snapd: bump base version, patch snap-seccomp to remove libseccomp/pkg-config

Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>

3 files changed, 45 insertions, 7 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 3b617e9ea569..4ad3b36b584d 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = snapd-git
 	pkgdesc = Service and tools for management of snap packages.
-	pkgver = 2.31.r152.gf586f737d
+	pkgver = 2.31.r188.g74843c18e
 	pkgrel = 1
 	url = https://github.com/snapcore/snapd
 	install = snapd.install
@@ -23,7 +23,9 @@ pkgbase = snapd-git
 	options = !strip
 	options = emptydirs
 	source = git+https://github.com/snapcore/snapd.git
-	md5sums = SKIP
+	source = 0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch
+	sha256sums = SKIP
+	sha256sums = ba4591f70b032b5e6f63d251cf6463ef93f3b963b8f19aac098b4c7dbed0309d
 
 pkgname = snapd-git
 
diff --git a/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch b/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch
new file mode 100644
index 000000000000..4a58cd226bee
--- /dev/null
+++ b/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch
@@ -0,0 +1,34 @@
+From 3286baf646fa7974c165efd9b63c690d08dff6b7 Mon Sep 17 00:00:00 2001
+Message-Id: <3286baf646fa7974c165efd9b63c690d08dff6b7.1518102033.git.maciej.zenon.borzecki@canonical.com>
+From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
+Date: Thu, 8 Feb 2018 15:57:13 +0100
+Subject: [PATCH] cmd/snap-seccomp: drop link flags that will be rejected by
+ go1.9.4
+
+Due to CVE-2018-6574 Go rejects a number of previously allowed flags cgo flags.
+Drop any flags passed to pkg-config. Drop static link flags for libseccomp as
+those are not supported on Arch anyway.
+
+Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
+---
+ cmd/snap-seccomp/main.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cmd/snap-seccomp/main.go b/cmd/snap-seccomp/main.go
+index 935b3098b434053808c87efe9cefe682124a09a4..ffb9bb3bcc55c9c327b4f1937bd8a86b498e74ec 100644
+--- a/cmd/snap-seccomp/main.go
++++ b/cmd/snap-seccomp/main.go
+@@ -20,8 +20,8 @@
+ package main
+ 
+ //#cgo CFLAGS: -D_FILE_OFFSET_BITS=64
+-//#cgo pkg-config: --static --cflags libseccomp
+-//#cgo LDFLAGS: -Wl,-Bstatic -lseccomp -Wl,-Bdynamic
++//#cgo pkg-config: libseccomp
++//#cgo LDFLAGS: -lseccomp
+ //
+ //#include <asm/ioctls.h>
+ //#include <ctype.h>
+-- 
+2.16.1
+
diff --git a/PKGBUILD b/PKGBUILD
index ecaa5b486df9..5eb39509fe34 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,7 +7,7 @@ pkgname=snapd-git
 pkgdesc="Service and tools for management of snap packages."
 depends=('squashfs-tools' 'libseccomp' 'libsystemd')
 optdepends=('bash-completion: bash completion support')
-pkgver=2.31.r152.gf586f737d
+pkgver=2.31.r188.g74843c18e
 pkgrel=1
 arch=('x86_64')
 url="https://github.com/snapcore/snapd"
@@ -21,8 +21,10 @@ makedepends=('git' 'go-pie' 'go-tools' 'libseccomp' 'libcap' 'systemd' 'xfsprogs
 conflicts=($_pkgbase 'snap-confine')
 options=('!strip' 'emptydirs')
 install=snapd.install
-source=("git+https://github.com/snapcore/$_pkgbase.git")
-md5sums=('SKIP')
+source=("git+https://github.com/snapcore/$_pkgbase.git"
+        "0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch")
+sha256sums=('SKIP'
+            'ba4591f70b032b5e6f63d251cf6463ef93f3b963b8f19aac098b4c7dbed0309d')
 
 provides=($_pkgbase)
 
@@ -44,8 +46,8 @@ prepare() {
   # above describes.
   mkdir -p "$(dirname "$GOPATH/src/${_gourl}")"
   ln --no-target-directory -fs "$srcdir/$_pkgbase" "$GOPATH/src/${_gourl}"
-  # Patch snap-seccomp build flags not to link libseccomp statically.
-  sed -i -e 's/-Wl,-Bstatic -lseccomp -Wl,-Bdynamic/-lseccomp/' "cmd/snap-seccomp/main.go"
+
+  patch -Np1 -i "${srcdir}/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch"
 }
 
 build() {