94 lines
4.7 KiB
HTML
94 lines
4.7 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml"><head>
|
|
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<link rel="stylesheet" href="main.css" type="text/css" />
|
|
<link rel="stylesheet" href="blog.css" type="text/css" />
|
|
<link rel="alternate" type="application/rss+xml" title="Subscribe to this page..." href="feed.rss" />
|
|
<title>Snaps on Gentoo - The saga continues</title>
|
|
</head><body>
|
|
<div id="divbodyholder">
|
|
<div class="headerholder"><div class="header">
|
|
<div id="title">
|
|
<h1 class="nomargin"><a class="ablack" href="http://zigford.org/index.html">zigford.org</a></h1>
|
|
<div id="description"><a href="about.html">About</a><a href="links.html"> | Links</a><a href="scripts.html"> | Scripts</a><br>Sharing linux/windows scripts and tips</br></div>
|
|
</div></div></div>
|
|
<div id="divbody"><div class="content">
|
|
<!-- entry begin -->
|
|
<h3><a class="ablack" href="snaps-on-gentoo---the-saga-continues.html">
|
|
Snaps on Gentoo - The saga continues
|
|
</a></h3>
|
|
<!-- bashblog_timestamp: #201902101611.39# -->
|
|
<div class="subtitle">February 10, 2019 —
|
|
Jesse Harris
|
|
</div>
|
|
<!-- text begin -->
|
|
<p>A while ago I posted about <a href="snaps-on-gentoo.html">Snaps on Gentoo</a>, about
|
|
why and how to get it working. Sometime after that post, snaps stopped
|
|
working and I didn't have the time to investigate.</p>
|
|
<p>Until last week that is.</p>
|
|
<hr />
|
|
<h2 id="update-07092019">Update 07/09/2019</h2>
|
|
<p>My snapd ebuild is now in an overlay on it's own for your convenience.
|
|
See <a href="snapd-repository-for-gentoo.html">here</a></p>
|
|
<h2 id="tldr">TL;DR</h2>
|
|
<p>If you just want to install my snapd ebuild, run this bit:</p>
|
|
<pre><code> echo app-portage/layman git >> /etc/portage/package.use/layman
|
|
emerge app-portage/layman
|
|
layman -o http://jesseharrisit.com/overlay.xml -f -a zigford
|
|
emerge app-emulation/snapd
|
|
</code></pre>
|
|
<p>Read on for more details</p>
|
|
<hr />
|
|
<p>Last week I decided to have a crack at getting Gentoo running on my work
|
|
owned "<a href="https://github.com/zigford/kernel-configs/blob/master/Precision%205510/Precision%205510">Precision 5510</a>". It's a couple of years old now, but is quite
|
|
servicable. I will want to use it booted into Gentoo for work now and again
|
|
and this will involve Chromium (Firefox doesn't like launching Citrix
|
|
sessions through the ICA client).</p>
|
|
<p>Chromium takes forever to build and that is just not fun, especially with
|
|
the frequency that releases occur. So I set about getting snaps to work.</p>
|
|
<p>I installed JamesB192's personal overlay and found that snaps didn't work
|
|
on this clean build.</p>
|
|
<p>JamesB192's ebuild seems to be written quite well, and it was easy to bump
|
|
the version to the latest. What I found was that at some point snapd must
|
|
have switched to require apparmor. I reviewed my previous kernel configs
|
|
from when snapd was working and apparmor was not in my configuration.</p>
|
|
<h3 id="adding-apparmor-support">Adding Apparmor support</h3>
|
|
<p>AppArmor is a process confinement feature to restrict a process to specific
|
|
abilities. You can enable it with the following kernel configuration:</p>
|
|
<pre><code> CONFIG_SECURITY_APPARMOR=y
|
|
</code></pre>
|
|
<p>And the following boot commandline</p>
|
|
<pre><code> apparmor=1 security=apparmor
|
|
</code></pre>
|
|
<p>Now to add apparmor support to the ebuild we need install an apparmor
|
|
profile. The <code>./configure</code> command in the source, generates one if the
|
|
<code>--enable-apparmor</code> parameter is specified. I've added that to the ebuild.
|
|
Then the Makefile translates paths in the profile depending on configure
|
|
options. So I added the following to the ebuild</p>
|
|
<pre><code> # Generate apparmor profile
|
|
sed -e ',[@]LIBEXECDIR[@],/usr/lib64/snapd,g' \
|
|
-e 's,[@]SNAP_MOUNT_DIR[@],/snapdsnap,' \
|
|
"${C}/snap-confine/snap-confine.apparmor.in" \
|
|
> "${C}/snapsp-confine/usr.lib.snapd.snap-confine.real"
|
|
</code></pre>
|
|
<p>Then during the install phase:</p>
|
|
<pre><code> insinto "/etc/apparmor.d"
|
|
doins "${C}/snap-confine/usr.lib.snapd.snapd-confine.real"
|
|
</code></pre>
|
|
<p>Tags: <a href='tag_snapd.html'>snapd</a>, <a href='tag_gentoo.html'>gentoo</a></p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- text end -->
|
|
<!-- entry end -->
|
|
</div>
|
|
<div id="footer">© <a href="http://twitter.com/zigford_org">Jesse Harris</a> — <a href="mailto:jesse@zigford.org">jesse@zigford.org</a><br/>
|
|
Generated with <a href="https://github.com/cfenollosa/bashblog">bashblog</a>, a single bash script to easily create blogs like this one</div>
|
|
</div></div>
|
|
</body></html>
|