[packages/snapd] new, version 2.26.1

glen glen at pld-linux.org
Sun Jun 25 11:00:37 CEST 2017


commit ff3b8c2baa059e444f23f02e07b105c96d26f017
Author: Elan Ruusamäe <glen at pld-linux.org>
Date:   Sun Jun 25 11:58:14 2017 +0300

    new, version 2.26.1
    
    based on fedora package, f07155a
    version downgraded to 2.26.1 because upstream lacks 2.26.3 vendor
    tarball

 ...-cmd-use-libtool-for-the-internal-library.patch |  96 ++++++
 snap-mgmt.sh                                       |  95 ++++++
 ...-interfaces-seccomp-allow-bind-for-Fedora.patch |  29 ++
 snapd.spec                                         | 327 +++++++++++++++++++++
 4 files changed, 547 insertions(+)
---
diff --git a/snapd.spec b/snapd.spec
new file mode 100644
index 0000000..de2e036
--- /dev/null
+++ b/snapd.spec
@@ -0,0 +1,327 @@
+#
+# Conditional build:
+%bcond_with	tests		# build with tests
+
+Summary:	A transactional software package manager
+Name:		snapd
+Version:	2.26.1
+Release:	0.1
+License:	GPL v3
+Group:		Base
+Source0:	https://github.com/snapcore/snapd/releases/download/%{version}/%{name}_%{version}.vendor.tar.xz
+# Source0-md5:	8152560d2af809ad84185d3b341b2f13
+# Script to implement certain package management actions
+Source1:	snap-mgmt.sh
+URL:		https://github.com/snapcore/snapd
+Patch0001:	0001-cmd-use-libtool-for-the-internal-library.patch
+Patch0100:	%{name}-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch
+BuildRequires:	golang
+BuildRequires:	systemd
+BuildRequires:	tar >= 1:1.22
+BuildRequires:	xz
+Requires:	snap-confine = %{version}-%{release}
+Requires:	squashfs-tools
+# we need squashfs.ko loaded
+Requires:	kmod(squashfs.ko)
+# bash-completion owns /usr/share/bash-completion/completions
+Requires:	bash-completion
+# Force the SELinux module to be installed
+Requires:	%{name}-selinux = %{version}-%{release}
+ExclusiveArch:	%{ix86} %{x8664} %{arm} aarch64 ppc64le s390x
+BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define		_enable_debug_packages 0
+%define		gobuild(o:) go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**};
+%define		gopath		%{_libdir}/golang
+%define		import_path	github.com/snapcore/snapd
+
+%define		snappy_svcs	snapd.service snapd.socket snapd.autoimport.service snapd.refresh.timer snapd.refresh.service
+
+%description
+Snappy is a modern, cross-distribution, transactional package manager
+designed for working with self-contained, immutable packages.
+
+%package -n snap-confine
+Summary:	Confinement system for snap applications
+License:	GPL v3
+Group:		Base
+BuildRequires:	%{_bindir}/rst2man
+BuildRequires:	%{_bindir}/shellcheck
+BuildRequires:	autoconf
+BuildRequires:	automake
+BuildRequires:	gcc
+BuildRequires:	gettext
+BuildRequires:	glib2-devel
+BuildRequires:	glibc-static
+BuildRequires:	gnupg
+BuildRequires:	indent
+BuildRequires:	libcap-devel
+BuildRequires:	libseccomp-devel
+BuildRequires:	libtool
+BuildRequires:	systemd-units
+BuildRequires:	udev-devel
+BuildRequires:	udev-devel
+BuildRequires:	valgrind
+BuildRequires:	xfsprogs-devel
+
+%description -n snap-confine
+This package is used internally by snapd to apply confinement to the
+started snap applications.
+
+%package selinux
+Summary:	SELinux module for snapd
+License:	GPL v2+
+Group:		Base
+BuildRequires:	selinux-policy
+BuildRequires:	selinux-policy-devel
+BuildArch:	noarch
+Requires(post):	selinux-policy-base >= %{_selinux_policy_version}
+Requires(post):	policycoreutils
+Requires(post):	policycoreutils-python-utils
+Requires(pre):	libselinux-utils
+Requires(post):	libselinux-utils
+
+%description selinux
+This package provides the SELinux policy module to ensure snapd runs
+properly under an environment with SELinux enabled.
+
+%prep
+%setup -q
+%patch1 -p1
+%patch100 -p1
+
+# Generate version files
+./mkversion.sh "%{version}-%{release}"
+
+# Build snapd
+mkdir -p src/github.com/snapcore
+ln -s ../../../ src/github.com/snapcore/snapd
+
+%build
+export GOPATH=$(pwd):$(pwd)/Godeps/_workspace:%{gopath}
+
+%gobuild -o bin/snap %{import_path}/cmd/snap
+%gobuild -o bin/snap-exec %{import_path}/cmd/snap-exec
+%gobuild -o bin/snapctl %{import_path}/cmd/snapctl
+%gobuild -o bin/snapd %{import_path}/cmd/snapd
+%gobuild -o bin/snap-update-ns %{import_path}/cmd/snap-update-ns
+
+# Build SELinux module
+cd data/selinux
+%{__make} SHARE="%{_datadir}" TARGETS="snappy"
+cd -
+
+# Build snap-confine
+cd cmd
+autoreconf --force --install --verbose
+# selinux support is not yet available, for now just disable apparmor
+# FIXME: add --enable-caps-over-setuid as soon as possible (setuid discouraged!)
+%configure \
+	--disable-apparmor \
+	--libexecdir=%{_libexecdir}/snapd/ \
+	--with-snap-mount-dir=%{_sharedstatedir}/snapd/snap \
+	--without-merged-usr
+
+%{__make}
+cd -
+
+# Build systemd units
+cd data/systemd
+%{__make} \
+	BINDIR="%{_bindir}" \
+	LIBEXECDIR="%{_libexecdir}" \
+	SNAP_MOUNT_DIR="%{_sharedstatedir}/snapd/snap" \
+	SNAPD_ENVIRONMENT_FILE="%{_sysconfdir}/sysconfig/snapd"
+
+%if %{with tests}
+# snapd tests
+export GOPATH=$RPM_BUILD_ROOT/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath}
+%gotest %{import_path}/...
+
+# snap-confine tests (these always run!)
+cd cmd
+%{__make} check
+cd -
+%endif
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d -p $RPM_BUILD_ROOT%{_bindir}
+install -d -p $RPM_BUILD_ROOT%{_libexecdir}/snapd
+install -d -p $RPM_BUILD_ROOT%{_mandir}/man1
+install -d -p $RPM_BUILD_ROOT%{systemdunitdir}
+install -d -p $RPM_BUILD_ROOT%{_sysconfdir}/profile.d
+install -d -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/assertions
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/desktop/applications
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/device
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/hostfs
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/mount
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/seccomp/profiles
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/snaps
+install -d -p $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/snap/bin
+install -d -p $RPM_BUILD_ROOT%{_localstatedir}/snap
+install -d -p $RPM_BUILD_ROOT%{_datadir}/selinux/devel/include/contrib
+install -d -p $RPM_BUILD_ROOT%{_datadir}/selinux/packages
+
+# Install snap and snapd
+install -p bin/snap $RPM_BUILD_ROOT%{_bindir}
+install -p bin/snap-exec $RPM_BUILD_ROOT%{_libexecdir}/snapd
+install -p bin/snapctl $RPM_BUILD_ROOT%{_bindir}/snapctl
+install -p bin/snapd $RPM_BUILD_ROOT%{_libexecdir}/snapd
+install -p bin/snap-update-ns $RPM_BUILD_ROOT%{_libexecdir}/snapd
+
+# Install SELinux module
+install -p data/selinux/snappy.if $RPM_BUILD_ROOT%{_datadir}/selinux/devel/include/contrib
+install -p data/selinux/snappy.pp.bz2 $RPM_BUILD_ROOT%{_datadir}/selinux/packages
+
+# Install snap(1) man page
+bin/snap help --man > $RPM_BUILD_ROOT%{_mandir}/man1/snap.1
+
+# Install the "info" data file with snapd version
+install -D data/info $RPM_BUILD_ROOT%{_libexecdir}/snapd/info
+
+# Install bash completion for "snap"
+install -D data/completion/snap $RPM_BUILD_ROOT%{bash_compdir}/snap
+
+# Install snap-confine
+cd cmd
+%{__make} install \
+	DESTDIR=$RPM_BUILD_ROOT
+# Undo the 0000 permissions, they are restored in the files section
+chmod 0755 $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/void
+# We don't use AppArmor
+rm -rfv $RPM_BUILD_ROOT%{_sysconfdir}/apparmor.d
+# ubuntu-core-launcher is dead
+rm -fv $RPM_BUILD_ROOT%{_bindir}/ubuntu-core-launcher
+cd -
+
+# Install all systemd units
+cd data/systemd
+%{__make} install \
+	DESTDIR=$RPM_BUILD_ROOT SYSTEMDSYSTEMUNITDIR="%{systemdunitdir}"
+# Remove snappy core specific units
+rm -fv $RPM_BUILD_ROOT%{systemdunitdir}/snapd.system-shutdown.service
+cd -
+
+# Put /var/lib/snapd/snap/bin on PATH
+# Put /var/lib/snapd/desktop on XDG_DATA_DIRS
+cat << __SNAPD_SH__ > $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/snapd.sh
+PATH=\$PATH:/var/lib/snapd/snap/bin
+if [ -z "\$XDG_DATA_DIRS" ]; then
+XDG_DATA_DIRS=%{_datadir}/:%{_prefix}/local/share/:/var/lib/snapd/desktop
+else
+    XDG_DATA_DIRS="\$XDG_DATA_DIRS":/var/lib/snapd/desktop
+fi
+export XDG_DATA_DIRS
+__SNAPD_SH__
+
+# Disable re-exec by default
+echo 'SNAP_REEXEC=0' > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/snapd
+
+# Install snap management script
+install -pm 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/snapd/snap-mgmt
+
+# Create state.json file to be ghosted
+touch $RPM_BUILD_ROOT%{_sharedstatedir}/snapd/state.json
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post
+%systemd_post %{snappy_svcs}
+# If install, test if snapd socket and timer are enabled.
+# If enabled, then attempt to start them. This will silently fail
+# in chroots or other environments where services aren't expected
+# to be started.
+if [ $1 -eq 1 ] ; then
+	if systemctl -q is-enabled snapd.socket > /dev/null 2>&1 ; then
+		systemctl start snapd.socket > /dev/null 2>&1 || :
+	fi
+	if systemctl -q is-enabled snapd.refresh.timer > /dev/null 2>&1 ; then
+		systemctl start snapd.refresh.timer > /dev/null 2>&1 || :
+	fi
+fi
+
+%preun
+%systemd_preun %{snappy_svcs}
+
+# Remove all Snappy content if snapd is being fully uninstalled
+if [ $1 -eq 0 ]; then
+	%{_libexecdir}/snapd/snap-mgmt purge || :
+fi
+
+%postun
+%systemd_postun_with_restart %{snappy_svcs}
+
+%pre selinux
+%selinux_relabel_pre
+
+%post selinux
+%selinux_modules_install %{_datadir}/selinux/packages/snappy.pp.bz2
+%selinux_relabel_post
+
+%postun selinux
+%selinux_modules_uninstall snappy
+if [ $1 -eq 0 ]; then
+	%selinux_relabel_post
+fi
+
+%files
+%defattr(644,root,root,755)
+%doc COPYING
+%doc README.md docs/*
+%attr(755,root,root) %{_bindir}/snap
+%attr(755,root,root) %{_bindir}/snapctl
+%dir %{_libexecdir}/snapd
+%{_libexecdir}/snapd/snapd
+%{_libexecdir}/snapd/snap-exec
+%{_libexecdir}/snapd/info
+%{_libexecdir}/snapd/snap-mgmt
+%{_mandir}/man1/snap.1*
+%{bash_compdir}/snap
+/etc/profile.d/snapd.sh
+%{systemdunitdir}/snapd.socket
+%{systemdunitdir}/snapd.service
+%{systemdunitdir}/snapd.autoimport.service
+%{systemdunitdir}/snapd.refresh.service
+%{systemdunitdir}/snapd.refresh.timer
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/snapd
+%dir %{_sharedstatedir}/snapd
+%dir %{_sharedstatedir}/snapd/assertions
+%dir %{_sharedstatedir}/snapd/desktop
+%dir %{_sharedstatedir}/snapd/desktop/applications
+%dir %{_sharedstatedir}/snapd/device
+%dir %{_sharedstatedir}/snapd/hostfs
+%dir %{_sharedstatedir}/snapd/mount
+%dir %{_sharedstatedir}/snapd/seccomp
+%dir %{_sharedstatedir}/snapd/seccomp/profiles
+%dir %{_sharedstatedir}/snapd/snaps
+%dir %{_sharedstatedir}/snapd/snap
+%ghost %dir %{_sharedstatedir}/snapd/snap/bin
+%dir %{_localstatedir}/snap
+%ghost %{_sharedstatedir}/snapd/state.json
+
+%files -n snap-confine
+%defattr(644,root,root,755)
+%doc cmd/snap-confine/PORTING
+%doc COPYING
+%dir %{_libexecdir}/snapd
+# For now, we can't use caps
+# FIXME: Switch to "%%attr(0755,root,root) %%caps(cap_sys_admin=pe)" asap!
+%attr(4755,root,root) %{_libexecdir}/snapd/snap-confine
+%{_libexecdir}/snapd/snap-discard-ns
+%{_libexecdir}/snapd/snap-update-ns
+%{_libexecdir}/snapd/system-shutdown
+%{_mandir}/man5/snap-confine.5*
+%{_mandir}/man5/snap-discard-ns.5*
+%{_prefix}/lib/udev/snappy-app-dev
+%{_udevrulesdir}/80-snappy-assign.rules
+%attr(0000,root,root) %{_sharedstatedir}/snapd/void
+
+%files selinux
+%defattr(644,root,root,755)
+%doc data/selinux/COPYING
+%doc data/selinux/README.md
+%{_datadir}/selinux/packages/snappy.pp.bz2
+%{_datadir}/selinux/devel/include/contrib/snappy.if
diff --git a/0001-cmd-use-libtool-for-the-internal-library.patch b/0001-cmd-use-libtool-for-the-internal-library.patch
new file mode 100644
index 0000000..8afe83e
--- /dev/null
+++ b/0001-cmd-use-libtool-for-the-internal-library.patch
@@ -0,0 +1,96 @@
+# Upstream proposed PR: https://github.com/snapcore/snapd/pull/3162
+
+From 687b6de661e00db74e562ab575bfd1319f750816 Mon Sep 17 00:00:00 2001
+From: Zygmunt Krynicki <me at zygoon.pl>
+Date: Mon, 6 Mar 2017 20:26:26 +0100
+Subject: [PATCH] cmd: use libtool for the internal library
+
+This just cuts some hassle integration with how the helper library is
+built. I could never get to pass the right -fPIC/-fpie combination
+otherwise.
+
+Signed-off-by: Zygmunt Krynicki <me at zygoon.pl>
+---
+ cmd/Makefile.am  | 16 ++++++++--------
+ cmd/configure.ac |  3 ++-
+ 2 files changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/cmd/Makefile.am b/cmd/Makefile.am
+index 695b07e..767bf35 100644
+--- a/cmd/Makefile.am
++++ b/cmd/Makefile.am
+@@ -58,12 +58,12 @@ hack: snap-confine/snap-confine snap-confine/snap-confine.apparmor
+ 	sudo apparmor_parser -r snap-confine/snap-confine.apparmor
+ 
+ ##
+-## libsnap-confine-private.a
++## libsnap-confine-private.la
+ ##
+ 
+-noinst_LIBRARIES += libsnap-confine-private.a
++noinst_LTLIBRARIES = libsnap-confine-private.la
+ 
+-libsnap_confine_private_a_SOURCES = \
++libsnap_confine_private_la_SOURCES = \
+ 	libsnap-confine-private/classic.c \
+ 	libsnap-confine-private/classic.h \
+ 	libsnap-confine-private/cleanup-funcs.c \
+@@ -131,7 +131,7 @@ noinst_PROGRAMS += decode-mount-opts/decode-mount-opts
+ 
+ decode_mount_opts_decode_mount_opts_SOURCES = \
+ 	decode-mount-opts/decode-mount-opts.c
+-decode_mount_opts_decode_mount_opts_LDADD = libsnap-confine-private.a
++decode_mount_opts_decode_mount_opts_LDADD = libsnap-confine-private.la
+ decode_mount_opts_decode_mount_opts_STATIC =
+ 
+ if STATIC_LIBCAP
+@@ -214,7 +214,7 @@ snap_confine_snap_confine_SOURCES = \
+ 
+ snap_confine_snap_confine_CFLAGS = -Wall -Werror $(AM_CFLAGS)
+ snap_confine_snap_confine_LDFLAGS = $(AM_LDFLAGS)
+-snap_confine_snap_confine_LDADD = libsnap-confine-private.a
++snap_confine_snap_confine_LDADD = libsnap-confine-private.la
+ snap_confine_snap_confine_CFLAGS += $(LIBUDEV_CFLAGS)
+ snap_confine_snap_confine_LDADD += $(LIBUDEV_LIBS)
+ # _STATIC is where we collect statically linked in libraries
+@@ -379,7 +379,7 @@ snap_discard_ns_snap_discard_ns_SOURCES = \
+ 	snap-discard-ns/snap-discard-ns.c
+ snap_discard_ns_snap_discard_ns_CFLAGS = -Wall -Werror $(AM_CFLAGS)
+ snap_discard_ns_snap_discard_ns_LDFLAGS = $(AM_LDFLAGS)
+-snap_discard_ns_snap_discard_ns_LDADD = libsnap-confine-private.a
++snap_discard_ns_snap_discard_ns_LDADD = libsnap-confine-private.la
+ snap_discard_ns_snap_discard_ns_STATIC =
+ 
+ if APPARMOR
+@@ -418,7 +418,7 @@ system_shutdown_system_shutdown_SOURCES = \
+ 	system-shutdown/system-shutdown-utils.c \
+ 	system-shutdown/system-shutdown-utils.h \
+ 	system-shutdown/system-shutdown.c
+-system_shutdown_system_shutdown_LDADD = libsnap-confine-private.a
++system_shutdown_system_shutdown_LDADD = libsnap-confine-private.la
+ system_shutdown_system_shutdown_CFLAGS = $(filter-out -fPIE -pie,$(CFLAGS)) -static
+ system_shutdown_system_shutdown_LDFLAGS = $(filter-out -fPIE -pie,$(LDFLAGS)) -static
+ 
+@@ -428,7 +428,7 @@ system_shutdown_unit_tests_SOURCES = \
+ 	libsnap-confine-private/unit-tests-main.c \
+ 	libsnap-confine-private/unit-tests.c \
+ 	system-shutdown/system-shutdown-utils-test.c
+-system_shutdown_unit_tests_LDADD = libsnap-confine-private.a
++system_shutdown_unit_tests_LDADD = libsnap-confine-private.la
+ system_shutdown_unit_tests_CFLAGS = $(GLIB_CFLAGS)
+ system_shutdown_unit_tests_LDADD +=  $(GLIB_LIBS)
+ endif
+diff --git a/cmd/configure.ac b/cmd/configure.ac
+index 39a6800..2ebf827 100644
+--- a/cmd/configure.ac
++++ b/cmd/configure.ac
+@@ -11,7 +11,8 @@ AC_PROG_CC_C99
+ AC_PROG_CPP
+ AC_PROG_INSTALL
+ AC_PROG_MAKE_SET
+-AC_PROG_RANLIB
++AC_PROG_LIBTOOL
++AC_CONFIG_MACRO_DIR([m4])
+ 
+ AC_LANG([C])
+ # Checks for libraries.
diff --git a/snap-mgmt.sh b/snap-mgmt.sh
new file mode 100644
index 0000000..0ccf0f3
--- /dev/null
+++ b/snap-mgmt.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+# Overlord management of snapd for package manager actions.
+# Implements actions that would be invoked in %pre(un) actions for snapd.
+# Derived from the snapd.postrm scriptlet used in the Ubuntu packaging for
+# snapd.
+
+set -e
+
+SNAP_MOUNT_DIR="/var/lib/snapd/snap"
+SNAP_UNIT_PREFIX="$(systemd-escape -p ${SNAP_MOUNT_DIR})"
+
+systemctl_stop() {
+    unit="$1"
+    if systemctl is-active -q "$unit"; then
+        echo "Stoping $unit"
+        systemctl stop -q "$unit" || true
+    fi
+}
+
+if [ "$1" = "purge" ]; then
+    # undo any bind mount to ${SNAP_MOUNT_DIR} that resulted from LP:#1668659
+    if grep -q "${SNAP_MOUNT_DIR} ${SNAP_MOUNT_DIR}" /proc/self/mountinfo; then
+        umount -l "${SNAP_MOUNT_DIR}" || true
+    fi
+
+    mounts=$(systemctl list-unit-files --full | grep "^${SNAP_UNIT_PREFIX}[-.].*\.mount" | cut -f1 -d ' ')
+    services=$(systemctl list-unit-files --full | grep "^${SNAP_UNIT_PREFIX}[-.].*\.service" | cut -f1 -d ' ')
+    for unit in $services $mounts; do
+        # ensure its really a snap mount unit or systemd unit
+        if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then
+            echo "Skipping non-snapd systemd unit $unit"
+            continue
+        fi
+
+        echo "Stopping $unit"
+        systemctl_stop "$unit"
+
+        # if it is a mount unit, we can find the snap name in the mount
+        # unit (we just ignore unit files)
+        snap=$(grep "Where=${SNAP_MOUNT_DIR}/" "/etc/systemd/system/$unit"|cut -f3 -d/)
+        rev=$(grep "Where=${SNAP_MOUNT_DIR}/" "/etc/systemd/system/$unit"|cut -f4 -d/)
+        if [ -n "$snap" ]; then
+            echo "Removing snap $snap"
+            # aliases
+            if [ -d "${SNAP_MOUNT_DIR}/bin" ]; then
+                find "${SNAP_MOUNT_DIR}/bin" -maxdepth 1 -lname "$snap" -delete
+                find "${SNAP_MOUNT_DIR}/bin" -maxdepth 1 -lname "$snap.*" -delete
+            fi
+            # generated binaries
+            rm -f "${SNAP_MOUNT_DIR}/bin/$snap"
+            rm -f "${SNAP_MOUNT_DIR}/bin/$snap".*
+            # snap mount dir
+            umount -l "${SNAP_MOUNT_DIR}/$snap/$rev" 2> /dev/null || true
+            rm -rf "${SNAP_MOUNT_DIR}/$snap/$rev"
+            rm -f "${SNAP_MOUNT_DIR}/$snap/current"
+            # snap data dir
+            rm -rf "/var/snap/$snap/$rev"
+            rm -rf "/var/snap/$snap/common"
+            rm -f "/var/snap/$snap/current"
+            # opportunistic remove (may fail if there are still revisions left)
+            for d in "${SNAP_MOUNT_DIR}/$snap" "/var/snap/$snap"; do
+                if [ -d "$d" ]; then
+                    rmdir --ignore-fail-on-non-empty "$d"
+                fi
+            done
+        fi
+
+        echo "Removing $unit"
+        rm -f "/etc/systemd/system/$unit"
+        rm -f "/etc/systemd/system/multi-user.target.wants/$unit"
+    done
+
+    echo "Discarding preserved snap namespaces"
+    # opportunistic as those might not be actually mounted
+    for mnt in /run/snapd/ns/*.mnt; do
+        umount -l "$mnt" || true
+    done
+    umount -l /run/snapd/ns/ || true
+
+
+    echo "Removing downloaded snaps"
+    rm -rf /var/lib/snapd/snaps/*
+
+    echo "Final directory cleanup"
+    rm -rf "${SNAP_MOUNT_DIR}"/*
+    rm -rf /var/snap/*
+
+    echo "Removing leftover snap shared state data"
+    rm -rf /var/lib/snapd/desktop/applications/*
+    rm -rf /var/lib/snapd/seccomp/profiles/*
+    rm -rf /var/lib/snapd/device/*
+    rm -rf /var/lib/snapd/assertions/*
+
+fi
diff --git a/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch b/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch
new file mode 100644
index 0000000..8dd233c
--- /dev/null
+++ b/snapd-2.26.1-interfaces-seccomp-allow-bind-for-Fedora.patch
@@ -0,0 +1,29 @@
+# Temporary patch until properly fixed in 2.27
+From a604e6e94cca5251a1a1ae31907832e023b38fa7 Mon Sep 17 00:00:00 2001
+From: Simon Fels <simon.fels at canonical.com>
+Date: Wed, 17 May 2017 16:18:54 +0200
+Subject: [PATCH] interfaces/seccomp: allow bind() for Fedora and openSUSE
+
+---
+ interfaces/seccomp/template.go | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/interfaces/seccomp/template.go b/interfaces/seccomp/template.go
+index f9a0ed6..a52ab6f 100644
+--- a/interfaces/seccomp/template.go
++++ b/interfaces/seccomp/template.go
+@@ -548,4 +548,14 @@ pwritev
+ # This is an older interface and single entry point that can be used instead
+ # of socket(), bind(), connect(), etc individually.
+ socketcall
++
++# Allow bind() as the golang net package uses this on initialization when
++# loaded the first time and on systems without an LSM system this kills
++# snapctl when executed in a hook when the network-bind interface isn't
++# plugged. See https://forum.snapcraft.io/t/hooks-calling-snapctl-are-broken-with-just-seccomp-enabled/658/
++# for more details.
++#
++# NOTE: This is only meant for Fedora and openSUSE and shouldn't be
++# applied upstream.
++bind
+ `)
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/snapd.git/commitdiff/ff3b8c2baa059e444f23f02e07b105c96d26f017



More information about the pld-cvs-commit mailing list