@beidl Yes. It's already enabled in snapd-git. With a PR that landed today, the generated security policy is not downgraded on Arch anymore so the AppArmor profiles for snaps are not more fine grained. All this will be part of the upcoming 2.36 release. I'm plan to enable AppArmor by default in snapd with the next update in a week or so.
Search Criteria
Package Details: snapd 2.66.1-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/snapd.git (read-only, click to copy) |
|---|---|
| Package Base: | snapd |
| Description: | Service and tools for management of snap packages. |
| Upstream URL: | https://github.com/snapcore/snapd |
| Licenses: | GPL3 |
| Conflicts: | snap-confine |
| Submitter: | Barthalion |
| Maintainer: | bboozzoo (zyga, mardy) |
| Last Packager: | bboozzoo |
| Votes: | 217 |
| Popularity: | 4.47 |
| First Submitted: | 2018-01-07 17:37 (UTC) |
| Last Updated: | 2024-11-13 08:24 (UTC) |
Dependencies (16)
- apparmor (apparmor-gitAUR)
- libseccomp (libseccomp-gitAUR)
- libsystemd (systemd-chromiumos-libsAUR, systemd-libs-selinuxAUR, sysupdated-systemd-libs-gitAUR, systemd-libs-fmlAUR, systemd-libs-gitAUR, systemd-libs)
- squashfs-tools (squashfs-tools-gitAUR)
- apparmor (apparmor-gitAUR) (make)
- autoconf-archive (autoconf-archive-gitAUR) (make)
- git (git-gitAUR, git-glAUR) (make)
- go (go-gitAUR, gcc-go-gitAUR, go-sylixosAUR, gcc-go-snapshotAUR, gcc-go) (make)
- go-tools (go-tools-gitAUR) (make)
- libcap (make)
- libseccomp (libseccomp-gitAUR) (make)
- python-docutils (make)
- systemd (systemd-chromiumosAUR, systemd-selinuxAUR, sysupdated-systemd-gitAUR, systemd-fmlAUR, systemd-gitAUR) (make)
- xfsprogs (xfsprogs-gitAUR) (make)
- bash-completion (bash-completion-gitAUR) (optional) – bash completion support
- xdg-desktop-portal (xdg-desktop-portal-gitAUR) (optional) – desktop integration
Required by (15)
- apmpkg (optional)
- bauh (optional)
- bauh-staging (optional)
- discover-snap
- discover-snap-6
- libpamac-full
- libpamac-full-git
- meta-package-manager (optional)
- meta-package-manager-git (optional)
- pacup-arch-git (optional)
- paxs
- plasma5-applets-kde-arch-update-notifier (optional)
- plasma5-applets-kde-arch-update-notifier-git (optional)
- pman (optional)
- qinfo-git (optional)
Sources (1)
bboozzoo commented on 2018-10-11 20:37 (UTC)
beidl commented on 2018-10-11 19:52 (UTC) (edited on 2018-10-11 19:52 (UTC) by beidl)
With AppArmor enabled in kernel packages provided in the default repos what are the chances of enabling AppArmor support in the snapd PKGBUILD by default?
bboozzoo commented on 2018-09-14 06:19 (UTC)
@eschwartz thanks for the tip. I ended up adding a hook locally. Your aurpublish project looks like a very nice alternative, I think I'll start using it and migrate to the repo layout it expects.
eschwartz commented on 2018-09-14 01:04 (UTC)
There have never been any such checks, and if there were it would prevent many legitimate update situations. Or lead to a world where the pkgrel gets updated every time whitespace or quoting gets fixed in a PKGBUILD...
I'd suggest instead, using something like community/aurpublish which provides githooks to keep .SRCINFO up to date.
bboozzoo commented on 2018-09-12 07:27 (UTC)
@qKUqm3wtY4 should be fixed now. Sorry for that. AUR used to have checks that rejected git push when pkg* were changed but .SRCINFO was not updated. This does not seem to work anymore.
qKUqm3wtY4 commented on 2018-09-12 07:01 (UTC) (edited on 2018-09-12 07:02 (UTC) by qKUqm3wtY4)
This package is broken:
:: snapd package(s) failed to install. :: ensure package version does not mismatch between .SRCINFO and PKGBUILD :: ensure package name has a VCS suffix if this is a devel package
mati865 commented on 2018-09-04 09:57 (UTC)
@bboozzoo it turned out to be unreproducible post-upgrade issue. Works fine now.
bboozzoo commented on 2018-09-03 09:38 (UTC)
@mati865 thanks for the report. It's a bug in snapd service files, classical distributions should not need to use snap-failure, yikes! I'll try to fix it upstream.
While at it, can you check the log to see why snapd may have failed? The failure helper is run only of the main service fails, so snapd must have exited unexpectedly. I'd be really interested in knowing what happened there.
mati865 commented on 2018-09-02 10:07 (UTC)
With the latest version I'm getting:
snapd.failure.service: Failed at step EXEC spawning /usr/lib/snapd/snap-failure: No such file or directory.
Probably snap-failure should be included in the package.
aimileus commented on 2018-08-17 06:51 (UTC)
Autoconf and automake are included in the base-devel group, which is supposed to be installed when building AUR packages.
Pinned Comments
bboozzoo commented on 2018-10-25 11:56 (UTC) (edited on 2024-04-09 07:39 (UTC) by bboozzoo)
Package update notes
2.36
2.36 is the first release with AppArmor enabled by default on Arch.
If you do not have AppArmor enabled at boot there should be no functional changes visible.
If you wish to use snaps with Apparmor, first make sure that Apparmor is enabled during boot, see https://wiki.archlinux.org/index.php/AppArmor for details. After upgrading the package, you need to do the following steps:
systemctl restart apparmor.servicesnapd:systemctl restart snapd.servicesystemctl enable --now snapd.apparmor.service2.62
Since 2.62 snapd generated additional files describing the sandbox. The snapd service needs to be restarted after the update for snaps to continue working (unless the system is rebooted after the update, in which case no additional steps are needed). To restart, run
systemctl restart snapd.service