github.com/chipaca/snappy@v0.0.0-20210104084008-1f06296fe8ad/packaging/fedora/snapd.spec

# With Fedora, nothing is bundled. For everything else, bundling is used.
# To use bundled stuff, use "--with vendorized" on rpmbuild
%if 0%{?fedora}
%bcond_with vendorized
%else
%bcond_without vendorized
%endif

# With Amazon Linux 2+, we're going to provide the /snap symlink by default,
# since classic snaps currently require it... :(
%if 0%{?amzn} >= 2
%bcond_without snap_symlink
%else
%bcond_with snap_symlink
%endif

# A switch to allow building the package with support for testkeys which
# are used for the spread test suite of snapd.
%bcond_with testkeys

%global with_devel 1
%global with_debug 1
%global with_check 0
%global with_unit_test 0
%global with_test_keys 0
%global with_selinux 1

# For the moment, we don't support all golang arches...
%global with_goarches 0

# Set if multilib is enabled for supported arches
%ifarch x86_64 aarch64 %{power64} s390x
%global with_multilib 1
%endif

%if ! %{with vendorized}
%global with_bundled 0
%else
%global with_bundled 1
%endif

%if ! %{with testkeys}
%global with_test_keys 0
%else
%global with_test_keys 1
%endif

%if 0%{?with_debug}
%global _dwz_low_mem_die_limit 0
%else
%global debug_package   %{nil}
%endif

%global provider        github
%global provider_tld    com
%global project         snapcore
%global repo            snapd
# https://github.com/snapcore/snapd
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
%global import_path     %{provider_prefix}

%global snappy_svcs      snapd.service snapd.socket snapd.autoimport.service snapd.seeded.service
%global snappy_user_svcs snapd.session-agent.service snapd.session-agent.socket

# Until we have a way to add more extldflags to gobuild macro...
%if 0%{?fedora} || 0%{?rhel} >= 8
%define gobuild_static(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags -static'" -a -v -x %{?**};
%endif
%if 0%{?rhel} == 7
# no pass PIE flags due to https://bugzilla.redhat.com/show_bug.cgi?id=1634486
%define gobuild_static(o:) go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags -static'" -a -v -x %{?**};
%endif

# These macros are missing BUILDTAGS in RHEL 8, see RHBZ#1825138
%if 0%{?rhel} == 8
%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags'" -a -v -x %{?**};
%endif

# These macros are not defined in RHEL 7
%if 0%{?rhel} == 7
%define gobuild(o:) go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -linkmode external -extldflags '%__global_ldflags'" -a -v -x %{?**};
%define gotest() go test -compiler gc -ldflags "${LDFLAGS:-}" %{?**};
%endif

# Compat path macros
%{!?_environmentdir: %global _environmentdir %{_prefix}/lib/environment.d}
%{!?_systemdgeneratordir: %global _systemdgeneratordir %{_prefix}/lib/systemd/system-generators}
%{!?_systemd_system_env_generator_dir: %global _systemd_system_env_generator_dir %{_prefix}/lib/systemd/system-environment-generators}

# Fedora selinux-policy includes 'map' permission on a 'file' class. However,
# Amazon Linux 2 does not have the updated policy containing the fix for
# https://bugzilla.redhat.com/show_bug.cgi?id=1574383.
# For now disable SELinux on Amazon Linux 2 until it's fixed.
%if 0%{?amzn2} == 1
%global with_selinux 0
%endif

Name:           snapd
Version:        2.48.2
Release:        0%{?dist}
Summary:        A transactional software package manager
License:        GPLv3
URL:            https://%{provider_prefix}
Source0:        https://%{provider_prefix}/releases/download/%{version}/%{name}_%{version}.no-vendor.tar.xz
Source1:        https://%{provider_prefix}/releases/download/%{version}/%{name}_%{version}.only-vendor.tar.xz

%if 0%{?with_goarches}
# e.g. el6 has ppc64 arch without gcc-go, so EA tag is required
ExclusiveArch:  %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
%else
# Verified arches from snapd upstream
ExclusiveArch:  %{ix86} x86_64 %{arm} aarch64 ppc64le s390x
%endif

# If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
BuildRequires:  %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang >= 1.9}
BuildRequires:  systemd
%{?systemd_requires}

Requires:       snap-confine%{?_isa} = %{version}-%{release}
Requires:       squashfs-tools

%if 0%{?rhel} && 0%{?rhel} < 8
# Rich dependencies not available, always pull in squashfuse
# snapd will use squashfs.ko instead of squashfuse if it's on the system
# NOTE: Amazon Linux 2 does not have squashfuse, squashfs.ko is part of the kernel package
%if ! 0%{?amzn2}
Requires:       squashfuse
Requires:       fuse
%endif
%else
# snapd will use squashfuse in the event that squashfs.ko isn't available (cloud instances, containers, etc.)
Requires:       ((squashfuse and fuse) or kmod(squashfs.ko))
%endif

# bash-completion owns /usr/share/bash-completion/completions
Requires:       bash-completion

%if 0%{?with_selinux}
# Force the SELinux module to be installed
Requires:       %{name}-selinux = %{version}-%{release}
%endif

%if 0%{?fedora} && 0%{?fedora} < 30
# snapd-login-service is no more
# Note: Remove when F29 is EOL
Obsoletes:      %{name}-login-service < 1.33
Provides:       %{name}-login-service = 1.33
Provides:       %{name}-login-service%{?_isa} = 1.33
%endif

%if ! 0%{?with_bundled}
BuildRequires: golang(github.com/boltdb/bolt)
BuildRequires: golang(github.com/coreos/go-systemd/activation)
BuildRequires: golang(github.com/godbus/dbus)
BuildRequires: golang(github.com/godbus/dbus/introspect)
BuildRequires: golang(github.com/gorilla/mux)
BuildRequires: golang(github.com/jessevdk/go-flags)
BuildRequires: golang(github.com/juju/ratelimit)
BuildRequires: golang(github.com/kr/pretty)
BuildRequires: golang(github.com/kr/text)
BuildRequires: golang(github.com/mvo5/goconfigparser)
BuildRequires: golang(github.com/seccomp/libseccomp-golang)
BuildRequires: golang(github.com/snapcore/go-gettext)
BuildRequires: golang(golang.org/x/crypto/openpgp/armor)
BuildRequires: golang(golang.org/x/crypto/openpgp/packet)
BuildRequires: golang(golang.org/x/crypto/sha3)
BuildRequires: golang(golang.org/x/crypto/ssh/terminal)
BuildRequires: golang(golang.org/x/xerrors)
BuildRequires: golang(golang.org/x/xerrors/internal)
BuildRequires: golang(gopkg.in/check.v1)
BuildRequires: golang(gopkg.in/macaroon.v1)
BuildRequires: golang(gopkg.in/mgo.v2/bson)
BuildRequires: golang(gopkg.in/retry.v1)
BuildRequires: golang(gopkg.in/tomb.v2)
BuildRequires: golang(gopkg.in/yaml.v2)
%endif

%description
Snappy is a modern, cross-distribution, transactional package manager
designed for working with self-contained, immutable packages.

%package -n snap-confine
Summary:        Confinement system for snap applications
License:        GPLv3
BuildRequires:  autoconf
BuildRequires:  automake
BuildRequires:  libtool
BuildRequires:  gcc
BuildRequires:  gettext
BuildRequires:  gnupg
BuildRequires:  pkgconfig(glib-2.0)
BuildRequires:  pkgconfig(libcap)
BuildRequires:  pkgconfig(libseccomp)
%if 0%{?with_selinux}
BuildRequires:  pkgconfig(libselinux)
%endif
BuildRequires:  pkgconfig(libudev)
BuildRequires:  pkgconfig(systemd)
BuildRequires:  pkgconfig(udev)
BuildRequires:  xfsprogs-devel
BuildRequires:  glibc-static
%if ! 0%{?rhel}
BuildRequires:  libseccomp-static
%endif
BuildRequires:  valgrind
BuildRequires:  %{_bindir}/rst2man
%if 0%{?fedora}
# ShellCheck in EPEL is too old...
BuildRequires:  %{_bindir}/shellcheck
%endif

# Ensures older version from split packaging is replaced
Obsoletes:      snap-confine < 2.19

%description -n snap-confine
This package is used internally by snapd to apply confinement to
the started snap applications.

%if 0%{?with_selinux}
%package selinux
Summary:        SELinux module for snapd
License:        GPLv2+
BuildArch:      noarch
BuildRequires:  selinux-policy, selinux-policy-devel
Requires(post): selinux-policy-base >= %{_selinux_policy_version}
Requires(post): policycoreutils
%if 0%{?rhel} == 7
Requires(post): policycoreutils-python
%else
Requires(post): policycoreutils-python-utils
%endif
Requires(pre):  libselinux-utils
Requires(post): libselinux-utils

%description selinux
This package provides the SELinux policy module to ensure snapd
runs properly under an environment with SELinux enabled.
%endif

%if 0%{?with_devel}
%package devel
Summary:       Development files for %{name}
BuildArch:     noarch

%if 0%{?with_check} && ! 0%{?with_bundled}
%endif

%if ! 0%{?with_bundled}
Requires:      golang(github.com/boltdb/bolt)
Requires:      golang(github.com/coreos/go-systemd/activation)
Requires:      golang(github.com/godbus/dbus)
Requires:      golang(github.com/godbus/dbus/introspect)
Requires:      golang(github.com/gorilla/mux)
Requires:      golang(github.com/jessevdk/go-flags)
Requires:      golang(github.com/juju/ratelimit)
Requires:      golang(github.com/kr/pretty)
Requires:      golang(github.com/kr/text)
Requires:      golang(github.com/mvo5/goconfigparser)
Requires:      golang(github.com/seccomp/libseccomp-golang)
Requires:      golang(github.com/snapcore/go-gettext)
Requires:      golang(golang.org/x/crypto/openpgp/armor)
Requires:      golang(golang.org/x/crypto/openpgp/packet)
Requires:      golang(golang.org/x/crypto/sha3)
Requires:      golang(golang.org/x/crypto/ssh/terminal)
Requires:      golang(golang.org/x/xerrors)
Requires:      golang(golang.org/x/xerrors/internal)
Requires:      golang(gopkg.in/check.v1)
Requires:      golang(gopkg.in/macaroon.v1)
Requires:      golang(gopkg.in/mgo.v2/bson)
Requires:      golang(gopkg.in/retry.v1)
Requires:      golang(gopkg.in/tomb.v2)
Requires:      golang(gopkg.in/yaml.v2)
%else
# These Provides are unversioned because the sources in
# the bundled tarball are unversioned (they go by git commit)
# *sigh*... I hate golang...
Provides:      bundled(golang(github.com/snapcore/bolt))
Provides:      bundled(golang(github.com/coreos/go-systemd/activation))
Provides:      bundled(golang(github.com/godbus/dbus))
Provides:      bundled(golang(github.com/godbus/dbus/introspect))
Provides:      bundled(golang(github.com/gorilla/mux))
Provides:      bundled(golang(github.com/jessevdk/go-flags))
Provides:      bundled(golang(github.com/juju/ratelimit))
Provides:      bundled(golang(github.com/kr/pretty))
Provides:      bundled(golang(github.com/kr/text))
Provides:      bundled(golang(github.com/mvo5/goconfigparser))
Provides:      bundled(golang(github.com/mvo5/libseccomp-golang))
Provides:      bundled(golang(github.com/snapcore/go-gettext))
Provides:      bundled(golang(golang.org/x/crypto/openpgp/armor))
Provides:      bundled(golang(golang.org/x/crypto/openpgp/packet))
Provides:      bundled(golang(golang.org/x/crypto/sha3))
Provides:      bundled(golang(golang.org/x/crypto/ssh/terminal))
Provides:      bundled(golang(golang.org/x/xerrors))
Provides:      bundled(golang(golang.org/x/xerrors/internal))
Provides:      bundled(golang(gopkg.in/check.v1))
Provides:      bundled(golang(gopkg.in/macaroon.v1))
Provides:      bundled(golang(gopkg.in/mgo.v2/bson))
Provides:      bundled(golang(gopkg.in/retry.v1))
Provides:      bundled(golang(gopkg.in/tomb.v2))
Provides:      bundled(golang(gopkg.in/yaml.v2))
%endif

# Generated by gofed
Provides:      golang(%{import_path}/advisor) = %{version}-%{release}
Provides:      golang(%{import_path}/arch) = %{version}-%{release}
Provides:      golang(%{import_path}/asserts) = %{version}-%{release}
Provides:      golang(%{import_path}/asserts/assertstest) = %{version}-%{release}
Provides:      golang(%{import_path}/asserts/signtool) = %{version}-%{release}
Provides:      golang(%{import_path}/asserts/snapasserts) = %{version}-%{release}
Provides:      golang(%{import_path}/asserts/sysdb) = %{version}-%{release}
Provides:      golang(%{import_path}/asserts/systestkeys) = %{version}-%{release}
Provides:      golang(%{import_path}/boot) = %{version}-%{release}
Provides:      golang(%{import_path}/boot/boottest) = %{version}-%{release}
Provides:      golang(%{import_path}/bootloader) = %{version}-%{release}
Provides:      golang(%{import_path}/bootloader/androidbootenv) = %{version}-%{release}
Provides:      golang(%{import_path}/bootloader/bootloadertest) = %{version}-%{release}
Provides:      golang(%{import_path}/bootloader/efi) = %{version}-%{release}
Provides:      golang(%{import_path}/bootloader/grubenv) = %{version}-%{release}
Provides:      golang(%{import_path}/bootloader/lkenv) = %{version}-%{release}
Provides:      golang(%{import_path}/bootloader/ubootenv) = %{version}-%{release}
Provides:      golang(%{import_path}/client) = %{version}-%{release}
Provides:      golang(%{import_path}/cmd) = %{version}-%{release}
Provides:      golang(%{import_path}/cmd/cmdutil) = %{version}-%{release}
Provides:      golang(%{import_path}/cmd/snap-bootstrap/bootstrap) = %{version}-%{release}
Provides:      golang(%{import_path}/cmd/snap-bootstrap/partition) = %{version}-%{release}
Provides:      golang(%{import_path}/cmd/snap-bootstrap/triggerwatch) = %{version}-%{release}
Provides:      golang(%{import_path}/cmd/snaplock) = %{version}-%{release}
Provides:      golang(%{import_path}/cmd/snap-seccomp/syscalls) = %{version}-%{release}
Provides:      golang(%{import_path}/daemon) = %{version}-%{release}
Provides:      golang(%{import_path}/dirs) = %{version}-%{release}
Provides:      golang(%{import_path}/errtracker) = %{version}-%{release}
Provides:      golang(%{import_path}/features) = %{version}-%{release}
Provides:      golang(%{import_path}/gadget) = %{version}-%{release}
Provides:      golang(%{import_path}/httputil) = %{version}-%{release}
Provides:      golang(%{import_path}/i18n) = %{version}-%{release}
Provides:      golang(%{import_path}/i18n/xgettext-go) = %{version}-%{release}
Provides:      golang(%{import_path}/image) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/apparmor) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/backends) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/builtin) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/dbus) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/hotplug) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/ifacetest) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/kmod) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/mount) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/policy) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/seccomp) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/systemd) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/udev) = %{version}-%{release}
Provides:      golang(%{import_path}/interfaces/utils) = %{version}-%{release}
Provides:      golang(%{import_path}/jsonutil) = %{version}-%{release}
Provides:      golang(%{import_path}/jsonutil/safejson) = %{version}-%{release}
Provides:      golang(%{import_path}/logger) = %{version}-%{release}
Provides:      golang(%{import_path}/metautil) = %{version}-%{release}
Provides:      golang(%{import_path}/netutil) = %{version}-%{release}
Provides:      golang(%{import_path}/osutil) = %{version}-%{release}
Provides:      golang(%{import_path}/osutil/mount) = %{version}-%{release}
Provides:      golang(%{import_path}/osutil/squashfs) = %{version}-%{release}
Provides:      golang(%{import_path}/osutil/strace) = %{version}-%{release}
Provides:      golang(%{import_path}/osutil/sys) = %{version}-%{release}
Provides:      golang(%{import_path}/osutil/udev/crawler) = %{version}-%{release}
Provides:      golang(%{import_path}/osutil/udev/netlink) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/assertstate) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/assertstate/assertstatetest) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/auth) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/cmdstate) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/configstate) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/configstate/config) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/configstate/configcore) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/configstate/proxyconf) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/configstate/settings) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/devicestate) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/devicestate/devicestatetest) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/devicestate/internal) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/healthstate) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/hookstate) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/hookstate/ctlcmd) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/hookstate/hooktest) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/ifacestate) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/ifacestate/ifacerepo) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/ifacestate/udevmonitor) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/patch) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/servicestate) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/snapshotstate) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/snapshotstate/backend) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/snapstate) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/snapstate/backend) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/snapstate/policy) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/snapstate/snapstatetest) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/standby) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/state) = %{version}-%{release}
Provides:      golang(%{import_path}/overlord/storecontext) = %{version}-%{release}
Provides:      golang(%{import_path}/polkit) = %{version}-%{release}
Provides:      golang(%{import_path}/progress) = %{version}-%{release}
Provides:      golang(%{import_path}/progress/progresstest) = %{version}-%{release}
Provides:      golang(%{import_path}/randutil) = %{version}-%{release}
Provides:      golang(%{import_path}/release) = %{version}-%{release}
Provides:      golang(%{import_path}/sandbox) = %{version}-%{release}
Provides:      golang(%{import_path}/sandbox/apparmor) = %{version}-%{release}
Provides:      golang(%{import_path}/sandbox/cgroup) = %{version}-%{release}
Provides:      golang(%{import_path}/sandbox/seccomp) = %{version}-%{release}
Provides:      golang(%{import_path}/sandbox/selinux) = %{version}-%{release}
Provides:      golang(%{import_path}/sanity) = %{version}-%{release}
Provides:      golang(%{import_path}/secboot) = %{version}-%{release}
Provides:      golang(%{import_path}/seed) = %{version}-%{release}
Provides:      golang(%{import_path}/seed/internal) = %{version}-%{release}
Provides:      golang(%{import_path}/seed/seedtest) = %{version}-%{release}
Provides:      golang(%{import_path}/seed/seedwriter) = %{version}-%{release}
Provides:      golang(%{import_path}/snap) = %{version}-%{release}
Provides:      golang(%{import_path}/snap/channel) = %{version}-%{release}
Provides:      golang(%{import_path}/snapdenv) = %{version}-%{release}
Provides:      golang(%{import_path}/snap/naming) = %{version}-%{release}
Provides:      golang(%{import_path}/snap/pack) = %{version}-%{release}
Provides:      golang(%{import_path}/snap/snapdir) = %{version}-%{release}
Provides:      golang(%{import_path}/snap/snapenv) = %{version}-%{release}
Provides:      golang(%{import_path}/snap/snaptest) = %{version}-%{release}
Provides:      golang(%{import_path}/snap/squashfs) = %{version}-%{release}
Provides:      golang(%{import_path}/spdx) = %{version}-%{release}
Provides:      golang(%{import_path}/store) = %{version}-%{release}
Provides:      golang(%{import_path}/store/storetest) = %{version}-%{release}
Provides:      golang(%{import_path}/strutil) = %{version}-%{release}
Provides:      golang(%{import_path}/strutil/chrorder) = %{version}-%{release}
Provides:      golang(%{import_path}/strutil/quantity) = %{version}-%{release}
Provides:      golang(%{import_path}/strutil/shlex) = %{version}-%{release}
Provides:      golang(%{import_path}/sysconfig) = %{version}-%{release}
Provides:      golang(%{import_path}/systemd) = %{version}-%{release}
Provides:      golang(%{import_path}/tests/lib/fakestore/refresh) = %{version}-%{release}
Provides:      golang(%{import_path}/tests/lib/fakestore/store) = %{version}-%{release}
Provides:      golang(%{import_path}/testutil) = %{version}-%{release}
Provides:      golang(%{import_path}/timeout) = %{version}-%{release}
Provides:      golang(%{import_path}/timeutil) = %{version}-%{release}
Provides:      golang(%{import_path}/timings) = %{version}-%{release}
Provides:      golang(%{import_path}/usersession/agent) = %{version}-%{release}
Provides:      golang(%{import_path}/usersession/autostart) = %{version}-%{release}
Provides:      golang(%{import_path}/usersession/client) = %{version}-%{release}
Provides:      golang(%{import_path}/usersession/userd) = %{version}-%{release}
Provides:      golang(%{import_path}/usersession/userd/ui) = %{version}-%{release}
Provides:      golang(%{import_path}/wrappers) = %{version}-%{release}
Provides:      golang(%{import_path}/x11) = %{version}-%{release}
Provides:      golang(%{import_path}/xdgopenproxy) = %{version}-%{release}

%description devel
This package contains library source intended for
building other packages which use import path with
%{import_path} prefix.
%endif

%if 0%{?with_unit_test} && 0%{?with_devel}
%package unit-test-devel
Summary:         Unit tests for %{name} package

%if 0%{?with_check}
#Here comes all BuildRequires: PACKAGE the unit tests
#in %%check section need for running
%endif

# test subpackage tests code from devel subpackage
Requires:        %{name}-devel = %{version}-%{release}

%description unit-test-devel
This package contains unit tests for project
providing packages with %{import_path} prefix.
%endif

%prep
%if ! 0%{?with_bundled}
%setup -q
# Ensure there's no bundled stuff accidentally leaking in...
rm -rf vendor/*
%else
# Extract each tarball properly
%setup -q -D -b 1
%endif

%build
# Generate version files
./mkversion.sh "%{version}-%{release}"

# We don't want/need squashfuse in the rpm, as it's available in Fedora and EPEL
sed -e 's:_ "github.com/snapcore/squashfuse"::g' -i systemd/systemd.go

# Build snapd
mkdir -p src/github.com/snapcore
ln -s ../../../ src/github.com/snapcore/snapd

%if ! 0%{?with_bundled}
export GOPATH=$(pwd):%{gopath}
%else
export GOPATH=$(pwd):$(pwd)/Godeps/_workspace:%{gopath}
%endif

# see https://github.com/gofed/go-macros/blob/master/rpm/macros.d/macros.go-compilers-golang
BUILDTAGS=
%if 0%{?with_test_keys}
BUILDTAGS="withtestkeys nosecboot"
%else
BUILDTAGS="nosecboot"
%endif

%if ! 0%{?with_bundled}
# We don't need mvo5 fork for seccomp, as we have seccomp 2.3.x
sed -e "s:github.com/mvo5/libseccomp-golang:github.com/seccomp/libseccomp-golang:g" -i cmd/snap-seccomp/*.go
# We don't need the snapcore fork for bolt - it is just a fix on ppc
sed -e "s:github.com/snapcore/bolt:github.com/boltdb/bolt:g" -i advisor/*.go errtracker/*.go
%endif

# We have to build snapd first to prevent the build from
# building various things from the tree without additional
# set tags.
%gobuild -o bin/snapd $GOFLAGS %{import_path}/cmd/snapd
BUILDTAGS="${BUILDTAGS} nomanagers"
%gobuild -o bin/snap $GOFLAGS %{import_path}/cmd/snap
%gobuild -o bin/snap-failure $GOFLAGS %{import_path}/cmd/snap-failure

# To ensure things work correctly with base snaps,
# snap-exec, snap-update-ns, and snapctl need to be built statically
(
%if 0%{?rhel} >= 8
    # since 1.12.1, the go-toolset module is built with FIPS compliance that
    # defaults to using libcrypto.so which gets loaded at runtime via dlopen(),
    # disable that functionality for statically built binaries
    BUILDTAGS="${BUILDTAGS} no_openssl"
%endif
    %gobuild_static -o bin/snap-exec $GOFLAGS %{import_path}/cmd/snap-exec
    %gobuild_static -o bin/snap-update-ns $GOFLAGS %{import_path}/cmd/snap-update-ns
    %gobuild_static -o bin/snapctl $GOFLAGS %{import_path}/cmd/snapctl
)

%if 0%{?rhel}
# There's no static link library for libseccomp in RHEL/CentOS...
sed -e "s/-Bstatic -lseccomp/-Bstatic/g" -i cmd/snap-seccomp/*.go
%endif
%gobuild -o bin/snap-seccomp $GOFLAGS %{import_path}/cmd/snap-seccomp

%if 0%{?with_selinux}
(
%if 0%{?rhel} == 7
    M4PARAM='-D distro_rhel7'
%endif
    # Build SELinux module
    cd ./data/selinux
    # pass M4PARAM in env instead of as an override, so that make can still
    # manipulate it freely, for more details see:
    # https://www.gnu.org/software/make/manual/html_node/Override-Directive.html
    M4PARAM="$M4PARAM" make SHARE="%{_datadir}" TARGETS="snappy"
)
%endif

# Build snap-confine
pushd ./cmd
autoreconf --force --install --verbose
# FIXME: add --enable-caps-over-setuid as soon as possible (setuid discouraged!)
%configure \
    --disable-apparmor \
%if 0%{?with_selinux}
    --enable-selinux \
%endif
    --libexecdir=%{_libexecdir}/snapd/ \
    --enable-nvidia-biarch \
    %{?with_multilib:--with-32bit-libdir=%{_prefix}/lib} \
    --with-snap-mount-dir=%{_sharedstatedir}/snapd/snap \
    --enable-merged-usr

%make_build
popd

# Build systemd units, dbus services, and env files
pushd ./data
make BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" \
     SYSTEMDSYSTEMUNITDIR="%{_unitdir}" \
     SNAP_MOUNT_DIR="%{_sharedstatedir}/snapd/snap" \
     SNAPD_ENVIRONMENT_FILE="%{_sysconfdir}/sysconfig/snapd"
popd

%install
install -d -p %{buildroot}%{_bindir}
install -d -p %{buildroot}%{_libexecdir}/snapd
install -d -p %{buildroot}%{_mandir}/man8
install -d -p %{buildroot}%{_environmentdir}
install -d -p %{buildroot}%{_systemdgeneratordir}
install -d -p %{buildroot}%{_systemd_system_env_generator_dir}
install -d -p %{buildroot}%{_unitdir}
install -d -p %{buildroot}%{_userunitdir}
install -d -p %{buildroot}%{_sysconfdir}/profile.d
install -d -p %{buildroot}%{_sysconfdir}/sysconfig
install -d -p %{buildroot}%{_sharedstatedir}/snapd/assertions
install -d -p %{buildroot}%{_sharedstatedir}/snapd/cookie
install -d -p %{buildroot}%{_sharedstatedir}/snapd/dbus-1/services
install -d -p %{buildroot}%{_sharedstatedir}/snapd/dbus-1/system-services
install -d -p %{buildroot}%{_sharedstatedir}/snapd/desktop/applications
install -d -p %{buildroot}%{_sharedstatedir}/snapd/device
install -d -p %{buildroot}%{_sharedstatedir}/snapd/hostfs
install -d -p %{buildroot}%{_sharedstatedir}/snapd/inhibit
install -d -p %{buildroot}%{_sharedstatedir}/snapd/lib/gl
install -d -p %{buildroot}%{_sharedstatedir}/snapd/lib/gl32
install -d -p %{buildroot}%{_sharedstatedir}/snapd/lib/glvnd
install -d -p %{buildroot}%{_sharedstatedir}/snapd/lib/vulkan
install -d -p %{buildroot}%{_sharedstatedir}/snapd/mount
install -d -p %{buildroot}%{_sharedstatedir}/snapd/seccomp/bpf
install -d -p %{buildroot}%{_sharedstatedir}/snapd/snaps
install -d -p %{buildroot}%{_sharedstatedir}/snapd/snap/bin
install -d -p %{buildroot}%{_localstatedir}/snap
install -d -p %{buildroot}%{_localstatedir}/cache/snapd
install -d -p %{buildroot}%{_datadir}/polkit-1/actions
%if 0%{?with_selinux}
install -d -p %{buildroot}%{_datadir}/selinux/devel/include/contrib
install -d -p %{buildroot}%{_datadir}/selinux/packages
%endif

# Install snap and snapd
install -p -m 0755 bin/snap %{buildroot}%{_bindir}
install -p -m 0755 bin/snap-exec %{buildroot}%{_libexecdir}/snapd
install -p -m 0755 bin/snap-failure %{buildroot}%{_libexecdir}/snapd
install -p -m 0755 bin/snapd %{buildroot}%{_libexecdir}/snapd
install -p -m 0755 bin/snap-update-ns %{buildroot}%{_libexecdir}/snapd
install -p -m 0755 bin/snap-seccomp %{buildroot}%{_libexecdir}/snapd
# Ensure /usr/bin/snapctl is a symlink to /usr/libexec/snapd/snapctl
install -p -m 0755 bin/snapctl %{buildroot}%{_libexecdir}/snapd/snapctl
ln -sf %{_libexecdir}/snapd/snapctl %{buildroot}%{_bindir}/snapctl

%if 0%{?with_selinux}
# Install SELinux module
install -p -m 0644 data/selinux/snappy.if %{buildroot}%{_datadir}/selinux/devel/include/contrib
install -p -m 0644 data/selinux/snappy.pp.bz2 %{buildroot}%{_datadir}/selinux/packages
%endif

# Install snap(8) man page
bin/snap help --man > %{buildroot}%{_mandir}/man8/snap.8

# Install the "info" data file with snapd version
install -m 644 -D data/info %{buildroot}%{_libexecdir}/snapd/info

# Install bash completion for "snap"
install -m 644 -D data/completion/bash/snap %{buildroot}%{_datadir}/bash-completion/completions/snap
install -m 644 -D data/completion/bash/complete.sh %{buildroot}%{_libexecdir}/snapd
install -m 644 -D data/completion/bash/etelpmoc.sh %{buildroot}%{_libexecdir}/snapd
# Install zsh completion for "snap"
install -d -p %{buildroot}%{_datadir}/zsh/site-functions
install -m 644 -D data/completion/zsh/_snap %{buildroot}%{_datadir}/zsh/site-functions/_snap

# Install snap-confine
pushd ./cmd
%make_install
# Undo the 0111 permissions, they are restored in the files section
chmod 0755 %{buildroot}%{_sharedstatedir}/snapd/void
# We don't use AppArmor
rm -rfv %{buildroot}%{_sysconfdir}/apparmor.d
# ubuntu-core-launcher is dead
rm -fv %{buildroot}%{_bindir}/ubuntu-core-launcher
popd

# Install all systemd and dbus units, and env files
pushd ./data
%make_install BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" \
              SYSTEMDSYSTEMUNITDIR="%{_unitdir}" SYSTEMDUSERUNITDIR="%{_userunitdir}" \
              SNAP_MOUNT_DIR="%{_sharedstatedir}/snapd/snap" \
              SNAPD_ENVIRONMENT_FILE="%{_sysconfdir}/sysconfig/snapd"
popd

%if 0%{?rhel} == 7
# Install kernel tweaks
# See: https://access.redhat.com/articles/3128691
install -m 644 -D data/sysctl/rhel7-snap.conf %{buildroot}%{_sysctldir}/99-snap.conf
%endif

# Remove snappy core specific units
rm -fv %{buildroot}%{_unitdir}/snapd.system-shutdown.service
rm -fv %{buildroot}%{_unitdir}/snapd.snap-repair.*
rm -fv %{buildroot}%{_unitdir}/snapd.core-fixup.*
rm -fv %{buildroot}%{_unitdir}/snapd.recovery-chooser-trigger.service

# Remove snappy core specific scripts
rm %{buildroot}%{_libexecdir}/snapd/snapd.core-fixup.sh

# Remove snapd apparmor service
rm -f %{buildroot}%{_unitdir}/snapd.apparmor.service
rm -f %{buildroot}%{_libexecdir}/snapd/snapd-apparmor

# Install Polkit configuration
install -m 644 -D data/polkit/io.snapcraft.snapd.policy %{buildroot}%{_datadir}/polkit-1/actions

# Disable re-exec by default
echo 'SNAP_REEXEC=0' > %{buildroot}%{_sysconfdir}/sysconfig/snapd

# Create state.json and the README file to be ghosted
touch %{buildroot}%{_sharedstatedir}/snapd/state.json
touch %{buildroot}%{_sharedstatedir}/snapd/snap/README

# When enabled, create a symlink for /snap to point to /var/lib/snapd/snap
%if %{with snap_symlink}
ln -sr %{buildroot}%{_sharedstatedir}/snapd/snap %{buildroot}/snap
%endif

# source codes for building projects
%if 0%{?with_devel}
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
echo "%%dir %%{gopath}/src/%%{import_path}/." >> devel.file-list
# find all *.go but no *_test.go files and generate devel.file-list
for file in $(find . -iname "*.go" -o -iname "*.s" \! -iname "*_test.go") ; do
    echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list
    install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file)
    cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
    echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list
done
%endif

# testing files for this project
%if 0%{?with_unit_test} && 0%{?with_devel}
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
# find all *_test.go files and generate unit-test.file-list
for file in $(find . -iname "*_test.go"); do
    echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list
    install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file)
    cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
    echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test-devel.file-list
done

# Install additional testdata
install -d %{buildroot}/%{gopath}/src/%{import_path}/cmd/snap/test-data/
cp -pav cmd/snap/test-data/* %{buildroot}/%{gopath}/src/%{import_path}/cmd/snap/test-data/
echo "%%{gopath}/src/%%{import_path}/cmd/snap/test-data" >> unit-test-devel.file-list
%endif

%if 0%{?with_devel}
sort -u -o devel.file-list devel.file-list
%endif

%check
for binary in snap-exec snap-update-ns snapctl; do
    ldd bin/$binary 2>&1 | grep 'not a dynamic executable'
done

# snapd tests
%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel}
%if ! 0%{?with_bundled}
export GOPATH=%{buildroot}/%{gopath}:%{gopath}
%else
export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath}
%endif
%gotest %{import_path}/...
%endif

# snap-confine tests (these always run!)
pushd ./cmd
make check
popd

%files
#define license tag if not already defined
%{!?_licensedir:%global license %doc}
%license COPYING
%doc README.md docs/*
%{_bindir}/snap
%{_bindir}/snapctl
%{_environmentdir}/990-snapd.conf
%if 0%{?rhel} == 7
%{_sysctldir}/99-snap.conf
%endif
%dir %{_libexecdir}/snapd
%{_libexecdir}/snapd/snapctl
%{_libexecdir}/snapd/snapd
%{_libexecdir}/snapd/snap-exec
%{_libexecdir}/snapd/snap-failure
%{_libexecdir}/snapd/info
%{_libexecdir}/snapd/snap-mgmt
%if 0%{?with_selinux}
%{_libexecdir}/snapd/snap-mgmt-selinux
%endif
%{_mandir}/man8/snap.8*
%{_datadir}/applications/io.snapcraft.SessionAgent.desktop
%{_datadir}/applications/snap-handle-link.desktop
%{_datadir}/bash-completion/completions/snap
%{_libexecdir}/snapd/complete.sh
%{_libexecdir}/snapd/etelpmoc.sh
%{_datadir}/zsh/site-functions/_snap
%{_libexecdir}/snapd/snapd.run-from-snap
%{_sysconfdir}/profile.d/snapd.sh
%{_mandir}/man8/snapd-env-generator.8*
%{_systemd_system_env_generator_dir}/snapd-env-generator
%{_unitdir}/snapd.socket
%{_unitdir}/snapd.service
%{_unitdir}/snapd.autoimport.service
%{_unitdir}/snapd.failure.service
%{_unitdir}/snapd.seeded.service
%{_userunitdir}/snapd.session-agent.service
%{_userunitdir}/snapd.session-agent.socket
%{_datadir}/dbus-1/services/io.snapcraft.Launcher.service
%{_datadir}/dbus-1/services/io.snapcraft.SessionAgent.service
%{_datadir}/dbus-1/services/io.snapcraft.Settings.service
%{_datadir}/dbus-1/session.d/snapd.session-services.conf
%{_datadir}/dbus-1/system.d/snapd.system-services.conf
%{_datadir}/polkit-1/actions/io.snapcraft.snapd.policy
%{_sysconfdir}/xdg/autostart/snap-userd-autostart.desktop
%config(noreplace) %{_sysconfdir}/sysconfig/snapd
%dir %{_sharedstatedir}/snapd
%dir %{_sharedstatedir}/snapd/assertions
%dir %{_sharedstatedir}/snapd/cookie
%dir %{_sharedstatedir}/snapd/dbus-1
%dir %{_sharedstatedir}/snapd/dbus-1/services
%dir %{_sharedstatedir}/snapd/dbus-1/system-services
%dir %{_sharedstatedir}/snapd/desktop
%dir %{_sharedstatedir}/snapd/desktop/applications
%dir %{_sharedstatedir}/snapd/device
%dir %{_sharedstatedir}/snapd/hostfs
%dir %{_sharedstatedir}/snapd/inhibit
%dir %{_sharedstatedir}/snapd/lib
%dir %{_sharedstatedir}/snapd/lib/gl
%dir %{_sharedstatedir}/snapd/lib/gl32
%dir %{_sharedstatedir}/snapd/lib/glvnd
%dir %{_sharedstatedir}/snapd/lib/vulkan
%dir %{_sharedstatedir}/snapd/mount
%dir %{_sharedstatedir}/snapd/seccomp
%dir %{_sharedstatedir}/snapd/seccomp/bpf
%dir %{_sharedstatedir}/snapd/snaps
%dir %{_sharedstatedir}/snapd/snap
%ghost %dir %{_sharedstatedir}/snapd/snap/bin
%dir %{_localstatedir}/cache/snapd
%dir %{_localstatedir}/snap
%ghost %{_sharedstatedir}/snapd/state.json
%ghost %{_sharedstatedir}/snapd/snap/README
%if %{with snap_symlink}
/snap
%endif
# this is typically owned by zsh, but we do not want to explicitly require zsh
%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions

%files -n snap-confine
%doc cmd/snap-confine/PORTING
%license COPYING
%dir %{_libexecdir}/snapd
# For now, we can't use caps
# FIXME: Switch to "%%attr(0755,root,root) %%caps(cap_sys_admin=pe)" asap!
%attr(4755,root,root) %{_libexecdir}/snapd/snap-confine
%{_libexecdir}/snapd/snap-device-helper
%{_libexecdir}/snapd/snap-discard-ns
%{_libexecdir}/snapd/snap-gdb-shim
%{_libexecdir}/snapd/snap-gdbserver-shim
%{_libexecdir}/snapd/snap-seccomp
%{_libexecdir}/snapd/snap-update-ns
%{_libexecdir}/snapd/system-shutdown
%{_mandir}/man8/snap-confine.8*
%{_mandir}/man8/snap-discard-ns.8*
%{_systemdgeneratordir}/snapd-generator
%attr(0111,root,root) %{_sharedstatedir}/snapd/void

%if 0%{?with_selinux}
%files selinux
%license data/selinux/COPYING
%doc data/selinux/README.md
%{_datadir}/selinux/packages/snappy.pp.bz2
%{_datadir}/selinux/devel/include/contrib/snappy.if
%endif

%if 0%{?with_devel}
%files devel -f devel.file-list
%license COPYING
%doc README.md
%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project}
%endif

%if 0%{?with_unit_test} && 0%{?with_devel}
%files unit-test-devel -f unit-test-devel.file-list
%license COPYING
%doc README.md
%endif

%post
%if 0%{?rhel} == 7
%sysctl_apply 99-snap.conf
%endif
%systemd_post %{snappy_svcs}
%systemd_user_post %{snappy_user_svcs}
# If install, test if snapd socket and timer are enabled.
# If enabled, then attempt to start them. This will silently fail
# in chroots or other environments where services aren't expected
# to be started.
if [ $1 -eq 1 ] ; then
   if systemctl -q is-enabled snapd.socket > /dev/null 2>&1 ; then
      systemctl start snapd.socket > /dev/null 2>&1 || :
   fi
fi

%preun
%systemd_preun %{snappy_svcs}
%systemd_user_preun %{snappy_user_svcs}

# Remove all Snappy content if snapd is being fully uninstalled
if [ $1 -eq 0 ]; then
   %{_libexecdir}/snapd/snap-mgmt --purge || :
fi

%postun
%systemd_postun_with_restart %{snappy_svcs}
%systemd_user_postun_with_restart %{snappy_user_svcs}

%if 0%{?with_selinux}
%triggerun -- snapd < 2.39
# TODO: the trigger relies on a very specific snapd version that introduced SELinux
# mount context, figure out how to update the trigger condition to run when needed

# Trigger on uninstall, with one version of the package being pre 2.38 see
# https://rpm-packaging-guide.github.io/#triggers-and-scriptlets for details
# when triggers are run
if [ "$1" -eq 2 -a "$2" -eq 1 ]; then
   # Upgrade from pre 2.38 version
   %{_libexecdir}/snapd/snap-mgmt-selinux --patch-selinux-mount-context=system_u:object_r:snappy_snap_t:s0 || :

   # snapd might have created fontconfig cache directory earlier, but with
   # incorrect context due to bugs in the policy, make sure it gets the right one
   # on upgrade when the new policy was introduced
   if [ -d "%{_localstatedir}/cache/fontconfig" ]; then
      restorecon -R %{_localstatedir}/cache/fontconfig || :
   fi
elif [ "$1" -eq 1 -a "$2" -eq 2 ]; then
   # Downgrade to a pre 2.38 version
   %{_libexecdir}/snapd/snap-mgmt-selinux --remove-selinux-mount-context=system_u:object_r:snappy_snap_t:s0 || :
fi

%pre selinux
%selinux_relabel_pre

%post selinux
%selinux_modules_install %{_datadir}/selinux/packages/snappy.pp.bz2
%selinux_relabel_post

%posttrans selinux
%selinux_relabel_post

%postun selinux
%selinux_modules_uninstall snappy
if [ $1 -eq 0 ]; then
    %selinux_relabel_post
fi
%endif


%changelog
* Thu Dec 15 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.48.2
 - tests: sign new nested-18|20* models to allow for generic serials
 - secboot: add extra paranoia when waiting for that fde-reveal-key
 - tests: backport netplan workarounds from #9785
 - secboot: add workaround for snapcore/core-initrd issue #13
 - devicestate: log checkEncryption errors via logger.Noticef
 - tests: add nested spread end-to-end test for fde-hooks
 - devicestate: implement checkFDEFeatures()
 - boot: tweak resealing with fde-setup hooks
 - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
   init restrict file
 - secboot: add new LockSealedKeys() that uses either TPM or
   fde-reveal-key
 - gadget: use "sealed-keys" to determine what method to use for
   reseal
 - boot: add sealKeyToModeenvUsingFdeSetupHook()
 - secboot: use `fde-reveal-key` if available to unseal key
 - cmd/snap-update-ns: fix sorting of overname mount entries wrt
   other entries
 - o/devicestate: save model with serial in the device save db
 - devicestate: add runFDESetupHook() helper
 - secboot,devicestate: add scaffoling for "fde-reveal-key" support
 - hookstate: add new HookManager.EphemeralRunHook()
 - update-pot: fix typo in plural keyword spec
 - store,cmd/snap-repair: increase initial expontential time
   intervals
 - o/devicestate,daemon: fix reboot system action to not require a
   system label
 - github: run nested suite when commit is pushed to release branch
 - tests: reset fakestore unit status
 - tests: fix uc20-create-parition-* tests for updated gadget
 - hookstate: implement snapctl fde-setup-{request,result}
 - devicestate: make checkEncryption fde-setup hook aware
 - client,snapctl: add naive support for "stdin"
 - devicestate: support "storage-safety" defaults during install
 - snap: use the boot-base for kernel hooks
 - vendor: update secboot repo to avoid including secboot.test binary

* Thu Dec 03 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.48.1
 - gadget: disable ubuntu-boot role validation check

* Thu Nov 19 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.48
 - osutil: add KernelCommandLineKeyValue
 - devicestate: implement boot.HasFDESetupHook
 - boot/makebootable.go: set snapd_recovery_mode=install at image-
   build time
 - bootloader: use ForGadget when installing boot config
 - interfaces/raw_usb: allow read access to /proc/tty/drivers
 - boot: add scaffolding for "fde-setup" hook support for sealing
 - tests: fix basic20 test on arm devices
 - seed: make a shared seed system label validation helper
 - snap: add new "fde-setup" hooktype
 - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
 - secboot,cmd/snap-bootstrap: fix degraded mode cases with better
   device handling
 - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
   messiness
 - tests/nested/manual/refresh-revert-fundamentals: temporarily
   disable secure boot
 - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
   boot modes
 - many: address degraded recover mode feedback, cleanups
 - tests: Use systemd-run on tests part2
 - tests: set the opensuse tumbleweed system as manual in spread.yaml
 - secboot: call BlockPCRProtectionPolicies even if the TPM is
   disabled
 - vendor: update to current secboot
 - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
   save
 - spread.yaml: increase number of workers on 20.10
 - snap: add new `snap recovery --show-keys` option
 - tests: minor test tweaks suggested in the review of 9607
 - snapd-generator: set standard snapfuse options when generating
   units for containers
 - tests: enable lxd test on ubuntu-core-20 and 16.04-32
 - interfaces: share /tmp/.X11-unix/ from host or provider
 - tests: enable main lxd test on 20.10
 - cmd/s-b/initramfs-mounts: refactor recover mode to implement
   degraded mode
 - gadget/install: add progress logging
 - packaging: keep secboot/encrypt_dummy.go in debian
 - interfaces/udev: use distro specific path to snap-device-helper
 - o/devistate: fix chaining of tasks related to regular snaps when
   preseeding
 - gadget, overlord/devicestate: validate that system supports
   encrypted data before install
 - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
   ESP layout
 - many: add /v2/system-recovery-keys API and client
 - secboot, many: return UnlockMethod from Unlock* methods for future
   usage
 - many: mv keys to ubuntu-boot, move model file, rename keyring
   prefix for secboot
 - tests: using systemd-run instead of manually create a systemd unit
   - part 1
 - secboot, cmd/snap-bootstrap: enable or disable activation with
   recovery key
 - secboot: refactor Unlock...IfEncrypted to take keyfile + check
   disks first
 - secboot: add LockTPMSealedKeys() to lock access to keys
   independently
 - gadget: correct sfdisk arguments
 - bootloader/assets/grub: adjust fwsetup menuentry label
 - tests: new boot state tool
 - spread: use the official image for Ubuntu 20.10, no longer an
   unstable system
 - tests/lib/nested: enable snapd logging to console for core18
 - osutil/disks: re-implement partition searching for disk w/ non-
   adjacent parts
 - tests: using the nested-state tool in nested tests
 - many: seal a fallback object to the recovery boot chain
 - gadget, gadget/install: move helpers to install package, refactor
   unit tests
 - dirs: add "gentoo" to altDirDistros
 - update-pot: include file locations in translation template, and
   extract strings from desktop files
 - gadget/many: drop usage of gpt attr 59 for indicating creation of
   partitions
 - gadget/quantity: tweak test name
 - snap: fix failing unittest for quantity.FormatDuration()
 - gadget/quantity: introduce a new package that captures quantities
 - o/devicestate,a/sysdb: make a backup of the device serial to save
 - tests: fix rare interaction of tests.session and specific tests
 - features: enable classic-preserves-xdg-runtime-dir
 - tests/nested/core20/save: check the bind mount and size bump
 - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
 - tests: rename hasHooks to hasInterfaceHooks in the ifacestate
   tests
 - o/devicestate: unit test tweaks
 - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
 - testutil, cmd/snap/version: fix misc little errors
 - overlord/devicestate: bind mount ubuntu-save under
   /var/lib/snapd/save on startup
 - gadget/internal: tune ext4 setting for smaller filesystems
 - tests/nested/core20/save: a test that verifies ubuntu-save is
   present and set up
 - tests: update google sru backend to support groovy
 - o/ifacestate: handle interface hooks when preseeding
 - tests: re-enable the apt hooks test
 - interfaces,snap: use correct type: {os,snapd} for test data
 - secboot: set metadata and keyslots sizes when formatting LUKS2
   volumes
 - tests: improve uc20-create-partitions-reinstall test
 - client, daemon, cmd/snap: cleanups from #9489 + more unit tests
 - cmd/snap-bootstrap: mount ubuntu-save during boot if present
 - secboot: fix doc comment on helper for unlocking volume with key
 - tests: add spread test for refreshing from an old snapd and core18
 - o/snapstate: generate snapd snap wrappers again after restart on
   refresh
 - secboot: version bump, unlock volume with key
 - tests/snap-advise-command: re-enable test
 - cmd/snap, snapmgr, tests: cleanups after #9418
 - interfaces: deny connected x11 plugs access to ICE
 - daemon,client: write and read a maintenance.json file for when
   snapd is shut down
 - many: update to secboot v1 (part 1)
 - osutil/disks/mockdisk: panic if same mountpoint shows up again
   with diff opts
 - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
   reseal tests
 - many: implement snap routine console-conf-start for synchronizing
   auto-refreshes
 - dirs, boot: add ubuntu-save directories and related locations
 - usersession: fix typo in test name
 - overlord/snapstate: refactor ihibitRefresh
 - overlord/snapstate: stop warning about inhibited refreshes
 - cmd/snap: do not hardcode snapshot age value
 - overlord,usersession: initial notifications of pending refreshes
 - tests: add a unit test for UpdateMany where a single snap fails
 - o/snapstate/catalogrefresh.go: don't refresh catalog in install
   mode uc20
 - tests: also check snapst.Current in undo-unlink tests
 - tests: new nested tool
 - o/snapstate: implement undo handler for unlink-snap
 - tests: clean systems.sh helper and migrate last set of tests
 - tests: moving the lib section from systems.sh helper to os.query
   tool
 - tests/uc20-create-partitions: don't check for grub.cfg
 - packaging: make sure that static binaries are indeed static, fix
   openSUSE
 - many: have install return encryption keys for data and save,
   improve tests
 - overlord: add link participant for linkage transitions
 - tests: lxd smoke test
 - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
   seed too
 - tests: moving main suite from systems.sh to os.query tool
 - tests: moving the core test suite from systems.sh to os.query tool
 - cmd/snap-confine: mask host's apparmor config
 - o/snapstate: move setting updated SnapState after error paths
 - tests: add value to INSTANCE_KEY/regular
 - spread, tests: tweaks for openSUSE
 - cmd/snap-confine: update path to snap-device-helper in AppArmor
   profile
 - tests: new os.query tool
 - overlord/snapshotstate/backend: specify tar format for snapshots
 - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
   UC20
 - client,daemon,snap: auto-import does not error on managed devices
 - interfaces: PTP hardware clock interface
 - tests: use tests.backup tool
 - many: verify that unit tests work with nosecboot tag and without
   secboot package
 - wrappers: do not error out on read-only /etc/dbus-1/session.d
   filesystem on core18
 - snapshots: import of a snapshot set
 - tests: more output for sbuild test
 - o/snapstate: re-order remove tasks for individual snap revisions
   to remove current last
 - boot: skip some unit tests when running as root
 - o/assertstate: introduce
   ValidationTrackingKey/ValidationSetTracking and basic methods
 - many: allow ignoring running apps for specific request
 - tests: allow the searching test to fail under load
 - overlord/snapstate: inhibit startup while unlinked
 - seed/seedwriter/writer.go: check DevModeConfinement for dangerous
   features
 - tests/main/sudo-env: snap bin is available on Fedora
 - boot, overlord/devicestate: list trusted and managed assets
   upfront
 - gadget, gadget/install: support for ubuntu-save, create one during
   install if needed
 - spread-shellcheck: temporary workaround for deadlock, drop
   unnecessary test
 - snap: support different exit-code in the snap command
 - logger: use strutil.KernelCommandLineSplit in
   debugEnabledOnKernelCmdline
 - logger: fix snapd.debug=1 parsing
 - overlord: increase refresh postpone limit to 14 days
 - spread-shellcheck: use single thread pool executor
 - gadget/install,secboot: add debug messages
 - spread-shellcheck: speed up spread-shellcheck even more
 - spread-shellcheck: process paths from arguments in parallel
 - tests: tweak error from tests.cleanup
 - spread: remove workaround for openSUSE go issue
 - o/configstate: create /etc/sysctl.d when applying early config
   defaults
 - tests: new tests.backup tool
 - tests: add tests.cleanup pop sub-command
 - tests: migration of the main suite to snaps-state tool part 6
 - tests: fix journal-state test
 - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
   recover files
 - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
   same IP addr
 - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
   building snapd
 - boot, gadget, bootloader: observer preserves managed bootloader
   configs
 - tests/nested/manual: add uc20 grade signed cloud-init test
 - o/snapstate/autorefresh.go: eliminate race when launching
   autorefresh
 - daemon,snapshotstate: do not return "size" from Import()
 - daemon: limit reading from snapshot import to Content-Length
 - many: set/expect Content-Length header when importing snapshots
 - github: switch from ::set-env command to environment file
 - tests: migration of the main suite to snaps-state tool part 5
 - client: cleanup the Client.raw* and Client.do* method families
 - tests: moving main suite to snaps-state tool part 4
 - client,daemon,snap: use constant for snapshot content-type
 - many: fix typos and repeated "the"
 - secboot: fix tpm connection leak when it's not enabled
 - many: scaffolding for snapshots import API
 - run-checks: run spread-shellcheck too
 - interfaces: update network-manager interface to allow
   ObjectManager access from unconfined clients
 - tests: move core and regression suites to snaps-state tool
 - tests: moving interfaces tests to snaps-state tool
 - gadget: preserve files when indicated by content change observer
 - tests: moving smoke test suite and some tests from main suite to
   snaps-state tool
 - o/snapshotstate: pass set id to backend.Open, update tests
 - asserts/snapasserts: introduce ValidationSets
 - o/snapshotstate: improve allocation of new set IDs
 - boot: look at the gadget for run mode bootloader when making the
   system bootable
 - cmd/snap: allow snap help vs --all to diverge purposefully
 - usersession/userd: separate bus name ownership from defining
   interfaces
 - o/snapshotstate: set snapshot set id from its filename
 - o/snapstate: move remove-related tests to snapstate_remove_test.go
 - desktop/notification: switch ExpireTimeout to time.Duration
 - desktop/notification: add unit tests
 - snap: snap help output refresh
 - tests/nested/manual/preseed: include a system-usernames snap when
   preseeding
 - tests: fix sudo-env test
 - tests: fix nested core20 shellcheck bug
 - tests/lib: move to new directory when restoring PWD, cleanup
   unpacked unpacked snap directories
 - desktop/notification: add bindings for FDO notifications
 - dbustest: fix stale comment references
 - many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
   drop former
 - snap-repair: add uc20 support
 - tests: print all the serial logs for the nested test
 - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
   bug in test
 - cmd/snap/auto-import: stop importing system user assertions from
   initramfs mnts
 - osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
   as Unknown*
 - asserts: deserialize grouping only once in Pool.AddBatch if needed
 - gadget: allow content observer to have opinions about a change
 - tests: new snaps-state command - part1
 - o/assertstate: support refreshing any number of snap-declarations
 - boot: use test helpers
 - tests/core/snap-debug-bootvars: also check snap_mode
 - many/apparmor: adjust rules for reading profile/ execing new
   profiles for new kernel
 - tests/core/snap-debug-bootvars: spread test for snap debug boot-
   vars
 - tests/lib/nested.sh: more little tweaks
 - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
 - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
   recover modes
 - overlord: explicitly set refresh-app-awareness in tests
 - kernel: remove "edition" from kernel.yaml and add "update"
 - spread: drop vendor from the packed project archive
 - boot: fix debug bootloader variables dump on UC20 systems
 - wrappers, systemd: allow empty root dir and conditionally do not
   pass --root to systemctl
 - tests/nested/manual: add test for grades above signed booting with
   testkeys
 - tests/nested: misc robustness fixes
 - o/assertstate,asserts: use bulk refresh to refresh snap-
   declarations
 - tests/lib/prepare.sh: stop patching the uc20 initrd since it has
   been updated now
 - tests/nested/manual/refresh-revert-fundamentals: re-enable test
 - update-pot: ignore .go files inside .git when running xgettext-go
 - tests: disable part of the lxd test completely on 16.04.
 - o/snapshotstate: tweak comment regarding snapshot filename
 - o/snapstate: improve snapshot iteration
 - bootloader: lk cleanups
 - tests: update to support nested kvm without reboots on UC20
 - tests/nested/manual/preseed: disable system-key check for 20.04
   image
 - spread.yaml: add ubuntu-20.10-64 to qemu
 - store: handle v2 error when fetching assertions
 - gadget: resolve device mapper devices for fallback device lookup
 - tests/nested/cloud-init-many: simplify tests and unify
   helpers/seed inputs
 - tests: copy /usr/lib/snapd/info to correct directory
 - check-pr-title.py * : allow "*" in the first part of the title
 - many: typos and small test tweak
 - tests/main/lxd: disable cgroup combination for 16.04 that is
   failing a lot
 - tests: make nested signing helpers less confusing
 - tests: misc nested changes
 - tests/nested/manual/refresh-revert-fundamentals: disable
   temporarily
 - tests/lib/cla_check: default to Python 3, tweaks, formatting
 - tests/lib/cl_check.py: use python3 compatible code

* Thu Oct 08 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.47.1
 - o/configstate: create /etc/sysctl.d when applying early config
   defaults
 - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
   same IP addr
 - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
   building snapd
 - cmd/snap: allow snap help vs --all to diverge purposefully
 - snap: snap help output refresh

* Tue Sep 29 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.47
 - tests: fix nested core20 shellcheck bug
 - many/apparmor: adjust rule for reading apparmor profile for new
   kernel
 - snap-repair: add uc20 support
 - cmd/snap/auto-import: stop importing system user assertions from
   initramfs mnts
 - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
   recover modes
 - gadget: resolve device mapper devices for fallback device lookup
 - secboot: add boot manager profile to pcr protection profile
 - sysconfig,o/devicestate: mv DisableNoCloud to
   DisableAfterLocalDatasourcesRun
 - tests: make gadget-reseal more robust
 - tests: skip nested images pre-configuration by default
 - tests: fix for basic20 test running on external backend and rpi
 - tests: improve kernel reseal test
 - boot: adjust comments, naming, log success around reseal
 - tests/nested, fakestore: changes necessary to run nested uc20
   signed/secured tests
 - tests: add nested core20 gadget reseal test
 - boot/modeenv: track unknown keys in Read and put back into modeenv
   during Write
 - interfaces/process-control: add sched_setattr to seccomp
 - boot: with unasserted kernels reseal if there's a hint modeenv
   changed
 - client: bump the default request timeout to 120s
 - configcore: do not error in console-conf.disable for install mode
 - boot: streamline bootstate20.go reseal and tests changes
 - boot: reseal when changing kernel
 - cmd/snap/model: specify grade in the model command output
 - tests: simplify
   repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks
 - test: improve logging in nested tests
 - nested: add support to telnet to serial port in nested VM
 - secboot: use the snapcore/secboot native recovery key type
 - tests/lib/nested.sh: use more focused cloud-init config for uc20
 - tests/lib/nested.sh: wait for the tpm socket to exist
 - spread.yaml, tests/nested: misc changes
 - tests: add more checks to disk space awareness spread test
 - tests: disk space awareness spread test
 - boot: make MockUC20Device use a model and MockDevice more
   realistic
 - boot,many: reseal only when meaningful and necessary
 - tests/nested/core20/kernel-failover: add test for failed refresh
   of uc20 kernel
 - tests: fix nested to work with qemu and kvm
 - boot: reseal when updating boot assets
 - tests: fix snap-routime-portal-info test
 - boot: verify boot chain file in seal and reseal tests
 - tests: use full path to test-snapd-refresh.version binary
 - boot: store boot chains during install, helper for checking
   whether reseal is needed
 - boot: add call to reseal an existing key
 - boot: consider boot chains with unrevisioned kernels incomparable
 - overlord: assorted typos and miscellaneous changes
 - boot: group SealKeyModelParams by model, improve testing
 - secboot: adjust parameters to buildPCRProtectionProfile
 - strutil: add SortedListsUniqueMergefrom the doc comment:
 - snap/naming: upgrade TODO to TODO:UC20
 - secboot: add call to reseal an existing key
 - boot: in seal.go adjust error message and function names
 - o/snapstate: check available disk space in RemoveMany
 - boot: build bootchains data for sealing
 - tests: remove "set -e" from function only shell libs
 - o/snapstate: disk space check on UpdateMany
 - o/snapstate: disk space check with snap update
 - snap: implement new `snap reboot` command
 - boot: do not reorder boot assets when generating predictable boot
   chains and other small tweaks
 - tests: some fixes and improvements for nested execution
 - tests/core/uc20-recovery: fix check for at least specific calls to
   mock-shutdown
 - boot: be consistent using bootloader.Role* consts instead of
   strings
 - boot: helper for generating secboot load chains from a given boot
   asset sequence
 - boot: tweak boot chains to support a list of kernel command lines,
   keep track of model and kernel boot file
 - boot,secboot: switch to expose and use snapcore/secboot load event
   trees
 - tests: use `nested_exec` in core{20,}-early-config test
 - devicestate: enable cloud-init on uc20 for grade signed and
   secured
 - boot: add "rootdir" to baseBootenvSuite and use in tests
 - tests/lib/cla_check.py: don't allow users.noreply.github.com
   commits to pass CLA
 - boot: represent boot chains, helpers for marshalling and
   equivalence checks
 - boot: mark successful with boot assets
 - client, api: handle insufficient space error
 - o/snapstate: disk space check with single snap install
 - configcore: "service.console-conf.disable" is gadget defaults only
 - packaging/opensuse: fix for /usr/libexec on TW, do not hardcode
   AppArmor profile path
 - tests: skip udp protocol in nfs-support test on ubuntu-20.10
 - packaging/debian-sid: tweak code preparing _build tree
 - many: move seal code from gadget/install to boot
 - tests: remove workaround for cups on ubuntu-20.10
 - client: implement RebootToSystem
 - many: seed.Model panics now if called before LoadAssertions
 - daemon: add /v2/systems "reboot" action API
 - github: run tests also on push to release branches
 - interfaces/bluez: let slot access audio streams
 - seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with
   new seed.ReadSystemEssential
 - interfaces: allow snap-update-ns to read /proc/cmdline
 - tests: new organization for nested tests
 - o/snapstate, features: add feature flags for disk space awareness
 - tests: workaround for cups issue on 20.10 where default printer is
   not configured.
 - interfaces: update cups-control and add cups for providing snaps
 - boot: keep track of the original asset when observing updates
 - tests: simplify and fix tests for disk space checks on snap remove
 - sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for
   cloud.conf
 - tests/main: mv core specific tests to core suite
 - tests/lib/nested.sh: reset the TPM when we create the uc20 vm
 - devicestate: rename "mockLogger" to "logbuf"
 - many: introduce ContentChange for tracking gadget content in
   observers
 - many: fix partion vs partition typo
 - bootloader: retrieve boot chains from bootloader
 - devicestate: add tests around logging in RequestSystemAction
 - boot: handle canceled update
 - bootloader: tweak doc comments (thanks Samuele)
 - seed/seedwriter: test local asserted snaps with UC20 grade signed
 - sysconfig/cloudinit.go: add DisableNoCloud to
   CloudInitRestrictOptions
 - many: use BootFile type in load sequences
 - boot,bootloader: clarifications after the changes to introduce
   bootloader.Options.Role
 - boot,bootloader,gadget: apply new bootloader.Options.Role
 - o/snapstate, features: add feature flag for disk space check on
   remove
 - testutil: add checkers for symbolic link target
 - many: refactor tpm seal parameter setting
 - boot/bootstate20: reboot to rollback to previous kernel
 - boot: add unit test helpers
 - boot: observe update & rollback of trusted assets
 - interfaces/utf: Add MIRKey to u2f devices
 - o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20
   cloud-init tests
 - many: check that users of BaseTest don't forget to consume
   cleanups
 - tests/nested/core20/tpm: verify trusted boot assets tracking
 - github: run macOS job with Go 1.14
 - many: misc doc-comment changes and typo fixes
 - o/snapstate: disk space check with InstallMany
 - many: cloud-init cleanups from previous PR's
 - tests: running tests on opensuse leap 15.2
 - run-checks: check for dirty build tree too
 - vendor: run ./get-deps.sh to update the secboot hash
 - tests: update listing test for "-dirty" versions
 - overlord/devicestate: do not release the state lock when updating
   gadget assets
 - secboot: read kernel efi image from snap file
 - snap: add size to the random access file return interface
 - daemon: correctly parse Content-Type HTTP header.
 - tests: account for apt-get on core18
 - cmd/snap-bootstrap/initramfs-mounts: compute string outside of
   loop
 - mkversion.sh: simple hack to include dirty in version if the tree
   is dirty
 - cgroup,snap: track hooks on system bus only
 - interfaces/systemd: compare dereferenced Service
 - run-checks: only check files in git for misspelling
 - osutil: add a package doc comment (via doc.go)
 - boot: complain about reused asset name during initial install
 - snapstate: installSize helper that calculates total size of snaps
   and their prerequisites
 - snapshots: export of snapshots
 - boot/initramfs_test.go: reset boot vars on the bootloader for each
   iteration

* Fri Sep 04 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.46.1
 - interfaces: allow snap-update-ns to read
   /proc/cmdline
 - github: run macOS job with Go 1.14
 - o/snapstate, features: add feature flag for disk space check on
   remove
 - tests: account for apt-get on core18
 - mkversion.sh: include dirty in version if the tree
   is dirty
 - interfaces/systemd: compare dereferenced Service
 - vendor.json: update mysterious secboot SHA again

* Tue Aug 25 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.46
 - logger: add support for setting snapd.debug=1 on kernel cmdline
 - o/snapstate: check disk space before creating automatic snapshot
   on remove
 - boot, o/devicestate: observe existing recovery bootloader trusted
   boot assets
 - many: use transient scope for tracking apps and hooks
 - features: add HiddenSnapFolder feature flag
 - tests/lib/nested.sh: fix partition typo, unmount the image on uc20
   too
 - runinhibit: open the lock file in read-only mode in IsLocked
 - cmd/s-b/initramfs-mounts: make recover -> run mode transition
   automatic
 - tests: update spread test for unknown plug/slot with snapctl is-
   connected
 - osutil: add OpenExistingLockForReading
 - kernel: add kernel.Validate()
 - interfaces: add vcio interface
 - interfaces/{docker,kubernetes}-support: load overlay and support
   systemd cgroup driver
 - tests/lib/nested.sh: use more robust code for finding what loop
   dev we mounted
 - cmd/snap-update-ns: detach all bind-mounted file
 - snap/snapenv: set SNAP_REAL_HOME
 - packaging: umount /snap on purge in containers
 - interfaces: misc policy updates xlvi
 - secboot,cmd/snap-bootstrap: cross-check partitions before
   unlocking, mounting
 - boot: copy boot assets cache to new root
 - gadget,kernel: add new kernel.{Info,Asset} struct and helpers
 - o/hookstate/ctlcmd: make is-connected check whether the plug or
   slot exists
 - tests: find -ignore_readdir_race when scanning cgroups
 - interfaces/many: deny arbitrary desktop files and misc from
   /usr/share
 - tests: use "set -ex" in prep-snapd-in-lxd.sh
 - tests: re-enable udisks test on debian-sid
 - cmd/snapd-generator: use PATH fallback if PATH is not set
 - tests: disable udisks2 test on arch linux
 - github: use latest/stable go, not latest/edge
 - tests: remove support for ubuntu 19.10 from spread tests
 - tests: fix lxd test wrongly tracking 'latest'
 - secboot: document exported functions
 - cmd: compile snap gdbserver shim correctly
 - many: correctly calculate the desktop file prefix everywhere
 - interfaces: add kernel-crypto-api interface
 - corecfg: add "system.timezone" setting to the system settings
 - cmd/snapd-generator: generate drop-in to use fuse in container
 - cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments
   from previous PR
 - interfaces/many: miscellaneous updates for strict microk8s
 - secboot,cmd/snap-bootstrap: don't import boot package from secboot
 - cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of
   the-tool
 - tests: work around broken update of systemd-networkd
 - tests/main/install-fontconfig-cache-gen: enhance test by
   verifying, add fonts to test
 - o/devicestate: wrap asset update observer error
 - boot: refactor such that bootStateUpdate20 mainly carries Modeenv
 - mkversion.sh: disallow changelog versions that have git in it, if
   we also have git version
 - interfaces/many: miscellaneous updates for strict microk8s
 - snap: fix repeated "cannot list recovery system" and add test
 - boot: track trusted assets during initial install, assets cache
 - vendor: update secboot to fix key data validation
 - tests: unmount FUSE file-systems from XDG runtime dir
 - overlord/devicestate: workaround non-nil interface with nil struct
 - sandbox/cgroup: remove temporary workaround for multiple cgroup
   writers
 - sandbox/cgroup: detect dangling v2 cgroup
 - bootloader: add helper for creating a bootloader based on gadget
 - tests: support different images on nested execution
 - many: reorg cmd/snapinfo.go into snap and new client/clientutil
 - packaging/arch: use external linker when building statically
 - tests: cope with ghost cgroupv2
 - tests: fix issues related to restarting systemd-logind.service
 - boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to
   gadget updates
 - vendor: update github.com/kr/pretty to fix diffs of values with
   pointer cycles
 - boot: move bootloaderKernelState20 impls to separate file
 - .github/workflows: move snap building to test.yaml as separate
   cached job
 - tests/nested/manual/minimal-smoke: run core smoke tests in a VM
   meeting minimal requirements
 - osutil: add CommitAs to atomic file
 - gadget: introduce content update observer
 - bootloader: introduce TrustedAssetsBootloader, implement for grub
 - o/snapshotstate: helpers for calculating disk space needed for an
   automatic snapshot
 - gadget/install: retrieve command lines from bootloader
 - boot/bootstate20: unify commit method impls, rm
   bootState20MarkSuccessful
 - tests: add system information and image information when debug
   info is displayed
 - tests/main/cgroup-tracking: try to collect some information about
   cgroups
 - boot: introduce current_boot_assets and
   current_recovery_boot_assets to modeenv
 - tests: fix for timing issues on journal-state test
 - many: remove usage and creation of hijacked pid cgroup
 - tests: port regression-home-snap-root-owned to tests.session
 - tests: run as hightest via tests.session
 - github: run CLA checks on self-hosted workers
 - github: remove Ubuntu 19.10 from actions workflow
 - tests: remove End-Of-Life opensuse/fedora releases
 - tests: remove End-Of-Life releases from spread.yaml
 - tests: fix debug section of appstream-id test
 - interfaces: check !b.preseed earlier
 - tests: work around bug in systemd/debian
 - boot: add deepEqual, Copy helpers for Modeenv to simplify
   bootstate20 refactor
 - cmd: add new "snap recovery" command
 - interfaces/systemd: use emulation mode when preseeding
 - interfaces/kmod: don't load kernel modules in kmod backend when
   preseeding
 - interfaces/udev: do not reload udevadm rules when preseeding
 - cmd/snap-preseed: use snapd from the deb if newer than from seeds
 - boot: fancy marshaller for modeenv values
 - gadget, osutil: use atomic file copy, adjust tests
 - overlord: use new tracking cgroup for refresh app awareness
 - github: do not skip gofmt with Go 1.9/1.10
 - many: introduce content write observer, install mode glue, initial
   seal stubs
 - daemon,many: switch to use client.ErrorKind and drop the local
   errorKind...
 - tests: new parameters for nested execution
 - client: move all error kinds into errors.go and add doc strings
 - cmd/snap: display the error in snap debug seeding if seeding is in
   error
 - cmd/snap/debug/seeding: use unicode for proper yaml
 - tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty
   recovery_mode
 - osutil/disks: add mock disk and tests for happy path of mock disks
 - tests: refresh/revert snapd in uc20
 - osutil/disks: use a dedicated error to indicate a fs label wasn't
   found
 - interfaces/system-key: in WriteSystemKey during tests, don't call
   ParserFeatures
 - boot: add current recovery systems to modeenv
 - bootloader: extend managed assets bootloader interface to compose
   a candidate command line
 - interfaces: make the unmarshal test match more the comment
 - daemon/api: use pointers to time.Time for debug seeding aspect
 - o/ifacestate: update security profiles in connect undo handler
 - interfaces: add uinput interface
 - cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit
   tests
 - o/devicestate: save seeding/preseeding times for use with debug
   seeding api
 - cmd/snap/debug: add "snap debug seeding" command for preseeding
   debugging
 - tests/main/selinux-clean: workaround SELinux denials triggered by
   linger setup on Centos8
 - bootloader: compose command line with mode and extra arguments
 - cmd/snap, daemon: detect and bail purge on multi-snap
 - o/ifacestate: fix bug in snapsWithSecurityProfiles
 - interfaces/builtin/multipass: replace U+00A0 no-break space with
   simple space
 - bootloader/assets: generate bootloader assets from files
 - many/tests/preseed: reset the preseeded images before preseeding
   them
 - tests: drop accidental accents from e
 - secboot: improve key sealing tests
 - tests: replace _wait_for_file_change with retry
 - tests: new fs-state which replaces the files.sh helper
 - sysconfig/cloudinit_test.go: add test for initramfs case, rm "/"
   from path
 - cmd/snap: track started apps and hooks
 - tests/main/interfaces-pulseaudio: disable start limit checking for
   pulseaudio service
 - api: seeding debug api
 - .github/workflows/snap-build.yaml: build the snapd snap via GH
   Actions too
 - tests: moving journalctl.sh to a new journal-state tool
 - tests/nested/manual: add spread tests for cloud-init vuln
 - bootloader/assets: helpers for registering per-edition snippets,
   register snippets for grub
 - data,packaging,wrappers: extend D-Bus service activation search
   path
 - spread: add opensuse 15.2 and tumbleweed for qemu
 - overlord,o/devicestate: restrict cloud-init on Ubuntu Core
 - sysconfig/cloudinit: add RestrictCloudInit
 - cmd/snap-preseed: check that target path exists and is a directory
   on --reset
 - tests: check for pids correctly
 - gadget,gadget/install: refactor partition table update
 - sysconfig/cloudinit: add CloudInitStatus func + CloudInitState
   type
 - interface/fwupd: add more policies for making fwupd upstream
   strict
 - tests: new to-one-line tool which replaces the strings.sh helper
 - interfaces: new helpers to get and compare system key, for use
   with seeding debug api
 - osutil, many: add helper for checking whether the process is a go
   test binary
 - cmd/snap-seccomp/syscalls: add faccessat2
 - tests: adjust xdg-open after launcher changes
 - tests: new core config helper
 - usersession/userd: do not modify XDG_DATA_DIRS when calling xdg-
   open
 - cmd/snap-preseed: handle relative chroot path
 - snapshotstate: move sizer to osutil.Sizer()
 - tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref
   kernel tests
 - gadget/install,secboot: use snapcore/secboot luks2 api
 - boot/initramfs_test.go: add Commentf to more Assert()'s
 - tests/lib: account for changes in arch package file name extension
 - bootloader/bootloadertest: fix comment typo
 - bootloader: add helper for getting recovery system environment
   variables
 - tests: preinstall shellcheck and run tests on focal
 - strutil: add a helper for parsing kernel command line
 - osutil: add CheckFreeSpace helper
 - secboot: update tpm connection error handling
 - packaging, cmd/snap-mgmt, tests: remove modules files on purge
 - tests: add tests.cleanup helper
 - packaging: add "ca-certificates" to build-depends
 - tests: more checks in core20 early config spread test
 - tests: fix some snapstate tests to use pointers for
   snapmgrTestSuite
 - boot: better naming of helpers for obtaining kernel command line
 - many: use more specific check for unit test mocking
 - systemd/escape: fix issues with "" and "\t" handling
 - asserts: small improvements and corrections for sequence-forming
   assertions' support
 - boot, bootloader: query kernel command line of run mod and
   recovery mode systems
 - snap/validate.go: disallow snap layouts with new top-level
   directories
 - tests: allow to add a new label to run nested tests as part of PR
   validation
 - tests/core/gadget-update-pc: port to UC20
 - tests: improve nested tests flexibility
 - asserts: integer headers: disallow prefix zeros and make parsing
   more uniform
 - asserts: implement Database.FindSequence
 - asserts: introduce SequenceMemberAfter in the asserts backstores
 - spread.yaml: remove tests/lib/tools from PATH
 - overlord: refuse to install snaps whose activatable D-Bus services
   conflict with installed snaps
 - tests: shorten lxd-state undo-mount-changes
 - snap-confine: don't die if a device from sysfs path cannot be
   found by udev
 - tests: fix argument handling of apt-state
 - tests: rename lxd-tool to lxd-state
 - tests: rename user-tool to user-state, fix --help
 - interfaces: add gconf interface
 - sandbox/cgroup: avoid parsing security tags twice
 - tests: rename version-tool to version-compare
 - cmd/snap-update-ns: handle anomalies better
 - tests: fix call to apt.Package.mark_install(auto_inst=True)
 - tests: rename mountinfo-tool to mountinfo.query
 - tests: rename memory-tool to memory-observe-do
 - tests: rename invariant-tool to tests.invariant
 - tests: rename apt-tool to apt-state
 - many: managed boot config during run mode setup
 - asserts: introduce the concept of sequence-forming assertion types
 - tests: tweak comments/output in uc20-recovery test
 - tests/lib/pkgdb: do not use quiet when purging debs
 - interfaces/apparmor: allow snap-specific /run/lock
 - interfaces: add system-source-code for access to /usr/src
 - sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data
 - gadget/install: move udev trigger to gadget/install
 - many: make nested spread tests more reliable
 - tests/core/uc20-recovery: apply hack to get gopath in recover mode
   w/ external backend
 - tests: enable tests on uc20 which now work with the real model
   assertion
 - tests: enable system-snap-refresh test on uc20
 - gadget, bootloader: preserve managed boot assets during gadget
   updates
 - tests: fix leaked dbus-daemon in selinux-clean
 - tests: add servicestate.Control tests
 - tests: fix "restart.service"
 - wrappers: helper for enabling services - extract and move enabling
   of services into a helper
 - tests: new test to validate refresh and revert of kernel and
   gadget on uc20
 - tests/lib/prepare-restore: collect debug info when prepare purge
   fails
 - bootloader: allow managed bootloader to update its boot config
 - tests: Remove unity test from nightly test suite
 - o/devicestate: set mark-seeded to done in the task itself
 - tests: add spread test for disconnect undo caused by failing
   disconnect hook
 - sandbox/cgroup: allow discovering PIDs of given snap
 - osutil/disks: support IsDecryptedDevice for mountpoints which are
   dm devices
 - osutil: detect autofs mounted in /home
 - spread.yaml: allow amazon-linux-2-64 qemu with
   ec2-user/ec2-user
 - usersession: support additional zoom URL schemes
 - overlord: mock timings.DurationThreshold in TestNewWithGoodState
 - sandbox/cgroup: add tracking helpers
 - tests: detect stray dbus-daemon
 - overlord: refuse to install snaps providing user daemons on Ubuntu
   14.04
 - many: move encryption and installer from snap-boostrap to gadget
 - o/ifacestate: fix connect undo handler
 - interfaces: optimize rules of multiple connected iio/i2c/spi plugs
 - bootloader: introduce managed bootloader, implement for grub
 - tests: fix incorrect check in smoke/remove test
 - asserts,seed: split handling of essential/not essential model
   snaps
 - gadget: fix typo in mounted filesystem updater
 - gadget: do only one mount point lookup in mounted fs updater
 - tests/core/snap-auto-mount: try to make the test more robust
 - tests: adding ubuntu-20.04 to google-sru backend
 - o/servicestate: add updateSnapstateServices helper
 - bootloader: pull recovery grub config from internal assets
 - tests/lib/tools: apply linger workaround when needed
 - overlord/snapstate: graceful handling of denied "managed" refresh
   schedule
 - snapstate: fix autorefresh from classic->strict
 - overlord/configstate: add system.kernel.printk.console-loglevel
   option
 - tests: fix assertion disk handling for nested UC systems
 - snapstate: use testutil.HostScaledTimeout() in snapstate tests
 - tests: extra worker for google-nested backend to avoid timeout
   error on uc20
 - snapdtool: helper to check whether the current binary is reexeced
   from a snap
 - tests: mock servicestate in api tests to avoid systemctl checks
 - many: rename back snap.Info.GetType to Type
 - tests/lib/cla_check: expect explicit commit range
 - osutil/disks: refactor diskFromMountPointImpl a bit
 - o/snapstate: service-control task handler
 - osutil: add disks pkg for associating mountpoints with
   disks/partitions
 - gadget,cmd/snap-bootstrap: move partitioning to gadget
 - seed: fix LoadEssentialMeta when gadget is not loaded
 - cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo
   secure_path
 - asserts: introduce new assertion validation-set
 - asserts,daemon: add support for "serials" field in system-user
   assertion
 - data/sudo: drop a failed sudo secure_path workaround
 - gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat
 - boot, snap-bootstrap: move initramfs-mounts logic to boot pkg
 - spread.yaml: update secure boot attribute name
 - interfaces/block_devices: add NVMe subsystem devices, support
   multipath paths
 - tests: use the "jq" snap from the edge channel
 - tests: simplify the tpm test by removing the test-snapd-mokutil
   snap
 - boot/bootstate16.go: clean snap_try_* vars when not in Trying
   status too
 - tests/main/sudo-env: check snap path under sudo
 - tests/main/lxd: add test for snaps inside nested lxd containers
   not working
 - asserts/internal: expand errors about invalid serialized grouping
   labels
 - usersession/userd: add msteams url support
 - tests/lib/prepare.sh: adjust comment about sgdisk
 - tests: fix how gadget pc is detected when the snap does not exist
   and ls fails
 - tests: move a few more tests to snapstate_update_test.go
 - tests/main: add spread test for running svc from install hook
 - tests/lib/prepare: increase the size of the uc16/uc18 partitions
 - tests/special-home-can-run-classic-snaps: re-enable
 - workflow: test PR title as part of the static checks again
 - tests/main/xdg-open-compat: backup and restore original xdg-open
 - tests: move update-related tests to snapstate_update_test.go
 - cmd,many: move Version and bits related to snapd tools to
   snapdtool, merge cmdutil
 - tests/prepare-restore.sh: reset-failed systemd-journald before
   restarting
 - interfaces: misc small interface updates
 - spread: use find rather than recursive ls, skip mounted snaps
 - tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls
   /var/lib/snapd
 - tests: enable snap-auto-mount test on core20
 - cmd/snap: do not show $PATH warning when executing under sudo on a
   known distro
 - asserts/internal: add some iteration benchmarks
 - sandbox/cgroup: improve pid parsing code
 - snap: add new `snap run --experimental-gdbserver` option
 - asserts/internal: limit Grouping size switching to a bitset
   representationWe don't always use the bit-set representation
   because:
 - snap: add an activates-on property to apps for D-Bus activation
 - dirs: delete unused Cloud var, fix typo
 - sysconfig/cloudinit: make callers of DisableCloudInit use
   WritableDefaultsDir
 - tests: fix classic ubuntu core transition auth
 - tests: fail in setup_reflash_magic() if there is snapd state left
 - tests: port interfaces-many-core-provided to tests.session
 - tests: wait after creating partitions with sfdisk
 - bootloader: introduce bootloarder assets, import grub.cfg with an
   edition marker
 - riscv64: bump timeouts
 - gadget: drop dead code, hide exports that are not used externally
 - tests: port 2 uc20 part1
 - tests: fix bug waiting for snap command to be ready
 - tests: move try-related tests to snapstate_try_test.go
 - tests: add debug for 20.04 prepare failure
 - travis.yml: removed, all our checks run in GH actions now
 - tests: clean up up the use of configcoreSuite in the configcore
   tests
 - sandbox/cgroup: remove redundant pathOfProcPidCgroup
 - sandbox/cgroup: add tests for ParsePids
 - tests: fix the basic20 test for uc20 on external backend
 - tests: use configcoreSuite in journalSuite and remove some
   duplicated code
 - tests: move a few more tests to snapstate_install_test
 - tests: assorted small patches
 - dbusutil/dbustest: separate license from package
 - interfaces/builtin/time-control: allow POSIX clock API
 - usersession/userd: add "slack" to the white list of URL schemes
   handled by xdg-open
 - tests: check that host settings like hostname are settable on core
 - tests: port xdg-settings test to tests.session
 - tests: port snap-handle-link test to tests.session
 - arch: add riscv64
 - tests: core20 early defaults spread test
 - tests: move install tests from snapstate_test.go to
   snapstate_install_test.go
 - github: port macOS sanity checks from travis
 - data/selinux: allow checking /var/cache/app-info
 - o/devicestate: core20 early config from gadget defaults
 - tests: autoremove after removing lxd in preseed-lxd test
 - secboot,cmd/snap-bootstrap: add tpm sealing support to secboot
 - sandbox/cgroup: move FreezerCgroupDir from dirs.go
 - tests: update the file used to detect the boot path on uc20
 - spread.yaml: show /var/lib/snapd in debug
 - cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock +
   netplan files
 - snap/naming: add helpers to parse app and hook security tags
 - tests: modernize retry tool
 - tests: fix and trim debug section in xdg-open-portal
 - tests: modernize and use snapd.tool
 - vendor: update to latest github.com/snapcore/bolt for riscv64
 - cmd/snap-confine: add support for libc6-lse
 - interfaces: miscellaneous policy updates xlv
 - interfaces/system-packages-doc: fix typo in variable names
 - tests: port interfaces-calendar-service to tests.session
 - tests: install/run the lzo test snap too
 - snap: (small) refactor of `snap download` code for
   testing/extending
 - data: fix shellcheck warnings in snapd.sh.in
 - packaging: disable buildmode=pie for riscv64
 - tests: install test-snapd-rsync snap from edge channel
 - tests: modernize tests.session and port everything using it
 - tests: add ubuntu 20.10 to spread tests
 - cmd/snap/remove: mention snap restore/automatic snapshots
 - dbusutil: move all D-Bus helpers and D-Bus test helpers
 - wrappers: pass 'disable' flag to StopServices wrapper
 - osutil: enable riscv64 build
 - snap/naming: add ParseSecurityTag and friends
 - tests: port document-portal-activation to session-tool
 - bootloader: rename test helpers to reflect we are mocking EFI boot
   locations
 - tests: disable test of nfs v3 with udp proto on debian-sid
 - tests: plan to improve the naming and uniformity of utilities
 - tests: move *-tool tests to their own suite
 - snap-bootstrap: remove sealed key file on reinstall
 - bootloader/ubootenv: don't panic with an empty uboot env
 - systemd: rename actualFsTypeAndMountOptions to
   hostFsTypeAndMountOptions
 - daemon: fix filtering of service-control changes for snap.app
 - tests: spread test for preseeding in lxd container
 - tests: fix broken snapd.session agent.socket
 - wrappers: add RestartServices function and ReloadOrRestart to
   systemd
 - o/cmdstate: handle ignore flag on exec-command tasks
 - gadget: make ext4 filesystems with or without metadata checksum
 - tests: update statx test to run on all LTS releases
 - configcore: show better error when disabling services
 - interfaces: add hugepages-control
 - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
 - tests: run ubuntu-20.04-* tests on all ubuntu-2* releases
 - tests: skip interfaces-openvswitch for centos 8 in nightly suite
 - tests: reload systemd --user for root, if present
 - tests: reload systemd after editing /etc/fstab
 - tests: add missing dependencies needed for sbuild test on debian
 - tests: reload systemd after removing pulseaudio
 - image, tests: core18 early config.
 - interfaces: add system-packages-doc interface
 - cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when
   preseeding
 - interfaces/fwupd: allow bind mount to /boot on core
 - tests: improve oom-vitality tests
 - tests: add fedora 32 to spread.yaml
 - config: apply vitality-hint immediately when the config changes
 - tests: port snap-routine-portal-info to session-tool
 - configcore: add "service.console-conf.disable" config option
 - tests: port xdg-open to session-tool
 - tests: port xdg-open-compat to session-tool
 - tests: port interfaces-desktop-* to session-tool
 - spread.yaml: apply yaml formatter/linter
 - tests: port interfaces-wayland to session-tool
 - o/devicestate: refactor current system handling
 - snap-mgmt: perform cleanup of user services
 - snap/snapfile,squashfs: followups from 8729
 - boot, many: require mode in modeenv
 - data/selinux: update policy to allow forked processes to call
   getpw*()
 - tests: log stderr from dbus-monitor
 - packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers
   tag
 - snap/squashfs: also symlink snap Install with uc20 seed snap dir
   layout
 - interfaces/builtin/desktop: do not mount fonts cache on distros
   with quirks
 - data/selinux: allow snapd to remove/create the its socket
 - testutil/exec.go: set PATH after running shellcheck
 - tests: silence stderr from dbus-monitor
 - snap,many: mv Open to snapfile pkg to support add'l options to
   Container methods
 - devicestate, sysconfig: revert support for cloud.cfg.d/ in the
   gadget
 - github: remove workaround for bug 133 in actions/cache
 - tests: remove dbus.sh
 - cmd/snap-preseed: improve mountpoint checks of the preseeded
   chroot
 - spread.yaml: add ps aux to debug section
 - github: run all spread systems in a single go with cached results
 - test: session-tool cli tweaks
 - asserts: rest of the Pool API
 - tests: port interfaces-network-status-classic to session-tool
 - packaging: remove obsolete 16.10,17.04 symlinks
 - tests: setup portals before starting user session
 - o/devicestate: typo fix
 - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
   devices
 - cmd/snap/model: support store, system-user-authority keys in
   --verbose
 - o/devicestate: raise conflict when requesting system action while
   seeding
 - tests: detect signs of crashed snap-confine
 - tests: sign kernel and gadget to run nested tests using current
   snapd code
 - tests: remove gnome-online-accounts we install
 - tests: fix the issue where all the tests were executed on secboot
   system
 - tests: port interfaces-accounts-service to session-tool
 - interfaces/network-control: bring /var/lib/dhcp from host
 - image,cmd/snap,tests: add support for store-wide cohort keys
 - configcore: add nomanagers buildtag for conditional build
 - tests: port interfaces-password-manager-service to session-tool
 - o/devicestate: cleanup system actions supported by recover mode
 - snap-bootstrap: remove create-partitions and update tests
 - tests: fix nested tests
 - packaging/arch: update PKGBUILD to match one in AUR
 - tests: port interfaces-location-control to session-tool
 - tests: port interfaces-contacts-service to session-tool
 - state: log task errors in the journal too
 - o/devicestate: change how current system is reported for different
   modes
 - devicestate: do not report "ErrNoState" for seeded up
 - tests: add a note about broken test sequence
 - tests: port interfaces-autopilot-introspection to session-tool
 - tests: port interfaces-dbus to session-tool
 - packaging: update sid packaging to match 16.04+
 - tests: enable degraded test on uc20
 - c/snaplock/runinhibit: add run inhibition operations
 - tests: detect and report root-owned files in /home
 - tests: reload root's systemd --user after snapd tests
 - tests: test registration with serial-authority: [generic]
 - cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon-
   key in recover
 - tests/mount-ns: stop binfmt_misc mount unit
 - cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition
   uuid if available
 - daemon, tests: indicate system mode, test switching to recovery
   and back to run
 - interfaces/desktop: silence more /var/lib/snapd/desktop/icons
   denials
 - tests/mount-ns: update to reflect new UEFI boot mode
 - usersession,tests: clean ups for userd/settings.go and move
   xdgopenproxy under usersession
 - tests: disable mount-ns test
 - tests: test user belongs to systemd-journald, on core20
 - tests: run core/snap-set-core-config on uc20 too
 - tests: remove generated session-agent units
 - sysconfig: use new _writable_defaults dir to create cloud config
 - cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for
   future work
 - asserts: make clearer that with label we mean a serialized label
 - cmd/snap-bootstrap: tweak recovery trigger log messages
 - asserts: introduce PoolTo
 - userd: allow setting default-url-scheme-handler
 - secboot: append uuid to ubuntu-data when decrypting
 - o/configcore: pass extra options to FileSystemOnlyApply
 - tests: add dbus-user-session to bionic and reorder package names
 - boot, bootloader: adjust comments, expand tests
 - tests: improve debugging of user session agent tests
 - packaging: add the inhibit directory
 - many: add core.resiliance.vitality-hint config setting
 - tests: test adjustments and fixes for recently published images
 - cmd/snap: coldplug auto-import assertions from all removable
   devices
 - secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to
   secboot
 - tests: not fail when boot dir cannot be determined
 - tests: new directory used to store the cloud images on gce
 - tests: inject snapd from edge into seeds of the image in manual
   preseed test
 - usersession/agent,wrappers: fix races between Shutdown and Serve
 - tests: add dependency needed for next upgrade of bionic
 - tests: new test user is used for external backend
 - cmd/snap: fix the order of positional parameters in help output
 - tests: don't create root-owned things in ~test
 - tests/lib/prepare.sh: delete patching of the initrd
 - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
   as well
 - progress: tweak multibyte label unit test data
 - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline
 - gadget: fix fallback device lookup for 'mbr' type structures
 - configcore: only reload journald if systemd is new enough
 - cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data
 - wrappers: allow user mode systemd daemons
 - progress: fix progress bar with multibyte duration units
 - tests: fix raciness in pulseaudio test
 - asserts/internal: introduce Grouping and Groupings
 - tests: remove user.sh
 - tests: pair of follow-ups from earlier reviews
 - overlord/snapstate: warn of refresh/postpone events
 - configcore,tests: use daemon-reexec to apply watchdog config
 - c/snap-bootstrap: check mount states via initramfsMountStates
 - store: implement DownloadAssertions
 - tests: run smoke test with different bases
 - tests: port user-mounts test to session-tool
 - store: handle error-list in fetch-assertions results
 - tests: port interfaces-audio-playback-record to session-tool
 - data/completion: add `snap` command completion for zsh
 - tests/degraded: ignore failure in systemd-vconsole-setup.service
 - image: stub implementation of image.Prepare for darwin
 - tests: session-tool --restore -u stops user-$UID.slice
 - o/ifacestate/handlers.go: fix typo
 - tests: port pulseaudio test to session-tool
 - tests: port user-session-env to session-tool
 - tests: work around journald bug in core16
 - tests: add debug to core-persistent-journal test
 - tests: port selinux-clean to session-tool
 - tests: port portals test to session-tool, fix portal tests on sid
 - tests: adding option --no-install-recommends option also when
   install all the deps
 - tests: add session-tool --has-systemd-and-dbus
 - packaging/debian-sid: add gcc-multilib to build deps
 - osutil: expand FileLock to support shared locks and more
 - packaging: stop depending on python-docutils
 - store,asserts,many: support the new action fetch-assertions
 - tests: port snap-session-agent-* to session-tool
 - packaging/fedora: disable FIPS compliant crypto for static
   binaries
 - tests: fix for preseeding failures

* Tue Jul 28 2020 Samuele Pedroni <pedronis@lucediurna.net>
- New upstream release, LP: #1875071
  - o/ifacestate: fix bug in snapsWithSecurityProfiles
  - tests/main/selinux-clean: workaround SELinux denials triggered by
    linger setup on Centos8

* Mon Jul 27 2020 Zygmunt Krynicki <me@zygoon.pl>
- New upstream release, LP: #1875071
  - many: backport _writable_defaults dir changes
  - tests: fix incorrect check in smoke/remove test
  - cmd/snap-bootstrap,seed: backport of uc20 PRs
  - tests: avoid exit when nested type var is not defined
  - cmd/snap-preseed: backport fixes
  - interfaces: optimize rules of multiple connected iio/i2c/spi plugs
  - many: cherry-picks for 2.45, gh-action, test fixes
  - tests/lib: account for changes in arch package file name extension
  - postrm, snap-mgmt: cleanup modules and other cherry-picks
  - snap-confine: don't die if a device from sysfs path cannot be
    found by udev
  - data/selinux: update policy to allow forked processes to call
    getpw*()
  - tests/main/interfaces-time-control: exercise setting time via date
  - interfaces/builtin/time-control: allow POSIX clock API
  - usersession/userd: add "slack" to the white list of URL schemes
    handled by xdg-open

* Fri Jul 10 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.45.2
 - SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
   implementation
   - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
     variable modification when calling the system xdg-open. Patch
     thanks to James Henstridge
   - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
     restarted. Patch thanks to Michael Vogt
   - CVE-2020-11934
 - SECURITY UPDATE: arbitrary code execution vulnerability on core
   devices with access to physical removable media
   - devicestate: Disable/restrict cloud-init after seeding.
   - CVE-2020-11933

* Fri Jun 05 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.45.1
 - data/selinux: allow checking /var/cache/app-info
 - cmd/snap-confine: add support for libc6-lse
 - interfaces: miscellaneous policy updates xlv
 - snap-bootstrap: remove sealed key file on reinstall
 - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
 - gadget: make ext4 filesystems with or without metadata checksum
 - interfaces/fwupd: allow bind mount to /boot on core
 - tests: cherry-pick test fixes from master
 - snap/squashfs: also symlink snap Install with uc20 seed snap dir
   layout
 - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
   devices
 - snap,many: mv Open to snapfile pkg to support add'l options to
   Container methods
 - interfaces/builtin/desktop: do not mount fonts cache on distros
   with quirks
 - devicestate, sysconfig: revert support for cloud.cfg.d/ in the
   gadget
 - data/completion, packaging: cherry-pick zsh completion
 - state: log task errors in the journal too
 - devicestate: do not report "ErrNoState" for seeded up
 - interfaces/desktop: silence more /var/lib/snapd/desktop/icons
   denials
 - packaging/fedora: disable FIPS compliant crypto for static
   binaries
 - packaging: stop depending on python-docutils

* Tue May 12 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.45
 - o/devicestate: support doing system action reboots from recover
   mode
 - vendor: update to latest secboot
 - tests: not fail when boot dir cannot be determined
 - configcore: only reload journald if systemd is new enough
 - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data
   when decrypting
 - tests/lib/prepare.sh: delete patching of the initrd
 - cmd/snap: coldplug auto-import assertions from all removable
   devices
 - cmd/snap: fix the order of positional parameters in help output
 - c/snap-bootstrap: port mount state mocking to the new style on
   master
 - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
   as well
 - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline,
   unlock in recover mode initramfs
 - progress: tweak multibyte label unit test data
 - gadget: fix fallback device lookup for 'mbr' type structures
 - progress: fix progress bar with multibyte duration units
 - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20
 - many: put the sealed keys in a directory on seed for tidiness
 - cmd/snap-bootstrap: measure epoch and model before unlocking
   encrypted data
 - o/configstate: core config handler for persistent journal
 - bootloader/uboot: use secondary ubootenv file boot.sel for uc20
 - packaging: add "$TAGS" to dh_auto_test for debian packaging
 - tests: ensure $cache_dir is actually available
 - secboot,cmd/snap-bootstrap: add model to pcr protection profile
 - devicestate: do not use snap-boostrap in devicestate to install
 - tests: fix a typo in nested.sh helper
 - devicestate: add support for cloud.cfg.d config from the gadget
 - cmd/snap-bootstrap: cleanups, naming tweaks
 - testutil: add NewDBusTestConn
 - snap-bootstrap: lock access to sealed keys
 - overlord/devicestate: preserve the current model inside ubuntu-
   boot
 - interfaces/apparmor: use differently templated policy for non-core
   bases
 - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
   syscalls
 - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first,
   other misc changes
 - o/snapstate: tweak "waiting for restart" message
 - boot: store model model and grade information in modeenv
 - interfaces/firewall-control: allow -legacy and -nft for core20
 - boot: enable makeBootable20RunMode for EnvRefExtractedKernel
   bootloaders
 - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20
   implementation
 - daemon: fix error message from `snap remove-user foo` on classic
 - overlord: have a variant of Mock that can take a state.State
 - tests: 16.04 and 18.04 now have mediating pulseaudio (again)
 - seed: clearer errors for missing essential snapd or core snap
 - cmd/snap-bootstrap/initramfs-mounts: support
   EnvRefExtractedKernelBootloader's
 - gadget, cmd/snap-bootstrap: MBR schema support
 - image: improve/adjust DownloadSnap doc comment
 - asserts: introduce ModelGrade.Code
 - tests: ignore user-12345 slice and service
 - image,seed/seedwriter: support redirect channel aka default
   tracks
 - bootloader: use binary.Read/Write
 - tests: uc20 nested suite part II
 - tests/boot: refactor to make it easier for new
   bootloaderKernelState20 impl
 - interfaces/openvswitch: support use of ovs-appctl
 - snap-bootstrap: copy auth data from real ubuntu-data in recovery
   mode
 - snap-bootstrap: seal and unseal encryption key using tpm
 - tests: disable special-home-can-run-classic-snaps due to jenkins
   repo issue
 - packaging: fix build on Centos8 to support BUILDTAGS
 - boot/bootstate20: small changes to bootloaderKernelState20
 - cmd/snap: Implement a "snap routine file-access" command
 - spread.yaml: switch back to latest/candidate for lxd snap
 - boot/bootstate20: re-factor kernel methods to use new interface
   for state
 - spread.yaml,tests/many: use global env var for lxd channel
 - boot/bootstate20: fix bug in try-kernel cleanup
 - config: add system.store-certs.[a-zA-Z0-9] support
 - secboot: key sealing also depends on secure boot enabled
 - httputil: fix client timeout retry tests
 - cmd/snap-update-ns: handle EBUSY when unlinking files
 - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20
   vars
 - secboot: add tpm support helpers
 - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for
   kernel and gadget
 - cmd/snap-bootstrap: switch to a 64-byte key for unlocking
 - tests: preserve size for centos images on spread.yaml
 - github: partition the github action workflows
 - run-checks: use consistent "Checking ..." style messages
 - bootloader: add efi pkg for reading efi variables
 - data/systemd: do not run snapd.system-shutdown if finalrd is
   available
 - overlord: update tests to work with latest go
 - cmd/snap: do not hide debug boot-vars on core
 - cmd/snap-bootstrap: no error when not input devices are found
 - snap-bootstrap: fix partition numbering in create-partitions
 - httputil/client_test.go: add two TLS version tests
 - tests: ignore user@12345.service hierarchy
 - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things
 - tests: rewrite timeserver-control test
 - tests: fix racy pulseaudio tests
 - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
 - tests: update snap-preseed --reset logic to accommodate for 2.44
   change
 - cmd/snap: don't wait for system key when stopping
 - sandbox/cgroup: avoid making arrays we don't use
 - osutil: mock proc/self/mountinfo properly everywhere
 - selinux: export MockIsEnforcing; systemd: use in tests
 - tests: add 32 bit machine to GH actions
 - tests/session-tool: kill cron session, if any
 - asserts: it should be possible to omit many snap-ids if allowed,
   fix
 - boot: cleanup more things, simplify code
 - github: skip spread jobs when corresponding label is set
 - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor
   pkg
 - tests/session-tool: add session-tool --dump
 - github: allow cached debian downloads to restore
 - tests/session-tool: session ordering is non-deterministic
 - tests: enable unit tests on debian-sid again
 - github: move spread to self-hosted workers
 - secboot: import secboot on ubuntu, provide dummy on !ubuntu
 - overlord/devicestate: support for recover and run modes
 - snap/naming: add validator for snap security tag
 - interfaces: add case for rootWritableOverlay + NFS
 - tests/main/uc20-create-partitions: tweaks, renames, switch to
   20.04
 - github: port CLA check to Github Actions
 - interfaces/many: miscellaneous policy updates xliv
 - configcore,tests: fix setting watchdog options on UC18/20
 - tests/session-tool: collect information about services on startup
 - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create-
   partitions
 - state: add state.CopyState() helper
 - tests/session-tool: stop anacron.service in prepare
 - interfaces: don't use the owner modifier for files shared via
   document portal
 - systemd: move the doc comments to the interface so they are
   visible
 - cmd/snap-recovery-chooser: tweaks
 - interfaces/docker-support: add overlayfs file access
 - packaging: use debian/not-installed to ignore snap-preseed
 - travis.yml: disable unit tests on travis
 - store: start splitting store.go and store_test.go into subtopic
   files
 - tests/session-tool: stop cron/anacron from meddling
 - github: disable fail-fast as spread cannot be interrupted
 - github: move static checks and spread over
 - tests: skip "/etc/machine-id" in "writablepaths" test
 - snap-bootstrap: store encrypted partition recovery key
 - httputil: increase testRetryStrategy max timelimit to 5s
 - tests/session-tool: kill leaking closing session
 - interfaces: allow raw access to USB printers
 - tests/session-tool: reset failed session-tool units
 - httputil: increase httpclient timeout in
   TestRetryRequestTimeoutHandling
 - usersession: extend timerange in TestExitOnIdle
 - client: increase timeout in client tests to 100ms
 - many: disentagle release and snapdenv from sandbox/*
 - boot: simplify modeenv mocking to always write a modeenv
 - snap-bootstrap: expand data partition on install
 - o/configstate: add backlight option for core config
 - cmd/snap-recovery-chooser: add recovery chooser
 - features: enable robust mount ns updates
 - snap: improve TestWaitRecovers test
 - sandbox/cgroup: add ProcessPathInTrackingCgroup
 - interfaces/policy: fix comment in recent new test
 - tests: make session tool way more robust
 - interfaces/seccomp: allow passing an address to setgroups
 - o/configcore: introduce core config handlers (3/N)
 - interfaces: updates to login-session-observe, network-manager and
   modem-manager interfaces
 - interfaces/policy/policy_test.go: add more tests'allow-
   installation: false' and we grant based on interface attributes
 - packaging: detect/disable broken seed in the postinst
 - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia
   library
 - tests: remove google-tpm backend from spread.yaml
 - tests: install dependencies with apt using --no-install-recommends
 - usersession/userd: add zoommtg url support
 - snap-bootstrap: fix disk layout sanity check
 - snap: add `snap debug state --is-seeded` helper
 - devicestate: generate warning if seeding fails
 - config, features: move and rename config.GetFeatureFlag helper to
   features.Flag
 - boot, overlord/devicestate, daemon:  implement requesting boot
   into a given recovery system
 - xdgopenproxy: forward requests to the desktop portal
 - many: support immediate reboot
 - store: search v2 tweaks
 - tests: fix cross build tests when installing dependencies
 - daemon: make POST /v2/systems/<label> root only
 - tests/lib/prepare.sh: use only initrd from the kernel snap
 - cmd/snap,seed: validate full seeds (UC 16/18)
 - tests/main/user-session-env: stop the user session before deleting
   the test-zsh user
 - overlord/devicestate, daemon: record the seed current system was
   installed from
 - gadget: SystemDefaults helper function to convert system defaults
   config into a flattened map suitable for FilesystemOnlyApply.
 - many: comment or avoid cryptic snap-ids in tests
 - tests: add LXD_CHANNEL environment
 - store: support for search API v2
 - .github: register a problem matcher to detect spread failures
 - seed: add Info() method for seed.Snap
 - github: always run the "Discard spread workers" step, even if the
   job fails
 - github: offload self-hosted workers
 - cmd/snap: the model command needs just a client, no waitMixin
 - github: combine tests into one workflow
 - github: fix order of go get caches
 - tests: adding more workers for ubuntu 20.04
 - boot,overlord: rename operating mode to system mode
 - config: add new Transaction.GetPristine{,Maybe}() function
 - o/devicestate: rename readMaybe* to maybeRead*
 - github: cache Debian dependencies for unit tests
 - wrappers: respect pre-seeding in error path
 - seed: validate UC20 seed system label
 - client, daemon, overlord/devicestate: request system action API
   and stubs
 - asserts,o/devicestate: support model specified alternative serial-
   authority
 - many: introduce naming.WellKnownSnapID
 - o/configcore: FilesystemOnlyApply method for early configuration
   of core (1/N)
 - github: run C unit tests
 - github: run spread tests on PRs only
 - interfaces/docker-support: make containerd abstract socket more
   generic
 - tests: cleanup security-private-tmp properly
 - overlord/devicestate,boot: do not hold to the originally read
   modeenv
 - dirs: rm RunMnt; boot: add vars for early boot env layout;
   sysconfig: take targetdir arg
 - cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over
   s.runMnt
 - tests: add regression test for MAAS refresh bug
 - errtracker: add missing mocks
 - github: apt-get update before installing build-deps
 - github: don't fail-fast
 - github: run spread via github actions
 - boot,many: add modeenv.WriteTo, make Write take no args
 - wrappers: fix timer schedules that are days only
 - tests/main/snap-seccomp-syscalls: install gperf
 - github: always checkout to snapcore/snapd
 - github: add prototype workflow running unit tests
 - many: improve comments, naming, a possible TODO
 - client: use Assert when checking for error
 - tests: ensure sockets target is ready in session agent spread
   tests
 - osutil: do not leave processes behind after the test run
 - tests: update proxy-no-core to match latest CDN changes
 - devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade:
   dangerous
 - cmd/snap-failure,tests: try to make snap-failure more robust
 - many: fix packages having mistakenly their copyright as doc
 - many: enumerate system seeds, return them on the /v2/systems API
   endpoint
 - randutil: don't consume kernel entropy at init, just mix more info
   to try to avoid fleet collisions
 - snap-bootstrap: add creationSupported predicate for partition
   types
 - tests: umount partitions which are not umounted after remount
   gadget
 - snap: run gofmt -s
 - many: improve environment handling, fixing duplicate entries
 - boot_test: add many boot robustness tests for UC20 kernel
   MarkBootSuccessul and SetNextBoot
 - overlord: remove unneeded overlord.MockPruneInterval() mocks
 - interfaces/greengrass-support: fix typo
 - overlord,timings,daemon: separate timings from overlord/state
 - tests: enable nested on core20 and test current branch
 - snap-bootstrap: remove created partitions on reinstall
 - boot: apply Go 1.10 formatting
 - apparmor: use rw for uuidd request to default and remove from
   elsewhere
 - packaging: add README.source for debian
 - tests: cleanup various uc20 boot tests from previous PR
 - devicestate: disable cloud-init by default on uc20
 - run-checks: tweak formatting checks
 - packaging,tests: ensure debian-sid builds without vendor/
 - travis.yml: run unit tests with go/master as well* travis.yml: run
   unit tests with go/master as well
 - seed: make Brand() part of the Seed interface
 - cmd/snap-update-ns: ignore EROFS from rmdir/unlink
 - daemon: do a forceful server shutdown if we hit a deadline
 - tests/many: don't use StartLimitInterval anymore, unify snapd-
   failover variants, build snapd snap for UC16 tests
 - snap-seccomp: robustness improvements
 - run-tests: disable -v for go test to avoid spaming the logs
 - snap: whitelist lzo as support compression for snap pack
 - snap: tweak comment in Install() for overlayfs detection
 - many: introduce snapdenv.Preseeding instead of release.PreseedMode
 - client, daemon, overlord/devicestate: structures and stubs for
   systems API
 - o/devicestate: delay the creation of mark-seeded task until
   asserts are loaded
 - data/selinux, tests/main/selinux: cleanup tmpfs operations in the
   policy, updates
 - interfaces/greengrass-support: add new 1.9 access
 - snap: do not hardlink on overlayfs
 - boot,image: ARM kernel extract prepare image
 - interfaces: make gpio robust against not-existing gpios in /sys
 - cmd/snap-preseed: handle --reset flag
 - many: introduce snapdenv to present common snapd env options
 - interfaces/kubernetes-support: allow autobind to journald socket
 - snap-seccomp: allow mprotect() to unblock the tests
 - tests/lib/reset: workaround unicode dot in systemctl output
 - interfaces/udisks2: also allow Introspection on
   /org/freedesktop/UDisks/**
 - snap: introduce Container.RandomAccessFile
 - o/ifacestate, api: implementation of snap disconnect --forget
 - cmd/snap: make the portal-info command search for the network-
   status interface
 - interfaces: work around apparmor_parser slowness affecting uio
 - tests: fix/improve failing spread tests
 - many: clean separation of bootenv mocking vs mock bootloader kinds
 - tests: mock prune ticker in overlord tests to reduce wait times
 - travis: disable arm64 again
 - httputil: add support for extra snapd certs
 - travis.yml: run unit tests on arm64 as well
 - many: fix a pair of ineffectual assignments
 - tests: add uc20 kernel snap upgrade managers test, fix
   bootloadertest bugs
 - o/snapstate: set base in SnapSetup on snap revert
 - interfaces/{docker,kubernetes}-support: updates for lastest k8s
 - cmd/snap-exec: add test case for LP bug 1860369
 - interfaces: make the network-status interface implicit on
   classic
 - interfaces: power control interfaceIt is documented in the
   kernel
 - interfaces: miscellaneous policy updates
 - cmd/snap: add a "snap routine portal-info" command
 - usersession/userd: add "apt" to the white list of URL schemes
   handled by xdg-open
 - interfaces/desktop: allow access to system prompter interface
 - devicestate: allow encryption regardless of grade
 - tests: run ipv6 network-retry test too
 - tests: test that after "remove-user" the system is unmanaged
 - snap-confine: unconditionally add /dev/net/tun to the device
   cgroup
 - snapcraft.yaml: use sudo -E and remove workaround
 - interfaces/audio_playback: Fix pulseaudio config access
 - ovelord/snapstate: update only system wide fonts cache
 - wrappers: import /etc/environment in all services
 - interfaces/u2f: Add Titan USB-C key
 - overlord, taskrunner: exit on task/ensure error when preseeding
 - tests: add session-tool, a su / sudo replacement
 - wrappers: add mount unit dependency for snapd services on core
   devices
 - tests: just remove user when the system is not managed on create-
   user-2 test
 - snap-preseed: support for preseeding of snapd and core18
 - boot: misc UC20 changes
 - tests: adding arch-linux execution
 - packaging: revert "work around review-tools and snap-confine"
 - netlink: fix panic on arm64 with the new rawsockstop codewith a
   nil Timeval panics
 - spread, data/selinux: add CentOS 8, update policy
 - tests: updating checks to new test account for snapd-test snaps
 - spread.yaml: mv opensuse 15.1 to unstable
 - cmd/snap-bootstrap,seed: verify only in-play snaps
 - tests: use ipv4 in retry-network to unblock failing master
 - data/systemd: improve the description
 - client: add "Resume" to DownloadOptions and new test
 - tests: enable snapd-failover on uc20
 - tests: add more debug output to the snapd-failure handling
 - o/devicestate: unset recovery_system when done seeding

* Fri Apr 10 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.44.3
 - tests: fix racy pulseaudio tests
 - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
 - tests: update snap-preseed --reset logic
 - tests: backport partition fixes
 - cmd/snap: don't wait for system key when stopping
 - interfaces/many: miscellaneous policy updates xliv
 - tests/main/uc20-snap-recovery: use 20.04 system
 - tests: skip "/etc/machine-id" in "writablepaths
 - interfaces/docker-support: add overlays file access

* Thu Apr 2 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.44.2
 - packaging: detect/disable broken seeds in the postinst
 - cmd/snap,seed: validate full seeds (UC 16/18)
 - snap: add `snap debug state --is-seeded` helper
 - devicestate: generate warning if seeding fails
 - store: support for search API v2
 - cmd/snap-seccomp/syscalls: update the list of known syscalls
 - snap/cmd: the model command needs just a client, no waitMixin
 - tests: cleanup security-private-tmp properly
 - wrappers: fix timer schedules that are days only
 - tests: update proxy-no-core to match latest CDN changes
 - cmd/snap-failure,tests: make snap-failure more robust
 - tests, many: don't use StartLimitInterval anymore, unify snapd-
   failover variants, build snapd snap for UC16 tests

* Sat Mar 21 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.44.1
 - randutil: switch back to setting up seed with lower entropy data
 - interfaces/greengrass-support: fix typo
 - packaging,tests: ensure debian-sid builds without vendor/
 - travis.yml: run unit tests with go/master as well
 - cmd/snap-update-ns: ignore EROFS from rmdir/unlink

* Tue Mar 17 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.44
 - daemon: do a forceful serer shutdown if we hit a deadline
 - snap: whitelist lzo as support compression for snap pack
 - data/selinux: update policy to allow more ops
 - interfaces/greengrass-support: add new 1.9 access
 - snap: do not hardlink on overlayfs
 - cmd/snap-preseed: handle --reset flag
 - interfaces/kubernetes-support: allow autobind to journald socket
 - snap-seccomp: allow mprotect() to unblock the tests
 - tests/lib/reset: workaround unicode dot in systemctl output
 - interfaces: work around apparmor_parser slowness affecting uio
 - interfaces/udisks2: also allow Introspection on
   /org/freedesktop/UDisks2/**
 - tests: mock prune ticker in overlord tests to reduce wait times
 - interfaces/{docker,kubernetes}-support: updates for lastest k8s
 - interfaces: miscellaneous policy updates
 - interfaces/audio_playback: Fix pulseaudio config access
 - overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
 - ovelord/snapstate: update only system wide fonts cache
 - wrappers: import /etc/environment in all services
 - interfaces/u2f: Add Titan USB-C key
 - overlord, taskrunner: exit on task/ensure error when preseeding
 - overlord/snapstate/backend: update snapd services contents in unit
   tests
 - wrappers: add mount unit dependency for snapd services on core
   devices
 - Revert "tests: remove /tmp/snap.* left over by other tests"
 - Revert "packaging: work around review-tools and snap-confine"
 - netlink: fix panic on arm64 with the new rawsockstop code
 - spread, data/selinux: add CentOS 8, update policy
 - spread.yaml: mv opensuse tumbleweed to unstable too
 - spread.yaml: mv opensuse 15.1 to unstable
 - tests: use ipv4 in retry-network to unblock failing master
 - data/systemd: improve the description
 - tests/lib/prepare.sh: simplify, combine code paths
 - tests/main/user-session-env: add test verifying environment
   variables inside the user session
 - spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
 - run-checks: SKIP_GMFMT really skips formatting checks
 - tests: enable more tests for UC20/UC18
 - tests: remove tmp dir for snap not-test-snapd-sh on security-
   private-tmp test
 - seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
   simplify bootstrap code
 - snapstate: do not restart in undoLinkSnap unless on first install
 - cmd/snap-bootstrap: subcommand to detect UC chooser trigger
 - cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
   mode too
 - cmd/libsnap, tests: fix C unit tests failing as non-root
 - cmd/snap-bootstrap: verify kernel snap is in modeenv before
   mounting it
 - tests: adding amazon linux to google backend
 - cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
   status
 - client: add support for "ResumeToken", "HeaderPeek" to download
 - build: enable type: snapd
 - tests: rm -rf /tmp/snap.* in restore
 - cmd/snap-confine: deny snap-confine to load nss libs
 - snapcraft.yaml: add comments, rename snapd part to snapd-deb
 - boot: write current_kernels in bootstate20, makebootable
 - packaging: work around review-tools and snap-confine
 - tests: skipping interfaces-openvswitch on centos due to package is
   not available
 - packaging,snap-confine: stop being setgid root
 - cmd/snap-confine: bring /var/lib/dhcp from host, if present
 - store: rely on CommandFromSystemSnap to find xdelta3
 - tests: bump sleep time of the new overlord tests
 - cmd/snap-preseed: snapd version check for the target
 - netlink: fix/support stopping goroutines reading netlink raw
   sockets
 - tests: reset PS1 before possibly interactive dash
 - overlord, state: don't abort changes if spawn time before
   StartOfOperationTime (2/2)
 - snapcraft.yaml: add python3-apt, tzdata as build-deps for the
   snapd snap
 - tests: ask tar to speak English
 - tests: using google storage when downloading ubuntu cloud images
   from gce
 - Coverity produces false positives for code like this:
 - many: maybe restart & security backend options
 - o/standby: add SNAPD_STANDBY_WAIT to control standby in
   development
 - snap: use the actual staging snap-id for snapd
 - cmd/snap-bootstrap: create a new parser instance
 - snapcraft.yaml: use build-base and adopt-info, rm builddeb
   plugin
 - tests: set StartLimitInterval in snapd failover test
 - tests: disable archlinux system
 - tests: add preseed test for classic
 - many, tests: integrate all preseed bits and add spread tests
 - daemon: support resuming downloads
 - tests: use Filename() instead of filepath.Base(sn.MountFile())
 - tests/core: add swapfiles test
 - interfaces/cpu-control: allow to control cpufreq tunables
 - interfaces: use commonInteface for desktopInterface
 - interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
   location
 - snap/info: add Filename
 - bootloader: make uboot a RecoveryAwareBootloader
 - gadget: skip update when mounted filesystem content is identical
 - systemd: improve is-active check for 'failed' services
 - boot: add current_kernels to modeenv
 - o/devicestate: StartOfOperationTime helper for Prune (1/2)
 - tests: detect LXD launching i386 containers
 - tests: move main/ubuntu-core-* tests to core/ suite
 - tests: remove snapd in ubuntu-core-snapd
 - boot: enable base snap updates in bootstate20
 - tests: Fix core revert channel after 2.43 has been released to
   stable
 - data/selinux: unify tabs/spaces
 - o/ifacestate: move ResolveDisconnect to ifacestate
 - spread: move centos to stable systems
 - interfaces/opengl: allow datagrams to nvidia-driver
 - httputil: add NoNetwork(err) helper, spread test and use in serial
   acquire
 - store: detect if server does not support http range headers
 - test/lib/user: add helper lib for doing things for and as a user
 - overlord/snapstate, wrappers: undo of snapd on core
 - tests/main/interfaces-pulseaudio: use custom pulseaudio script,
   set kill timeout
 - store: add support for resume in DownloadStream
 - cmd/snap: implement 'snap remove-user'
 - overlord/devicestate: fix preseed unit tests on systems not using
   /snap
 - tests/main/static: ldd in glibc 2.31 logs to stderr now
 - run-checks, travis: allow skipping spread jobs by adding a label
 - tests: add new backend which includes images with tpm support
 - boot: use constants for boot status values
 - tests: add "core" suite for UC specific tests
 - tests/lib/prepare: use a local copy of uc20 initramfs skeleton
 - tests: retry mounting the udisk2 device due to timing issue
 - usersession/client: add a client library for the user session
   agent
 - o/devicestate: Handle preseed mode in the firstboot mode (core16
   only for now).
 - boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
 - cmd/snap-confine: detect base transitions on core16
 - boot: don't use "kernel" from the modeenv anymore
 - interfaces: add uio interface
 - tests: repack the initramfs + kernel snap for UC20 spread tests
 - interfaces/greengrass-support: add /dev/null ->
   /proc/latency_stats mount
 - httputil: remove workaround for redirect handling in go1.7
 - httputil: remove go1.6 transport workaround
 - snap: add `snap pack --compression=<comp>` options
 - tests/lib/prepare: fix hardcoded loopback device names for UC
   images
 - timeutil: add a unit test case for trivial schedule
 - randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
   introduction
 - dirs: variable with distros using alternate snap mount
 - many,randutil: centralize and streamline our random value
   generation
 - tests/lib/prepare-restore: Revert "Continue on errors updating or
   installing dependencies"
 - daemon: Allow clients to call /v2/logout via Polkit
 - dirs: manjaro-arm is like manjaro
 - data, packaging: Add sudoers snippet to allow snaps to be run with
   sudo
 - daemon, store: better expose single action errors
 - tests: switch mount-ns test to differential data set
 - snapstate: refactor things to add the re-refresh task last
 - daemon: drop support for the DELETE method
 - client: move to /v2/users; implement RemoveUser
 - boot: enable UC20 kernel extraction and bootState20 handling
 - interfaces/policy: enforce plug-names/slot-names constraints
 - asserts: parse plug-names/slot-names constraints
 - daemon: make users result more consistent
 - cmd/snap-confine,tests: support x.y.z nvidia version
 - dirs: fixlet for XdgRuntimeDirGlob
 - boot: add bootloader options to coreKernel
 - o/auth,daemon: do not remove unknown user
 - tests: tweak and enable tests on ubuntu 20.04
 - daemon: implement user removal
 - cmd/snap-confine: allow snap-confine to link to libpcre2
 - interfaces/builtin: Allow NotificationReplied signal on
   org.freedesktop.Notifications
 - overlord/auth: add RemoveUserByName
 - client: move user-related things to their own files
 - boot: tweak kernel cmdline helper docstring
 - osutil: implement deluser
 - gadget: skip update when raw structure content is unchanged
 - boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
   detection to boot
 - tests: fix revisions leaking from snapd-refresh test
 - daemon: refactor create-user to a user action & hide behind a flag
 - osutil/tests: check there are no leftover symlinks with
   AtomicSymlink
 - grub: support atomically renaming kernel symlinks
 - osutil: add helpers for creating symlinks and renaming in an
   atomic manner
 - tests: add marker tag for core 20 test failure
 - tests: fix gadget-update-pc test leaking snaps
 - tests: remove revision leaking from ubuntu-core-refresh
 - tests: remove revision leaking from remodel-kernel
 - tests: disable system-usernames test on core20
 - travis, tests, run-checks: skip nakedret
 - tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
 - tests: update mount-ns test tables
 - snap: disable auto-import in uc20 install-mode
 - tests: add a command-chain service test
 - tests: use test-snapd-upower instead of upower
 - data/selinux: workaround incorrect fonts cache labeling on RHEL7
 - spread.yaml: fix ubuntu 19.10 and 20.04 names
 - debian: check embedded keys for snap-{bootstrap,preseed} too
 - interfaces/apparmor: fix doc-comments, unnecessary code
 - o/ifacestate,o/devicestatate: merge gadget-connect logic into
   auto-connect
 - bootloader: add ExtractedRunKernelImageBootloader interface,
   implement in grub
 - tests: add spread test for hook permissions
 - cmd/snap-bootstrap: check device size before boostrapping and
   produce a meaningful error
 - cmd/snap: add ability to register "snap routine" commands
 - tests: add a test demonstrating that snaps can't access the
   session agent socket
 - api: don't return connections referring to non-existing
   plugs/slots
 - interfaces: refactor path() from raw-volume into utils with
   comments for old
 - gitignore: ignore snap files
 - tests: skip interfaces-network-manager on arm devices
 - o/devicestate: do not create perfTimings if not needed inside
   ensureSeed/Operational
 - tests: add ubuntu 20.04 to the tests execution and remove
   tumbleweed from unstable
 - usersession: add systemd user instance service control to user
   session agent
 - cmd/snap: print full channel in 'snap list', 'snap info'
 - tests: remove execution of ubuntu 19.04 from google backend
 - cmd/snap-boostrap: add mocking for fakeroot
 - tests/core18/snapd-failover: collect more debug info
 - many: run black formatter on all python files
 - overlord: increase settle timeout for slow machines
 - httputil: use shorter timeout in TestRetryRequestTimeoutHandling
 - store, o/snapstate: send default-tracks header, use
   RedirectChannel
 - overlord/standby: fix possible deadlock in standby test
 - cmd/snap-discard-ns: fix pattern for .info files
 - boot: add HasModeenv to Device
 - devicestate: do not allow remodel between core20 models
 - bootloader,snap: misc tweaks
 - store, overlord/snapstate, etc: SnapAction now returns a []…Result
 - snap-bootstrap: create encrypted partition
 - snap: remove "host" output from `snap version`
 - tests: use snap remove --purge flag in most of the spread tests
 - data/selinux, test/main/selinux-clean: update the test to cover
   more scenarios
 - many: drop NameAndRevision, use snap.PlaceInfo instead
 - boot: split MakeBootable tests into their own file
 - travis-ci: add go import path
 - boot: split MakeBootable implementations into their own file
 - tests: enable a lot of the tests of main on uc20
 - packaging, tests: stop services in prerm
 - tests: enable regression suite on core20
 - overlord/snapstate: improve snapd snap backend link unit tests
 - boot: implement SetNextBoot in terms of bootState.setNext
 - wrappers: write and undo snapd services on core
 - boot,o/devicestate: refactor MarkBootSuccessful over bootState
 - snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
 - snap-bootstrap: refactor partition creation
 - tests: use new snapd.spread-tests-run-mode-tweaks.service unit
 - tests: add core20 tests
 - boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
   use the information
 - tests/main/snap-sign: add test for non-stdin signing
 - snap-bootstrap: trigger udev after filesystem creation
 - boot,overlord: introduce internal abstraction bootState and use it
   for InUse/GetCurrentBoot
 - overlord/snapstate: tracks are now sticky
 - cmd: sign: add filename param
 - tests: remove "test-snapd-tools" in smoke/sandbox on restore
 - cmd/snap, daemon: stop over-normalising channels
 - tests: fix classic-ubuntu-core-transition-two-cores after refactor
   of MATCH -v
 - packaging: ship var/lib/snapd/desktop/applications in the pkg
 - spread: drop copr repo with F30 build dependencies
 - tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
 - tests: fix partition creation test
 - tests: unify/rename services-related spread tests to start with
   services- prefix
 - test: extract code that modifies "writable" for test prep
 - systemd: handle preseed mode
 - snap-bootstrap: read only stdout when parsing the sfdisk json
 - interfaces/browser-support: add more product/vendor paths
 - boot: write compat UC16 bootvars in makeBootable20RunMode
 - devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
 - devicestate: request reboot after successful doSetupRunSystem()
 - snapd.core-fixup.sh: do not run on UC20 at all
 - tests: unmount automounted snap-bootstrap devices
 - devicestate: run boot.MakeBootable in doSetupRunSystem
 - boot: copy kernel/base to data partition in makeBootable20RunMode
 - tests: also check nested lxd container
 - run-checks: complain about MATCH -v
 - boot: always return the trivial boot participant in ephemeral mode
 - o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
   gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
 - snap-bootstrap: append new partitions
 - snap-bootstrap: mount filesystems after creation
 - snapstate: do not try to detect rollback in ephemeral modes
 - snap-bootstrap: trigger udev for new partitions
 - cmd/snap-bootstrap: xxx todos about kernel cross-checks
 - tests: avoid mask rsyslog service in case is not enabled on the
   system
 - tests: fix use of MATCH -v
 - cmd/snap-preseed: update help strings
 - cmd/snap-bootstrap: actually parse snapd_recovery_system label
 - bootstrap: reduce runmode mounts from 5 to 2 steps.
 - lkenv.go: adjust for new location of include file
 - snap: improve squashfs.ReadFile() error
 - systemd: fix uc20 shutdown
 - boot: write modeenv when creating the run mode
 - boot,image: add skeleton boot.makeBootable20RunMode
 - cmd/snap-preseed: add snap-preseed executable
 - overlord,boot: follow ups to #7889 and #7899
 - interfaces/wayland: Add access to Xwayland's shm files
 - o/hookstate/ctlcmd: fix command name in snapctl -h
 - daemon,snap: remove screenshot deprecation notice
 - overlord,o/snapstate: make sure we never leave config behind
 - many: pass consistently boot.Device state to boot methods
 - run-checks: check multiline string blocks in
   restore/prepare/execute sections of spread tests
 - intrefaces: login-session-control - added missing dbus commands
 - tests/main/parallel-install-remove-after: parallel installs should
   not break removal
 - overlord/snapstate: tweak assumes error hint
 - overlord: replace DeviceContext.OldModel with GroundContext
 - devicestate: use httputil.ShouldRetryError() in
   prepareSerialRequest
 - tests: replace "test-snapd-base-bare" with real "bare" base snap
 - many: pass a Model to the gadget info reading functions
 - snapstate: relax gadget constraints in ConfigDefaults Et al.
 - devicestate: only run ensureBootOk() in "run" mode
 - tests/many: quiet lxc launching, file pushing
 - tests: disable apt-hooks test until it can be properly fixed
 - tests: 16.04 and 18.04 now have mediating pulseaudio

* Wed Feb 12 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.43.3
 - interfaces/opengl: allow datagrams to nvidia-driver
 - httputil: add NoNetwork(err) helper, spread test and use
   in serial acquire
 - interfaces: add uio interface
 - interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to
   start due to apparmor deny on mounting of "/proc/latency_stats".
 - data, packaging: Add sudoers snippet to allow snaps to be run with
   sudo

* Tue Jan 28 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.43.2
 - cmd/snap-confine: Revert #7421 (unmount /writable from snap view)
 - overlord/snapstate: fix for re-refresh bug
 - tests, run-checks, many: fix nakedret issues
 - data/selinux: workaround incorrect fonts cache labeling on RHEL7
 - tests: use test-snapd-upower instead of upower
 - overlord: increase overall settle timeout for slow arm boards

* Tue Jan 14 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.43.1
 - devicestate: use httputil.ShouldRetryError() in prepareSerialRequest
 - overlord/standby: fix possible deadlock in standby test
 - cmd/snap-discard-ns: fix pattern for .info files
 - overlord,o/snapstate: make sure we never leave config behind
 - data/selinux: update policy to cover more cases
 - snap: remove "host" output from `snap version`

* Thu Jan 09 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.43
 - snap: default to "--direct" in `snap known`
 - packaging: ship var/lib/snapd/desktop/applications in the
   pkg
 - tests: cherry-pick fixes for  snap-set-core-config/ubuntu-core-
   config-defaults-once
 - tests: use test-snapd-sh snap instead of test-snapd-tools
 - tests: rename "test-snapd-sh" in smoke test to test-snapd-sandbox
 - tests: fix partition creation test
 - packaging: fix incorrect changelog entry
 - Revert "tests: 16.04 and 18.04 now have mediating pulseaudio"
 - tests: 16.04 and 18.04 now have mediating pulseaudio
 - interfaces: include hooks in plug/slot apparmor label
 - interfaces: add raw-volume interface for access to partitions
 - image: set recovery system label when creating the image
 - cmd/snapd-generator: fix unit name for non /snap mount locations
 - boot,bootloader: setup the snap recovery system bootenv
 - seed: support ModeSnaps(mode) for mode != "run"
 - seed: fix seed location of local but asserted snaps
 - doc: HACKING.md change autopkgtest-trusty-amd64.img name
 - interfaces/seccomp: parallelize seccomp backend setup
 - cmd/snap-bootstrap: mount ubuntu-data tmpfs, in one go with kernel
   & base
 - interfaces: add audio-playback/record and pulseaudio spread tests
 - apparmor: allow 'r'
   /sys/kernel/mm/transparent_hugepage/hpage_pmd_size
 - cmd/snap-mgmt, packaging/postrm: stop and remove socket units when
   purging
 - tests: use test-snapd-sh snap instead of test-snapd-tools
 - snap-confine: raise egid before calling setup_private_mount()
 - tests: fix fwupd version regular expression
 - snap-bootstrap: parse seed if either kernel or base are not
   mounted
 - tests: check for SELinux denials in interfaces-kvm spread test
 - tests: run snap-set-core-config on all core devices
 - selinux: update policy to allow modifications related to kmod
   backend
 - o/hookstate/ctlcmd: snapctl is-connected command
 - devicestate: add missing test for failing task setup-run-system
 - gadget: add missing test for duplicate detection of roles
 - tests/cmd/snapctl: unset SNAP_CONTEXT for the suite
 - snap/pack, cmd_pack: 'snap pack --check-skeleton' checks
   interfaces
 - gitignore: ignore visual studio code directory
 - snap-bootstrap: implement "run" mode in snap-bootstrap initramfs-
   mounts
 - interfaces/apparmor: handle pre-seeding mode
 - devicestate: implement creating partitions in "install" mode
 - seed: support extra snaps on top of Core 20 dangerous models
 - tests: cache snaps also for ubuntu core and add new snaps to cache
 - snap-bootstrap: support auto-detect device in create-partitions
 - tests: fix partitioning test debug message
 - tests: prevent partitioning test errors
 - cmd/snap-bootstrap: stub out snap.SanitizePlugsSlots for real
 - gadget: extract and export new DiskFromPartition() helper
 - snap-bootstrap: force partition table operations
 - HACKING.md: add nvidia options to configure example
 - tests: move the watchdog timeout to 2s to make the tests work in
   rpi
 - tests: demand silence from check_journalctl_log
 - tests: fix the channels checks done on nested tests
 - tests: reduce the complexity of the test-snapd-sh snap
 - snap/squashfs, osutil: verify files/dirs can be accessed by
   mksquashfs when building a snap
 - boot: add boot.Modeenv.Kernel support
 - devicestate: ensure system installation
 - tests: apply change on permissions to serial port on hotplug test
 - cmd/snap-update-ns: adjust debugging output for usability
 - devicestate: add reading of modeenv to uc20 firstboot code
 - tests/lib/prepare: drop workarounds for rpmbuild rewriting /bin/sh
 - cmd/snap-bootstrap: write /var/lib/snapd/modeenv to the right
   place
 - boot: add boot.Modeenv.Base support
 - overlord/snapstate: install task edges
 - cmd/snap-bootstrap: some small naming and code org tweaks
 - snap-bootstrap: remove SNAPPY_TESTING check, we use it for real
   now
 - interfaces: remove leftover reservedForOS
 - snap-bootstrap: write /run/mnt/ubuntu-data/var/lib/snapd/modeenv
 - osutil/mount: optimize flagOptSearch some more
 - devicestate: read modeenv early and store in devicestate
 - interfaces: add login-session-observe for who, {fail,last}log and
   loginctl
 - tests: add Ubuntu Eoan to google-sru backend
 - osutil/mount: de-duplicate code to use a list
 - interfaces: remove reservedForOS from commonInterface
 - interfaces/browser-support: allow reading status of huge pages
 - interfaces: update system-backup tests to not check for sanitize
   errors related to os
 - interfaces: add system-backup interface
 - osutil/mount: add {Unm,M}outFlagsToOpts helpers
 - snap-bootstrap: make cmdline parsing robust
 - overlord/patch: normalize tracking channel in state
 - boot: add boot.Modeenv that can read/write the UC20 modeenv files
 - bootloader: add new bootloader.InstallBootConfig()
 - many: share single implementation to list needed default-providers
 - snap-bootstrap: implement "snap-bootstrap initramfs-mounts"
 - seccomp: allow chown 'snap_daemon:root' and 'root:snap_daemon'
 - osutil: handle "rw" mount flag in ParseMountEntry
 - overlord/ifacestate: report bad plug/slots with warnings on snap
   install
 - po: sync translations from launchpad
 - tests: cleanup most test snaps icons, they were anyway in the
   wrong place
 - seed: fix confusing pre snapd dates in tests
 - many: make ValidateBasesAndProviders signature simpler/canonical
 - snap-bootstrap: set expected filesystem labels
 - testutil, many: make MockCommand() create prefix of absolute paths
 - tests: improve TestDoPrereqRetryWhenBaseInFlight to fix occasional
   flakiness.
 - seed: proper support for optional snaps for Core 20 models
 - many: test various kinds of overriding for the snapd snap in Core
   20
 - cmd/snap-failure: passthrough snapd logs, add informational
   logging
 - cmd/snap-failure: fallback to snapd from core, extend tests
 - configcore: fix missing error propagation
 - devicestate: rename ensureSeedYaml -> ensureSeeded
 - tests: adding fedora 31
 - tests: restart the snapd service in the snapd-failover test
 - seed: Core 20 seeds channel overrides support for grade dangerous
 - cmd: fix the get command help message
 - tests: enable degraded test on arch linux after latest image
   updates
 - overlord/snapstate: don't re-enable and start disabled services on
   refresh, etc.
 - seed: support in Core 20 seeds local unasserted snaps for model
   snaps
 - snap-bootstrap: add go-flags cmdline parsing and tests
 - gadget: skip fakeroot if not needed
 - overlord/state: panic in MarkEdge() if task is nil
 - spread: fix typo in spread suite
 - overlord: mock device serial in gadget remodel unit tests
 - tests: fix spread shellcheck and degraded tests to unbreak master
 - spread, tests: openSUSE Tumbleweed to unstable systems, update
   system-usernames on Amazon Linux 2
 - snap: extract printInstallHint in cmd_download.go
 - cmd: fix a pair of typos
 - release: preseed mode flag
 - cmd/snap-confine: tracking processes with classic confinement
 - overlord/ifacestate: remove automatic connections if plug/slot
   missing
 - o/ifacestate,interfaces,interfaces/policy: slots-per-plug: *
 - tests/lib/state: snapshot and restore /var/snap during the tests
 - overlord: add base->base remodel undo tests and fixes
 - seed: test and improve Core 20 seed handling errors
 - asserts: add "snapd" type to valid types in the model assertion
 - snap-bootstrap: check gadget versus disk partitions
 - devicestate: add support for gadget->gadget remodel
 - snap/snapenv: preserve XDG_RUNTIME_DIR for classic confinement
 - daemon: parse and reject invalid channels in snap ops
 - overlord: add kernel remodel undo tests and fix undo
 - cmd/snap: support (but warn) using deprecated multi-slash channel
 - overlord: refactor mgrsSuite and extract kernelSuite
 - tests/docker-smoke: add minimal docker smoke test
 - interfaces: extend the fwupd slot to be implicit on classic
 - cmd/snap: make 'snap list' shorten latest/$RISK to $RISK
 - tests: fix for journalctl which is failing to restart
 - cmd/snap,image: initial support for Core 20 in prepare-image with
   test
 - cmd/snap-confine: add support for parallel instances of classic
   snaps, global mount ns initialization
 - overlord: add kernel rollback across reboots manager test and
   fixes
 - o/devicestate: the basics of Core 20 firstboot support with test
 - asserts: support and parsing for slots-per-plug/plugs-per-slotSee
   https://forum.snapcraft.io/t/plug-slot-declaration-rules-greedy-
   plugs/12438
 - parts/plugins: don't xz-compress a deb we're going to discard
 - cmd/snap: make completion skip hidden commands (unless overridden)
 - many: load/consume Core 20 seeds (aka recovery systems)
 - tests: add netplan test on ubuntu core
 - seed/internal: doc comment fix and drop handled TODOs
 - o/ifacestate: unify code into
   autoConnectChecker.addAutoConnectionsneed to change to support
   slots-per-plugs: *
 - many: changes to testing in preparation of Core 20 seed consuming
   code
 - snapstate,devicestate: make OldModel() available in DeviceContext
 - tests: opensuse tumbleweed has similar issue than arch linux with
   snap --strace
 - client,daemon: pass sha3-384 in /v2/download to the client
 - builtin/browser_support.go: allow monitoring process memory
   utilization (used by chromium)
 - overlord/ifacestate: use SetupMany in setupSecurityByBackend
 - tests: add 14.04 canonical-livepatch test
 - snap: make `snap known --remote` use snapd if available
 - seed: share auxInfo20 and makeSystemSnap via internal
 - spread: disable secondary compression for deltas
 - interfaces/content: workaround for renamed target
 - tests/lib/gendevmodel: helper tool for generating developer model
   assertions
 - tests: tweak wording in mount-ns test
 - tests: don't depend on GNU time
 - o/snapstate, etc: SnapState.Channel -> TrackingChannel, and a
   setter
 - seed/seedwriter: support writing Core 20 seeds (aka recovery
   systems)
 - snap-recovery: rename to "snap-bootstrap"
 - managers: add remodel undo test for new required snaps case
 - client: add xerrors and wrap errors coming from "client"
 - tests: verify host is not affected by mount-ns tests
 - tests: configure the journald service for core systems
 - cmd/snap, store: include snapcraft.io page URL in snap info output
 - cmd/cmdutil: version helper
 - spread: enable bboozzoo/snapd-devel-deps COPR repo for getting
   golang-x-xerrors
 - interfaces: simplify AddUpdateNS and emit
 - interfaces/policy: expand cstrs/cstrs1 to
   altConstraints/constraints
 - overlord/devicestate: check snap handler for gadget remodel
   compatibility
 - snap-recovery: deploy gadget content when creating partitions
 - gadget: skip structures with MBR role during remodel
 - tests: do not use lsblk in uc20-snap-recovery test
 - overlord/snapstate: add LastActiveDisabledServices,
   missingDisabledServices
 - overlord/devicestate: refactor and split into per-functionality
   files, drop dead code
 - tests: update mount-ns after addition of /etc/systemd/user
 - interfaces/pulseaudio: adjust to manually connect by default
 - interfaces/u2f-devices: add OnlyKey to devices list
 - interfaces: emit update-ns snippets to function
 - interfaces/net-setup-{observe,control}: add Info D-Bus method
   accesses
 - tests: moving ubuntu-19.10-64 from google-unstable to google
   backend
 - gadget: rename existing and add new helpers for checking
   filesystem/partition presence
 - gadget, overlord/devicestate: add support for customized update
   policy, add remodel policy
 - snap-recovery: create filesystems as defined in the gadget
 - tests: ignore directories for go modules
 - policy: implement CanRemove policy for the snapd type
 - overlord/snapstate: skip catalog refresh if unseeded
 - strutil: add OrderedSet
 - snap-recovery: add minimal binary so that we can use spread on it
 - gadget, snap/pack: perform extended validation of gadget metadata
   and contents
 - timeutil: fix schedules with ambiguous nth weekday spans
 - interfaces/many: allow k8s/systemd-run to mount volume subPaths
   plus cleanups
 - client: add KnownOptions to Know() and support remote assertions
 - tests: check the apparmor_parser when the file exists on snap-
   confine test
 - gadget: helper for volume compatibility checks
 - tests: update snap logs to match for multiple lines for "running"
 - overlord: add checks for bootvars in
   TestRemodelSwitchToDifferentKernel
 - snap-install: add ext4,vfat creation support
 - snap-recovery: remove "usedPartitions" from sfdisk.Create()
 - image,seed: hide Seed16/Snap16, use seed.Open in image_test.go
 - cmd/snap: Sort tasks in snap debug timings output by lanes and
   ready-time.
 - snap-confine.apparmor.in: harden pivot_root until we have full
   mediation
 - gadget: refactor ensureVolumeConsistency
 - gadget: add a public helper for parsing gadget metadata
 - many: address issues related to explicit/implicit channels for
   image building
 - overlord/many: switch order of check snap parameters
 - cmd/snap-confine: remove leftover condition from capability world
 - overlord: set fake serial in TestRemodelSwitchToDifferentKernel
 - overlord/many: extend check snap callback to take snap container
 - recovery-tool: add sfdisk wrapper
 - tests: launch the lxd images following the pattern
   ubuntu:${VERSION_ID}
 - sandbox/cgroup: move freeze/thaw code
 - gadget: accept system-seed role and ubuntu-data label
 - test/lib/names.sh: make backslash escaping explicit
 - spread: generate delta when using google backend
 - cmd/snap-confine: remove loads of dead code
 - boot,dirs,image: various refinements in the prepare-image code
   switched to seedwriter
 - spread: include mounts list in task debug output
 - .gitignore: pair of trivial changes
 - image,seed/seedwriter: switch image to use seedwriter.Writer
 - asserts: introduce explicit support for grade for Core 20 models
 - usersession: drive by fixes for things flagged by unused or
   gosimple
 - spread.yaml: exclude vendor dir
 - sandbox/cgroup, overlord/snapstate: move helper for listing pids
   in group to the cgroup package
 - sandbox/cgroup: refactor process cgroup helper to support v2 and
   named hierarchies
 - snap-repair: error if run as non-root
 - snap: when running `snap repair` without arguments, show hint
 - interfaces: add cgroup-version to system-key
 - snap-repair: add missing check in TestRepairBasicRun
 - tests: use `snap model` instead of `snap known model` in tests
 - daemon: make /v2/download take snapRevisionOptions
 - snap-repair: add additional comment about trust in runner.Verify()
 - client: add support to use the new "download" API
 - interfaces: bump system-key version (and keep on bumping)
 - interfaces/mount: account for cgroup version when reporting
   supported features
 - tests: change regex to validate access to cdn during snap
   download
 - daemon: change /v2/download API to take "snap-name" as input
 - release: make forced dev mode look at cgroupv2 support
 - seed/seedwriter: support for extra snaps
 - wrappers/services.go: add disabled svc list arg to AddSnapServices
 - overlord/snapstate: add SetTaskSnapSetup helper + unit tests
 - cmd/libsnap: use cgroup.procs instead of tasks
 - tests: fix snapd-failover test for core18 tests on boards
 - overlord/snapstate/policy, etc: introduce policy, move canRemove
   to it
 - seed/seedwriter: cleanups and small left over todos* drive-by: use
   testutil.FilePresent consistently
 - cmd/snap: update 'snap find' help because it's no longer narrow
 - seed/seedwriter,snap/naming: support classic models
 - cmd/snap-confine: unmount /writable from snap view
 - spread.yaml: exclude automake cacheThe error message is looks like
   this:dpkg-source: info: local changes detected, the modified files
   are:
 - interfaces/openvswitch: allow access to other openvswitch sockets
 - cmd/model: don't show model with display-name inline w/ opts
 - daemon: add a 'prune' debug action
 - client: add doTimeout to http.Client{Timeout}
 - interfaces/seccomp: query apparmor sandbox helper rather than
   aggregate info
 - sandbox/cgroup: avoid dependency on dirs
 - seed/seedwriter,snap: support local snaps
 - overlord/snapstate: fix undo on firstboot seeding.
 - usersession: track connections to session agent for exit on idle
   and peer credential checks
 - tests: fix ubuntu-core-device-reg test for arm devices on core18
 - sandbox/seccomp: move the remaining sandbox bits to a
   corresponding sandbox package
 - osutil: generalize SyncDir with FileState interface
 - daemon, client, cmd/snap: include architecture in 'snap version'
 - daemon: allow /v2/assertions/{assertType} to query store
 - gadget: do not fail the update when old gadget snap is missing
   bare content
 - sandbox/selinux: move SELinux related bits from 'release' to
   'sandbox/selinux'
 - tests: add unit test for gadget defaults with a multiline string
 - overlord/snapstate: have more context in the errors about
   prerequisites
 - httputil: set user agent for CONNECT
 - seed/seedwriter: resolve channels using channel.Resolve* for snaps
 - run-checks: allow overriding gofmt binary, show gofmt diff
 - asserts,seed/seedwriter: follow snap type sorting in the model
   assertion snap listings
 - daemon: return "snapname_rev.snap" style when using /v2/download
 - tests: when the backend is external skip the loop waiting for snap
   version
 - many: move AppArmor probing code under sandbox/apparmor
 - cmd: add `snap debug boot-vars` that dumps the current bootvars
 - tests: skip the ubuntu-core-upgrade on arm devices on core18
 - seed/seedwriter: implement WriteMeta and tree16 corresponding code
 - interfaces/docker-support,kubernetes-support: misc updates for
   strict k8s
 - tests: restart the journald service while preparing the test
 - tests/cmd/debug_state: make the test output TZ independent
 - interfaces/kubernetes-support: allow use of /run/flannel
 - seed/seedwriter: start of Writer and internal policy16/tree16
 - sandbox/cgroup, usersession/userd: move cgroup related helper to a
   dedicated package
 - tests: move "centos-7" to unstable systems
 - snapstate: add missing tests for checkGadgetOrKernel
 - docs: Update README.md
 - snapcraft: set license to GPL-3.0
 - interfaces/wayland: allow a confined server running in a user
   session to work with Qt, GTK3 & SDL2 clients
 - selinux: move the package under sandbox/selinux
 - interfaces/udev: account for cgroup version when reporting
   supported features
 - store, ..., client: add a "website" field
 - sanity: sanity check cgroup probing
 - snapstate: increase settleTimeout in
   TestRemodelSwitchToDifferentKernel
 - packaging: remove obsolete usr.lib.snapd.snap-confine in postinst
 - data/selinux: allow snapd/snap to do statfs() on the cgroup
   mountpoint
 - usersession/userd: make sure to export DBus interfaces before
   requesting a name
 - data/selinux: allow snapd to issue sigkill to journalctl
 - docs: Add Code of Conduct
 - store: download propagates options to delta download
 - tests/main/listing: account for dots in ~pre suffix

* Fri Dec 06 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.42.5
 - snap-confine: revert, with comment, explicit unix deny for nested
   lxd
 - Disable mount-ns test on 16.04. It is too flaky currently.

* Thu Nov 28 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.42.4
 - overlord/snapstate: make sure configuration defaults are applied
   only once

* Wed Nov 27 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.42.3
 - overlord/snapstate: pick up system defaults when seeding the snapd
   snap
 - cmd/snap-update-ns: fix overlapping, nested writable mimic
   handling
 - interfaces: misc updates for u2f-devices, browser-support,
   hardware-observe, et al
 - tests: reset failing "fwupd-refresh.service" if needed
 - tests/main/gadget-update-pc: use a program to modify gadget yaml
 - snap-confine: suppress noisy classic snap file_inherit denials

* Wed Nov 20 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.42.2
 - interfaces/lxd-support: Fix on core18
 - tests/main/system-usernames: Amazon Linux 2 comes with libseccomp
   2.4.1 now
 - snap-seccomp: add missing clock_getres_time64
 - cmd/snap-seccomp/syscalls: update the list of known
   syscalls
 - sandbox/seccomp: accept build ID generated by Go toolchain
 - interfaces: allow access to ovs bridge sockets

* Wed Oct 30 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.42.1
 - interfaces: de-duplicate emitted update-ns profiles
 - packaging: tweak handling of usr.lib.snapd.snap-confine
 - interfaces: allow introspecting network-manager on core
 - tests/main/interfaces-contacts-service: disable on openSUSE
   Tumbleweed
 - tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
 - snap: fix default-provider in seed validation
 - tests: update system-usernames test now that opensuse-15.1 works
 - overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
 - gadget: rename "boot{select,img}" -> system-boot-{select,image}
 - tests: listing test, make accepted snapd/core versions consistent

* Tue Oct 01 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.42
 - tests: disable {contacts,calendar}-service tests on debian-sid
 - tests/main/snap-run: disable strace test cases on Arch
 - cmd/system-shutdown: include correct prototype for die
 - snap/naming: add test for hook name connect-plug-i2c
 - cmd/snap-confine: allow digits in hook names
 - gadget: do not fail the update when old gadget snap is missing
   bare content
 - tests: disable {contacts,calendar}-service tests on Arch Linux
 - tests: move "centos-7" to unstable systems
 - interfaces/docker-support,kubernetes-support: misc updates for
   strict k8s
 - packaging: remove obsolete usr.lib.snapd.snap-confine in
   postinst
 - tests: add test that ensures our snapfuse binary actually works
 - packaging: use snapfuse_ll to speed up snapfuse performance
 - usersession/userd: make sure to export DBus interfaces before
   requesting a name
 - data/selinux: allow snapd to issue sigkill to journalctl
 - store: download propagates options to delta download
 - wrappers: allow snaps to install icon theme icons
 - debug: state-inspect debugging utility
 - sandbox/cgroup: introduce cgroup wrappers package
 - snap-confine: fix return value checks for udev functions
 - cmd/model: output tweaks, add'l tests
 - wrappers/services: add ServicesEnableState + unit tests
 - tests: fix newline and wrong test name pointed out in previous PRs
 - tests: extend mount-ns test to handle mimics
 - run-checks, tests/main/go: allow gofmt checks to be skipped on
   19.10
 - tests/main/interfaces-{calendar,contacts}-service: disable on
   19.10
 - tests: part3 making tests work on ubuntu-core-18
 - tests: fix interfaces-timeserver-control on 19.10
 - overlord/snapstate: config revision code cleanup and extra tests
 - devicestate: allow remodel to different kernels
 - overlord,daemon: adjust startup timeout via EXTEND_TIMEOUT_USEC
   using an estimate
 - tests/main/many: increase kill-timeout to 5m
 - interfaces/kubernetes-support: allow systemd-run to ptrace read
   unconfined
 - snapstate: auto transition on experimental.snapd-snap=true
 - tests: retry checking until the written file on desktop-portal-
   filechooser
 - tests: unit test for a refresh failing on configure hook
 - tests: remove mount_id and parent_id from mount-ns test data
 - tests: move classic-ubuntu-core-transition* to nightly
 - tests/mountinfo-tool: proper formatting of opt_fields
 - overlord/configstate: special-case "null" in transaction Changes()
 - snap-confine: fallback gracefully on a cgroup v2 only system
 - tests: debian sid now ships new seccomp, adjust tests
 - tests: explicitly restore after using LXD
 - snapstate: make progress reporting less granular
 - bootloader: little kernel support
 - fixme: rename ubuntu*architectures to dpkg*architectures
 - tests: run dbus-launch inside a systemd unit
 - channel: introduce Resolve and ResolveLocked
 - tests: run failing tests on ubuntu eoan due to is now set as
   unstable
 - systemd: detach rather than unmount .mount units
 - cmd/snap-confine: add unit tests for sc_invocation, cleanup memory
   leaks in tests
 - boot,dirs,image: introduce boot.MakeBootable, use it in image
   instead of ad hoc code
 - cmd/snap-update-ns: clarify sharing comment
 - tests/overlord/snapstate: refactor for cleaner test failures
 - cmd/snap-update-ns: don't propagate detaching changes
 - interfaces: allow reading mutter Xauthority file
 - cmd/snap-confine: fix /snap duplication in legacy mode
 - tests: fix mountinfo-tool filtering when used with rewriting
 - seed,image,o/devicestate: extract seed loading to seed/seed16.go
 - many: pass the rootdir and options to bootloader.Find
 - tests: part5 making tests work on ubuntu-core-18
 - cmd/snap-confine: keep track of snap instance name and the snap
   name
 - cmd: unify die() across C programs
 - tests: add functions to make an abstraction for the snaps
 - packaging/fedora, tests/lib/prepare-restore: helper tool for
   packing sources for RPM
 - cmd/snap: improve help and error msg for snapshot commands
 - hookstate/ctlcmd: fix snapctl set help message
 - cmd/snap: don't append / to snap name just because a dir exists
 - tests: support fastly-global.cdn.snapcraft.io url on proxy-no-core
   test
 - tests: add --quiet switch to retry-tool
 - tests: add unstable stage for travis execution
 - tests: disable interfaces-timeserver-control on 19.10
 - tests: don't guess in is_classic_confinement_supported
 - boot, etc: simplify BootParticipant (etc) usage
 - tests: verify retry-tool not retrying missing commands
 - tests: rewrite "retry" command as retry-tool
 - tests: move debug section after restore
 - cmd/libsnap-confine-private, cmd/s-c: use constants for
   snap/instance name lengths
 - tests: measure behavior of the device cgroup
 - boot, bootloader, o/devicestate: boot env manip goes in boot
 - tests: enabling ubuntu 19.10-64 on spread.yaml
 - tests: fix ephemeral mount table in left over by prepare
 - tests: add version-tool for comparing versions
 - cmd/libsnap: make feature flag enum 1<<N style
 - many: refactor boot/boottest and move to bootloader/bootloadertest
 - tests/cross/go-build: use go list rather than shell trickery
 - HACKING.md: clarify where "make fmt" is needed
 - osutil: make flock test more robust
 - features, overlord: make parallel-installs exported, export flags
   on startup
 - overlord/devicestate:  support the device service returning a
   stream of assertions
 - many: add snap model command, add /v2/model, /v2/model/serial REST
   APIs
 - debian: set GOCACHE dir during build to fix FTBFS on eoan
 - boot, etc.: refactor boot to have a lookup with different imps
 - many: add the start of Core 20 extensions support to the model
   assertion
 - overlord/snapstate: revert track-risk behavior change and
   validation on install
 - cmd/snap,image,seed:  move image.ValidateSeed to
   seed.ValidateFromYaml
 - image,o/devicestate,seed: oops, make sure to clear seedtest
   helpers
 - tests/main/snap-info: update check.py for test-snapd-tools 2.0
 - tests: moving tests to nightly suite
 - overlord/devicestate,seed:  small step, introduce
   seed.LoadAssertions and use it from firstboot
 - snapstate: add comment to checkVersion vs strutil.VersionCompare
 - tests: add unit tests for cmd_whoami
 - tests: add debug section to interfaces-contacts-service
 - many: introduce package seed and seedtest
 - interfaces/bluez: enable communication between bluetoothd and
   meshd via dbus
 - cmd/snap: fix snap switch message
 - overlord/snapstate: check channel names on install
 - tests: check snap_daemon user and group on system-usernames-
   illegal test are not created
 - cmd/snap-confine: fix group and permission of .info files
 - gadget: do not error on gadget refreshes with multiple volumes
 - snap: use deterministic paths to find the built deb
 - tests: just build snapd commands on go-build test
 - tests: re-enable mount-ns test on classic
 - tests: rename fuse_support to fuse-support
 - tests: move restore-project-each code to existing function
 - tests: simplify interfaces-account-control test
 - i18n, vendor, packaging: drop github.com/ojii/gettext.go, use
   github.com/snapcore/go-gettext
 - tests: always say 'restore: |'
 - tests: new test to check the output after refreshing/reverting
   core
 - snapstate: validate all system-usernames before creating them
 - tests: fix system version check on listing test for external
   backend
 - tests: add check for snap_daemon user/group
 - tests: don't look for lxcfs in mountinfo
 - tests: adding support for arm devices on ubuntu-core-device-reg
   test
 - snap: explicitly forbid trying to parallel install from seed
 - tests: remove trailing spaces from shell scripts
 - tests: remove locally installed revisions of core
 - tests: fix removal of snaps on ubuntu-core
 - interfaces: support Tegra display drivers
 - tests: move interfaces-contacts-service to /tmp
 - interfaces/network-manager: allow using
   org.freedesktop.DBus.ObjectManager
 - tests: restore dpkg selections after upgrade-from-2.15 test
 - tests: pass --remove to userdel on core
 - snap/naming: simplify SnapSet somewhat
 - devicestate/firstboot: check for missing bases early
 - httputil: rework protocol error detection
 - tests: unmount fuse connections only if not initially mounted
 - snap: prevent duplicated snap name and snap files when parsing
   seed.yaml
 - tests: re-implement user tool in python
 - image: improve/tweak some warning/error messages
 - cmd/libsnap-confine-private: add checks for parallel instances
   feature flag
 - tests: wait_for_service shows status after actual first minute
 - sanity: report proper errror when fuse is needed but not available
 - snap/naming: introduce SnapRef, Snap, and SnapSet
 - image: support prepare-image --classic for snapd snap only
   imagesConsequently:
 - tests/main/mount-ns: account for clone_children in cpuset cgroup
   on 18.04
 - many:  merging asserts.Batch Precheck with CommitTo and other
   clarifications
 - devicestate: add missing test for remodeling possibly removing
   required flag
 - tests: use user-tool to remove test user in the non-home test
 - overlord/configstate: sort patch keys to have deterministic order
   with snap set
 - many: generalize assertstate.Batch to asserts.Batch, have
   assertstate.AddBatch
 - gadget, overlord/devicestate: rename Position/Layout
 - store, image, cmd: make 'snap download' leave partials
 - httputil: improve http2 PROTOCOL_ERROR detection
 - tests: add new "user-tool" helper and use in system-user tests
 - tests: clean up after NFS tests
 - ifacestate: optimize auto-connect by setting profiles once after
   all connects
 - hookstate/ctlcmd: snapctl unset command
 - tests: allow test user XDG_RUNTIME_DIR to phase out
 - tests: cleanup "snap_daemon" user in system-usernames-install-
   twice
 - cmd/snap-mgmt: set +x on startup
 - interfaces/wayland,x11: allow reading an Xwayland Xauth file
 - many: move channel parsing to snap/channel
 - check-pr-title.py: allow {} in pr prefix
 - tests: spam test logs less while waiting for systemd unit to stop
 - tests: remove redundant activation check for snapd.socket
   snapd.service
 - tests: trivial snapctl test cleanup
 - tests: ubuntu 18.10 removed from the google-sru backend on the
   spread.yaml
 - tests: add new cases into arch_test
 - tests: clean user and group for test system-usernames-install-
   twice
 - interfaces: k8s worker node updates
 - asserts: move Model to its own model.go
 - tests: unmount binfmt_misc on cleanup
 - tests: restore nsdelegate clobbered by LXD
 - cmd/snap: fix snap unset help string
 - tests: unmount fusectl after testing
 - cmd/snap: fix remote snap info for parallel installed snaps

* Fri Aug 30 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.41
 - overlord/snapstate: revert track-risk behavior
 - tests: fix snap info test
 - httputil: rework protocol error detection
 - gadget: do not error on gadget refreshes with multiple volumes
 - i18n, vendor, packaging: drop github.com/ojii/gettext.go, use
   github.com/snapcore/go-gettext
 - snapstate: validate all system-usernames before creating them
 - mkversion.sh: fix version from git checkouts
 - interfaces/network-{control,manager}: allow 'k' on
   /run/resolvconf/**
 - interfaces/wayland,x11: allow reading an Xwayland Xauth file
 - interfaces: k8s worker node updates
 - debian: re-enable systemd environment generator
 - many: create system-usernames user/group if both don't exist
 - packaging: fix symlink for snapd.session-agent.socket
 - tests: change cgroups so that LXD doesn't have to
 - interfaces/network-setup-control: allow dbus netplan apply
   messages
 - tests: add /var/cache/snapd to the snapd state to prevent error on
   the store
 - tests: add test for services disabled during refresh hook
 - many: simpler access to snap-seccomp version-info
 - snap: cleanup some tests, clarify some errorsThis is a follow up
   from work on system usernames:
 - osutil: add osutil.Find{Uid,Gid}
 - tests: use a different archive based on the spread backend on go-
   build test
 - cmd/snap-update-ns: fix pair of bugs affecting refresh of snap
   with layouts
 - overlord/devicestate: detect clashing concurrent (ongoing, just
   finished) remodels or changes
 - interfaces/docker-support: declare controls-device-cgroup
 - packaging: fix removal of old apparmor profile
 - store: use track/risk for "channel" name when parsing store
   details
 - many: allow 'system-usernames' with libseccomp > 2.4 and golang-
   seccomp > 0.9.0
 - overlord/devicestate, tests: use gadget.Update() proper, spread
   test
 - overlord/configstate/configcore: allow setting start_x=1 to enable
   CSI camera on RPi
 - interfaces: remove BeforePrepareSlot from commonInterface
 - many: support system-usernames for 'snap_daemon' user
 - overlord/devicestate,o/snapstate: queue service commands before
   mark-seeded and other final tasks
 - interfaces/mount: discard mount ns on backend Remove
 - packaging/fedora: build on RHEL8
 - overlord/devicestate: support seeding a classic system with the
   snapd snap and no core
 - interfaces: fix test failure in gpio_control_test
 - interfaces, policy: remove sanitize helpers and use minimal policy
   check
 - packaging: use %systemd_user_* macros to enable session agent
   socket according to presets
 - snapstate, store: handle 429s on catalog refresh a little bit
   better
 - tests: part4 making tests work on ubuntu-core-18
 - many: drop snap.ReadGadgetInfo wrapper
 - xdgopenproxy: update test API to match upstream
 - tests: show why sbuild failed
 - data/selinux: allow mandb_t to search /var/lib/snapd
 - tests: be less verbose when checking service status
 - tests: set sbuild test as manual
 - overlord: DeviceCtx must find the remodel context for a remodel
   change
 - tests: use snap info --verbose to check for base
 - sanity: unmount squashfs with --lazy
 - overlord/snapstate: keep current track if only risk is specified
 - interfaces/firewall-control: support nft routing expressions and
   device groups
 - gadget: support for writing symlinks
 - tests: mountinfo-tool fail if there are no matches
 - tests: sync journal log before start the test
 - cmd/snap, data/completion: improve completion for 'snap debug'
 - httputil: retry for http2 PROTOCOL_ERROR
 - Errata commit: pulseaudio still auto-connects on classic
 - interfaces/misc: updates for k8s 1.15 (and greengrass test)
 - tests: set GOTRACEBACK=1 when running tests
 - cmd/libsnap: don't leak memory in sc_die_on_error
 - tests: improve how the system is restored when the upgrade-
   from-2.15 test fails
 - interfaces/bluetooth-control: add udev rules for BT_chrdev devices
 - interfaces: add audio-playback/audio-record and make pulseaudio
   manually connect
 - tests: split the sbuild test in 2 depending on the type of build
 - interfaces: add an interface granting access to AppStream metadata
 - gadget: ensure filesystem labels are unique
 - usersession/agent: use background context when stopping the agent
 - HACKING.md: update spread section, other updates
 - data/selinux: allow snap-confine to read entries on nsfs
 - tests: respect SPREAD_DEBUG_EACH on the main suite
 - packaging/debian-sid: set GOCACHE to a known writable location
 - interfaces: add gpio-control interface
 - cmd/snap: use showDone helper with 'snap switch'
 - gadget: effective structure role fallback, extra tests
 - many: fix unit tests getting stuck
 - tests: remove installed snap on restore
 - daemon: do not modify test data in user suite
 - data/selinux: allow read on sysfs
 - packaging/debian: don't md5sum absent files
 - tests: remove test-snapd-curl
 - tests: remove test-snapd-snapctl-core18 in restore
 - tests: remove installed snap in the restore section
 - tests: remove installed test snap
 - tests: correctly escape mount unit path
 - cmd/Makefile.am: support building with the go snap
 - tests: work around classic snap affecting the host
 - tests: fix typo "current"
 - overlord/assertstate: add Batch.Precheck to check for the full
   validity of the batch before Commit
 - tests: restore cpuset clone_children clobbered by lxd
 - usersession: move userd package to usersession/userd
 - tests: reformat and fix markdown in snapd-state.md
 - gadget: select the right updater for given structure
 - tests: show stderr only if it exists
 - sessionagent: add a REST interface with socket activation
 - tests: remove locally installed core in more tests
 - tests: remove local revision of core
 - packaging/debian-sid: use correct apparmor Depends for Debian
 - packaging/debian-sid: merge debian upload changes back into master
 - cmd/snap-repair: make sure the goroutine doesn't stick around on
   timeout
 - packaging/fedora: github.com/cheggaaa/pb is no longer used
 - configstate/config: fix crash in purgeNulls
 - boot, o/snapst, o/devicest: limit knowledge of boot vars to boot
 - client,cmd/snap: stop depending on status/status-code in the JSON
   responses in client
 - tests: unmount leftover /run/netns
 - tests: switch mount-ns test to manual
 - overlord,daemon,cmd/snapd:  move expensive startup to dedicated
   StartUp methods
 - osutil: add EnsureTreeState helper
 - tests: measure properties of various  mount namespaces
 - tests: part2 making tests work on ubuntu-core-18
 - interfaces/policy: minimal policy check for replacing
   sanitizeReservedFor helpers (1/2)
 - interfaces: add an interface that grants access to the PackageKit
   service
 - overlord/devicestate: update gadget update handlers and mocks
 - tests: add mountinfo-tool --ref-x1000
 - tests: remove lxd / lxcfs if pre-installed
 - tests: removing support for ubuntu cosmic on spread test suite
 - tests: don't leak /run/netns mount
 - image: clean up the validateSuite
 - bootloader: remove "Dir()" from Bootloader interface
 - many: retry to reboot if snapd gets restarted before expected
   reboot
 - overlord: implement re-registration remodeling
 - cmd: revert PR#6933 (tweak of GOMAXPROCS)
 - cmd/snap: add snap unset command
 - many: add Client-User-Agent to "SnapAction" install API call
 - tests: first part making tests run on ubuntu-core-18
 - hookstate/ctlcmd: support hidden commands in snapctl
 - many: replace snapd snap name checks with type checks (3/4)
 - overlord: mostly stop needing Kernel/CoreInfo, make GadgetInfo
   consider a DeviceContext
 - snapctl: handle unsetting of config options with "!"
 - tests: move core migration snaps to tests/lib/snaps dir
 - cmd/snap: handle unsetting of config options with "!"
 - cmd/snap, etc: add health to 'snap list' and 'snap info'
 - gadget: use struct field names when intializing data in mounted
   updater unit tests
 - cmd/snap-confine: bring /lib/firmware from the host
 - snap: set snapd snap type (1/4)
 - snap: add checks in validate-seed for missing base/default-
   provider
 - daemon: replace shutdownServer with net/http's native shutdown
   support
 - interfaces/builtin: add exec "/bin/runc" to docker-support
 - gadget: mounted filesystem updater
 - overlord/patch: simplify conditions for re-applying sublevel
   patches for level 6
 - seccomp/compiler: adjust test case names and comment for later
   changes
 - tests: fix error doing snap pack running failover test
 - tests: don't preserve size= when rewriting mount tables
 - tests: allow reordering of rewrite operations
 - gadget: main update routine
 - overlord/config: normalize nulls to support config unsetting
   semantics
 - snap-userd-autostart: don't list as a startup application on the
   GUI
 - tests: renumber snap revisions as seen via writable
 - tests: change allocation for mount options
 - tests: re-enable ns-re-associate test
 - tests: mountinfo-tool allow many --refs
 - overlord/devicestate: implement reregRemodelContext with the
   essential re-registration logic
 - tests: replace various numeric mount options
 - gadget: filesystem image writer
 - tests: add more unit tests for mountinfo-tool
 - tests: introduce mountinfo-tool --ref feature
 - tests: refactor mountinfo-tool rewrite state
 - tests: allow renumbering mount namespace identifiers
 - snap: refactor and explain layout blacklisting
 - tests: renumber snap revisions as seen via hostfs
 - daemon, interfaces, travis: workaround build ID with Go 1.9, use
   1.9 for travis tests
 - cmd/libsnap: add sc_error_init_{simple,api_misuse}
 - gadget: make raw updater handle shifted structures
 - tests/lib/nested: create WORK_DIR before accessing it
 - cmd/libsnap: rename SC_LIBSNAP_ERROR to SC_LIBSNAP_DOMAIN
 - cmd,tests: forcibly discard mount namespace when bases change
 - many: introduce healthstate, run check-health
   post-(install/refresh/try/revert)
 - interfaces/optical-drive: add scsi-generic type 4 and 5 support
 - cmd/snap-confine: exit from helper when parent dies

* Fri Jul 12 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.40
 - overlord/patch: simplify conditions for re-applying sublevel
   patches for level 6
 - cmd,tests: forcibly discard mount namespace when bases change
 - cmd/snap-confine: handle device cgroup before pivot
 - cmd/snap-apparmor-service: quit if there are no profiles
 - cmd/snap, image: add --target-directory and --basename to 'snap
   download'
 - interfaces: add jack1 implicit classic interface
 - interfaces: miscellaneous policy updates
 - daemon: classic confinement is not supported on core
 - interfaces: bluetooth-control: add mtk BT device node
 - cmd/snap-seccomp: initial support for negative arguments with
   uid/gid caching
 - snap-confine: move seccomp load after permanent privilege drop
 - tests: new profiler snap used to track cpu and memory for snapd
   and snap commands
 - debian: make maintainer scripts do nothing on powerpc
 - gadget: mounted filesystem writer
 - cmd/snap: use padded checkers for snapshot output
 - bootloader: switch to bootloader_test style testing
 - gadget: add a wrapper for generating partitioned images with
   sfdisk
 - tests/main/snap-seccomp-syscalls: add description
 - tests: continue executing on errors either updating the repo db or
   installing dependencies
 - cmd/snap-seccomp/syscalls: add io_uring syscalls
 - systemd: add InstanceMode enumeration to control which systemd
   instance to control
 - netutil: extract socket activation helpers from daemon package.
 - interfaces: spi: update regex rules to accept spi nodes like
   spidev12345.0
 - gadget: fallback device lookup
 - many: add strutil.ElliptLeft, use it for shortening cohorts
 - wrappers: allow sockets under $XDG_RUNTIME_DIR
 - gadget: add wrapper for creating and populating filesystems
 - gadget: add writer for offset-write
 - gadget: support relative symlinks in device lookup
 - snap, snapstate: additional validation of base field
 - many: fix some races and missing locking, make sure UDevMonitor is
   stopped
 - boot: move ExtractKernelAssets
 - daemon, snap: screenshots _only_ shows the deprecation notice,
   from 2.39
 - osutil: add a workaround for overlayfs apparmor as it is used on
   Manjaro
 - snap: introduce GetType() function for snap.Info
 - tests: update systems to be used for during sru validation
 - daemon: increase `shutdownTimeout` to 25s to deal with slow
   HW
 - interfaces/network-manager: move deny ptrace to the connected slot
 - interfaces: allow locking of pppd files
 - cmd/snap-exec: fix snap completion for classic snaps with non
   /usr/lib/snapd libexecdir
 - daemon: expose pprof endpoints
 - travis: disable snap pack on OSX
 - client, cmd/snap: expose the new cohort options for snap ops
 - overlord/snapstate: tweak switch summaries
 - tests: reuse the image created initially for nested tests
   execution
 - tests/lib/nested: tweak assert disk prepare step
 - daemon, overlord/snapstate: support leave-cohort
 - tests/main/appstream-id: collect debug info
 - store,daemon: add client-user-agent support to store.SnapInfo
 - tests: add check for invalid PR titles in the static checks
 - tests: add snap-tool for easier access to internal tools
 - daemon: unexport file{Response,Stream}
 - devicestate: make TestUpdateGadgetOnClassicErrorsOut less racy
 - tests: fix test desktop-portal-filechooser
 - tests: sort commands from DumpCommands in the dumpDbHook
 - cmd/snap: add unit test for "advise-snap --dump-db".
 - bootloader: remove extra mock bootloader implementation
 - daemon: tweak for "add api endpoint for download" PR
 - packaging: fix reproducible build error
 - tests: synchronize journal logs before check logs
 - tests: fix snap service watchdog test
 - tests: use more readable test directory names
 - tests/regression/lp-1805485: update test description
 - overlord: make changes conflict with remodel
 - tests: make sure the snapshot unit test uses a snapshot time
   relative to Now()
 - tests: revert "tests: stop catalog-update/apt-hooks test for now"
 - tests: mountinfo-tool --one prints matches on failure
 - data/selinux: fix policy for snaps with bases and classic snaps
 - debian: fix building on eoan by tweaking golang build-deps
 - packaging/debian-sid: update required golang version to 1.10
 - httputil: handle "no such host" error explicitly and do not retry
   it
 - overlord/snapstate, & fallout: give Install a *RevisionOptions
 - cmd/snap: don't run install on 'snap --help install'
 - gadget: raw/bare structure writer and updater
 - daemon, client, cmd/snap: show cohort key in snap info --verbose
 - overlord/snapstate: add update-gadget task when needed, block
   other changes
 - image: turn a missing default content provider into an error
 - overlord/devicestate: update-gadget-assets task handler with
   stubbed gadget callbacks
 - interface: builtin: avahi-observe/control: update label for
   implicit slot
 - tests/lib/nested: fix multi argument copy_remote
 - tests/lib/nested: have mkfs.ext4 use a rootdir instead of mounting
   an image
 - packaging: fix permissions powerpc docs dir
 - overlord: mock store to avoid net requests
 - debian: rework how we run autopkgtests
 - interface: builtin: avahi-observe/control: allow slots
   implementation also by app snap on classic system
 - interfaces: builtin: utils: add helper function to identify system
   slots
 - interfaces: add missing adjtimex to time-control
 - overlord/snapstate, snap: support base = "none"
 - daemon, overlord/snapstate: give RevisionOptions a CohortKey
 - data/selinux: permit init_t to remount snappy_snap_t
 - cmd/snap: test for a friendly error on 'okay' without 'warnings'
 - cmd/snap: support snap debug timings --startup=.. and measure
   loadState time
 - advise-snap: add --dump-db which dumps the command database
 - interfaces/docker-support: support overlayfs on ubuntu core
 - cmd/okay: Remove err message when warning file not exist
 - devicestate: disallow removal of snaps used in booting early
 - packaging: fix build-depends on powerpc
 - tests: run spread tests on opensuse leap 15.1
 - strutil/shlex: fix ineffassign
 - cmd/snapd: ensure GOMAXPROCS is at least 2
 - cmd/snap-update-ns: detach unused mount points
 - gadget: record gadget root directory used during positioning
 - tests: force removal to prevent restore fails when directory
   doesn't exist on lp-1801955 test
 - overlord: implement store switch remodeling
 - tests: stop using ! for naive negation in shell scripts
 - snap,store,daemon,client: send new "Snap-Client-User-Agent" header
   in Search()
 - osutil: now that we require golang-1.10, use user.LookupGroup()
 - spread.yaml,tests: change MATCH and REBOOT to cmds
 - packaging/fedora: force external linker to ensure static linking
   and -extldflags use
 - timings: tweak the conditional for ensure timings
 - timings: always store ensure timings as long as they have an
   associated change
 - cmd/snap: tweak the output of snap debug timings --ensure=...
 - overlord/devicestate: introduce remodel kinds and
   contextsregistrationContext:
 - snaptest: add helper for mocking snap with contents
 - snapstate: allow removal of non-model kernels
 - tests: change strace parameters on snap-run test to avoid the test
   gets stuck
 - gadget: keep track of the index where structure content was
   defined
 - cmd/snap-update-ns: rename leftover ctx to upCtx
 - tests: add "not" command
 - spread.yaml: use "snap connections" in debug
 - tests: fix how strings are matched on auto-refresh-retry test
 - spread-shellcheck: add support for variants and environment
 - gadget: helper for shifting structure start position
 - cmd/snap-update-ns: add several TODO comments
 - cmd/snap-update-ns: rename ctx to upCtx
 - spread.yaml: make HOST: usage shellcheck-clean
 - overlord/snapstate, daemon: snapstate.Switch now takes a
   RevisionOption
 - tests: add mountinfo-tool
 - many: make snapstate.Update take *RevisionOptions instead of chan,
   rev
 - tests/unit/spread-shellcheck: temporary workaround for SC2251
 - daemon: refactor user ops to api_users
 - cmd/snap, tests: refactor info to unify handling of 'direct' snaps
 - cmd/snap-confine: combine sc_make_slave_mount_ns into caller
 - cmd/snap-update-ns: use "none" for propagation changes
 - cmd/snap-confine: don't pass MS_SLAVE along with MS_BIND
 - cmd/snap, api, snapstate: implement "snap remove --purge"
 - tests: new hotplug test executed on ubuntu core
 - tests: running tests on fedora 30
 - gadget: offset-write: fix validation, calculate absolute position
 - data/selinux: allow snap-confine to do search on snappy_var_t
   directories
 - daemon, o/snapstate, store: support for installing from cohorts
 - cmd/snap-confine: do not mount over non files/directories
 - tests: validates snapd from ppa
 - overlord/configstate: don't panic on invalid configuration
 - gadget: improve device lookup, add helper for mount point lookup
 - cmd/snap-update-ns: add tests for executeMountProfileUpdate
 - overlord/hookstate: don't run handler unless hooksup.Always
 - cmd/snap-update-ns: allow changing mount propagation
 - systemd: workaround systemctl show quirks on older systemd
   versions
 - cmd/snap: allow option descriptions to start with the command
 - many: introduce a gadget helper for locating device matching given
   structure
 - cmd/snap-update-ns: fix golint complaints about variable names
 - cmd/snap: unit tests for debug timings
 - testutil: support sharing-related mount flags
 - packaging/fedora: Merge changes from Fedora Dist-Git and drop EOL
   Fedora releases
 - cmd/snap: support for --ensure argument for snap debug timings
 - cmd,sandbox: tweak seccomp version info handling
 - gadget: record sector size in positioned volume
 - tests: make create-user test support managed devices
 - packaging: build empty package on powerpc
 - overlord/snapstate: perform hard refresh check
 - gadget: add volume level update checks
 - cmd/snap: mangle descriptions that have indent > terminal width
 - cmd/snap-update-ns: rename applyFstab to executeMountProfileUpdate
 - cmd/snap-confine: unshare per-user mount ns once
 - tests: retry govendor sync
 - tests: avoid removing snaps which are cached to speed up the
   prepare on boards
 - tests: fix how the base snap are deleted when there are multiple
   to deleted on reset
 - cmd/snap-update-ns: merge apply functions
 - many: introduce assertstest.SigningAccounts and AddMany test
   helpers
 - interfaces: special-case "snapd" in sanitizeSlotReservedForOS*
   helpers
 - cmd/snap-update-ns: make apply{User,System}Fstab identical
 - gadget: introduce checkers for sanitizing structure updates
 - cmd/snap-update-ns: move apply{Profile,{User,System}Fstab} to same
   file
 - overlord/devicestate: introduce registrationContext
 - cmd/snap-update-ns: add no-op load/save current user profile logic
 - devicestate: set "new-model" on the remodel change
 - devicestate: use deviceCtx in checkGadgetOrKernel
 - many: use a fake assertion model in the device contexts for tests
 - gadget: fix handling of positioning constrains for structures of
   MBR role
 - snap-confine: improve error when running on a not /home homedir
 - devicestate: make Remodel() return a state.Change
 - many: make which store to use contextualThis reworks
   snapstate.Store instead of relying solely on DeviceContext,
   because:
 - tests: enable tests on centos 7 again
 - interfaces: add login-session-control interface
 - tests: extra debug for snapshot-basic test
 - overlord,overlord/devicestate: do without GadgetInfo/KernelInfo in
   devicestate
 - gadget: more validation checks for legacy MBR structure type &
   role
 - osutil: fix TestReadBuildGo test in sbuild
 - data: update XDG_DATA_DIRS via the systemd environment.d mechanism
   too
 - many: do without device state/assertions accessors based on state
   only outside of devicestate/tests
 - interfaces/dbus: fix unit tests when default snap mount dir is not
   /snap
 - tests: add security-seccomp to verify seccomp with arg filtering
 - snapshotstate: disable automatic snapshots on core for now
 - snapstate: auto-install snapd when needed
 - overlord/ifacestate: update static attributes of "content"
   interface
 - interfaces: add support for the snapd snap in the dbus backend*
 - overlord/snapstate: tweak autorefresh logic if network is not
   available
 - snapcraft: also include ld.so.conf from libc in the snapcraft.yml
 - snapcraft.yaml: fix links ld-linux-x86-64.so.2/ld64.so.2
 - overlord: pass a DeviceContext to the checkSnap implementations
 - daemon: add RootOnly flag to commands
 - many:  make access to the device model assertion etc contextual
   via a DeviceCtx hook/DeviceContext interface
 - snapcraft.yaml: include libc6 in snapd
 - tests: reduce snapcraft leftovers from PROJECT_PATH,  temp disable
   centos
 - overlord: make the store context composably backed by separate
   backends for device asserts/info etc.
 - snapstate: revert "overlord/snapstate: remove PlugsOnly"
 - osutil,cmdutil: move CommandFromCore and make it use the snapd
   snap (if available)
 - travis: bump Go version to 1.10.x
 - cmd/snap-update-ns: remove instanceName argument from applyProfile
 - gadget: embed volume in positioned volume, rename fields
 - osutil: use go build-id when no gnu build-id is available
 - snap-seccomp: add 4th field to version-info for golang-seccomp
   features
 - cmd/snap-update-ns: merge computeAndSaveSystemChanges into
   applySystemFstab
 - cmd/snap, client, daemon, store: create-cohort
 - tests: give more time until nc returns on appstream test
 - tests: run spread tests on ubuntu 19.04
 - gadget: layout, smaller fixes
 - overlord: update static attrs when reloading connections
 - daemon: verify snap instructions for multi-snap requests
 - overlord/corecfg: make expiration of automatic snapshots
   configurable (4/4)
 - cmd/snap-update-ns: pass MountProfileUpdate to
   apply{System,User}Fstab
 - snap: fix interface bindings on implicit hooks
 - tests: improve how snaps are cached
 - cmd/snap-update-ns: formatting tweaks
 - data/selinux: policy tweaks
 - cmd/snap-update-ns: move locking to the common layer
 - overlord: use private YAML inside several tests
 - cmd/snap, store, image: support for cohorts in "snap download"
 - overlord/snapstate: add timings to critical task handlers and the
   backend
 - cmd: add `snap debug validate-seed <path>` cmd
 - state: add possible error return to TaskSet.Edge()
 - snap-seccomp: use username regex as defined in osutil/user.go
 - osutil: make IsValidUsername public and fix regex
 - store: serialize the acquisition of device sessions
 - interfaces/builtin/desktop: fonconfig v6/v7 cache handling on
   Fedora
 - many: move Device/SetDevice to devicestate, start of making them
   pluggable in storecontext
 - overlord/snapstate: remove PlugsOnly
 - interfaces/apparmor: allow running /usr/bin/od
 - spread: add qemu:fedora-29-64
 - tests: make test parallel-install-interfaces work for boards with
   pre-installed snaps
 - interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern
 - spread.yaml: add qemu:centos-7-64
 - overlord/devicestate: extra measurements related to
   populateStateFromSeed
 - cmd/snap-update-ns: move Assumption to {System,User}ProfileUpdate
 - cmd/libsnap: remove fringe error function
 - gadget: add validation of cross structure overlap and offset
   writes
 - cmd/snap-update-ns: refactor of profile application (3/N)
 - data/selinux: tweak the policy for runuser and s-c, interpret
   audit entries
 - tests: fix spaces issue in the base snaps names to remove during
   reset phase
 - tests: wait for man db cache is updated before after install snapd
   on Fedora
 - tests: extend timeout of sbuild test

* Fri Jun 21 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.39.3
  - daemon: increase `shutdownTimeout` to 25s to deal with slow HW
  - spread: run tests against openSUSE 15.1
  - data/selinux: fix policy for snaps with bases and classic snaps

* Wed Jun 05 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.39.2
 - debian: rework how we run autopkgtests
 - interfaces/docker-support: add overlayfs accesses for ubuntu core
 - data/selinux: permit init_t to remount snappy_snap_t
 - strutil/shlex: fix ineffassign
 - packaging: fix build-depends on powerpc

* Wed May 29 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.39.1
 - spread: enable Fedora 30
 - cmd/snap-confine, data/selinux: cherry pick Fedora 30 fixes
 - tests/unit/spread-shellcheck: temporary workaround for SC2251
 - packaging: build empty package on powerpc
 - interfaces: special-case "snapd" in sanitizeSlotReservedForOS*
   helper
 - cmd/snap: mangle descriptions that have indent > terminal width
 - cmd/snap-confine: unshare per-user mount ns once
 - tests: avoid adding spaces to the base snaps names
 - systemd: workaround systemctl show quirks on older systemd
   versions

* Mon May 06 2019 Neal Gompa <ngompa13@gmail.com> - 2.39-1
- Release 2.39 to Fedora (RH#1699087)
- Enable basic SELinux integration
- Fix changelog entry to fix build for EPEL 7
- Exclude bash and POSIX sh shebangs from mangling (LP:1824158)
- Drop some old pre Fedora 28 logic

* Fri May 03 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.39
 - overlord/ifacestate: update static attributes of "content"
   interface
 - data/selinux: tweak the policy for runuser and s-c, interpret
   audit entries
 - snapshotstate: disable automatic snapshots on core for now
 - overlord/corecfg: make expiration of automatic snapshots
   configurable
 - snapstate: auto-install snapd when needed
 - interfaces: add support for the snapd snap in the dbus backend
 - overlord/snapstate: tweak autorefresh logic if network is not
   available
 - interfaces/apparmor: allow running /usr/bin/od
 - osutil,cmdutil: move CommandFromCore and make it use the snapd
   snap (if available)
 - daemon: also verify snap instructions for multi-snap requests
 - data/selinux: allow snap-confine to mount on top of bin
 - data/selinux: auto transition /var/snap to snappy_var_t
 - cmd: add `snap debug validate-seed <path>` cmd
 - interfaces/builtin/desktop: fonconfig v6/v7 cache handling on
   Fedora
 - interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern
 - tests: make snap-connections test work on boards with snaps pre-
   installed
 - tests: check for /snap/core16/current in core16-provided-by-core
 - tests: run livepatch test on 18.04 as well
 - devicestate: deal correctly with the "required" flag on Remodel
 - snapstate,state: add TaskSet.AddAllWithEdges() and use in doUpdate
 - snapstate: add new NoReRefresh flag and use in Remodel()
 - many: allow core as a fallback for core16
 - snapcraft: build static fontconfig in the snapd snap
 - cmd/snap-confine: remove unused sc_open_snap_{update,discard}_ns
 - data/selinux: allow snapd to execute runuser under snappy_t
 - spread, tests: do not leave mislabeled files in restorecon test,
   attempt to catch similar files
 - interfaces: cleanup internal tool lookup in system-key
 - many: move auth.AuthContext to store.DeviceAndAuthContext, the
   implemention to a separate storecontext packageThis:
 - overlord/devicestate: measurements around ensure and related tasks
 - cmd: tweak internal tool lookup to accept more possible locations
 - overlord/snapstate,snapshotstate: create snapshot on snap removal
 - tests: run smoke tests on (almost) pristine systems
 - tests: system disable ssh for config defaults in gadget
 - cmd/debug: integrate new task timings with "snap debug timings"
 - tests/upgrade/basic, packaging/fedoar: restore SELinux context of
   /var/cache/fontconfig, patch pre-2.39 mount units
 - image: simplify prefer local logic  and fixes
 - tests/main/selinux-lxd: make sure LXD from snaps works cleanly
   with enforcing SELinux
 - tests: deny ioctl - TIOCSTI with garbage in high bits
 - overlord: factor out mocking of device service and gadget w.
   prepare-device for registration tests
 - data/selinux, tests/main/selinux-clean: fine tune the policy, make
   sure that no denials are raised
 - cmd/libsnap,osutil: fix parsing of mountinfo
 - ubuntu: disable -buildmode=pie on armhf to fix memory issue
 - overlord/snapstate: inhibit refresh for up to a week
 - cmd/snap-confine: prevent cwd restore permission bypass
 - overlord/ifacestate: introduce HotplugKey type use short key in
   change summaries
 - many: make Remodel() download everything first before installing
 - tests: fixes discovered debugging refresh-app-awareness
 - overlord/snapstate: track time of postponed refreshes
 - snap-confine: set rootfs_dir in sc_invocation struct
 - tests: run create-user on core devices
 - boot: add flag file "meta/force-kernel-extraction"
 - tests: add regression test for systemctl race fix
 - overlord/snapshotstate: helpers for snapshot expirations
 - overlord,tests: perform soft refresh check in doInstall
 - tests: enable tests that write /etc/{hostname,timezone} on core18
 - overlord/ifacestate: implement String() method of
   HotplugDeviceInfo for better logs/messages
 - cmd/snap-confine: move ubuntu-core fallback checks
 - testutil: fix MockCmd for shellcheck 0.5
 - snap, gadget: move gadget read/validation into separate package,
   tweak naming
 - tests: split travis spread execution in 2 jobs for ubuntu and non
   ubuntu systems
 - testutil: make mocked command work with shellcheck from snaps
 - packaging/fedora, tests/upgrade/basic: patch existing mount units
   with SELinux context on upgrade
 - metautil, snap: extract yaml value normalization to a helper
   package
 - tests: use apt via eatmydata
 - dirs,overlord/snapstate: add Soft and Hard refresh checks
 - cmd/snap-confine: allow using tools from snapd snap
 - cmd,interfaces: replace local helpers with cmd.InternalToolPath
 - tweak: fix "make hack" on Fedora
 - snap: add validation of gadget.yaml
 - cmd/snap-update-ns: refactor of profile application
 - cmd/snap,client,daemon,store: layout and sanity tweaks for
   find/search options
 - tests: add workaround for missing cache reset on older snapd
 - interfaces: deal with the snapd snap correctly for apparmor 2.13
 - release-tools: add debian-package-builder
 - tests: enable opensuse 15 and add force-resolution installing
   packages
 - timings: AddTag helper
 - testutil: run mocked commands through shellcheck
 - overlord/snapshotstate: support auto flag
 - client, daemon, store: search by common-id
 - tests: all the systems for google backend with 6 workers
 - interfaces: hotplug nested vm test, updated serial-port interface
   for hotplug.
 - sanity: use proper SELinux context when mounting squashfs
 - cmd/libsnap: neuter variables in cleanup functions
 - interfaces/adb-support: account for hubs on sysfs path
 - interfaces/seccomp: regenerate changed profiles only
 - snap: reject layouts to /lib/{firmware,modules}
 - cmd/snap-confine, packaging: support SELinux
 - selinux, systemd: support mount contexts for snap images
 - interfaces/builtin/opengl: allow access to Tegra X1
 - cmd/snap: make 'snap warnings' output yamlish
 - tests: add check to detect a broken snap on reset
 - interfaces: add one-plus devices to adb-support
 - cmd: prevent umask from breaking snap-run chain
 - tests/lib/pkgdb: allow downgrade when installing packages in
   openSUSE
 - cmd/snap-confine: use fixed private tmp directory
 - snap: tweak parsing errors of gadget updates
 - overlord/ifacemgr: basic measurements
 - spread: refresh metadata on openSUSE
 - cmd/snap-confine: pass sc_invocation instead of numerous args
   around
 - snap/gadget: introduce volume update info
 - partition,bootloader: rename 'partition' package to 'bootloader'
 - interfaces/builtin: add dev/pts/ptmx access to docker_support
 - tests: restore sbuild test
 - strutil: make SplitUnit public, allow negative numbers
 - overlord/snapstate,: retry less for auto-stuff
 - interfaces/builtin: add add exec "/" to docker-support
 - cmd/snap: fix regression of snap saved command
 - cmd/libsnap: rename C enum for feature flag
 - cmd: typedef mountinfo structures
 - tests/main/remodel: clean up before reverting the state
 - cmd/snap-confine: umount scratch dir using UMOUNT_NOFOLLOW
 - timings: add new helpers, Measurer interface and DurationThreshold
 - cmd/snap-seccomp: version-info subcommand
 - errortracker: fix panic in Report if db cannot be opened
 - sandbox/seccomp: a helper package wrapping calls to snap-seccomp
 - many: add /v2/model API, `snap remodel` CLI and spread test
 - tests: enable opensuse tumbleweed back
 - overlord/snapstate, store: set a header when auto-refreshing
 - data/selinux, tests: refactor SELinux policy, add minimal tests
 - spread: restore SELinux context when we mess with system files
 - daemon/api: filter connections with hotplug-gone=true
 - daemon: support returning assertion information as JSON with the
   "json" query parameter
 - cmd/snap: hide 'interfaces' command, show deprecation notice
 - timings: base API for recording timings in state
 - cmd/snap-confine: drop unused dependency on libseccomp
 - interfaces/apparmor: factor out test boilerplate
 - daemon: extract assertions api endpoint implementation into
   api_asserts.go
 - spread.yaml: bump delta reference
 - cmd/snap-confine: track per-app and per-hook processes
 - cmd/snap-confine: make sc_args helpers const-correct
 - daemon: move a function that was between an other struct and its
   methods
 - overlord/snapstate: fix restoring of "old-current" revision config
   in undoLinkSnap
 - cmd/snap, client, daemon, ifacestate: show a leading attribute of
   a connection
 - cmd/snap-confine: call sc_should_use_normal_mode once
 - cmd/snap-confine: populate enter_non_classic_execution_environment
 - daemon: allow downloading snaps blobs via .../file
 - cmd/snap-confine: introduce sc_invocation
 - devicestate: add initial Remodel support
 - snap: remove obsolete license-* fields in the yaml
 - cmd/libsnap: add cgroup-pids-support module
 - overlord/snapstate/backend: make LinkSnap clean up more
 - snapstate: only keep 2 snaps on classic
 - ctlcmd/tests: tests tweaks (followup to #6322)

* Tue Apr 23 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.38-3
- Rebuilt for fix in golang-github-seccomp-libseccomp-golang

* Fri Apr 05 2019 Neal Gompa <ngompa13@gmail.com> - 2.38-2
- Readd snapd-login-service Provides for gnome-software for F29 and older

* Thu Mar 21 2019 Neal Gompa <ngompa13@gmail.com> - 2.38-1
- Release 2.38 to Fedora (RH#1691296)
- Switch to officially released main source tarball
- Drop obsolete snapd-login-service Provides

* Thu Mar 21 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.38
 - overlord/snapstate,: retry less for auto-stuff
 - cmd/snap: fix regression of snap saved command
 - interfaces/builtin: add dev/pts/ptmx access to docker_support
 - overlord/snapstate, store: set a header when auto-refreshing
 - interfaces/builtin: add add exec "/" to docker-support
 - cmd/snap, client, daemon, ifacestate: show a leading attribute of
   a connection
 - interface: avahi-observe: Fixing socket permissions on 4.15
   kernels
 - tests: check that apt works before using it
 - apparmor: support AppArmor 2.13
 - snapstate: restart into the snapd snap on classic
 - overlord/snapstate: during refresh, re-refresh on epoch bump
 - cmd, daemon: split out the common bits of mapLocal and mapRemote
 - cmd/snap-confine: chown private /tmp to root.root
 - cmd/snap-confine: drop uid from random /tmp name
 - overlord/hookstate: apply pending transaction changes onto
   temporary configuration for snapctl get
 - cmd/snap: `snap connections` command
 - interfaces/greengrass_support: update accesses for GGC 1.8
 - cmd/snap, daemon: make the connectivity check use GET
 - interfaces/builtin,/udev: add spec support to disable udev +
   device cgroup and use it for greengrass
 - interfaces/intel-mei: small follow up tweaks
 - ifacestate/tests: fix/improve udev mon test
 - interfaces: add multipass-support interface
 - tests/main/high-user-handling: fix the test for Go 1.12
 - interfaces: add new intel-mei interface
 - systemd: decrease the checker counter before unlocking otherwise
   we can get spurious panics
 - daemon/tests: fix race in the disconnect conflict test
 - cmd/snap-confine: allow moving tasks to pids cgroup
 - tests: enable opensuse tumbleweed on spread
 - cmd/snap: fix `snap services` completion
 - ifacestate/hotplug: integration with udev monitor
 - packaging: build snapctl as a static binary
 - packaging/opensuse: move most logic to snapd.mk
 - overlord: fix ensure before slowness on Retry
 - overlord/ifacestate: fix migration of connections on upgrade from
   ubuntu-core
 - daemon, client, cmd/snap: debug GETs ask aspects, not actions
 - tests/main/desktop-portal-*: fix handling of python dependencies
 - interfaces/wayland: allow wayland server snaps function on classic
   too
 - daemon, client, cmd/snap: snap debug base-declaration
 - tests: run tests on opensuse leap 15.0 instead of 42.3
 - cmd/snap: fix error messages for snapshots commands if ID is not
   uint
 - interfaces/seccomp: increase filter precision
 - interfaces/network-manager: no peer label check for hostname1
 - tests: add a tests for xdg-desktop-portal integration
 - tests: not checking 'tracking channel' after refresh core on
   nested execution
 - tests: remove snapweb from tests
 - snap, wrappers: support StartTimeout
 - wrappers: Add an X-SnapInstanceName field to desktop files
 - cmd/snap: produce better output for help on subcommands
 - tests/main/nfs-support: use archive mode for creating fstab backup
 - many: collect time each task runs and display it with `snap debug
   timings <id>`
 - tests: add attribution to helper script
 - daemon: make ucrednetGet not loop
 - squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
 - features,cmd/libsnap: add new feature "refresh-app-awareness"
 - overlord: fix random typos
 - interfaces/seccomp: generate global seccomp profile
 - daemon/api: fix error case for disconnect conflict
 - overlord/snapstate: add some randomness to the catalog refresh
 - tests: disable trusty-proposed for now
 - tests: fix upgrade-from-2.15 with kernel 4.15
 - interfaces/apparmor: allow sending and receiving signals from
   ourselves
 - tests: split the test interfaces-many in 2 and remove snaps on
   restore
 - tests: use snap which takes 15 seconds to install on retryable-
   error test
 - packaging: avoid race in snapd.postinst
 - overlord/snapstate: discard mount namespace when undoing 1st link
   snap
 - cmd/snap-confine: allow writes to /var/lib/**
 - tests: stop catalog-update test for now
 - tests/main/auto-refresh-private: make sure to actually download
   with the expired macaroon
 - many: save media info when installing, show it when listing
 - userd: handle help urls which requires prepending XDG_DATA_DIRS
 - tests: fix NFS home mocking
 - tests: improve snaps-system-env test
 - tests: pre-cache core on core18 systems
 - interfaces/hotplug: renamed RequestedSlotSpec to ProposedSlot,
   removed Specification
 - debian: ensure leftover usr.lib.snapd.snap-confine is gone
 - image,cmd/snap,tests: introduce support for modern prepare-image
   --snap <snap>[=<channel>]
 - overlord/ifacestate: tweak logic for generating unique slot names
 - packaging: import debian salsa packaging work, add sbuild test and
   use in spead
 - overlord/ifacestate: hotplug-add-slot handler
 - image,cmd/snap:  simplify --classic-arch to --arch, expose
   prepare-image
 - tests: run test snap as user in the smoke test
 - cmd/snap: tweak man output to have no doubled up .TP lines
 - cmd/snap, overlord/snapstate: silently ignore classic flag when a
   snap is strictly confined
 - snap-confine: remove special handling of /var/lib/jenkins
 - cmd/snap-confine: handle death of helper process
 - packaging: disable systemd environment generator on 18.04
 - snap-confine: fix classic snaps for users with /var/lib/* homedirs
 - tests/prepare: prevent console-conf from running
 - image: bootstrapToRootDir => setupSeed
 - image,cmd/snap,tests:  introduce prepare-image --classic
 - tests: update smoke/sandbox test for armhf
 - client, daemon: introduce helper for querying snapd API for the
   list of slot/plug connections
 - cmd/snap-confine: refactor and cleanup of seccomp loading
 - snapstate, snap: allow update/switch requests with risk only
   channel to DTRT
 - interfaces: add network-manager-observe interface
 - snap-confine: increase locking timeout to 30s
 - snap-confine: fix incorrect "sanity timeout 3s" message
 - snap-confine: provide proper error message on sc_sanity_timeout
 - snapd,state: improve error message on state reading failure
 - interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
 - snap: fix reexec from the snapd snap for classic snaps
 - snap: fix hook autodiscovery for parallel installed snaps
 - overlord/snapstate: format the refresh time for the log
 - cmd/snap-confine: add special case for Jenkins
 - snapcraft.yaml: fix XBuildDeb PATH for go-1.10
 - overlord/snapstate: validate instance names early
 - overlord/ifacestate: handler for hotplug-update-slot tasks
 - polkit: cast pid to uint32 to keep polkit happy for now
 - snap/naming: move various name validation helpers to separate
   package
 - tests: iterate getting journal logs to support delay on boards on
   daemon-notify test
 - cmd/snap: fix typo in cmd_wait.go
 - snap/channel: improve channel parsing
 - daemon, polkit: pid_t is signed
 - daemon: introduce /v2/connections snapd API endpoint
 - cmd/snap: small refactor of cmd_info's channel handling
 - overlord/snapstate: use an ad-hoc error when no results
 - cmd/snap: wrap "summary" better
 - tests: workaround missing go dependencies in debian-9
 - daemon: try to tidy up the icon stuff a little
 - interfaces: add display-control interface
 - snapcraft.yaml: fix snap building in launchpad
 - tests: update fedora 29 workers to speed up the whole testing time
 - interfaces: add u2f-devices interface and allow reading udev
   +power_supply:* in hardware-observe
 - cmd/snap-update-ns: save errno from strtoul
 - tests: interfaces tests normalization
 - many: cleanup golang.org/x/net/context
 - tests: add spread test for system dbus interface
 - tests: remove -o pipefail
 - interfaces: add block-devices interface
 - spread: enable upgrade suite on fedora
 - tests/main/searching: video section got renamed to photo-and-video
 - interfaces/home: use dac_read_search instead of dac_override with
   'read: all'
 - snap: really run the RunSuite
 - interfaces/camera: allow reading vendor/etc info from
   /run/udev/data/+usb:*
 - interfaces/dbus: be less strict about alternations for well-known
   names
 - interfaces/home: allow dac_override with 'read:
   all'
 - interfaces/pulseaudio: allow reading subdirectories of
   /etc/pulse
 - interfaces/system-observe: allow read on
   /proc/locks
 - run-checks: ensure we use go-1.10 if available
 - tests: get test-snapd-dbus-{provider,consumer} from the beta
   channel
 - interfaces/apparmor: mock presence of overlayfs root
 - spread: increase default kill-timeout to 30min
 - tests: simplify interfaces-contacts-service test
 - packaging/ubuntu: build with golang 1.10
 - ifacestate/tests: extra test for hotplug-connect handler
 - packaging: make sure that /var/lib/snapd/lib/glvnd is accounted
   for
 - overlord/snapstate/backend: call fontconfig helpers from the new
   'current'
 - kvm: load required kernel modules if necessary
 - cmd/snap: use a fake user for 'run' tests
 - tests: update systems for google sru backend
 - tests: fix install-snaps test by changing the snap info regex
 - interfaces: helpers for sorting plug/slot/connection refs
 - tests: moving core-snap-refresh-on-core test from main to nested
   suite
 - tests: fix daemon-notify test checking denials considering all the
   log lines
 - tests: skip lp-1802591 on "official" images
 - tests: fix listing tests to match "snap list --unicode=never"
 - debian: fix silly typo in the spread test invocation
 - interface: raw-usb: Adding ttyACM ttyACA permissions
 - tests: fix enable-disable-unit-gpio test on external boards
 - overlord/ifacestate: helper API to obtain the state of connections
 - tests: define new "tests/smoke" suite and use that for
   autopkgtests
 - cmd/snap-update-ns: explicitly check for return value from
   parse_arg_u
 - interfaces/builtin/opengl: allow access to NVIDIA VDPAU library
 - tests: auto-clean the test directory
 - cmd/snap: further tweak messaging; add a test
 - overlord/ifacestate: handler for hotplug-connect task
 - cmd/snap-confine: join freezer only after setting up user mount
 - cmd/snap-confine: don't preemptively create .mnt files
 - cmd/snap-update-ns: manually implement isspace
 - cmd/snap-update-ns: let the go parser know we are parsing -u
 - cmd/snap-discard-ns: fix name of user fstab files
 - snapshotstate: don't task.Log without the lock
 - tests: exclude some more slow tests from runs in autopkgtest
 - many: remove .user-fstab files from /run/snapd/ns
 - cmd/libsnap: pass --from-snap-confine when calling snap-update-ns
   as user
 - cmd/snap-update-ns: make freezer mockable
 - cmd/snap-update-ns: move XDG code to dedicated file
 - osutil: add helper for loading fstab from string
 - cmd/snap-update-ns: move existing code around, renaming some
   functions
 - overlord/configstate/configcore: support - and _ in cloud init
   field names
 - * cmd/snap-confine: use makedev instead of MKDEV
 - tests: review/fix the autopkgtest failures in disco
 - overlord: drop old v1 store api support from managers test
 - tests: new test for snapshots with more than 1 user

* Thu Feb 28 2019 Neal Gompa <ngompa13@gmail.com> - 2.37.4-2
- Fix accidentally corrupted changelog merge

* Thu Feb 28 2019 Zygmunt Bazyli Krynicki <me@zygoon.pl> - 2.37.4-1
- Release 2.37.4 to Fedora (RH#1683795)
- Fix RPM macro in changelog (rpmlint)
- Fix non-break space in changelog (rpmlint)

* Wed Feb 27 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.37.4
 - squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
 - overlord/ifacestate: fix migration of connections on upgrade from
   ubuntu-core
 - tests: fix upgrade-from-2.15 with kernel 4.15
 - interfaces/seccomp: increase filter precision
 - tests: remove snapweb from tests

* Tue Feb 19 2019 Zygmunt Bazyli Krynicki <me@zygoon.pl> - 2.37.3-1
- Release 2.37.3 to Fedora (RH#1678603)

* Mon Feb 18 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.37.3
 - interfaces/seccomp: generate global seccomp profile
 - overlord/snapstate: add some randomness to the catalog refresh
 - tests: add upgrade test from 2.15.2ubuntu1 -> current snapd
 - snap-confine: fix fallback to ubuntu-core
 - packaging: avoid race in snapd.postinst
 - overlord/snapstate: discard mount namespace when undoing 1st link
   snap
 - cmd/snap-confine: allow writes to /var/lib/** again
 - tests: stop catalog-update/apt-hooks test until the catlog refresh
   is randomized
 - debian: ensure leftover usr.lib.snapd.snap-confine is gone

* Wed Feb 06 2019 Neal Gompa <ngompa13@gmail.com> - 2.37.2-1
- Release 2.37.2 to Fedora (RH#1667460)

* Wed Feb 06 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.37.2
 - cmd/snap, overlord/snapstate: silently ignore classic flag when a
   snap is strictly confined
 - snap-confine: remove special handling of /var/lib/jenkins
 - cmd/snap-confine: handle death of helper process gracefully
 - snap-confine: fix classic snaps for users with /var/lib/* homedirs
   like jenkins/postgres
 - packaging: disable systemd environment generator on 18.04
 - tests: update smoke/sandbox test for armhf
 - cmd/snap-confine: refactor and cleanup of seccomp loading
 - snap-confine: increase locking timeout to 30s
 - snap-confine: fix incorrect "sanity timeout 3s" message
 - snap: fix hook autodiscovery for parallel installed snaps
 - tests: iterate getting journal logs to support delay on boards on
   daemon-notify test
 - interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
 - interfaces: add u2f-devices interface

* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.36.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Tue Jan 29 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.37.1
 - cmd/snap-confine: add special case for Jenkins
 - tests: workaround missing go dependencies in debian-9
 - daemon, polkit: pid_t is signed
 - interfaces: add display-control interface
 - interfaces: add block-devices interface
 - tests/main/searching: video section got renamed to photo-and-video
 - interfaces/camera: allow reading vendor/etc info from
   /run/udev/data/+usb
 - interfaces/dbus: be less strict about alternations for well-known
   names
 - interfaces/home: allow dac_read_search with 'read: all'
 - interfaces/pulseaudio: allow reading subdirectories of
   /etc/pulse
 - interfaces/system-observe: allow read on
   /proc/locks
 - tests: get test-snapd-dbus-{provider,consumer} from the beta
   channel
 - interfaces/apparmor: mock presence of overlayfs root
 - packaging/{fedora,opensuse,ubuntu}: add /var/lib/snapd/lib/glvnd

* Wed Jan 16 2019 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.37
 - snapd: fix race in TestSanityFailGoesIntoDegradedMode test
 - cmd: fix snap-device-helper to deal correctly with hooks
 - tests: various fixes for external backend
 - interface: raw-usb: Adding ttyACM[0-9]* as many serial devices
   have device node /dev/ttyACM[0-9]
 - tests: fix enable-disable-unit-gpio test on external boards
 - tests: define new "tests/smoke" suite and use that for
   autopkgtests
 - interfaces/builtin/opengl: allow access to NVIDIA VDPAU
   library
 - snapshotstate: don't task.Log without the lock
 - overlord/configstate/configcore: support - and _ in cloud init
   field names
 - cmd/snap-confine: use makedev instead of MKDEV
 - tests: review/fix the autopkgtest failures in disco
 - systemd: allow only a single daemon-reload at the same time
 - cmd/snap: only auto-enable unicode to a tty
 - cmd/snap: right-align revision and size in info's channel map
 - dirs, interfaces/builtin/desktop: system fontconfig cache path is
   different on Fedora
 - tests: fix "No space left on device" issue on amazon-linux
 - store: undo workaround for timezone-less released-at
 - store, snap, cmd/snap: channels have released-at
 - snap-confine: fix incorrect use "src" var in mount-support.c
 - release: support probing SELinux state
 - release-tools: display self-help
 - interface: add new `{personal,system}-files` interface
 - snap: give Epoch an Equal method
 - many: remove unused interface code
 - interfaces/many: use 'unsafe' with docker-support change_profile
   rules
 - run-checks: stop running HEAD of staticcheck
 - release: use sync.Once around lazy intialized state
 - overlord/ifacestate: include interface name in the hotplug-
   disconnect task summary
 - spread: show free space in debug output
 - cmd/snap: attempt to restore SELinux context of snap user
   directories
 - image: do not write empty etc/cloud
 - tests: skip snapd snap on reset for core systems
 - cmd/snap-discard-ns: fix umount(2) typo
 - overlord/ifacestate: hotplug-remove-slot task handler
 - overlord/ifacestate: handler for hotplug-disconnect task
 - ifacestate/hotplug: updateDevice helper
 - tests: reset snapd state on tests restore
 - interfaces: return security setup errors
 - overlord: make InstallMany work like UpdateMany, issuing a single
   request to get candidates
 - systemd/systemd.go: add missing tests for systemd.IsActive
 - overlord/ifacestate: addHotplugSeqWaitTask helper
 - cmd/snap-confine: refactor call to snap-update-ns --user-mounts
 - tests: new backend used to run upgrade test suite
 - travis: short circuit failures in static and unit tests travis job
 - cmd: automatically fix localized <option>s to <option>
 - overlord/configstate,features: expose features to snapd tools
 - selinux: package to query SELinux status and verify/restore file
   contexts
 - wrappers: use new systemd.IsActive in core18 early boot
 - cmd: add tests for lintArg and lintDesc
 - httputil: retry on temporary net errors
 - cmd/snap-confine: remove unused sc_discard_preserved_mount_ns
 - wrappers: only restart service in core18 when they are active
 - overlord/ifacestate: helpers for serializing hotplug changes
 - packaging/{fedora,opensuse}: own /var/lib/snapd/cookie
 - systemd: start snapd.autoimport.service in --no-block mode
 - data/selinux: fix syntax error in definition of snappy_admin
   interface
 - snap/info: bind global plugs/slots to implicit hooks
 - cmd/snap-confine: remove SC_NS_MNT_FILE
 - spread: record each tests/upgrade job
 - osutil: do not import dirs
 - cmd/snap-confine: fix typo "a pipe"
 - tests: make security-device-cgroups-{devmode,jailmode} work on arm
   devices
 - tests: force test-snapd-daemon-notify exit 0 when the interface is
   not connected
 - overlord/snapstate: run 'remove' hook before 'auto-disconnect'
 - centos: enable SELinux support on CentOS 7
 - apparmor: allow hard link to snap-specific semaphore files
 - tests/lib/pkgdb: disable weak deps on Fedora
 - release: detect too old apparmor_parser
 - tests: improve how the log is checked to see if the system is
   waiting for a reboot
 - cmd, dirs, interfaces/apparmor: update distro identification to
   support ID="archlinux"
 - spread, tests: add Fedora 29
 - cmd/snap-confine: refactor calling snapd tools into helper module
 - apparmor: allow snap-update-ns access to common devices
 - cmd/snap-confine: capture initialized per-user mount ns
 - tests: reduce verbosity around package installation
 - data: set KillMode=process for snapd
 - cmd/snap: handle DNS error gracefully
 - spread, tests: use checkpoints when dumping audit log
 - tests/lib/prepare: make sure that SELinux context of repacked core
   snap is controlled
 - testutils: split checkers, tweak tests
 - tests: fix for tests test-*-cgroup
 - spread: show AVC audits when debugging, start auditd on Fedora
 - spread: drop Fedora 27, add Fedora 29
 - tests/lib/reset: restore context of removed snapd directories
 - testutil: add File{Present,Absent} checkers
 - snap: add new `snap run --trace-exec`
 - tests: fix for failover test on how logs are checked
 - snapctl: add "services"
 - overlord/snapstate: use file timestamp to initialize timer
 - cmd/libsnap: introduce and use sc_strdup
 - interfaces: let NM access ifindex/ifupdown files
 - overlord/snapstate: on refresh, check new rev can read current
 - client, store: don't use store from client (use client from store)
 - tests/main/parallel-install-store: verify installation of more
   than one instance at a time
 - overlord: don't write system key if security setup fails
 - packaging/fedora/snapd.spec: fix bogus date in changelog
 - snapstate: update fontconfig caches on install
 - interfaces/apparmor/backend.go:411:38: regular expression does not
   contain any meta characters (SA6004)
 - asserts/header_checks.go:199:35: regular expression does not
   contain any meta characters (SA6004)
 - run staticcheck every time :-)
 - tests/lib/systemd-escape/main.go:46:14: printf-style function with
   dynamic first argument and no further arguments should use print-
   style function instead (SA1006)
 - tests/lib/fakestore/cmd/fakestore/cmd_run.go:66:15: the channel
   used with signal.Notify should be buffered (SA1017)
 - tests/lib/fakedevicesvc/main.go:55:15: the channel used with
   signal.Notify should be buffered (SA1017)
 - spdx/parser.go:30:1: only the first constant has an explicit type
   (SA9004)
 - overlord/snapstate/snapmgr.go:553:21: printf-style function with
   dynamic first argument and no further arguments should use print-
   style function instead (SA1006)
 - overlord/patch/patch3.go:44:70: printf-style function with dynamic
   first argument and no further arguments should use print-style
   function instead (SA1006)
 - cmd/snap/cmd_advise.go:200:2: empty branch (SA9003)
 - osutil/udev/netlink/conn.go:120:5: ineffective break statement.
   Did you mean to break out of the outer loop? (SA4011)
 - daemon/api.go:992:22: printf-style function with dynamic first
   argument and no further arguments should use print-style function
   instead (SA1006)
 - cmd/snapd/main.go:94:5: ineffective break statement. Did you mean
   to break out of the outer loop? (SA4011)
 - cmd/snap/cmd_userd.go:73:15: the channel used with signal.Notify
   should be buffered (SA1017)
 - cmd/snap/cmd_help.go:102:7: io.Writer.Write must not modify the
   provided buffer, not even temporarily (SA1023)
 - release: probe apparmor features lazily
 - overlord,daemon: mock security backends for testing
 - cmd/libsnap: move apparmor-support to libsnap
 - cmd: drop cruft from snap-discard-ns build rules
 - cmd/snap-confine: use snap-discard-ns ns to discard stale
   namespaces
 - cmd/snap-confine: handle mounted shared /run/snapd/ns
 - many: fix composite literals with unkeyed fields
 - dirs, wrappers, overlord/snapstate: make completion + bases work
 - tests: revert "tests: restore in restore, not prepare"
 - many: validate title
 - snap: make description maximum in runes, not bytes
 - tests: discard mount namespaces in reset.sh
 - tests/lib: sync cla check back from snapcraft
 - Revert "cmd/snap, tests/main/snap-info: highlight the current
   channel"
 - daemon: remove enableInternalInterfaceActions
 - mkversion: use "test -n" rather than "! test -z"
 - run-checks: assorted fixes
 - tests: restore in restore, not in prepare
 - cmd/snap: fix missing newline in "snap keys" error message
 - snap: epoch lists must contain no duplicate entries
 - interfaces/avahi_observe: Fix typo in comment
 - tests: add SPREAD_JOB to the description of
   systemd_create_and_start_unit
 - daemon, vendor: bump github.com/coreos/go-systemd/activation,
   handle API changes
 - Revert "cmd/snap-confine: don't allow mapping lib{uuid,blkid}"
 - packaging/fedora: use %%_sysctldir macro
 - cmd/snap-confine: remove unneeded unshare
 - sanity: extend the kernel version check to cover CentOS/RHEL
   kernels
 - wrappers: remove all desktop files from a snap on removal
 - snap: add an explicit check for `epoch: null` loading
 - snap: check max description length in validate
 - spread, tests: add CentOS support
 - cmd/snap-confine: allow mapping more libc shards
 - cmd/snap-discard-ns: add support for --from-snap-confine
 - tests: make tinyproxy support systemd notify
 - tests: fix shellcheck
 - snap, store: rename `snap.Epoch`'s `Unset` to `IsZero`
 - store: add a test for a non-zero epoch refresh (with epoch bump)
 - store: v1 search doesn't send epoch, stop pretending it does
 - snap: make any "0" epoch be Unset, and marshalled to {[0],[0]}
 - overlord/snapstate: amend test should send local revision
 - tests: use mock-gpio.py in enable-disable-units-gpio test
 - snap: enforce minimal snap name len of 2
 - cmd/libsnap: add sc_verify_snap_lock
 - cmd/snap-update-ns: extra debugging of trespassing events
 - userd: force zenity width if the text displayed is long
 - overlord/snapstate, store: always send epochs
 - cmd/snap-confine,snap-update-ns: discard quirks
 - cmd/snap: add nanosleep to blacklisted syscalls when running with
   --strace
 - cmd/snap-update-ns, tests: clean trespassing paths
 - nvidia, interfaces/builtin: OpenCL fixes
 - ifacestate/hotplug: removeDevice helper
 - cmd: install snap-discard-ns in "make hack"
 - overlord/ifacestate: setup security backends phased by backends
   first
 - ifacestate/helpers: added SystemSnapName mapper helper method
 - overlord/ifacestate: set hotplug-key of the connection when
   connecting hotplug slots
 - snapd: allow snap-update-ns to read /proc/version
 - cmd: handle tumbleweed and leap in autogen.sh
 - interfaces/tests: MockHotplugSlot test helper
 - store,daemon: make UserInfo,LoginUser part of the store interface
 - overlord/ifacestate: use remapper when checking if system snap is
   installed
 - tests: fix how pinentry is prepared for new gpg v 2.1 and 2.2
 - packaging/arch: fix bash completions path
 - interfaces/builtin: add device-buttons interface for accessing
   events
 - tests, fakestore: extend refresh tests with parallel installed
   snaps
 - snap, store, overlord/snapshotstate: drop epoch pointers
 - snap: make Epoch default to {[0],[0]} on load from yaml
 - data/completion: pass documented arguments to completion functions
 - tests: skip opensuse from interfaces-openvswitch-support test
 - tests: simple reproducer for snap try and hooks bug
 - snapstate: do not allow classic mode for strict snaps
 - snap: make Epoch's MarshalJSON not simplify
 - store: remove unused currentSnap and currentSnapJSON
 - many: some small doc comment fixes in recent hotplug code
 - ifacestate/udevmonitor: added callback to signal end of
   enumeration
 - cmd/libsnap: add simplified feature flag checker
 - interfaces/opengl: add additional accesses for cuda
 - tests: add core18 only hooks test and fix running core18 only on
   classic
 - sanity, release, cmd/snap: refuse to try to do things on WSL.
 - cmd: make coreSupportsReExec faster
 - overlord/ifacestate: don't remove the dash when generating unique
   slot name
 - cmd/snap-seccomp: add full complement of ptrace constants
 - cmd: update autogen.sh for opensuse
 - interfaces/apparmor: allow access to /run/snap.$SNAP_INSTANCE_NAME
 - spread.yaml: add more systems to the autopkgtest and qemu backends
 - daemon: spool sideloaded snap into blob dir
   overlord/snapstate: address review feedback
 - packaging/opensuse: stop using golang-packaging
 - overlord/snapshots: survive an unknown user
 - wrappers: fix generating of service units with multiple `before`
   dependencies
 - data: run snapd.autoimport.service only after seeding
 - cmd/snap: unhide --name parameter to snap install, tweak help
   message
 - packaging/fedora: Merge changes from Fedora Dist-Git
 - tests/main/snap-service-after-before-install: verify after/before
   in snap install
 - overlord/ifacestate: mark connections disconnected by hotplug with
   hotplug-gone
 - ifacestate/ifacemgr: don't reload hotplug-gone connections on
   startup
 - tests: install dependencies during prepare
 - tests,store,daemon: ensure proxy settings are honored in
   auth/userinfo too
 - tests: core 18 does not support classic confinement
 - tests: add debug output for degraded test
 - strutil: make VersionCompare faster
 - overlord/snapshotstate/backend: survive missing directories
 - overlord/ifacestate: use map[string]*connState when passing conns
   around
 - tests: move fedora 28 to manual
 - overlord/snapshotstate/backend: be more verbose when
   SNAPPY_TESTING=1
 - tests: removing fedora 26 system from spread.yaml
 - tests: linode execution is not needed anymore
 - tests/lib: adjust to changed systemctl behaviour on debian-9
 - tests: fixes and new backend for tests on nested suite
 - strutil: let MatchCounter work with a nil regexp
 - ifacestate/helpers: findConnsForHotplugKey helper
 - many: move regexp.(Must)Compile out of non-init functions into
   variables
 - store: also make snaps downloaded via deltas 0600
 - snap: use Lstat to determine snap size, remove
   ReadSnapInfoExceptSize
 - interfaces/builtin: add adb-support interface
 - tests: fail if install_snap_local fails
 - strutil: add extra test to CommaSeparatedList as suggested by
   mborzecki
 - cmd/snap, daemon, strutil: use CommaSeparatedList to split a CSL
 - ifacestate: optimize disconnect hooks
 - cmd/snap-update-ns: parse the -u <uid> command line option
 - cmd/snap, tests: snapshots for all
 - client, cmd/daemon: allow disabling keepalive, improve degraded
   mode unit tests
 - snap: only show "next" refresh time if its after the hold time
 - overlord/snapstate: run tests for classic snaps even on systems
   that don't support classic
 - overlord/standby: fix a race between standby goroutine and stop
 - cmd/snap-exec: don't fail on some try mode snaps
 - cmd/snap, userd, testutil: tweak DBus tests to use private session
   bus connection
 - cmd: remove remnants of sc_should_populate_mount_ns
 - client, daemon, cmd/snap: indicate that services are socket/timer
   activated
 - cmd/snap-seccomp: only look for PTRACE_GETFPX?REGS where available
 - cmd/snap-confine: remove SC_NS_FAIL_GRACEFULLY
 - snap/pack, cmd/snap: allow specifying the filename of 'snap pack'
 - cmd/snap-discard-ns: add support for per-user mount namespaces
 - cmd/snap-confine: remove stale mount profile along stale namespace
 - data/apt: close stderr when calling snap in the apt install hook.
 - tests/main: fixes for the new shellcheck
 - testutil, cmd/snap: introduce and use testutil.EqualsWrapped and
   fly
 - tests: initial setup for testing current branch on nested vm and
   hotplug management
 - cmd: refactor IPC and lifecycle of the helper process
 - tests/main/parallel-install-store: the store has caught up, do not
   expect failures
 - overlord/snapstate, snap, wrappers: start services in the right
   order during install
 - interfaces/browser-support, cmd/snap-seccomp: Allow read-only
   ptrace, for the Breakpad crash reporter
 - snap,client: use a different exit code for retryable errors
 - overlord/ifacestate: don't conflict on own discard-snap tasks when
   refreshing & doing garbage collection
 - cmd/snap: tweak `snap services` output when there is no services
 - interfaces/many: updates to support k8s worker nodes
 - cmd/snap: gnome-software install via snap:// handler
 - overlord/many: cleanup use of snapName vs. instanceName
 - snapstate: add command-chain to supported featureset
 - daemon, snap: mark screenshots as deprecated
 - interfaces: fix decoding of json numbers for static/dynamic
   attributes* ifstate: fix decoding of json numbers
 - cmd/snap: try not to panic on error from "snap try"
 - tests: new cosmic image for spread tests on gce
 - interfaces/system-key: add parser mtime and only discover features
   on write
 - overlord/snapshotstate/backend: detect path to tar in unit tests
 - tests/unit/gccgo: drop gccgo unit tests
 - cmd: use relative file names in locking APIs
 - interfaces: fix NormalizeInterfaceAttributes, add tests
 - overlord/snapshotstate/backend: fall back on sudo when no runuser
 - cmd/snap-confine: reduce verbosity of debug and error messages
 - systemd: extend Status() to work for socket and timer units
 - interfaces: typo 'allows' for consistency with other ifaces
 - systemd,wrappers: don't start disabled services
 - ifacestate: simplify task chaining in ifacestate.Connect
 - tests: ensure that goa-daemon is off
 - snap/pack, snap/squashfs: remove extra copy before mksquashfs
 - cmd/snap: block 'snap help <cmd> --all'
 - asserts, image: ensure kernel, gadget, base and required-snaps use
   valid snap names
 - apparmor: add unit test for probeAppArmorParser and simplify code
 - interfaces/apparmor: conditionally add explicit deny rules for
   ptrace
 - po: sync translations from launchpad
 - osutil: tweak handling of error adduser errors
 - cmd: rename ns_group to mount_ns
 - tests/main/interfaces-accounts-service: more debugging
 - snap/pack, snap/squashfs: use type to determine mksquashfs args
 - data/systemd, wrappers: tweak system-shutdown helper for core18
 - tests: show list of processes when ifaces-accounts-service fails
 - tests: do not run degraded test in autopkgtest env
 - snap: overhaul validation error messages
 - ifacestate/hooks: only create interface hook tasks if hooks exist
 - osutil: workaround overlayfs on ubuntu 18.10
 - interfaces/home: don't allow snaps to write to $HOME/bin
 - interfaces: improve Attr error further
 - snapstate: tweak GetFeatureFlagBool() to have a default argument
 - many: cleanup remaining parallel installs TODOs
 - image: improve validation of extra snaps

* Tue Dec 18 2018 Neal Gompa <ngompa13@gmail.com> - 2.36.3-1
- Release 2.36.3 to Fedora
- Remove merged patch

* Fri Dec 14 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.36.3
 - wrappers: use new systemd.IsActive in core18 early boot
 - httputil: retry on temporary net errors
 - wrappers: only restart service in core18 when they are active
 - systemd: start snapd.autoimport.service in --no-block mode
 - data/selinux: fix syntax error in definition of snappy_admin
   interfacewhen installing selinux-policy-devel package.
 - centos: enable SELinux support on CentOS 7
 - cmd, dirs, interfaces/apparmor: update distro identification to
   support ID="archlinux"
 - apparmor: allow hard link to snap-specific semaphore files
 - overlord,apparmor: new syskey behaviour + non-ignored snap-confine
   profile errors
 - snap: add new `snap run --trace-exec` call
 - interfaces/backends: detect too old apparmor_parser

* Thu Nov 29 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.36.2
 - daemon, vendor: bump github.com/coreos/go-systemd/activation,
   handle API changes
 - snapstate: update fontconfig caches on install
 - overlord,daemon: mock security backends for testing
 - sanity, spread, tests: add CentOS
 - Revert "cmd/snap, tests/main/snap-info: highlight the current
   channel"
 - cmd/snap: add nanosleep to blacklisted syscalls when running with
   --strace
 - tests: add regression test for LP: #1803535
 - snap-update-ns: fix trailing slash bug on trespassing error
 - interfaces/builtin/opengl: allow reading /etc/OpenCL/vendors
 - cmd/snap-confine: nvidia: pick up libnvidia-opencl.so
 - interfaces/opengl: add additional accesses for cuda

* Wed Nov 21 2018 Neal Gompa <ngompa13@gmail.com> - 2.36-4
- Fix backport patch

* Wed Nov 21 2018 Neal Gompa <ngompa13@gmail.com> - 2.36-3
- Backport fixes for EL7 support

* Wed Nov 14 2018 Neal Gompa <ngompa13@gmail.com> - 2.36-2
- Fix runtime dependency for selinux subpackage for EL7

* Fri Nov 09 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.36.1
 - tests,snap-confine: add core18 only hooks test and fix running
   core18 only hooks on classic
 - interfaces/apparmor: allow access to
   /run/snap.$SNAP_INSTANCE_NAME
 - spread.yaml: add more systems to the autopkgtest and qemu backends
 - daemon: spool sideloaded snap into blob dir
 - wrappers: fix generating of service units with multiple `before`
   dependencies
 - data: run snapd.autoimport.service only after seeding
 - tests,store,daemon: ensure proxy settings are honored in
   auth/userinfo too
 - packaging/fedora: Merge changes from Fedora Dist-Git
 - tests/lib: adjust to changed systemctl behaviour on debian-9
 - tests/main/interfces-accounts-service: switch to busctl, more
   debugging
 - store: also make snaps downloaded via deltas 0600
 - cmd/snap-exec: don't fail on some try mode snaps
 - cmd/snap, userd, testutil: tweak DBus tests to use private session
   bus connection
 - tests/main: fixes for the new shellcheck
 - cmd/snap-confine: remove stale mount profile along stale namespace
 - data/apt: close stderr when calling snap in the apt install hook

* Sun Nov 04 2018 Neal Gompa <ngompa13@gmail.com> - 2.36-1
- Release 2.36 to Fedora

* Wed Oct 24 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.36
 - overlord/snapstate, snap, wrappers: start services in the right
   order during install
 - tests: the store has caught up, drop gccgo test, update cosmic
   image
 - cmd/snap: try not to panic on error from "snap try"`--devmode`
 - overlord/ifacestate: don't conflict on own discard-snap tasks when
   refreshing & doing garbage collection
 - snapstate: add command-chain to supported featureset
 - daemon, snap: mark screenshots as deprecated
 - interfaces: fix decoding of json numbers for static/dynamic
   attributes
 - data/systemd, wrappers: tweak system-shutdown helper for core18
 - interfaces/system-key: add parser mtime and only discover features
   on write
 - interfaces: fix NormalizeInterfaceAttributes, add tests
 - systemd,wrappers: don't start disabled services
 - ifacestate/hooks: only create interface hook tasks if hooks exist
 - tests: do not run degraded test in autopkgtest env
 - osutil: workaround overlayfs on ubuntu 18.10
 - interfaces: include invalid type in Attr error
 - many: enable layouts by default
 - interfaces/default: don't scrub with change_profile with classic
 - cmd/snap: speed up unit tests
 - vendor, cmd/snap: refactor to accommodate the new less buggy go-
   flags
 - daemon: expose snapshots to the API
 - interfaces: updates for default, screen-inhibit-control, tpm,
   {hardware,system,network}-observe
 - interfaces/hotplug: rename HotplugDeviceKey method to HotplugKey,
   update test interface
 - interfaces/tests: use TestInterface instead of a custom local
   helper
 - overlord/snapstate: export getFeatureFlagBool.
 - osutil,asserts,daemon: support force password change in system-
   user assertion
 - snap, wrappers: support restart-delay, generate RestartSec=<value>
   in service units
 - tests/ifacestate: moved asserts-related mocking into helper
 - image: fetch device store assertion if available
 - many: enable AppArmor on Arch
 - interfaces/repo: two helper methods for hotplug
 - overlord/ifacestate: add hotplug slots with implicit slots
 - interfaces/hotplug: helpers and struct updates
 - tests: run the snapd tests on Ubuntu 18.10
 - snapstate: only report errors if there is an actual error
 - store: speedup unit tests
 - spread-shellcheck: fix interleaved error messages, tweaks
 - apparmor: create SnapAppArmorDir in setupSnapConfineReexec
 - ifacestate: implementation of defaultDeviceKey function for
   hotplug
 - cmd/snap-update-ns: remove empty placeholders used for mounting
 - snapshotstate: restore to current revision
 - tests/lib: rework the CLA checker
 - many: support and consider store friendly-stores when checking
   device scope constraints
 - overlord/snapstate: block parallel installs of snapd, core, base,
   kernel, gadget snaps
 - overlord/patch: patch for static plug/slot attributes
 - interfaces: honor static attributes when reloading conns
 - osutils: unit tests speedup; introduce «run-checks --short-
   unit».
 - systemd, wrappers: speed up wrappers unit tests
 - client: speedup unit tests
 - spread-shellcheck: use threads to parallelise
 - snap: validate plug and slot names
 - osutil, interfaces/apparmor: add and use of osutil.UnlinkMany
 - wrappers: do not depend on network.taget in socket units, tweak
   generated units
 - interfaces/apparmor: (un)load profiles in one apparmor_parser call
 - store: gracefully handle unexpected errors in 'action'
   response
 - cmd: put our manpages in section 8
 - overlord: don't make become-operational interfere with user
   requests
 - store: tweak unmatched refresh result error log
 - snap, client, daemon, store: use and expose "media" more
 - tests,cmd/snap-update-ns: add test showing mount update bug
   cmd/snap-update-ns: better detection of snapd-made tmpfs
 - tests: spread tests for aliases with parallel installed snaps
 - interfaces/seccomp: allow using statx by default
 - store: gracefully handle unexpected errors in 'action' response
 - overlord/snapshotstate: chown the tempdir
 - cmd/snap: attempt to start the document portal if running with a
   session bus
 - snap: detect layouts vs layout in snap.yaml
 - interfaces/apparmor: handle overlayfs snippet for snap-update-ns
 - snapcraft.yaml: set grade to stable
 - tests: shellchecks, final round
 - interfaces/apparmor: handle overlayfs snippet for snap-update-ns
 - snap: detect layouts vs layout in snap.yaml
 - overlord/snapshotstate: store epoch in snapshot, check on restore
 - cmd/snap: tweak UX of snap refresh --list
 - overlord/snapstate: improve consistency, use validateInfoAndFlags
   also in InstallPath
 - snap: give Epoch a CanRead helper
 - overlord/snapshotstate: small refactor of internal helpers
 - interfaces/builtin: adding missing permission to create
   /run/wpa_supplicant directory
 - interfaces/builtin: avahi interface update
 - client, daemon: support passing of 'unaliased' option when
   installing from local files
 - selftest: rename selftest.Run() to sanity.Check()
 - interfaces/apparmor: report apparmor support level and policy
 - ifacestate: helpers for generating slot names for hotplug
 - overlord/ifacestate: make sure to pass in the Model assertion when
   enforcing policies
 - overlord/snapshotstate: store the SnapID in snapshot, block
   restore if changed
 - interfaces: generalize writable mimic profile
 - asserts,interfaces/policy: add support for on-store/on-brand/on-
   model plug/slot rule constraints
 - many: fetch the device store assertion together and in the context
   of interpreting snap-declarations
 - tests: disable gccgo tests on 18.04 for now, until dh-golang vs
   gccgo is fixed
 - tests/main/parallel-install-services: add spread test for snaps
   with services
 - tests/main/snap-env: extend to cover parallel installations of
   snaps
 - tests/main/parallel-install-local: rename from *-sideload, extend
   to run snaps
 - cmd/snapd,daemon,overlord: without snaps, stop and wait for socket
 - cmd/snap: tame the help zoo
 - tests/main/parallel-install-store: run installed snap
 - cmd/snap: add a bunch of TRANSLATORS notes (and a little more
   i18n)
 - cmd: fix C formatting
 - tests: remove unneeded cleanup from layout tests
 - image: warn on missing default-providers
 - selftest: add test to ensure selftest.checks is up-to-date
 - interfaces/apparmor, interfaces/builtin: tweaks for parallel snap
   installs
 - userd: extend the list of supported XDG Desktop properties when
   autostarting user applications
 - cmd/snap-update-ns: enforce trespassing checks
 - selftest: actually run the kernel version selftest
 - snapd: go into degraded mode when the selftest fails
 - tests: add test that runs snapctl with a core18 snap
 - tests: add snap install hook with base: core18
 - overlord/{snapstate,assertstate}: parallel instances and
   refresh validation
 - interfaces/docker-support: add rules to read apparmor macros
 - tests: make nfs test available for more systems
 - tests: cleanup copy/paste dup in interfaces-network-setup-control
 - tests: using single sh snap in interface tests
 - overlord/snapstate: improve cleaup in mount-snap handler
 - tests: don't fail interfaces-bluez test if bluez is already
   installed
 - tests: find snaps just for edge and beta channels
 - daemon, snapstate: consistent snap list [--all] output with broken
   snaps
 - tests: fix listing to allow extra things in the notes column
 - cmd/snap: improve UX when removing specific snap revision
 - cmd/snap, tests/main/snap-info: highlight the current channel
 - interfaces/testiface: added TestHotplugInterface
 - snap: tweak commands
 - interfaces/hotplug: hotplug spec takes one slot definition
 - overlord/snapstate, snap: handle shared snap directories when
   installing/remove snaps with instance key
 - interfaces/opengl: misc accesses for VA-API
 - client, cmd/snap: expose warnings to the world
 - cmd/snap-update-ns: introduce trespassing state tracking
 - cmd/snap: commands no longer build their own client
 - tests: try to build cmd/snap for darwin
 - daemon: make error responders not printf when called with 1
   argument
 - many: return real snap name in API response
 - overlord/state: return latest LastAdded time in WarningsSummary
 - many: mount namespace mapping for parallel installs of snaps
 - ifacestate/autoconnect: do not self-conflict on setup-profiles if
   core-phase-2
 - client, cmd/snap: on !linux, exit when the client tries to Do
   something
 - tests: refactor for nested suite and tests fixed
 - tests: use lxd's waitready instead of polling lxd socket
 - ifacestate: don't initialize udev monitor until we have a system
   snap
 - interfaces: extra argument for static attrs in
   NewConnectedPlug/NewConnectedSlot
 - packaging/arch: sync packaging with AUR
 - snapstate/tests: serialize all appends in fake backend
 - snap-confine: make /lib/modules optional
 - cmd/snap: handle "snap interfaces core" better
 - store: move download tests into downloadSuite
 - tests,interfaces: run interfaces-account-control on UC18
 - tests: fix install snaps test by adding link to /snap
 - tests: fix for nested test suite
 - daemon: fix snap list --all with parallel snap instances
 - snapstate: refactor tests to use SetModel*
 - wrappers: fix snap services order in tests
 - many: provide salt for generating instance-key in store requests
 - ifacestate: fix hang when retrying content providers
 - snapd-env-generator: fix when PATH is empty or unset
 - overlord/assertstate: propagate TaskSnapSetup error
 - client: catch and expose logs errors
 - overlord: integrate device enumeration with udev monitor
 - daemon, overlord/state: warnings pipeline
 - tests: add publisher regex to fix the snap-info test pass on sru
 - cmd: use systemdsystemgeneratorsdir, cleanup automake complaints,
   tweaks
 - cmd/snap-update-ns: remove the unused Secure type
 - osutil, o/snapshotstate, o/sss/backend: quick fixes
 - tests: update the listing expression to support core from
   different channels
 - store: use stable instance key in store refresh requests
 - cmd/snap-update-ns: detach Mk{Prefix,{File,Dir,Symlink{,All}}}
 - overlord/patch: support for sublevel patches
 - tests: update prepare/restore for nightly suite
 - cmd/snap-update-ns: detach BindMount from the Secure type
 - cmd/snap-update-ns: re-factor pair of helpers to call fstatfs once
 - ifacestate: retry on "discard-snap" in autoconnect conflict check
 - cmd/snap-update-ns: separate OpenPath from the Secure struct
 - wrappers: remove Wants=network-online.target
 - tests: add new core16-base test
 - store: refactor tests so that they work as store_test package
 - many: add refresh.rate-limit core option
 - tests: run account-control test with different bases
 - tests: port proxy test to use python tinyproxy
 - overlord: introduce snapshotstate.
 - testutil: allow Fstatfs results to vary over time
 - snap-update-ns: add comments about the "deadcode" in bootstrap.go
 - overlord: add chg.Err() in testUpdateWithAutoconnectRetry
 - many: remove deadcode
 - tests: also run unit/gccgo in 18.04
 - tests: introduce a helper for installing local snaps with --name
 - tests: avoid removing core snap on reset
 - snap: use snap.SideInfo in test to fix build with gccgo
 - partition: remove unused runCommand
 - image: fix incorrect error when using local bases
 - overlord/snapstate: fix format
 - cmd: fix format
 - tests: setting "storage: preserve-size" just for amazon-linux
   system
 - tests: test for the hostname interface
 - interfaces/modem-manager: allow access to more USB strings
 - overlord: instantiate UDevMonitor
 - interfaces/apparmor: tweak naming, rename to AddLayout()
 - interfaces: take instance name in ifacetest.InstallSnap
 - snapcraft: do not use --dirty in mkversion
 - cmd: add systemd environment generator
 - devicestate: support getting (http) proxy from core config
 - many: rename ClientOpts to ClientOptions
 - prepare-image-grub-core18: remove image root in restore
 - overlord/ifacestate: remove "old-conn" from connect/undo connect
   handlers
 - packaging/fedora: Merge changes from Fedora Dist-Git
 - image: handle errors when downloadedSnapsInfoForBootConfig has no
   data
 - tests: use official core18 model assertion in tests
 - snap-confine: map /var/lib/extrausers into snaps mount-namespace
 - overlord,store: support proxy settings internally too
 - cmd/snap: bring back 'snap version'
 - interfaces/mount: tweak naming of things
 - strutil: fix MatchCounter to also work with buffer reuse
 - cmd,interfaces,tests: add /mnt to removable-media interface
 - systemd: do not run "snapd.snap-repair.service.in on firstboot
   bootstrap
 - snap/snapenv: drop some instance specific variables, use instance-
   specific ones for user locations
 - firstboot: sort by type when installing the firstboot snaps
 - cmd, cmd/snap: better support for non-linux
 - strutil: add new ParseByteSize
 - image: detect and error if bases are missing
 - interfaces/apparmor: do not downgrade confinement on arch with
   linux-hardened 4.17.4+
 - daemon: add pokeStateLock helper to the daemon tests
 - snap/squashfs: improve error message from Build on mksquashfs
   failure
 - tests: remove /etc/alternatives from dirs-not-shared-with-host
 - cmd: support re-exec into the "snapd" snap
 - spdx: remove "Other Open Source" from the support licenses
 - snap: add new type "TypeSnapd" and attach to the snapd snap
 - interfaces: retain order of inserted security backends
 - tests: spread test for parallel-installs desktop file handling
 - overlord/devicestate: use OpenSSL's PEM format when generating
   keys
 - cmd: remove --skip-command-chain from snap run and snap-exec
 - selftest: detect if apparmor is unusable and error
 - snap,snap-exec: support command-chain for hooks
 - tests: significantly reduce execution time for managers test
 - snapstate: use new "snap.ByType" sorting
 - overlord/snapstate: fix UpdateMany() to work with parallel
   instances
 - testutil: have File* checker produce more useful error output
 - overlord/ifacestate: introduce connectOpts
 - interfaces: parallel instances support, extend unit tests
 - tests: normalize tests
 - snapstate: make InstallPath() return *snap.Info too
 - snap: add ByType sorting
 - interfaces: add cifs-mount interface
 - tests: use file based markers in snap-service-stop-mode
 - osutil: reorg and stub out things to get it building on darwin
 - tests/main/layout: cleanup after the test
 - osutil/sys: small tweaks to let it build on darwin
 - daemon, overlord/snapstate: set instance name when installing from
   snap file
 - many: move Uname to osutil, for more DRY and easier porting.
 - cmd/snap: create snap user directory when running parallel
   installed snaps
 - cmd/snap-confine: switch to validation of SNAP_INSTANCE_NAME
 - tests: basic test for parallel installs from the store
 - image: download the gadget from the model.GadgetTrack()
 - snapstate: add support for gadget tracks in model assertion
 - image: add support for "gadget=track"
 - overlord: handle sigterm during shutdown better
 - tests: add the original function to fix the errors on new kernels
 - tests/main/lxd: pull lxd from candidate; reënable i386
 - wayland: add extra sockets that are used by older toolkits (e.g.
   gtk3)
 - asserts: add support for gadget tracks in the model assertion
 - overlord/snapstate: improve feature flag validation
 - tests/main/lxd: run ubuntu-16.04 only on 64 bit variant
 - interfaces: workaround for activated services and newer DBus
 - tests: get the linux-image-extra available for the current kernel
 - interfaces: add new "sysfs-name" to i2c interfaces code
 - interfaces: disconnect hooks
 - cmd/libsnap: unify detection of core/classic with go
 - tests: fix autopkgtest failures in cosmic
 - snap: fix advice json
 - overlord/snapstate: parallel snap install
 - store: backward compatible instance-key handling for non-instance
   snaps
 - interfaces: add screencast-legacy for video and audio recording
 - tests: skip unsupported architectures for fedora-base-smoke test
 - tests: avoid using the journalctl cursor when it has not been
   created yet
 - snapstate: ensure normal snaps wait for the "snapd" snap on
   refresh
 - tests: enable lxd again everywhere
 - tests: new test for udisks2 interface
 - interfaces: add cpu-control for setting CPU tunables
 - overlord/devicestate: fix tests, set seeded in registration
   through proxy tests
 - debian: add missing breaks on cosmic
 - devicestate: only run device-hook when fully seeded
 - seccomp: conditionally add socketcall() based on system and base
 - tests: new test for juju client observe interface
 - overlord/devicestate: DTRT w/a snap proxy to reach a serial vault
 - snapcraft: set version information for the snapd snap
 - cmd/snap, daemon: error out if trying to install a snap using
   empty name
 - hookstate: simplify some hook tests
 - cmd/snap-confine: extend security tag validation to cover instance
   names
 - snap: fix mocking of systemkey in snap-run tests
 - packaging/opensuse: fix static build of snap-update-ns and snap-
   exec
 - interfaces/builtin: addtl network-manager resolved DBus fix
 - udev: skip TestParseUdevEvent on ppc
 - interfaces: miscellaneous policy updates
 - debian: add tzdata to build-dep to ensure snapd builds correctly
 - cmd/libsnap-confine-private: intoduce helpers for validating snap
   instance name and instance key
 - snap,snap-exec: support command-chain for app
 - interfaces/builtin: network-manager resolved DBus changes
 - snap: tweak `snap wait` command
 - cmd/snap-update-ns: introduce validation of snap instance names
 - cmd/snap: fix some corner-case test setup weirdness
 - cmd,dirs: fix various issues discovered by a Fedora base snap
 - tests/lib/prepare: fix extra snaps test

* Mon Oct 15 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.35.5
 - interfaces/home: don't allow snaps to write to $HOME/bin
 - osutil: workaround overlayfs on ubuntu 18.10

* Fri Oct 05 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.35.4
  - wrappers: do not depend on network.taget in socket units, tweak
    generated units

* Fri Oct 05 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.35.3
 - overlord: don't make become-operational interfere with user
   requests
 - docker_support.go: add rules to read apparmor macros
 - interfaces/apparmor: handle overlayfs snippet for snap-update-
   nsFixes:
 - snapcraft.yaml: add workaround to fix snapcraft build
 - interfaces/opengl: misc accesses for VA-API

* Wed Sep 12 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.35.2
 - cmd,overlord/snapstate: go 1.11 format fixes
 - ifacestate: fix hang when retrying content providers
 - snap-env-generator: do nothing when PATH is unset
 - interfaces/modem-manager: allow access to more USB strings

* Mon Sep 03 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.35.1
 - packaging/fedora: Merge changes from Fedora Dist-Git
 - snapcraft: do not use --diry in mkversion.sh
 - cmd: add systemd environment generator
 - snap-confine: map /var/lib/extrausers into snaps mount-namespace
 - tests: cherry-pick test fixes from master for 2.35
 - systemd: do not run "snapd.snap-repair.service.in on firstboot
   bootstrap
 - interfaces: retain order of inserted security backends
 - selftest: detect if apparmor is unusable and error

* Sat Aug 25 2018 Neal Gompa <ngompa13@gmail.com> - 2.35-1
- Release 2.35 to Fedora (RH#1598946)

* Mon Aug 20 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.35
 - snapstate: add support for gadget tracks in model assertion
 - image: add support for "gadget=track"
 - asserts: add support for gadget tracks in the model assertion
 - interfaces: add new "sysfs-name" to i2c interfaces code
 - overlord: handle sigterm during shutdown better
 - wayland: add extra sockets that are used by older toolkits
 - snap: fix advice json
 - tests: fix autopkgtest failures in cosmic
 - store: backward compatible instance-key handling for non-instance
   snaps
 - snapstate: ensure normal snaps wait for the "snapd" snap on
   refresh
 - interfaces: add cpu-control for setting CPU tunables
 - debian: add missing breaks on comisc
 - overlord/devicestate: DTRT w/a snap proxy to reach a serial vault
 - devicestate: only run device-hook when fully seeded
 - seccomp: conditionally add socketcall() based on system and base
 - interfaces/builtin: addtl network-manager resolved DBus fix
 - hookstate: simplify some hook tests
 - udev: skip TestParseUdevEvent on ppc
 - interfaces: miscellaneous policy updates
 - debian: add tzdata to build-dep to ensure snapd builds correctly
 - interfaces/builtin: network-manager resolved DBus changes
 - tests: add spread test for fedora29 base snap
 - cmd/libsnap: treat distributions with VARIANT_ID=snappy as "core"
 - dirs: fix SnapMountDir inside a Fedora base snap
 - tests: fix snapd-failover for core18 with external backend
 - overlord/snapstate: always clean SnapState when doing Get()
 - overlod/ifacestate: always use a new SnapState when fetching the
   snap state
 - overlord/devicestate: have the serial request talk to the proxy if
   set
 - interfaces/hotplug: udevadm output parser
 - tests: New test for daemon-notify interface
 - image: ensure "core" is ordered early if base: and core is used
 - cmd/snap-confine: snap-device-helper parallel installs support
 - tests: enable interfaces-framebuffer everywhere
 - tests: reduce nc wait time from 2 to 1 second
 - snap/snapenv: add snap instance specific variables
 - cmd/snap-confine: add minimal test for snap-device-helper
 - tests: enable snapctl test on core18
 - overlord: added UDevMonitor for future hotplug support
 - wrappers: do not glob when removing desktop files
 - tests: add dbus monitor log to interfaces-accounts-service
 - tests: add core-18 systems to external backend
 - wrappers: account for changed app wrapper in parallel installed
   snaps
 - wrappers: make sure that the tests pass on non-Ubuntu too
 - many: add snapd snap failure handling
 - tests: new test for dvb interface
 - configstate: accept refresh.timer=managed
 - tests: new test for snap logs command
 - wrapper: generate all the snapd unit files when generating
   wrappers
 - store: keep all files with link-count > 1 in the cache
 - store: be less verbose in the common refresh case of "no updates"
 - snap-confine: update snappy-app-dev path
 - debian: ensure dependency on fixed apt on 18.04
 - snapd: add initial software watchdog for snapd
 - daemon, systemd: change journalctl -n=all to --no-tail
 - systemd: fix snapd.apparmor.service.in dependencies
 - snapstate: refuse to remove bases or core if snaps need them
 - snap: introduce package-level helpers for building snap related
   directory/file paths
 - overlord/devicestate: deny parallel install of kernel or gadget
   snaps
 - store: clean up parallel-install TODOs in store tests
 - timeutil: fix first weekday of the month schedule
 - interfaces: match all possible tty but console
 - tests: shellchecks part 5
 - cmd/snap-confine: allow ptrace read for 4.18 kernels
 - advise: make the bolt database do the atomic rename dance
 - tests/main/apt-hooks: debug dump of commands.db
 - tests/lib/prepare-restore: update Arch Linux kernel LOCALVERSION
   handling
 - snap: validate instance name as part of Validate()
 - daemon: if a snap is inactive, don't ask systemd about its
   services.
 - udev: skip TestParseUdevEvent on s390x
 - tests: switch core-amd64-18 to use `kernel: pc-kernel=18`
 - asserts,image: add support for new kernel=track syntax
 - tests: new gce image for fedora 27
 - interfaces/apparmor: use the cache in mtime-resilient way
 - store, overlord/snapstate: introduce instance name in store APIs
 - tests: drive-by cleanup of redudant pkgname matching
 - tests: ensure apt-hook is only run after catalog update ran
 - tests: use pkill instead of kilall
 - tests/main: another bunch of updates for Amazon Linux 2
 - tests/lib/snaps: avoid using relative command paths that go up in
   the  directory tree
 - tests: disable/fix more tests for Amazon Linux 2
 - overlord: introduce InstanceKey to SnapState and SnapSetup,
   renames
 - daemon: make sure most change generating handlers can produce
   errors with kinds
 - tests/main/interfaces-calendar-service: skip the test on AMZN2
 - tests/lib/snaps: avoid using relative command paths that go up in
   the directory tree
 - cmd/snap: add a green check mark to verified publishers
 - cmd/snap: fix two issues in the cmd/snap unit tests
 - packaging/fedora: fix target path of /snap symlink
 - cmd/snap: support `--last=<type>?` to mean "no error on empty"
 - cmd/snap-confine: (nvidia) pick up libnvidia-glvkspirv.so
 - strutil: detect and bail out of Unmarshal on duplicate key
 - packaging/fedora(amzn2): disable SELinux, drop dependency on
   squashfuse for AMZN2
 - spread, tests: add support for Amazon Linux 2
 - packaging/fedora: Add Amazon Linux 2 support
 - many: make Wait/Stop optional on StateManagers
 - snap/squashfs: stop printing unsquashfs info to stderr
 - snap: add support for `snap advise-snap --from-apt`
 - overlord/ifacestate: ignore connect if already connected
 - tests: change the service snap used instead of network-bind-
   consumer
 - interfaces/network-control: update for wpa-supplicant and ifupdown
 - tests: fix raciness in stop mode tests
 - logger: try to not have double dates
 - debian: use deb-systemd-invoke instead of systemctl directly
 - tests: run all main tests on core18
 - many: finish sharing a single TaskRunner with all the the managers
 - interfaces/repo: added AllHotplugInterfaces helper
 - snapstate: ensure kernel-track is honored on switch/refresh
 - overlord/ifacestate: support implicit slots on snapd
 - image: add support for "kernel-track" in `snap prepare-image`
 - tests: add test that ensures we do not boot any system in degraded
   state
 - tests: update tests to work on core18
 - cmd/snap: check for typographic dashes in command
 - tests: fix tests expecting old email address
 - client: add some existing error kinds that were not listed in
   client.go
 - tests: add missing slots in classic and core provider test snaps
 - overlord,daemon,cmd: re-map snap names around the edges of snapd
 - tests: use install_local in snap-run-hooks
 - coreconfig: add support for `snap set system network.disable-
   ipv6`
 - overlord/snapstate: dedupe default content providers
 - osutil/udev: sync with upstream
 - debian: do not ship snapd.apparmor.service on ubuntu
 - overlord: have SnapManager use a passed in TaskRunner created by
   Overlord
 - many: streamline the generic conflict check mechanisms
 - tests: remove unneeded setup code in snap-run-symlink
 - cmd/snap: print unset license as "unset", instead of "unknown"
 - asserts: add (optional) kernel-track to model assertion
 - snap/squashfs, tests: pass -n[o-progress] to {mk,un}squashfs
 - interfaces/pulseaudio: be clear that the interface allows playback
   and record
 - snap: support hook environment
 - interfaces: fix typo "daemonNotify" (add missing "n")
 - interfaces: tweak tests of daemon-notify, use common naming
 - interfaces: allow invoking systemd-notify when daemon-notify is
   connected
 - store: make snap blobs be 0600
 - interfaces,daemon: move JSON types to the daemon
 - tests: prepare needs to handle bin/snapctl being a symlink
 - tests: do not mask errors in interfaces-timezone-control (#5405)
 - packaging: put snapctl into /usr/lib/snapd and symlink in usr/bin
 - tests: add basic integration test for spread hold
 - overlord/snapstate: improve PlugsOnly comment
 - many: assorted shellcheck fixes
 - store, daemon, client, cmd/snap: expose "scope", default to wide
 - snapstate: allow setting "refresh.timer=managed"
 - cmd/snap: display a link to data privacy notice for interactive
   snap login
 - client, cmd/snap: pass snap instance name when installing from
   file
 - cmd/snap: add 'debug paths' command
 - snapstate: make sure all *link-*snap tasks carry a snap type and
   further hints
 - devicestate: fix race when refreshing a snap with snapd-control
 - tests: fix tests on arch
 - tests: start active system units on reset
 - tests: new test for joystick interface
 - tests: moving install of dependencies to pkgdb helper
 - tests: enable new fedora image with test dependencies installed
 - tests: start using the new opensuse image with test dependencies
 - tests: check catalog refresh before and after restart snapd
 - tests: stop restarting journald service on prepare
 - interfaces: make core-support a no-op interface
 - interfaces: prefer "snapd" when resolving implicit connections
 - interfaces/hotplug: add hotplug Specification and
   HotplugDeviceInfo
 - many: lessen the use of core-support
 - tests: fixes for the autopkgtest failures in cosmic
 - tests: remove extra ' which breaks interfaces-bluetooth-control
   test
 - dirs: fix antergos typo
 - tests: use grep to avoid non-matching messages from MATCH
 - dirs: improve distro detection for Antegros
 - vendor: switch to latest bson
 - interfaces/builtin: create can-bus interface
 - tests: "snap connect" is idempotent so just connect
 - many: use extra "releases" information on store "revision-not-
   found" errors to produce better errors
 - interfaces: treat "snapd" snap as type:os
 - interfaces: tweak tests to have less repetition of "core" and
   "ubuntu…
 - tests: simplify econnreset test
 - snap: add helper for renaming slots
 - devicestate: fix panic in firstboot code when no snaps are seeded
 - tests: add artful for sru validation on google backend
 - snap,interfaces: move interface name validation to snap
 - overlord/snapstate: introduce path to fake backend ops
 - cmd/snap-confine: fix snaps running on core18
 - many: expose publisher's validation throughout the API

* Fri Jul 27 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.34.3
 - interfaces/apparmor: use the cache in mtime-resilient way
 - cmd/snap-confine: (nvidia) pick up libnvidia-glvkspirv.so
 - snapstate: allow setting "refresh.timer=managed"
 - spread: switch Fedora and openSUSE images

* Thu Jul 19 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.34.2
 - packaging: fix bogus date in fedora snapd.spec
 - tests: fix tests expecting old email address

* Tue Jul 17 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.34.1
 - tests: cherry-pick test fixes from master for 2.34
 - coreconfig: add support for `snap set system network.disable-
   ipv6`
 - debian: do not ship snapd.apparmor.service on ubuntu
 - overlord/snapstate: dedupe default content providers
 - interfaces/builtin: create can-bus interface

* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.33.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Fri Jul 06 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.34
 - store, daemon, client, cmd/snap: expose "scope", default to wide*
 - tests: fix arch tests
 - snapstate: make sure all *link-*snap tasks carry a snap type and
   further hints
 - snapstate: allow setting "refresh.timer=managed"
 - cmd/snap: display a link to data privacy notice for interactive
   snap login
 - devicestate: fix race when refreshing a snap with snapd-control
 - tests: skip interfaces-framebuffer when no /dev/fb0 is found
 - tests: run interfaces-contacts-service only where test-snapd-eds
   is available
 - many: expose publisher's validation throughout the API
 - many: use extra "releases" information on store "revision-not-
   found" errors to produce better errors
 - dirs: improve distro detection for Antegros
 - Revert "dirs: improve identification of Arch Linux like systems"
 - devicestate: fix panic in firstboot code when no snaps are seeded
 - i18n: use xgettext-go --files-from to avoid running into cmdline
   size limits
 - interfaces: move ValidateName helper to utils
 - snapstate,ifstate: wait for pending restarts before auto-
   connecting
 - snap: account for parallel installs in wrappers, place info and
   tests
 - configcore: fix incorrect handling of keys with numbers (like
   gpu_mem_512)
 - tests: fix tests when no keyboard input detected
 - overlord/configstate: add watchdog options
 - snap-mgmt: fix for non-existent dbus system policy dir,
   shellchecks
 - tests/main/snapd-notify: use systemd's service properties rater
   than the journal
 - snapstate: allow removal of snap.TypeOS when using a model with a
   base
 - interfaces: make findSnapdPath smarter
 - tests: run "arp" tests only if arp is available
 - spread: increase the number of auto retries for package downloads
   in opensuse
 - cmd/snap-confine: fix nvidia support under lxd
 - corecfg: added experimental.hotplug feature flag
 - image: block installation of parallel snap instances
 - interfaces: moved normalize method to interfaces/utils and made it
   public
 - api/snapctl: allow -h and --help for regular users.
 - interfaces/udisks2: also implement implicit classic slot
 - cmd/snap-confine: include CUDA runtime libraries
 - tests: disable auto-refresh test on core18
 - many: switch to account validation: unproven|verified
 - overlord/ifacestate: get/set connection state only via helpers
 - tests: adding extra check to validate journalctl is showing
   current test data
 - data: add systemd environment configuration
 - i18n: handle write errors in xgettext-go
 - snap: helper for validating snap instance names
 - snap{/snaptest}: set instance key based on snap name
 - userd: fix running unit tests on KDE
 - tests/main/econnreset: limit ingress traffic to 512kB/s
 - snap: introduce a struct Channel to represent store channels, and
   helpers to work with it
 - tests: add fedora to distro_clean_package_cache function
 - many: rename snap.Info.StoreName() to snap.Info.SnapName()
 - tests: add spread test to ensure snapd/core18 are not removable
 - tests: tweaks for running the main tests on core18
 - overlord/{config,snap}state: introduce experimental.parallel-
   instances feature flag
 - strutil: support iteration over almost clean paths
 - strutil: add PathIterator.Rewind
 - tests: update interfaces-timeserver-control to core18
 - tests: add halt-timeout to google backend
 - tests: skip security-udev-input-subsystem without /dev/input/by-
   path
 - snap: introduce the instance key field
 - packaging/opensuse: remaining packaging updates for 2.33.1
 - overlord/snapstate: disallow installing snapd on baseless models
 - tests: disable core tests on all core systems (16 and 18)
 - dirs: improve identification of Arch Linux like systems
 - many: expose full publisher info over the snapd API
 - tests: disable core tests on all core systems (16 and 18)
 - tests/main/xdg-open: restore or clean up xdg-open
 - tests/main/interfaces-firewall-control: shellcheck fix
 - snapstate: sort "snapd" first
 - systemd: require snapd.socket in snapd.seeded.service; make sure
   snapd.seeded
 - spread-shellcheck: use the latest shellcheck available from snaps
 - tests: use "ss" instead of "netstat" (netstat is not available in
   core18)
 - data/complete: fix three out of four shellcheck warnings in
   data/complete
 - packaging/opensuse: fix typo, missing assignment
 - tests: initial core18 spread image building
 - overlord: introduce a gadget-connect task and use it at first boot
 - data/completion: fix inconsistency in +x and shebang
 - firstboot: mark essential snaps as "Required" in the state
 - spread-shellcheck: use a whitelist of files that are allowed to
   fail validation
 - packaging/opensuse: build position-independent binaries
 - ifacestate: prevent running interface hooks twice when self-
   connecting on autoconnect
 - data: remove /bin/sh from snapd.sh
 - tests: fix shellcheck 0.5.0 warnings
 - packaging/opensuse: snap-confine should be 06755
 - packaging/opensuse: ship apparmor integration if enabled
 - interfaces/udev,misc: only trigger udev events on input subsystem
   as needed
 - packaging/opensuse: add missing bits for snapd.seeded.service
 - packaging/opensuse: don't use %-macros in comments
 - tests: shellchecks part 4
 - many: rename snap.Info.Name() to snap.Info.InstanceName(), leave
   parallel-install TODOs
 - store: drop unused: channel map types, and details fixture.
 - store: have a basic test about the unmarshalling of /search
   results
 - tests: show executed tests on current system when a test fails
 - tests: fix for the download of the big snap
 - interfaces/apparmor: add chopTree
 - tests: remove double debug: | entry in tests and add more checks
 - cmd/snap-update-ns: introduce mimicRequired helper
 - interfaces: move assertions around for better failure line number
 - store: log a nice clear "download succeeded" message
 - snap: run snap-confine from the re-exec location
 - snapstate: support restarting snapd from the snapd snap on core18
 - tests: show status of the partial test-snapd-huge snap in
   econnreset test
 - tests: fix interfaces-calendar-service test when gvfsd-metadata
   loks the xdg dirctory
 - store: switch store.SnapInfo to use the new v2/info endpoint
 - interfaces: add Repository.AllInterfaces
 - snapstate: stop using evolving SnapSpec internally, use an
   internal-only snapSpec instead
 - cmd/libsnap-confine-private: introduce a helper for splitting snap
   name
 - tests: econnreset/retry tweaks
 - store, et al: kill dead code that uses the bulk endpoint
 - tests/lib/prepare-restore: fix upgrade/reboot handling on arch
 - cmd/snap-update-ns,strutil: move PathIterator to strutil, add
   Depth helper
 - data/systemd/snapd.run-from-snap: ensure snapd tooling is
   available
 - store: switch connectivity check to use v2/info
 - devicestate: support seeding from a base snap instead of core
 - snapstate,ifacestate: remove core-phase-2 handling
 - interfaces/docker-support: update for docker 18.05
 - tests: enable fedora 28 again
 - overlord/ifacestate:  simplify checkConnectConflicts and also
   connect signature
 - snap: parse connect instructions in gadget.yaml
 - tests: fix snapd-repair.timer on ubuntu-core-snapd-run- from-snap
   test
 - interfaces/apparmor: allow killing snap-update-ns
 - tests: skip "try" test on s390x
 - store, image: have 'snap download' use v2/refresh action=download
 - interfaces/policy: test that base policy can be parsed
 - tests: publish test-snapd-appstreamid for any architecture
 - snap: don't include newline in hook environment
 - cmd/snap-update-ns: use RCall with SyscallsEqual
 - cmd/snap-update-ns: add IsSnapdCreatedPrivateTmpfs and tests
 - tests: skip security-dev-input-event-denied on s390x/arm64
 - interfaces: add the dvb interface
 - daemon: paging is not a thing.
 - cmd/snap-mgmt: remove system key on purge
 - testutil: syscall sequence checker
 - cmd/snap-update-ns: fix a leaking file descriptor in MkSymlink
 - packaging: use official bolt in the errtracker on fedora
 - many: add `snap debug connectivity` command* many: add `snap debug
   connectivity` command
 - configstate: deny configuration of base snaps and for the "snapd"
   snap
 - interfaces/raw-usb: also allow usb serial devices
 - snap: reject more layout locations
 - errtracker: do not send duplicated reports
 - httputil: extra debug if an error is not retried
 - cmd/snap-update-ns: improve wording in many errors
 - cmd/snap: use snaptest.MockSnapCurrent in `snap run` tests
 - cmd/snap-update-ns: add helper for checking for read-only
   filesystems
 - interfaces/builtin/docker: use commonInterface over specific
   struct
 - testutil: add test support for Fstatfs
 - cmd/snap-update-ns: discard the concept of segments
 - cmd/libsnap-confine-private: helper for extracting store snap name
   from local-name
 - tests: fix flaky test for hooks undo
 - interfaces: add {contacts,calendar}-service interfaces
 - tests: retry 'restarting into..' match in the snap-confine-from-
   core test
 - systemd: adjust TestWriteMountUnitForDirs() to use
   squashfs.MockUseFuse(false)
 - data: add helper that can generate/start/stop the snapd service
 - sefltest: advise reboot into 4.4 on trusty running 3.13
 - selftest: add new selftest package that tests squashfs mounting
 - store, jsonutil: move store.getStructFields to
   jsonutil.StructFields
 - ifacestate: improved conflict and error handling when creating
   autoconnect tasks
 - cmd/snap-confine: applied make fmt
 - interfaces/udev: call 'udevadm settle --timeout=10' after
   triggering events
 - tests: wait more time until snap start to be downloaded on
   econnreset test
 - snapstate: ensure fakestore returns TypeOS for the core snap
 - tests: fix lxd test which hangs on restore
 - cmd/snap-update-ns: add PathIterator
 - asserts,image: add support for models with bases
 - tests: shellchecks part 3
 - overlord/hookstate: support undo for hooks
 - interfaces/tpm: Allow access to the kernel resource manager
 - tests: skip appstream-id test for core systems 32 bits
 - interfaces/home: remove redundant common interface assignment
 - tests: reprioritise a few tests that are known to be slow
 - cmd/snap: small help tweaks and fixes
 - tests: add test to ensure /dev/input/event* for non-joysticks is
   denied
 - spread-shellcheck: silly fix & pep8
 - spread: switch fedora 28 to manual
 - client,cmd/snap,daemon,tests: expose base of a snap over API, show
   it in snap info --verbose
 - tests: fix lxd test - --auto now sets up networking
 - tests: adding fedora-28 to spread.yaml
 - interfaces: add juju-client-observe interface
 - client, daemon: add a "mounted-from" entry to local snaps' JSON
 - image: set model.DisplayName() in bootenv as "snap_menuentry"
 - packaging/opensuse: Refactor packaging to support all openSUSE
   targets
 - interfaces/joystick: force use of the device cgroup with joystick
   interface
 - interfaces/hardware-observe: allow access to /etc/sensors* for
   libsensors
 - interfaces: remove Plug/Slot types
 - interface hooks: update old AutoConnect methods
 - snapcraft: run with DEB_BUILD_OPTIONS=nocheck
 - overlord/{config,snap}state: the number of inactive revisions is
   config
 - cmd/snap: check with snapd for unknown sections
 - tests: moving test helpers from sh to bash
 - data/systemd: add snapd.apparmor.service
 - many: expose AppStream IDs (AKA common ID)
 - many: hold refresh when on metered connections
 - interfaces/joystick: also support modern evdev joysticks and
   gamepads
 - xdgopenproxy: skip TestOpenUnreadableFile when run as root
 - snapcraft: use dpkg-buildpackage options that work in xenial
 - spread: openSUSE LEAP 42.2 was EOLd in January, remove it
 - get-deps: work with an unset GOPATH too
 - interfaces/apparmor: use strict template on openSUSE tumbleweed
 - packaging: filter out verbose flags from "dh-golang"
 - packaging: fix description
 - snapcraft.yaml: add minimal snapcraft.yaml with custom build

* Fri Jun 22 2018 Neal Gompa <ngompa13@gmail.com> - 2.33.1-1
- Release 2.33.1 to Fedora (RH#1567916)

* Thu Jun 21 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.33.1
 - many: improve udev trigger on refresh experience
 - systemd: require snapd.socket in snapd.seeded.service
 - snap: don't include newline in hook environment
 - interfaces/apparmor: allow killing snap-update-ns
 - tests: skip "try" test on s390x
 - tests: skip security-dev-input-event-denied when /dev/input/by-
   path/ is missing
 - tests: skip security-dev-input-event-denied on s390x/arm64

* Fri Jun 08 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.33
 - packaging: use official bolt in the errtracker on fedora
 - many: add `snap debug connectivity` command
 - interfaces/raw-usb: also allow usb serial devices
 - errtracker: do not send duplicated reports
 - selftest: add new selftest package that tests squashfs mounting
 - tests: backport lxd force stop and econnreset fixes
 - tests: add test to ensure /dev/input/event* for non-joysticks is
   denied
 - interfaces/joystick: support modern evdev joysticks
 - interfaces: add juju-client-observe
 - interfaces/hardware-observe: allow access to /etc/sensors* for
   libsensors
 - many: holding refresh on metered connections
 - many: expose AppStream IDs (AKA common ID)
 - tests: speed up save/restore snapd state for all-snap systems
   during tests execution
 - interfaces/apparmor: use helper to load stray profile
 - tests: ubuntu core abstraction
 - overlord/snapstate: don't panic in a corner case interaction of
   cleanup tasks and pruning
 - interfaces/apparmor: add 'mediate_deleted' profile flag for all
   snaps
 - tests: new parameter for the journalctl rate limit
 - spread-shellcheck: port to python
 - interfaces/home: add 'read' attribute to allow non-owner read to
   @{HOME}
 - testutil: import check.v1 differently to workaround gccgo error
 - interfaces/many: miscellaneous updates for default, desktop,
   desktop-legacy, system-observe, hardware-observe, opengl and gpg-
   keys
 - snapstate/hooks: reorder autoconnect and reconnect hooks
 - daemon: update unit tests to match current master
 - overlord/snapshotstate/backend: introducing the snapshot backend
 - many: support 'system' nickname in interfaces
 - userd: add the "snap" scheme to the whitelist
 - many: make rebooting of core on refresh immediate, refactor logic
   around it
 - tests/main/snap-service-timer: account for service timer being in
   the 'running' state
 - interfaces/builtin: allow access to libGLESv* too for opengl
   interface
 - daemon: fix unit tests on arch
 - interfaces/default,process-control: miscellaneous signal policy
   fixes
 - interfaces/bulitin: add write permission to optical-drive
 - configstate: validate known core.* options
 - snap, wrappers: systemd WatchdogSec support
 - ifacestate: do not auto-connect manually disconnected interfaces
 - systemd: mock useFuse() so testsuite passes in container via lxd
   snap
 - snap/env: fix env duplication logic
 - snap: some doc comments fixes and additions
 - cmd/snap-confine, interfaces/opengl: allow access to glvnd EGL
   vendor files
 - ifacestate: unify reconnect and autoconnect methods
 - tests: fix user mounts test for external systems
 - overlord/snapstate,overlord/auth,store: coalesce no auth user
   refresh requests
 - boot,partition: improve tests/docs around SetNextBoot()
 - many: improve `snap wait` command
 - snap: fix `snap interface --attrs` output when numbers are used
 - cmd/snap-update-ns: poke holes when creating source paths for
   layouts
 - snapstate: support getting new bases/default-providers on refresh
 - ifacemgr: remove stale connections on startup
 - asserts: use Attrer in policy checks
 - testutil: record system call errors / return values
 - tests: increase timeouts to make tests reliable on slow boards
 - repo: pass and return ConnRef via pointers
 - interfaces: add xdg-document-portal support to desktop interface
 - debian: add a zenity|kdialog suggests
 - snapstate: make TestDoPrereqRetryWhenBaseInFlight less brittle
 - tests: go must be installed as a classic snap
 - tests: use journalctl cursors instead rotating logs
 - daemon: add confinement-options to /v2/system-info
   daemon: refactor classic support flag to be more structured
 - tests: build spread in the autopkgtests with a more recent go
 - cmd/snap: fix the message when snap.channel != snap.tracking
 - overlord/snapstate: allow core defaults configuration via 'system'
   key
 - many: add "snap debug sandbox-features" and needed bits
 - interfaces: interface hooks for refresh
 - snapd.core-fixup.sh: add workaround for corrupted uboot.env
 - boot: clear "snap_mode" when needed
 - many: add wait command and `snapd.seeded` service
 - interfaces: move host font update-ns AppArmor rules to desktop
   interface
 - jsonutil/safejson: introducing safejson.String &
   safejson.Paragraph
 - cmd/snap-update-ns: use Secure.BindMount to bind mount files
 - cmd/snap-update-ns,tests: mimic the mode and ownership of
   directories
 - cmd/snap-update-ns: add support for ignoring mounts with missing
   source/target
 - interfaces: interface hooks implementation
 - cmd/libsnap: fix compile error on more restrictive gcc
   cmd/libsnap: fix compilation errors on gcc 8
 - interfaces/apparmor: allow bash and dash to be in /usr/bin/
 - cmd/snap-confine: allow any base snap to provide /etc/alternatives
 - tests: fix interfaces-network test for systems with partial
   confinement
 - spread.yaml: add cosmic (18.10) to autopkgtest/qemu
 - tests: ubuntu 18.04 or higher does not need linux-image-extra-
 - configcore: validate experimental.layouts option
 - interfaces:minor autoconnect cleanup
 - HACKING: fix typos
 - spread: add adt for ubuntu 18.10
 - tests: skip test lp-1721518 for arch, snapd is failing to start
   after reboot
 - interfaces/x11: allow X11 slot implementations
 - tests: checking interfaces declaring the specific interface
 - snap: improve error for snaps not available in the given context
 - cmdstate: add missing test for default timeout handling
 - tests: shellcheck spread tasks
 - cmd/snap: update install/refresh help vs --revision
 - cmd/snap-confine: add support for per-user mounts
 - snap: do not use overly short timeout in `snap
   {start,stop,restart}`
 - tests: adding google-sru backend replacing linode-sur
 - interfaces/apparmor: fix incorrect apparmor profile glob
 - systemd: replace ancient paths with 16.04+ standards
 - overlord,systemd: store snap revision in mount units
 - testutil: add test helper for SysLstat
 - testutil,cmd: rename test helper of Lstat to OsLstat
 - testutil: document all fake syscall/os functions
 - osutil,interfaces,cmd: use less hardcoded strings
 - testutil: rename UNMOUNT_NOFOLLOW to umountNoFollow
 - testutil: don't dot-import check.v1
 - store: getStructFields takes pointers now
 - tests: drop `linux-image-extra-$(uname -r)` install in 18.04
 - many: fix false negatives reported by vet
 - osutil,interfaces: use uint32 for uid, gid
 - many: fix various issues reported by shellcheck
 - tests: add pending shutdown detection
 - image: support refreshing soft-expired user macaroons in tooling
 - interfaces/builtin, daemon: cleanup mocked builtin interfaces in
   daemon tests
 - interfaces/builtin: add support for software-watchdog interface
 - spread: auto accept key changes when calling dnf
 - snap,overlord/snapstate: introduce and use BrokenSnapError
 - tests: detect kernel oops during tests and abort tests in this
   case
 - tests: bring back one missing test in snap-service-stop-mode
 - debian: update LP bug for the 2.32.5 SRU
 - userd: set up journal logging streams for autostarted apps
 - snap,tests : don't fail if we cannot stat MountFile
 - tests: smaller fixes for Arch tests
 - tests: run interfaces-broadcom-asic-control early
 - client: support for snapshot sets, snapshots, and snapshot actions
 - tests: skip interfaces-content test on core devices
 - cmd: generalize locking to global, snap and per-user locks
 - release-tools: handle the snapd-x.y.z version
 - packaging: fix incorrectly auto-generated changelog entry for
   2.32.5
 - tests: add arch to CI
 - systemd: add helper for opening stream file descriptors to the
   journal
 - cmd/snap: handle distros with no version ID
 - many: add "stop-mode: sig{term,hup,usr[12]}{,-all}" instead of
   conflating that with refresh-mode
 - tests: removing linode-sru backend
 - tests: updating bionic version for spread tests on google
 - overlord/snapstate: poll for up to 10s if a snap is unexpectedly
   not mounted in doMountSnap
 - overlord/snapstate: allow to get an error from readInfo instead of
   a broken stub, use it in doMountSnap
 - snap: snap.AppInfo is now a fmt.Stringer
 - tests: move fedora 27 to google backend
 - many: add `core.problem-reports.disabled` option
 - cmd/snap-update-ns: remove the need for stash directory in secure
   bind mount implementation
 - errtracker: check for whoopsie.service instead of reading
   /etc/whoopsie
 - cmd/snap: user session application autostart v3
 - tests: add test to ensure `snap refresh --amend` works with
   different channels
 - tests: add check for OOM error after each test
 - cmd/snap-seccomp: graceful handling of non-multilib host
 - interfaces/shutdown: allow calling SetWallMessage
 - cmd/snap-update-ns: add secure bind mount implementation for use
   with user mounts
 - snap: fix `snap advise-snap --command` output to match spec
 - overlord/snapstate: on multi-snap refresh make sure bases and core
   are finished before dependent snaps
 - overlord/snapstate: introduce envvars to control the channels for
   based and prereqs
 - cmd/snap-confine: ignore missing cgroups in snap-device-helper
 - debian: add gbp.conf script to build snapd via `gbp buildpackage`
 - daemon,overlord/hookstate: stop/wait for running hooks before
   closing the snapctl socket
 - advisor: use json for package database
 - interfaces/hostname-control: allow setting the hostname via
   syscall and systemd
 - tests/main/interfaces-opengl-nvidia: verify access to 32bit
   libraries
 - interfaces: misc updates for default, firewall-control, fuse-
   support and process-control
 - data/selinux: Give snapd access to more aspects of the system
 - many: use the new install/refresh API by switching snapstate to
   use store.SnapAction
 - errtracker: make TestJournalErrorSilentError work on gccgo
 - ifacestate: add to the repo also snaps that are pending being
   activated but have a done setup-profiles
 - snapstate, ifacestate: inject auto-connect tasks try 2
 - cmd/snap-confine: allow creating missing gl32, gl, vulkan dirs
 - errtracker: add more fields to aid debugging
 - interfaces: make system-key more robust against invalid fstab
   entries
 - overlord,interfaces: be more vocal about broken snaps and read
   errors
 - ifacestate: injectTasks helper
 - osutil: fix fstab parser to allow for # in field values
 - cmd/snap-mgmt: remove timers, udev rules, dbus policy files
 - release-tools: add repack-debian-tarball.sh
 - daemon,client: add build-id to /v2/system-info
 - cmd: make fmt (indent 2.2.11)
 - interfaces/content: add rule so slot can access writable files at
   plug's mountpoint
 - interfaces: add /var/lib/snapd/snap to @{INSTALL_DIR}
 - ifacestate: don't surface errors from stale connections
 - cmd/snap-update-ns: convert Secure* family of functions into
   methods
 - tests: adjust canonical-livepatch test on GCE
 - tests: fix quoting issues in econnreset test
 - cmd/snap-confine: make /run/media an alias of /media
 - cmd/snap-update-ns: rename i to segNum
 - interfaces/serial: change pattern not to exclude /dev/ttymxc*
 - spread: disable StartLimitInterval option on opensuse-42.3
 - configstate: give a chance to immediately recompute the next
   refresh time when schedules are set
 - cmd/snap-confine: attempt to detect if multiarch host uses
   arch triplets
 - store: add Store.SnapAction to support the new install/refresh API
   endpoint
 - tests: adding test for removable-media interface
 - tests: update interface tests to remove extra checks and normalize
   tests
 - timeutil: in Human, count days with fingers
 - vendor: update gopkg.in/yaml.v2 to the latest version
 - cmd/snap-confine: fix Archlinux compatibility
 - cmd/snapd: make sure signal handlers are established during early
   daemon startup
 - cmd/snap-confine: apparmor: allow creating prefix path for
   gl/vulkan
 - osutil: use tilde suffix for temporary files used for atomic
   replacement
 - tests: copy or sanity check core users using usernames
 - tests: disentangle etc vs extrausers in core tests
 - tests: fix snap-run tests when snapd is not running
 - overlord/configstate: change how ssh is stopped/started
 - snap: make `snap run` look at the system-key for security profiles
 - strutil, cmd/snap: drop strutil.WordWrap, first pass at
   replacement
 - tests: adding opensuse-42.3 to google
 - cmd/snap: fix one issue with noWait error handling logic, add
   tests plus other cleanups
 - cmd/snap-confine: nvidia: preserve globbed file prefix
 - advisor: add comment why osutil.FileExists(dirs.SnapCommandsDB) is
   needed
 - interfaces,release: probe seccomp features lazily
 - tests: change debug for layout test
 - advisor: deal with missing commands.db file
 - interfaces/apparmor: simplify UpdateNS internals
 - polkit: Pass caller uid to PolicyKit authority
 - tests: moving debian 9 from linode to google backend
 - cmd/snap-confine: nvidia: add tls/libnvidia-tls.so* glob
 - po: specify charset in po/snappy.pot
 - interfaces: harden snap-update-ns profile
 - snap: Call SanitizePlugsSlots from InfoFromSnapYaml
 - tests: update tests to deal with s390x quirks
 - debian: run snap.mount upgrade fixup *before* debhelper
 - tests: move xenial i386 to google backend
 - snapstate: add compat mode for default-provider
 - tests: a bunch of test fixes for s390x from looking at the
   autopkgtest logs
 - packaging: recommend "gnupg" instead of "gnupg1 | gnupg"
 - interfaces/builtin: let MM change qmi device attributes
 - tests: add workaround for s390x failure
 - snap/pack, cmd/snap: add `snap pack --check-skeleton`
 - daemon: support 'system' as nickname of the core snap
 - cmd/snap-update-ns: use x-snapd.{synthetic,needed-by} in practice
 - devicestate: add DeviceManager.Registered returning a channel
   closed when the device is known to be registered
 - store: Sections and WriteCatalogs need to strictly send device
   auth only if the device has a custom store
 - tests: add bionic system to google backend
 - many: fix shellcheck warnings in bionic
 - cmd/snap-update-ns: don't fail on existing symlinks
 - tests: make autopkgtest tests more targeted
 - cmd/snap-update-ns: fix creation of layout symlinks
 - spread,tests: move suite-level prepare/restore to central script
 - many: propagate contexts enough to be able to mark store
   operations done from the Ensure loop
 - snap: don't create empty Change with "Hold" state on disconnect
 - snap: unify snap name validation w/python; enforce length limit.
 - cmd/snap: use shlex when parsing `snap run --strace` arguments
 - osutil,testutil: add symlinkat(2) and readlinkat(2)
 - tests: autopkgtest may have non edge core too
 - tests: adding checks before stopping snapd service to avoid job
   canceled on ubuntu 14.04
 - errtracker: respect the /etc/whoopsie configuration
 - overlord/snapstate:  hold refreshes for 2h after seeding on
   classic
 - cmd/snap: tweak and polish help strings
 - snapstate: put layout feature behind feature flag
 - tests: force profile re-generation via system-key
 - snap/squashfs: when installing from seed, try symlink before cp
 - wrappers: services which are socket or timer activated should not
   be started during boot
 - many: go vet cleanups
 - tests: define MATCH from spread
 - packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
   fix
 - cmd/snap: use timeutil.Human to show times in `snap refresh
   --time`
 - cmd/snap: in changes and tasks, default to human-friendly times
 - many: support holding refreshes by setting refresh.hold
 - Revert "cmd/snap: use timeutil.Human to show times in `snap
   refresh -…-time`"
 - cmd/snap: use timeutil.Human to show times in `snap refresh
   --time`
 - tests/main/snap-service-refresh-mode: refactor the test to rely on
   comparing PIDs
 - tests/main/media-sharing: improve the test to cover /media and
   /run/media
 - store: enable deltas for core devices too
 - cmd/snap: unhide --no-wait; make wait use go via waitMixin
 - strutil/shlex: import github.com/google/shlex into the tree
 - vendor: update github.com/mvo5/libseccomp-golang
 - overlord/snapstate: block install of "system"
 - cmd/snap: "current"→"installed"; "refreshed"→"refresh-date"
 - many: add the snapd-generator
 - cmd/snap-seccomp: Cancel the atomic file on error, not just Close
 - polkit: ensure error is properly set if dialog is dismissed
 - snap-confine, snap-seccomp: utilize new seccomp logging features
 - progress: tweak ansimeter cvvis use to no longer confuse minicom
 - xdgopenproxy: integrate xdg-open implementation into snapctl
 - tests: avoid removing preinstalled snaps on core
 - tests: chroot into core to run xdg-open there
 - userd: add an OpenFile method for launching local files with xdg-
   open
 - tests: moving ubuntu core from linode to google backend
 - run-checks: remove accidental bashism
 - i18n: simplify NG usage by doing the modulo math in-package.
 - snap/squashfs: set timezone when calling unsquashfs to get the
   build date
 - timeutil: timeutil.Human(t) gives a human-friendly string for t
 - snap: add autostart app property
 - tests: add support for external backend executions on listing test
 - tests: make interface-broadcom-asic-control test work on rpi
 - configstate: when disable "ssh" we must disable the "sshd" service
 - interfaces/apparmor,system-key: add upperdir snippets for strict
   snaps on livecd
 - snap/squashfs: add BuildDate
 - store: parse the JSON format used by the coming new store API to
   convey snap information
 - many: remove snapd.refresh.{timer,service}
 - tests: adding ubuntu-14.04-64 to the google backend
 - interfaces: add xdg-desktop-portal support to desktop interface
 - packaging/arch: sync with snapd/snapd-git from AUR
 - wrappers, tests/main/snap-service-timer: restore missing commit,
   add spread test for timer services
 - store: don't ask for snap_yaml_raw except on the details endpoint
 - many: generate and use per-snap snap-update-ns profile
 - tests: add debug for layout test
 - wrappers: detect whether systemd-analyze can be used in unit tests
 - osutil: allow creating strings out of MountInfoEntry
 - servicestate: use systemctl enable+start and disable+stop instead
   of --now flag
 - osutil: handle file being matched by multiple patterns
 - daemon, snap: fix InstallDate, make a method of *snap.Info
 - wrappers: timer services
 - wrappers: generator for systemd OnCalendar schedules
 - asserts: fix flaky storeSuite.TestCheckAuthority
 - tests: fix dependency for ubuntu artful
 - spread: start moving towards google backend
 - tests: add a spread test for layouts
 - ifacestate: be consistent passing Retry.After as named field
 - cmd/snap-update-ns: use recursive bind mounts for writable mimic
 - testutil: allow mocking syscall.Fstat
 - overlord/snapstate: verify that default schedule is randomized and
   is  not a single time
 - many: simplify mocking of home-on-NFS
 - cmd/snap-update-ns: use syscall.Symlink instead of os.Symlink
 - store: move infoFromRemote into details.go close to snapDetails
 - userd/tests: Test kdialog calls and mock kdialog too to make tests
   work in KDE
 - cmd/snap: tweaks to 'snap info' (feat. installed->current rename)
 - cmd/snap: add self-strace to `snap run`
 - interfaces/screen-inhibit-control,network-status: fix dbus path
   and interface typos
 - update-pot: Force xgettext() to return true
 - store: cleanup test naming, dropping remoteRepo  and
   UbuntuStore(Repository)? references
 - store: reorg auth refresh

* Wed May 16 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32.9
 - tests: run all spread tests inside GCE
 - tests: build spread in the autopkgtests with a more recent go

* Fri May 11 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32.8
 - snapd.core-fixup.sh: add workaround for corrupted uboot.env

* Fri May 11 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32.7
 - many: add wait command and seeded target (2
 - snapd.core-fixup.sh: add workaround for corrupted uboot.env
 - boot: clear "snap_mode" when needed
 - cmd/libsnap: fix compile error on more restrictive gcc
 - tests: cherry-pick commits to move spread to google backend
 - spread.yaml: add cosmic (18.10) to autopkgtest/qemu
 - userd: set up journal logging streams for autostarted apps

* Sun Apr 29 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32.6
 - snap: do not use overly short timeout in `snap
   {start,stop,restart}`
 - interfaces/apparmor: fix incorrect apparmor profile glob
 - tests: detect kernel oops during tests and abort tests in this
   case
 - tests: run interfaces-boradcom-asic-control early
 - tests: skip interfaces-content test on core devices

* Mon Apr 16 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32.5
 - many: add "stop-mode: sig{term,hup,usr[12]}{,-all}" instead of
   conflating that with refresh-mode
 - overlord/snapstate:  poll for up to 10s if a snap is unexpectedly
   not mounted in doMountSnap
 - daemon: support 'system' as nickname of the core snap

* Thu Apr 12 2018 Neal Gompa <ngompa13@gmail.com> - 2.32.4-1
- Release 2.32.4 to Fedora (RH#1553734)

* Wed Apr 11 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32.4
 - cmd/snap: user session application autostart
 - overlord/snapstate: introduce envvars to control the channels for
   bases and prereqs
 - overlord/snapstate: on multi-snap refresh make sure bases and core
   are finished before dependent snaps
 - many: use the new install/refresh /v2/snaps/refresh store API

* Wed Apr 11 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32.3.2
 - errtracker: make TestJournalErrorSilentError work on
   gccgo
 - errtracker: check for whoopsie.service instead of reading
   /etc/whoopsie

* Wed Apr 11 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32.3.1
 - debian: add gbp.conf script to build snapd via `gbp
   buildpackage`
 - tests: add check for OOM error after each test
 - cmd/snap-seccomp: graceful handling of non-multilib host
 - interfaces/shutdown: allow calling SetWallMessage
 - data/selinux: Give snapd access to more aspects of the system
 - daemon,overlord/hookstate: stop/wait for running hooks before
   closing the snapctl socket
 - cmd/snap-confine: ignore missing cgroups in snap-device-helper
 - interfaces: misc updates for default, firewall-control, fuse-
   support and process-control
 - overlord: test fix, address corner case

* Thu Apr 05 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32.3
 - ifacestate: add to the repo also snaps that are pending being
   activated but have a done setup-profiles
 - snapstate: inject autoconnect tasks in doLinkSnap for regular
   snaps
 - cmd/snap-confine: allow creating missing gl32, gl, vulkan dirs
 - errtracker: add more fields to aid debugging
 - interfaces: make system-key more robust against invalid fstab
   entries
 - cmd/snap-mgmt: remove timers, udev rules, dbus policy files
 - overlord,interfaces: be more vocal about broken snaps and read
   errors
 - osutil: fix fstab parser to allow for # in field values

* Sat Mar 31 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32.2
 - interfaces/content: add rule so slot can access writable files at
   plug's mountpoint
 - tests: adjust canonical-livepatch test on GCE
 - interfaces/serial: change pattern not to exclude /dev/ttymxc
 - spread.yaml: switch Fedora 27 tests to manual
 - store: Sections and WriteCatalogs need to strictly send device
   auth only if the device has a custom store
 - configstate: give a chance to immediately recompute the next
   refresh time when schedules are set
 - cmd/snap-confine: attempt to detect if multiarch host uses arch
   triplets
 - vendor: update gopkg.in/yaml.v2 to the latest version (#4945)

* Mon Mar 26 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32.1
 - cmd/snapd: make sure signal handlers are established during early
   daemon startup
 - osutil: use tilde suffix for temporary files used for atomic
   replacement
 - cmd/snap-confine: apparmor: allow creating prefix path for
   gl/vulkan
 - tests: disentangle etc vs extrausers in core tests
 - packaging: fix changelogs' typo

* Sat Mar 24 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.32
 - snap: make `snap run` look at the system-key for security profiles
 - overlord/configstate: change how ssh is stopped/started
 - cmd/snap-confine: nvidia: preserve globbed file prefix
 - advisor: deal with missing commands.db file
 - interfaces,release: probe seccomp features lazily
 - interfaces: harden snap-update-ns profile
 - polkit: Pass caller uid to PolicyKit authority
 - tests: change debug for layout test
 - cmd/snap-confine: don't use per-snap s-u-n profile
 - many: backported fixes for layouts and symlinks
 - cmd/snap-confine: nvidia: add tls/libnvidia-tls.so* glob
 - cmd/snap-update-ns: use x-snapd.{synthetic,needed-by} in practice
 - snap: Call SanitizePlugsSlots from InfoFromSnapYaml
 - cmd/snap-confine: fix ptrace rule with snap-confine peer
 - tests: update tests to deal with s390x quirks
 - snapstate: add compat mode for default-provider"snapname:ifname"
 - snap-confine: fallback to /lib/udev/snappy-app-dev if the core is
   older
 - tests: a bunch of test fixes for s390x from looking at the
   autopkgtest logs
 - packaging: recommend "gnupg" instead of "gnupg1 | gnupg"
 - interfaces/builtin: let MM change qmi device attributes
 - debian: undo snap.mount system unit removal
 - snap: don't create empty Change with "Hold" state on disconnect
 - tests: add workaround for s390x failure
 - tests: make autopkgtest tests more targeted
 - many: propagate contexts enough to be able to mark store
   operations done from the Ensure loop
 - store: cleanup test naming, dropping remoteRepo and
   UbuntuStore(Repository)? references
 - store: reorg auth refresh
 - tests: autopkgtest may have non edge core too
 - data: translate polkit strings
 - snapstate: put layout feature behind feature flag
 - errtracker: respect the /etc/whoopsie configuration
 - overlord/snapstate: hold refreshes for 2h after seeding on classic
 - many: cherry-pick relevant `go vet` 1.10 fixes to 2.32
 - snap/squashfs: when installing from seed, try symlink before cp
 - wrappers: services which are socket or timer activated should not
   be started during boot
 - many: generate and use per-snap snap-update-ns profile
 - many: support holding refreshes by setting refresh.hold
 - snap-confine, snap-seccomp: utilize new seccomp logging features
 - many: remove snapd.refresh.{timer,service}
 - many: add the snapd-generator
 - polkit: do not shadow dbus errors, avoid panic in case of errors
 - polkit: ensure error is properly set if dialog is dismissed
 - xdgopenproxy: integrate xdg-open implementation into snapctl
 - userd: add an OpenFile method for launching local files with xdg-
   open
 - asserts:  use a timestamp for the assertion after the signing key
   has been created
 - ifacestate: be consistent passing Retry.After as named field
 - interfaces/apparmor,system-key: add upperdir snippets for strict
   snaps on livecd
   interfaces/apparmor,system-key: add upperdir snippets for strict
   snaps
 - configstate: when disable "ssh" we must disable the "sshd"
   service
 - store: don't ask for snap_yaml_raw except on the details endpoint
 - osutil: handle file being matched by multiple patterns
 - cmd/snap-update-ns: use recursive bind mounts for writable mimic
 - cmd/snap-update-ns: use syscall.Symlink instead of os.Symlink
 - interfaces/screen-inhibit-control,network-status: fix dbus path
   and interface typos
 - interfaces/network-status: fix use of '/' in interface in DBus
   rule
 - interfaces/screen-inhibit-control: fix use of '.' in path in DBus
   rule
 - overlord/snapstate: fix task iteration order in
   TestDoPrereqRetryWhenBaseInFlight
 - interfaces: add an interface for gnome-online-accounts D-Bus
   service
 - snap: pass full timer spec in `snap run --timer`
 - cmd/snap: introduce `snap run --timer`
 - snapstate: auto install default-providers for content snaps
 - hooks/strutil: limit the number of data read from the hooks to
   avoid oom
 - osutil: aggregate mockable symbols
 - tests: make sure snapd is running before attempting to remove
   leftover snaps
 - timeutil: account for 24h wrap when flattening clock spans
 - many: send  new Snap-CDN header with none or with cloud instance
   placement info as needed
 - cmd/snap-update-ns,testutil: move syscall testing helpers
 - tests: disable interfaces-location-control on s390x
 - tests: new spread test for gpio-memory-control interface
 - tests: spread test for broadcom-asic-control interface
 - tests: make restore of interfaces-password-manager-service more
   robust
 - tests/lib/prepare-restore: sync journal before rotating and
   vacuuming
 - overlord/snapstate: use spread in the default refresh schedule
 - tests: fixes for autopkgtest in bionic
 - timeutil: introduce helpers for checking it time falls inside the
   schedule
 - cmd/snap-repair,httputil: set snap-repair User-Agent on requests
 - vendor: resync formatting of vendor.json
 - snapstate/ifacestate: auto-connect tasks
 - cmd/snap: also include tracking channel in list output.
 - interfaces/apparmor: use snap revision with surrounding '.' when
   replacing in glob
 - debian,vendor: import github.com/snapcore/squashfs and use
 - many: implement "refresh-mode: {restart,endure,...}" for services
 - daemon: make the ast-inspecting test smarter; drop 'exceptions'
 - tests: new spread test for kvm interface
 - cmd/snap: tweaks to 'snap info' output
 - snap: remove underscore from version validator regexp
 - testutil: add File{Matches,Equals,Contains} checkers.
 - snap: improve the version validator's error messages.
 - osutil: refactor EnsureFileState to separate out the comparator
 - timeutil: fix scheduling on nth weekday of the month
 - cmd/snap-update-ns: small refactor for upcoming per-user mounts
 - many: rename snappy-app-dev to snap-device-helper
 - systemd: add default target for timers
 - interfaces: miscellaneous policy updates for home, opengl, time-
   control, network, et al
 - cmd/snap: linter cleanups
 - interfaces/mount: generate per-user mount profiles
 - cmd/snap: use proper help strings for `snap userd --help`
 - packaging: provide a compat symlink for snappy-app-dev
 - interfaces/time-control,netlink-audit: adjust for util-linux
   compiled with libaudit
 - tests: adding new test to validate the raw-usb interface
 - snap: add support for `snap run --gdb`
 - interfaces/builtin: allow MM to access login1
 - packaging: fix build on sbuild
 - store: revert PR#4532 and do not display displayname
 - interfaces/mount: add support for per-user mount entries
 - cmd/system-shutdown: move sync to be even more pessimistic
 - osutil: reimplement IsMounted with LoadMountInfo
 - tests/main/ubuntu-core-services: enable snapd.refresh.timer for
   the test
 - many: don't allow layout construction to silently fail
 - interfaces/apparmor: ensure snap-confine profile for reexec is
   current
 - interfaces/apparmor: generalize apparmor load and unload helpers
 - tests: removing packages which are not needed anymore to generate
   random data
 - snap: improve `snap run` comments/naming
 - snap: allow options for --strace, e.g. `snap run --strace="-tt"`
 - tests: fix spread test failures on 18.04
 - systemd: update comment on SocketsTarget
 - osutil: add and update docstrings
 - osutil: parse mount entries without options field
 - interfaces: mock away real mountinfo/fstab
 - many: move /lib/udev/snappy-app-dev to /usr/lib/snapd/snappy-app-
   dev
 - overlord/snapstate/backend: perform cleanup if snap setup fails
 - tests/lib/prepare: disable snapd.refresh.timer
 - daemon: remove redundant UserOK markings from api commands
 - snap: introduce  timer service data types and validation
 - cmd/snap: fix UX of snap services
 - daemon: allow `snapctl get` from any uid
 - debian, snap: only static link libseccomp in snap-seccomp on
   ubuntu
 - all: snap versions are now validated
 - many: add nfs-home flag to system-key
 - snap: disallow layouts in various special directories
 - cmd/snap: add help for service commands.
 - devicestate: fix autopkgtest failure in
   TestDoRequestSerialErrorsOnNoHost
 - snap,interfaces: allow using bind-file layouts
 - many: move mount code to osutil
 - snap: understand directories in layout blacklist
 - snap: use custom unsquashfsStderrWriter for unsquashfs error
   detection
 - tests/main/user-data-handling: get rid of ordering bug
 - snap: exclude `gettimeofday` from `snap run --strace`
 - tests: check if snapd.socket is active before stoping it
 - snap: sort layout elements before validating
 - strutil: introducing MatchCounter
 - snap: detect unsquashfs write failures
 - spread: add missing ubuntu-18.04-arm64 to available autopkgtest
   machines
 - cmd/snap-confine: allow mounting anywhere, effectively
 - daemon: improve ucrednet code for the snap.socket
 - release, interfaces: add new release.AppArmorFeatures helper
 - snap: apply some golint suggestions
 - many: add interfaces.SystemKey() helper
 - tests: new snaps to test installs nightly
 - tests: skip alsa interface test when the system does not have any
   audio devices
 - debian/rules: workaround for
   https://github.com/golang/go/issues/23721
 - interfaces/apparmor: early support for snap-update-ns snippets
 - wrappers: cleanup enabled service sockets
 - cmd/snap-update-ns: large refactor / update of unit tests
 - interfaces/apparmor: remove leaked future layout code
 - many: allow constructing layouts (phase 1)
 - data/systemd: for debugging/testing use /etc/environment also for
   snap-repair runs
 - cmd/snap-confine: create lib/{gl,gl32,vulkan} under /var/lib/snapd
   and chown as root:root
 - overlord/configstate/config: make [GS]etSnapConfig use *RawMessage
 - daemon: refactor snapFooMany helpers a little
 - cmd/snap-confine: allow snap-update-ns to chown things
 - interfaces/apparmor: use a helper to set the scope
 - overlord/configstate/config: make SetSnapConfig delete on empty
 - osutil: make MkdirAllChown clean the path passed in
 - many: at seeding try to capture cloud information into core config
   under "cloud"
 - cmd/snap: add completion conversion helper to increase DRY
 - many: remove "content" argument from snaptest.MockSnap()
 - osutil: allow using many globs in EnsureDirState
 - cmd/snap-confine: fix read-only filesystem when mounting nvidia
   files in biarch
 - tests: use root path to /home/test/tmp to avoid lack of space
   issue
 - packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
   packaging
 - tests: update kill-timeout focused on making tests pass on boards
 - advisor: ensure commands.db has mode 0644 and add test
 - snap: improve validation of snap layouts
 - tests: ensure disabled services are masked
 - interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
 - systemd, wrappers: start all snap services in one systemctl call
 - mir: software clients need access to shared memory /dev/shm/#*
 - snap: add support for `snap advise-snap pkgName`
 - snap: fix command-not-found on core devices
 - tests: new spead test for openvswitch-support interface
 - tests: add integration for local snap licenses
 - config: add (Get|Set)SnapConfig to do bulk config e.g. from
   snapshots
 - cmd/snap: display snap license information
 - tests: enable content sharing test for $SNAP
 - osutil: add ContextWriter and RunWithContext helpers.
 - osutil: add DirExists and IsDirNotExist

* Fri Mar 09 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.31.2
 - many: add the snapd-generator
 - polkit: ensure error is properly set if dialog is dismissed
 - xdgopenproxy: integrate xdg-open implementation into snapctl
 - userd: add an OpenFile method for launching local files with xdg-
   open
 - configstate: when disable "ssh" we must disable the "sshd"
   service
 - many: remove snapd.refresh.{timer,service}
 - interfaces/builtin: allow MM to access login1
 - timeutil: account for 24h wrap when flattening clock spans
 - interfaces/screen-inhibit-control,network-status: fix dbus path
   and interface typos
 - systemd, wrappers: start all snap services in one systemctl
   call
 - tests: disable interfaces-location-control on s390x

* Mon Mar 05 2018 Neal Gompa <ngompa13@gmail.com> - 2.31.1-2
- Fix dependencies for devel subpackage

* Sun Mar 04 2018 Neal Gompa <ngompa13@gmail.com> - 2.31.1-1
- Release 2.31.1 to Fedora (RH#1542483)
- Drop all backported patches as they're part of this release

* Tue Feb 20 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.31.1
 - tests: multiple autopkgtest related fixes for 18.04
 - overlord/snapstate: use spread in the default refresh schedule
 - timeutil: fix scheduling on nth weekday of the month
 - interfaces: miscellaneous policy updates for home, opengl, time-
   control, network, et al
 - cmd/snap: use proper help strings for `snap userd --help`
 - interfaces/time-control,netlink-audit: adjust for util-linux
   compiled with libaudit
 - rules: do not static link on powerpc
 - packaging: revert LDFLAGS rewrite again after building snap-
   seccomp
 - store: revert PR#4532 and do not display displayname
 - daemon: allow `snapctl get` from any uid
 - debian, snap: only static link libseccomp in snap-seccomp on
   ubuntu
 - daemon: improve ucrednet code for the snap.socket

* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.30-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Tue Feb 06 2018 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.31
 - cmd/snap-confine: allow snap-update-ns to chown things
 - cmd/snap-confine: fix read-only filesystem when mounting nvidia
   files in biarch
 - packaging: create /var/lib/snapd/lib/{gl,gl32,vulkan} as part of
   packaging
 - advisor: ensure commands.db has mode 0644 and add test
 - interfaces/desktop-legacy,unity7: support gtk2/gvfs gtk_show_uri()
 - snap: improve validation of snap layoutsRules for validating
   layouts:
 - snap: fix command-not-found on core devices
 - cmd/snap: display snap license information
 - tests: enable content sharing test for $SNAP
 - userd: add support for a simple UI that can be used from userd
 - snap-confine/nvidia: Support legacy biarch trees for GLVND systems
 - tests: generic detection of gadget and kernel snaps
 - cmd/snap-update-ns: refactor and improve Change.Perform to handle
   EROFS
 - cmd/snap: improve output when snaps were found in a section or the
   section is invalid
 - cmd/snap-confine,tests: hide message about stale base snap
 - cmd/snap-mgmt: fix out of source tree build
 - strutil/quantity: new package that exports formatFoo (from
   progress)
 - cmd/snap: snap refresh --time with new and legacy schedules
 - state: unknown tasks handler
 - cmd/snap-confine,data/systemd: fix removal of snaps inside LXD
 - snap: add io.snapcraft.Settings to `snap userd`
 - spread: remove more EOLed releases
 - snap: tidy up top-level help output
 - snap: fix race in `snap run --strace`
 - tests: update "searching" test to match store changes
 - store: use the "publisher" when populating the "publisher" field
 - snap: make `snap find --section` show all sections
 - tests: new test to validate location control interface
 - many: add new `snap refresh --amend <snap>` command
 - tests/main/kernel-snap-refresh-on-core: skip the whole test if
   edge and stable are the same version
 - tests: set test kernel-snap-refresh-on-core to manual
 - tests: new spread test for interface gpg-keys
 - packaging/fedora: Merge changes from Fedora Dist-Git plus trivial
   fix
 - interfaces: miscellaneous policy updates
 - interfaces/builtin: Replace Solus support with GLVND support
 - tests/main/kernel-snap-refresh-on-core: do not fail if edge and
   stable kernels are the same version
 - snap: add `snap run --strace` to be able to strace snap apps
 - tests: new spread test for ssh-keys interface
 - errtracker: include detected virtualisation
 - tests: add new kernel refresh/revert test for spread-cron
 - interfaces/builtin: blacklist zigbee dongle
 - cmd/snap-confine: discard stale mount namespaces
 - cmd: remove unused execArg0/execEnv
 - snap,interfaces/mount: disallow nobody/nogroup
 - cmd/snap: improve `snap aliases` output when no aliases are
   defined
 - tests/lib/snaps/test-snapd-service: refactor service reload
 - tests: new spread test for gpg-public-keys interface
 - tests: new spread test for ssh-public-keys interface
 - spread: setup machine creation on Linode
 - interfaces/builtin: allow introspecting UDisks2
 - interfaces/builtin: add support for content "source" section
 - tests: new spread test for netlink-audit interface
 - daemon: avoid panic'ing building an error response w/no snaps
   given
 - interfaces/mount,snap: early support for snap layouts
 - daemon: unlock state even if RefreshSchedule() fails
 - arch: add "armv8l" to ubuntuArchFromKernelArch table
 - tests: fix for test interface-netlink-connector
 - data/dbus: add AssumedAppArmorLabel=unconfined
 - advisor: use forked bolt to make it work on ppc
 - overlord/snapstate: record the 'kind' of conflicting change
 - dirs: fix snap mount dir on Manjaro
 - overlord/{snapstate,configstate}, daemon: introduce refresh.timer,
   fallback to refresh.schedule
 - config: add support for `snap set core proxy.no_proxy=...`
 - snap-mgmt: extend spread tests, stop, disable and cleanup snap
   services
 - spread.yaml: add fedora 27
 - cmd/snap-confine: allow snap-update-ns to poke writable holes in
   $SNAP
 - packaging/14.04: move linux-generic-lts-xenial to recommends
 - osutil/sys: ppc has 32-bit getuid already
 - snapstate: make no autorefresh message clearer
 - spread: try to enable Fedora once more
 - overlord/snapstate: do a minimal sanity check on containers
 - configcore: ensure config.txt has a final newline
 - cmd/libsnap-confine-private: print failed mount/umount regardless
   of SNAP_CONFINE_DEBUG
 - debian/tests: add missing autopkgtest test dependencies for debian
 - image: port ini handling to goconfigparser
 - tests/main/snap-service-after-before: add test for after/before
   service ordering
 - tests: enabling opensuse for tests
 - tests: update auto-refresh-private to match messages from current
   master
 - dirs: check if distro 'is like' fedora when picking path to
   libexecdir
 - tests: fix "job canceled" issue and improve cleanup for snaps
 - cmd/libsnap-confine-private: add debug build of libsnap-confine-
   private.a, link it into snap-confine-debug
 - vendor: remove x/sys/unix to fix builds on arm64 and powerpc
 - image: let consume snapcraft export-login files from tooling
 - interfaces/mir: allow Wayland socket and non-root sockets
 - interfaces/builtin: use snap.{Plug,Slot}Info over
   interfaces.{Plug,Slot}
 - tests: add simple snap-mgmt test
 - wrappers: autogenerate After/Before in systemd's service files for
   apps
 - snap: add usage hints in `snap download`
 - snap: provide more meaningful errors for installMany and friends
 - cmd/snap: show header/footer when `snap find` is used without
   arguments
 - overlord/snapstate: for Enable's tasks refer to the first task
   with snap-setup, do not duplicate
 - tests: add hard-coded fully expired macaroons to run related tests
 - cmd/snap-update-ns: new test features
 - cmd/snap-update-ns: we don't want to bind mount symlinks
 - interfaces/mount: test OptsToCommonFlags, filter out x-snapd.
   options
 - cmd/snap-update-ns: untangle upcoming cyclic initialization
 - client, daemon: update user's email when logging in with new
   account
 - tests: ensure snap-confine apparmor profile is parsable
 - snap: do not leak internal errors on install/refresh etc
 - snap: fix missing error check when multiple snaps are refreshed
 - spread: trying to re-enable tests on Fedora
 - snap: fix gadget.yaml parsing for multi volume gadgets
 - snap: give the snap.Container interface a Walk method
 - snap: rename `snap advise-command` to `snap advise-snap --command`
 - overlord/snapstate: no refresh just for hints if there was a
   recent regular full refresh
 - progress: switch ansimeter's Spin() to use a spinner
 - snap: support `command-not-found` symlink for `snap advise-
   command`
 - daemon: store email, ID and macaroon when creating a new user
 - snap: app startup after/before validation
 - timeutil: refresh timer take 2
 - store, daemon/api: Rename MyAppsServer, point to
   dashboard.snapcraft.io instead
 - tests: use "quiet" helper instead of "dnf -q" to get errors on
   failures
 - cmd/snap-update-ns: improve mocking for tests
 - many: implement the advisor backend, populate it from the store
 - tests: make less calls to the package manager
 - tests/main/confinement-classic: enable the test on Fedora
 - snap: do not leak internal network errors to the user
 - snap: use stdout instead of stderr for "fetching" message
 - tests: fix test whoami, share successful_login.exp
 - many: refresh with appropriate creds
 - snap: add new `snap advice-command` skeleton
 - tests: add test that ensures we never parse versions as numbers
 - overlord/snapstate: override Snapstate.UserID in refresh if the
   installing user is gone
 - interfaces: allow socket "shutdown" syscall in default profile
 - snap: print friendly message if `snap keys` is empty
 - cmd/snap-update-ns: add execWritableMimic
 - snap: make `snap info invalid-snap` output more user friendly
 - cmd/snap,  tests/main/classic-confinement: fix snap-exec path when
   running under classic confinement
 - overlord/ifacestate: fix disable/enable cycle to setup security
 - snap: fix snap find " " output
 - daemon: add new polkit action to manage interfaces
 - packaging/arch: disable services when removing
 - asserts/signtool: support for building tools on top that fill-
   in/compute some headers
 - cmd: clarify "This leaves %s tracking %s." message
 - daemon: return "bad-query" error kind for store.ErrBadQuery
 - taskrunner/many: KnownTaskKinds helper
 - tests/main/interfaces-fuse_support: fix confinement, allow
   unmount, fix spread tests
 - snap: use the -no-fragments mksquashfs option
 - data/selinux: allow messages from policykit
 - tests: fix catalog-update wait loop
 - tests/lib/prepare-restore: disable rate limiting in journald
 - tests: change interfaces-fuse_support to be debug friendly
 - tests/main/postrm-purge: stop snapd before purge
 - This is an example of test log:https://paste.ubuntu.com/26215170/
 - tests/main/interfaces-fuse_support: dump more debugging
   information
 - interfaces/dbus: adjust slot policy for listen, accept and accept4
   syscalls
 - tests: save the snapd-state without compression
 - tests/main/searching: handle changes in featured snaps list
 - overlord/snapstate: fix auto-refresh summary for 2 snaps
 - overlord/auth,daemon: introduce an explicit auth.ErrInvalidUser
 - interfaces: add /proc/partitions to system-observe (This addresses
   LP#1708527.)
 - tests/lib: introduce helpers for setting up /dev/random using
   /dev/urandom in project prepare
 - tests: new test for interface network status
 - interfaces: interfaces: also add an app/hook-specific udev RUN
   rule for hotplugging
 - tests: fix external backend for tests that need DEBUG output
 - tests: do not disable refresh timer on external backend
 - client: send all snap related bool json fields
 - interfaces/desktop,unity7: allow status/activate/lock of
   screensavers
 - tests/main: source mkpinentry.sh
 - tests: fix security-device-cgroups-serial-port test for rpi and db
 - cmd/snap-mgmt: add more directories for cleanup and refactor
   purge() code
 - snap: YAML and data structures for app before/after ordering
 - tests: set TRUST_TEST_KEYS=false for all the external backends
 - packaging/arch: install snap-mgmt tool
 - tests: add support on tests for cm3 gadget
 - interfaces/removable-media: also allow 'k' (lock)
 - interfaces: use ConnectedPlug/ConnectedSlot types (step 2)
 - interfaces: rename sanitize methods
 - devicestate: fix misbehaving test when using systemd-resolved
 - interfaces: added Ref() helpers, restored more detailed error
   message on spi iface
 - debian: make "gnupg" a recommends
 - interfaces/many: misc updates for default, browser-support,
   opengl, desktop, unity7, x11
 - interfaces: PlugInfo/SlotInfo/ConnectedPlug/ConnectedSlot
   attribute helpers
 - interfaces: update fixme comments
 - tests: make interfaces-snapd-control-with-manage more robust
 - userd: generalize dbusInterface
 - interfaces: use ConnectedPlug/ConnectedSlot types (step 1)
 - hookstate: add compat "configure-snapd" task.
 - config, overlord/snapstate, timeutil: rename ParseSchedule to
   ParseLegacySchedule
 - tests: adding tests for time*-control interfaces
 - tests: new test to check interfaces after reboot the system
 - cmd/snap-mgmt: fixes
 - packaging/opensuse-42.2: package and use snap-mgmt
 - corecfg: also "mask" services when disabling them
 - cmd/snap-mgmt: introduce snap-mgmt tool
 - configstate: simplify ConfigManager
 - interfaces: add gpio-memory-control interface
 - cmd: disable check-syntax-c
 - packaging/arch: add bash-completion as optional dependency
 - corecfg: rename package to overlord/configstate/configcore
 - wrappers: fix unit tests to use dirs.SnapMountDir
 - osutil/sys: reimplement getuid and chown with the right int type
 - interfaces-netlink-connector: fix sourcing snaps.sh

* Thu Jan 25 2018 Neal Gompa <ngompa13@gmail.com> - 2.30-1
- Release 2.30 to Fedora (RH#1527519)
- Backport fix to correctly locate snapd libexecdir on Fedora derivatives (RH#1536895)
- Refresh SELinux policy fix patches with upstream backport version

* Mon Dec 18 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.30
 - tests: set TRUST_TEST_KEYS=false for all the external backends
 - tests: fix external backend for tests that need DEBUG output
 - tests: do not disable refresh timer on external backend
 - client: send all snap related bool json fields
 - interfaces: interfaces: also add an app/hook-specific udev RUN
   rule for hotplugging
 - interfaces/desktop,unity7: allow status/activate/lock of
   screensavers
 - tests/main: source mkpinentry.sh
 - devicestate: use a different nowhere domain
 - interfaces: add ssh-keys, ssh-public-keys, gpg-keys and gpg-public
   keys interfaces
 - interfaces/many: misc updates for default, browser-support, opengl,
   desktop, unity7, x11
 - devicestate: fix misbehaving test when using systemd-resolved
 - interfaces/removable-media: also allow 'k' (lock)
 - interfaces/many: misc updates for default, browser-support,
   opengl, desktop, unity7, x11
 - corecfg: also "mask" services when disabling them
 - tests: add support for autopkgtests on s390x
 - snapstate: support for pre-refresh hook
 - many: allow to configure core before it is installed
 - devicestate: fix unkeyed fields error
 - snap-confine: create mount target for lib32,vulkan on demand
 - snapstate: add support for refresh.schedule=managed
 - cmd/snap-update-ns: teach update logic to handle synthetic changes
 - many: remove configure-snapd task again and handle internally
 - snap: fix TestDirAndFileMethods() test to work with gccgo
 - debian: ensure /var/lib/snapd/lib/vulkan is available
 - cmd/snap-confine: use #include instead of bare include
 - snapstate: store userID in snapstate
 - snapd.dirs: add var/lib/snapd/lib/gl32
 - timeutil, overlod/snapstate: cleanup remaining pieces of timeutil
   weekday support
 - packaging/arch: install missing directories, manpages and version
   info
 - snapstate,store: store if a snap is a paid snap in the sideinfo
 - packaging/arch: pre-create snapd directories when packaging
 - tests/main/manpages: set LC_ALL=C as man may complain if the
   locale is unset or unsupported
 - repo: ConnectedPlug and ConnectedSlot types
 - snapd: fix handling of undo in the taskrunner
 - store: fix download caching and add integration test
 - snapstate: move autorefresh code into autoRefresh helper
 - snapctl: don't error out on start/stop/restart from configure hook
   during install or refresh
 - cmd/snap-update-ns: add planWritableMimic
 - deamon: don't omit responses, even if null
 - tests: add test for frame buffer interface
 - tests/lib: fix shellcheck errors
 - apparmor: generate the snap-confine re-exec profile for
   AppArmor{Partial,Full}
 - tests: remove obsolete workaround
 - snap: use existing files in `snap download` if digest/size matches
 - tests: merge pepare-project.sh into prepare-restore.sh
 - tests: cache snaps to $TESTSLIB/cache
 - tests: set -e, -o pipefail in prepare-restore.sh
 - apparmor: generate the snap-confine re-exec profile for
   AppArmor{Partial,Full}
 - cmd/snap-seccomp: fix uid/gid restrictions tests on Arch
 - tests: document and slightly refactor prepare/restore code
 - snapstate: ensure RefreshSchedule() gives accurate results
 - snapstate: add new refresh-hints helper and use it
 - spread.yaml,tests: move most of project-wide prepare/restore to
   separate file
 - timeutil: introduce helpers for weekdays and TimeOfDay
 - tests: adding new test for uhid interface
 - cmd/libsnap: fix parsing of empty mountinfo fields
 - overlord/devicestate:  best effort to go to early full retries for
   registration on the like of DNS no host
 - spread.yaml: bump delta ref to 2.29
 - tests: adding test to test physical memory observe interface
 - cmd, errtracker: get rid of SNAP_DID_REEXEC environment
 - timeutil: remove support to parse weekday schedules
 - snap-confine: add workaround for snap-confine on 4.13/upstream
 - store: do not log the http body for catalog updates
 - snapstate: move catalogRefresh into its own helper
 - spread.yaml: fix shellcheck issues and trivial refactor
 - spread.yaml: move prepare-each closer to restore-each
 - spread.yaml: increase workers for opensuse to 3
 - tests: force delete when tests are restore to avoid suite failure
 - test: ignore /snap/README
 - interfaces/opengl: also allow read on 'revision' in
   /sys/devices/pci...
 - interfaces/screen-inhibit-control: fix case in screen inhibit
   control
 - asserts/sysdb: panic early if pointed to staging but staging keys
   are not compiled-in
 - interfaces: allow /bin/chown and fchownat to root:root
 - timeutil: include test input in error message in
   TestParseSchedule()
 - interfaces/browser-support: adjust base declaration for auto-
   connection
 - snap-confine: fix snap-confine under lxd
 - store: bit less aggressive retry strategy
 - tests: add new `fakestore new-snap-{declaration,revision}` helpers
 - cmd/snap-update-ns: add secureMkfileAll
 - snap: use field names when initializing composite literals
 - HACKING: fix path in snap install
 - store: add support for flags in ListRefresh()
 - interfaces: remove invalid plugs/slots from SnapInfo on
   sanitization.
 - debian: add missing udev dependency
 - snap/validate: extend socket validation tests
 - interfaces: add "refresh-schedule" attribute to snapd-control
 - interfaces/builtin/account_control: use gid owning /etc/shadow to
   setup seccomp rules
 - cmd/snap-update-ns: tweak changePerform
 - interfaces,tests: skip unknown plug/slot interfaces
 - tests: disable interfaces-network-control-tuntap
 - cmd: use a preinit_array function rather than parsing
   /proc/self/cmdline
 - interfaces/time*_control: explicitly deny noisy read on
   /proc/1/environ
 - cmd/snap-update-ns: misc cleanups
 - snapd: allow hooks to have slots
 - fakestore: add go-flags to prepare for `new-snap-declaration` cmd
 - interfaces/browser-support: add shm path for nwjs
 - many: add magic /snap/README file
 - overlord/snapstate: support completion for command aliases
 - tests: re-enable tun/tap test on Debian
 - snap,wrappers: add support for socket activation
 - repo: use PlugInfo and SlotInfo for permanent plugs/slots
 - tests/interfaces-network-control-tuntap: disable on debian-
   unstable for now
 - cmd/snap-confine: Loosen the NVIDIA Vulkan ICD glob
 - cmd/snap-update-ns: detect and report read-only filesystems
 - cmd/snap-update-ns: re-factor secureMkdirAll into
   secureMk{Prefix,Dir}
 - run-checks, tests/lib/snaps/: shellcheck fixes
 - corecfg: validate refresh.schedule when it is applied
 - tests: adjust test to match stderr
 - snapd: fix snap cookie bugs
 - packaging/arch: do not quote MAKEFLAGS
 - state: add change.LaneTasks helper
 - cmd/snap-update-ns: do not assume 'nogroup' exists
 - tests/lib: handle distro specific grub-editenv naming
 - cmd/snap-confine: Add missing bi-arch NVIDIA filesthe
   `/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl/vdpau` paths within
 - cmd: Support exposing NVIDIA Vulkan ICD files to the snaps
 - cmd/snap-confine: Implement full 32-bit NVIDIA driver support
 - packaging/arch: packaging update
 - cmd/snap-confine: Support bash as base runtime entry
 - wrappers: do not error on incorrect Exec= lines
 - interfaces: fix udev tagging for hooks
 - tests/set-proxy-store: exclude ubuntu-core-16 via systems: key
 - tests: new tests for network setup control and observe interfaces
 - osutil: add helper for obtaining group ID of given file path
 - daemon,overlord/snapstate: return snap-not-installed error in more
   cases
 - interfaces/builtin/lxd_support: allow discovering of host's os-
   release
 - configstate: add support for configure-snapd for
   snapstate.IgnoreHookError
 - tests:  add a spread test for proxy.store setting together with
   store assertion
 - cmd/snap-seccomp: do not use group 'shadow' in tests
 - asserts/assertstest:  fix use of hardcoded value when the passed
   or default keys should be used
 - interfaces/many: misc policy updates for browser-support, cups-
   control and network-status
 - tests: fix xdg-open-compat
 - daemon: for /v2/logs, 404 when no services are found
 - packaging/fedora: Merge changes from Fedora Dist-Git
 - cmd/snap-update-ns: add new helpers for mount entries
 - cmd/snap-confine: Respect biarch nature of libdirs
 - cmd/snap-confine: Ensure snap-confine is allowed to access os-
   release
 - cmd: fix re-exec bug with classic confinement for host snapd <
   2.28
 - interfaces/kmod: simplify loadModules now that errors are ignored
 - tests: disable xdg-open-compat test
 - tests: add test that checks core reverts on core devices
 - dirs: use alt root when checking classic confinement support
   without …
 - interfaces/kmod: treat failure to load module as non-fatal
 - cmd/snap-update-ns: fix golint and some stale comments
 - corecfg:  support setting proxy.store if there's a matching store
   assertion
 - overlord/snapstate: toggle ignore-validation as needed as we do
   for channel
 - tests: fix security-device-cgroup* tests on devices with
   framebuffer
 - interfaces/raw-usb: match on SUBSYSTEM, not SUBSYSTEMS
 - interfaces: add USB interface number attribute in udev rule for
   serial-port interface
 - overlord/devicestate: switch to the new endpoints for registration
 - snap-update-ns: add missing unit test for desired/current profile
   handling
 - cmd/{snap-confine,libsnap-confine-private,snap-shutdown}: cleanup
   low-level C bits
 - ifacestate: make interfaces.Repository available via state cache
 - overlord/snapstate: cleanups around switch-snap*
 - cmd/snapd,client,daemon: display ignore-validation flag through
   the notes mechanism
 - cmd/snap-update-ns: add logging to snap-update-ns
 - many: have a timestamp on store assertions
 - many: lookup and use the URL from a store assertion if one is set
   for use
 - tests/test-snapd-service: fix shellcheck issues
 - tests: new test for hardware-random-control interface
 - tests: use `snap change --last=install` in snapd-reexec test
 - repo, daemon: use PlugInfo, SlotInfo
 - many: handle core configuration internally instead of using the
   core configure hook
 - tests: refactor and expand content interface test
 - snap-seccomp: skip in-kernel bpf tests for socket() in trusty/i386
 - cmd/snap-update-ns: allow Change.Perform to return changes
 - snap-confine: Support biarch Linux distribution confinement
 - partition/ubootenv: don't panic when uboot.env is missing the eof
   marker
 - cmd/snap-update-ns: allow fault injection to provide dynamic
   result
 - interfaces/mount: exspose mount.{Escape,Unescape}
 - snapctl: added long help to stop/start/restart command
 - cmd/snap-update-ns: create missing mount points automatically.
 - cmd: downgrade log message in InternalToolPath to Debugf()
 - tests: wait for service status change & file update in the test to
   avoid races
 - daemon, store: forward SSO invalid credentials errors as 401
   Unauthorized responses
 - spdx: fix for WITH syntax, require a license name before the
   operator
 - many: reorg things in preparation to make handling of the base url
   in store dynamic
 - hooks/configure: queue service restarts
 - cmd/snap: warn when a snap is not from the tracking channel
 - interfaces/mount: add support for parsing x-snapd.{mode,uid,gid}=
 - cmd/snap-confine: add detection of stale mount namespace
 - interfaces: add plugRef/slotRef helpers for PlugInfo/SlotInfo
 - tests: check for invalid udev files during all tests
 - daemon: use newChange() in changeAliases for consistency
 - servicestate: use taskset
 - many: add support for /home on NFS
 - packaging,spread: fix and re-enable opensuse builds

* Sun Dec 17 2017 Neal Gompa <ngompa13@gmail.com> - 2.29.4-3
- Add patch to SELinux policy to allow snapd to receive replies from polkit

* Sun Nov 19 2017 Neal Gompa <ngompa13@gmail.com> - 2.29.4-2
- Add missing bash completion files and cache directory

* Sun Nov 19 2017 Neal Gompa <ngompa13@gmail.com> - 2.29.4-1
- Release 2.29.4 to Fedora (RH#1508433)
- Install Polkit configuration (RH#1509586)
- Drop changes to revert cheggaaa/pb import path used

* Fri Nov 17 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.29.4
 - snap-confine: fix snap-confine under lxd
 - tests: disable classic-ubuntu-core-transition on i386 temporarily
 - many: reject bad plugs/slots
 - interfaces,tests: skip unknown plug/slot interfaces
 - store: enable "base" field from the store
 - packaging/fedora: Merge changes from Fedora Dist-Git

* Thu Nov 09 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.29.3
 - daemon: cherry-picked /v2/logs fixes
 - cmd/snap-confine: Respect biarch nature of libdirs
 - cmd/snap-confine: Ensure snap-confine is allowed to access os-
   release
 - interfaces: fix udev tagging for hooks
 - cmd: fix re-exec bug with classic confinement for host snapd
 - tests: disable xdg-open-compat test
 - cmd/snap-confine: add slave PTYs and let devpts newinstance
   perform mediation
 - interfaces/many: misc policy updates for browser-support, cups-
   control and network-status
 - interfaces/raw-usb: match on SUBSYSTEM, not SUBSYSTEMS
 - tests: fix security-device-cgroup* tests on devices with
   framebuffer

* Fri Nov 03 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.29.2
  - snapctl: disable stop/start/restart (2.29)
  - cmd/snap-update-ns: fix collection of changes made

* Fri Nov 03 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.29.1
 - interfaces: fix incorrect signature of ofono DBusPermanentSlot
 - interfaces/serial-port: udev tag plugged slots that have just
   'path' via KERNEL
 - interfaces/hidraw: udev tag plugged slots that have just 'path'
   via KERNEL
 - interfaces/uhid: unconditionally add existing uhid device to the
   device cgroup
 - cmd/snap-update-ns: fix mount rules for font sharing
 - tests: disable refresh-undo test on trusty for now
 - tests: use `snap change --last=install` in snapd-reexec test
 - Revert " wrappers: fail install if exec-line cannot be re-written
 - interfaces: don't udev tag devmode or classic snaps
 - many: make ignore-validation sticky and send the flag with refresh
   requests

* Mon Oct 30 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.29
 - interfaces/many: miscellaneous updates based on feedback from the
   field
 - snap-confine: allow reading uevents from any where in /sys
 - spread: add bionic beaver
 - debian: make packaging/ubuntu-14.04/copyright a real file again
 - tests: cherry pick the fix for services test into 2.29
 - cmd/snap-update-ns: initialize logger
 - hooks/configure: queue service restarts
 - snap-{confine,seccomp}: make @unrestricted fully unrestricted
 - interfaces: clean system apparmor cache on core device
 - debian: do not build static snap-exec on powerpc
 - snap-confine: increase sanity_timeout to 6s
 - snapctl: cherry pick service commands changes
 - cmd/snap: tell translators about arg names and descs req's
 - systemd: run all mount units before snapd.service to avoid race
 - store: add a test to show auth failures are forwarded by doRequest
 - daemon: convert ErrInvalidCredentials to a 401 Unauthorized error.
 - store: forward on INVALID_CREDENTIALS error as
   ErrInvalidCredentials
 - daemon: generate a forbidden response message if polkit dialog is
   dismissed
 - daemon: Allow Polkit authorization to cancel changes.
 - travis: switch to container based test runs
 - interfaces: reduce duplicated code in interface tests mocks
 - tests: improve revert related testing
 - interfaces: sanitize plugs and slots early in ReadInfo
 - store: add download caching
 - preserve TMPDIR and HOSTALIASES across snap-confine invocation
 - snap-confine: init all arrays with `= {0,}`
 - tests: adding test for network-manager interface
 - interfaces/mount: don't generate legacy per-hook/per-app mount
   profiles
 - snap: introduce structured epochs
 - tests: fix interfaces-cups-control test for cups-2.2.5
 - snap-confine: cleanup incorrectly created nvidia udev tags
 - cmd/snap-confine: update valid security tag regexp
 - cmd/libsnap: enable two stranded tests
 - cmd,packaging: enable apparmor on openSUSE
 - overlord/ifacestate: refresh all security backends on startup
 - interfaces/dbus: drop unneeded check for
   release.ReleaseInfo.ForceDevMode
 - dbus: ensure io.snapcraft.Launcher.service is created on re-
   exec
 - overlord/auth: continue for now supporting UBUNTU_STORE_ID if the
   model is generic-classic
 - snap-confine: add support for handling /dev/nvidia-modeset
 - interfaces/network-control: remove incorrect rules for tun
 - spread: allow setting SPREAD_DEBUG_EACH=0 to disable debug-each
   section
 - packaging: remove .mnt files on removal
 - tests: fix econnreset scenario when the iptables rule was not
   created
 - tests: add test for lxd interface
 - run-checks: use nakedret static checker to check for naked
   returns on long functions
 - progress: be more flexible in testing ansimeter
 - interfaces: fix udev rules for tun
 - many: implement our own ANSI-escape-using progress indicator
 - snap-exec: update tests to follow main_test pattern
 - snap: support "command: foo $ENV_STRING"
 - packaging: update nvidia configure options
 - snap: add new `snap pack` and use in tests
 - cmd: correctly name the "Ubuntu" and "Arch" NVIDIA methods
 - cmd: add autogen case for solus
 - tests: do not use http://canihazip.com/ which appears to be down
 - hooks: commands for controlling own services from snapctl
 - snap: refactor cmdGet.Execute()
 - interfaces/mount: make Change.Perform testable and test it
 - interfaces/mount,cmd/snap-update-ns: move change code
 - snap-confine: is_running_on_classic_distribution() looks into os-
   release
 - interfaces: misc updates for default, browser-support, home and
   system-observe
 - interfaces: deny lttng by default
 - interfaces/lxd: lxd slot implementation can also be an app snap
 - release,cmd,dirs: Redo the distro checks to take into account
   distribution families
 - cmd/snap: completion for alias and unalias
 - snap-confine: add new SC_CLEANUP and use it
 - snap: refrain from running filepath.Base on random strings
 - cmd/snap-confine: put processes into freezer hierarchy
 - wrappers: fail install if exec-line cannot be re-written
 - cmd/snap-seccomp,osutil: make user/group lookup functions public
 - snapstate: deal with snap user data in the /root/ directory
 - interfaces: Enhance full-confinement support for biarch
   distributions
 - snap-confine: Only attempt to copy/mount NVIDIA libs when NVIDIA
   is used
 - packaging/fedora: Add Fedora 26, 27, and Rawhide symlinks
 - overlord/snapstate: prefer a smaller corner case for doing the
   wrong thing
 - cmd/snap-repair:  set user agent for snap-repair http requests
 - packaging: bring down the delta between 14.04 and 16.04
 - snap-confine: Ensure lib64 biarch directory is respected
 - snap-confine: update apparmor rules for fedora based base snaps
 - tests: Increase SNAPD_CONFIGURE_HOOK_TIMEOUT to 3 minutes to
   install real snaps
 - daemon: use client.Snap instead of map[string]interface{} for
   snaps.
 - hooks: rename refresh hook to post-refresh
 - git: make the .gitingore file a bit more targeted
 - interfaces/opengl: don't udev tag nvidia devices and use snap-
   confine instead
 - cmd/snap-{confine,update-ns}: apply mount profiles using snap-
   update-ns
 - cmd: update "make hack"
 - interfaces/system-observe: allow clients to enumerate DBus
   connection names
 - snap-repair: implement `snap-repair {list,show}`
 - dirs,interfaces: create snap-confine.d on demand when re-executing
 - snap-confine: fix base snaps on core
 - cmd/snap-repair: fix tests when running as root
 - interfaces: add Connection type
 - cmd/snap-repair: skip disabled repairs
 - cmd/snap-repair: prefer leaking unmanaged fds on test failure over
   closing random ones
 - snap-repair: make `repair` binary available for repair scripts
 - snap-repair: fix missing Close() in TestStatusHappy
 - cmd/snap-confine,packaging: import snapd-generated policy
 - cmd/snap: return empty document if snap has no configuration
 - snap-seccomp: run secondary-arch tests via gcc-multilib
 - snap: implement `snap {repair,repairs}` and pass-through to snap-
   repair
 - interfaces/builtin: allow receiving dbus messages
 - snap-repair: implement `snap-repair {done,skip,retry}`
 - data/completion: small tweak to snap completion snippet
 - dirs: fix classic support detection
 - cmd/snap-repair: integrate root public keys for repairs
 - tests: fix ubuntu core services
 - tests: add new test that checks that the compat snapd-xdg-open
   works
 - snap-confine: improve error message if core/u-core cannot be found
 - tests: only run tests/regression/nmcli on amd64
 - interfaces: mount host system fonts in desktop interface
 - interfaces: enable partial apparmor support
 - snapstate: auto-install missing base snaps
 - spread: work around temporary packaging issue in debian sid
 - asserts,cmd/snap-repair: introduce a mandatory summary for repairs
 - asserts,cmd/snap-repair: represent RepairID internally as an int
 - tests: test the real "xdg-open" from the core snap
 - many: implement fetching sections and package names periodically.
 - interfaces/network: allow using netcat as client
 - snap-seccomp, osutil: use osutil.AtomicFile in snap-seccomp
 - snap-seccomp: skip mknod syscall on arm64
 - tests: add trivial canonical-livepatch test
 - tests: add test that ensures that all core services are working
 - many: add logger.MockLogger() and use it in the tests
 - snap-repair: fix test failure in TestRepairHitsTimeout
 - asserts: add empty values check in HeadersFromPrimaryKey
 - daemon: remove unused installSnap var in test
 - daemon: reach for Overlord.Loop less thanks to overlord.Mock
 - snap-seccomp: manually resolve socket() call in tests
 - tests: change regex used to validate installed ubuntu core snap
 - cmd/snapctl: allow snapctl -h without a context (regression fix).
 - many: use snapcore/snapd/i18n instead of i18n/dumb
 - many: introduce asserts.NotFoundError replacing both ErrNotFound
   and store.AssertionNotFoundError
 - packaging: don't include any marcos in comments
 - overlord: use overlord.Mock in more tests, make sure we check the
   outcome of Settle
 - tests: try to fix staging tests
 - store: simplify api base url config
 - systemd: add systemd.MockJournalctl()
 - many: provide systemd.MockSystemctl() helper
 - tests: improve the listing test to not fail for e.g. 2.28~rc2
 - snapstate: give snapmgrTestSuite.settle() more time to settle
 - tests: fix regex to check core version on snap list
 - debian: update trusted account-keys check on 14.04 packaging
 - interfaces: add udev netlink support to hardware-observe
 - overlord: introduce Mock which enables to use Overlord.Settle for
   settle in many more places
 - snap-repair: execute the repair and capture logs/status
 - tests: run the tests/unit/go everywhere
 - daemon, snapstate: move ensureCore from daemon/api.go into
   snapstate.go
 - cmd/snap: get keys or root document
 - spread.yaml: turn suse to manual given that it's breaking master
 - many: configure store from state, reconfigure store at runtime
 - osutil: AtomicWriter (an io.Writer), and io.Reader versions of
   AtomicWrite*
 - tests: check for negative syscalls in runBpf() and skip those
   tests
 - docs: use abolute path in PULL_REQUEST_TEMPLATE.md
 - store: move device auth endpoint uris to config (#3831)

* Sat Oct 14 2017 Neal Gompa <ngompa13@gmail.com> - 2.28.5-2
- Properly fix the build for Fedora 25
- Incorporate misc build fixes

* Sat Oct 14 2017 Neal Gompa <ngompa13@gmail.com> - 2.28.5-1
- Release 2.28.5 to Fedora (RH#1502186)
- Build snap-exec and snap-update-ns statically to support base snaps

* Fri Oct 13 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.28.5
  - snap-confine: cleanup broken nvidia udev tags
  - cmd/snap-confine: update valid security tag regexp
  - overlord/ifacestate: refresh udev backend on startup
  - dbus: ensure io.snapcraft.Launcher.service is created on re-
    exec
  - snap-confine: add support for handling /dev/nvidia-modeset
  - interfaces/network-control: remove incorrect rules for tun

* Thu Oct 12 2017 Neal Gompa <ngompa13@gmail.com> - 2.28.4-1
- Release 2.28.4 to Fedora (RH#1501141)
- Drop distro check backport patches (released with 2.28.2)

* Wed Oct 11 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.28.4
  - interfaces/opengl: don't udev tag nvidia devices and use snap-
    confine instead
  - debian: fix replaces/breaks for snap-xdg-open (thanks to apw!)

* Wed Oct 11 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.28.3
  - interfaces/lxd: lxd slot implementation can also be an app
    snap

* Tue Oct 10 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.28.2
  - interfaces: fix udev rules for tun
  - release,cmd,dirs: Redo the distro checks to take into account
    distribution families

* Sun Oct 08 2017 Neal Gompa <ngompa13@gmail.com> - 2.28.1-1
- Release 2.28.1 to Fedora (RH#1495852)
- Drop userd backport patches, they are part of 2.28 release
- Backport changes to rework distro checks to fix derivative distro usage of snapd
- Revert import path change for cheggaaa/pb as it breaks build on Fedora
- Add a posttrans relabel to snapd-selinux to ensure everything is labeled correctly

* Wed Sep 27 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.28.1
  - snap-confine: update apparmor rules for fedora based basesnaps
  - snapstate: rename refresh hook to post-refresh for consistency

* Mon Sep 25 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.28
 - hooks: rename refresh to after-refresh
 - snap-confine: bind mount /usr/lib/snapd relative to snap-confine
 - cmd,dirs: treat "liri" the same way as "arch"
 - snap-confine: fix base snaps on core
 - hooks: substitute env vars when executing hooks
 - interfaces: updates for default, browser-support, desktop, opengl,
   upower and stub-resolv.conf
 - cmd,dirs: treat manjaro the same as arch
 - systemd: do not run auto-import and repair services on classic
 - packaging/fedora: Ensure vendor/ is empty for builds and fix spec
   to build current master
 - many: fix TestSetConfNumber missing an Unlock and other fragility
   improvements
 - osutil: adjust StreamCommand tests for golang 1.9
 - daemon: allow polkit authorisation to install/remove snaps
 - tests: make TestCmdWatch more robust
 - debian: improve package description
 - interfaces: add netlink kobject uevent to hardware observe
 - debian: update trusted account-keys check on 14.04 packaging
 - interfaces/network-{control,observe}: allow receiving
   kobject_uevent() messages
 - tests: fix lxd test for external backend
 - snap-confine,snap-update-ns: add -no-pie to fix FTBFS on
   go1.7,ppc64
 - corecfg: mock "systemctl" in all corecfg tests
 - tests: fix unit tests on Ubuntu 14.04
 - debian: add missing flags when building static snap-exec
 - many: end-to-end support for the bare base snap
 - overlord/snapstate: SetRootDir from SetUpTest, not in just some
   tests
 - store: have an ad-hoc method on cfg to get its list of uris for
   tests
 - daemon: let client decide whether to allow interactive auth via
   polkit
 - client,daemon,snap,store: add license field
 - overlord/snapstate: rename HasCurrent to IsInstalled, remove
   superfluous/misleading check from All
 - cmd/snap: SetRootDir from SetUpTest, not in just some individual
   tests.
 - systemd: rename snap-repair.{service,timer} to snapd.snap-
   repair.{service,timer}
 - snap-seccomp: remove use of x/net/bpf from tests
 - httputil: more naive per go version way to recreate a default
   transport for tls reconfig
 - cmd/snap-seccomp/main_test.go: add one more syscall for arm64
 - interfaces/opengl: use == to compare, not =
 - cmd/snap-seccomp/main_test.go: add syscalls for armhf and arm64
 - cmd/snap-repair: track and use a lower bound for the time for
   TLS checks
 - interfaces: expose bluez interface on classic OS
 - snap-seccomp: add in-kernel bpf tests
 - overlord: always try to get a serial, lazily on classic
 - tests: add nmcli regression test
 - tests: deal with __PNR_chown on aarch64 to fix FTBFS on arm64
 - tests: add autopilot-introspection interface test
 - vendor: fix artifact from manually editing vendor/vendor.json
 - tests: rename complexion to test-snapd-complexion
 - interfaces: add desktop and desktop-legacy
   interfaces/desktop: add new 'desktop' interface for modern DEs*
   interfaces/builtin/desktop_test.go: use modern testing techniques*
   interfaces/wayland: allow read on /etc/drirc for Plasma desktop*
   interfaces/desktop-legacy: add new 'legacy' interface (currently
   for a11y and input)
 - tests: fix race in snap userd test
 - devices/iio: add read/write for missing sysfs entries
 - spread: don't set HTTPS?_PROXY for linode
 - cmd/snap-repair: check signatures of repairs from Next
 - env: set XDG_DATA_DIRS for wayland et.al.
 - interfaces/{default,account-control}: Use username/group instead
   of uid/gid
 - interfaces/builtin: use udev tagging more broadly
 - tests: add basic lxd test
 - wrappers: ensure bash completion snaps install on core
 - vendor: use old golang.org/x/crypto/ssh/terminal to build on
   powerpc again
 - docs: add PULL_REQUEST_TEMPLATE.md
 - interfaces: fix network-manager plug
 - hooks: do not error out when hook is optional and no hook handler
   is registered
 - cmd/snap: add userd command to replace snapd-xdg-open
 - tests: new regex used to validate the core version on extra snaps
   ass...
 - snap: add new `snap switch` command
 - tests: wait more and more debug info about fakestore start issues
 - apparmor,release: add better apparmor detection/mocking code
 - interfaces/i2c: adjust sysfs rule for alternate paths
 - interfaces/apparmor: add missing call to dirs.SetRootDir
 - cmd: "make hack" now also installs snap-update-ns
 - tests: copy files with less verbosity
 - cmd/snap-confine: allow using additional libraries required by
   openSUSE
 - packaging/fedora: Merge changes from Fedora Dist-Git
 - snapstate: improve the error message when classic confinement is
   not supported
 - tests: add test to ensure amd64 can run i386 syscall binaries
 - tests: adding extra info for fakestore when fails to start
 - tests: install most important snaps
 - cmd/snap-repair: more test coverage of filtering
 - squashfs: remove runCommand/runCommandWithOutput as we do not need
   it
 - cmd/snap-repair: ignore superseded revisions, filter on arch and
   models
 - hooks: support for refresh hook
 - Partial revert "overlord/devicestate, store: update device auth
   endpoints URLs"
 - cmd/snap-confine: allow reading /proc/filesystems
 - cmd/snap-confine: genearlize apparmor profile for various lib
   layout
 - corecfg: fix proxy.* writing and add integration test
 - corecfg: deal with system.power-key-action="" correctly
 - vendor: update vendor.json after (presumed) manual edits
 - cmd/snap: in `snap info`, don't print a newline between tracks
 - daemon: add polkit support to /v2/login
 - snapd,snapctl: decode json using Number
 - client: fix go vet 1.7 errors
 - tests: make 17.04 shellcheck clean
 - tests: remove TestInterfacesHelp as it breaks when go-flags
   changes
 - snapstate: undo a daemon restart on classic if needed
 - cmd/snap-repair: recover brand/model from
   /var/lib/snapd/seed/assertions checking signatures and brand
   account
 - spread: opt into unsafe IO during spread tests
 - snap-repair: update snap-repair/runner_test.go for API change in
   makeMockServer
 - cmd/snap-repair: skeleton code around actually running a repair
 - tests: wait until the port is listening after start the fake store
 - corecfg: fix typo in tests
 - cmd/snap-repair: test that redirects works during fetching
 - osutil: honor SNAPD_UNSAFE_IO for testing
 - vendor: explode and make more precise our golang.go/x/crypto deps,
   use same version as Debian unstable
 - many: sanitize NewStoreStack signature, have shared default store
   test private keys
 - systemd: disable `Nice=-5` to fix error when running inside lxd
 - spread.yaml: update delta ref to 2.27
 - cmd/snap-repair: use E-Tags when refetching a repair to retry
 - interfaces/many: updates based on chromium and mrrescue denials
 - cmd/snap-repair: implement most logic to get the next repair to
   run/retry in a brand sequence
 - asserts/assertstest: copy headers in SigningDB.Sign
 - interfaces: convert uhid to common interface and test cases
   improvement for time_control and opengl
 - many tests: move all panicing fake store methods to a common place
 - asserts: add store assertion type
 - interfaces: don't crash if content slot has no attributes
 - debian: do not build with -buildmode=pie on i386
 - wrappers: symlink completion snippets when symlinking binaries
 - tests: adding more debug information for the interfaces-cups-
   control …
 - apparmor: pass --quiet to parser on load unless SNAPD_DEBUG is set
 - many: allow and support serials signed by the 'generic' authority
   instead of the brand
 - corecfg: add proxy configuration via `snap set core
   proxy.{http,https,ftp}=...`
 - interfaces: a bunch of interfaces test improvement
 - tests: enable regression and completion suites for opensuse
 - tests: installing snapd for nested test suite
 - interfaces: convert lxd_support to common iface
 - interfaces: add missing test for camera interface.
 - snap: add support for parsing snap layout section
 - cmd/snap-repair: like for downloads we cannot have a timeout (at
   least for now), less aggressive retry strategies
 - overlord: rely on more conservative ensure interval
 - overlord,store: no piles of return args for methods gathering
   device session request params
 - overlord,store: send model assertion when setting up device
   sessions
 - interfaces/misc: updates for unity7/x11, browser-
   support, network-control and mount-observe
   interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
   interfaces/browser-support: update sysfs reads for
   newer browser versions, interfaces/network-control: rw for
   ieee80211 advanced wireless interfaces/mount-observe: allow read
   on sysfs entries for block devices
 - tests: use dnf --refresh install to avert stale cache
 - osutil: ensure TestLockUnlockWorks uses supported flock
 - interfaces: convert lxd to common iface
 - tests: restart snapd to ensure re-exec settings are applied
 - tests: fix interfaces-cups-control test
 - interfaces: improve and tweak bunch of interfaces test cases.
 - tests: adding extra worker for fedora
 - asserts,overlord/devicestate: support predefined assertions that
   don't establish foundational trust
 - interfaces: convert two hardware_random interfaces to common iface
 - interfaces: convert io_ports_control to common iface
 - tests: fix for  upgrade test on fedora
 - daemon, client, cmd/snap: implement snap start/stop/restart
 - cmd/snap-confine: set _FILE_OFFSET_BITS to 64
 - interfaces: covert framebuffer to commonInterface
 - interfaces: convert joystick to common iface
 - interfaces/builtin: add the spi interface
 - wrappers, overlord/snapstate/backend: make link-snap clean up on
   failure.
 - interfaces/wayland: add wayland interface
 - interfaces: convert kvm to common iface
 - tests: extend upower-observe test to cover snaps providing slots
 - tests: enable main suite for opensuse
 - interfaces: convert physical_memory_observe to common iface
 - interfaces: add missing test for optical_drive interface.
 - interfaces: convert physical_memory_control to common iface
 - interfaces: convert ppp to common iface
 - interfaces: convert time-control to common iface
 - tests: fix failover test
 - interfaces/builtin: rework for avahi interface
 - interfaces: convert broadcom-asic-control to common iface
 - snap/snapenv: document the use of CoreSnapMountDir for SNAP
 - packaging/arch: drop patches merged into master
 - cmd: fix mustUnsetenv docstring (thanks to Chipaca)
 - release: remove default from VERSION_ID
 - tests: enable regression, upgrade and completion test suites for
   fedora
 - tests: restore interfaces-account-control properly
 - overlord/devicestate, store: update device auth endpoints URLs
 - tests: fix install-hook test failure
 - tests: download core and ubuntu-core at most once
 - interfaces: add common support for udev
 - overlord/devicestate: fix, don't assume that the serial is backed
   by a 1-key chain
 - cmd/snap-confine: don't share /etc/nsswitch from host
 - store: do not resume a download when we already have the whole
   thing
 - many: implement "snap logs"
 - store: don't call useDeltas() twice in quick succession
 - interfaces/builtin: add kvm interface
 - snap/snapenv: always expect /snap for $SNAP
 - cmd: mark arch as non-reexecing distro
 - cmd: fix tests that assume /snap mount
 - gitignore: ignore more build artefacts
 - packaging: add current arch packaging
 - interfaces/unity7: allow receiving media key events in (at least)
   gnome-shell
 - interfaces/many, cmd/snap-confine: miscellaneous policy updates
 - interfaces/builtin: implement broadcom-asic-control interface
 - interfaces/builtin: reduce duplication and remove cruft in
   Sanitize{Plug,Slot}
 - tests: apply underscore convention for SNAPMOUNTDIR variable
 - interfaces/greengrass-support: adjust accesses now that have
   working snap
 - daemon, client, cmd/snap: implement "snap services"
 - tests: fix refresh tests not stopping fake store for fedora
 - many: add the interface command
 - overlord/snapstate/backend: some copydata improvements
 - many: support querying and completing assertion type names
 - interfaces/builtin: discard empty Validate{Plug,Slot}
 - cmd/snap-repair:  start of Runner, implement first pass of Peek
   and Fetch
 - tests: enable main suite on fedora
 - snap: do not always quote the snap info summary
 - vendor: update go-flags to address crash in "snap debug"
 - interfaces: opengl support pci device and vendor
 - many: start implenting "base" snap type on the snapd side
 - arch,release: map armv6 correctly
 - many: expose service status in 'snap info'
 - tests: add browser-support interface test
 - tests: disable snapd-notify for the external backend
 - interfaces: Add /run/uuid/request to openvswitch
 - interfaces: add password-manager-service implicit classic
   interface
 - cmd: rework reexec detection
 - cmd: fix re-exec bug when starting from snapd 2.21
 - tests: dependency packages installed during prepare-project
 - tests: remove unneeded check for re-exec in InternalToolPath()
 - cmd,tests: fix classic confinement confusing re-execution code
 - store: configurable base api
 - tests: fix how package lists are updated for opensuse and fedora

* Sun Sep 10 2017 Neal Gompa <ngompa13@gmail.com> - 2.27.6-1
- Release 2.27.6 to Fedora (RH#1489437)

* Thu Sep 07 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.27.6
  - interfaces: add udev netlink support to hardware-observe
  - interfaces/network-{control,observe}: allow receiving
    kobject_uevent() messages

* Mon Sep 04 2017 Neal Gompa <ngompa13@gmail.com> - 2.27.5-1
- Release 2.27.5 to Fedora (RH#1483177)
- Backport userd from upstream to support xdg-open

* Wed Aug 30 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.27.5
  - interfaces: fix network-manager plug regression
  - hooks: do not error when hook handler is not registered
  - interfaces/alsa,pulseaudio: allow read on udev data for sound
  - interfaces/optical-drive: read access to udev data for /dev/scd*
  - interfaces/browser-support: read on /proc/vmstat and misc udev
    data

* Thu Aug 24 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.27.4
  - snap-seccomp: add secondary arch for unrestricted snaps as well

* Fri Aug 18 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.27.3
  - systemd: disable `Nice=-5` to fix error when running inside lxdSee
    https://bugs.launchpad.net/snapd/+bug/1709536

* Wed Aug 16 2017 Neal Gompa <ngompa13@gmail.com> - 2.27.2-2
- Bump to rebuild for F27 and Rawhide

* Wed Aug 16 2017 Neal Gompa <ngompa13@gmail.com> - 2.27.2-1
- Release 2.27.2 to Fedora (RH#1482173)

* Wed Aug 16 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.27.2
 - tests: remove TestInterfacesHelp as it breaks when go-flags
   changes
 - interfaces: don't crash if content slot has no attributes
 - debian: do not build with -buildmode=pie on i386
 - interfaces: backport broadcom-asic-control interface
 - interfaces: allow /usr/bin/xdg-open in unity7
 - store: do not resume a download when we already have the whole
   thing

* Mon Aug 14 2017 Neal Gompa <ngompa13@gmail.com> - 2.27.1-1
- Release 2.27.1 to Fedora (RH#1481247)

* Mon Aug 14 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.27.1
 - tests: use dnf --refresh install to avert stale cache
 - tests: fix test failure on 14.04 due to old version of
   flock
 - updates for unity7/x11, browser-support, network-control,
   mount-observe
 - interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
 - interfaces/browser-support: update sysfs reads for
   newer browser versions
 - interfaces/network-control: rw for ieee80211 advanced wireless
 - interfaces/mount-observe: allow read on sysfs entries for block
   devices

* Thu Aug 10 2017 Neal Gompa <ngompa13@gmail.com> - 2.27-1
- Release 2.27 to Fedora (RH#1458086)

* Thu Aug 10 2017 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.27
 - fix build failure on 32bit fedora
 - interfaces: add password-manager-service implicit classic interface
 - interfaces/greengrass-support: adjust accesses now that have working
   snap
 - interfaces/many, cmd/snap-confine: miscellaneous policy updates
 - interfaces/unity7: allow receiving media key events in (at least)
   gnome-shell
 - cmd: fix re-exec bug when starting from snapd 2.21
 - tests: restore interfaces-account-control properly
 - cmd: fix tests that assume /snap mount
 - cmd: mark arch as non-reexecing distro
 - snap-confine: don't share /etc/nsswitch from host
 - store: talk to api.snapcraft.io for purchases
 - hooks: support for install and remove hooks
 - packaging: fix Fedora support
 - tests: add bluetooth-control interface test
 - store: talk to api.snapcraft.io for assertions
 - tests: remove snapd before building from branch
 - tests: add avahi-observe interface test
 - store: orders API now checks if customer is ready
 - cmd/snap: snap find only searches stable
 - interfaces: updates default, mir, optical-observe, system-observe,
   screen-inhibit-control and unity7
 - tests: speedup prepare statement part 1
 - store: do not send empty refresh requests
 - asserts: fix error handling in snap-developer consistency check
 - systemd: add explicit sync to snapd.core-fixup.sh
 - snapd: generate snap cookies on startup
 - cmd,client,daemon: expose "force devmode" in sysinfo
 - many: introduce and use strutil.ListContains and also
   strutil.SortedListContains
 - assserts,overlord/assertstate: test we don't accept chains of
   assertions founded on a self-signed key coming externally
 - interfaces: enable access to bridge settings
 - interfaces: fix copy-pasted iio vs io in io-ports-control
 - cmd/snap-confine: various small fixes and tweaks to seccomp
   support code
 - interfaces: bring back seccomp argument filtering
 - systemd, osutil: rework systemd logs in preparation for services
   commands
 - tests: store /etc/systemd/system/snap-*core*.mount in snapd-
   state.tar.gz
 - tests: shellcheck improvements for tests/main tasks - first set of
   tests
 - cmd/snap: `--last` for abort and watch, and aliases
   (search→find, change→tasks)
 - tests: shellcheck improvements for tests/lib scripts
 - tests: create ramdisk if it's not present
 - tests: shellcheck improvements for nightly upgrade and regressions
   tests
 - snapd: fix for snapctl get panic on null config values.
 - tests: fix for rng-tools service not restarting
 - systemd: add snapd.core-fixup.service unit
 - cmd: avoid using current symlink in InternalToolPath
 - tests: fix timeout issue for test refresh core with hanging …
 - intefaces: control bridged vlan/ppoe-tagged traffic
 - cmd/snap: include snap type in notes
 - overlord/state: Abort() only visits each task once
 - tests: extend find-private test to cover more cases
 - snap-seccomp: skip socket() tests on systems that use socketcall()
   instead of socket()
 - many: support snap title as localized/title-cased name
 - snap-seccomp: deal with mknod on aarch64 in the seccomp tests
 - interfaces: put base policy fragments inside each interface
 - asserts: introduce NewDecoderWithTypeMaxBodySize
 - tests: fix snapd-notify when it takes more time to restart
 - snap-seccomp: fix snap-seccomp tests in artful
 - tests: fix for create-key task to avoid rng-tools service ramains
   alive
 - snap-seccomp: make sure snap-seccomp writes the bpf file
   atomically
 - tests: do not disable ipv6 on core systems
 - arch: the kernel architecture name is armv7l instead of armv7
 - snap-confine: ensure snap-confine waits some seconds for seccomp
   security profiles
 - tests: shellcheck improvements for tests/nested tasks
 - wrappers: add SyslogIdentifier to the service unit files.
 - tests: shellcheck improvements for unit tasks
 - asserts: implement FindManyTrusted as well
 - asserts: open up and optimize Encoder to help avoiding unnecessary
   copying
 - interfaces: simplify snap-confine by just loading pre-generated
   bpf code
 - tests: restart rng-tools services after few seconds
 - interfaces, tests: add mising dbus abstraction to system-observe
   and extend spread test
 - store: change main store host to api.snapcraft.io
 - overlord/cmdstate: new package for running commands as tasks.
 - spread: help libapt resolve installing libudev-dev
 - tests: show the IP from .travis.yaml
 - tests/main: use pkgdb function in more test cases
 - cmd,daemon: add debug command for displaying the base policy
 - tests: prevent quoting error on opensuse
 - tests: fix nightly suite
 - tests: add linode-sru backend
 - snap-confine: validate SNAP_NAME against security tag
 - tests: fix ipv6 disable for ubuntu-core
 - tests: extend core-revert test to cover bluez issues
 - interfaces/greengrass-support: add support for Amazon Greengrass
   as a snap
 - asserts: support timestamp and optional disabled header on repair
 - tests: reboot after upgrading to snapd on the -proposed pocket
 - many: fix test cases to work with different DistroLibExecDir
 - tests: reenable help test on ubuntu and debian systems
 - packaging/{opensuse,fedora}: allow package build with testkeys
   included
 - tests/lib: generalize RPM build support
 - interfaces/builtin: sync connected slot and permanent slot snippet
 - tests: fix snap create-key by restarting automatically rng-tools
 - many: switch to use http numeric statuses as agreed
 - debian: add missing  Type=notify in 14.04 packaging
 - tests: mark interfaces-openvswitch as manual due to prepare errors
 - debian: unify built_using between the 14.04 and 16.04 packaging
   branch
 - tests: pull from urandom when real entropy is not enough
 - tests/main/manpages: install missing man package
 - tests: add refresh --time output check
 - debian: add missing "make -C data/systemd clean"
 - tests: fix for upgrade test when it is repeated
 - tests/main: use dir abstraction in a few more test cases
 - tests/main: check for confinement in a few more interface tests
 - spread: add fedora snap bin dir to global PATH
 - tests: check that locale-control is not present on core
 - many: snapctl outside hooks
 - tests: add whoami check
 - interfaces: compose the base declaration from interfaces
 - tests: fix spread flaky tests linode
 - tests,packaging: add package build support for openSUSE
 - many: slight improvement of some snap error messaging
 - errtracker: Include /etc/apparmor.d/usr.lib.snap-confine md5sum in
   err reports
 - tests: fix for the test postrm-purge
 - tests: restoring the /etc/environment and service units config for
   each test
 - daemon: make snapd a "Type=notify" daemon and notify when startup
   is done
 - cmd/snap-confine: add support for --base snap
 - many: derive implicit slots from interface meta-data
 - tests: add core revert test
 - tests,packaging: add package build support for Fedora for our
   spread setup
 - interfaces: move base declaration to the policy sub-package
 - tests: fix for snapd-reexec test cheking for restart info on debug
   log
 - tests: show available entropy on error
 - tests: clean journalctl logs on trusty
 - tests: fix econnreset on staging
 - tests: modify core before calling set
 - tests: add snap-confine privilege test
 - tests: add staging snap-id
 - interfaces/builtin: silence ptrace denial for network-manager
 - tests: add alsa interface spread test
 - tests: prefer ipv4 over ipv6
 - tests: fix for econnreset test checking that the download already
   started
 - httputil,store: extract retry code to httputil, reorg usages
 - errtracker: report if snapd did re-execute itself
 - errtracker: include bits of snap-confine apparmor profile
 - tests: take into account staging snap-ids for snap-info
 - cmd: add stub new snap-repair command and add timer
 - many: stop "snap refresh $x --channel invalid" from working
 - interfaces: revert "interfaces: re-add reverted ioctl and quotactl
 - snapstate: consider connect/disconnect tasks in
   CheckChangeConflict.
 - interfaces: disable "mknod |N" in the default seccomp template
   again
 - interfaces,overlord/ifacestate: make sure installing slots after
   plugs works similarly to plugs after slots
 - interfaces/seccomp: add bind() syscall for forced-devmode systems
 - packaging/fedora: Sync packaging from Fedora Dist-Git
 - tests: move static and unit tests to spread task
 - many: error types should be called FooError, not ErrFoo.
 - partition: add directory sync to the save uboot.env file code
 - cmd: test everything (100% coverage \o/)
 - many: make shell scripts shellcheck-clean
 - tests: remove additional setup for docker on core
 - interfaces: add summary to each interface
 - many: remove interface meta-data from list of connections
 - logger (& many more, to accommodate): drop explicit syslog.
 - packaging: import packaging bits for opensuse
 - snapstate,many: implement snap install --unaliased
 - tests/lib: abstract build dependency installation a bit more
 - interfaces, osutil: move flock code from interfaces/mount to
   osutil
 - cmd: auto import assertions only from ext4,vfat file systems
 - many: refactor in preparation for 'snap start'
 - overlord/snapstate: have an explicit code path last-refresh
   unset/zero => immediately refresh try
 - tests: fixes for executions using the staging store
 - tests: use pollinate to seed the rng
 - cmd/snap,tests: show the sha3-384 of the snap for snap info
   --verbose SNAP-FILE
 - asserts: simplify and adjust repair assertion definition
 - cmd/snap,tests: show the snap id if available in snap info
 - daemon,overlord/auth: store from model assertion wins
 - cmd/snap,tests/main: add confinement switch instead of spread
   system blacklisting
 - many: cleanup MockCommands and don't leave a process around after
   hookstate tests
 - tests: update listing test to the core version number schema
 - interfaces: allow snaps to use the timedatectl utility
 - packaging: Add Fedora packaging files
 - tests/libs: add distro_auto_remove_packages function
 - cmd/snap: correct devmode note for anomalous state
 - tests/main/snap-info: use proper pkgdb functions to install distro
   packages
 - tests/lib: use mktemp instead of tempfile to work cross-distro
 - tests: abstract common dirs which differ on distributions
 - many: model and expose interface meta-data.
 - overlord: make config defaults from gadget work also at first boot
 - interfaces/log-observe: allow using journalctl from hostfs for
   classic distro
 - partition,snap: add support for android boot
 - errtracker: small simplification around readMachineID
 - snap-confine: move rm_rf_tmp to test-utils.
 - tests/lib: introduce pkgdb helper library
 - errtracker: try multiple paths to read machine-id
 - overlord/hooks: make sure only one hook for given snap is executed
   at a time.
 - cmd/snap-confine: use SNAP_MOUNT_DIR to setup /snap inside the
   confinement env
 - tests: bump kill-timeout and remove quiet call on build
 - tests/lib/snaps: add a test store snap with a passthrough
   configure hook
 - daemon: teach the daemon to wait on active connections when
   shutting down
 - tests: remove unit tests task
 - tests/main/completion: source from /usr/share/bash-completion
 - assertions: add "repair" assertion
 - interfaces/seccomp: document Backend.NewSpecification
 - wrappers: make StartSnapServices cleanup any services that were
   added if a later one fails
 - overlord/snapstate: avoid creating command aliases for daemons
 - vendor: remove unused packages
 - vendor,partition: fix panics from uenv
 - cmd,interfaces/mount: run snap-update-ns and snap-discard-ns from
   core if possible
 - daemon: do not allow to install ubuntu-core anymore
 - wrappers: service start/stop were inconsistent
 - tests: fix failing tests (snap core version, syslog changes)
 - cmd/snap-update-ns: add actual implementation
 - tests: improve entropy also for ubuntu
 - cmd/snap-confine: use /etc/ssl from the core snap
 - wrappers: don't convert between []byte and string needlessly.
 - hooks: default timeout
 - overlord/snapstate: Enable() was ignoring the flags from the
   snap's state, resulting in losing "devmode" on disable/enable.
 - difs,interfaces/mount: add support for locking namespaces
 - interfaces/mount: keep track of kept mount entries
 - tests/main: move a bunch of greps over to MATCH
 - interfaces/builtin: make all interfaces private
 - interfaces/mount: spell unmount correctly
 - tests: allow 16-X.Y.Z version of core snap
 - the timezone_control interface only allows changing /etc/timezone
   and /etc/writable/timezone. systemd-timedated also updated the
   link of /etc/localtime and /etc/writable/localtime ... allow
   access to this file too
 - cmd/snap-confine: aggregate operations holding global lock
 - api, ifacestate: resolve disconnect early
 - interfaces/builtin: ensure we don't register interfaces twice

* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.26.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.26.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Thu May 25 2017 Neal Gompa <ngompa13@gmail.com> - 2.26.3-3
- Cover even more stuff for proper erasure on final uninstall (RH#1444422)

* Sun May 21 2017 Neal Gompa <ngompa13@gmail.com> - 2.26.3-2
- Fix error in script for removing Snappy content (RH#1444422)
- Adjust changelog bug references to be specific on origin

* Wed May 17 2017 Neal Gompa <ngompa13@gmail.com> - 2.26.3-1
- Update to snapd 2.26.3
- Drop merged and unused patches
- Cover more Snappy content for proper erasure on final uninstall (RH#1444422)
- Add temporary fix to ensure generated seccomp profiles don't break snapctl

* Mon May 01 2017 Neal Gompa <ngompa13@gmail.com> - 2.25-1
- Update to snapd 2.25
- Ensure all Snappy content is gone on final uninstall (RH#1444422)

* Tue Apr 11 2017 Neal Gompa <ngompa13@gmail.com> - 2.24-1
- Update to snapd 2.24
- Drop merged patches
- Install snap bash completion and snapd info file

* Wed Apr 05 2017 Neal Gompa <ngompa13@gmail.com> - 2.23.6-4
- Test if snapd socket and timer enabled and start them if enabled on install

* Sat Apr 01 2017 Neal Gompa <ngompa13@gmail.com> - 2.23.6-3
- Fix profile.d generation so that vars aren't expanded in package build

* Fri Mar 31 2017 Neal Gompa <ngompa13@gmail.com> - 2.23.6-2
- Fix the overlapping file conflicts between snapd and snap-confine
- Rework package descriptions slightly

* Thu Mar 30 2017 Neal Gompa <ngompa13@gmail.com> - 2.23.6-1
- Rebase to snapd 2.23.6
- Rediff patches
- Re-enable seccomp
- Fix building snap-confine on 32-bit arches
- Set ExclusiveArch based on upstream supported arch list

* Wed Mar 29 2017 Neal Gompa <ngompa13@gmail.com> - 2.23.5-1
- Rebase to snapd 2.23.5
- Disable seccomp temporarily avoid snap-confine bugs (LP#1674193)
- Use vendorized build for non-Fedora

* Mon Mar 13 2017 Neal Gompa <ngompa13@gmail.com> - 2.23.1-1
- Rebase to snapd 2.23.1
- Add support for vendored tarball for non-Fedora targets
- Use merged in SELinux policy module

* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Wed Oct 19 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.16-1
- New upstream release

* Tue Oct 18 2016 Neal Gompa <ngompa13@gmail.com> - 2.14-2
- Add SELinux policy module subpackage

* Tue Aug 30 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.14-1
- New upstream release

* Tue Aug 23 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.13-1
- New upstream release

* Thu Aug 18 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.12-2
- Correct license identifier

* Thu Aug 18 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.12-1
- New upstream release

* Thu Aug 18 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.11-8
- Add %%dir entries for various snapd directories
- Tweak Source0 URL

* Tue Aug 16 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.11-7
- Disable snapd re-exec feature by default

* Tue Aug 16 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.11-6
- Don't auto-start snapd.socket and snapd.refresh.timer

* Tue Aug 16 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.11-5
- Don't touch snapd state on removal

* Tue Aug 16 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.11-4
- Use ExecStartPre to load squashfs.ko before snapd starts
- Use dedicated systemd units for Fedora

* Tue Aug 16 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.11-3
- Remove systemd preset (will be requested separately according to distribution
  standards).

* Tue Aug 16 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.11-2
- Use Requires: kmod(squashfs.ko) instead of Requires: kernel-modules

* Tue Aug 16 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.11-1
- New upstream release
- Move private executables to /usr/libexec/snapd/

* Fri Jun 24 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.0.9-2
- Depend on kernel-modules to ensure that squashfs can be loaded. Load it afer
  installing the package. This hopefully fixes
  https://github.com/zyga/snapcore-fedora/issues/2

* Fri Jun 17 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.0.9
- New upstream release
  https://github.com/snapcore/snapd/releases/tag/2.0.9

* Tue Jun 14 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.0.8.1
- New upstream release

* Fri Jun 10 2016 Zygmunt Krynicki <me@zygoon.pl> - 2.0.8
- First package for Fedora