I’m trying to find out whether snaps are, or are officially planned to be, supported on Amazon Linux 2. This distro has some compatibility with the EL family but not with every package.
Currently, it appears that it’s not possible to install snapd from EPEL due to an insufficient version of
selinux-policy-base in this distro.
We have a report from one user of our snap who previously managed to install
snapd 2.36.3-0.amzn2. However, they appear to be unable to upgrade the daemon (via yum, or the
snapd snaps). Our snap requires functionality from 2.38, so the user is stuck.
I can see that there is some commit history in the snapd project relating to Amazon Linux 2, but at the same time, the distro is not listed on https://snapcraft.io/docs/installing-snapd.
Should we take this to mean that it is not supported, or perhaps “not yet/fully”? Any indication either way would be most welcome.
We would like to fully support AL2, but I think it would need some coordination with the maintainers that we have not been able to establish to deal with things like the drift of security libraries. I know that in order to work more easily on apparmor distros that ship different versions of apparmor we are moving the apparmor code into the snapd snap itself, so we will work on any apparmor-enabled kernel.
For selinux we could look to do the same, which might ease the dependency you describe. Not sure if there are other ways to address the AL2 gap right now, but we will definitely take patches if you have them.
I made a little progress on this through conversations with Amazon.
Apparently, they have an optionally enabled repo with a newer version of selinux. When using this repo, snapd’s selinux dependency is still not satisfied (
selinux-policy-base >= 3.13.1-268.el7_9.2 vs
selinux-policy-base = 3.13.1-268.amzn2.2.2), however, I suspect things actually work just fine and the problem is just the snapd-selinux package’s selinux requirement is too strict.
I opened a bugzilla ticket to try and get this changed but it was unfortunately closed as wontfix.
I closed the ticket with wontfix, as the dependency on
selinux-policy-base is what the RPM macros for packaging selinux generate. This is beyond my control. The packages for EPEL are built against RHEL and first must conform to some reasonable packaging standards and second YMMV when using/installing them on derived distributions, especially ones that out way behind with the updates wrt. RHEL.
To make this work, you can either grab the SRPM and build the package yourself, or use the unofficial repo which carries snapd rebuilt without SELinux, see Unofficial snapd repository for Amazon Linux 2.
That being said, I think the best course of action is to ask Amazon to include snapd in their Extras repository, thus making it readily available. We’ve tried to make it in the past but to no avail. I’m not Amazon’s customer so I can’t even file a support ticket. The snapd upstream builds and runs a suite of tests on Amazon Linux 2 for each pull request, so there’s a high chance that the integration process will be of low effort.