A while back I tried to work on putting fwupd into a classic snap (Approval for fwupd classic snap). There was push back that this should be a regular snap.
I’ve done the work to get fwupd daemon and fwupdmgr building into the snap (see https://github.com/hughsie/fwupd/blob/wip/superm1/snapped-daemon/contrib/snap/snapcraft-stable.yaml), but I’ve hit several road blocks that I need help with.
- The PolicyKit rules associated with any client communication with the daemon aren’t loaded. So I can’t communicate with the daemon with anything other than root.
- I can’t find a way to bind mount the EFI system partition. For UEFI updates to work the EFI system partition needs to be accessible to the snap. On flatpak (https://github.com/hughsie/fwupd/blob/master/contrib/org.freedesktop.fwupd.json) we just add
--filesystem=/boot
and then the ESP is bind mounted. - The ESRT needs to be accessible from the snap (/sys/firmware/efi/esrt)
- The client and daemon communication interface/plug isn’t automatically enabled. I had heard this might happen from the store, but I don’t know how to activate it.
- A new set of confinement rules to all the interfaces fwupd uses is needed.
From my perspective, 1, 2, and 3 are the most important as they would at least be a functional ‘devmode’ snap. As it stands today devmode doesn’t work for UEFI updates due to lack of access to those directories in the snap.