Move {app-emulation -> app-containers}/snapd

Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

6 files changed, 621 insertions, 0 deletions

diff --git a/app-containers/snapd/Manifest b/app-containers/snapd/Manifest
new file mode 100644
index 000000000000..b364f6d00cdc
--- /dev/null
+++ b/app-containers/snapd/Manifest
@@ -0,0 +1,3 @@
+DIST snapd-2.53.1.tar.xz 4713180 BLAKE2B 8c46c7257eeb7794d082833448ea30dbeee5ebec3b36dcec1e3d6c9e8b00121319829ceaf354c055a0edd9032f3d74b66823be0f640860b931c461e607b89485 SHA512 167c84fdf5df151c9d06774677649c365a6fd1fbbc68900c060c775fffaa51bf7bfee5a62900035fae3bd5ad1d637bb381fe15e8277a93acc6409028b36ef780
+DIST snapd-2.53.2.tar.xz 4714868 BLAKE2B 8ce0358a31c095e90c17b01a0229b665655949f91b4094b6b426f6df07794c1633497ee9edbb9d175aa920e7ac3b39316631a985b1e57f6cb15ef2fa56fd3321 SHA512 414f819b1590e6324c3f5141ccfa60141fd42f0e0160ad78d1937ad57bc2313de54af9b7718d956a9db9981954fcbe75e80556c6544bff99ac6da9db5142c014
+DIST snapd-2.53.4.tar.xz 4722696 BLAKE2B c4347db8d5a14b30f1e8811e9425dd7419dd2dcad02fc1cb6a51968cd7fa6a58da2b172c041de02202cbdba1072cb0a7a92d7f92def5c5dc1e253cbcbad86aae SHA512 0b4164d3c3c3ccc99b3fa1e25d9e7e3184a5f94deca5fd83bd6d4c7761b41d6ebd5fefd1e87432a5e18c716b3330b3991134f179e1b03326edd9511ebea4ef9a
diff --git a/app-containers/snapd/files/README.gentoo b/app-containers/snapd/files/README.gentoo
new file mode 100644
index 000000000000..f2e34601802e
--- /dev/null
+++ b/app-containers/snapd/files/README.gentoo
@@ -0,0 +1,56 @@
+*Security Alert*
+
+Application confinement may be automatically disabled if snapd
+fails to detect the required features. If you would like to disable
+this automatic behavior, causing snapd to panic if its confinement
+feature detection fails, then use this setting in package.use:
+
+    app-emulation/snapd -forced-devmode
+
+Use this command to enable the snapd service:
+
+	systemctl enable snapd.socket
+
+You can source /etc/profile.d/snapd.sh in your shell in order to
+update PATH and XDG_DATA_DIRS environment variables to include
+installed snaps.
+
+Once you have snapd running (first refer to the *AppArmor Section*
+below if you have that enabled), see the snap-store installation
+instructions here:
+
+	https://snapcraft.io/docs/installing-snap-store-app
+
+If snap-store does not work correctly then it may be due to a temporary
+service outage which will hopefully be reported on this page:
+
+	https://status.snapcraft.io/
+
+When snap-store is not working due to a service outage, it may still
+be possible to install apps via the snap cli. See snap --help for
+details. Many apps can be installed without a snap store (Ubuntu One)
+account. The snap login, logout, and whoami subcommands are available
+to manage snap store account details.
+
+Note that you will need a polkit authentication agent running in
+order to authenticate as root when installing snaps as a non-root user.
+The agent is typically started by a desktop entry found in
+/etc/xdg/autostart such as one of these:
+
+	polkit-gnome-authentication-agent-1.desktop
+	polkit-kde-authentication-agent-1.desktop
+
+*AppArmor Section*
+
+When apparmor is enabled you should enable these services:
+
+	systemctl enable apparmor.service snapd.apparmor.service
+
+You also need it enabled in your kernel and you may need to add these
+kernel parameters to your boot loader configuration:
+
+	apparmor=1 security=apparmor
+
+Refer here for more information about apparmor:
+
+	https://wiki.gentoo.org/wiki/AppArmor
diff --git a/app-containers/snapd/metadata.xml b/app-containers/snapd/metadata.xml
new file mode 100644
index 000000000000..82446241f723
--- /dev/null
+++ b/app-containers/snapd/metadata.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>zmedico@gentoo.org</email>
+		<name>Zac Medico</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">snapcore/snapd</remote-id>
+	</upstream>
+	<use>
+		<flag name="apparmor">
+			Enable AppArmor support.
+		</flag>
+		<flag name="cgroup-hybrid">
+			Default to hybrid (legacy) cgroup hierarchy instead of unified (modern).
+		</flag>
+		<flag name="forced-devmode">
+			Automatically disable application confinement if feature detection fails.
+		</flag>
+	</use>
+</pkgmetadata>
diff --git a/app-containers/snapd/snapd-2.53.1.ebuild b/app-containers/snapd/snapd-2.53.1.ebuild
new file mode 100644
index 000000000000..3eb5f9353258
--- /dev/null
+++ b/app-containers/snapd/snapd-2.53.1.ebuild
@@ -0,0 +1,180 @@
+# Copyright 2020-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+EGO_PN="github.com/snapcore/${PN}"
+inherit autotools bash-completion-r1 golang-vcs-snapshot linux-info readme.gentoo-r1 systemd xdg-utils
+
+DESCRIPTION="Service and tools for management of snap packages"
+HOMEPAGE="http://snapcraft.io/"
+
+MY_S="${S}/src/github.com/snapcore/${PN}"
+
+SRC_URI="https://github.com/snapcore/${PN}/releases/download/${PV}/${PN}_${PV}.vendor.tar.xz -> ${P}.tar.xz"
+MY_PV=${PV}
+KEYWORDS="~amd64"
+
+LICENSE="GPL-3 Apache-2.0 BSD BSD-2 LGPL-3-with-linking-exception MIT"
+SLOT="0"
+IUSE="apparmor +cgroup-hybrid +forced-devmode gtk kde systemd"
+REQUIRED_USE="!forced-devmode? ( apparmor cgroup-hybrid ) systemd"
+
+CONFIG_CHECK="~CGROUPS
+		~CGROUP_DEVICE
+		~CGROUP_FREEZER
+		~NAMESPACES
+		~SQUASHFS
+		~SQUASHFS_ZLIB
+		~SQUASHFS_LZO
+		~SQUASHFS_XZ
+		~BLK_DEV_LOOP
+		~SECCOMP
+		~SECCOMP_FILTER"
+
+RDEPEND="
+	sys-libs/libseccomp:=
+	apparmor? (
+		sec-policy/apparmor-profiles
+		sys-apps/apparmor:=
+	)
+	dev-libs/glib
+	virtual/libudev
+	systemd? ( sys-apps/systemd[cgroup-hybrid(+)?] )
+	sys-libs/libcap:=
+	sys-fs/squashfs-tools[lzma]"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+	>=dev-lang/go-1.9
+	dev-python/docutils
+	sys-devel/gettext
+	sys-fs/xfsprogs"
+
+PDEPEND="sys-auth/polkit[gtk?,kde?]"
+
+README_GENTOO_SUFFIX=""
+
+pkg_setup() {
+	if use apparmor; then
+		CONFIG_CHECK+=" ~SECURITY_APPARMOR"
+	fi
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+	# Update apparmor profile to allow libtinfow.so*
+	sed -i 's/libtinfo/libtinfo{,w}/' \
+		"${MY_S}/cmd/snap-confine/snap-confine.apparmor.in" || die
+
+	if ! use forced-devmode; then
+		sed -e 's#return !apparmorFull#if !apparmorFull {\n\t\tpanic("USE=forced-devmode is disabled")\n\t}\n\treturn false#' \
+			-i "${MY_S}/sandbox/forcedevmode.go" || die
+		grep -q 'panic("USE=forced-devmode is disabled")' "${MY_S}/sandbox/forcedevmode.go" || die "failed to disable forced-devmode"
+	fi
+
+	sed -i 's:command -v git >/dev/null:false:' -i "${MY_S}/mkversion.sh" || die
+
+	pushd "${MY_S}" >/dev/null || die
+	./mkversion.sh "${PV}"
+	popd >/dev/null || die
+	pushd "${MY_S}/cmd" >/dev/null || die
+	eautoreconf
+}
+
+src_configure() {
+	SNAPD_MAKEARGS=(
+		"BINDIR=${EPREFIX}/usr/bin"
+		"DBUSSERVICESDIR=${EPREFIX}/usr/share/dbus-1/services"
+		"LIBEXECDIR=${EPREFIX}/usr/lib"
+		"SNAP_MOUNT_DIR=${EPREFIX}/var/lib/snapd/snap"
+		"SYSTEMDSYSTEMUNITDIR=$(systemd_get_systemunitdir)"
+	)
+	export CGO_ENABLED="1"
+	export CGO_CFLAGS="${CFLAGS}"
+	export CGO_CPPFLAGS="${CPPFLAGS}"
+	export CGO_CXXFLAGS="${CXXFLAGS}"
+
+	pushd "${MY_S}/cmd" >/dev/null || die
+	econf --libdir="${EPREFIX}/usr/lib" \
+		--libexecdir="${EPREFIX}/usr/lib/snapd" \
+		$(use_enable apparmor) \
+		--enable-nvidia-biarch \
+		--with-snap-mount-dir="${EPREFIX}/var/lib/snapd/snap"
+}
+
+src_compile() {
+	export -n GOCACHE XDG_CACHE_HOME
+	export GO111MODULE=off GOBIN="${S}/bin" GOPATH="${S}"
+
+	local file
+	for file in "${MY_S}/po/"*.po; do
+		msgfmt "${file}" -o "${file%.po}.mo" || die
+	done
+
+	emake -C "${MY_S}/data" "${SNAPD_MAKEARGS[@]}"
+
+	local -a flags=(-buildmode=pie -ldflags "-s -linkmode external -extldflags '${LDFLAGS}'" -trimpath)
+	local -a staticflags=(-buildmode=pie -ldflags "-s -linkmode external -extldflags '${LDFLAGS} -static'" -trimpath)
+
+	local cmd
+	for cmd in snap snapd snap-bootstrap snap-failure snap-preseed snap-recovery-chooser snap-repair snap-seccomp; do
+		go build -o "${GOBIN}/${cmd}" "${flags[@]}" \
+		    -v -x "github.com/snapcore/${PN}/cmd/${cmd}"
+		[[ -e "${GOBIN}/${cmd}" ]] || die "failed to build ${cmd}"
+	done
+	for cmd in snapctl snap-exec snap-update-ns; do
+		go build -o "${GOBIN}/${cmd}" "${staticflags[@]}" \
+		    -v -x "github.com/snapcore/${PN}/cmd/${cmd}"
+		[[ -e "${GOBIN}/${cmd}" ]] || die "failed to build ${cmd}"
+	done
+}
+
+src_install() {
+	emake -C "${MY_S}/data" install "${SNAPD_MAKEARGS[@]}" DESTDIR="${D}"
+	emake -C "${MY_S}/cmd" install "${SNAPD_MAKEARGS[@]}" DESTDIR="${D}"
+
+	if use apparmor; then
+		mv "${ED}/etc/apparmor.d/usr.lib.snapd.snap-confine"{,.real} || die
+		keepdir /var/lib/snapd/apparmor/profiles
+	fi
+	keepdir /var/lib/snapd/{apparmor/snap-confine,cache,cookie,snap,void}
+	fperms 700 /var/lib/snapd/{cache,cookie}
+
+	dobin "${GOBIN}/"{snap,snapctl}
+	ln "${ED}/usr/bin/snapctl" "${ED}/usr/lib/snapd/snapctl" || die
+
+	exeinto /usr/lib/snapd
+	doexe "${GOBIN}/"{snapd,snap-bootstrap,snap-failure,snap-exec,snap-preseed,snap-recovery-chooser,snap-repair,snap-seccomp,snap-update-ns} \
+		"${MY_S}/"{cmd/snap-discard-ns/snap-discard-ns,cmd/snap-gdb-shim/snap-gdb-shim,cmd/snap-mgmt/snap-mgmt} \
+		"${MY_S}/data/completion/bash/"{complete.sh,etelpmoc.sh,}
+
+	dobashcomp "${MY_S}/data/completion/bash/snap"
+
+	insinto /usr/share/zsh/site-functions
+	doins "${MY_S}/data/completion/zsh/_snap"
+
+	insinto "/usr/share/polkit-1/actions"
+	doins "${MY_S}/data/polkit/io.snapcraft.snapd.policy"
+
+	dodoc "${MY_S}/packaging/ubuntu-16.04/changelog"
+	domo "${MY_S}/po/"*.mo
+
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+	xdg_desktop_database_update
+
+	if use apparmor && [[ -z ${ROOT} && -e /sys/kernel/security/apparmor/profiles &&
+		$(wc -l < /sys/kernel/security/apparmor/profiles) -gt 0 ]]; then
+		apparmor_parser -r "${EPREFIX}/etc/apparmor.d/usr.lib.snapd.snap-confine.real"
+	fi
+}
+
+pkg_postrm() {
+	xdg_desktop_database_update
+}
diff --git a/app-containers/snapd/snapd-2.53.2.ebuild b/app-containers/snapd/snapd-2.53.2.ebuild
new file mode 100644
index 000000000000..3eb5f9353258
--- /dev/null
+++ b/app-containers/snapd/snapd-2.53.2.ebuild
@@ -0,0 +1,180 @@
+# Copyright 2020-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+EGO_PN="github.com/snapcore/${PN}"
+inherit autotools bash-completion-r1 golang-vcs-snapshot linux-info readme.gentoo-r1 systemd xdg-utils
+
+DESCRIPTION="Service and tools for management of snap packages"
+HOMEPAGE="http://snapcraft.io/"
+
+MY_S="${S}/src/github.com/snapcore/${PN}"
+
+SRC_URI="https://github.com/snapcore/${PN}/releases/download/${PV}/${PN}_${PV}.vendor.tar.xz -> ${P}.tar.xz"
+MY_PV=${PV}
+KEYWORDS="~amd64"
+
+LICENSE="GPL-3 Apache-2.0 BSD BSD-2 LGPL-3-with-linking-exception MIT"
+SLOT="0"
+IUSE="apparmor +cgroup-hybrid +forced-devmode gtk kde systemd"
+REQUIRED_USE="!forced-devmode? ( apparmor cgroup-hybrid ) systemd"
+
+CONFIG_CHECK="~CGROUPS
+		~CGROUP_DEVICE
+		~CGROUP_FREEZER
+		~NAMESPACES
+		~SQUASHFS
+		~SQUASHFS_ZLIB
+		~SQUASHFS_LZO
+		~SQUASHFS_XZ
+		~BLK_DEV_LOOP
+		~SECCOMP
+		~SECCOMP_FILTER"
+
+RDEPEND="
+	sys-libs/libseccomp:=
+	apparmor? (
+		sec-policy/apparmor-profiles
+		sys-apps/apparmor:=
+	)
+	dev-libs/glib
+	virtual/libudev
+	systemd? ( sys-apps/systemd[cgroup-hybrid(+)?] )
+	sys-libs/libcap:=
+	sys-fs/squashfs-tools[lzma]"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+	>=dev-lang/go-1.9
+	dev-python/docutils
+	sys-devel/gettext
+	sys-fs/xfsprogs"
+
+PDEPEND="sys-auth/polkit[gtk?,kde?]"
+
+README_GENTOO_SUFFIX=""
+
+pkg_setup() {
+	if use apparmor; then
+		CONFIG_CHECK+=" ~SECURITY_APPARMOR"
+	fi
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+	# Update apparmor profile to allow libtinfow.so*
+	sed -i 's/libtinfo/libtinfo{,w}/' \
+		"${MY_S}/cmd/snap-confine/snap-confine.apparmor.in" || die
+
+	if ! use forced-devmode; then
+		sed -e 's#return !apparmorFull#if !apparmorFull {\n\t\tpanic("USE=forced-devmode is disabled")\n\t}\n\treturn false#' \
+			-i "${MY_S}/sandbox/forcedevmode.go" || die
+		grep -q 'panic("USE=forced-devmode is disabled")' "${MY_S}/sandbox/forcedevmode.go" || die "failed to disable forced-devmode"
+	fi
+
+	sed -i 's:command -v git >/dev/null:false:' -i "${MY_S}/mkversion.sh" || die
+
+	pushd "${MY_S}" >/dev/null || die
+	./mkversion.sh "${PV}"
+	popd >/dev/null || die
+	pushd "${MY_S}/cmd" >/dev/null || die
+	eautoreconf
+}
+
+src_configure() {
+	SNAPD_MAKEARGS=(
+		"BINDIR=${EPREFIX}/usr/bin"
+		"DBUSSERVICESDIR=${EPREFIX}/usr/share/dbus-1/services"
+		"LIBEXECDIR=${EPREFIX}/usr/lib"
+		"SNAP_MOUNT_DIR=${EPREFIX}/var/lib/snapd/snap"
+		"SYSTEMDSYSTEMUNITDIR=$(systemd_get_systemunitdir)"
+	)
+	export CGO_ENABLED="1"
+	export CGO_CFLAGS="${CFLAGS}"
+	export CGO_CPPFLAGS="${CPPFLAGS}"
+	export CGO_CXXFLAGS="${CXXFLAGS}"
+
+	pushd "${MY_S}/cmd" >/dev/null || die
+	econf --libdir="${EPREFIX}/usr/lib" \
+		--libexecdir="${EPREFIX}/usr/lib/snapd" \
+		$(use_enable apparmor) \
+		--enable-nvidia-biarch \
+		--with-snap-mount-dir="${EPREFIX}/var/lib/snapd/snap"
+}
+
+src_compile() {
+	export -n GOCACHE XDG_CACHE_HOME
+	export GO111MODULE=off GOBIN="${S}/bin" GOPATH="${S}"
+
+	local file
+	for file in "${MY_S}/po/"*.po; do
+		msgfmt "${file}" -o "${file%.po}.mo" || die
+	done
+
+	emake -C "${MY_S}/data" "${SNAPD_MAKEARGS[@]}"
+
+	local -a flags=(-buildmode=pie -ldflags "-s -linkmode external -extldflags '${LDFLAGS}'" -trimpath)
+	local -a staticflags=(-buildmode=pie -ldflags "-s -linkmode external -extldflags '${LDFLAGS} -static'" -trimpath)
+
+	local cmd
+	for cmd in snap snapd snap-bootstrap snap-failure snap-preseed snap-recovery-chooser snap-repair snap-seccomp; do
+		go build -o "${GOBIN}/${cmd}" "${flags[@]}" \
+		    -v -x "github.com/snapcore/${PN}/cmd/${cmd}"
+		[[ -e "${GOBIN}/${cmd}" ]] || die "failed to build ${cmd}"
+	done
+	for cmd in snapctl snap-exec snap-update-ns; do
+		go build -o "${GOBIN}/${cmd}" "${staticflags[@]}" \
+		    -v -x "github.com/snapcore/${PN}/cmd/${cmd}"
+		[[ -e "${GOBIN}/${cmd}" ]] || die "failed to build ${cmd}"
+	done
+}
+
+src_install() {
+	emake -C "${MY_S}/data" install "${SNAPD_MAKEARGS[@]}" DESTDIR="${D}"
+	emake -C "${MY_S}/cmd" install "${SNAPD_MAKEARGS[@]}" DESTDIR="${D}"
+
+	if use apparmor; then
+		mv "${ED}/etc/apparmor.d/usr.lib.snapd.snap-confine"{,.real} || die
+		keepdir /var/lib/snapd/apparmor/profiles
+	fi
+	keepdir /var/lib/snapd/{apparmor/snap-confine,cache,cookie,snap,void}
+	fperms 700 /var/lib/snapd/{cache,cookie}
+
+	dobin "${GOBIN}/"{snap,snapctl}
+	ln "${ED}/usr/bin/snapctl" "${ED}/usr/lib/snapd/snapctl" || die
+
+	exeinto /usr/lib/snapd
+	doexe "${GOBIN}/"{snapd,snap-bootstrap,snap-failure,snap-exec,snap-preseed,snap-recovery-chooser,snap-repair,snap-seccomp,snap-update-ns} \
+		"${MY_S}/"{cmd/snap-discard-ns/snap-discard-ns,cmd/snap-gdb-shim/snap-gdb-shim,cmd/snap-mgmt/snap-mgmt} \
+		"${MY_S}/data/completion/bash/"{complete.sh,etelpmoc.sh,}
+
+	dobashcomp "${MY_S}/data/completion/bash/snap"
+
+	insinto /usr/share/zsh/site-functions
+	doins "${MY_S}/data/completion/zsh/_snap"
+
+	insinto "/usr/share/polkit-1/actions"
+	doins "${MY_S}/data/polkit/io.snapcraft.snapd.policy"
+
+	dodoc "${MY_S}/packaging/ubuntu-16.04/changelog"
+	domo "${MY_S}/po/"*.mo
+
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+	xdg_desktop_database_update
+
+	if use apparmor && [[ -z ${ROOT} && -e /sys/kernel/security/apparmor/profiles &&
+		$(wc -l < /sys/kernel/security/apparmor/profiles) -gt 0 ]]; then
+		apparmor_parser -r "${EPREFIX}/etc/apparmor.d/usr.lib.snapd.snap-confine.real"
+	fi
+}
+
+pkg_postrm() {
+	xdg_desktop_database_update
+}
diff --git a/app-containers/snapd/snapd-2.53.4.ebuild b/app-containers/snapd/snapd-2.53.4.ebuild
new file mode 100644
index 000000000000..3eb5f9353258
--- /dev/null
+++ b/app-containers/snapd/snapd-2.53.4.ebuild
@@ -0,0 +1,180 @@
+# Copyright 2020-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+EGO_PN="github.com/snapcore/${PN}"
+inherit autotools bash-completion-r1 golang-vcs-snapshot linux-info readme.gentoo-r1 systemd xdg-utils
+
+DESCRIPTION="Service and tools for management of snap packages"
+HOMEPAGE="http://snapcraft.io/"
+
+MY_S="${S}/src/github.com/snapcore/${PN}"
+
+SRC_URI="https://github.com/snapcore/${PN}/releases/download/${PV}/${PN}_${PV}.vendor.tar.xz -> ${P}.tar.xz"
+MY_PV=${PV}
+KEYWORDS="~amd64"
+
+LICENSE="GPL-3 Apache-2.0 BSD BSD-2 LGPL-3-with-linking-exception MIT"
+SLOT="0"
+IUSE="apparmor +cgroup-hybrid +forced-devmode gtk kde systemd"
+REQUIRED_USE="!forced-devmode? ( apparmor cgroup-hybrid ) systemd"
+
+CONFIG_CHECK="~CGROUPS
+		~CGROUP_DEVICE
+		~CGROUP_FREEZER
+		~NAMESPACES
+		~SQUASHFS
+		~SQUASHFS_ZLIB
+		~SQUASHFS_LZO
+		~SQUASHFS_XZ
+		~BLK_DEV_LOOP
+		~SECCOMP
+		~SECCOMP_FILTER"
+
+RDEPEND="
+	sys-libs/libseccomp:=
+	apparmor? (
+		sec-policy/apparmor-profiles
+		sys-apps/apparmor:=
+	)
+	dev-libs/glib
+	virtual/libudev
+	systemd? ( sys-apps/systemd[cgroup-hybrid(+)?] )
+	sys-libs/libcap:=
+	sys-fs/squashfs-tools[lzma]"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+	>=dev-lang/go-1.9
+	dev-python/docutils
+	sys-devel/gettext
+	sys-fs/xfsprogs"
+
+PDEPEND="sys-auth/polkit[gtk?,kde?]"
+
+README_GENTOO_SUFFIX=""
+
+pkg_setup() {
+	if use apparmor; then
+		CONFIG_CHECK+=" ~SECURITY_APPARMOR"
+	fi
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+	# Update apparmor profile to allow libtinfow.so*
+	sed -i 's/libtinfo/libtinfo{,w}/' \
+		"${MY_S}/cmd/snap-confine/snap-confine.apparmor.in" || die
+
+	if ! use forced-devmode; then
+		sed -e 's#return !apparmorFull#if !apparmorFull {\n\t\tpanic("USE=forced-devmode is disabled")\n\t}\n\treturn false#' \
+			-i "${MY_S}/sandbox/forcedevmode.go" || die
+		grep -q 'panic("USE=forced-devmode is disabled")' "${MY_S}/sandbox/forcedevmode.go" || die "failed to disable forced-devmode"
+	fi
+
+	sed -i 's:command -v git >/dev/null:false:' -i "${MY_S}/mkversion.sh" || die
+
+	pushd "${MY_S}" >/dev/null || die
+	./mkversion.sh "${PV}"
+	popd >/dev/null || die
+	pushd "${MY_S}/cmd" >/dev/null || die
+	eautoreconf
+}
+
+src_configure() {
+	SNAPD_MAKEARGS=(
+		"BINDIR=${EPREFIX}/usr/bin"
+		"DBUSSERVICESDIR=${EPREFIX}/usr/share/dbus-1/services"
+		"LIBEXECDIR=${EPREFIX}/usr/lib"
+		"SNAP_MOUNT_DIR=${EPREFIX}/var/lib/snapd/snap"
+		"SYSTEMDSYSTEMUNITDIR=$(systemd_get_systemunitdir)"
+	)
+	export CGO_ENABLED="1"
+	export CGO_CFLAGS="${CFLAGS}"
+	export CGO_CPPFLAGS="${CPPFLAGS}"
+	export CGO_CXXFLAGS="${CXXFLAGS}"
+
+	pushd "${MY_S}/cmd" >/dev/null || die
+	econf --libdir="${EPREFIX}/usr/lib" \
+		--libexecdir="${EPREFIX}/usr/lib/snapd" \
+		$(use_enable apparmor) \
+		--enable-nvidia-biarch \
+		--with-snap-mount-dir="${EPREFIX}/var/lib/snapd/snap"
+}
+
+src_compile() {
+	export -n GOCACHE XDG_CACHE_HOME
+	export GO111MODULE=off GOBIN="${S}/bin" GOPATH="${S}"
+
+	local file
+	for file in "${MY_S}/po/"*.po; do
+		msgfmt "${file}" -o "${file%.po}.mo" || die
+	done
+
+	emake -C "${MY_S}/data" "${SNAPD_MAKEARGS[@]}"
+
+	local -a flags=(-buildmode=pie -ldflags "-s -linkmode external -extldflags '${LDFLAGS}'" -trimpath)
+	local -a staticflags=(-buildmode=pie -ldflags "-s -linkmode external -extldflags '${LDFLAGS} -static'" -trimpath)
+
+	local cmd
+	for cmd in snap snapd snap-bootstrap snap-failure snap-preseed snap-recovery-chooser snap-repair snap-seccomp; do
+		go build -o "${GOBIN}/${cmd}" "${flags[@]}" \
+		    -v -x "github.com/snapcore/${PN}/cmd/${cmd}"
+		[[ -e "${GOBIN}/${cmd}" ]] || die "failed to build ${cmd}"
+	done
+	for cmd in snapctl snap-exec snap-update-ns; do
+		go build -o "${GOBIN}/${cmd}" "${staticflags[@]}" \
+		    -v -x "github.com/snapcore/${PN}/cmd/${cmd}"
+		[[ -e "${GOBIN}/${cmd}" ]] || die "failed to build ${cmd}"
+	done
+}
+
+src_install() {
+	emake -C "${MY_S}/data" install "${SNAPD_MAKEARGS[@]}" DESTDIR="${D}"
+	emake -C "${MY_S}/cmd" install "${SNAPD_MAKEARGS[@]}" DESTDIR="${D}"
+
+	if use apparmor; then
+		mv "${ED}/etc/apparmor.d/usr.lib.snapd.snap-confine"{,.real} || die
+		keepdir /var/lib/snapd/apparmor/profiles
+	fi
+	keepdir /var/lib/snapd/{apparmor/snap-confine,cache,cookie,snap,void}
+	fperms 700 /var/lib/snapd/{cache,cookie}
+
+	dobin "${GOBIN}/"{snap,snapctl}
+	ln "${ED}/usr/bin/snapctl" "${ED}/usr/lib/snapd/snapctl" || die
+
+	exeinto /usr/lib/snapd
+	doexe "${GOBIN}/"{snapd,snap-bootstrap,snap-failure,snap-exec,snap-preseed,snap-recovery-chooser,snap-repair,snap-seccomp,snap-update-ns} \
+		"${MY_S}/"{cmd/snap-discard-ns/snap-discard-ns,cmd/snap-gdb-shim/snap-gdb-shim,cmd/snap-mgmt/snap-mgmt} \
+		"${MY_S}/data/completion/bash/"{complete.sh,etelpmoc.sh,}
+
+	dobashcomp "${MY_S}/data/completion/bash/snap"
+
+	insinto /usr/share/zsh/site-functions
+	doins "${MY_S}/data/completion/zsh/_snap"
+
+	insinto "/usr/share/polkit-1/actions"
+	doins "${MY_S}/data/polkit/io.snapcraft.snapd.policy"
+
+	dodoc "${MY_S}/packaging/ubuntu-16.04/changelog"
+	domo "${MY_S}/po/"*.mo
+
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+	xdg_desktop_database_update
+
+	if use apparmor && [[ -z ${ROOT} && -e /sys/kernel/security/apparmor/profiles &&
+		$(wc -l < /sys/kernel/security/apparmor/profiles) -gt 0 ]]; then
+		apparmor_parser -r "${EPREFIX}/etc/apparmor.d/usr.lib.snapd.snap-confine.real"
+	fi
+}
+
+pkg_postrm() {
+	xdg_desktop_database_update
+}