1
diff --git a/debian/patches/series b/debian/patches/series
2
index 3267d3c..3b31e47 100644
3
--- a/debian/patches/series
4
+++ b/debian/patches/series
5
@@ -17,3 +17,4 @@ disable-libnm-glib-test-devices-array.patch
6
17
add-snap-support.patch
17
add-snap-support.patch
7
18
disable-tests-that-fail-under-launchpad-builds.patch
18
disable-tests-that-fail-under-launchpad-builds.patch
8
19
snap-support-ppp.patch
19
snap-support-ppp.patch
9
20
set-ld-library-path-for-iptables.patch
10
diff --git a/debian/patches/set-ld-library-path-for-iptables.patch b/debian/patches/set-ld-library-path-for-iptables.patch
11
20
new file mode 100644
21
new file mode 100644
12
index 0000000..065816c
13
--- /dev/null
14
+++ b/debian/patches/set-ld-library-path-for-iptables.patch
15
@@ -0,0 +1,34 @@
16
1
From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= <alfonso.sanchez-beato@canonical.com>
17
2
Date: Thu, 18 Jul 2019 17:48:39 +0200
18
3
Subject: [PATCH] snap: pass NM env vars when calling iptables
19
4
20
5
This is necessary so LD_LIBRARY_PATH is passed down to iptables so it is
21
6
able to find the libraries included in the snap package.
22
7
---
23
8
 src/nm-act-request.c | 3 +--
24
9
 1 file changed, 1 insertion(+), 2 deletions(-)
25
10
26
11
diff --git a/src/nm-act-request.c b/src/nm-act-request.c
27
12
index 87070794..bcf3e0bb 100644
28
13
--- a/src/nm-act-request.c
29
14
+++ b/src/nm-act-request.c
30
15
@@ -309,7 +309,6 @@ nm_act_request_set_shared (NMActRequest *req, gboolean shared)
31
16
 	/* Send the rules to iptables */
32
17
 	for (iter = list; iter; iter = g_slist_next (iter)) {
33
18
 		ShareRule *rule = (ShareRule *) iter->data;
34
19
-		char *envp[1] = { NULL };
35
20
 		gs_strfreev char **argv = NULL;
36
21
 		gs_free char *cmd = NULL;
37
22
 
38
23
@@ -327,7 +326,7 @@ nm_act_request_set_shared (NMActRequest *req, gboolean shared)
39
24
 			GError *error = NULL;
40
25
 
41
26
 			nm_log_info (LOGD_SHARING, "Executing: %s", cmd);
42
27
-			if (!g_spawn_sync ("/", argv, envp, G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDERR_TO_DEV_NULL,
43
28
+			if (!g_spawn_sync ("/", argv, NULL, G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDERR_TO_DEV_NULL,
44
29
 			                   NULL, NULL, NULL, NULL, &status, &error)) {
45
30
 				nm_log_warn (LOGD_SHARING, "Error executing command: %s",
46
31
 				             error->message);
47
32
-- 
48
33
2.17.1
49
34
50
diff --git a/snap-common/bin/networkmanager b/snap-common/bin/networkmanager
51
index 0ee19a1..bb8131b 100755
52
--- a/snap-common/bin/networkmanager
53
+++ b/snap-common/bin/networkmanager
54
@@ -31,6 +31,11 @@ mkdir -p "$SNAP_DATA"/conf.d
55
31
mkdir -p "$SNAP_DATA"/state
31
mkdir -p "$SNAP_DATA"/state
56
32
mkdir -p "$SNAP_DATA"/state/dhcp
32
mkdir -p "$SNAP_DATA"/state/dhcp
57
33
33
58
34
# Folders needed by dnsmasq
59
35
mkdir -p "$SNAP_DATA"/var/lib/misc
60
36
mkdir -p "$SNAP_DATA"/etc
61
37
mkdir -p "$SNAP_DATA"/var/run
62
38
63
34
# Apply current snapctl settings
39
# Apply current snapctl settings
64
35
. "$SNAP"/bin/snap-config.sh
40
. "$SNAP"/bin/snap-config.sh
65
36
apply_snap_config
41
apply_snap_config
66
diff --git a/snap-common/usr/share/doc/dnsmasq/copyright b/snap-common/usr/share/doc/dnsmasq/copyright
67
37
new file mode 100644
42
new file mode 100644
68
index 0000000..d516e43
69
--- /dev/null
70
+++ b/snap-common/usr/share/doc/dnsmasq/copyright
71
@@ -0,0 +1,21 @@
72
1
dnsmasq is Copyright (c) 2000-2018 Simon Kelley
73
2
74
3
It was downloaded from: http://www.thekelleys.org.uk/dnsmasq/
75
4
76
5
   This program is free software; you can redistribute it and/or modify
77
6
   it under the terms of the GNU General Public License as published by
78
7
   the Free Software Foundation; version 2 dated June, 1991, or
79
8
   (at your option) version 3 dated 29 June, 2007.
80
9
 
81
10
   This program is distributed in the hope that it will be useful,
82
11
   but WITHOUT ANY WARRANTY; without even the implied warranty of
83
12
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
84
13
   GNU General Public License for more details.
85
14
86
15
On Debian GNU/Linux systems, the text of the GNU general public license is 
87
16
available in the file /usr/share/common-licenses/GPL-2 or 
88
17
/usr/share/common-licenses/GPL-3
89
18
90
19
The Debian package of dnsmasq was created by Simon Kelley with assistance 
91
20
from Lars Bahner.
92
21
93
diff --git a/snap-patch/dnsmasq.patch b/snap-patch/dnsmasq.patch
94
0
new file mode 100644
22
new file mode 100644
95
index 0000000..fbd6904
96
--- /dev/null
97
+++ b/snap-patch/dnsmasq.patch
98
@@ -0,0 +1,102 @@
99
1
From 8e829e18fc739f05b1a25cc40ce1722f65831950 Mon Sep 17 00:00:00 2001
100
2
From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?=
101
3
 <alfonso.sanchez-beato@canonical.com>
102
4
Date: Tue, 25 Jun 2019 17:36:41 +0200
103
5
Subject: [PATCH] snap: do not tinker with uid/gid, change fixed paths
104
6
105
7
---
106
8
 src/config.h  |  6 +++---
107
9
 src/dnsmasq.c | 30 +++++++++++++++---------------
108
10
 2 files changed, 18 insertions(+), 18 deletions(-)
109
11
110
12
diff --git a/src/config.h b/src/config.h
111
13
index ecefb87..25b92ba 100644
112
14
--- a/src/config.h
113
15
+++ b/src/config.h
114
16
@@ -190,7 +190,7 @@ RESOLVFILE
115
17
 #   elif defined(__ANDROID__)
116
18
 #      define LEASEFILE "/data/misc/dhcp/dnsmasq.leases"
117
19
 #   else
118
20
-#      define LEASEFILE "/var/lib/misc/dnsmasq.leases"
119
21
+#      define LEASEFILE "/var/snap/network-manager/current/var/lib/misc/dnsmasq.leases"
120
22
 #   endif
121
23
 #endif
122
24
 
123
25
@@ -198,7 +198,7 @@ RESOLVFILE
124
26
 #   if defined(__FreeBSD__)
125
27
 #      define CONFFILE "/usr/local/etc/dnsmasq.conf"
126
28
 #   else
127
29
-#      define CONFFILE "/etc/dnsmasq.conf"
128
30
+#      define CONFFILE "/var/snap/network-manager/current/etc/dnsmasq.conf"
129
31
 #   endif
130
32
 #endif
131
33
 
132
34
@@ -214,7 +214,7 @@ RESOLVFILE
133
35
 #   if defined(__ANDROID__)
134
36
 #      define RUNFILE "/data/dnsmasq.pid"
135
37
 #    else
136
38
-#      define RUNFILE "/var/run/dnsmasq.pid"
137
39
+#      define RUNFILE "/var/snap/network-manager/current/var/run/dnsmasq.pid"
138
40
 #    endif
139
41
 #endif
140
42
 
141
43
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
142
44
index ce44809..17c451b 100644
143
45
--- a/src/dnsmasq.c
144
46
+++ b/src/dnsmasq.c
145
47
@@ -548,8 +548,8 @@ int main (int argc, char **argv)
146
48
 		 of the directory containing the file. That directory will
147
49
 		 need to by owned by the dnsmasq user, and the ownership of the
148
50
 		 file has to match, to keep systemd >273 happy. */
149
51
-	      if (getuid() == 0 && ent_pw && ent_pw->pw_uid != 0 && fchown(fd, ent_pw->pw_uid, ent_pw->pw_gid) == -1)
150
52
-		chown_warn = errno;
151
53
+	      /* if (getuid() == 0 && ent_pw && ent_pw->pw_uid != 0 && fchown(fd, ent_pw->pw_uid, ent_pw->pw_gid) == -1) */
152
54
+	      /*   chown_warn = errno; */
153
55
 
154
56
 	      if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
155
57
 		err = 1;
156
58
@@ -595,16 +595,16 @@ int main (int argc, char **argv)
157
59
   if (!option_bool(OPT_DEBUG) && getuid() == 0)   
158
60
     {
159
61
       int bad_capabilities = 0;
160
62
-      gid_t dummy;
161
63
+      /* gid_t dummy; */
162
64
       
163
65
       /* remove all supplementary groups */
164
66
-      if (gp && 
165
67
-	  (setgroups(0, &dummy) == -1 ||
166
68
-	   setgid(gp->gr_gid) == -1))
167
69
-	{
168
70
-	  send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
169
71
-	  _exit(0);
170
72
-	}
171
73
+      /* if (gp &&  */
172
74
+      /*     (setgroups(0, &dummy) == -1 || */
173
75
+      /*      setgid(gp->gr_gid) == -1)) */
174
76
+      /*   { */
175
77
+      /*     send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname); */
176
78
+      /*     _exit(0); */
177
79
+      /*   } */
178
80
   
179
81
       if (ent_pw && ent_pw->pw_uid != 0)
180
82
 	{     
181
83
@@ -654,11 +654,11 @@ int main (int argc, char **argv)
182
84
 	    }
183
85
 	  
184
86
 	  /* finally drop root */
185
87
-	  if (setuid(ent_pw->pw_uid) == -1)
186
88
-	    {
187
89
-	      send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
188
90
-	      _exit(0);
189
91
-	    }     
190
92
+	  /* if (setuid(ent_pw->pw_uid) == -1) */
191
93
+	  /*   { */
192
94
+	  /*     send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username); */
193
95
+	  /*     _exit(0); */
194
96
+	  /*   }      */
195
97
 
196
98
 #ifdef HAVE_LINUX_NETWORK
197
99
 	  if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
198
100
-- 
199
101
2.17.1
200
102
201
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
202
index da71965..7480dc5 100644
203
--- a/snap/snapcraft.yaml
204
+++ b/snap/snapcraft.yaml
205
@@ -50,11 +50,35 @@ apps:
206
50
    command: bin/networkmanager
50
    command: bin/networkmanager
207
51
    daemon: simple
51
    daemon: simple
208
52
    slots: [service]
52
    slots: [service]
210
53
    plugs: [modem-manager, ppp, network-setup-observe, wpa, firewall-control, hardware-observe]
53
    plugs: [modem-manager, ppp, network-setup-observe, wpa, firewall-control, hardware-observe, kernel-module-control]
211
54
212
55
layout:
213
56
  /usr/lib/x86_64-linux-gnu/xtables:
214
57
    bind: $SNAP/usr/lib/x86_64-linux-gnu/xtables
215
58
216
54
parts:
59
parts:
217
55
  networkmanager-common:
60
  networkmanager-common:
218
56
    plugin: dump
61
    plugin: dump
219
57
    source: snap-common
62
    source: snap-common
220
63
221
64
  dnsmasq:
222
65
    plugin: make
223
66
    source: https://git.launchpad.net/ubuntu/+source/dnsmasq
224
67
    source-type: git
225
68
    source-branch: applied/ubuntu/bionic
226
69
    build-packages:
227
70
      - build-essential
228
71
    make-parameters:
229
72
      - PREFIX=/
230
73
    override-build: |
231
74
      git apply ../../../snap-patch/dnsmasq.patch
232
75
      snapcraftctl build
233
76
    filesets:
234
77
      binaries:
235
78
        - sbin/dnsmasq
236
79
    prime:
237
80
      - $binaries
238
81
239
58
  #
82
  #
240
59
  # TODO: investigate whether this HACK is still needed. The script
83
  # TODO: investigate whether this HACK is still needed. The script
241
60
  # dhcp-lease-mover relies on inotifywait to determine if any DHCP
84
  # dhcp-lease-mover relies on inotifywait to determine if any DHCP
242
@@ -288,6 +312,7 @@ parts:
243
288
        - usr/lib/*/libteamdctl*
312
        - usr/lib/*/libteamdctl*
244
289
        - usr/lib/*/libwind*
313
        - usr/lib/*/libwind*
245
290
        - usr/lib/*/libxtables*
314
        - usr/lib/*/libxtables*
246
315
        - usr/lib/*/xtables/*
247
291
      unwanted:
316
      unwanted:
248
292
        # We don't use dhclient so we don't need this helper
317
        # We don't use dhclient so we don't need this helper
249
293
        - -usr/lib/NetworkManager/nm-dhcp-helper
318
        - -usr/lib/NetworkManager/nm-dhcp-helper
Status:	Merged
Approved by:	Tony Espy on 2019-07-19
Approved revision:	7e79ba7d7a32bb4747cddd37a04ebc7eeaac7b6d
Merged at revision:	4eaf370bc6c1944c3d40bfbe0d074cb0ff121044
Proposed branch:	~alfonsosanchezbeato/network-manager:add-wifi-ap-support
Merge into:	network-manager:snap-1.10
Diff against target:	249 lines (+189/-1) 6 files modified debian/patches/series (+1/-0) debian/patches/set-ld-library-path-for-iptables.patch (+34/-0) snap-common/bin/networkmanager (+5/-0) snap-common/usr/share/doc/dnsmasq/copyright (+21/-0) snap-patch/dnsmasq.patch (+102/-0) snap/snapcraft.yaml (+26/-1)
Related bugs:	Link a bug report
Reviewer	Review Type	Date Requested	Status
System Enablement Bot	continuous-integration	2019-06-26	Approve on 2019-07-19
Sebastien Bacher			Approve on 2019-07-18
Konrad Zapałowicz (community)			Approve on 2019-07-11
Review via email: mp+369325@code.launchpad.net