a) The optee bindings (without implementation to use it for protecting/revealing keys) was introduced with https://github.com/canonical/snapd/pull/15378 for snapd 2.70.
The deb build failed, and I had to create a 2.70 deb only patch based on https://github.com/canonical/snapd/pull/15619. But, 2.70 was not released as deb and superseded with 2.71 which contains the PR as indicated in the release notes: "Packaging: disable optee when using nooptee build tag" So the optee bindings, even though it not yet used, when it was introduced in 2.70 caused a build failure that was with a path and also on master for 2.71. Neither the binding nor ability to exclude it with the flag was available in any deb release before 2.71. b) The snapd 2.69 comment "...first phase to replace snap-confine suid..." was for preparatory code, but it did not yet use file capabilities. In snapd 2.71 (the first deb release to go out since 2.68.5) snap- confine setuid is not set, and capabilities are set instead in the post scriptlet. ----- snap version snap 2.71+ubuntu25.10 snapd 2.71+ubuntu25.10 series 16 ubuntu 25.10 kernel 6.15.0-4-generic ----- stat /usr/lib/snapd/snap-confine File: /usr/lib/snapd/snap-confine Size: 163184 Blocks: 320 IO Block: 4096 regular file Device: 8,2 Inode: 18127413 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2025-09-11 21:38:39.000000000 +0200 Modify: 2025-07-25 13:18:47.000000000 +0200 Change: 2025-09-11 21:38:41.359352231 +0200 Birth: 2025-09-11 21:38:40.353339834 +0200 ----- -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2118396 Title: [SRU] 2.71 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2118396/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
