I’m trying to build a confined snap for the application “AusweisApp2”. This app can read the RFID-tag on the german “Personalausweis” with the help of “pcscd”. Without confinement the snap works perfectly but with confinement the card-reader on the usb port can’t be accessed. I fiddled a bit with my snaps apparmor-profile and the following rules work for the snap:
“hardware-observe” does the job. The only problem is now “pcscd”.
I will now write a request for auto-connect to “hardware-observe” and try to get a plug for pcscd into snapd. If this is not possible the snap must be installed in classic-mode.
or you could build pcscd from source in your snap and patch it to use snap compliant dirs by default …
(as an interim solution til that interface exists)
do a full snapcraft build with the above so that you get a parts/pcscd/build directory with the original upstream source.
now cd into parts/pcscd/build, make your changes and call git diff >../../../pcscd.patch to create the patch file …
uncomment the git apply ... in snapcraft.yaml and build again, but now with the patch applied …
to update the patch you can now always just repeat doing changes in the parts/pcscd/build dir and use the git diff command to make it take effect in the next build.
(indeed you might probably also want to create an “apps” entry for pcscd to be started as a daemon when your snap is installed, i’ll leave that part to the reader to figure out )
That is asking for trouble! While the idea of patching is fine, it is bad to rely on files existing in a specific location relative to a part’s build directory. Never assume a location unless it is something you directly control. The correct method of patching a part’s source is to add another part to copy the patches into the snap build and then reference them with a known path that you can rely upon:
parts:
patches:
source: patches # path relative to the snap’s source (where the snap folder containing snapcraft.yaml lives)
plugin: dump
prime: [-*] # we don’t need the patch in the final snap, so remove it
my-app:
source: ....
plugin: ....
after: [patches]
override-pull: |
git apply $SNAPCRAFT-STAGE/some-patch.diff
@lucyllewy:
Thanks. Your example helped me a lot. A already made a patch for the source of AusweisApp2 which prevents multiple qDebug-messages to flood the log. Before your post i had no good idea how to apply this patch. Working with relative paths worked for me but didn’t look very good.