This week I was a guest on the Snappy Sprint in Heidelberg, hosted by Canonical, because I'm the maintainer of snaps packages on Arch Linux.
Actually with official packages on Arch Linux, you can only use snaps without confinement (aka you can only install packages in devmode) and this is bad for security since any snap is not confined and it can do (almost) anything it want.
The reason is that snap for confinement uses the ubuntu-patched version of apparmor not available in mainline kernel yet.
So this week I worked in order to port the apparmor patches to the linux-lts kernel so I create some AUR package in order to have confinement working.
I also had to make upstream fix some wierd bugs, eventually it was a complete success and confimenent works perfectly.
If you are curious and you want to do that, you just need to install snapd-confinement (and dependencies) from AUR.
If you don't want to spend lots of time compiling the kernel you can just use my repository. To do that just execute the following commands as
root:# Configure Arch Linux to use my repository cat <<'EOF' >> /etc/pacman.conf [tredaelli-snap] SigLevel = Optional Server = http://pkgbuild.com/~tredaelli/repo/snap/$arch EOF # Install needed packages pacman -Syu snapd-confinement linux-lts-apparmor3 # Regenerate grub configuration grub-mkconfig -o /boot/grub/grub.cfg # Enable needed systemd services systemctl enable apparmor snapd.apparmor snapd.socket # (Optional) Enable snapd.refresh.timer to automatically update snaps systemctl enable snapd.refresh.timer # Reboot in order to use the new kernel rebootKnown bugs:
If you use KDE, like I do, X-based snaps doesn't (actually) work since Xauthority file is in /tmp directory.
Meanwhile upstream fix the bug I reported, you can use my workaround.
Just create a script in
~/.config/plasma-workspace/env/fix_xauth.sh with the following text:#!/bin/sh
if [ -n "$XAUTHORITY" -a "$XAUTHORITY" != "$HOME/.Xauthority" ]; then
cp -f "$XAUTHORITY" "$HOME"/.Xauthority
XAUTHORITY="$HOME"/.Xauthority
fi
Make it executable and reboot.
A suggestion:
RispondiEliminaA snap meta package for your KDE (and other DEs after that)
And making an arch / any DE/s "snapped" (and or "flatpacked" when it will come) distro.
Perhaps with calamares as installer.
Snaparch or Archsnap or whatever new name you can give it.
Now you cannot have installed at the same time all the DEs and WMs for education, kiosk or show purposes and with snaps there will be a way of being able to have all of them in one install without collisions.
Thanks for sharing, nice post!
RispondiEliminaTìm hiểu vai trò của omega 3 và vitamin e http://mayduavong.biz/thuoc-bo-sung-vitamin-d3-cho-tre-so-sinh-loai-nao-tot.html đối với trẻ, mách mẹ bí quyết http://thuochoathuyetduongnao.com/mach-3-cach-ngan-ngua-tao-bon-ho-tro-tieu-hoa-cho-tre.html tăng cường sức đề kháng trẻ hay http://thuocmatngu.com/cach-tang-chieu-cao-hieu-qua-cho-tre-tu-3-tuoi.html bổ sung chất xơ cho trẻ hay http://xn--thucmctc-13a1357egba.com/mach-me-5-bi-quyet-giup-be-an-ngon-mieng-va-nhieu-hon.html bổ sung vitamin c và kẽm cho trẻ hay http://nammongtay.com/p/khi-nao-can-dung-thuoc-ho-tro-tieu-hoa-cho-tre.html bổ sung vitamin D3 cho trẻ.