Open akcano opened 2 weeks ago
Hello, @akcano! I would like to help with this issue. I have already taken a look at the background and I was able to reproduce the removal of setpriv
from a core22
-based snap after adding the cleanup
part.
I wondered whether it would be worth providing readers with a possible workaround, for example an additional part that runs after cleanup
to re-introduce setpriv
(perhaps by manually extracting the setpriv
binary from the util-linux
deb package using override-prime
).
Another option would be to update the cleanup
part itself, so that snap developers could specify files - like the setpriv
binary - that shouldn't be removed. I appreciate that updating the cleanup
part is probably out-of-scope of this issue, but I wanted to raise the possibility of doing so here, as it would affect how we update the documentation, and it could be useful in other cases (like the forum post that you linked to). As a proof of concept, the override-prime
step could start off with something like this:
override-prime: |
set -eux
# Set SNAPS to a space separated list comprising the name of the base snap
# and the name of each content snap that your snap is connected to
# (e.g. "core22 gtk-common-themes gnome-42-2204")
SNAPS="core22"
# Set WANTED to a space separated list comprising the name (without path) of
# each file that needs to be kept in the snap (e.g. "setpriv whoami")
WANTED="setpriv"
wanted_opts=""
for item in $WANTED; do wanted_opts+=" -not -name $item"; done
for snap in $SNAPS; do
cd "/snap/$snap/current" && find -L . -type f,l $wanted_opts -exec rm -f "$CRAFT_PRIME/{}" \;
done
I have a few other changes in mind (e.g. removing empty directories, broken symlinks and unnecessary files from $CRAFT_PRIME/usr/share) but I have left these out for now.
What do you think? If you agree that it would be worth pursing, then I assume that it would be best for me to raise this on the Snapcraft forum - perhaps as a new thread for greater visibility - and allow some time for comments. I'm happy to keep working on this as needed.
On a separate point, would also it be worth updating the System usernames page to refer to _daemon_
as the system user throughout, and only mention the deprecated snap_daemon
user in a note (i.e. the inverse of what is currently being done)? I appreciate that some users might be limited to an old version of snapd, and so may not be able to run snaps that rely on the _daemon_
user. I'm happy to make this change as part of my pull request, unless you think that it isn't needed, or that it should be done as a separate academy issue.
Hi @userMaximilian,
Thank you for your participation! Step by step:
Workaround for setpriv
removal: sounds promising, and I suggest you run it by the broader Snapcraft forum community first for feedback. Same for the cleanup
part, if you can keep the explanation of what's going on to a necessary minimum.
System usernames page: I would suggest opening a new CODA issue ticket for that in this repo, otherwise it's a great idea.
Looking forward to your contributions!
Thanks, @akcano! I will make a start on this shortly.
Update the following guides:
Reducing the size of desktop snaps (also, the in-page link to this anchor needs fixing)
System usernames
Background
The documentation suggests using the
cleanup
part, but does not fully warn about the potential problems of using it. For instance, when using setpriv, setpriv may end up being removed from a snap's prime even though it's a part of the core20 image. A similar issue was reported in the Snapcraft forum.Prerequisites
Familiarity with Snapcraft or snaps is needed to understand the content and test any conjectures. The documentation is Discourse-hosted, so some experience with Discourse is also a plus.