Snapd updates in Fedora EPEL for Enterprise Linux

mborzecki · November 20, 2018, 9:34am

@Conan_Kudo The PR adding CentOS to the spread suite is ready and contains the necessary workarounds is https://github.com/snapcore/snapd/pull/6168. Can you update the package with and pull in RHEL7 sysctl files?

mborzecki · November 20, 2018, 9:52am

Error: Package: snapd-selinux-2.36-2.el7.noarch (epel-testing)
           Requires: selinux-policy-base >= 3.13.1-229.el7_6.5
           Installed: selinux-policy-targeted-3.13.1-229.el7.noarch (@cr)
               selinux-policy-base = 3.13.1-229.el7

This is what I get with CentOS CR repo enabled. Not sure why selinux-policy ended up with el7_6 in release field. Running rpm -E '%dist' gives .el7 on RHEL 7.6 and CentOS. Pulled the src.rpm, rebuilt locally on RHEL 7.6, got selinux-policy-3.13.1-229.el7.5.src.rpm.

mborzecki · November 21, 2018, 1:28pm

Updated CentOS 7.5 from CR repo again today and snapd from epel-testing can now be installed. (@popey @Wimpress would you like to give it a try?)

@Conan_Kudo do you plan to update the package with latest changes from master or should I fork the repo and open a PR in pagure?

Conan_Kudo · November 21, 2018, 2:56pm

I’ll cherry-pick the fixes in, though I’d like to see it in the release-2.36 branch for snapd as well.

mborzecki · November 21, 2018, 3:05pm

I’ll get the 2.36 PR up.

Conan_Kudo · December 23, 2018, 4:09am

As of yesterday, snapd 2.36.3 is available through Fedora EPEL for Red Hat Enterprise Linux 7.6 and derivatives (including derivatives of CentOS 7.6).

The installation process is simple:

$ sudo yum install epel-release
$ sudo yum install snapd
$ sudo systemctl enable --now snapd.socket snapd.refresh.timer

After that, you can use snaps by using the snap(8) command.

Conan_Kudo · March 28, 2019, 12:44am

Another round of snapd and snapd-glib updates for Enterprise Linux users is here!

I’ve bumped it to snapd-2.38 and snapd-glib-1.47.

The update: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-be55f1a139

Go forth and test!

zyga-snapd · March 28, 2019, 7:59am

Thank you! I will do a test on my machine.

Conan_Kudo · May 8, 2019, 3:30pm

Freshly baked snapd updates for Enterprise Linux users is now available.

snapd-2.39 has been proposed: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6e09a2903d

This release is special, as it includes a completely revamped SELinux policy and rudimentary SELinux integration in snap-confine. It doesn’t do too much yet, but it lays the foundations for improvements later.

Due to the large array of changes, I’m not auto-pushing this when it reaches karma limit.

Please test!

mborzecki · May 13, 2019, 6:11am

Thank you for the update.

Everything seems to work fine on CentOS 7.6. Installed some basic snaps and LXD (which works out of the box now!). All with SELinux in enforcing mode. No issues observed.

Conan_Kudo · June 4, 2019, 6:29pm

Due to an unfortunate uncaught bug with the new SELinux integration (RH#1708991), snapd-2.39.1 with a backported fix has been proposed as an update for EL7 systems.

The update: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-91a080fd55

Please test!

Conan_Kudo · June 14, 2019, 2:02pm

More SELinux policy fixes coming down the pipeline with this new snapd-2.39.2 update with a backported fix.

The update: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-502ed76053

Please test!

Conan_Kudo · October 29, 2019, 1:12pm

It’s been a while, but I’m pleased to release snapd updates for Enterprise Linux users!

snapd-2.42 has been proposed for EPEL 7. Also, new to this release is EPEL 8 support for RHEL/CentOS 8 users!

Please test and give karma!

mborzecki · October 30, 2019, 9:10am

Tested on CentOS 7.7 and RHEL8 proper. Both work fine. EPEL7 package got pushed to stable.

wayisgy573 · November 23, 2019, 12:42pm

Hello !

If I’m not mistaken, the snapd package for centos8 is broken :

→  sudo dnf install -y snapd
Last metadata expiration check: 0:12:41 ago on Sat 23 Nov 2019 01:20:04 PM CET.
Error: 
 Problem: package snapd-2.42.1-1.el8.x86_64 requires snapd-selinux = 2.42.1-1.el8, 
but none of the providers can be installed
  - conflicting requests
  - nothing provides selinux-policy-base >= 3.14.3-20.el8 needed by snapd-selinux- 2.42.1-1.el8.noarch
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

it looks like selinux-policy-base is needed but that package doesn’t exists :

→  sudo dnf info selinux-policy-base
Last metadata expiration check: 0:17:43 ago on Sat 23 Nov 2019 01:20:04 PM CET.
Error: No matching Packages to list

epel is installed :

 →  sudo dnf info epel-release
Last metadata expiration check: 0:20:25 ago on Sat 23 Nov 2019 01:20:04 PM CET.
Installed Packages
Name         : epel-release
Version      : 8
Release      : 7.el8
Arch         : noarch
Size         : 30 k
Source       : epel-release-8-7.el8.src.rpm
Repo         : @System
From repo    : epel
Summary      : Extra Packages for Enterprise Linux repository configuration
URL          : http://download.fedoraproject.org/pub/epel
License      : GPLv2
Description  : This package contains the Extra Packages for Enterprise Linux (EPEL) repository
             : GPG key as well as configuration for yum.

mborzecki · November 25, 2019, 7:32am

Looks like the base selinux policy was updated, but that didn’t trigger a rebuild of snapd. @Conan_Kudo should we expect it to rebuild automatically when the dependency is not in EPEL?

Anyways, I’ll be preparing an update to 2.42.2 soon, so you’ll be able get the latest version as soon as it appears in epel-testing.

wayisgy573 · November 29, 2019, 7:38pm

I think this dependency doesn’t exists in centos 8 (would that be possible ?) anyway I can see a 2.42.2 version now but the issue is still there as selinux-policy-base doesn’t exists:

→  sudo dnf install --enablerepo=epel-testing snapd --nobest
Last metadata expiration check: 0:06:53 ago on Fri 29 Nov 2019 08:27:52 PM CET.
Error: 
 Problem: package snapd-2.42.2-1.el8.x86_64 requires snapd-selinux = 2.42.2-1.el8, but none of the providers can be installed
  - conflicting requests
  - nothing provides selinux-policy-base >= 3.14.3-20.el8 needed by snapd-selinux-2.42.2-1.el8.noarch
(try to add '--skip-broken' to skip uninstallable packages)
→  sudo dnf info selinux-policy-base
Last metadata expiration check: 0:07:14 ago on Fri 29 Nov 2019 08:27:52 PM CET.
Error: No matching Packages to list

I may totaly be missing somethingm but I don’t understand what exactly if it’s the case.

edit: I do have a package name selinux-policy that claim to be the base though:

→  sudo dnf info selinux-policy                                                                    
Last metadata expiration check: 0:13:14 ago on Fri 29 Nov 2019 08:27:52 PM CET.                    
Installed Packages                              
Name         : selinux-policy       
Version      : 3.14.1                                                          
Release      : 61.el8_0.2          
Arch         : noarch                           
Size         : 24 k            
Source       : selinux-policy-3.14.1-61.el8_0.2.src.rpm                        
Repo         : @System
From repo    : BaseOS        
Summary      : SELinux policy configuration
URL          : %{git0-base}
License      : GPLv2+
Description  : SELinux Base package for SELinux Reference Policy - modular.
             : Based off of reference policy: Checked out revision  2.20091117

mborzecki · December 2, 2019, 10:02am

I explained the problem right here:

I don’t think we can do anything at this point.

zyga-snapd · December 2, 2019, 10:16am

Running Fedora 31 for a while I noticed that desktop applications don’t display the icon or name in the alt-tab app switcher. It’s odd because they show up perfectly fine in gnome shell itself before the app is launched.

Conan_Kudo · February 16, 2020, 1:53am

I’m pleased to release snapd updates for Enterprise Linux users!

snapd-2.43.3 has been proposed for EPEL 7 and EPEL 8.

Please test and give karma!