Bug#1109332: unblock: snapd/2.68.3-3
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: snapd@packages.debian.org, me@zygoon.pl
Control: affects -1 + src:snapd
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package snapd
[ Reason ]
This release contains bugfixes on top of the previous release. Those are:
- 1108759: fix for autopkgtest regression (test was sensitive to release name)
- 1106808: fix for missing Built-Using header
- 1107130: fix to stop using gcc-multilib
[ Impact ]
Removal of gcc-multilib will be more problematic. Tracking of packages affected
by static linking with glibc will be harder.
[ Tests ]
I've ran the autopkgtest suite for both sid and trixie.
The tests install a few snaps and use them in a basic capacity.
I also ran github.com/canonical/snapd-smoke-tests/ which contain a larger
selection of tests. The run was against a package built in salsa CI/CD:
https://github.com/canonical/snapd-smoke-tests/actions/runs/16292678070
[ Risks ]
The risk here is relatively low as this apart from mata-data updates, the only
real difference is the change to snapd multi-lib linking.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
N/A
unblock snapd/2.68.3-3
Debdiff pasted below:
diff -Nru snapd-2.68.3/debian/changelog snapd-2.68.3/debian/changelog
--- snapd-2.68.3/debian/changelog 2025-03-25 12:33:00.000000000 +0000
+++ snapd-2.68.3/debian/changelog 2025-07-15 06:01:41.000000000 +0000
@@ -1,3 +1,16 @@
+snapd (2.68.3-3) unstable; urgency=medium
+
+ [ Zygmunt Krynicki ]
+ * Include libc-dev-bin in Built-Using
+ * Remove Luke Faraone from uploaders
+ * Regenerate multilib patch
+ * Patch spread.yaml to allow testing on trixie
+
+ [ Helmut Grohne ]
+ * Stop using gcc-multilib and fix snap-seccomp test.
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Tue, 15 Jul 2025 06:01:41 +0000
+
snapd (2.68.3-2) unstable; urgency=medium
* switch to pkgconf
diff -Nru snapd-2.68.3/debian/control snapd-2.68.3/debian/control
--- snapd-2.68.3/debian/control 2025-03-25 12:33:00.000000000 +0000
+++ snapd-2.68.3/debian/control 2025-07-15 06:01:41.000000000 +0000
@@ -3,7 +3,6 @@
Priority: optional
Maintainer: Michael Hudson-Doyle <mwhudson@debian.org>
Uploaders: Zygmunt Krynicki <me@zygoon.pl>,
- Luke Faraone <lfaraone@debian.org>,
Michael Vogt <mvo@debian.org>
Build-Depends: debhelper (>= 13),
debhelper-compat (= 13),
@@ -16,7 +15,8 @@
ca-certificates,
dbus,
fakeroot,
- gcc-multilib [amd64],
+ gcc-i686-linux-gnu [amd64] <!nocheck>,
+ libc6-dev-i386-cross [amd64] <!nocheck>,
gettext,
gnupg2,
golang-dbus-dev,
diff -Nru snapd-2.68.3/debian/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch snapd-2.68.3/debian/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
--- snapd-2.68.3/debian/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch 2025-03-25 12:33:00.000000000 +0000
+++ snapd-2.68.3/debian/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch 1970-01-01 00:00:00.000000000 +0000
@@ -1,44 +0,0 @@
-From: Zygmunt Krynicki <me@zygoon.pl>
-Date: Thu, 17 Jan 2019 17:21:22 +0200
-Subject: cmd/snap-seccomp: skip tests that use -m32
-
-Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
-binaries. The compilation error is:
-
- multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
- cannot build multi-lib syscall runner: exit status 1
- In file included from /usr/include/errno.h:25,
- from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
- /usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
- # include <sys/cdefs.h>
- ^~~~~~~~~~~~~
- compilation terminated.
- OK: 2 passed, 11 skipped
-
-I was unable to resolve this issue, let's disable this test until we can get to
-the bottom of it.
-
-Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
----
- cmd/snap-seccomp/main_test.go | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/cmd/snap-seccomp/main_test.go b/cmd/snap-seccomp/main_test.go
-index 0706c0e..9f98c39 100644
---- a/cmd/snap-seccomp/main_test.go
-+++ b/cmd/snap-seccomp/main_test.go
-@@ -226,6 +226,14 @@ func (s *snapSeccompSuite) SetUpSuite(c *C) {
- // Ideally we would build for ppc64el->powerpc and arm64->armhf but
- // it seems tricky to find the right gcc-multilib for this.
- if arch.DpkgArchitecture() == "amd64" && s.canCheckCompatArch {
-+ // This test fails on Debian amd64
-+ // cannot build multi-lib syscall runner: exit status 1
-+ // In file included from /usr/include/errno.h:25,
-+ // from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
-+ // /usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
-+ // # include <sys/cdefs.h>
-+ // ^~~~~~~~~~~~~
-+ c.Skip(`This test fails to build on Debian amd64`)
- cmd = exec.Command(cmd.Args[0], cmd.Args[1:]...)
- cmd.Args = append(cmd.Args, "-m32")
- for i, k := range cmd.Args {
diff -Nru snapd-2.68.3/debian/patches/0005-Add-Debian-Trixie-to-autopkgtest-entries.patch snapd-2.68.3/debian/patches/0005-Add-Debian-Trixie-to-autopkgtest-entries.patch
--- snapd-2.68.3/debian/patches/0005-Add-Debian-Trixie-to-autopkgtest-entries.patch 1970-01-01 00:00:00.000000000 +0000
+++ snapd-2.68.3/debian/patches/0005-Add-Debian-Trixie-to-autopkgtest-entries.patch 2025-07-15 06:01:41.000000000 +0000
@@ -0,0 +1,43 @@
+From: "me@zygoon.pl" <me@zygoon.pl>
+Date: Mon, 14 Jul 2025 20:32:25 +0000
+Subject: Add Debian 13 to autopkgtest entries
+
+This should fix autopkgtest in for non-sid.
+
+Signed-off-by: Zygmunt Krynicki <Zygmunt Krynicki me@zygoon.pl>
+---
+ spread.yaml | 21 ++++++++++++++++++++-
+ 1 file changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/spread.yaml b/spread.yaml
+index 4b67bce..50ef70e 100644
+--- a/spread.yaml
++++ b/spread.yaml
+@@ -494,7 +494,26 @@ backends:
+ - ubuntu-22.04-arm64:
+ username: ubuntu
+ password: ubuntu
+- # Debian
++ # Debian Trixie
++ - debian-13-amd64:
++ username: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ password: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ - debian-13-i386:
++ username: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ password: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ - debian-13-armhf:
++ username: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ password: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ - debian-13-ppc64el:
++ username: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ password: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ - debian-13-s390x:
++ username: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ password: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ - debian-13-arm64:
++ username: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ password: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
++ # Debian Sid
+ - debian-sid-amd64:
+ username: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
+ password: '$(HOST: echo "$AUTOPKGTEST_NORMAL_USER")'
diff -Nru snapd-2.68.3/debian/patches/multilib.patch snapd-2.68.3/debian/patches/multilib.patch
--- snapd-2.68.3/debian/patches/multilib.patch 1970-01-01 00:00:00.000000000 +0000
+++ snapd-2.68.3/debian/patches/multilib.patch 2025-07-15 06:01:41.000000000 +0000
@@ -0,0 +1,142 @@
+From: Michael Hudson-Doyle <mwhudson@debian.org>
+Date: Mon, 14 Jul 2025 20:30:45 +0000
+Subject: multilib
+
+---
+ cmd/snap-seccomp/main_test.go | 3 +-
+ .../store/test-snapd-daemon-user/src/Makefile | 55 +++++++++++-----------
+ 2 files changed, 29 insertions(+), 29 deletions(-)
+
+diff --git a/cmd/snap-seccomp/main_test.go b/cmd/snap-seccomp/main_test.go
+index 79b338f..8bd9f02 100644
+--- a/cmd/snap-seccomp/main_test.go
++++ b/cmd/snap-seccomp/main_test.go
+@@ -226,8 +226,7 @@ func (s *snapSeccompSuite) SetUpSuite(c *C) {
+ // Ideally we would build for ppc64el->powerpc and arm64->armhf but
+ // it seems tricky to find the right gcc-multilib for this.
+ if arch.DpkgArchitecture() == "amd64" && s.canCheckCompatArch {
+- cmd = exec.Command(cmd.Args[0], cmd.Args[1:]...)
+- cmd.Args = append(cmd.Args, "-m32")
++ cmd = exec.Command("i686-linux-gnu-gcc", cmd.Args[1:]...)
+ for i, k := range cmd.Args {
+ if k == s.seccompSyscallRunner {
+ cmd.Args[i] = s.seccompSyscallRunner + ".m32"
+diff --git a/tests/lib/snaps/store/test-snapd-daemon-user/src/Makefile b/tests/lib/snaps/store/test-snapd-daemon-user/src/Makefile
+index e9dedc7..bcbc2bf 100644
+--- a/tests/lib/snaps/store/test-snapd-daemon-user/src/Makefile
++++ b/tests/lib/snaps/store/test-snapd-daemon-user/src/Makefile
+@@ -117,86 +117,87 @@ fchownat: display.o fchownat.o
+
+ #ifneq (,$(filter $(arch_triplet), x86_64-linux-gnu aarch64-linux-gnu))
+ ifneq (,$(filter $(arch_triplet), x86_64-linux-gnu))
++CC_M32 ?= i686-linux-gnu-gcc
+ display32.o: display32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ drop32.o: drop32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ drop32: display32.o drop32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ drop-exec32.o: drop-exec32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ drop-exec32: display32.o drop-exec32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ drop-syscall32.o: drop-syscall32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ drop-syscall32: display32.o drop-syscall32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ setgid32.o: setgid32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ setgid32: display32.o setgid32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ setregid32.o: setregid32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ setregid32: display32.o setregid32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ setresgid32.o: setresgid32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ setresgid32: display32.o setresgid32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ setuid32.o: setuid32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ setuid32: display32.o setuid32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ setreuid32.o: setreuid32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ setreuid32: display32.o setreuid32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ setresuid32.o: setresuid32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ setresuid32: display32.o setresuid32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ chown32.o: chown32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ chown32: display32.o chown32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ lchown32.o: lchown32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ lchown32: display32.o lchown32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ fchown32.o: fchown32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ fchown32: display32.o fchown32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+ fchownat32.o: fchownat32.c
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $< -c ${LDLIBS}
+
+ fchownat32: display32.o fchownat32.o
+- ${CC} -m32 ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
++ ${CC_M32} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+ endif
+
+
diff -Nru snapd-2.68.3/debian/patches/series snapd-2.68.3/debian/patches/series
--- snapd-2.68.3/debian/patches/series 2025-03-25 12:33:00.000000000 +0000
+++ snapd-2.68.3/debian/patches/series 2025-07-15 06:01:41.000000000 +0000
@@ -1,4 +1,5 @@
-0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
0010-man-page-sections.patch
+multilib.patch
+0005-Add-Debian-Trixie-to-autopkgtest-entries.patch
diff -Nru snapd-2.68.3/debian/rules snapd-2.68.3/debian/rules
--- snapd-2.68.3/debian/rules 2025-03-25 12:33:00.000000000 +0000
+++ snapd-2.68.3/debian/rules 2025-07-15 06:01:41.000000000 +0000
@@ -83,7 +83,11 @@
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
-BUILT_USING_PACKAGES=
+# /usr/lib/snapd/snap-{update-ns,gdbserver-shim,gdb-shim} are always linked
+# statically against glibc. Use libc-dev-bin to avoid having to handle the
+# different soname (e.g. libc6 vs libc6.1)
+BUILT_USING_PACKAGES=libc-dev-bin
+
# export DEB_BUILD_MAINT_OPTIONS = hardening=+all
# DPKG_EXPORT_BUILDFLAGS = 1
# include /usr/share/dpkg/buildflags.mk
@@ -103,11 +107,11 @@
ifeq ($(shell dpkg-architecture -qDEB_HOST_ARCH),amd64)
VENDOR_ARGS+= --with-host-arch-32bit-triplet=$(shell dpkg-architecture -f -ai386 -qDEB_HOST_MULTIARCH)
endif
- BUILT_USING_PACKAGES=libcap-dev libapparmor-dev libseccomp-dev
+ BUILT_USING_PACKAGES+=libcap-dev libapparmor-dev libseccomp-dev
else
ifeq ($(shell dpkg-vendor --query Vendor),Debian)
VENDOR_ARGS=--enable-nvidia-multiarch
- BUILT_USING_PACKAGES=libcap-dev
+ BUILT_USING_PACKAGES+=libcap-dev
else
VENDOR_ARGS=--disable-apparmor
endif
Reply to: