2.28 release cycle started

mvo · September 11, 2017, 8:04am

Thanks for finding this issue! There is a 2.28 PR for #3859 (https://github.com/snapcore/snapd/pull/3896) which will definitely go into 2.28. Sorry for the trouble!

jamesh · September 7, 2017, 4:17am

Since most of the polkit work is merged, is there any chance of getting this pushed up to 2.28? It’d be nice to have it ready in time for the Ubuntu 17.10 release, and most of the supporting work has already been landed.

From what I can see, the only remaining question is about the granularity of the polkit action IDs. I think it would be fine to go with things as is if we documented that we might separate out some behaviours into extra action IDs in the future. The vast majority of users are going to be using the policy defaults though, so it is unlikely that this will be an issue.

niemeyer · September 11, 2017, 2:16pm

@jamesh @mvo Moved the question here.

niemeyer · September 12, 2017, 1:10pm

Confirmed, polkit changes are now in 2.28.

mvo · September 13, 2017, 4:59pm

The beta channel got updated to 2.28~rc3 - this includes the polkit from. Thanks to @jamesh for making this happen!

jdstrand · September 18, 2017, 11:02pm

@mvo and @zyga-snapd: it looks like 2.28 regressed regarding udev tagging. I verified today that udev tagging is working correctly in 2.27.6

With 2.28, if I create a snap that connects the opengl interface, I expected to see a file created in /etc/udev/rules.d/70-snap.$SNAPNAME.rules on install (classic distro), but it is not created. If I disconnect and connect it is also not created. Interestingly, if I connect the uhid interface the file is created (but it has its own problems, see below).

diffing opengl.go and uhid.go there is nothing that jumps out as being a problem in opengl.go. If I update interfaces/udev/backend.go Setup() in line 95 to have:

logger.Debugf("JAMIE: snippet=%v", snippet)

then I see in the logs this:

Sep 18 17:20:59 sec-xenial-amd64 snapd[11846]: 2017/09/18 17:20:59.302199 backend.go:69: DEBUG: JAMIE: snippet=

snippet is always empty. There are quite a few levels of indirection to disentangle wrt spec, etc that I didn’t have time to do before EOD, so reporting here in the hopes it is obvious to @zyga-snapd or someone else what the problem is.

The snap I am using is: https://code.launchpad.net/~jdstrand/+git/test-policy-app

Regarding uhid, it looks like it doesn’t have entries in sysfs, so it isn’t getting properly udev tagged. This is a separate issue that needs to be addressed. Perhaps in the same manner I worked around nvidia: https://github.com/snapcore/snapd/pull/3938

jdstrand · September 18, 2017, 11:25pm

Actually, I was working out of master, not the 2.28 branch and assumed 2.28 was affected (in case someone looks at this).

mvo · September 19, 2017, 7:00am

I was not able to reproduce this here with both the release/2.28 nor the master branch. I did the following:

build/run snapd out of the git tree
sudo snap install --dangerous test-policy-app_2.26_all.snap
$ cat /etc/udev/rules.d/70-snap.test-policy-app.rules

In both cases I got a file that looks like this:

# This file is automatically generated.

KERNEL=="sr[0-9]*",  TAG+="snap_test-policy-app_optical-drive"
KERNEL=="scd[0-9]*", TAG+="snap_test-policy-app_optical-drive"


SUBSYSTEM=="drm", KERNEL=="card[0-9]*", TAG+="snap_test-policy-app_opengl"
KERNEL=="nvidia*", TAG+="snap_test-policy-app_opengl"
KERNEL=="vchiq",   TAG+="snap_test-policy-app_opengl"

Do you have any hints what I’m missing?

jdstrand · September 19, 2017, 7:11pm

Yesterday, I used dpkg-buildpackage and installed on 16.04 amd64 classic distro.

Today I tried:

WORKS: snap refresh core --edge in amd64 Ubuntu Core vm
WORKS: copied snapd deb built on xenial to amd64 16.04 classic vm, rebooted
WORKS: copied snapd deb built on xenial to amd64 17.04 classic vm, rebooted
WORKS: copied snapd deb built on xenial to amd64 17.10 classic vm, rebooted

The deb was built in a xenial amd64 schroot with:

$ dch -i # set version to 2.28~jdstrand1 to avoid reexec
$ DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -uc -us

Then I scp’d the resulting binary (../snapd_2.28~jdstrand1_amd64.deb) to the vms, installed and rebooted. Then I ‘snap install hello-world’ before installing test-policy-app with --dangerous.

So, I guess everything is fine. @mvo, sorry for the noise. This is not the first time things didn’t work as expected, but I can’t seem to figure out why. Clearly I am messing something up.

niemeyer · September 19, 2017, 7:28pm

@jdstrand It might be something local in a bad environment, but it might also be some unusual combination of facts that trigger a problem we’d like to see fixed, so thanks for the report, and please keep an eye on it.

jdstrand · September 19, 2017, 7:56pm

I certainly plan to. The fact I don’t know why I saw the issue is bugging me.

cachio · October 2, 2017, 3:03pm

Hello, the 2.28.1 release is on the candidate channel. Please help testing by snap refresh --candidate core and let us know if everything works as expected.

Please, let me know if you find any regression.

Conan_Kudo · October 2, 2017, 3:18pm

Can we please make sure the distro check refactor PR is merged and cherry picked into 2.28? This is necessary for fixing problems related to derivative distributions using snapd in the RH/Fedora ecosystem.

niemeyer · October 5, 2017, 6:19pm

@mvo will confirm, but it’s a bit late to cherry pick things into 2.28 I’m afraid. The release is coming out on Monday, and patches at this point would mean at least another week of testing.

This will be in 2.29 for sure, though, and the beta is coming out early next week too.

mvo · October 6, 2017, 7:00am

Yeah, Gustavo is correct. It will most likely not be part of 2.28 (sorry for that). However it is pulled it into the release/2.28 branch so if we need to do a point release it will be part of that.

Conan_Kudo · October 7, 2017, 5:31pm

That’s fine, I’ll cherry-pick it back into 2.28.1 release for Fedora.

Conan_Kudo · October 8, 2017, 9:33pm

snapd 2.28.1 has been submitted to updates-testing in Fedora:

Fedora 27: https://bodhi.fedoraproject.org/updates/FEDORA-2017-85251c9cb1
Fedora 26: https://bodhi.fedoraproject.org/updates/FEDORA-2017-527a602718
Fedora 25: https://bodhi.fedoraproject.org/updates/FEDORA-2017-49756ddcb4

No special notes are yet published, as release highlights haven’t been made.

It should synchronize out to mirrors in the next 24-48 hours. Please test!

mvo · October 10, 2017, 5:59pm

Just a heads-up. We are doing a tiny 2.28.2 update. It contains only the following fixes:

Bug in dhcp handling if IP address changes accross leases: details.
typo in the network-control udev interface: <a href="https://github.com/snapcore/snapd/pull/4018>details
improve distro checks to take ID_LIKE from os-release into account: details.

mvo · October 12, 2017, 6:43am

An another update. We pushed 2.28.4 to beta with the following fixes:

interfaces/opengl: don’t udev tag nvidia devices and use snap-
confine instead
- debian: fix replaces/breaks for snap-xdg-open
- interfaces/lxd: lxd slot implementation can also be an app
snap

Thanks for the excellent feedback we got here in the forum! I would like to encourage people here in the forum to run core from “candidate” (sudo snap refresh --candidate core). This was we have a better chance to catch all the corner cases before stable is hit.

mvo · October 18, 2017, 5:40am

Last night a new revision of 2.28 was pushed to the candidate channel. The snapd version is 2.28.5.

But the most important change in this release is the updated wpasupplicant package that fixes the recent wifi “krack” CVEs. In addition to this security update we also fixed support for the latest nvidia drivers and fixed an incorrect rule in the network-control interface.

Please run: sudo snap refresh --candidate core if you haven’t already Feedback welcome!