[packages/snapd] new, version 2.26.1
glen
glen at pld-linux.org
Sun Jun 25 11:00:37 CEST 2017
commit ff3b8c2baa059e444f23f02e07b105c96d26f017
Author: Elan Ruusamäe <glen at pld-linux.org>
Date: Sun Jun 25 11:58:14 2017 +0300
new, version 2.26.1
based on fedora package, f07155a
version downgraded to 2.26.1 because upstream lacks 2.26.3 vendor
tarball
...-cmd-use-libtool-for-the-internal-library.patch | 96 ++++++
snap-mgmt.sh | 95 ++++++
...-interfaces-seccomp-allow-bind-for-Fedora.patch | 29 ++
snapd.spec | 327 +++++++++++++++++++++
4 files changed, 547 insertions(+)
---
diff --git a/snapd.spec b/snapd.spec
new file mode 100644
index 0000000..de2e036
--- /dev/null
+++ b/snapd.spec
@@ -0,0 +1,327 @@
+#
+# Conditional build:
+%bcond_with tests # build with tests
+
+Summary: A transactional software package manager
+Name: snapd
+Version: 2.26.1
+Release: 0.1
+License: GPL v3
+Group: Base
+Source0: https://github.com/snapcore/snapd/releases/download/%{version}/%{name}_%{version}.vendor.tar.xz
+# Source0-md5: 8152560d2af809ad84185d3b341b2f13
+# Script to implement certain package management actions
+Source1: snap-mgmt.sh
+URL: https://github.com/snapcore/snapd
+Patch0001: 0001-cmd-use-libtool-for-the-internal-library.patch
+Patch0100: %{name}-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch
+BuildRequires: golang
+BuildRequires: systemd
+BuildRequires: tar >= 1:1.22
+BuildRequires: xz
+Requires: snap-confine = %{version}-%{release}
+Requires: squashfs-tools
+# we need squashfs.ko loaded
+Requires: kmod(squashfs.ko)
+# bash-completion owns /usr/share/bash-completion/completions
+Requires: bash-completion
+# Force the SELinux module to be installed
+Requires: %{name}-selinux = %{version}-%{release}
+ExclusiveArch: %{ix86} %{x8664} %{arm} aarch64 ppc64le s390x
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define _enable_debug_packages 0
+%define gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**};
+%define gopath %{_libdir}/golang
+%define import_path github.com/snapcore/snapd
+
+%define snappy_svcs snapd.service snapd.socket snapd.autoimport.service snapd.refresh.timer snapd.refresh.service
+
+%description
+Snappy is a modern, cross-distribution, transactional package manager
+designed for working with self-contained, immutable packages.
+
+%package -n snap-confine
+Summary: Confinement system for snap applications
+License: GPL v3
+Group: Base
+BuildRequires: %{_bindir}/rst2man
+BuildRequires: %{_bindir}/shellcheck
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: gcc
+BuildRequires: gettext
+BuildRequires: glib2-devel
+BuildRequires: glibc-static
+BuildRequires: gnupg
+BuildRequires: indent
+BuildRequires: libcap-devel
+BuildRequires: libseccomp-devel
+BuildRequires: libtool
+BuildRequires: systemd-units
+BuildRequires: udev-devel
+BuildRequires: udev-devel
+BuildRequires: valgrind
+BuildRequires: xfsprogs-devel
+
+%description -n snap-confine
+This package is used internally by snapd to apply confinement to the
+started snap applications.
+
+%package selinux
+Summary: SELinux module for snapd
+License: GPL v2+
+Group: Base
+BuildRequires: selinux-policy
+BuildRequires: selinux-policy-devel
+BuildArch: noarch
+Requires(post): selinux-policy-base >= %{_selinux_policy_version}
+Requires(post): policycoreutils
+Requires(post): policycoreutils-python-utils
+Requires(pre): libselinux-utils
+Requires(post): libselinux-utils
+
+%description selinux
+This package provides the SELinux policy module to ensure snapd runs
+properly under an environment with SELinux enabled.
+
+%prep
+%setup -q
+%patch1 -p1
+%patch100 -p1
+
+# Generate version files
+./mkversion.sh "%{version}-%{release}"
+
+# Build snapd
+mkdir -p src/github.com/snapcore
+ln -s ../../../ src/github.com/snapcore/snapd
+
+%build
+export GOPATH=$(pwd):$(pwd)/Godeps/_workspace:%{gopath}
+
+%gobuild -o bin/snap %{import_path}/cmd/snap
+%gobuild -o bin/snap-exec %{import_path}/cmd/snap-exec
+%gobuild -o bin/snapctl %{import_path}/cmd/snapctl
+%gobuild -o bin/snapd %{import_path}/cmd/snapd
+%gobuild -o bin/snap-update-ns %{import_path}/cmd/snap-update-ns
+
+# Build SELinux module
+cd data/selinux
+%{__make} SHARE="%{_datadir}" TARGETS="snappy"
+cd -
+
+# Build snap-confine
+cd cmd
+autoreconf --force --install --verbose
+# selinux support is not yet available, for now just disable apparmor
+# FIXME: add --enable-caps-over-setuid as soon as possible (setuid discouraged!)
+%configure \
+ --disable-apparmor \
+ --libexecdir=%{_libexecdir}/snapd/ \
+ --with-snap-mount-dir=%{_sharedstatedir}/snapd/snap \
+ --without-merged-usr
+
+%{__make}
+cd -
+
+# Build systemd units
+cd data/systemd
+%{__make} \
+ BINDIR="%{_bindir}" \
+ LIBEXECDIR="%{_libexecdir}" \
+ SNAP_MOUNT_DIR="%{_sharedstatedir}/snapd/snap" \
+ SNAPD_ENVIRONMENT_FILE="%{_sysconfdir}/sysconfig/snapd"
+
+%if %{with tests}
+# snapd tests
+export GOPATH=$RPM_BUILD_ROOT/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath}
+%gotest %{import_path}/...
+
+# snap-confine tests (these always run!)
+cd cmd
+%{__make} check
+cd -
+%endif
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d -p $RPM_BUILD_ROOT%{_bindir}
+install -d -p $RPM_BUILD_ROOT%{_libexecdir}/snapd
+install -d -p $RPM_BUILD_ROOT%{_mandir}/man1
+install -d -p $RPM_BUILD_ROOT%{systemdunitdir}
+install -d -p $RPM_BUILD_ROOT%{_sysconfdir}/profile.d
+install -d -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/assertions
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/desktop/applications
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/device
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/hostfs
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/mount
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/seccomp/profiles
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/snaps
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/snap/bin
+install -d -p $RPM_BUILD_ROOT%{_localstatedir}/snap
+install -d -p $RPM_BUILD_ROOT%{_datadir}/selinux/devel/include/contrib
+install -d -p $RPM_BUILD_ROOT%{_datadir}/selinux/packages
+
+# Install snap and snapd
+install -p bin/snap $RPM_BUILD_ROOT%{_bindir}
+install -p bin/snap-exec $RPM_BUILD_ROOT%{_libexecdir}/snapd
+install -p bin/snapctl $RPM_BUILD_ROOT%{_bindir}/snapctl
+install -p bin/snapd $RPM_BUILD_ROOT%{_libexecdir}/snapd
+install -p bin/snap-update-ns $RPM_BUILD_ROOT%{_libexecdir}/snapd
+
+# Install SELinux module
+install -p data/selinux/snappy.if $RPM_BUILD_ROOT%{_datadir}/selinux/devel/include/contrib
+install -p data/selinux/snappy.pp.bz2 $RPM_BUILD_ROOT%{_datadir}/selinux/packages
+
+# Install snap(1) man page
+bin/snap help --man > $RPM_BUILD_ROOT%{_mandir}/man1/snap.1
+
+# Install the "info" data file with snapd version
+install -D data/info $RPM_BUILD_ROOT%{_libexecdir}/snapd/info
+
+# Install bash completion for "snap"
+install -D data/completion/snap $RPM_BUILD_ROOT%{bash_compdir}/snap
+
+# Install snap-confine
+cd cmd
+%{__make} install \
+ DESTDIR=$RPM_BUILD_ROOT
+# Undo the 0000 permissions, they are restored in the files section
+chmod 0755 $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/void
+# We don't use AppArmor
+rm -rfv $RPM_BUILD_ROOT%{_sysconfdir}/apparmor.d
+# ubuntu-core-launcher is dead
+rm -fv $RPM_BUILD_ROOT%{_bindir}/ubuntu-core-launcher
+cd -
+
+# Install all systemd units
+cd data/systemd
+%{__make} install \
+ DESTDIR=$RPM_BUILD_ROOT SYSTEMDSYSTEMUNITDIR="%{systemdunitdir}"
+# Remove snappy core specific units
+rm -fv $RPM_BUILD_ROOT%{systemdunitdir}/snapd.system-shutdown.service
+cd -
+
+# Put /var/lib/snapd/snap/bin on PATH
+# Put /var/lib/snapd/desktop on XDG_DATA_DIRS
+cat << __SNAPD_SH__ > $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/snapd.sh
+PATH=\$PATH:/var/lib/snapd/snap/bin
+if [ -z "\$XDG_DATA_DIRS" ]; then
+XDG_DATA_DIRS=%{_datadir}/:%{_prefix}/local/share/:/var/lib/snapd/desktop
+else
+ XDG_DATA_DIRS="\$XDG_DATA_DIRS":/var/lib/snapd/desktop
+fi
+export XDG_DATA_DIRS
+__SNAPD_SH__
+
+# Disable re-exec by default
+echo 'SNAP_REEXEC=0' > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/snapd
+
+# Install snap management script
+install -pm 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/snapd/snap-mgmt
+
+# Create state.json file to be ghosted
+touch $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/state.json
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post
+%systemd_post %{snappy_svcs}
+# If install, test if snapd socket and timer are enabled.
+# If enabled, then attempt to start them. This will silently fail
+# in chroots or other environments where services aren't expected
+# to be started.
+if [ $1 -eq 1 ] ; then
+ if systemctl -q is-enabled snapd.socket > /dev/null 2>&1 ; then
+ systemctl start snapd.socket > /dev/null 2>&1 || :
+ fi
+ if systemctl -q is-enabled snapd.refresh.timer > /dev/null 2>&1 ; then
+ systemctl start snapd.refresh.timer > /dev/null 2>&1 || :
+ fi
+fi
+
+%preun
+%systemd_preun %{snappy_svcs}
+
+# Remove all Snappy content if snapd is being fully uninstalled
+if [ $1 -eq 0 ]; then
+ %{_libexecdir}/snapd/snap-mgmt purge || :
+fi
+
+%postun
+%systemd_postun_with_restart %{snappy_svcs}
+
+%pre selinux
+%selinux_relabel_pre
+
+%post selinux
+%selinux_modules_install %{_datadir}/selinux/packages/snappy.pp.bz2
+%selinux_relabel_post
+
+%postun selinux
+%selinux_modules_uninstall snappy
+if [ $1 -eq 0 ]; then
+ %selinux_relabel_post
+fi
+
+%files
+%defattr(644,root,root,755)
+%doc COPYING
+%doc README.md docs/*
+%attr(755,root,root) %{_bindir}/snap
+%attr(755,root,root) %{_bindir}/snapctl
+%dir %{_libexecdir}/snapd
+%{_libexecdir}/snapd/snapd
+%{_libexecdir}/snapd/snap-exec
+%{_libexecdir}/snapd/info
+%{_libexecdir}/snapd/snap-mgmt
+%{_mandir}/man1/snap.1*
+%{bash_compdir}/snap
+/etc/profile.d/snapd.sh
+%{systemdunitdir}/snapd.socket
+%{systemdunitdir}/snapd.service
+%{systemdunitdir}/snapd.autoimport.service
+%{systemdunitdir}/snapd.refresh.service
+%{systemdunitdir}/snapd.refresh.timer
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/snapd
+%dir %{_sharedstatedir}/snapd
+%dir %{_sharedstatedir}/snapd/assertions
+%dir %{_sharedstatedir}/snapd/desktop
+%dir %{_sharedstatedir}/snapd/desktop/applications
+%dir %{_sharedstatedir}/snapd/device
+%dir %{_sharedstatedir}/snapd/hostfs
+%dir %{_sharedstatedir}/snapd/mount
+%dir %{_sharedstatedir}/snapd/seccomp
+%dir %{_sharedstatedir}/snapd/seccomp/profiles
+%dir %{_sharedstatedir}/snapd/snaps
+%dir %{_sharedstatedir}/snapd/snap
+%ghost %dir %{_sharedstatedir}/snapd/snap/bin
+%dir %{_localstatedir}/snap
+%ghost %{_sharedstatedir}/snapd/state.json
+
+%files -n snap-confine
+%defattr(644,root,root,755)
+%doc cmd/snap-confine/PORTING
+%doc COPYING
+%dir %{_libexecdir}/snapd
+# For now, we can't use caps
+# FIXME: Switch to "%%attr(0755,root,root) %%caps(cap_sys_admin=pe)" asap!
+%attr(4755,root,root) %{_libexecdir}/snapd/snap-confine
+%{_libexecdir}/snapd/snap-discard-ns
+%{_libexecdir}/snapd/snap-update-ns
+%{_libexecdir}/snapd/system-shutdown
+%{_mandir}/man5/snap-confine.5*
+%{_mandir}/man5/snap-discard-ns.5*
+%{_prefix}/lib/udev/snappy-app-dev
+%{_udevrulesdir}/80-snappy-assign.rules
+%attr(0000,root,root) %{_sharedstatedir}/snapd/void
+
+%files selinux
+%defattr(644,root,root,755)
+%doc data/selinux/COPYING
+%doc data/selinux/README.md
+%{_datadir}/selinux/packages/snappy.pp.bz2
+%{_datadir}/selinux/devel/include/contrib/snappy.if
diff --git a/0001-cmd-use-libtool-for-the-internal-library.patch b/0001-cmd-use-libtool-for-the-internal-library.patch
new file mode 100644
index 0000000..8afe83e
--- /dev/null
+++ b/0001-cmd-use-libtool-for-the-internal-library.patch
@@ -0,0 +1,96 @@
+# Upstream proposed PR: https://github.com/snapcore/snapd/pull/3162
+
+From 687b6de661e00db74e562ab575bfd1319f750816 Mon Sep 17 00:00:00 2001
+From: Zygmunt Krynicki <me at zygoon.pl>
+Date: Mon, 6 Mar 2017 20:26:26 +0100
+Subject: [PATCH] cmd: use libtool for the internal library
+
+This just cuts some hassle integration with how the helper library is
+built. I could never get to pass the right -fPIC/-fpie combination
+otherwise.
+
+Signed-off-by: Zygmunt Krynicki <me at zygoon.pl>
+---
+ cmd/Makefile.am | 16 ++++++++--------
+ cmd/configure.ac | 3 ++-
+ 2 files changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/cmd/Makefile.am b/cmd/Makefile.am
+index 695b07e..767bf35 100644
+--- a/cmd/Makefile.am
++++ b/cmd/Makefile.am
+@@ -58,12 +58,12 @@ hack: snap-confine/snap-confine snap-confine/snap-confine.apparmor
+ sudo apparmor_parser -r snap-confine/snap-confine.apparmor
+
+ ##
+-## libsnap-confine-private.a
++## libsnap-confine-private.la
+ ##
+
+-noinst_LIBRARIES += libsnap-confine-private.a
++noinst_LTLIBRARIES = libsnap-confine-private.la
+
+-libsnap_confine_private_a_SOURCES = \
++libsnap_confine_private_la_SOURCES = \
+ libsnap-confine-private/classic.c \
+ libsnap-confine-private/classic.h \
+ libsnap-confine-private/cleanup-funcs.c \
+@@ -131,7 +131,7 @@ noinst_PROGRAMS += decode-mount-opts/decode-mount-opts
+
+ decode_mount_opts_decode_mount_opts_SOURCES = \
+ decode-mount-opts/decode-mount-opts.c
+-decode_mount_opts_decode_mount_opts_LDADD = libsnap-confine-private.a
++decode_mount_opts_decode_mount_opts_LDADD = libsnap-confine-private.la
+ decode_mount_opts_decode_mount_opts_STATIC =
+
+ if STATIC_LIBCAP
+@@ -214,7 +214,7 @@ snap_confine_snap_confine_SOURCES = \
+
+ snap_confine_snap_confine_CFLAGS = -Wall -Werror $(AM_CFLAGS)
+ snap_confine_snap_confine_LDFLAGS = $(AM_LDFLAGS)
+-snap_confine_snap_confine_LDADD = libsnap-confine-private.a
++snap_confine_snap_confine_LDADD = libsnap-confine-private.la
+ snap_confine_snap_confine_CFLAGS += $(LIBUDEV_CFLAGS)
+ snap_confine_snap_confine_LDADD += $(LIBUDEV_LIBS)
+ # _STATIC is where we collect statically linked in libraries
+@@ -379,7 +379,7 @@ snap_discard_ns_snap_discard_ns_SOURCES = \
+ snap-discard-ns/snap-discard-ns.c
+ snap_discard_ns_snap_discard_ns_CFLAGS = -Wall -Werror $(AM_CFLAGS)
+ snap_discard_ns_snap_discard_ns_LDFLAGS = $(AM_LDFLAGS)
+-snap_discard_ns_snap_discard_ns_LDADD = libsnap-confine-private.a
++snap_discard_ns_snap_discard_ns_LDADD = libsnap-confine-private.la
+ snap_discard_ns_snap_discard_ns_STATIC =
+
+ if APPARMOR
+@@ -418,7 +418,7 @@ system_shutdown_system_shutdown_SOURCES = \
+ system-shutdown/system-shutdown-utils.c \
+ system-shutdown/system-shutdown-utils.h \
+ system-shutdown/system-shutdown.c
+-system_shutdown_system_shutdown_LDADD = libsnap-confine-private.a
++system_shutdown_system_shutdown_LDADD = libsnap-confine-private.la
+ system_shutdown_system_shutdown_CFLAGS = $(filter-out -fPIE -pie,$(CFLAGS)) -static
+ system_shutdown_system_shutdown_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) -static
+
+@@ -428,7 +428,7 @@ system_shutdown_unit_tests_SOURCES = \
+ libsnap-confine-private/unit-tests-main.c \
+ libsnap-confine-private/unit-tests.c \
+ system-shutdown/system-shutdown-utils-test.c
+-system_shutdown_unit_tests_LDADD = libsnap-confine-private.a
++system_shutdown_unit_tests_LDADD = libsnap-confine-private.la
+ system_shutdown_unit_tests_CFLAGS = $(GLIB_CFLAGS)
+ system_shutdown_unit_tests_LDADD += $(GLIB_LIBS)
+ endif
+diff --git a/cmd/configure.ac b/cmd/configure.ac
+index 39a6800..2ebf827 100644
+--- a/cmd/configure.ac
++++ b/cmd/configure.ac
+@@ -11,7 +11,8 @@ AC_PROG_CC_C99
+ AC_PROG_CPP
+ AC_PROG_INSTALL
+ AC_PROG_MAKE_SET
+-AC_PROG_RANLIB
++AC_PROG_LIBTOOL
++AC_CONFIG_MACRO_DIR([m4])
+
+ AC_LANG([C])
+ # Checks for libraries.
diff --git a/snap-mgmt.sh b/snap-mgmt.sh
new file mode 100644
index 0000000..0ccf0f3
--- /dev/null
+++ b/snap-mgmt.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+# Overlord management of snapd for package manager actions.
+# Implements actions that would be invoked in %pre(un) actions for snapd.
+# Derived from the snapd.postrm scriptlet used in the Ubuntu packaging for
+# snapd.
+
+set -e
+
+SNAP_MOUNT_DIR="/var/lib/snapd/snap"
+SNAP_UNIT_PREFIX="$(systemd-escape -p ${SNAP_MOUNT_DIR})"
+
+systemctl_stop() {
+ unit="$1"
+ if systemctl is-active -q "$unit"; then
+ echo "Stoping $unit"
+ systemctl stop -q "$unit" || true
+ fi
+}
+
+if [ "$1" = "purge" ]; then
+ # undo any bind mount to ${SNAP_MOUNT_DIR} that resulted from LP:#1668659
+ if grep -q "${SNAP_MOUNT_DIR} ${SNAP_MOUNT_DIR}" /proc/self/mountinfo; then
+ umount -l "${SNAP_MOUNT_DIR}" || true
+ fi
+
+ mounts=$(systemctl list-unit-files --full | grep "^${SNAP_UNIT_PREFIX}[-.].*\.mount" | cut -f1 -d ' ')
+ services=$(systemctl list-unit-files --full | grep "^${SNAP_UNIT_PREFIX}[-.].*\.service" | cut -f1 -d ' ')
+ for unit in $services $mounts; do
+ # ensure its really a snap mount unit or systemd unit
+ if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then
+ echo "Skipping non-snapd systemd unit $unit"
+ continue
+ fi
+
+ echo "Stopping $unit"
+ systemctl_stop "$unit"
+
+ # if it is a mount unit, we can find the snap name in the mount
+ # unit (we just ignore unit files)
+ snap=$(grep "Where=${SNAP_MOUNT_DIR}/" "/etc/systemd/system/$unit"|cut -f3 -d/)
+ rev=$(grep "Where=${SNAP_MOUNT_DIR}/" "/etc/systemd/system/$unit"|cut -f4 -d/)
+ if [ -n "$snap" ]; then
+ echo "Removing snap $snap"
+ # aliases
+ if [ -d "${SNAP_MOUNT_DIR}/bin" ]; then
+ find "${SNAP_MOUNT_DIR}/bin" -maxdepth 1 -lname "$snap" -delete
+ find "${SNAP_MOUNT_DIR}/bin" -maxdepth 1 -lname "$snap.*" -delete
+ fi
+ # generated binaries
+ rm -f "${SNAP_MOUNT_DIR}/bin/$snap"
+ rm -f "${SNAP_MOUNT_DIR}/bin/$snap".*
+ # snap mount dir
+ umount -l "${SNAP_MOUNT_DIR}/$snap/$rev" 2> /dev/null || true
+ rm -rf "${SNAP_MOUNT_DIR}/$snap/$rev"
+ rm -f "${SNAP_MOUNT_DIR}/$snap/current"
+ # snap data dir
+ rm -rf "/var/snap/$snap/$rev"
+ rm -rf "/var/snap/$snap/common"
+ rm -f "/var/snap/$snap/current"
+ # opportunistic remove (may fail if there are still revisions left)
+ for d in "${SNAP_MOUNT_DIR}/$snap" "/var/snap/$snap"; do
+ if [ -d "$d" ]; then
+ rmdir --ignore-fail-on-non-empty "$d"
+ fi
+ done
+ fi
+
+ echo "Removing $unit"
+ rm -f "/etc/systemd/system/$unit"
+ rm -f "/etc/systemd/system/multi-user.target.wants/$unit"
+ done
+
+ echo "Discarding preserved snap namespaces"
+ # opportunistic as those might not be actually mounted
+ for mnt in /run/snapd/ns/*.mnt; do
+ umount -l "$mnt" || true
+ done
+ umount -l /run/snapd/ns/ || true
+
+
+ echo "Removing downloaded snaps"
+ rm -rf /var/lib/snapd/snaps/*
+
+ echo "Final directory cleanup"
+ rm -rf "${SNAP_MOUNT_DIR}"/*
+ rm -rf /var/snap/*
+
+ echo "Removing leftover snap shared state data"
+ rm -rf /var/lib/snapd/desktop/applications/*
+ rm -rf /var/lib/snapd/seccomp/profiles/*
+ rm -rf /var/lib/snapd/device/*
+ rm -rf /var/lib/snapd/assertions/*
+
+fi
diff --git a/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch b/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch
new file mode 100644
index 0000000..8dd233c
--- /dev/null
+++ b/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch
@@ -0,0 +1,29 @@
+# Temporary patch until properly fixed in 2.27
+From a604e6e94cca5251a1a1ae31907832e023b38fa7 Mon Sep 17 00:00:00 2001
+From: Simon Fels <simon.fels at canonical.com>
+Date: Wed, 17 May 2017 16:18:54 +0200
+Subject: [PATCH] interfaces/seccomp: allow bind() for Fedora and openSUSE
+
+---
+ interfaces/seccomp/template.go | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/interfaces/seccomp/template.go b/interfaces/seccomp/template.go
+index f9a0ed6..a52ab6f 100644
+--- a/interfaces/seccomp/template.go
++++ b/interfaces/seccomp/template.go
+@@ -548,4 +548,14 @@ pwritev
+ # This is an older interface and single entry point that can be used instead
+ # of socket(), bind(), connect(), etc individually.
+ socketcall
++
++# Allow bind() as the golang net package uses this on initialization when
++# loaded the first time and on systems without an LSM system this kills
++# snapctl when executed in a hook when the network-bind interface isn't
++# plugged. See https://forum.snapcraft.io/t/hooks-calling-snapctl-are-broken-with-just-seccomp-enabled/658/
++# for more details.
++#
++# NOTE: This is only meant for Fedora and openSUSE and shouldn't be
++# applied upstream.
++bind
+ `)
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/snapd.git/commitdiff/ff3b8c2baa059e444f23f02e07b105c96d26f017
More information about the pld-cvs-commit
mailing list