[gentoo-commits] repo/gentoo:master commit in: app-emulation/snapd/files/, app-emulation/snapd/
commit: 9199f894abc83596ae63ebc48a73e0af354d5f40
Author: Zac Medico gentoo org>
AuthorDate: Tue Nov 10 11:29:48 2020 +
Commit: Zac Medico gentoo org>
CommitDate: Tue Nov 10 11:35:43 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9199f894
app-emulation/snapd: 2.47.1-r1 revbump for bug 753695
Add USE=forced-devmode which can be disabled if you would like
snapd to panic if its confinement feature detection fails.
Bug: https://bugs.gentoo.org/753695
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Zac Medico gentoo.org>
app-emulation/snapd/files/README.gentoo | 9 +
app-emulation/snapd/metadata.xml | 6 ++
.../snapd/{snapd-2.47.1.ebuild => snapd-2.47.1-r1.ebuild}| 12 +---
3 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/app-emulation/snapd/files/README.gentoo
b/app-emulation/snapd/files/README.gentoo
index 331729cb165..f2e34601802 100644
--- a/app-emulation/snapd/files/README.gentoo
+++ b/app-emulation/snapd/files/README.gentoo
@@ -1,3 +1,12 @@
+*Security Alert*
+
+Application confinement may be automatically disabled if snapd
+fails to detect the required features. If you would like to disable
+this automatic behavior, causing snapd to panic if its confinement
+feature detection fails, then use this setting in package.use:
+
+app-emulation/snapd -forced-devmode
+
Use this command to enable the snapd service:
systemctl enable snapd.socket
diff --git a/app-emulation/snapd/metadata.xml b/app-emulation/snapd/metadata.xml
index 8a398ce38f9..2d641fece55 100644
--- a/app-emulation/snapd/metadata.xml
+++ b/app-emulation/snapd/metadata.xml
@@ -12,5 +12,11 @@
Enable AppArmor support.
+
+ Default to hybrid (legacy) cgroup hierarchy instead of
unified (modern).
+
+
+ Automatically disable application confinement if
feature detection fails.
+
diff --git a/app-emulation/snapd/snapd-2.47.1.ebuild
b/app-emulation/snapd/snapd-2.47.1-r1.ebuild
similarity index 90%
rename from app-emulation/snapd/snapd-2.47.1.ebuild
rename to app-emulation/snapd/snapd-2.47.1-r1.ebuild
index 1f8706beb54..9abf9d0b4bf 100644
--- a/app-emulation/snapd/snapd-2.47.1.ebuild
+++ b/app-emulation/snapd/snapd-2.47.1-r1.ebuild
@@ -17,8 +17,8 @@ KEYWORDS="~amd64"
LICENSE="GPL-3 Apache-2.0 BSD BSD-2 LGPL-3-with-linking-exception MIT"
SLOT="0"
-IUSE="apparmor gtk kde systemd"
-REQUIRED_USE="systemd"
+IUSE="apparmor +cgroup-hybrid +forced-devmode gtk kde systemd"
+REQUIRED_USE="!forced-devmode? ( cgroup-hybrid ) systemd"
CONFIG_CHECK="~CGROUPS
~CGROUP_DEVICE
@@ -40,7 +40,7 @@ RDEPEND="
)
dev-libs/glib
virtual/libudev
- systemd? ( sys-apps/systemd )
+ systemd? ( sys-apps/systemd[cgroup-hybrid(+)?] )
sys-libs/libcap:=
sys-fs/squashfs-tools"
@@ -74,6 +74,12 @@ src_prepare() {
+ "gentoo",
\x20 "manjaro",' | patch "${MY_S}/dirs/dirs.go" || die
+ if ! use forced-devmode; then
+ sed -e 's#return \(!apparmorFull || cgroupv2\)#//\1\n\tif
!apparmorFull || cgroupv2 {\n\t\tpanic("USE=forced-devmode is
disabled")\n\t}\n\treturn false#' \
+ -i "${MY_S}/sandbox/forcedevmode.go" || die
+ grep -q 'panic("USE=forced-devmode is disabled")'
"${MY_S}/sandbox/forcedevmode.go" || die "failed to disable forced-devmode"
+ fi
+
sed -i 's:command -v git >/dev/null:false:' -i "${MY_S}/mkversion.sh"
|| die
pushd "${MY_S}" >/dev/null || die
[gentoo-commits] repo/gentoo:master commit in: app-emulation/snapd/files/, app-emulation/snapd/
commit: 484480e8c287176e53897b6665db202108037ed5
Author: Zac Medico gentoo org>
AuthorDate: Mon Nov 9 07:35:08 2020 +
Commit: Zac Medico gentoo org>
CommitDate: Mon Nov 9 08:36:52 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=484480e8
app-emulation/snapd: Initial import
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Zac Medico gentoo.org>
app-emulation/snapd/Manifest| 1 +
app-emulation/snapd/files/README.gentoo | 47 +
app-emulation/snapd/metadata.xml| 16 +++
app-emulation/snapd/snapd-2.47.1.ebuild | 180
4 files changed, 244 insertions(+)
diff --git a/app-emulation/snapd/Manifest b/app-emulation/snapd/Manifest
new file mode 100644
index 000..2622b18e103
--- /dev/null
+++ b/app-emulation/snapd/Manifest
@@ -0,0 +1 @@
+DIST snapd-2.47.1.tar.xz 3664756 BLAKE2B
90cb117ea385890c38c6efdecd3652c115158ad769858ebe1a5035d37c9543da5b2a8768ce4f56cfcee053701d308f826bf7993d9b5f9d5313f2840ca829ab23
SHA512
e08dd7057b85b970a1177996c483d3f663b1424cdbf6643a69923a7012d38fc13109b449ce3a2c5c8d65e5836f93a36567f2f641a62caea6e9989a458f7f2892
diff --git a/app-emulation/snapd/files/README.gentoo
b/app-emulation/snapd/files/README.gentoo
new file mode 100644
index 000..331729cb165
--- /dev/null
+++ b/app-emulation/snapd/files/README.gentoo
@@ -0,0 +1,47 @@
+Use this command to enable the snapd service:
+
+ systemctl enable snapd.socket
+
+You can source /etc/profile.d/snapd.sh in your shell in order to
+update PATH and XDG_DATA_DIRS environment variables to include
+installed snaps.
+
+Once you have snapd running (first refer to the *AppArmor Section*
+below if you have that enabled), see the snap-store installation
+instructions here:
+
+ https://snapcraft.io/docs/installing-snap-store-app
+
+If snap-store does not work correctly then it may be due to a temporary
+service outage which will hopefully be reported on this page:
+
+ https://status.snapcraft.io/
+
+When snap-store is not working due to a service outage, it may still
+be possible to install apps via the snap cli. See snap --help for
+details. Many apps can be installed without a snap store (Ubuntu One)
+account. The snap login, logout, and whoami subcommands are available
+to manage snap store account details.
+
+Note that you will need a polkit authentication agent running in
+order to authenticate as root when installing snaps as a non-root user.
+The agent is typically started by a desktop entry found in
+/etc/xdg/autostart such as one of these:
+
+ polkit-gnome-authentication-agent-1.desktop
+ polkit-kde-authentication-agent-1.desktop
+
+*AppArmor Section*
+
+When apparmor is enabled you should enable these services:
+
+ systemctl enable apparmor.service snapd.apparmor.service
+
+You also need it enabled in your kernel and you may need to add these
+kernel parameters to your boot loader configuration:
+
+ apparmor=1 security=apparmor
+
+Refer here for more information about apparmor:
+
+ https://wiki.gentoo.org/wiki/AppArmor
diff --git a/app-emulation/snapd/metadata.xml b/app-emulation/snapd/metadata.xml
new file mode 100644
index 000..8a398ce38f9
--- /dev/null
+++ b/app-emulation/snapd/metadata.xml
@@ -0,0 +1,16 @@
+
+http://www.gentoo.org/dtd/metadata.dtd;>
+
+
+ zmed...@gentoo.org
+ Zac Medico
+
+
+ snapcore/snapd
+
+
+
+ Enable AppArmor support.
+
+
+
diff --git a/app-emulation/snapd/snapd-2.47.1.ebuild
b/app-emulation/snapd/snapd-2.47.1.ebuild
new file mode 100644
index 000..1f8706beb54
--- /dev/null
+++ b/app-emulation/snapd/snapd-2.47.1.ebuild
@@ -0,0 +1,180 @@
+# Copyright 2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+EGO_PN="github.com/snapcore/${PN}"
+inherit autotools bash-completion-r1 golang-vcs-snapshot linux-info
readme.gentoo-r1 systemd xdg-utils
+
+DESCRIPTION="Service and tools for management of snap packages"
+HOMEPAGE="http://snapcraft.io/;
+
+MY_S="${S}/src/github.com/snapcore/${PN}"
+
+SRC_URI="https://github.com/snapcore/${PN}/releases/download/${PV}/${PN}_${PV}.vendor.tar.xz
-> ${P}.tar.xz"
+MY_PV=${PV}
+KEYWORDS="~amd64"
+
+LICENSE="GPL-3 Apache-2.0 BSD BSD-2 LGPL-3-with-linking-exception MIT"
+SLOT="0"
+IUSE="apparmor gtk kde systemd"
+REQUIRED_USE="systemd"
+
+CONFIG_CHECK="~CGROUPS
+ ~CGROUP_DEVICE
+ ~CGROUP_FREEZER
+ ~NAMESPACES
+ ~SQUASHFS
+ ~SQUASHFS_ZLIB
+ ~SQUASHFS_LZO
+ ~SQUASHFS_XZ
+ ~BLK_DEV_LOOP
+ ~SECCOMP
+ ~SECCOMP_FILTER"
+
+RDEPEND="
+ sys-libs/libseccomp:=
+ apparmor? (
+ sec-policy/apparmor-profiles
+ sys-apps/apparmor:=
+ )
+
