/snapd

cmd/snap-mgmt: introduce snap-mgmt tool #4316

Merged
merged 8 commits into from Dec 1, 2017

Conversation

Reviewers

@Conan-Kudo Conan-Kudo

@zyga zyga

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@bboozzoo @mvo5 @codecov-io @Conan-Kudo @zyga
@bboozzoo
Contributor

bboozzoo commented Nov 29, 2017
Edited 1 time

Introduce snap-mgmt tool that is a merge of postrm actions in Ubuntu/Debian packages and snap-mgmt.sh shipped as part of Fedora package.

This is related to #4308 where such change was proposed first.

If this is merged, then the next step would be to update distro packaging.

bboozzoo added some commits Nov 29, 2017

@bboozzoo
cmd/snap-mgmt, packaging/fedora: move snap-mgmt helper to cmd/snap-mgmt 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
fdf9277
@bboozzoo
cms/snap-mgmt: merge Ubuntu/Debian postrm and Fedora's snap-mgmt into… 
… a single tool

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
342cb96
@bboozzoo
cmd/snap-mgmt: generate snap-mgmt 
Use autotools to generate snap-mgmt tool

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
3186b0c
@bboozzoo
packaging/ubuntu: install snap-mgmt tool 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
f73803a

@bboozzoo bboozzoo referenced this pull request Nov 29, 2017

Merged

packaging/arch: install snap-mgmt tool #4308

cmd/snap-mgmt/snap-mgmt.sh.in
+
+ if test -d /etc/apparmor.d; then
+ echo "Removing extra snap-confine apparmor rules"
+ rm -f /etc/apparmor.d/snap.core.*.usr.lib.snapd.snap-confine
@zyga

zyga Nov 29, 2017
Edited 1 time

Contributor

This location depends on $SNAP_MOUNT_DIR (i.e. snap is $(systemd-escape --path $SNAP_MOUNT_DIR)

@bboozzoo

bboozzoo Nov 30, 2017

Contributor

The correct name is $(systemd-escape --path $SNAP_MOUNT_DIR).core.*.usr.lib.snapd.snap-confine?

@bboozzoo

bboozzoo Nov 30, 2017

Contributor

On second thought, it's like: $(systemd-escape --path $SNAP_MOUNT_DIR | tr '-' '.').core.*.usr.lib.snapd.snap-confine

@bboozzoo
packaging/fedora: use snapd provided snap-mgmt tool 
snap-mgmt is provided next to snap-confine and other tools, no need to package
Fedora specific one

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
cc8ef64
@zyga

zyga approved these changes Nov 29, 2017 edited
View changes

+1 assuming you take care of the thing I mentioned above ^ #4316 (review)

cmd/snap-mgmt/snap-mgmt.sh.in
+ else
+ # undo any bind mount to /snap that resulted from LP:#1668659
+ # (that bug can't happen in trusty -- and doing this would mess up snap.mount.service there)
+ if grep -q "/snap /snap" /proc/self/mountinfo; then
@zyga

zyga Nov 29, 2017

Contributor

This may be actually breaking containers. I will look at the LXD /snap rshare bug soon. Not a problem here, just an observation.

packaging/fedora/snapd.spec
@@ -518,9 +518,6 @@ rm %{buildroot}%{_libexecdir}/snapd/snapd.core-fixup.sh
# Disable re-exec by default
echo 'SNAP_REEXEC=0' > %{buildroot}%{_sysconfdir}/sysconfig/snapd
-# Install snap management script
@zyga

zyga Nov 29, 2017

Contributor

❤️

@Conan-Kudo

Conan-Kudo Dec 4, 2017

Contributor

😒

@mvo5
Collaborator

mvo5 commented Nov 30, 2017

👍
@bboozzoo
Contributor

bboozzoo commented Nov 30, 2017

Don't merge this one yet, need a comment from @zyga
@mvo5
Collaborator

mvo5 commented Nov 30, 2017

Tests are unhappy with:

+ sh -x /home/gopath/src/github.com/snapcore/snapd/packaging/fedora/snap-mgmt.sh --snap-mount-dir=/var/lib/snapd/snap --purge
sh: /home/gopath/src/github.com/snapcore/snapd/packaging/fedora/snap-mgmt.sh: No such file or directory

bboozzoo added some commits Nov 30, 2017

@bboozzoo
cmd/snap-mgmt: replace use of /snap with SNAP_MOUNT_DIR 
Cleanup remaining uses of /snap and replace them with SNAP_MOUNT_DIR

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
44cec06
@bboozzoo
tests/lib: use cmd/snap-mgmt in reset code 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
5424529
@bboozzoo
tests/main/postrm-purge: update test to use snap-mgmt where possible 
Update the test to use snap-mgmt tool if packaging does the same.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
a629da5
@codecov-io

codecov-io commented Nov 30, 2017

Codecov Report

Merging #4316 into master will increase coverage by 1.72%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4316      +/-   ##
==========================================
+ Coverage   76.19%   77.92%   +1.72%     
==========================================
  Files         445      445              
  Lines       38738    30818    -7920     
==========================================
- Hits        29516    24014    -5502     
+ Misses       7207     4794    -2413     
+ Partials     2015     2010       -5
Impacted Files Coverage Δ
cmd/snap-repair/cmd_list.go 80% <0%> (-7.18%) ⬇️
cmd/snap-repair/trusted.go 66.66% <0%> (-4.77%) ⬇️
polkit/pid_start_time.go 66.66% <0%> (-4.31%) ⬇️
cmd/snap-update-ns/freezer.go 52.17% <0%> (-4.08%) ⬇️
snap/snaptest/snaptest.go 46.87% <0%> (-3.78%) ⬇️
release/uname_linux.go 71.42% <0%> (-3.58%) ⬇️
interfaces/mount/entry.go 63.93% <0%> (-3.48%) ⬇️
interfaces/connection.go 65% <0%> (-3.34%) ⬇️
cmd/snap/notes.go 76.05% <0%> (-2.9%) ⬇️
arch/arch.go 45.09% <0%> (-2.73%) ⬇️
... and 372 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5d384d5...a629da5. Read the comment docs.

@mvo5 mvo5 merged commit f4b641c into snapcore:master Dec 1, 2017
1 check passed

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@Conan-Kudo
Contributor

Conan-Kudo commented Dec 4, 2017

😒
@Conan-Kudo

Conan-Kudo reviewed Dec 4, 2017
View changes

I'm incredibly disappointed that no one actually looked too carefully at this script when making it multi-distribution.

I'm also disappointed that no one pinged me for this review, because I would have liked to have given feedback before this was merged.

cmd/snap-mgmt/snap-mgmt.sh.in
- echo "Stoping $unit"
+ for i in $(seq 10); do
+ if systemctl is-active -q "$unit"; then
+ echo "Stoping $unit"
@Conan-Kudo

Conan-Kudo Dec 4, 2017

Contributor

Hmm, no one noticed that this was spelled wrong?

cmd/snap-mgmt/snap-mgmt.sh.in
+ echo "Stoping $unit"
+ systemctl stop -q "$unit" || true
+ fi
+ echo "Stoping $unit [attempt $i]"
@Conan-Kudo

Conan-Kudo Dec 4, 2017

Contributor

And again...

cmd/snap-mgmt/snap-mgmt.sh.in
systemctl stop -q "$unit" || true
- fi
+ sleep .1
@Conan-Kudo

Conan-Kudo Dec 4, 2017

Contributor

Why are you sleeping?!

cmd/snap-mgmt/snap-mgmt.sh.in
- # undo any bind mount to ${SNAP_MOUNT_DIR} that resulted from LP:#1668659
- if grep -q "${SNAP_MOUNT_DIR} ${SNAP_MOUNT_DIR}" /proc/self/mountinfo; then
- umount -l "${SNAP_MOUNT_DIR}" || true
+ if grep -q CODENAME=trusty /etc/os-release >/dev/null 2>&1 ; then
@Conan-Kudo

Conan-Kudo Dec 4, 2017
Edited 1 time

Contributor

Please don't do this. This is horribly brittle and broken. You have no idea what the content of this file is going to be, and you're hoping that this will work?

Also, you know os-release(5) is designed to be able to be sourced in shell, right? It works the same way as RH-style ifcfg files and any other key=value file.

cmd/snap-mgmt/snap-mgmt.sh.in
- if grep -q "${SNAP_MOUNT_DIR} ${SNAP_MOUNT_DIR}" /proc/self/mountinfo; then
- umount -l "${SNAP_MOUNT_DIR}" || true
+ if grep -q CODENAME=trusty /etc/os-release >/dev/null 2>&1 ; then
+ # snap.mount.service is a trusty thing
@Conan-Kudo

Conan-Kudo Dec 4, 2017

Contributor

Please do not refer to distribution releases by specific codenames, refer to them by their full names. Context is important for a multi-distribution script.

cmd/snap-mgmt/snap-mgmt.sh.in
+ systemctl_stop snap.mount.service
+ else
+ # undo any bind mount to ${SNAP_MOUNT_DIR} that resulted from LP:#1668659
+ # (that bug can't happen in trusty -- and doing this would mess up snap.mount.service there)
@Conan-Kudo

Conan-Kudo Dec 4, 2017

Contributor

And again...

cmd/snap-mgmt/snap-mgmt.sh.in
+ if test -d /etc/apparmor.d; then
+ echo "Removing extra snap-confine apparmor rules"
+ # shellcheck disable=SC2046
+ rm -f /etc/apparmor.d/$(echo "$SNAP_UNIT_PREFIX" | tr '-' '.').core.*.usr.lib.snapd.snap-confine
@Conan-Kudo

Conan-Kudo Dec 4, 2017

Contributor

You cannot guarantee the path for snap-confine is in fact /usr/lib/snapd. Please correct this appropriately.

@bboozzoo

bboozzoo Dec 4, 2017

Contributor

AFAIU this is the path inside the core snap, not your host's $(libexecdir)/snapd/snap-confine

@Conan-Kudo

Conan-Kudo Dec 4, 2017

Contributor

On all systems that aren't Ubuntu, they will be the host's. No one else has re-exec enabled.

@bboozzoo

bboozzoo Dec 4, 2017

Contributor

I'll double check this and get back to you.

packaging/fedora/snapd.spec
@@ -518,9 +518,6 @@ rm %{buildroot}%{_libexecdir}/snapd/snapd.core-fixup.sh
# Disable re-exec by default
echo 'SNAP_REEXEC=0' > %{buildroot}%{_sysconfdir}/sysconfig/snapd
-# Install snap management script
@zyga

zyga Nov 29, 2017

Contributor

❤️

@Conan-Kudo

Conan-Kudo Dec 4, 2017

Contributor

😒

@bboozzoo
Contributor

bboozzoo commented Dec 4, 2017

@Conan-Kudo Thanks for reviewing this. I'll try to address the issues you raised in a PR.

@bboozzoo bboozzoo referenced this pull request Dec 4, 2017

Merged

cmd/snap-mgmt: fixes #4344

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment