One of the main advantages of snap packages is the possibility to use them not only on one Linux distribution like ‘traditional’ packages, but on a wide variety of distributions without having to modify or rebuild them. Many distributions provide the necessary snapd daemon in their repositories.
It is entirely possible to use snap packages with Gentoo too, even though we need to meet some specific prerequisites and do some tinkering. On the other hand, even building new snap packages with snapcraft and multipass or LXD will be possible afterwards. Since snapd is not available in Gentoo’s official portage tree, we use the overlay maintained by Jesse “zigford” Harris.
First and foremost: systemd is a mandatory requirement since snapd is not compatible with OpenRC. Since snapcraft requires elevated privileges, sudo should be installed and properly configured too.
In order to aquire the necessary ressources and permissions on the host system, snapd is using the AppArmor framework. In case you are using your own kernel, it might be necessary to manually enable AppArmor support in its configuration. The relatively new binary packages have AppArmor support already enabled.
I won’t cover the migration of a Gentoo based system to systemd at this point. Since this topic is so extensive, I’ll publish a separate article at a later point in time.
AppArmor and systemd
We need to compile systemd with the USE flags
apparmor enabled, libseccomp with
static-libs. Therefore we’ll add the following entries to the
sys-apps/systemd policykit apparmor sys-libs/libseccomp static-libs
The apparmor ebuild is masked by default, so we unmask it in the
/etc/portage/package.accept_keywords file where we also unmask the snapd ebuild so we always get the latest (non-stable) version.
sys-libs/libapparmor ~amd64 sys-apps/apparmor ~amd64 app-emulation/snapd ~amd64
In the next step, we (re-) build systemd and AppArmor.
emerge sys-apps/systemd emerge sys-apps/apparmor
In order to make AppArmor available right after the system is booted up, it’s necessary to modify the bootloader configuration. We need to add the following line to
/etc/default/grub or modify it accordingly:
Afterwards, the GRUB configuration gets rewritten with the command
grub-mkconfig -o /boot/grub/grub.cfg
and we can reboot the system.
Installing snapd itself
I recommend using layman for including the overlay. Using the following commands, we install layman, include the snapd overlay and install snapd itself:
emerge app-portage/layman layman -L layman -a snapd emerge --sync emerge --ask app-emulation/snapd
For finalizing the installation, we enable and start the necessary systemd units:
systemctl enable --now snapd systemctl enable --now snapd.socket systemctl enable --now snapd.apparmor
The installation of snapd is now complete and snap packages can be used.
Additional permissions for snapcraft
In case we want to allow unprivileged user accounts to create new snaps with snapcraft, we need to add them to the groups
adm group is necessary if you want to use multipass for providing the build VM,
lxd if you want to use LXD instead.
gpasswd --add username adm gpasswd --add username lxd