fix: set libvirt runstatedir for snap confinement#181
Conversation
Pin libvirt's runstatedir to $SNAP_COMMON/run so libvirtd can write its sockets under strict confinement (libvirt 11+ no longer derives it from localstatedir). Add python3-venv and meson to qemu's stage-packages so its mkvenv satisfies ensurepip and the pinned meson, and stage-filter them out of the final snap to avoid a python3.14 stdlib clash with the openstack-hypervisor part. Signed-off-by: Myles Penner <myles.penner@canonical.com>
gboutry
left a comment
gboutry
left a comment
There was a problem hiding this comment.
I'm not sure I get why we're getting python3-venv / meson into the runtime state?
Can't we have them just as build dependencies?
Tried that first and it doesn't work. qemu's configure uses the install-tree python (parts/qemu/install/usr/bin/python3.14), not the system one, so build-packages aren't on its import path and mkvenv fails (ensurepip missing, then meson==1.9.0 missing offline). Stage-packages put them where qemu actually looks. The stage: filter at the top of the part drops python3.14, python3, and meson from the final snap, so they're build-only in effect. |
| plugin: autotools | ||
| stage: | ||
| # python3.14 / meson are pulled in only to satisfy qemu's mkvenv during | ||
| # configure; the openstack-hypervisor part ships python at runtime, so |
There was a problem hiding this comment.
What is the configure in this comment? the configure hook of the snap or the configure step of the C build?
|
Superseded by: #182 |
3 participants
Pin libvirt's runstatedir to $SNAP_COMMON/run so libvirtd can write its sockets under strict confinement (libvirt 11+ no longer derives it from localstatedir). Add python3-venv and meson to qemu's stage-packages so its mkvenv satisfies ensurepip and the pinned meson, and stage-filter them out of the final snap to avoid a python3.14 stdlib clash with the openstack-hypervisor part.