[snaps] make it more optional

2019-06-30 09:10:11 +02:00 · 2019-06-30 09:10:11 +02:00 · 1b32aa25b8
commit 1b32aa25b8
parent ba2ffebf86
2 changed files with 12 additions and 3 deletions
--- a/lib/util-iso-image.sh
+++ b/lib/util-iso-image.sh
@ -218,12 +218,22 @@ configure_journald(){

 configure_services(){
    info "Configuring services"
+    use_apparmor="false"
+    apparmor_boot_args=""
    for svc in ${enable_systemd[@]}; do
        add_svc_sd "$1" "$svc"
+        [[ "$svc" == "apparmor" ]] && use_apparmor="true"
    done
    for svc in ${enable_systemd_live[@]}; do
        add_svc_sd "$1" "$svc"
+        [[ "$svc" == "apparmor" ]] && use_apparmor="true"
    done
+
+    if [[ ${use_apparmor} == 'true' ]]; then
+        msg2 "Enable apparmor kernel parameters"
+        apparmor_boot_args="'apparmor=1' 'security=apparmor'"
+    fi
+
    info "Done configuring services"
 }

--- a/lib/util-iso.sh
+++ b/lib/util-iso.sh
@ -246,6 +246,7 @@ function seed_snaps() {
    local SEED_SNAPS="${strict_snaps} ${classic_snaps}"

    if [[ -n "${strict_snaps}" ]] || [[ -n "${classic_snaps}" ]]; then
+        msg2 "Configuring snaps"
        # Preseeded snaps should be downloaded from a versioned channel
        rm -rfv "$1/${SEED_DIR}"
        mkdir -p "$1/${SEED_DIR}/snaps"
@ -265,8 +266,6 @@ function seed_snaps() {
        # Runs outside the container.
        snap known model > /tmp/generic.model
        snap prepare-image --arch amd64 --classic /tmp/generic.model "${SEED_LIST[@]}" "$1"
-
-        snap_boot_args="'apparmor=1' 'security=apparmor'"
    else
        msg2 "No snaps found in profile. Skipping adding snaps"
    fi
@ -423,7 +422,7 @@ make_image_boot() {

 configure_grub(){
    local default_args="misobasedir=${iso_name} misolabel=${iso_label}" \
-        boot_args=('quiet' 'systemd.show_status=1' ${snap_boot_args})
+        boot_args=('quiet' 'systemd.show_status=1' ${apparmor_boot_args})

    sed -e "s|@DIST_NAME@|${dist_name}|g" \
        -e "s|@ARCH@|${target_arch}|g" \