~ondrak/ondras-snaps/+git/core20:master

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

ee71382... by Michael Vogt on 2022-03-09

Merge pull request #133 from anonymouse64/feature/var-cups-dir

hooks: mkdir /var/cups to avoid writable mimic creation for snaps using cups

5640e8e... by Ian Johnson on 2022-03-08

hooks: mkdir /var/cups to avoid writable mimic creation for snaps using cups

Snaps using the cups interface with the cups snap as of snapd 2.55 will create
a bind mount of /run/cups -> /var/cups, which since /var/cups does not exist
will trigger the writable mimic code to create a writable mimic on /var. This
results in a fair amount of extra bind mounts for every directory in /var, so
creating this directory empty in the base snap ensures that no writable mimic
need be created.

Signed-off-by: Ian Johnson <email address hidden>

a9a078f... by Alfonso Sanchez-Beato on 2022-02-07

Merge pull request #129 from cjwatson/ppa-launchpadcontent-net

Handle PPAs being served from ppa.launchpadcontent.net

3c47260... by Colin Watson on 2022-01-26

Handle PPAs being served from ppa.launchpadcontent.net

We now have a new HTTPS-capable domain for public PPAs, namely
ppa.launchpadcontent.net. Adjust various bits of the build system to
accept that.

2bf52ab... by Philip Meulengracht on 2022-01-12

Merge pull request #127 from Meulengracht/master

Add a PR template that informs of core-base repository

493e528... by Philip Meulengracht on 2022-01-12

core: add a PR template that informs of core-base repository

fdec657... by Philip Meulengracht on 2022-01-12

Merge pull request #125 from flotter/ctrl-alt-del-burst-action

static: disable systemd ctrl-alt-del burst action

3f110bb... by Philip Meulengracht on 2022-01-12

Merge pull request #126 from snowsky/add-update-motd.d-to-writable-dir

make update-motd writable for branding purposes

459f45d... by Hao Wang on 2022-01-07

make update-motd writable for branding purposes

df6faa0... by Frederik Du Toit Lotter on 2022-01-06

static: disable systemd ctrl-alt-del burst action

Systemd provides two ctrl-alt-del keyboard hooks (enabled by default)
exposing Ubuntu Core to malicious reboot request attacks.

(1) Ctrl-alt-del single press
(2) Ctrl-alt-del burst (7 presses or more in 2 seconds)

These issues are acknowledged and one addressed in a systemd commit
(commit: 24dd31c19ede505143833346ff850af942694aa6, 231 and later) by providing
a config item for the systemd manager to disable the ctrl-alt-del burst action.

Issue (1) is addressed in snapd by allowing the ctrl-alt-del.target to be
masked (pull: https://github.com/snapcore/snapd/pull/11113)

Issue (2) is addressed in this patch by disabling burst action in the systemd
manager config using a drop-in configuration file.

Testing: The ctrl-alt-del kernel sequence sends a SIGINT to PID1 (systemd).

The burst sequence was emulated by using a simple bash loop running on
Ubuntu Core (Raspberry Pi 3).

$ while [ true ]; do sudo kill -s SIGINT 1; done

No drop-in: reboot
Drop-in config CtrlAltDelBurstAction=reboot-force: reboot
Drop-in config CtrlAltDelBurstAction=none: no reboot

This patch adds a drop-in systemd config with CtrlAltDelBurstAction=none

The drop-in config file prefix number is set at 11. This follows on 10 which
can be generated by snapd for systemd watchdog control.

Also see:

https://www.stigviewer.com/
stig/red_hat_enterprise_linux_7/2017-12-14/finding/V-71993

https://www.stigviewer.com/
stig/red_hat_enterprise_linux_8/2021-03-04/finding/V-230531

Signed-off-by: Fred Lotter <email address hidden>