzecki <[email protected]> - 2.63-1%{dist}.1
+- Rebuild for Amazon Linux
+
+* Wed Apr 24 2024 Ernest Lotter <[email protected]>
+- New upstream release 2.63
+ - Support for snap services to show the current status of user
+   services (experimental)
+ - Refresh app awareness: record snap-run-inhibit notice when
+   starting app from snap that is busy with refresh (experimental)
+ - Refresh app awareness: use warnings as fallback for desktop
+   notifications (experimental)
+ - Aspect based configuration: make request fields in the aspect-
+   bundle's rules optional (experimental)
+ - Aspect based configuration: make map keys conform to the same
+   format as path sub-keys (experimental)
+ - Aspect based configuration: make unset and set behaviour similar
+   to configuration options (experimental)
+ - Aspect based configuration: limit nesting level for setting value
+   (experimental)
+ - Components: use symlinks to point active snap component revisions
+ - Components: add model assertion support for components
+ - Components: fix to ensure local component installation always gets
+   a new revision number
+ - Add basic support for a CIFS remote filesystem-based home
+   directory
+ - Add support for AppArmor profile kill mode to avoid snap-confine
+   error
+ - Allow more than one interface to grant access to the same API
+   endpoint or notice type
+ - Allow all snapd service's control group processes to send systemd
+   notifications to prevent warnings flooding the log
+ - Enable not preseeded single boot install
+ - Update secboot to handle new sbatlevel
+ - Fix to not use cgroup for non-strict confined snaps (devmode,
+   classic)
+ - Fix two race conditions relating to freedesktop notifications
+ - Fix missing tunables in snap-update-ns AppArmor template
+ - Fix rejection of snapd snap udev command line by older host snap-
+   device-helper
+ - Rework seccomp allow/deny list
+ - Clean up files removed by gadgets
+ - Remove non-viable boot chains to avoid secboot failure
+ - posix_mq interface: add support for missing time64 mqueue syscalls
+   mq_timedreceive_time64 and mq_timedsend_time64
+ - password-manager-service interface: allow kwalletd version 6
+ - kubernetes-support interface: allow SOCK_SEQPACKET sockets
+ - system-observe interface: allow listing systemd units and their
+   properties
+ - opengl interface: enable use of nvidia container toolkit CDI
+   config generation
+
 * Thu Apr 18 2024 Maciek Borzecki <[email protected]> - 2.62-1%{dist}.1
 - Rebuild for Amazon Linux
 

sources

@@ -1,2 +1,2 @@
-SHA512 (snapd_2.62.no-vendor.tar.xz) = 3fb9fa65e25e7deec7e92def9b60f756cfce35c00b90e5cc370bd641034414313f07c973fcbdef4c58e7a9abc20197316fd51a4a2bf5087088a0593b59104590
-SHA512 (snapd_2.62.only-vendor.tar.xz) = d07a3ba83cad8d25fc03ecb7efc69e8e3f105e41c076bc5b450acf4e98409f11f738b65f542965fac5ccaa56eb9f7b1b36aa06f8b68cd3549b9d2a01b10faa09
+SHA512 (snapd_2.63.no-vendor.tar.xz) = 5973b7922f2caf1d4b0bc0db4fe5564134b04d6ca3b52204e9963b584bd80a91789c46902840169f9a8b1b1184820c86902401f585915ca06a010d81a2d9a453
+SHA512 (snapd_2.63.only-vendor.tar.xz) = 3ff9b8610c01997935b720e883644597f7d397a9a7b7e23eadbe95a67f62564e9d4d836c5667e39f95ed073115b106d58e5f4107f229c72014433414168baaa7

spread/build/package-and-repo/task.yaml

@@ -4,12 +4,25 @@ artifacts:
   - rpmbuild/RPMS
   - rpmbuild/SRPMS
   - rpmbuild/SOURCES
-  - amazon-linux-2-repo.tar.xz
+  - amazon-linux-*
 
 prepare: |
-  yum-builddep -y "$PWD/snapd.spec"
+  yum-builddep -y "$SPREAD_PATH/snapd.spec"
 
 execute: |
+  TARGET=
+  case "$SPREAD_SYSTEM" in
+      amazon-linux-2-*)
+          TARGET=amazonlinux:2
+          ;;
+      amazon-linux-2023-*)
+          TARGET=amazonlinux:2023
+          ;;
+      *)
+          echo "unsupported $SPREAD_SYSTEM"
+          exit 1
+          ;;
+  esac
   # shellcheck disable=SC2046
   wget $(rpmspec -P "$SPREAD_PATH/snapd.spec" | awk '/^Source[0-9]+: +https:/ { print $2 }')
   cp -av "$SPREAD_PATH/snapd.spec" .
@@ -18,4 +31,4 @@ execute: |
   done
   IN_CONTAINER=1 "$SPREAD_PATH/tool" build
   IN_CONTAINER=1 "$SPREAD_PATH/tool" createrepo
-  tar -cJv repo > amazon-linux-2-repo.tar.xz
+  TARGET="$TARGET" IN_CONTAINER=1 "$SPREAD_PATH/tool" pack

tool

@@ -87,6 +87,32 @@ enabled=0
 EOF
 }
 
+#HELP:     shell
+#HELP:              Open a shell in build environment
+shell_in_container() {
+    exec /bin/bash
+}
+
+#HELP:     pack
+#HELP:              Pack the repository tree
+pack() {
+    case "$TARGET" in
+        amazonlinux:2)
+            tarball_name="amazon-linux-2-repo.tar.xz"
+            ;;
+        amazonlinux:2023)
+            tarball_name="amazon-linux-2023-repo.tar.xz"
+            ;;
+        *)
+            echo "unsupported target $TARGET"
+            exit 1
+            ;;
+    esac
+    tar -cJv repo > "$tarball_name"
+}
+
+
+
 cmd="$1"
 shift
 case "$cmd" in
@@ -130,19 +156,7 @@ case "$cmd" in
             echo "repo directory does not exist, run 'createrepo' first"
             exit 1
         fi
-        case "$TARGET" in
-            amazonlinux:2)
-                tarball_name="amazon-linux-2-repo.tar.xz"
-                ;;
-            amazonlinux:2023)
-                tarball_name="amazon-linux-2023-repo.tar.xz"
-                ;;
-            *)
-                echo "unsupported target $TARGET"
-                exit 1
-                ;;
-        esac
-        tar -cJv repo > "$tarball_name"
+        pack
         ;;
     help|-h|--help|*)
         grep -E '^#HELP: ' "$0" | sed -e 's/#HELP: //'