Mailinglist Archive: opensuse-factory (375 mails)

< Previous Next >
Re: [opensuse-factory] requesting package review: system:snappy/snapd


On 19/04/18 02:38, Rafael Kitover wrote:
Hello, zyga and me are working on the package for snaps snapd at
system:snappy/snapd and want to submit it to factory soon, at which
point we can also package some related softwares.

If anyone has the time and inclination, we'd like some feedback on the
package before we submit it, any suggestions for improvements and
problems that need fixing welcome.

Thank you!


There are a couple of things here that should be discussed more broadly,
1. you seem to be packaging stuff into /snap which is outside the FHS
guidelines, On fedora [1] they are using /var/lib/snapd/snap

2. Normally on openSUSE we don't allow packages to enable there service
in %post in favor of the system administrator doing it, snap is a bit
different from most standard services though so maybe its worth an
exception but we should discuss that on this list.

3. You have a couple of other rpmlint errors that you will need to work
through with the security team if your not already.

snapd.x86_64: E: permissions-unauthorized-file (Badness: 222)
/etc/permissions.d/snapd
snapd.x86_64: E: permissions-unauthorized-file (Badness: 222)
/etc/permissions.d/snapd.paranoid
If the package is intended for inclusion in any SUSE product please open
a bug
report to request review of the package by the security team

snapd.x86_64: E: polkit-untracked-privilege (Badness: 111)
io.snapcraft.snapd.login (auth_admin:auth_admin:auth_admin_keep)
snapd.x86_64: E: polkit-untracked-privilege (Badness: 111)
io.snapcraft.snapd.manage (auth_admin:auth_admin:auth_admin_keep)
snapd.x86_64: E: polkit-untracked-privilege (Badness: 111)
io.snapcraft.snapd.manage-interfaces (auth_admin:auth_admin:auth_admin_keep)
The privilege is not listed in /etc/polkit-default-privs.* which makes it
harder for admins to find. If the package is intended for inclusion in any
SUSE product please open a bug report to request review of the package
by the
security team


Cheers


1. https://src.fedoraproject.org/rpms/snapd/blob/master/f/snapd.spec

--

Simon Lees (Simotek) http://simotek.net

Emergency Update Team keybase.io/simotek
SUSE Linux Adelaide Australia, UTC+10:30
GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B

< Previous Next >
Follow Ups