From 75ebac775654589e3df6ac161c062a668aeaf3a9 Mon Sep 17 00:00:00 2001
From: Silke Hofstra <silke@slxh.eu>
Date: Wed, 3 Jul 2024 18:36:23 +0200
Subject: [PATCH] snapd: Add confinement warning

**Summary**

Add a warning when starting snap applications. The warning is shown on the CLI when invoking `snap` there, and as a notification when starting a GUI application.
---
 packages/s/snapd/files/wrapper.sh | 46 +++++++++++++++++++++++++++++++
 packages/s/snapd/package.yml      |  5 ++--
 packages/s/snapd/pspec_x86_64.xml | 13 +++++----
 3 files changed, 56 insertions(+), 8 deletions(-)
 create mode 100644 packages/s/snapd/files/wrapper.sh

diff --git a/packages/s/snapd/files/wrapper.sh b/packages/s/snapd/files/wrapper.sh
new file mode 100644
index 00000000000..2e90e910959
--- /dev/null
+++ b/packages/s/snapd/files/wrapper.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+YELLOW='\033[0;33m'
+NC='\033[0m'
+URL="https://help.getsol.us/docs/user/software/third-party/snap"
+SNAP="/usr/lib64/snapd/snap"
+CONFIG="/var/lib/snapd/solus"
+CONFINEMENT="$("${SNAP}" debug confinement 2>/dev/null)"
+
+if [[ -e "${CONFIG}" ]]
+then
+  # shellcheck disable=SC1090
+  . "${CONFIG}"
+fi
+
+if [[ "$#" -ge 1 ]] && [[ "$1" == "hide-confinement-warning" ]]
+then
+  echo "This will disable warnings when snap is running without strict confinement."
+  read -rp "Are you sure you want to do this [yN]? " choice
+  if [[ "${choice}" = "y" ]]
+  then
+    echo "DISABLE_CONFINEMENT_WARNING=y" >> "${CONFIG}"
+    echo "Confinement warnings disabled."
+  fi
+
+  exit 0
+fi
+
+if [[ "${CONFINEMENT}" != "strict" ]] && [[ "${DISABLE_CONFINEMENT_WARNING:-n}" != "y" ]]
+  then
+  if [[ -n "${BAMF_DESKTOP_FILE_HINT+x}" ]] && [[ -n "${GIO_LAUNCHED_DESKTOP_FILE+x}" ]]
+  then
+      notify-send \
+          --app-name Snap \
+          --urgency normal \
+          --icon dialog-warning \
+          "Snap has ${CONFINEMENT} confinement" \
+          "See ${URL} for details."
+  else
+      echo -e "${YELLOW}WARNING:${NC} snap is running with ${CONFINEMENT} confinement." \
+        "See ${URL} for details"
+  fi
+fi
+
+exec -a "$0" "${SNAP}" "$@"
diff --git a/packages/s/snapd/package.yml b/packages/s/snapd/package.yml
index 0e617557da5..6c356de834d 100644
--- a/packages/s/snapd/package.yml
+++ b/packages/s/snapd/package.yml
@@ -1,7 +1,7 @@
 name       : snapd
 version    : 2.63
 homepage   : https://snapcraft.io/
-release    : 81
+release    : 82
 source     :
     - https://github.com/snapcore/snapd/releases/download/2.63/snapd_2.63.vendor.tar.xz : 2f0083d2c4e087c29f48cd1abb8a92eb2e63cf04cd433256c86fac05d0b28cab
 license    : GPL-3.0-only
@@ -66,7 +66,8 @@ install    : |
 
     # Golang binaries
     for snap_bin in ${bincommands[@]} ; do
-        install -m00755 bin/$snap_bin $installdir/usr/bin/.
+        install -m00755 $pkgfiles/wrapper.sh $installdir/usr/bin/$snap_bin
+        install -m00755 bin/$snap_bin $installdir/%libdir%/$package/.
     done
     for snap_lib in ${dcommands[@]} ; do
         install -m00755 bin/$snap_lib $installdir/%libdir%/$package/.
diff --git a/packages/s/snapd/pspec_x86_64.xml b/packages/s/snapd/pspec_x86_64.xml
index 86d36b84681..346c139cd6a 100644
--- a/packages/s/snapd/pspec_x86_64.xml
+++ b/packages/s/snapd/pspec_x86_64.xml
@@ -3,8 +3,8 @@
         <Name>snapd</Name>
         <Homepage>https://snapcraft.io/</Homepage>
         <Packager>
-            <Name>Zygmunt Krynicki</Name>
-            <Email>me@zygoon.pl</Email>
+            <Name>Silke Hofstra</Name>
+            <Email>silke@slxh.eu</Email>
         </Packager>
         <License>GPL-3.0-only</License>
         <PartOf>desktop</PartOf>
@@ -31,6 +31,7 @@
             <Path fileType="library">/usr/lib64/snapd/complete.sh</Path>
             <Path fileType="library">/usr/lib64/snapd/etelpmoc.sh</Path>
             <Path fileType="library">/usr/lib64/snapd/info</Path>
+            <Path fileType="library">/usr/lib64/snapd/snap</Path>
             <Path fileType="library">/usr/lib64/snapd/snap-confine</Path>
             <Path fileType="library">/usr/lib64/snapd/snap-device-helper</Path>
             <Path fileType="library">/usr/lib64/snapd/snap-discard-ns</Path>
@@ -76,12 +77,12 @@
         </Files>
     </Package>
     <History>
-        <Update release="81">
-            <Date>2024-05-27</Date>
+        <Update release="82">
+            <Date>2024-07-10</Date>
             <Version>2.63</Version>
             <Comment>Packaging update</Comment>
-            <Name>Zygmunt Krynicki</Name>
-            <Email>me@zygoon.pl</Email>
+            <Name>Silke Hofstra</Name>
+            <Email>silke@slxh.eu</Email>
         </Update>
     </History>
 </PISI>
\ No newline at end of file