Change of the candid snap.

snap/local/hooks/configure

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Configure hook for Livepatch Server
+#
+# For more information on snap hooks, see:
+# https://snapcraft.io/docs/supported-snap-hooks
+
+. "$SNAP/scripts/manage_config.sh"
+
+# parse_config:
+# As a lot of logic can be done conditionally,
+# we aren't using the install hook. The benefit of this
+# is it enables users to manually control resets
+# of default configurations, directories, etc.
+parse_config() {
+    DEFAULTS_SET=$(snapctl get defaults.set)
+
+    if [ "$DEFAULTS_SET" != "true" ] ; then
+        echo 'Setting default configuration...'
+        set_defaults
+    fi
+    echo 'Updating candid configuration...'
+    dump_new_config
+
+
+    snapctl restart candid.candidsrv
+    sleep 3
+}
+
+parse_config
+

snap/local/scripts/handle_schema_upgrade.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# A simple wrapper to check for migrations before
+# actively executing them
+# TODO: have validation logic for the migrations & check db is actually ready
+
+if [ -z "$1" ] ; then
+    echo "Please provide a Postgresql URI and try again."
+else
+    $SNAP/bin/schema-upgrade upgrade $SNAP/bin/migrations --db $1
+fi

snap/local/scripts/handle_schema_version_check.sh

@@ -0,0 +1,7 @@
+#!/bin/bash 
+
+if [ -z "$1" ] ; then
+    echo "Please provide a Postgresql URI and try again."
+else
+    $SNAP/bin/schema-upgrade get-version --db $1
+fi

snap/local/scripts/manage_config.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+# Manages configuration for livepatchd
+
+DEFAULT_CONFIG="$(cat <<EOF
+{
+  "listen-address": ":8081",
+  "private-addr": "127.0.0.1",
+  "location": "http://127.0.0.1:8081",
+  "storage": {
+    "type": "memory"
+  },
+  "identity-providers": [
+    {
+      "type": "static",
+      "name": "static",
+      "users": {
+        "user1": {
+          "name": "User One",
+          "email": "user1@example.com",
+          "password": "password1",
+          "groups": [
+            "group1",
+            "group3"
+          ]
+        },
+        "user2": {
+          "name": "User Two",
+          "email": "user2@example.com",
+          "password": "password2",
+          "groups": [
+            "group2",
+            "group3"
+          ]
+        }
+      }
+    }
+  ],
+  "logging-config": "INFO",
+  "access-log": "/var/snap/candid/common/logs/candid.access.log",
+  "resource-path": "/snap/candid/current/www/"
+}
+EOF
+)"
+
+# Sets the default config in snapd and dumps the file into $SNAP/config
+set_defaults() {
+    echo $(
+      echo $DEFAULT_CONFIG | 
+      yq -o json
+    ) | xargs -d'\n' -I {} snapctl set -t candid={}
+    snapctl set defaults.set=true
+}
+
+# Dumps the new config in snapd, to be discovered by livepatchd
+dump_new_config() {
+  # Parses - back to _ for the keys, such that they can be read by livepatchd
+  snapctl get -d candid | 
+    yq .candid -P --prettyPrint -o yaml > $SNAP_COMMON/config.yaml
+}

snap/local/scripts/wrapper.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+. "$SNAP/scripts/manage_config.sh"
+
+echo "Starting candid ..."
+"$SNAP/bin/candidsrv $SNAP_COMMON/config.yaml" 

snap/snapcraft.yaml

@@ -4,27 +4,16 @@ summary: Candid Identity Manager
 description: Candid Identity Manager
 grade: stable
 confinement: strict
-base: core18
-
-apps:
-  candidsrv:
-    command: wrappers/candidsrv
-    daemon: simple
-    plugs:
-     - network
-     - network-bind
-  candid:
-    command: wrappers/candid
-    plugs:
-     - home
-     - network
+base: core20
 
 parts:
   # Candid
   candid:
     plugin: nil
-    source: .
-    source-type: git
+    source: ./
+    source-type: local
+    organize:
+      candidsrv: bin/
     build-packages:
      - bzr
      - gcc
@@ -47,26 +36,6 @@ parts:
       GOBIN=${SNAPCRAFT_PART_INSTALL}/bin/ go install github.com/canonical/candid/cmd/candidsrv
       GOBIN=${SNAPCRAFT_PART_INSTALL}/bin/ go install gopkg.in/macaroon-bakery.v2/cmd/bakery-keygen@latest
 
-  jq:
-    plugin: dump
-    source: .
-    stage-packages:
-     - jq
-    organize:
-      usr/bin/: bin/
-      usr/lib/: lib/
-    prime:
-     - bin/jq
-     - lib/*/libonig.so*
-     - lib/*/libjq.so*
-
-  local:
-    plugin: dump
-    source: snap/local/
-    prime:
-     - config
-     - wrappers
-
   www:
     plugin: dump
     source: .
@@ -75,3 +44,47 @@ parts:
       templates: www/templates/
     prime:
      - www
+
+  # Dump scripts required to configure candidsrv
+  scripts:
+    plugin: dump
+    source: ./snap/local/scripts
+    organize: 
+      # Place wrapper in bin such that it can be called easily
+      wrapper.sh: bin/
+      manage_config.sh: scripts/
+      handle_schema_upgrade.sh: bin/
+      handle_schema_version_check.sh: bin/
+    filesets: 
+      include:
+        - bin/wrapper.sh
+        - scripts/manage_config.sh
+        - bin/handle_schema_upgrade.sh
+        - bin/handle_schema_version_check.sh
+    stage:
+      - $include
+
+  # Dump hooks, allow us to run preliminary hooks if we require such behaviour
+  hooks:
+    plugin: dump
+    source: ./snap/local/hooks
+    stage-snaps:
+    - yq
+    stage-packages:
+    - jq
+    organize: 
+      configure: snap/hooks/
+
+apps:
+  candidsrv:
+    command: bin/wrapper.sh
+    daemon: simple
+    install-mode: disable
+    plugs:
+      - "network" # Enables net interface writing (clients)
+      - "network-bind" # Enables socket binding
+  candid:
+    command: bin/candid
+    plugs:
+     - home
+     - network