I am exploring the concept of a snap for curtin. As it wants to do things like run binaries from the host and make arbitrary disk changes as configured, It will require classic requirement. Thanks for your assistance.
Hi there, do you have some documentation on what curtin is and does, for those not familiar with it?
Does it need to run arbitrary binaries or could the ones it might need to run be packaged with the snap?
What kind of disk and partition changes does it need to do? Just wondering if those could be covered by some of the raw-devices or disk interfaces instead.
FWIW I know Curtin and I’d be +1 on granting it classic if none of the alternatives are feasible. It’s also from a trusted/vetted publisher.
- Daniel
Curtin is the ‘curt installer’, and is used by Subiquity and Ubuntu Desktop Installer today (Both already existing classic snaps).
For documentation on it please see: https://curtin.readthedocs.io/en/latest/index.html
It operates on a YAML configuration file primarily to partition disks and perform the actually copying of bits to disks, and can do many other related tasks. To a degree Subiquity and Ubuntu Desktop Installer are a frontend for this functionality.
Does it need to run arbitrary binaries or could the ones it might need to run be packaged with the snap?
There is some question open as to if binaries will be run from inside the snap or outside of it. I suspect for the various mkfs.foo tools we will prefer the ones outside the snap, if present, for compatibility with older Ubuntu releases. Let’s say initially “yes it will run arbitrary stuff” and on a longer timeline we aspire to not do so.
What kind of disk and partition changes does it need to do?
It could be the relatively predictable sort of things that a guided partitioning would require, or it could be arbitrary partitioning as configured by an advanced user.
Just wondering if those could be covered by some of the raw-devices or disk interfaces instead.
I would like to investigate that as time allows, but I’m not in a position to do so today.
Thanks for the details @dbungert - so from my perspective, curtin meets the criteria for classic confinement as:
- access to files on the host outside the snap’s runtime (eg, /usr)
- running arbitrary command (esp if user-configurable such as a developer tool to organize dev environments)
- access to resources not yet supported by snapd and where the requirement is clearly understood to be supportable by snapd. This may result in temporarily granting classic until snapd supports the use case in strict mode
I agree with @roadmr that it would seem curtin may be possible to operate as a strict-mode snap since you could choose to ship all the required binaries inside the snap and use the existing block-devices/raw-devices interfaces that may allow it to function as required.
So it sounds like there is a possible path for migration to strict and so we could look at granting classic confinement in the meantime.
However, I would prefer this to be published under the Canonical publisher account rather than your own - could you please organise for this to be done? Then we can look at granting the classic confinement override.
We definitely do have UbuntuCore customers utilizing these interfaces in strict snaps to partition external devices. We even have at least one that does partition operations via the udisks2 interface, so strict confinement should not actually be a problem (and would allow curtin to be used on UbuntuCore images where classic confinement is not possible at all)… so there is clearly a path forward for a future strict version and even prior art to steal from 
I’d also like to note that the most recent changes to ubuntu-inage to use the hosts mkfs tools instead of shipping them internally causes quite some compatibility issues, though the use case of curtin is indeed slightly different, I think it is worth to be pointed out here…
On reading this recent thread I think my hastily-hacked together-at-a-conference snap fails to satisfy the listed requirements. “Reasonable commitment to maintenance” being my main concern. I’ll update the thread when I believe I have something that fits the requirements. Thanks!
@dbungert hey,
Did you have time to do work on this snap? If not, we can remove this request from our review queue. Then if classic is still required, simply write back here and we can add the request back to the queue. Sounds good?
Thanks!
Yes, please remove from your review queue. If that’s something that I can do on my end, let me know.