rpms/snapd
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:epel8
rpms:epel9
rpms:epel10
rpms:f41
rpms:f42
rpms:f43
rpms:main
rpms:snapd-2.71
rpms:epel10.1
rpms:epel10.0
rpms:f40
rpms:f39
rpms:epel7
rpms:f38
rpms:bump-2.61.1
rpms:fix/tests
rpms:fix/xdelta
rpms:f36
rpms:f37
rpms:f35
rpms:f34
rpms:f33
rpms:bboozzoo/update-2.51-mass-rebuild
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f24
rpms:f23
...
pull from: rpms:snapd-2.71
Branches Tags
rpms:epel8
rpms:epel9
rpms:epel10
rpms:f41
rpms:f42
rpms:f43
rpms:main
rpms:rawhide
rpms:snapd-2.71
rpms:epel10.1
rpms:epel10.0
rpms:f40
rpms:f39
rpms:epel7
rpms:f38
rpms:bump-2.61.1
rpms:fix/tests
rpms:fix/xdelta
rpms:f36
rpms:f37
rpms:f35
rpms:f34
rpms:f33
rpms:bboozzoo/update-2.51-mass-rebuild
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f24
rpms:f23
Sign in to create a new pull request.

1 commit
rawhide ... snapd-2.71

Author SHA1 Message Date
Zygmunt Krynicki
36bbcd2dff Update to snapd 2.71 
One more hack was needed to let the package to build in the current
form, without proper support for Go modules. I've filed an internal
tracking ticket for the next release so that we re-do the package with
new Go helpers, remove a lot of generated content that is instead
generated at build time, and actually support Go modules for real.

https://warthogs.atlassian.net/browse/SNAPDENG-35431 (not visible to the
public, apologies, this helps only a limited audience).

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
 2025-09-01 08:40:34 +02:00
3 changed files with 204 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.gitignore vendored
View file

@ -1,2 +1,2 @@
/snapd_2.70.no-vendor.tar.xz
/snapd_2.70.only-vendor.tar.xz
/snapd_2.71.no-vendor.tar.xz
/snapd_2.71.only-vendor.tar.xz

270
snapd.spec
View file

@ -52,7 +52,7 @@
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
%global import_path %{provider_prefix}
%global snappy_svcs snapd.service snapd.socket snapd.autoimport.service snapd.seeded.service snapd.apparmor.service snapd.mounts.target snapd.mounts-pre.target
%global snappy_svcs snapd.service snapd.socket snapd.seeded.service snapd.apparmor.service snapd.mounts.target snapd.mounts-pre.target
%global snappy_user_svcs snapd.session-agent.service snapd.session-agent.socket
# Until we have a way to add more extldflags to gobuild macro...
@ -83,8 +83,8 @@
%{!?_tmpfilesdir: %global _tmpfilesdir %{_prefix}/lib/tmpfiles.d}
Name: snapd
Version: 2.70
Release: 3%{?dist}
Version: 2.71
Release: 0%{?dist}
Summary: A transactional software package manager
License: GPL-3.0-only
URL: https://%{provider_prefix}
@ -159,6 +159,7 @@ BuildRequires: golang(gopkg.in/tomb.v2)
BuildRequires: golang(gopkg.in/yaml.v2)
BuildRequires: golang(gopkg.in/yaml.v3)
%endif
BuildRequires: go-rpm-macros
%description
Snappy is a modern, cross-distribution, transactional package manager
@ -226,7 +227,6 @@ BuildArch: noarch
%endif
%if ! 0%{?with_bundled}
Requires: golang(go.etcd.io/bbolt)
Requires: golang(github.com/bmatcuk/doublestar/v4)
Requires: golang(github.com/coreos/go-systemd/activation)
Requires: golang(github.com/godbus/dbus/v5)
@ -236,9 +236,12 @@ Requires: golang(github.com/jessevdk/go-flags)
Requires: golang(github.com/juju/ratelimit)
Requires: golang(github.com/kr/pretty)
Requires: golang(github.com/kr/text)
Requires: golang(github.com/mattn/go-runewidth)
Requires: golang(github.com/mvo5/goconfigparser)
Requires: golang(github.com/rivo/uniseg)
Requires: golang(github.com/seccomp/libseccomp-golang)
Requires: golang(github.com/snapcore/go-gettext)
Requires: golang(go.etcd.io/bbolt)
Requires: golang(golang.org/x/crypto/openpgp/armor)
Requires: golang(golang.org/x/crypto/openpgp/packet)
Requires: golang(golang.org/x/crypto/sha3)
@ -255,8 +258,6 @@ Requires: golang(gopkg.in/yaml.v3)
%else
# These Provides are unversioned because the sources in
# the bundled tarball are unversioned (they go by git commit)
# *sigh*... I hate golang...
Provides: bundled(golang(go.etcd.io/bbolt))
Provides: bundled(golang(github.com/bmatcuk/doublestar/v4))
Provides: bundled(golang(github.com/coreos/go-systemd/activation))
Provides: bundled(golang(github.com/godbus/dbus/v5))
@ -266,9 +267,12 @@ Provides: bundled(golang(github.com/jessevdk/go-flags))
Provides: bundled(golang(github.com/juju/ratelimit))
Provides: bundled(golang(github.com/kr/pretty))
Provides: bundled(golang(github.com/kr/text))
Provides: bundled(golang(github.com/mattn/go-runewidth))
Provides: bundled(golang(github.com/mvo5/goconfigparser))
Provides: bundled(golang(github.com/rivo/uniseg))
Provides: bundled(golang(github.com/seccomp/libseccomp-golang))
Provides: bundled(golang(github.com/snapcore/go-gettext))
Provides: bundled(golang(go.etcd.io/bbolt))
Provides: bundled(golang(golang.org/x/crypto/openpgp/armor))
Provides: bundled(golang(golang.org/x/crypto/openpgp/packet))
Provides: bundled(golang(golang.org/x/crypto/sha3))
@ -476,7 +480,7 @@ providing packages with %{import_path} prefix.
%if ! 0%{?with_bundled}
%setup -q
# Ensure there's no bundled stuff accidentally leaking in...
rm -rf vendor/*
rm -rf vendor
%else
# Extract each tarball properly
%setup -q -D -b 1
@ -500,48 +504,77 @@ export GOPATH=$(pwd):%{gopath}
# FIXME: move spec file really to a go.mod world instead of this hack
rm -f go.mod
export GO111MODULE=off
sed -e 's/-mod=readonly//g' <packaging/snapd.mk >packaging/snapd2.mk
# Generate version files
./mkversion.sh "%{version}-%{release}"
# see https://github.com/gofed/go-macros/blob/master/rpm/macros.d/macros.go-compilers-golang
BUILDTAGS=
%if 0%{?with_test_keys}
BUILDTAGS="withtestkeys nosecboot structuredlogging"
%else
BUILDTAGS="nosecboot"
%endif
%if ! 0%{?with_bundled}
# We don't need the snapcore fork for bolt - it is just a fix on ppc
sed -e "s:github.com/snapcore/bolt:github.com/boltdb/bolt:g" -i advisor/*.go
%endif
# We have to build snapd first to prevent the build from
# building various things from the tree without additional
# set tags.
%gobuild -o bin/snapd $GOFLAGS %{import_path}/cmd/snapd
BUILDTAGS="${BUILDTAGS} nomanagers"
%gobuild -o bin/snap $GOFLAGS %{import_path}/cmd/snap
%gobuild -o bin/snap-failure $GOFLAGS %{import_path}/cmd/snap-failure
%gobuild -o bin/snapd-apparmor $GOFLAGS %{import_path}/cmd/snapd-apparmor
# To ensure things work correctly with base snaps,
# snap-exec, snap-update-ns, and snapctl need to be built statically
(
%if 0%{?rhel} >= 7
# since RH Developer tools 2018.4 (and later releases),
# the go-toolset module is built with FIPS compliance that
# defaults to using libcrypto.so which gets loaded at runtime via dlopen(),
# disable that functionality for statically built binaries
BUILDTAGS="${BUILDTAGS} no_openssl"
EXTRA_TAGS="${EXTRA_TAGS} no_openssl"
%endif
%gobuild_static -o bin/snap-exec $GOFLAGS %{import_path}/cmd/snap-exec
%gobuild_static -o bin/snap-update-ns $GOFLAGS %{import_path}/cmd/snap-update-ns
%gobuild_static -o bin/snapctl $GOFLAGS %{import_path}/cmd/snapctl
)
%gobuild -o bin/snap-seccomp $GOFLAGS %{import_path}/cmd/snap-seccomp
# Generate snapd.defines.mk, this file is included by snapd.mk. It contains a
# number of variable definitions that are set based on their RPM equivalents.
# Since we can apply any conditional overrides here in the spec file we can
# maintain one consistent set of variables across the spec and makefile worlds.
cat >snapd.defines.mk <<__DEFINES__
# This file is generated by Fedora's snapd.spec
# Directory variables.
prefix = %{_prefix}
bindir = %{_bindir}
sbindir = %{_sbindir}
libexecdir = %{_libexecdir}
mandir = %{_mandir}
datadir = %{_datadir}
localstatedir = %{_localstatedir}
sharedstatedir = %{_sharedstatedir}
unitdir = %{_unitdir}
builddir = %{_builddir}
# Build configuration
with_core_bits = 0
with_alt_snap_mount_dir = 1
with_apparmor = 1
with_testkeys = %{with_test_keys}
with_vendor = %{with_bundled}
# follow what %%gobuild does
EXTRA_GO_BUILD_FLAGS = -v -x -compiler gc
EXTRA_GO_LDFLAGS = -linkmode external -extldflags '%__global_ldflags'
EXTRA_GO_STATIC_LDFLAGS = -linkmode external -extldflags '%__global_ldflags -static'
EXTRA_GO_BUILD_TAGS = rpm_crashtraceback $EXTRA_TAGS
__DEFINES__
# Generate version files
cat <<EOF >snapdtool/version_generated.go
package snapdtool
// generated by snapd.spec; do not edit
func init() {
Version = "%{version}-%{release}"
}
EOF
cat <<EOF >cmd/VERSION
%{version}-%{release}
EOF
# FIXME: We paste a fixed string but we should run some go code to generate the
# real value. We don't want to do that as that code needs to use host's
# libraries without talking to the proxy.
cat <<EOF >data/info
SNAPD_APPARMOR_REEXEC=0
SNAPD_ASSERTS_FORMATS='{"account-key":1,"snap-declaration":6,"system-user":2}'
EOF
(
%if 0%{?rhel} == 7
@ -577,6 +610,11 @@ autoreconf --force --install --verbose
%make_build %{!?with_valgrind:HAVE_VALGRIND=}
popd
# Build snap, snapd and other tools
%make_build -f packaging/snapd2.mk \
SNAPD_DEFINES_DIR=$PWD \
all
# Build systemd units, dbus services, and env files
pushd ./data
make BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" DATADIR="%{_datadir}" \
@ -621,25 +659,10 @@ install -d -p %{buildroot}%{_datadir}/polkit-1/actions
install -d -p %{buildroot}%{_datadir}/selinux/devel/include/contrib
install -d -p %{buildroot}%{_datadir}/selinux/packages
# Install snap and snapd
install -p -m 0755 bin/snap %{buildroot}%{_bindir}
install -p -m 0755 bin/snap-exec %{buildroot}%{_libexecdir}/snapd
install -p -m 0755 bin/snap-failure %{buildroot}%{_libexecdir}/snapd
install -p -m 0755 bin/snapd %{buildroot}%{_libexecdir}/snapd
install -p -m 0755 bin/snap-update-ns %{buildroot}%{_libexecdir}/snapd
install -p -m 0755 bin/snap-seccomp %{buildroot}%{_libexecdir}/snapd
install -p -m 0755 bin/snapd-apparmor %{buildroot}%{_libexecdir}/snapd
# Ensure /usr/bin/snapctl is a symlink to /usr/libexec/snapd/snapctl
install -p -m 0755 bin/snapctl %{buildroot}%{_libexecdir}/snapd/snapctl
ln -sf %{_libexecdir}/snapd/snapctl %{buildroot}%{_bindir}/snapctl
# Install SELinux module
install -p -m 0644 data/selinux/snappy.if %{buildroot}%{_datadir}/selinux/devel/include/contrib
install -p -m 0644 data/selinux/snappy.pp.bz2 %{buildroot}%{_datadir}/selinux/packages
# Install snap(8) man page
bin/snap help --man > %{buildroot}%{_mandir}/man8/snap.8
# Install the "info" data file with snapd version
install -m 644 -D data/info %{buildroot}%{_libexecdir}/snapd/info
@ -669,6 +692,12 @@ pushd ./data
SNAPD_ENVIRONMENT_FILE="%{_sysconfdir}/sysconfig/snapd"
popd
# Install snap, snapd and tools
# auto-remove unnecessary files and service units
%make_install -f packaging/snapd2.mk \
SNAPD_DEFINES_DIR=$PWD \
install
%if 0%{?rhel} == 7
# Install kernel tweaks
# See: https://access.redhat.com/articles/3128691
@ -676,14 +705,7 @@ install -m 644 -D data/sysctl/rhel7-snap.conf %{buildroot}%{_sysctldir}/99-snap.
%endif
# Remove snappy core specific units
rm -fv %{buildroot}%{_unitdir}/snapd.system-shutdown.service
rm -fv %{buildroot}%{_unitdir}/snapd.snap-repair.*
rm -fv %{buildroot}%{_unitdir}/snapd.core-fixup.*
rm -fv %{buildroot}%{_unitdir}/snapd.recovery-chooser-trigger.service
# Remove snappy core specific scripts and binaries
rm %{buildroot}%{_libexecdir}/snapd/snapd.core-fixup.sh
rm %{buildroot}%{_libexecdir}/snapd/system-shutdown
rm -fv %{buildroot}%{_unitdir}/snapd.failure.service
# Remove gpio-chardev ordering target
rm -f %{buildroot}%{_unitdir}/snapd.gpio-chardev-setup.target
@ -737,19 +759,14 @@ sort -u -o devel.file-list devel.file-list
%check
for binary in snap-exec snap-update-ns snapctl; do
ldd bin/$binary 2>&1 | grep 'not a dynamic executable'
ldd %{_builddir}/$binary 2>&1 | grep 'not a dynamic executable'
done
# snapd tests
%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel}
%if ! 0%{?with_bundled}
export GOPATH=%{buildroot}/%{gopath}:%{gopath}
%else
export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath}
%endif
# FIXME: we are in the go.mod world now but without this things fall apart
export GO111MODULE=off
%gotest %{import_path}/...
%make_build -f packaging/snapd2.mk \
SNAPD_DEFINES_DIR=$PWD \
check
%endif
# snap-confine tests (these always run!)
@ -772,7 +789,6 @@ make -C data -k check
%{_libexecdir}/snapd/snapctl
%{_libexecdir}/snapd/snapd
%{_libexecdir}/snapd/snap-exec
%{_libexecdir}/snapd/snap-failure
%{_libexecdir}/snapd/info
%{_libexecdir}/snapd/snap-mgmt
%{_libexecdir}/snapd/snapd-apparmor
@ -789,8 +805,6 @@ make -C data -k check
%{_systemd_system_env_generator_dir}/snapd-env-generator
%{_unitdir}/snapd.socket
%{_unitdir}/snapd.service
%{_unitdir}/snapd.autoimport.service
%{_unitdir}/snapd.failure.service
%{_unitdir}/snapd.seeded.service
%{_unitdir}/snapd.apparmor.service
%{_unitdir}/snapd.mounts.target
@ -829,13 +843,19 @@ make -C data -k check
%dir %{_sharedstatedir}/snapd/mount
%dir %{_sharedstatedir}/snapd/seccomp
%dir %{_sharedstatedir}/snapd/seccomp/bpf
%ghost %{_sharedstatedir}/snapd/seccomp/bpf/global.bin
%dir %{_sharedstatedir}/snapd/snaps
%dir %{_sharedstatedir}/snapd/snap
%ghost %dir %{_sharedstatedir}/snapd/snap/bin
%dir %{_localstatedir}/cache/snapd
%dir %{_localstatedir}/snap
%ghost %{_sharedstatedir}/snapd/state.json
%ghost %{_sharedstatedir}/snapd/system-key
%ghost %{_sharedstatedir}/snapd/snap/bin
%ghost %{_sharedstatedir}/snapd/snap/README
%dir %{_localstatedir}/cache/snapd
%ghost %{_localstatedir}/cache/snapd/commands
%ghost %{_localstatedir}/cache/snapd/names
%ghost %{_localstatedir}/cache/snapd/sections
%dir %{_localstatedir}/snap
# this is typically owned by zsh, but we do not want to explicitly require zsh
%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions
@ -947,6 +967,116 @@ if [ $1 -eq 0 ]; then
fi
%changelog
* Fri Aug 22 2025 Ernest Lotter <ernest.lotter@canonical.com>
- New upstream release 2.71
- FDE: auto-repair when recovery key is used
- FDE: revoke keys on shim update
- FDE: revoke old TPM keys when dbx has been updated
- FDE: do not reseal FDE hook keys every time
- FDE: store keys in the kernel keyring when installing from initrd
- FDE: allow disabled DMA on Core
- FDE: snap-bootstrap: do not check for partition in scan-disk on
CVM
- FDE: support secboot preinstall check for 25.10+ hybrid installs
via the /v2/system/{label} endpoint
- FDE: support generating recovery key at install time via the
/v2/systems/{label} endpoint
- FDE: update passphrase quality check at install time via the
/v2/systems/{label} endpoint
- FDE: support replacing recovery key at runtime via the new
/v2/system-volumes endpoint
- FDE: support checking recovery keys at runtime via the /v2/system-
volumes endpoint
- FDE: support enumerating keyslots at runtime via the /v2/system-
volumes endpoint
- FDE: support changing passphrase at runtime via the /v2/system-
volumes endpoint
- FDE: support passphrase quality check at runtime via the
/v2/system-volumes endpoint
- FDE: update secboot to revision 3e181c8edf0f
- Confdb: support lists and indexed paths on read and write
- Confdb: alias references must be wrapped in brackets
- Confdb: support indexed paths in confdb-schema assertion
- Confdb: make API errors consistent with options
- Confdb: fetch confdb-schema assertion on access
- Confdb: prevent --previous from being used in read-side hooks
- Components: fix snap command with multiple components
- Components: set revision of seed components to x1
- Components: unmount extra kernel-modules components mounts
- AppArmor Prompting: add lifespan "session" for prompting rules
- AppArmor Prompting: support restoring prompts after snapd restart
- AppArmor Prompting: limit the extra information included in probed
AppArmor features and system key
- Notices: refactor notice state internals
- SELinux: look for restorecon/matchpathcon at all known locations
rather than current PATH
- SELinux: update policy to allow watching cgroups (for RAA), and
talking to user session agents (service mgmt/refresh)
- Refresh App Awareness: Fix unexpected inotify file descriptor
cleanup
- snap-confine: workaround for glibc fchmodat() fallback and handle
ENOSYS
- snap-confine: add support for host policy for limiting users able
to run snaps
- LP: #2114923 Reject system key mismatch advise when not yet seeded
- Use separate lanes for essential and non-essential snaps during
seeding and allow non-essential installs to retry
- Fix bug preventing remodel from core18 to core18 when snapd snap
is unchanged
- LP: #2112551 Make removal of last active revision of a snap equal
to snap remove
- LP: #2114779 Allow non-gpt in fallback mode to support RPi
- Switch from using systemd LogNamespace to manually controlled
journal quotas
- Change snap command trace logging to only log the command names
- Grant desktop-launch access to /v2/snaps
- Update code for creating the snap journal stream
- Switch from using core to snapd snap for snap debug connectivity
- LP: #2112544 Fix offline remodel case where we switched to a
channel without an actual refresh
- LP: #2112332 Exclude snap/snapd/preseeding when generating preseed
tarball
- LP: #1952500 Fix snap command progress reporting
- LP: #1849346 Interfaces: kerberos-tickets | add new interface
- Interfaces: u2f | add support for Thetis Pro
- Interfaces: u2f | add OneSpan device and fix older device
- Interfaces: pipewire, audio-playback | support pipewire as system
daemon
- Interfaces: gpg-keys | allow access to GPG agent sockets
- Interfaces: usb-gadget | add new interface
- Interfaces: snap-fde-control, firmware-updater-support | add new
interfaces to support FDE
- Interfaces: timezone-control | extend to support timedatectl
varlink
- Interfaces: cpu-control | fix rules for accessing IRQ sysfs and
procfs directories
- Interfaces: microstack-support | allow SR-IOV attachments
- Interfaces: modify AppArmor template to allow snaps to read their
own systemd credentials
- Interfaces: posix-mq | allow stat on /dev/mqueue
- LP: #2098780 Interfaces: log-observe | add capability
dac_read_search
- Interfaces: block-devices | allow access to ZFS pools and datasets
- LP: #2033883 Interfaces: block-devices | opt-in access to
individual partitions
- Interfaces: accel | add new interface to support accel kernel
subsystem
- Interfaces: shutdown | allow client to bind on its side of dbus
socket
- Interfaces: modify seccomp template to allow pwritev2
- Interfaces: modify AppArmor template to allow reading
/proc/sys/fs/nr_open
- Packaging: drop snap.failure service for openSUSE
- Packaging: add SELinux support for openSUSE
- Packaging: disable optee when using nooptee build tag
- Packaging: add support for static PIE builds in snapd.mk, drop
pie.patch from openSUSE
- Packaging: add libcap2-bin runtime dependency for ubuntu-16.04
- Packaging: use snapd.mk for packaging on Fedora
- Packaging: exclude .git directory
- Packaging: fix DPKG_PARSECHANGELOG assignment
- Packaging: fix building on Fedora with dpkg installed
* Fri Aug 15 2025 Maxwell G <maxwell@gtmx.me> - 2.70-3
- Rebuild for golang-1.25.0

4
sources
View file

@ -1,2 +1,2 @@
SHA512 (snapd_2.70.no-vendor.tar.xz) = f4864658793d2f6e11823b604c85cadc204a231e7efc5d9302d395c6afc7b500f389317cd3066a39a1d9f138aef5c8a0c2eff07dfb1c5b4473dfa5b489356689
SHA512 (snapd_2.70.only-vendor.tar.xz) = b6e0309bc56a1573a3edea2e35b3feb313f8220633a64f11f6d0a5b155d39b1b3a2b058edc2d01aca0bf04f4515a17f9011cb49b5c7aa96a5a4610d0032cddcb
SHA512 (snapd_2.71.no-vendor.tar.xz) = 3cb250aff6ecf75236736e844da2cbb2a0275993a5da8f4dda3b25141719aea5d9db429191dada1c627b46687513d288f0a52c73d46004f8675bb2a38f1369a2
SHA512 (snapd_2.71.only-vendor.tar.xz) = 413f73d163e6b15550c012f97e77cd754a1c631f290ddcc64526fd34ccf5e5e8f12242ccd3af56bf18633b7f635aa093f9f9645d3959d208708048c1f43d0b9b