Snapd updates in Fedora EPEL for Enterprise Linux

Conan_Kudo · November 4, 2018, 6:25pm

I’ve finally gotten to the point where I’m reasonably comfortable with releasing snapd for Enterprise Linux distributions (RHEL, CentOS, Scientific Linux, Oracle Linux, Amazon Linux, etc.) with the 2.36 release.

As a consequence, I’ve finally pushed updates to add snapd and snapd-glib to EPEL for Enterprise Linux 7 distributions.

The update: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b240f3418f

The packages will be available through the mirror network in the next 24-48 hours.

Note that there is a major caveat: EPEL 7 is building on top of Red Hat Enterprise Linux 7.6 now. Among other things, this imposes a minimum version of selinux-policy that has to be available on your system from RHEL 7.6.

At the time of this writing, CentOS has just started building the components released by Red Hat for RHEL 7.6, so it may be up to a month before this package is installable on CentOS and distributions derived from it.
Oracle Linux, Scientific Linux, and other derivatives lag behind CentOS to some degree because CentOS is the upstream for all RHEL derivatives.

So for now, if you have Red Hat Enterprise Linux 7 proper and have updated to RHEL 7.6, then you can try these packages out by doing the following:

$ sudo subscription-manager repos --enable "rhel-*-optional-rpms" --enable "rhel-*-extras-rpms"
$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo yum --enablerepo=epel-testing install snapd
$ sudo systemctl enable --now snapd.socket

For CentOS and other derivatives of RHEL that don’t require subscription management (RHSM/RHN), the steps are as follows:

$ sudo yum install epel-release
$ sudo yum --enablerepo=epel-testing install snapd
$ sudo systemctl enable --now snapd.socket snapd.refresh.timer

With that, snapd will be properly running and you can use the snap command to manage snaps.

No integration will be provided at this time for GNOME Software, as I’m not sure how to do it for RHEL/CentOS in EPEL. However, snapd-glib is provided in EPEL with this, so third-party tools (if any exist) could be packaged in EPEL to interact with snapd.

JamieBennett · November 5, 2018, 11:58am

This is great news, thanks for your work on this!

mborzecki · November 14, 2018, 12:51pm

@Conan_Kudo thank you for getting snapd into EPEL!

Just FYI, if anyone is keen to try snapd under RHEL 7.6 at the moment, there’s a problem with dependency which will be fixed soon(-ish). The problem is:

[rhel@rhel ~]$ sudo yum install --enablerepo=epel-testing snapd
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Resolving Dependencies
--> Running transaction check
---> Package snapd.x86_64 0:2.36-1.el7 will be installed
--> Processing Dependency: snapd-selinux = 2.36-1.el7 for package: snapd-2.36-1.el7.x86_64
...
---> Package libzstd.x86_64 0:1.3.6-1.el7 will be installed
---> Package snapd-selinux.noarch 0:2.36-1.el7 will be installed
--> Processing Dependency: policycoreutils-python-utils for package: snapd-selinux-2.36-1.el7.noarch
---> Package squashfuse-libs.x86_64 0:0.1.102-1.el7 will be installed
--> Finished Dependency Resolution
Error: Package: snapd-selinux-2.36-1.el7.noarch (epel-testing)
           Requires: policycoreutils-python-utils
**********************************************************************
yum can be configured to try to resolve such errors by temporarily enabling
disabled repos and searching for missing dependencies.
To enable this functionality please set 'notify_only=0' in /etc/yum/pluginconf.d/search-disabled-repos.conf
**********************************************************************

Error: Package: snapd-selinux-2.36-1.el7.noarch (epel-testing)
           Requires: policycoreutils-python-utils
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

One can fix the problem by downloading the src.rpm and fixing the spec changing:

...
Requires(post): policycoreutils-python-utils
...

to

...
Requires(post): policycoreutils-python
...

As far as CentOS 7.5 goes, there are additional problems due to incompatible version of selinux-policy. RHEL 7.6 has the version which all the required updates, so getting it running on CentOS 7.6 is just a matter of time.

Conan_Kudo · November 14, 2018, 1:10pm

This is now fixed in snapd-2.36-2.el7 in the update.

mborzecki · November 16, 2018, 10:57am

Thanks for the update. Install and runs fine. I can install and remove snaps. Karma posted.

Anything using layouts currently breaks, but the problem seems to be kernel related and is under investigation. I’ll be filing bugs where appropriate and will open another forum topic.

mborzecki · November 20, 2018, 9:34am

@Conan_Kudo The PR adding CentOS to the spread suite is ready and contains the necessary workarounds is https://github.com/snapcore/snapd/pull/6168. Can you update the package with and pull in RHEL7 sysctl files?

mborzecki · November 20, 2018, 9:52am

Error: Package: snapd-selinux-2.36-2.el7.noarch (epel-testing)
           Requires: selinux-policy-base >= 3.13.1-229.el7_6.5
           Installed: selinux-policy-targeted-3.13.1-229.el7.noarch (@cr)
               selinux-policy-base = 3.13.1-229.el7

This is what I get with CentOS CR repo enabled. Not sure why selinux-policy ended up with el7_6 in release field. Running rpm -E '%dist' gives .el7 on RHEL 7.6 and CentOS. Pulled the src.rpm, rebuilt locally on RHEL 7.6, got selinux-policy-3.13.1-229.el7.5.src.rpm.

mborzecki · November 21, 2018, 1:28pm

Updated CentOS 7.5 from CR repo again today and snapd from epel-testing can now be installed. (@popey @Wimpress would you like to give it a try?)

@Conan_Kudo do you plan to update the package with latest changes from master or should I fork the repo and open a PR in pagure?

Conan_Kudo · November 21, 2018, 2:56pm

I’ll cherry-pick the fixes in, though I’d like to see it in the release-2.36 branch for snapd as well.

mborzecki · November 21, 2018, 3:05pm

I’ll get the 2.36 PR up.

Conan_Kudo · December 23, 2018, 4:09am

As of yesterday, snapd 2.36.3 is available through Fedora EPEL for Red Hat Enterprise Linux 7.6 and derivatives (including derivatives of CentOS 7.6).

The installation process is simple:

$ sudo yum install epel-release
$ sudo yum install snapd
$ sudo systemctl enable --now snapd.socket snapd.refresh.timer

After that, you can use snaps by using the snap(8) command.

Conan_Kudo · March 28, 2019, 12:44am

Another round of snapd and snapd-glib updates for Enterprise Linux users is here!

I’ve bumped it to snapd-2.38 and snapd-glib-1.47.

The update: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-be55f1a139

Go forth and test!

zyga-snapd · March 28, 2019, 7:59am

Thank you! I will do a test on my machine.

Conan_Kudo · May 8, 2019, 3:30pm

Freshly baked snapd updates for Enterprise Linux users is now available.

snapd-2.39 has been proposed: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6e09a2903d

This release is special, as it includes a completely revamped SELinux policy and rudimentary SELinux integration in snap-confine. It doesn’t do too much yet, but it lays the foundations for improvements later.

Due to the large array of changes, I’m not auto-pushing this when it reaches karma limit.

Please test!

mborzecki · May 13, 2019, 6:11am

Thank you for the update.

Everything seems to work fine on CentOS 7.6. Installed some basic snaps and LXD (which works out of the box now!). All with SELinux in enforcing mode. No issues observed.

Conan_Kudo · June 4, 2019, 6:29pm

Due to an unfortunate uncaught bug with the new SELinux integration (RH#1708991), snapd-2.39.1 with a backported fix has been proposed as an update for EL7 systems.

The update: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-91a080fd55

Please test!

Conan_Kudo · June 14, 2019, 2:02pm

More SELinux policy fixes coming down the pipeline with this new snapd-2.39.2 update with a backported fix.

The update: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-502ed76053

Please test!

Conan_Kudo · October 29, 2019, 1:12pm

It’s been a while, but I’m pleased to release snapd updates for Enterprise Linux users!

snapd-2.42 has been proposed for EPEL 7. Also, new to this release is EPEL 8 support for RHEL/CentOS 8 users!

Please test and give karma!

mborzecki · October 30, 2019, 9:10am

Tested on CentOS 7.7 and RHEL8 proper. Both work fine. EPEL7 package got pushed to stable.

wayisgy573 · November 23, 2019, 12:42pm

Hello !

If I’m not mistaken, the snapd package for centos8 is broken :

→  sudo dnf install -y snapd
Last metadata expiration check: 0:12:41 ago on Sat 23 Nov 2019 01:20:04 PM CET.
Error: 
 Problem: package snapd-2.42.1-1.el8.x86_64 requires snapd-selinux = 2.42.1-1.el8, 
but none of the providers can be installed
  - conflicting requests
  - nothing provides selinux-policy-base >= 3.14.3-20.el8 needed by snapd-selinux- 2.42.1-1.el8.noarch
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

it looks like selinux-policy-base is needed but that package doesn’t exists :

→  sudo dnf info selinux-policy-base
Last metadata expiration check: 0:17:43 ago on Sat 23 Nov 2019 01:20:04 PM CET.
Error: No matching Packages to list

epel is installed :

 →  sudo dnf info epel-release
Last metadata expiration check: 0:20:25 ago on Sat 23 Nov 2019 01:20:04 PM CET.
Installed Packages
Name         : epel-release
Version      : 8
Release      : 7.el8
Arch         : noarch
Size         : 30 k
Source       : epel-release-8-7.el8.src.rpm
Repo         : @System
From repo    : epel
Summary      : Extra Packages for Enterprise Linux repository configuration
URL          : http://download.fedoraproject.org/pub/epel
License      : GPLv2
Description  : This package contains the Extra Packages for Enterprise Linux (EPEL) repository
             : GPG key as well as configuration for yum.