Trying to revive older ike-qt package that's been abandoned and doesn't work

I think I need classic confinement to make https://snapcraft.io/ike-qt-lts work

It’s fine when installed in --devmode with strict confinement , but when installed from the store (with full confinement) :

openat(AT_FDCWD, "/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 13
fstat(13, {st_mode=S_IFCHR|0666, st_rdev=makedev(0x1, 0x9), ...}) = 0
poll([{fd=13, events=POLLIN}], 1, 10)   = 1 ([{fd=13, revents=POLLIN}])
read(13, "\275EBo\301Y\2333\10&\334\221\315\345\\\254\342\16\271\221\230W\303\371\272\3363\300_yS\26", 32) = 32
close(13)                               = 0
getuid()                                = 0
sendto(12, "\0", 1, 0, NULL, 0)         = 1
sendto(10, "\0", 1, 0, NULL, 0)         = 1
getuid()                                = 0
rt_sigaction(SIGINT, {sa_handler=0x559de504bc60, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f49aed55f10}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=0x559de504bc60, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f49aed55f10}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[PIPE], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f49aed55f10}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
unlink("/var/run/ikedi")                = -1 ENOENT (No such file or directory)
socket(AF_UNIX, SOCK_STREAM, 0)         = 13
bind(13, {sa_family=AF_UNIX, sun_path="/var/run/ikedi"}, 16) = -1 EACCES (Permission denied)
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x88, 0x1), ...}) = 0
write(1, "Another instance of iked was det"..., 38Another instance of iked was detected

you should try to make it use $XDG_RUNTIME_DIR/ikedi instead …

i’d also recommend running the snappy-debug tool from the snappy-debug snap in a second terminal, it should catch all issues caused by confinement and help you to sort them out.

Imagine this code is from >5 years ago and doesn’t build any more, so it can’t be changed.

Try using layouts ; although this does say /run is unsupported, so might not work here because I’m under the impression /run and /var/run are symlinks or something similar.

If that doesn’t work, I’d imagine the store would rather prefer considering using the system-files interface rather than classic confinement.

So I’d leave confinement unset ? Seems to let me upload now, says is waiting for a review…

@ogra should I be doing anything other than waiting for the manual review process ?

you could do some exercise or so :slight_smile:

(sorry, i’m not able to speed up the reviewer team they usually work on a two week schedule to review things, but sometimes something (like a new ubuntu release for example) gets in the way that keeps them busy … note that most of the reviewers are also working on the ubuntu security team

Hey @_Tom,

Apologize for this long delay. So it seems this is not a classic request anymore, correct?

So now: is read/write access to /var/run/ikedi what the ike-qt-lts needs to properly work? Can you explain why such access is needed? From what I read it seems updating the code to explore alternatives is not something feasible, is it?

@_Tom - ping, can you please provide the requested information?

Hi @_Tom, as @emitorino mentioned previously, given that this snap has been re-uploaded using strict confinement, could you provide some more details/justification as to why it requires write access to /var/run/ikedi via system-files, so that we can progress this request for you?

@_Tom - ping, this request cannot proceed without the requested information