Trying to revive older ike-qt package that's been abandoned and doesn't work

I think I need classic confinement to make https://snapcraft.io/ike-qt-lts work

It’s fine when installed in --devmode with strict confinement , but when installed from the store (with full confinement) :

openat(AT_FDCWD, "/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 13
fstat(13, {st_mode=S_IFCHR|0666, st_rdev=makedev(0x1, 0x9), ...}) = 0
poll([{fd=13, events=POLLIN}], 1, 10)   = 1 ([{fd=13, revents=POLLIN}])
read(13, "\275EBo\301Y\2333\10&\334\221\315\345\\\254\342\16\271\221\230W\303\371\272\3363\300_yS\26", 32) = 32
close(13)                               = 0
getuid()                                = 0
sendto(12, "\0", 1, 0, NULL, 0)         = 1
sendto(10, "\0", 1, 0, NULL, 0)         = 1
getuid()                                = 0
rt_sigaction(SIGINT, {sa_handler=0x559de504bc60, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f49aed55f10}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=0x559de504bc60, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f49aed55f10}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[PIPE], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f49aed55f10}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
unlink("/var/run/ikedi")                = -1 ENOENT (No such file or directory)
socket(AF_UNIX, SOCK_STREAM, 0)         = 13
bind(13, {sa_family=AF_UNIX, sun_path="/var/run/ikedi"}, 16) = -1 EACCES (Permission denied)
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x88, 0x1), ...}) = 0
write(1, "Another instance of iked was det"..., 38Another instance of iked was detected

you should try to make it use $XDG_RUNTIME_DIR/ikedi instead …

i’d also recommend running the snappy-debug tool from the snappy-debug snap in a second terminal, it should catch all issues caused by confinement and help you to sort them out.

Imagine this code is from >5 years ago and doesn’t build any more, so it can’t be changed.

Try using layouts ; although this does say /run is unsupported, so might not work here because I’m under the impression /run and /var/run are symlinks or something similar.

If that doesn’t work, I’d imagine the store would rather prefer considering using the system-files interface rather than classic confinement.

So I’d leave confinement unset ? Seems to let me upload now, says is waiting for a review…

@ogra should I be doing anything other than waiting for the manual review process ?

you could do some exercise or so :slight_smile:

(sorry, i’m not able to speed up the reviewer team they usually work on a two week schedule to review things, but sometimes something (like a new ubuntu release for example) gets in the way that keeps them busy … note that most of the reviewers are also working on the ubuntu security team

Hey @_Tom,

Apologize for this long delay. So it seems this is not a classic request anymore, correct?

So now: is read/write access to /var/run/ikedi what the ike-qt-lts needs to properly work? Can you explain why such access is needed? From what I read it seems updating the code to explore alternatives is not something feasible, is it?

@_Tom - ping, can you please provide the requested information?

Hi @_Tom, as @emitorino mentioned previously, given that this snap has been re-uploaded using strict confinement, could you provide some more details/justification as to why it requires write access to /var/run/ikedi via system-files, so that we can progress this request for you?

@_Tom - ping, this request cannot proceed without the requested information

@_Tom since we’ve not heard back from you, we are removing this request from our review queue. When you have more time to respond, simply do so here and we can add the request back to the queue. Thanks!

Because it doesn’t work other wise, and can’t be changed.

Can you please provide more details other than ‘it doesn’t work’? This is not sufficient. Thanks.