userMaximilian
commented
5 days ago Hello, @akcano! I would like to help with this issue. I have already taken a look at the background and I was able to reproduce the removal of setpriv from a core22-based snap after adding the cleanup part.
I wondered whether it would be worth providing readers with a possible workaround, for example an additional part that runs after cleanup to re-introduce setpriv (perhaps by manually extracting the setpriv binary from the util-linux deb package using override-prime).
Another option would be to update the cleanup part itself, so that snap developers could specify files - like the setpriv binary - that shouldn't be removed. I appreciate that updating the cleanup part is probably out-of-scope of this issue, but I wanted to raise the possibility of doing so here, as it would affect how we update the documentation, and it could be useful in other cases (like the forum post that you linked to). As a proof of concept, the override-prime step could start off with something like this:
override-prime: |
set -eux
# Set SNAPS to a space separated list comprising the name of the base snap
# and the name of each content snap that your snap is connected to
# (e.g. "core22 gtk-common-themes gnome-42-2204")
SNAPS="core22"
# Set WANTED to a space separated list comprising the name (without path) of
# each file that needs to be kept in the snap (e.g. "setpriv whoami")
WANTED="setpriv"
wanted_opts=""
for item in $WANTED; do wanted_opts+=" -not -name $item"; done
for snap in $SNAPS; do
cd "/snap/$snap/current" && find -L . -type f,l $wanted_opts -exec rm -f "$CRAFT_PRIME/{}" \;
doneI have a few other changes in mind (e.g. removing empty directories, broken symlinks and unnecessary files from $CRAFT_PRIME/usr/share) but I have left these out for now.
What do you think? If you agree that it would be worth pursing, then I assume that it would be best for me to raise this on the Snapcraft forum - perhaps as a new thread for greater visibility - and allow some time for comments. I'm happy to keep working on this as needed.
On a separate point, would also it be worth updating the System usernames page to refer to _daemon_ as the system user throughout, and only mention the deprecated snap_daemon user in a note (i.e. the inverse of what is currently being done)? I appreciate that some users might be limited to an old version of snapd, and so may not be able to run snaps that rely on the _daemon_ user. I'm happy to make this change as part of my pull request, unless you think that it isn't needed, or that it should be done as a separate academy issue.
akcano
Update the following guides:
Reducing the size of desktop snaps (also, the in-page link to this anchor needs fixing)
System usernames
Background
The documentation suggests using the
cleanuppart, but does not fully warn about the potential problems of using it. For instance, when using setpriv, setpriv may end up being removed from a snap's prime even though it's a part of the core20 image. A similar issue was reported in the Snapcraft forum.Prerequisites
Familiarity with Snapcraft or snaps is needed to understand the content and test any conjectures. The documentation is Discourse-hosted, so some experience with Discourse is also a plus.