packaging: update arch packaging for 2.27 snapshot

This patch updates arch packaging a little bit: - switch to 2.27 master snapshot (bugfixes) - drop build-dependency on bzr - add dependency on libseccomp - build and install snapctl, snap-update-ns, snap-seccomp - link snap-seccomp to libseccomp dynamically - apply some fixes from master as patches - generate version earlier so that snapd sees it - pass packaging version to mkversion.sh (no guessing) - skip static analysis checks (wrong moment to run) - merge snap-confine into the snapd package - don't show arch release as "unknown" - ship the bash tab completion files Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
zyga · 4bf43f3f68e856f7a45375f972aaca98bc3295e5 · zyga committed Aug 2, 2017 · Aug 2, 2017 · 4bf43f3
1 parent e037060
commit 4bf43f3f68e856f7a45375f972aaca98bc3295e5
diff --git a/packaging/arch/0001-cmd-fix-tests-that-assume-snap-mount.patch b/packaging/arch/0001-cmd-fix-tests-that-assume-snap-mount.patch
@@ -0,0 +1,32 @@
+From 0c1d6a8fa9f50f09c33abe45ba0b579c08ebcd0d Mon Sep 17 00:00:00 2001
+From: Zygmunt Krynicki <me@zygoon.pl>
+Date: Wed, 2 Aug 2017 17:40:40 +0200
+Subject: [PATCH] cmd: fix tests that assume /snap mount
+
+This patch fixes tests on Arch where snaps are mounted on
+/var/lib/snapd/snap and tests are not mocking that aspect. The fix is
+universal and just switches to the variable directly.
+
+Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
+---
+ cmd/cmd_test.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cmd/cmd_test.go b/cmd/cmd_test.go
+index e95969eba..d6768bbf8 100644
+--- a/cmd/cmd_test.go
++++ b/cmd/cmd_test.go
+@@ -57,8 +57,8 @@ func (s *cmdSuite) SetUpTest(c *C) {
+ 	s.lastExecEnvv = nil
+ 	s.fakeroot = c.MkDir()
+ 	dirs.SetRootDir(s.fakeroot)
+-	s.newCore = filepath.Join(s.fakeroot, "/snap/core/42")
+-	s.oldCore = filepath.Join(s.fakeroot, "/snap/ubuntu-core/21")
++	s.newCore = filepath.Join(dirs.SnapMountDir, "/core/42")
++	s.oldCore = filepath.Join(dirs.SnapMountDir, "/ubuntu-core/21")
+ 	c.Assert(os.MkdirAll(filepath.Join(s.fakeroot, "proc/self"), 0755), IsNil)
+ }
+ 
+-- 
+2.13.3
+
diff --git a/packaging/arch/0001-cmd-mark-arch-as-non-reexecing-distro.patch b/packaging/arch/0001-cmd-mark-arch-as-non-reexecing-distro.patch
@@ -0,0 +1,45 @@
+From bf9bef189dc898c0f98f31aba4aa15736f1f29bf Mon Sep 17 00:00:00 2001
+From: Zygmunt Krynicki <me@zygoon.pl>
+Date: Wed, 2 Aug 2017 17:43:47 +0200
+Subject: [PATCH] cmd: mark arch as non-reexecing distro
+
+Arch doesn't re-execute because snap-confine has incompatible snap mount
+directory compiled in and we cannot use the binary from core. This can
+be fixed by building a communication channel from snapd to snap-confine
+but earlier attempts were stuck on design.
+
+Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
+---
+ cmd/cmd.go      | 2 +-
+ cmd/cmd_test.go | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cmd/cmd.go b/cmd/cmd.go
+index bad50f6f0..ed7554d2a 100644
+--- a/cmd/cmd.go
++++ b/cmd/cmd.go
+@@ -67,7 +67,7 @@ func distroSupportsReExec() bool {
+ 		return false
+ 	}
+ 	switch release.ReleaseInfo.ID {
+-	case "fedora", "centos", "rhel", "opensuse", "suse", "poky":
++	case "fedora", "centos", "rhel", "opensuse", "suse", "poky", "arch":
+ 		logger.Debugf("re-exec not supported on distro %q yet", release.ReleaseInfo.ID)
+ 		return false
+ 	}
+diff --git a/cmd/cmd_test.go b/cmd/cmd_test.go
+index e95969eba..7e8d3277a 100644
+--- a/cmd/cmd_test.go
++++ b/cmd/cmd_test.go
+@@ -145,7 +145,7 @@ func (s *cmdSuite) TestNonClassicDistroNoSupportsReExec(c *C) {
+ 	// no distro supports re-exec when not on classic :-)
+ 	for _, id := range []string{
+ 		"fedora", "centos", "rhel", "opensuse", "suse", "poky",
+-		"debian", "ubuntu",
++		"debian", "ubuntu", "arch",
+ 	} {
+ 		restore = release.MockReleaseInfo(&release.OS{ID: id})
+ 		defer restore()
+-- 
+2.13.3
+
diff --git a/packaging/arch/0001-gitignore-ignore-more-build-artefacts.patch b/packaging/arch/0001-gitignore-ignore-more-build-artefacts.patch
@@ -0,0 +1,36 @@
+From 3d405ac9a83666281e726275fe7f2962c56b7cd9 Mon Sep 17 00:00:00 2001
+From: Zygmunt Krynicki <me@zygoon.pl>
+Date: Wed, 2 Aug 2017 19:57:53 +0200
+Subject: [PATCH] gitignore: ignore more build artefacts
+
+Those files are made during the build but are reported by run-checks as
+unknown junk. We can fix this by just marking them as ignored.
+
+Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
+---
+ .gitignore | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/.gitignore b/.gitignore
+index 0afd0c6cb..b9f8c3fdb 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -19,6 +19,7 @@ po/snappy.pot
+ cmd/decode-mount-opts/decode-mount-opts
+ cmd/libsnap-confine-private/unit-tests
+ cmd/snap-confine/snap-confine
++cmd/snap-confine/snap-confine-debug
+ cmd/snap-confine/snap-confine.apparmor
+ cmd/snap-confine/unit-tests
+ cmd/snap-discard-ns/snap-discard-ns
+@@ -32,6 +33,7 @@ cmd/*/*.[1-9]
+ 
+ # auto-generated systemd units
+ data/systemd/*.service
++data/info
+ 
+ # test-driver
+ *.log
+-- 
+2.13.3
+
diff --git a/packaging/arch/0001-release-remove-default-from-VERSION_ID.patch b/packaging/arch/0001-release-remove-default-from-VERSION_ID.patch
@@ -0,0 +1,43 @@
+From 81bd7656d3c2fbdc082931511f0b202e426dbe27 Mon Sep 17 00:00:00 2001
+From: Zygmunt Krynicki <me@zygoon.pl>
+Date: Wed, 2 Aug 2017 20:30:27 +0200
+Subject: [PATCH] release: remove default from VERSION_ID
+
+According to os-release(5) there is no default value for this field so
+we should not provide one. This also removes the unexpected "unknown"
+element from "snap version" on rolling releases, such as Arch.
+
+Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
+---
+ release/release.go      | 1 -
+ release/release_test.go | 2 +-
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/release/release.go b/release/release.go
+index d72953a0b..a9172469c 100644
+--- a/release/release.go
++++ b/release/release.go
+@@ -76,7 +76,6 @@ var (
+ func readOSRelease() OS {
+ 	// TODO: separate this out into its own thing maybe (if made more general)
+ 	osRelease := OS{
+-		VersionID: "unknown",
+ 		// from os-release(5): If not set, defaults to "ID=linux".
+ 		ID: "linux",
+ 	}
+diff --git a/release/release_test.go b/release/release_test.go
+index d1ed64af7..701272410 100644
+--- a/release/release_test.go
++++ b/release/release_test.go
+@@ -98,7 +98,7 @@ func (s *ReleaseTestSuite) TestReadOSReleaseNotFound(c *C) {
+ 	defer reset()
+ 
+ 	os := release.ReadOSRelease()
+-	c.Assert(os, DeepEquals, release.OS{ID: "linux", VersionID: "unknown"})
++	c.Assert(os, DeepEquals, release.OS{ID: "linux"})
+ }
+ 
+ func (s *ReleaseTestSuite) TestOnClassic(c *C) {
+-- 
+2.13.3
+
diff --git a/packaging/arch/0001-snap-snapenv-always-expect-snap-for-SNAP.patch b/packaging/arch/0001-snap-snapenv-always-expect-snap-for-SNAP.patch
@@ -0,0 +1,36 @@
+From 60d61a74c58d3ae4b67eae5089771ab1fbe7e6fb Mon Sep 17 00:00:00 2001
+From: Zygmunt Krynicki <me@zygoon.pl>
+Date: Wed, 2 Aug 2017 19:43:06 +0200
+Subject: [PATCH] snap/snapenv: always expect /snap for $SNAP
+
+On the "inside" of the snap execution environment we can always(1) rely on
+the /snap directory to be present. On distributions where the /snap
+directory on the host is redirected to /var/lib/snapd/snap this fact
+should not leak into the runtime environment.
+
+This was already done correctly but one of the tests was stale.
+
+(1): Snaps with classic confinement don't work there anyway so that's a
+non-issue.
+
+Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
+---
+ snap/snapenv/snapenv_test.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/snap/snapenv/snapenv_test.go b/snap/snapenv/snapenv_test.go
+index 5b1053c43..fb594897a 100644
+--- a/snap/snapenv/snapenv_test.go
++++ b/snap/snapenv/snapenv_test.go
+@@ -121,7 +121,7 @@ func (s *HTestSuite) TestSnapRunSnapExecEnv(c *C) {
+ 		env := snapEnv(info)
+ 		c.Check(env, DeepEquals, map[string]string{
+ 			"HOME":              fmt.Sprintf("%s/snap/snapname/42", usr.HomeDir),
+-			"SNAP":              fmt.Sprintf("%s/snapname/42", dirs.SnapMountDir),
++			"SNAP":              fmt.Sprintf("%s/snapname/42", dirs.CoreSnapMountDir),
+ 			"SNAP_ARCH":         arch.UbuntuArchitecture(),
+ 			"SNAP_COMMON":       "/var/snap/snapname/common",
+ 			"SNAP_DATA":         "/var/snap/snapname/42",
+-- 
+2.13.3
+
diff --git a/packaging/arch/PKGBUILD b/packaging/arch/PKGBUILD
@@ -3,25 +3,31 @@
 # Contributor: Zygmunt Krynicki <me at zygoon dot pl>
 
 pkgbase=snapd
-pkgname=(snapd snap-confine)
-pkgver=2.26.1
+pkgname=snapd
+pkgver=2.27
 pkgrel=1
 arch=('i686' 'x86_64')
 url="https://github.com/snapcore/snapd"
 license=('GPL3')
-makedepends=('git' 'go' 'go-tools' 'bzr')
-checkdepends=('python' 'squashfs-tools')
-
-# snap-confine
-makedepends+=('libcap' 'python-docutils' 'systemd' 'xfsprogs')
-checkdepends+=('indent' 'shellcheck')
+makedepends=('git' 'go' 'go-tools' 'libseccomp' 'libcap' 'python-docutils' 'systemd' 'xfsprogs' 'libseccomp')
+checkdepends=('python' 'squashfs-tools' 'indent' 'shellcheck')
 
 options=('!strip' 'emptydirs')
 install=snapd.install
-source=("git+https://github.com/snapcore/$pkgname.git#tag=$pkgver"
-        'snapd.sh')
+source=("git+https://github.com/snapcore/$pkgname.git"
+        'snapd.sh'
+        '0001-cmd-fix-tests-that-assume-snap-mount.patch'
+        '0001-cmd-mark-arch-as-non-reexecing-distro.patch'
+        '0001-snap-snapenv-always-expect-snap-for-SNAP.patch'
+        '0001-gitignore-ignore-more-build-artefacts.patch'
+        '0001-release-remove-default-from-VERSION_ID.patch')
 md5sums=('SKIP'
-         '8e9b8108165d5b2ae911de9caefb37ce')
+         '8e9b8108165d5b2ae911de9caefb37ce'
+         'fec9f57a050fb7ee754e60257488a8b2'
+         'd0122bf079582448f0bd68ecdc8538d0'
+         'f3b2be89c9c98beda8a537714f67a2c1'
+         '3f38a715e938ba0b6fc2f410d5785b11'
+         'c9f90d92d1fb39266725072e4ace5600')
 
 _gourl=github.com/snapcore/snapd
 
@@ -36,23 +42,38 @@ prepare() {
   # above describes.
   mkdir -p "$(dirname "$GOPATH/src/${_gourl}")"
   ln --no-target-directory -fs "$srcdir/$pkgname" "$GOPATH/src/${_gourl}"
+  # Patch snap-seccomp build flags not to link libseccomp statically.
+  sed -i -e 's/-Wl,-Bstatic -lseccomp -Wl,-Bdynamic/-lseccomp/' "$srcdir/$pkgname/cmd/snap-seccomp/main.go"
+  # Apply some upstream fixes not present in the release.
+  patch -p1 < "$srcdir/0001-cmd-fix-tests-that-assume-snap-mount.patch"
+  patch -p1 < "$srcdir/0001-cmd-mark-arch-as-non-reexecing-distro.patch"
+  patch -p1 < "$srcdir/0001-snap-snapenv-always-expect-snap-for-SNAP.patch"
+  patch -p1 < "$srcdir/0001-gitignore-ignore-more-build-artefacts.patch"
+  patch -p1 < "$srcdir/0001-release-remove-default-from-VERSION_ID.patch"
 }
 
 build() {
   export GOPATH="$srcdir/go"
   # Use get-deps.sh provided by upstream to fetch go dependencies using the
   # godeps tool and dependencies.tsv (maintained upstream).
   cd "$GOPATH/src/${_gourl}"
+  # Generate version
+  ./mkversion.sh $pkgver-$pkgrel
+
+  # Get golang dependencies
   XDG_CONFIG_HOME="$srcdir" ./get-deps.sh
-  # Build/install snap and snapd
-  go install "${_gourl}/cmd/snap"
-  go install "${_gourl}/cmd/snapd"
 
   # Generate the real systemd units out of the available templates
   make -C data/systemd all
 
+  # Build/install snap and snapd
+  go install "${_gourl}/cmd/snap"
+  go install "${_gourl}/cmd/snapctl"
+  go install "${_gourl}/cmd/snapd"
+  go install "${_gourl}/cmd/snap-update-ns"
+  go install "${_gourl}/cmd/snap-seccomp"
+
   # Build snap-confine
-  ./mkversion.sh
   cd cmd
   autoreconf -i -f
   ./configure \
@@ -65,22 +86,31 @@ build() {
   make
 }
 
-# FIXME
 check() {
-  return
   export GOPATH="$srcdir/go"
   cd "$GOPATH/src/${_gourl}"
 
+  # XXX: Those files are unknown to gitignore but are checked by run-checks
+  # --static. Before gitignore is updated we just remove the junk one and move
+  # the valuable one aside.
+  rm -f cmd/snap-confine/snap-confine-debug
+  mv data/info $srcdir/xxx-info
+
   ./run-checks --unit
-  ./run-checks --static
+  # XXX: Static checks choke on autotools generated cruft. Let's not run them
+  # here as they are designed to pass on a clean tree, before anything else is
+  # done, not after building the tree.
+  # ./run-checks --static
+   make -C cmd -k check
 
-   cd cmd
-   make -k check
+  mv $srcdir/xxx-info data/info
 }
 
-package_snapd() {
+package() {
   pkgdesc="Service and tools for management of snap packages."
-  depends=('snap-confine' 'squashfs-tools')
+  depends=('snap-confine' 'squashfs-tools' 'libseccomp' 'libsystemd')
+  replaces=('snap-confine')
+  provides=('snap-confine')
 
   export GOPATH="$srcdir/go"
   # Ensure that we have /var/lib/snapd/{hostfs,lib/gl}/ as they are required by snap-confine
@@ -93,17 +123,20 @@ package_snapd() {
   # Install the snapd socket and service for the main daemon
   install -m 644 "$GOPATH/src/${_gourl}/data/systemd/snapd.service" "$pkgdir/usr/lib/systemd/system"
   install -m 644 "$GOPATH/src/${_gourl}/data/systemd/snapd.socket" "$pkgdir/usr/lib/systemd/system"
-  # Install snap and snapd executables
+  # Install snap, snapctl, snap-update-ns, snap-seccomp and snapd executables
   install -d -m 755 "$pkgdir/usr/bin/"
   install -m 755 "$GOPATH/bin/snap" "$pkgdir/usr/bin/"
+  install -m 755 "$GOPATH/bin/snapctl" "$pkgdir/usr/bin/"
   install -d -m 755 "$pkgdir/usr/lib/snapd"
+  install -m 755 "$GOPATH/bin/snap-update-ns" "$pkgdir/usr/lib/snapd/"
+  install -m 755 "$GOPATH/bin/snap-seccomp" "$pkgdir/usr/lib/snapd/"
   install -m 755 "$GOPATH/bin/snapd" "$pkgdir/usr/lib/snapd/"
+  # Install snap-confine
+  make -C "$srcdir/$pkgbase/cmd" install DESTDIR="$pkgdir/"
   # Install script to export binaries paths of snaps
   install -Dm 755 "$srcdir/snapd.sh" "$pkgdir/etc/profile.d/apps-bin-path.sh"
-}
-
-package_snap-confine() {
-  pkgdesc="Confinement system for snap applications"
-  depends=('libseccomp' 'libsystemd')
-  make -C "$srcdir/$pkgbase/cmd" install DESTDIR="$pkgdir/"
+  # Install the bash tab completion files
+  install -Dm 755 "$srcdir/data/completion/snap" "$pkgdir/usr/share/bash-completion/completions/snap"
+  install -Dm 755 "$srcdir/data/completion/complete.sh" "$pkgdir/usr/lib/snapd/complete.sh"
+  install -Dm 755 "$srcdir/data/completion/etelpmoc.sh" "$pkgdir//usr/lib/snapd/etelpmoc.sh"
 }