Build own core snap


#21

it is described in the README you linked … add-apt-repository ...
(you might actually need to call sudo apt update too)


#22

nice, thank you! orga~~

I miss the update step before.


#23

@ogra

Further question, hope you can give some advices :grinning:

I want to customize the core snap because I would like to change PAM configuration file /etc/pam.d/login in core snap.

I guess it can be implement during core snap stage step. but I have below questions:

  1. I checked the snapcraft.yaml of core snap, it includes several Parts, looks like it is better to do the change in the part “livebuild” as it was the last one be staged? Can you share me some example?

  2. After I generate the core snap, can i use ubuntu-image to generate the ubuntu-core images?

sudo ubuntu-image
-c stable \ # available channels are: edge/beta/candidate/stable
–image-size 4G
–extra-snaps <gadget snap file name, e.g. roseapple-pi_16.04-1_armhf.snap>
–extra-snaps <kernel snap file name, e.g. roseapple-pi-kernel_3.10.37-1_armhf.snap>
–extra-snaps <add core snap here>
-o <image output file name, e.g. roseapple-pi-20161107-0.img>
<model file name, e.g. roseapple.model>

  1. Then, when the image is generated, can it be boot in X86 virtualbox?

thanks!! :rose:


#24

Fix the question. change the livebuild part and generate image that is ok.


#25

Note that any image you build this way likely won’t be able to upgrade. It will be stuck on the same custom build of core (and snapd) as it is installed with.

Maybe it would help to describe what your overall goal is, and why editing some of the read-only parts of the file system is necessary to achieve it?


#26

Hi Jam,

Because our web service authrization is base on PAM, for classic linux, we will modify the /etc/pam.d/login and /etc/pam.d/other to specify the path of pam relate library.
so i think the simplest way is to customize the core snap, but I agree that it is not the best one.
can you share me some suggestion?


#27

If you are packaging your web service as a snap to deploy on Ubuntu Core, it is unlikely that the host PAM configuration is going to be useful to you. The AppArmor confinement is likely to block access to /etc/shadow, for instance.

Perhaps shipping your own libpam bundled with your service, configured to read configuration from a location under your snap’s control would be a better solution? You could then configure it to use PAM modules that are guaranteed to work under confinement.


#28

as @jamesh said, re-building core if you are not actually developing the core snap itself is a moot action because it just produce an invalid developer image.

the suggestion to ship pam yourself inside your snap and managing your config changes inside the snap confinement is really the best way to go here …