[SRU] 2.67.1

Bug #2089691 reported by Ernest Lotter
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd (Ubuntu)
Status tracked in Plucky
Focal
Triaged
Undecided
Unassigned
Jammy
Triaged
Undecided
Unassigned
Noble
Triaged
Undecided
Unassigned
Oracular
Triaged
Undecided
Unassigned
Plucky
Fix Released
Undecided
Unassigned

Bug Description

===============================
This is an SRU for Snapd 2.67.1
===============================

This SRU started out as Snapd 2.67, but the follow-up bug fix release Snapd 2.67.1 is now available and should supersede 2.67 to speed up delivery of the best performing version.

The Snapd package qualifies as a SRU special case, https://wiki.ubuntu.com/StableReleaseUpdates#Snapd, that was approved by Steve Langasek for the SRU Team on 2016-05-12.

Release preparation:
---------------------------------
Release branch preparation: https://github.com/canonical/snapd/pull/14928
Release notes: https://github.com/canonical/snapd/pull/14928/commits/81254bd2a22a96a998e0edf314a552fbec9afd99

Lauchpad bugs addressed: https://bugs.launchpad.net/snapd/+milestone/2.67.1 (1 bug)
Launchpad bugs impact & test plans:
 - https://bugs.launchpad.net/snapd/+bug/2090938

The release notes are generated from the list of all PRs that went into the release: https://github.com/canonical/snapd/pull/14928#issue-2789015225

Release Validation:
-----------------------------
Release branch test results: https://github.com/canonical/snapd/actions/runs/12796107367
QA Beta validation Jira ticket: https://warthogs.atlassian.net/browse/SNAPDENG-34384 (covers amd64, arm64)
Cert testing: https://test-observer.canonical.com/#/snaps/79518 (requires VPN) (covers amd64, armhf, arm64)
QA Deb testing on proposed: Deb testing will run on -proposed and update will be provided (covers amd64, arm64)

Release source packages on `ppa:snappy-dev/image`:
---------------------------------------
Plucky: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+sourcepub/16875662/+listing-archive-extra
Oracular: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+sourcepub/16931977/+listing-archive-extra
Noble: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+sourcepub/16875661/+listing-archive-extra
Jammy: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+sourcepub/16875660/+listing-archive-extra
Focal: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+sourcepub/16875670/+listing-archive-extra

All: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+packages?field.name_filter=snapd&field.status_filter=&field.series_filter=

Release source packages on `ppa:ernestl/snapd2` (added LP: #<number> to changelogs):
---------------------------------------
Plucky: https://launchpad.net/~ernestl/+archive/ubuntu/snapd2/+sourcepub/16955830/+listing-archive-extra
Oracular: https://launchpad.net/~ernestl/+archive/ubuntu/snapd2/+sourcepub/16955831/+listing-archive-extra
Noble: https://launchpad.net/~ernestl/+archive/ubuntu/snapd2/+sourcepub/16955832/+listing-archive-extra
Jammy: https://launchpad.net/~ernestl/+archive/ubuntu/snapd2/+sourcepub/16955833/+listing-archive-extra
Focal: https://launchpad.net/~ernestl/+archive/ubuntu/snapd2/+sourcepub/16955834/+listing-archive-extra

All: https://launchpad.net/~ernestl/+archive/ubuntu/snapd2/+packages

---original---

===============================
This is an SRU for Snapd 2.67.
===============================

The Snapd package qualifies as a SRU special case, https://wiki.ubuntu.com/StableReleaseUpdates#Snapd, that was approved by Steve Langasek for the SRU Team on 2016-05-12.

Release preparation:
---------------------------------
Release branch preparation: https://github.com/canonical/snapd/pull/14767
Release branch test results: https://github.com/canonical/snapd/actions/runs/12128100458/job/33852458682
Release notes: https://github.com/canonical/snapd/pull/14767/commits/68391b28497d009bf392ddd32dc63c640c516208

Lauchpad bugs addressed: https://bugs.launchpad.net/snapd/+milestone/2.67 (4 bugs)
Launchpad bugs impact & test plans:
 - https://bugs.launchpad.net/snapd/+bug/2083961
 - https://bugs.launchpad.net/snapd/+bug/2084730
 - https://bugs.launchpad.net/snapd/+bug/2085535
 - https://bugs.launchpad.net/snapd/+bug/2086203

The release notes are generated from the list of all PRs that went into the release: https://docs.google.com/spreadsheets/d/e/2PACX-1vTGHTnnYZqn58mXbmwT3EHU1NytboshmCPwuUi6p3R2PG4wIL1-Bs0kPivsggsP7d4rN3OXJklm2_u1/pubhtml?gid=0&single=true

Excluded from release notes:
- Test improvements
- Internal changes (no external impact)

Release Validation:
-----------------------------
Release branch test results: https://github.com/canonical/snapd/actions/runs/12128100458/job/33852458682
QA Beta validation Jira ticket: https://warthogs.atlassian.net/browse/SNAPDENG-34275 (covers amd64, arm64)
Cert testing: https://test-observer.canonical.com/#/snaps/75920 (requires VPN)(covers amd64, armhf, arm64)
QA Deb testing on proposed: Deb testing will run on -proposed and update will be provided (covers amd64, arm64)

Release source packages on `ppa:snappy-dev/image`:
---------------------------------------
Plucky: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+sourcepub/16664724/+listing-archive-extra
Oracular: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+sourcepub/16664722/+listing-archive-extra
Noble: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+sourcepub/16664720/+listing-archive-extra
Jammy: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+sourcepub/16664718/+listing-archive-extra
Focal: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+sourcepub/16664717/+listing-archive-extra

All: https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+packages?field.name_filter=snapd&field.status_filter=&field.series_filter=

Release source packages on `ppa:ernestl/snapd` (added LP: #<number> to changelogs):
---------------------------------------
Plucky: https://launchpad.net/~ernestl/+archive/ubuntu/snapd/+sourcepub/16932217/+listing-archive-extra
Oracular: https://launchpad.net/~ernestl/+archive/ubuntu/snapd/+sourcepub/16932216/+listing-archive-extra
Noble: https://launchpad.net/~ernestl/+archive/ubuntu/snapd/+sourcepub/16932212/+listing-archive-extra
Jammy: https://launchpad.net/~ernestl/+archive/ubuntu/snapd/+sourcepub/16932211/+listing-archive-extra
Focal: https://launchpad.net/~ernestl/+archive/ubuntu/snapd/+sourcepub/16932210/+listing-archive-extra

All: https://launchpad.net/~ernestl/+archive/ubuntu/snapd/+packages?field.name_filter=&field.status_filter=&field.series_filter=

Release targets:
-------------------------
This release targets: Focal, Jammy, Noble, Oracular, Plucky

Ernest Lotter (ernestl)
description: updated
Ernest Lotter (ernestl)
description: updated
description: updated
Revision history for this message
Christian Ehrhardt (paelzer) wrote :
Download full text (9.0 KiB)

I was reviewing the proposed upload against the admittedly outdated exception.
While I highly appreciate that the exception is being reworked, and getting
much more complete, and removing old cruft - I agree that in the short term for
the current upload we might want to go by the old exception to not stall even
more.

To make sense of all of it I sat together with Ernest as by chance due to my
sprinting he has been nearby. We have been cross Q&A-ing all kind of details,
to ensure the testing today is equal or better (usually it is the latter) to
what the original exception required.

We also discussed about the general stance of long term stability of behavior,
which I gladly learned is part of their team's approach anyway. There can always
be issues, but at least they are conceptually far away from any "just add things"
thinking.

We've dived into the testing that is done and I appreciate outlining so much
in the bug description - looking forward to the new exception making this line
up well. We identified a few weak spots which he took as action to resolve for
the current case as well as for the renewed exception.
While for this upload what is missing will be added manually, but there has been
great agreement like utilizing the autopkgtest more to get better cross arch
coverage and to get better notice of apparmor/system influences. All that will
eventually help to make these uploads more smooth.

All I've found gave me quite good confidence in the general approach, the
coverage they already have and to extend where it is needed to feel truly safe
for an SRU of that scale. What was left and will in the future be part of the
automation and the new SRU exception is listed in the following section which
Ernest will follow up on. As lessons learned from MIR rules, I give them numbers
so he can refer to them when providing the related info - this is not an order
or priority.

Next I checked the state of the archive, all is at 2.66.1 right now which means
we do not need to look at 2.66 -> 2.67 but only 2.66.1 -> 2.67.

Furthermore together we ensured I understand the sanitazion and mapping from
commits to changelog and to release notes. What they do is actually really great
but hard to follow if you do not know why/how. In the future their process will
provide the artifact (spreadsheet) of that journey so one can more easily follow.

Next I made sure that what I compare in git from https://github.com/snapcore/snapd.git
was comparable to the upload in the PPA. I've confirmed that the only
differences that mattered have been vendoring (in the package, not the repo)
and some dotfiles which are stripped when building the package.

Furthermore I checked if the further vendored code has brought any changes we
also would need to review, but there are none.

With that done I was reviewing the 167 commits, which of which the majority 44%
are tests for those new things or extending existing tests. What is left is an
equal amount of ~14% interface and component code (the actual development) and
about 6% bugfixes. The rest have been smaller features which I'd not list
individually. Those I was not reviewing with a POV of "is this go code nice"
which they hav...

Read more...

Changed in snapd (Ubuntu Focal):
status: New → Triaged
Changed in snapd (Ubuntu Jammy):
status: New → Triaged
Changed in snapd (Ubuntu Oracular):
status: New → Triaged
Changed in snapd (Ubuntu Plucky):
status: New → Triaged
Changed in snapd (Ubuntu Noble):
status: New → Triaged
Ernest Lotter (ernestl)
description: updated
description: updated
Revision history for this message
Christian Ehrhardt (paelzer) wrote :

I verified that the new PPA upload still matched git as before, just with the changes to the changelog - they are. To be sure what it is I'm repacking, singing, yet again comparing the resulting dsc to not accidentally add diff due to e.g. options vs what was in the PPA.
Changelog as-is with Ernest, dsc unsigned, and my signature on the changes file, that is how it should look like IMHO (usually sponsoring from git or debdiff but not from PPA, if there is a process flaw, when for example checking it in -unapproved, let me know).

And with that sponsoring 2.67 to F/J/N/O/P

I see https://launchpad.net/ubuntu/+source/snapd/2.67+25.04 building and the other versions in -unapproved - so all seems to be right.

I hope that:
- all the extra work Ernest has put in while modernizing the SRU exception,
- all the details he added on my request,
- all the further tests I requested yet being open that he and the team will do,
- and the detailed write-up of my checks while sponsoring
shall help to make the SRU review less painful than it would otherwise be for such a big upload.
And gladly the differences between releases is quite close to zero.

Ernest Lotter (ernestl)
description: updated
Revision history for this message
Ernest Lotter (ernestl) wrote (last edit ):

We have 2.67.1 ready and since 2.67 is not yet complete we upgrade this case to track and handle 2.67.1.

description: updated
Ernest Lotter (ernestl)
description: updated
description: updated
Ernest Lotter (ernestl)
description: updated
Revision history for this message
Christian Ehrhardt (paelzer) wrote :

Ok, Ernest
As I mentioned please put that new 2.67.1 content in the bug description.

It adds another requirement to my list which is:

4. Please finalize and report on the Cert testing. You mentioned it is at 94% and expected to be complete on Monday. IMHO and given the SRU old and new exception this needs to be complete before accepting it to -proposed by the SRU team.

I'm rechecking if 2.67.1 matches what I've already looked at in git and will sponsor if it matches.

Ernest Lotter (ernestl)
description: updated
Ernest Lotter (ernestl)
description: updated
summary: - [SRU] 2.67
+ [SRU] 2.67.1
Revision history for this message
Christian Ehrhardt (paelzer) wrote :

Hi Ernest,
content matches to what i reviewed from git, but the changelog is not working.

Problems:
- 2.67 content is only listed for Xenial
- 2.67.1 only has the changes of .1
- LP: #2089691 has two active references - one in 2.67 and 2.67.1 stanza
- The references to the other bugs except the new LP: #2090938 have been lost (missing 2084730 2085535 2086203 2089691)

Since nothing was accepted or migrated yet we can ignore the existence of 2.67 (without .1).
The easiest way is if you could combine the changelog you had for 2.67 per release (with the bug references) and merge it with what you now have per release for 2.67.1.

So it would look like:

snapd (2.67.1+24.10) oracular; urgency=medium

  * New upstream release, LP: #2089691
    ... all changes since 2.66
    ... referencing all individual cases 2090938 missing 2084730 2085535 2086203 2089691

 -- Ernest Lotter

I've put an example what I mean here for you https://dpaste.com/GSXCWW42S

Revision history for this message
Ernest Lotter (ernestl) wrote :

Modified changelogs as discussed, uploaded to https://launchpad.net/~ernestl/+archive/ubuntu/snapd2/+packages

description: updated
Revision history for this message
Christian Ehrhardt (paelzer) wrote :

I, yet again, ensured it matches the git I checked before, and the changelog is now good in regard to my requests - it is.
Sponsoring it with -v 2.66 allows me to get a proper changes file with the 2.67+20.04 + 2.67.1+20.04 entry (or other releases respectively)
I see the main tracker bug referenced, the one new bug in 2.67.1 and the 4 separate bugs for 2.67.

Looks good, sponsoring 2.67.1 over the not yet migrated 2.67 as discussed for plucky and F/J/N/O where it will replace 2.67 in -unapproved.

By now all referenced individual bugs have proper SRU templates - thanks!
That solved my request #3.

Requests #1, #2, #4 are still open.
#4 should be provided before it can be accepted to -proposed by the SRU team - you mentioned you expect Monday to get that done.
And then #1 and #2 before it can be released to -updates.

Ernest Lotter (ernestl)
Changed in snapd (Ubuntu Noble):
milestone: none → ubuntu-24.04.2
Revision history for this message
Ernest Lotter (ernestl) wrote :

Regarding adding milestone `Ubuntu ubuntu-24.04.2` to Noble:

Snapd 2.67.1, which will combine content 2.67 and 2.67.1 as per release notes, includes multiple notable bug fixes that will result in improved user experience. It also contains interface enhancements, wome of which impacting classic systems.

See: https://forum.snapcraft.io/t/snapd-2-67-release-update/44288 and https://forum.snapcraft.io/t/the-snapd-roadmap/1973 (snapd 2.67.1 forum post indicating notable fixes pending...) for an overview.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

The question here is why it must be in 24.04.2, and why not wait for post-24.04.2 as a normal SRU? Is there something that makes you really need it in the installer image for 24.04.2?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

All the packages we want for 24.04.2 are expected to be in noble-updates (not just noble-proposed: they must be in updates already) by Wednesday 5th, 2025, EOD.

Revision history for this message
Ernest Lotter (ernestl) wrote (last edit ):

Hi Andreas, this is just an attempt to a bunch of bug fixes and enhancements in, for the best possible user experience, but nothing that is critical to the installer image.

It is ok if to release it after the image if we do not make it in time, which I think is the most likely scenario here.

Revision history for this message
Ernest Lotter (ernestl) wrote (last edit ):

Snapd 2.67.1 certification testing was completed and approved: https://test-observer.canonical.com/#/snaps/79518

Snapd 2.67.1 LP bug verification complete:
   - https://bugs.launchpad.net/snapd/+bug/2090938 was verified fixed | PASS

(Note this issue only affected snapd snap)

Revision history for this message
Ernest Lotter (ernestl) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.6 KiB)

This bug was fixed in the package snapd - 2.67.1+25.04

---------------
snapd (2.67.1+25.04) plucky; urgency=medium

  * New upstream release, LP: #2089691
    - Fix apparmor permissions to allow snaps access to kernel modules
      and firmware on UC24, which also fixes the kernel-modules-control
      interface on UC24
    - AppArmor prompting (experimental): disallow /./ and /../ in path
      patterns
    - LP: #2090938 Fix 'snap run' getent based user lookup in case of bad PATH
    - Fix snapd using the incorrect AppArmor version during undo of an
      refresh for regenerating snap profiles
    - Add new syscalls to base templates
    - hardware-observe interface: allow riscv_hwprobe syscall
    - mount-observe interface: allow listmount and statmount syscalls

snapd (2.67+25.04) plucky; urgency=medium

    - AppArmor prompting (experimental): allow overlapping rules
    - Registry view (experimental): Changes to registry data (from both
      users and snaps) can be validated and saved by custodian snaps
    - Registry view (experimental): Support 'snapctl get --pristine' to
      read the registry data excluding staged transaction changes
    - Registry view (experimental): Put registry commands behind
      experimental feature flag
    - Components: Make modules shipped/created by kernel-modules
      components available right after reboot
    - Components: Add tab completion for local component files
    - Components: Allow installing snaps and components from local files
      jointly on the CLI
    - Components: Allow 'snapctl model' command for gadget and kernel
      snaps
    - Components: Add 'snap components' command
    - Components: Bug fixes
    - eMMC gadget updates (WIP): add syntax support in gadget.yaml for
      eMMC schema
    - Support for ephemeral recovery mode on hybrid systems
    - Support for dm-verity options in snap-bootstrap
    - Support for overlayfs options and allow empty what argument for
      tmpfs
    - Enable ubuntu-image to determine the size of the disk image to
      create
    - Expose 'snap debug' commands 'validate-seed' and 'seeding'
    - Add debug API option to use dedicated snap socket /run/snapd-
      snap.socket
    - Hide experimental features that are no longer required
      (accepted/rejected)
    - Mount ubuntu-save partition with no{exec,dev,suid} at install, run
      and factory-reset
    - Improve memory controller support with cgroup v2
    - Support ssh socket activation configurations (used by ubuntu
      22.10+)
    - Fix generation of AppArmor profile with incorrect revision during
      multi snap refresh
    - LP: #2084730 Fix refresh app awareness related deadlock edge case
    - Fix not caching delta updated snap download
    - Fix passing non root uid, guid to initial tmpfs mount
    - Fix ignoring snaps in try mode when amending
    - LP: #2083961 Fix reloading of service activation units to avoid systemd errors
    - Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS
      updates PPA
    - Make killing of snap apps best effort to avoid possibility of
      malicious failure loop
    - Alleviate impact of auto-refresh failure loop with progressive
...

Read more...

Changed in snapd (Ubuntu Plucky):
status: Triaged → Fix Released
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I'll review this for noble-proposed, but added a block tag to prevent it from hiting the updates pocket as we can't have such an update in such short notice in the point release. It will unblock the snapd from running tests with noble-proposed at least, so I think it's still a step forward. And it can become a normal SRU after the noble point release.

tags: added: block-proposed-noble
Changed in snapd (Ubuntu Noble):
milestone: ubuntu-24.04.2 → none
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.