Using Snap Packages in Gentoo » serra.me

Using Snap Packages in Gentoo

One of the main advantages of snap packages is the possibility to use them not only on one Linux distribution like ‘traditional’ packages, but on a wide variety of distributions without having to modify or rebuild them. Many distributions provide the necessary snapd daemon in their repositories.

It is entirely possible to use snap packages with Gentoo too. Even building new snap packages with snapcraft and multipass or LXD will be possible afterwards.

Prerequisites

First and foremost: systemd is a mandatory requirement since snapd is not compatible with OpenRC. Since snapcraft requires elevated privileges, sudo should be installed and properly configured too.

In order to aquire the necessary ressources and permissions on the host system, snapd is using the AppArmor framework. In case you are using your own kernel, it might be necessary to manually enable AppArmor support in its configuration. The relatively new binary packages have AppArmor support already enabled.

I won’t cover the migration of a Gentoo based system to systemd at this point. Since this topic is so extensive, I’ll publish a separate article at a later point in time.

AppArmor and systemd

We need to compile systemd with the USE flags policykit and apparmor enabled, libseccomp with static-libs. Therefore we’ll add the following entries to the /etc/portage/package.use file:

sys-apps/systemd policykit apparmor
sys-libs/libseccomp static-libs

The apparmor ebuild is masked by default, so we unmask it in the /etc/portage/package.accept_keywords file where we also unmask the snapd ebuild so we always get the latest (non-stable) version.

sys-libs/libapparmor ~amd64
sys-apps/apparmor ~amd64
app-emulation/snapd ~amd64

In the next step, we (re-) build systemd and AppArmor.

emerge sys-apps/systemd
emerge sys-apps/apparmor

In order to make AppArmor available right after the system is booted up, it’s necessary to modify the bootloader configuration. We need to add the following line to /etc/default/grub or modify it accordingly:

GRUB_CMDLINE_LINIX_DEFAULT="apparmor=1 security=apparmor"

Afterwards, the GRUB configuration gets rewritten with the command

grub-mkconfig -o /boot/grub/grub.cfg

and we can reboot the system.

Installing snapd itself

Finally, we install the snapd package and enable the necessary systemd units:

emerge --ask app-emulation/snapd
systemctl enable --now snapd
systemctl enable --now snapd.socket
systemctl enable --now snapd.apparmor

The installation of snapd is now complete and snap packages can be used.

Additional permissions for snapcraft

In case we want to allow unprivileged user accounts to create new snaps with snapcraft, we need to add them to the groups adm or lxd. The adm group is necessary if you want to use multipass for providing the build VM, lxd if you want to use LXD instead.

gpasswd --add username adm
gpasswd --add username lxd

Comments

Leave a Reply

Your email address will not be published.