diff options
| author | Maciek Borzecki | 2021-10-07 13:19:28 +0200 |
|---|---|---|
| committer | Maciek Borzecki | 2021-10-07 13:19:28 +0200 |
| commit | d6821d462cdec1b09f400999b9b65d699f72ecb5 (patch) | |
| tree | 780d43eb2f5c0ae47509757a3b2625a5262223e1 | |
| parent | 16d957062658d571fcdc9d07a12b04ef63a0fdf6 (diff) | |
| download | aur-d6821d462cdec1b09f400999b9b65d699f72ecb5.tar.gz | |
upgpkg: snapd 2.53-1
upstream release
Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
| -rw-r--r-- | .SRCINFO | 12 | ||||
| -rw-r--r-- | 0001-cmd-libsnap-confine-private-g_spawn_check_exit_statu.patch | 58 | ||||
| -rw-r--r-- | 0002-interfaces-seccomp-add-clone3-to-default-template.patch | 48 | ||||
| -rw-r--r-- | PKGBUILD | 12 |
4 files changed, 7 insertions, 123 deletions
@@ -1,7 +1,7 @@ pkgbase = snapd pkgdesc = Service and tools for management of snap packages. - pkgver = 2.52 - pkgrel = 3 + pkgver = 2.53 + pkgrel = 1 url = https://github.com/snapcore/snapd install = snapd.install arch = x86_64 @@ -27,11 +27,7 @@ pkgbase = snapd conflicts = snap-confine options = !strip options = emptydirs - source = snapd-2.52.tar.xz::https://github.com/snapcore/snapd/releases/download/2.52/snapd_2.52.vendor.tar.xz - source = 0001-cmd-libsnap-confine-private-g_spawn_check_exit_statu.patch - source = 0002-interfaces-seccomp-add-clone3-to-default-template.patch - sha256sums = a686a071251f8853c5c6789023091510332a49063334c9af29d48b066f8726c4 - sha256sums = fb2bece54758fd167b4e7d8df71786a204617ccbed241457ee30d27ab0048f77 - sha256sums = f7a48d5d30858c0c033563ae9cfdea75ac2e7c45503760bf3cc336688e970e50 + source = snapd-2.53.tar.xz::https://github.com/snapcore/snapd/releases/download/2.53/snapd_2.53.vendor.tar.xz + sha256sums = 4f7abd27ee551a83efc9f044412fd21a5cf26668b6a1ad56d6b7a9c983e9be4a pkgname = snapd diff --git a/0001-cmd-libsnap-confine-private-g_spawn_check_exit_statu.patch b/0001-cmd-libsnap-confine-private-g_spawn_check_exit_statu.patch deleted file mode 100644 index e34e1e72947d..000000000000 --- a/0001-cmd-libsnap-confine-private-g_spawn_check_exit_statu.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 243900000f145eddc6b6bf1546400a9556bb2762 Mon Sep 17 00:00:00 2001 -Message-Id: <243900000f145eddc6b6bf1546400a9556bb2762.1632223485.git.maciej.zenon.borzecki@canonical.com> -From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com> -Date: Tue, 27 Jul 2021 09:46:29 +0200 -Subject: [PATCH] cmd/libsnap-confine-private: g_spawn_check_exit_status is - deprecated since glib 2.69 - -With https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1967 the -g_spawn_check_exit_status call is flagged as deprecated now. This also broke in -F35 mass rebuild in Rawhide: - -make[1]: Leaving directory '/builddir/build/BUILD/snapd-2.51/cmd' -libsnap-confine-private/test-utils.c: In function 'rm_rf_tmp': -libsnap-confine-private/test-utils.c:63:9: error: 'g_spawn_check_exit_status' is deprecated: Use 'g_spawn_check_wait_status' instead [-Werror=deprecated-declarations] - 63 | g_assert_true(g_spawn_check_exit_status(exit_status, NULL)); - | ^~~~~~~~~~~~~ -In file included from /usr/include/glib-2.0/glib.h:81, - from libsnap-confine-private/test-utils.c:24: -/usr/include/glib-2.0/glib/gspawn.h:280:10: note: declared here - 280 | gboolean g_spawn_check_exit_status (gint wait_status, - | ^~~~~~~~~~~~~~~~~~~~~~~~~ -cc1: all warnings being treated as errors -make[1]: *** [Makefile:2705: libsnap-confine-private/libsnap_confine_private_unit_tests-test-utils.o] Error 1 -make[1]: *** Waiting for unfinished jobs.... - -Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com> ---- - cmd/libsnap-confine-private/test-utils.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/cmd/libsnap-confine-private/test-utils.c b/cmd/libsnap-confine-private/test-utils.c -index c3e17a18d91b32da04f5febc802926942011ca9c..5cf4eb53de693ad17294c5eede3bd05339395878 100644 ---- a/cmd/libsnap-confine-private/test-utils.c -+++ b/cmd/libsnap-confine-private/test-utils.c -@@ -23,6 +23,11 @@ - - #include <glib.h> - -+#if !GLIB_CHECK_VERSION(2, 69, 0) -+// g_spawn_check_exit_status is considered deprecated since 2.69 -+#define g_spawn_check_wait_status(x, y) (g_spawn_check_exit_status (x, y)) -+#endif -+ - void rm_rf_tmp(const char *dir) - { - // Sanity check, don't remove anything that's not in the temporary -@@ -60,7 +65,7 @@ void rm_rf_tmp(const char *dir) - (working_directory, argv, envp, flags, child_setup, - user_data, standard_output, standard_error, &exit_status, - &error)); -- g_assert_true(g_spawn_check_exit_status(exit_status, NULL)); -+ g_assert_true(g_spawn_check_wait_status(exit_status, NULL)); - if (error != NULL) { - g_test_message("cannot remove temporary directory: %s\n", - error->message); --- -2.33.0 - diff --git a/0002-interfaces-seccomp-add-clone3-to-default-template.patch b/0002-interfaces-seccomp-add-clone3-to-default-template.patch deleted file mode 100644 index 0487bd9dfa02..000000000000 --- a/0002-interfaces-seccomp-add-clone3-to-default-template.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 999c2e61f07e18081916936665291834770a2ee1 Mon Sep 17 00:00:00 2001 -Message-Id: <999c2e61f07e18081916936665291834770a2ee1.1632894658.git.maciej.zenon.borzecki@canonical.com> -From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com> -Date: Mon, 27 Sep 2021 12:00:53 +0200 -Subject: [PATCH] interfaces/seccomp: add clone3 to default template - -Recent combinations of Go 1.17, glibc 2.34 and Linux 5.14 ended up triggering -pthread_create() code paths that try to use clone3() syscall when executing -snap-exec. Since snap-exec runs under the seccomp profile of the application, -make sure that clone3 is allowed in the default template. Also, applications may -trigger this code path themselves anyway. - -The strace output when this fails looks like this: - -mprotect(0x7f4ad3ea2000, 8388608, PROT_READ|PROT_WRITE) = 0 -rt_sigprocmask(SIG_BLOCK, ~[], ~[KILL STOP RTMIN RT_1], 8) = 0 -syscall_435(0x7ffc466b4c60, 0x58, 0x58b300, 0x8, 0x7f4ad46a1640, 0x7ffc466b4d4f) = -1 (errno 1) -rt_sigprocmask(SIG_SETMASK, ~[KILL STOP RTMIN RT_1], NULL, 8) = 0 -rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 -write(2, "runtime/cgo: ", 13runtime/cgo: ) = 13 -write(2, "pthread_create failed: Operation not permitted", 46pthread_create -failed: Operation not permitted) = 46 - -Where syscall 435 is also known as clone3: - -$ scmp_sys_resolver 435 -clone3 - -Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com> ---- - interfaces/seccomp/template.go | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/interfaces/seccomp/template.go b/interfaces/seccomp/template.go -index a84de18a819a5bd3e6323242952633087cfbfd81..583f8cd9fdff1044459127c6db056a7bbc3a1b21 100644 ---- a/interfaces/seccomp/template.go -+++ b/interfaces/seccomp/template.go -@@ -103,6 +103,7 @@ clock_gettime64 - clock_nanosleep - clock_nanosleep_time64 - clone -+clone3 - close - - # needed by ls -l --- -2.33.0 - @@ -8,8 +8,8 @@ pkgdesc="Service and tools for management of snap packages." depends=('squashfs-tools' 'libseccomp' 'libsystemd' 'apparmor') optdepends=('bash-completion: bash completion support' 'xdg-desktop-portal: desktop integration') -pkgver=2.52 -pkgrel=3 +pkgver=2.53 +pkgrel=1 arch=('x86_64' 'i686' 'armv7h' 'aarch64') url="https://github.com/snapcore/snapd" license=('GPL3') @@ -19,14 +19,8 @@ options=('!strip' 'emptydirs') install=snapd.install source=( "$pkgname-$pkgver.tar.xz::https://github.com/snapcore/${pkgname}/releases/download/${pkgver}/${pkgname}_${pkgver}.vendor.tar.xz" - "0001-cmd-libsnap-confine-private-g_spawn_check_exit_statu.patch" - "0002-interfaces-seccomp-add-clone3-to-default-template.patch" -) -sha256sums=( - 'a686a071251f8853c5c6789023091510332a49063334c9af29d48b066f8726c4' - 'fb2bece54758fd167b4e7d8df71786a204617ccbed241457ee30d27ab0048f77' - 'f7a48d5d30858c0c033563ae9cfdea75ac2e7c45503760bf3cc336688e970e50' ) +sha256sums=('4f7abd27ee551a83efc9f044412fd21a5cf26668b6a1ad56d6b7a9c983e9be4a') _gourl=github.com/snapcore/snapd |