[packages/snapd] Version: 2.36.1, made it work
jajcus
jajcus at pld-linux.org
Wed Nov 21 09:11:50 CET 2018
commit 27ce95ed20a5c0a7bb548b9627dcdd41294042a0
Author: Jacek Konieczny <j.konieczny at eggsoft.pl>
Date: Wed Nov 21 09:04:55 2018 +0100
Version: 2.36.1, made it work
This software and its build process is some kind of a disaster.
I was able to run Spotify with this, though.
...-cmd-use-libtool-for-the-internal-library.patch | 96 ---------------
pld_is_like_fedora.patch | 14 +++
...-interfaces-seccomp-allow-bind-for-Fedora.patch | 29 -----
snapd.spec | 129 ++++++++++++---------
4 files changed, 85 insertions(+), 183 deletions(-)
---
diff --git a/snapd.spec b/snapd.spec
index 965e92e..ba3f7db 100644
--- a/snapd.spec
+++ b/snapd.spec
@@ -5,67 +5,58 @@
Summary: A transactional software package manager
Name: snapd
-Version: 2.26.1
-Release: 0.2
+Version: 2.36.1
+Release: 1
License: GPL v3
Group: Base
Source0: https://github.com/snapcore/snapd/releases/download/%{version}/%{name}_%{version}.vendor.tar.xz
-# Source0-md5: 8152560d2af809ad84185d3b341b2f13
+# Source0-md5: df9439daee9cbdd9b12da3bee198c34a
# Script to implement certain package management actions
Source1: snap-mgmt.sh
Source2: profile.d.sh
Source3: %{name}.sysconfig
+Patch0: pld_is_like_fedora.patch
URL: https://github.com/snapcore/snapd
-Patch0001: 0001-cmd-use-libtool-for-the-internal-library.patch
-Patch0100: %{name}-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch
+BuildRequires: %{_bindir}/rst2man
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: gcc
+BuildRequires: gettext
+BuildRequires: glib2-devel
+BuildRequires: glibc-static
+BuildRequires: gnupg
BuildRequires: golang
+BuildRequires: indent
+BuildRequires: libcap-devel
+BuildRequires: libseccomp-static
+BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: systemd-devel
+BuildRequires: systemd-units
BuildRequires: tar >= 1:1.22
+BuildRequires: udev-devel
+BuildRequires: valgrind
+BuildRequires: xfsprogs-devel
BuildRequires: xz
-Requires: snap-confine = %{version}-%{release}
+Requires: pld-release
Requires: squashfs
+Obsoletes: snap-confine
ExclusiveArch: %{ix86} %{x8664} %{arm} aarch64 ppc64le s390x
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define _udevrulesdir /lib/udev/rules.d
%define _enable_debug_packages 0
-%define gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**};
+%define gobuild(o:) go build -ldflags "-extldflags '${LDFLAGS:-}' -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**};
%define gopath %{_libdir}/golang
%define import_path github.com/snapcore/snapd
-%define snappy_svcs snapd.service snapd.socket snapd.autoimport.service snapd.refresh.timer snapd.refresh.service
+%define snappy_svcs snapd.service snapd.socket snapd.apparmor.service snapd.core-fixup.service snapd.failure.service snapd.seeded.service snapd.autoimport.service snapd.snap-repair.timer
%description
Snappy is a modern, cross-distribution, transactional package manager
designed for working with self-contained, immutable packages.
-%package -n snap-confine
-Summary: Confinement system for snap applications
-License: GPL v3
-Group: Base
-BuildRequires: %{_bindir}/rst2man
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: gcc
-BuildRequires: gettext
-BuildRequires: glib2-devel
-BuildRequires: glibc-static
-BuildRequires: gnupg
-BuildRequires: indent
-BuildRequires: libcap-devel
-BuildRequires: libseccomp-devel
-BuildRequires: libtool
-BuildRequires: systemd-units
-BuildRequires: udev-devel
-BuildRequires: valgrind
-BuildRequires: xfsprogs-devel
-
-%description -n snap-confine
-This package is used internally by snapd to apply confinement to the
-started snap applications.
-
%package selinux
Summary: SELinux module for snapd
License: GPL v2+
@@ -101,8 +92,7 @@ bash-completion for %{name}.
%prep
%setup -q
-%patch1 -p1
-%patch100 -p1
+%patch0 -p1
# Generate version files
./mkversion.sh "%{version}-%{release}"
@@ -114,11 +104,20 @@ ln -s ../../../ src/github.com/snapcore/snapd
%build
export GOPATH=$(pwd):$(pwd)/Godeps/_workspace:%{gopath}
+LDFLAGS="%{rpmldflags}"
%gobuild -o bin/snap %{import_path}/cmd/snap
-%gobuild -o bin/snap-exec %{import_path}/cmd/snap-exec
%gobuild -o bin/snapctl %{import_path}/cmd/snapctl
%gobuild -o bin/snapd %{import_path}/cmd/snapd
+%gobuild -o bin/snap-failure %{import_path}/cmd/snap-failure
+
+# these should be statically linked, for some reason
+LDFLAGS="%{rpmldflags} -static"
%gobuild -o bin/snap-update-ns %{import_path}/cmd/snap-update-ns
+%gobuild -o bin/snap-exec %{import_path}/cmd/snap-exec
+%gobuild -o bin/snap-seccomp %{import_path}/cmd/snap-seccomp
+
+# back to normal
+LDFLAGS="%{rpmldflags}"
%if %{with selinux}
cd data/selinux
@@ -137,7 +136,9 @@ autoreconf --force --install --verbose
--with-snap-mount-dir=%{_sharedstatedir}/snapd/snap \
--without-merged-usr
-%{__make}
+%{__make} \
+ BINDIR="%{_bindir}" \
+ LIBEXECDIR="%{_libexecdir}"
cd -
# Build systemd units
@@ -176,6 +177,7 @@ install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/seccomp/profiles
install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/snaps
install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/snap/bin
install -d -p $RPM_BUILD_ROOT%{_localstatedir}/snap
+install -d -p $RPM_BUILD_ROOT%{_prefix}/lib
# Install snap and snapd
install -p bin/snap $RPM_BUILD_ROOT%{_bindir}
@@ -183,6 +185,8 @@ install -p bin/snap-exec $RPM_BUILD_ROOT%{_libexecdir}/snapd
install -p bin/snapctl $RPM_BUILD_ROOT%{_bindir}/snapctl
install -p bin/snapd $RPM_BUILD_ROOT%{_libexecdir}/snapd
install -p bin/snap-update-ns $RPM_BUILD_ROOT%{_libexecdir}/snapd
+install -p bin/snap-seccomp $RPM_BUILD_ROOT%{_libexecdir}/snapd
+install -p bin/snap-failure $RPM_BUILD_ROOT%{_libexecdir}/snapd
%if %{with selinux}
install -d -p $RPM_BUILD_ROOT%{_datadir}/selinux/devel/include/contrib
@@ -203,6 +207,7 @@ install -D data/completion/snap $RPM_BUILD_ROOT%{bash_compdir}/snap
# Install snap-confine
cd cmd
%{__make} install \
+ LIBEXECDIR="%{_libexecdir}" \
DESTDIR=$RPM_BUILD_ROOT
# Undo the 0000 permissions, they are restored in the files section
chmod 0755 $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/void
@@ -215,6 +220,7 @@ cd -
# Install all systemd units
cd data/systemd
%{__make} install \
+ LIBEXECDIR="%{_libexecdir}" \
DESTDIR=$RPM_BUILD_ROOT SYSTEMDSYSTEMUNITDIR="%{systemdunitdir}"
# Remove snappy core specific units
rm -fv $RPM_BUILD_ROOT%{systemdunitdir}/snapd.system-shutdown.service
@@ -229,6 +235,9 @@ install -pm 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/snapd/snap-mgmt
# Create state.json file to be ghosted
touch $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/state.json
+# some things are still looked for in the wrong dir
+ln -s "%{_libexecdir}/snapd" "$RPM_BUILD_ROOT%{_prefix}/lib/snapd"
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -242,8 +251,8 @@ if [ $1 -eq 1 ] ; then
if systemctl -q is-enabled snapd.socket > /dev/null 2>&1 ; then
systemctl start snapd.socket > /dev/null 2>&1 || :
fi
- if systemctl -q is-enabled snapd.refresh.timer > /dev/null 2>&1 ; then
- systemctl start snapd.refresh.timer > /dev/null 2>&1 || :
+ if systemctl -q is-enabled snapd.snap-repair.timer > /dev/null 2>&1 ; then
+ systemctl start snapd.snap-repair.timer > /dev/null 2>&1 || :
fi
fi
@@ -256,7 +265,7 @@ if [ $1 -eq 0 ]; then
fi
%postun
-%systemd_postun_with_restart %{snappy_svcs}
+%systemd_reload
%pre selinux
%selinux_relabel_pre
@@ -276,18 +285,34 @@ fi
%doc README.md docs/*
%attr(755,root,root) %{_bindir}/snap
%attr(755,root,root) %{_bindir}/snapctl
+%{_prefix}/lib/snapd
%dir %{_libexecdir}/snapd
+%attr(755,root,root) %{_libexecdir}/snapd/info
+%attr(6755,root,root) %{_libexecdir}/snapd/snap-confine
%attr(755,root,root) %{_libexecdir}/snapd/snapd
+%attr(755,root,root) %{_libexecdir}/snapd/snapd.core-fixup.sh
+%attr(755,root,root) %{_libexecdir}/snapd/snap-device-helper
+%attr(755,root,root) %{_libexecdir}/snapd/snap-discard-ns
+%attr(755,root,root) %{_libexecdir}/snapd/snapd.run-from-snap
%attr(755,root,root) %{_libexecdir}/snapd/snap-exec
-%attr(755,root,root) %{_libexecdir}/snapd/info
+%attr(755,root,root) %{_libexecdir}/snapd/snap-failure
+%attr(755,root,root) %{_libexecdir}/snapd/snap-gdb-shim
%attr(755,root,root) %{_libexecdir}/snapd/snap-mgmt
+%attr(755,root,root) %{_libexecdir}/snapd/snap-seccomp
+%attr(755,root,root) %{_libexecdir}/snapd/snap-update-ns
+%attr(755,root,root) %{_libexecdir}/snapd/system-shutdown
%{_mandir}/man1/snap.1*
/etc/profile.d/snapd.sh
+%{systemdunitdir}-generators/snapd-generator
+%{systemdunitdir}/snapd.apparmor.service
+%{systemdunitdir}/snapd.core-fixup.service
+%{systemdunitdir}/snapd.failure.service
+%{systemdunitdir}/snapd.seeded.service
+%{systemdunitdir}/snapd.snap-repair.service
+%{systemdunitdir}/snapd.snap-repair.timer
%{systemdunitdir}/snapd.socket
%{systemdunitdir}/snapd.service
%{systemdunitdir}/snapd.autoimport.service
-%{systemdunitdir}/snapd.refresh.service
-%{systemdunitdir}/snapd.refresh.timer
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/snapd
%dir %{_sharedstatedir}/snapd
%dir %{_sharedstatedir}/snapd/assertions
@@ -303,21 +328,9 @@ fi
%ghost %dir %{_sharedstatedir}/snapd/snap/bin
%dir %{_localstatedir}/snap
%ghost %{_sharedstatedir}/snapd/state.json
-
-%files -n snap-confine
-%defattr(644,root,root,755)
-%doc cmd/snap-confine/PORTING
-%dir %{_libexecdir}/snapd
-# For now, we can't use caps
-# FIXME: Switch to "%%attr(0755,root,root) %%caps(cap_sys_admin=pe)" asap!
-%attr(4755,root,root) %{_libexecdir}/snapd/snap-confine
-%attr(755,root,root) %{_libexecdir}/snapd/snap-discard-ns
-%attr(755,root,root) %{_libexecdir}/snapd/snap-update-ns
-%attr(755,root,root) %{_libexecdir}/snapd/system-shutdown
-%{_mandir}/man5/snap-confine.5*
-%{_mandir}/man5/snap-discard-ns.5*
-%attr(755,root,root) /lib/udev/snappy-app-dev
-%{_udevrulesdir}/80-snappy-assign.rules
+%{_mandir}/man8/snapd-env-generator.8*
+%{_mandir}/man8/snap-confine.8*
+%{_mandir}/man8/snap-discard-ns.8*
%attr(0000,root,root) %{_sharedstatedir}/snapd/void
%if %{with selinux}
diff --git a/0001-cmd-use-libtool-for-the-internal-library.patch b/0001-cmd-use-libtool-for-the-internal-library.patch
deleted file mode 100644
index 8afe83e..0000000
--- a/0001-cmd-use-libtool-for-the-internal-library.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-# Upstream proposed PR: https://github.com/snapcore/snapd/pull/3162
-
-From 687b6de661e00db74e562ab575bfd1319f750816 Mon Sep 17 00:00:00 2001
-From: Zygmunt Krynicki <me at zygoon.pl>
-Date: Mon, 6 Mar 2017 20:26:26 +0100
-Subject: [PATCH] cmd: use libtool for the internal library
-
-This just cuts some hassle integration with how the helper library is
-built. I could never get to pass the right -fPIC/-fpie combination
-otherwise.
-
-Signed-off-by: Zygmunt Krynicki <me at zygoon.pl>
----
- cmd/Makefile.am | 16 ++++++++--------
- cmd/configure.ac | 3 ++-
- 2 files changed, 10 insertions(+), 9 deletions(-)
-
-diff --git a/cmd/Makefile.am b/cmd/Makefile.am
-index 695b07e..767bf35 100644
---- a/cmd/Makefile.am
-+++ b/cmd/Makefile.am
-@@ -58,12 +58,12 @@ hack: snap-confine/snap-confine snap-confine/snap-confine.apparmor
- sudo apparmor_parser -r snap-confine/snap-confine.apparmor
-
- ##
--## libsnap-confine-private.a
-+## libsnap-confine-private.la
- ##
-
--noinst_LIBRARIES += libsnap-confine-private.a
-+noinst_LTLIBRARIES = libsnap-confine-private.la
-
--libsnap_confine_private_a_SOURCES = \
-+libsnap_confine_private_la_SOURCES = \
- libsnap-confine-private/classic.c \
- libsnap-confine-private/classic.h \
- libsnap-confine-private/cleanup-funcs.c \
-@@ -131,7 +131,7 @@ noinst_PROGRAMS += decode-mount-opts/decode-mount-opts
-
- decode_mount_opts_decode_mount_opts_SOURCES = \
- decode-mount-opts/decode-mount-opts.c
--decode_mount_opts_decode_mount_opts_LDADD = libsnap-confine-private.a
-+decode_mount_opts_decode_mount_opts_LDADD = libsnap-confine-private.la
- decode_mount_opts_decode_mount_opts_STATIC =
-
- if STATIC_LIBCAP
-@@ -214,7 +214,7 @@ snap_confine_snap_confine_SOURCES = \
-
- snap_confine_snap_confine_CFLAGS = -Wall -Werror $(AM_CFLAGS)
- snap_confine_snap_confine_LDFLAGS = $(AM_LDFLAGS)
--snap_confine_snap_confine_LDADD = libsnap-confine-private.a
-+snap_confine_snap_confine_LDADD = libsnap-confine-private.la
- snap_confine_snap_confine_CFLAGS += $(LIBUDEV_CFLAGS)
- snap_confine_snap_confine_LDADD += $(LIBUDEV_LIBS)
- # _STATIC is where we collect statically linked in libraries
-@@ -379,7 +379,7 @@ snap_discard_ns_snap_discard_ns_SOURCES = \
- snap-discard-ns/snap-discard-ns.c
- snap_discard_ns_snap_discard_ns_CFLAGS = -Wall -Werror $(AM_CFLAGS)
- snap_discard_ns_snap_discard_ns_LDFLAGS = $(AM_LDFLAGS)
--snap_discard_ns_snap_discard_ns_LDADD = libsnap-confine-private.a
-+snap_discard_ns_snap_discard_ns_LDADD = libsnap-confine-private.la
- snap_discard_ns_snap_discard_ns_STATIC =
-
- if APPARMOR
-@@ -418,7 +418,7 @@ system_shutdown_system_shutdown_SOURCES = \
- system-shutdown/system-shutdown-utils.c \
- system-shutdown/system-shutdown-utils.h \
- system-shutdown/system-shutdown.c
--system_shutdown_system_shutdown_LDADD = libsnap-confine-private.a
-+system_shutdown_system_shutdown_LDADD = libsnap-confine-private.la
- system_shutdown_system_shutdown_CFLAGS = $(filter-out -fPIE -pie,$(CFLAGS)) -static
- system_shutdown_system_shutdown_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) -static
-
-@@ -428,7 +428,7 @@ system_shutdown_unit_tests_SOURCES = \
- libsnap-confine-private/unit-tests-main.c \
- libsnap-confine-private/unit-tests.c \
- system-shutdown/system-shutdown-utils-test.c
--system_shutdown_unit_tests_LDADD = libsnap-confine-private.a
-+system_shutdown_unit_tests_LDADD = libsnap-confine-private.la
- system_shutdown_unit_tests_CFLAGS = $(GLIB_CFLAGS)
- system_shutdown_unit_tests_LDADD += $(GLIB_LIBS)
- endif
-diff --git a/cmd/configure.ac b/cmd/configure.ac
-index 39a6800..2ebf827 100644
---- a/cmd/configure.ac
-+++ b/cmd/configure.ac
-@@ -11,7 +11,8 @@ AC_PROG_CC_C99
- AC_PROG_CPP
- AC_PROG_INSTALL
- AC_PROG_MAKE_SET
--AC_PROG_RANLIB
-+AC_PROG_LIBTOOL
-+AC_CONFIG_MACRO_DIR([m4])
-
- AC_LANG([C])
- # Checks for libraries.
diff --git a/pld_is_like_fedora.patch b/pld_is_like_fedora.patch
new file mode 100644
index 0000000..7bcba4f
--- /dev/null
+++ b/pld_is_like_fedora.patch
@@ -0,0 +1,14 @@
+diff -dur snapd-2.36.1.orig/release/release.go snapd-2.36.1/release/release.go
+--- snapd-2.36.1.orig/release/release.go 2018-11-09 14:42:28.000000000 +0100
++++ snapd-2.36.1/release/release.go 2018-11-21 08:29:11.000000000 +0100
+@@ -104,7 +104,9 @@
+ osRelease.VersionID = v
+ }
+ }
+-
++ if (osRelease.ID == "pld") {
++ osRelease.IDLike = append(osRelease.IDLike, "fedora");
++ }
+ return osRelease
+ }
+
diff --git a/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch b/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch
deleted file mode 100644
index 8dd233c..0000000
--- a/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-# Temporary patch until properly fixed in 2.27
-From a604e6e94cca5251a1a1ae31907832e023b38fa7 Mon Sep 17 00:00:00 2001
-From: Simon Fels <simon.fels at canonical.com>
-Date: Wed, 17 May 2017 16:18:54 +0200
-Subject: [PATCH] interfaces/seccomp: allow bind() for Fedora and openSUSE
-
----
- interfaces/seccomp/template.go | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/interfaces/seccomp/template.go b/interfaces/seccomp/template.go
-index f9a0ed6..a52ab6f 100644
---- a/interfaces/seccomp/template.go
-+++ b/interfaces/seccomp/template.go
-@@ -548,4 +548,14 @@ pwritev
- # This is an older interface and single entry point that can be used instead
- # of socket(), bind(), connect(), etc individually.
- socketcall
-+
-+# Allow bind() as the golang net package uses this on initialization when
-+# loaded the first time and on systems without an LSM system this kills
-+# snapctl when executed in a hook when the network-bind interface isn't
-+# plugged. See https://forum.snapcraft.io/t/hooks-calling-snapctl-are-broken-with-just-seccomp-enabled/658/
-+# for more details.
-+#
-+# NOTE: This is only meant for Fedora and openSUSE and shouldn't be
-+# applied upstream.
-+bind
- `)
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/snapd.git/commitdiff/27ce95ed20a5c0a7bb548b9627dcdd41294042a0
More information about the pld-cvs-commit
mailing list