Snapd updates in Fedora EPEL for Enterprise Linux

I’ve finally gotten to the point where I’m reasonably comfortable with releasing snapd for Enterprise Linux distributions (RHEL, CentOS, Scientific Linux, Oracle Linux, Amazon Linux, etc.) with the 2.36 release.

As a consequence, I’ve finally pushed updates to add snapd and snapd-glib to EPEL for Enterprise Linux 7 distributions.

The update: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b240f3418f

The packages will be available through the mirror network in the next 24-48 hours.

Note that there is a major caveat: EPEL 7 is building on top of Red Hat Enterprise Linux 7.6 now. Among other things, this imposes a minimum version of selinux-policy that has to be available on your system from RHEL 7.6.

  • At the time of this writing, CentOS has just started building the components released by Red Hat for RHEL 7.6, so it may be up to a month before this package is installable on CentOS and distributions derived from it.
  • Oracle Linux, Scientific Linux, and other derivatives lag behind CentOS to some degree because CentOS is the upstream for all RHEL derivatives.

So for now, if you have Red Hat Enterprise Linux 7 proper and have updated to RHEL 7.6, then you can try these packages out by doing the following:

$ sudo subscription-manager repos --enable "rhel-*-optional-rpms" --enable "rhel-*-extras-rpms"
$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo yum --enablerepo=epel-testing install snapd
$ sudo systemctl enable --now snapd.socket

For CentOS and other derivatives of RHEL that don’t require subscription management (RHSM/RHN), the steps are as follows:

$ sudo yum install epel-release
$ sudo yum --enablerepo=epel-testing install snapd
$ sudo systemctl enable --now snapd.socket snapd.refresh.timer

With that, snapd will be properly running and you can use the snap command to manage snaps.

No integration will be provided at this time for GNOME Software, as I’m not sure how to do it for RHEL/CentOS in EPEL. However, snapd-glib is provided in EPEL with this, so third-party tools (if any exist) could be packaged in EPEL to interact with snapd.

11 Likes

This is great news, thanks for your work on this!

@Conan_Kudo thank you for getting snapd into EPEL!

Just FYI, if anyone is keen to try snapd under RHEL 7.6 at the moment, there’s a problem with dependency which will be fixed soon(-ish). The problem is:

[rhel@rhel ~]$ sudo yum install --enablerepo=epel-testing snapd
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Resolving Dependencies
--> Running transaction check
---> Package snapd.x86_64 0:2.36-1.el7 will be installed
--> Processing Dependency: snapd-selinux = 2.36-1.el7 for package: snapd-2.36-1.el7.x86_64
...
---> Package libzstd.x86_64 0:1.3.6-1.el7 will be installed
---> Package snapd-selinux.noarch 0:2.36-1.el7 will be installed
--> Processing Dependency: policycoreutils-python-utils for package: snapd-selinux-2.36-1.el7.noarch
---> Package squashfuse-libs.x86_64 0:0.1.102-1.el7 will be installed
--> Finished Dependency Resolution
Error: Package: snapd-selinux-2.36-1.el7.noarch (epel-testing)
           Requires: policycoreutils-python-utils
**********************************************************************
yum can be configured to try to resolve such errors by temporarily enabling
disabled repos and searching for missing dependencies.
To enable this functionality please set 'notify_only=0' in /etc/yum/pluginconf.d/search-disabled-repos.conf
**********************************************************************

Error: Package: snapd-selinux-2.36-1.el7.noarch (epel-testing)
           Requires: policycoreutils-python-utils
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

One can fix the problem by downloading the src.rpm and fixing the spec changing:

...
Requires(post): policycoreutils-python-utils
...

to

...
Requires(post): policycoreutils-python
...

As far as CentOS 7.5 goes, there are additional problems due to incompatible version of selinux-policy. RHEL 7.6 has the version which all the required updates, so getting it running on CentOS 7.6 is just a matter of time.

This is now fixed in snapd-2.36-2.el7 in the update.

1 Like

Thanks for the update. Install and runs fine. I can install and remove snaps. Karma posted.

Anything using layouts currently breaks, but the problem seems to be kernel related and is under investigation. I’ll be filing bugs where appropriate and will open another forum topic.

1 Like

@Conan_Kudo The PR adding CentOS to the spread suite is ready and contains the necessary workarounds is https://github.com/snapcore/snapd/pull/6168. Can you update the package with and pull in RHEL7 sysctl files?

Error: Package: snapd-selinux-2.36-2.el7.noarch (epel-testing)
           Requires: selinux-policy-base >= 3.13.1-229.el7_6.5
           Installed: selinux-policy-targeted-3.13.1-229.el7.noarch (@cr)
               selinux-policy-base = 3.13.1-229.el7

This is what I get with CentOS CR repo enabled. Not sure why selinux-policy ended up with el7_6 in release field. Running rpm -E '%dist' gives .el7 on RHEL 7.6 and CentOS. Pulled the src.rpm, rebuilt locally on RHEL 7.6, got selinux-policy-3.13.1-229.el7.5.src.rpm.

Updated CentOS 7.5 from CR repo again today and snapd from epel-testing can now be installed. (@popey @Wimpress would you like to give it a try?)

@Conan_Kudo do you plan to update the package with latest changes from master or should I fork the repo and open a PR in pagure?

I’ll cherry-pick the fixes in, though I’d like to see it in the release-2.36 branch for snapd as well.

I’ll get the 2.36 PR up.

As of yesterday, snapd 2.36.3 is available through Fedora EPEL for Red Hat Enterprise Linux 7.6 and derivatives (including derivatives of CentOS 7.6).

The installation process is simple:

$ sudo yum install epel-release
$ sudo yum install snapd
$ sudo systemctl enable --now snapd.socket snapd.refresh.timer

After that, you can use snaps by using the snap(8) command.

2 Likes

Another round of snapd and snapd-glib updates for Enterprise Linux users is here!

I’ve bumped it to snapd-2.38 and snapd-glib-1.47.

The update: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-be55f1a139

Go forth and test! :slight_smile:

3 Likes

Thank you! I will do a test on my machine.

Freshly baked snapd updates for Enterprise Linux users is now available.

snapd-2.39 has been proposed: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6e09a2903d

This release is special, as it includes a completely revamped SELinux policy and rudimentary SELinux integration in snap-confine. It doesn’t do too much yet, but it lays the foundations for improvements later.

Due to the large array of changes, I’m not auto-pushing this when it reaches karma limit.

Please test! :smile:

2 Likes

Thank you for the update.

Everything seems to work fine on CentOS 7.6. Installed some basic snaps and LXD (which works out of the box now!). All with SELinux in enforcing mode. No issues observed.

Due to an unfortunate uncaught bug with the new SELinux integration (RH#1708991), snapd-2.39.1 with a backported fix has been proposed as an update for EL7 systems.

The update: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-91a080fd55

Please test!

2 Likes

More SELinux policy fixes coming down the pipeline with this new snapd-2.39.2 update with a backported fix.

The update: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-502ed76053

Please test!

5 Likes

It’s been a while, but I’m pleased to release snapd updates for Enterprise Linux users!

snapd-2.42 has been proposed for EPEL 7. Also, new to this release is EPEL 8 support for RHEL/CentOS 8 users!

Please test and give karma!

3 Likes

Tested on CentOS 7.7 and RHEL8 proper. Both work fine. EPEL7 package got pushed to stable.