[SRU] Dependency on snap-confine too weak

Bug #1634236 reported by Michael Vogt on 2016-10-17
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
snapd (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Yakkety
Undecided
Unassigned

Bug Description

Trivial SRU of snapd that adds a missing versioned dependency for snap-confine to snapd.

It turns out there is a regression because of this if:
- you use an armhf architecture
- snapd 2.16
- snap-confine < 1.0.43

The reason is that with snapd 2.16 we use the "snap run" to start applications. This is a command written in go. On armhf the auxv vector content is critical for successfully running go commands.
But apparmor cleans that by default because it might be dangerous.
On snap-confine 1.0.43 we added an apparmor rule to relax this.

TEST CASE:
- install snapd 2.16 on an armhf/classic system (e.g. pi2)
- make sure you have snap-confine from xenial (not from xenial-updates): 1.0.38
- snap install hello
- run "hello" and verify it does not run
- install snap-confine from xenial-updates (1.0.43)
- verify that "hello" does run now

Michael Vogt (mvo) on 2016-10-17
summary: - [SRU] 2.16.1
+ [SRU] Dependency on snap-confine too weak
Michael Vogt (mvo) on 2016-10-17
description: updated
description: updated
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in snapd (Ubuntu Xenial):
status: New → Confirmed
Changed in snapd (Ubuntu):
status: New → Confirmed
John Agosta (jagosta) wrote :

can you provide an ETA for when this will be pushed as a proposed SRU?

Hello Michael, or anyone else affected,

Accepted snapd into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.16+16.10ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in snapd (Ubuntu Yakkety):
status: Confirmed → Fix Committed
tags: added: verification-needed
Andy Whitcroft (apw) wrote :

Hello Michael, or anyone else affected,

Accepted snapd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.16ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in snapd (Ubuntu Xenial):
status: Confirmed → Fix Committed
gerald.yang (gerald-yang-tw) wrote :

Hello Michael,

The new snapd in proposed updates the dependency of ubuntu-core-launcher, but not snap-confine,
I just upgraded snapd, but the snap-confine is still the old version (1.0.38-0ubuntu0.16.04.4),
only ubuntu-core-launcher is upgraded to the latest one (1.0.43-0ubuntu1~16.04.1),
could you please help to check the dependency? thanks.

Andy Whitcroft (apw) wrote :

Hello Michael, or anyone else affected,

Accepted snapd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.16ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Andy Whitcroft (apw) wrote :

Hello Michael, or anyone else affected,

Accepted snapd into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.16+16.10ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Andy Whitcroft (apw) wrote :

Hello Michael, or anyone else affected,

Accepted snapd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.16ubuntu3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

gerald.yang (gerald-yang-tw) wrote :

Verified pass, the new snapd (2.16ubuntu3) depends on the right version of snap-confine (>= 1.0.43).
Thanks

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package snapd - 2.16ubuntu3

---------------
snapd (2.16ubuntu3) xenial; urgency=medium

  * debian/control:
    - also add a dependency to "snap-confine" to unbreak armhf
      (LP: #1634236)

snapd (2.16ubuntu2) xenial; urgency=medium

  * fix FTBFS on powerpc by ensuring that share/ is available
    in the source tree

snapd (2.16ubuntu1) xenial; urgency=medium

  * debian/control:
    - fix version dependency of ubuntu-core-launcher to unbreak armhf
      (LP: #1634236)

 -- Michael Vogt <email address hidden> Tue, 18 Oct 2016 20:27:50 +0200

Changed in snapd (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for snapd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package snapd - 2.16+16.10ubuntu1.2

---------------
snapd (2.16+16.10ubuntu1.2) yakkety; urgency=medium

  * debian/control:
     - also add a dependency to "snap-confine" to unbreak armhf
       (LP: #1634236)

 -- Michael Vogt <email address hidden> Tue, 18 Oct 2016 20:29:56 +0200

Changed in snapd (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Michael Vogt (mvo) on 2016-11-17
Changed in snapd (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers