From 8bc09a160b0561ae26a211d8c7d66bf9bec03a6d Mon Sep 17 00:00:00 2001
From: Michael Vogt <mvo@ubuntu.com>
Date: Fri, 12 Jul 2019 17:55:16 +0200
Subject: [PATCH 1/4] Run "snap debug validate-seed" to do basic validation of
 the geerated seed.yaml

---
 debian/control        | 2 +-
 live-build/auto/build | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/debian/control b/debian/control
index 1b8b558c..73519d8b 100644
--- a/debian/control
+++ b/debian/control
@@ -34,7 +34,7 @@ Depends: ${misc:Depends},
          python3-yaml,
          qemu-utils,
          rsync,
-         snapd,
+         snapd (>= 2.39),
          squashfs-tools (>= 1:3.3-1),
          sudo,
          u-boot-tools [armhf arm64],
diff --git a/live-build/auto/build b/live-build/auto/build
index 74630174..72d95202 100755
--- a/live-build/auto/build
+++ b/live-build/auto/build
@@ -529,6 +529,11 @@ if [ -z "$PASSES" ] && [ -e "$PREFIX.manifest" ]; then
 	./config/snap-seed-parse "chroot/" "$PREFIX.manifest"
 fi
 
+# Do basic validation of generated snapd seed.yaml.
+if [ -e chroot/var/lib/snapd/seed/seed.yaml ]; then
+    snap debug validate-seed chroot/var/lib/snapd/seed/seed.yaml
+fi
+
 # ubuntu-core splits kernel stuff into a "device" tarball so
 # at this point we reset it to "none" as all the work to extract it was done already
 # in a binary hook

From ac717bff4069103382153230cdf7865a94e06190 Mon Sep 17 00:00:00 2001
From: Michael Vogt <mvo@ubuntu.com>
Date: Mon, 15 Jul 2019 17:32:28 +0200
Subject: [PATCH 2/4] live-build: move snap seed validation into
 preinstall_snaps (thanks to rcj)

---
 live-build/auto/build | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/live-build/auto/build b/live-build/auto/build
index 72d95202..4b827f9d 100755
--- a/live-build/auto/build
+++ b/live-build/auto/build
@@ -88,6 +88,11 @@ preinstall_snaps() {
 		snap_preseed chroot "${snap}"
 	done
 	lb chroot_resolv remove
+
+        # Do basic validation of generated snapd seed.yaml.
+        if [ -e chroot/var/lib/snapd/seed/seed.yaml ]; then
+            snap debug validate-seed chroot/var/lib/snapd/seed/seed.yaml
+        fi
 }
 
 rm -f binary.success
@@ -529,11 +534,6 @@ if [ -z "$PASSES" ] && [ -e "$PREFIX.manifest" ]; then
 	./config/snap-seed-parse "chroot/" "$PREFIX.manifest"
 fi
 
-# Do basic validation of generated snapd seed.yaml.
-if [ -e chroot/var/lib/snapd/seed/seed.yaml ]; then
-    snap debug validate-seed chroot/var/lib/snapd/seed/seed.yaml
-fi
-
 # ubuntu-core splits kernel stuff into a "device" tarball so
 # at this point we reset it to "none" as all the work to extract it was done already
 # in a binary hook

From 248efab2fd24bc6d3bd190519cc091056495bb71 Mon Sep 17 00:00:00 2001
From: Michael Vogt <mvo@ubuntu.com>
Date: Mon, 15 Jul 2019 20:12:33 +0200
Subject: [PATCH 3/4] live-build: move snap seed validation into snap_preseed

---
 live-build/auto/build |  5 -----
 live-build/functions  | 11 ++++++++++-
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/live-build/auto/build b/live-build/auto/build
index 4b827f9d..74630174 100755
--- a/live-build/auto/build
+++ b/live-build/auto/build
@@ -88,11 +88,6 @@ preinstall_snaps() {
 		snap_preseed chroot "${snap}"
 	done
 	lb chroot_resolv remove
-
-        # Do basic validation of generated snapd seed.yaml.
-        if [ -e chroot/var/lib/snapd/seed/seed.yaml ]; then
-            snap debug validate-seed chroot/var/lib/snapd/seed/seed.yaml
-        fi
 }
 
 rm -f binary.success
diff --git a/live-build/functions b/live-build/functions
index 8eff0a90..a07fff55 100644
--- a/live-build/functions
+++ b/live-build/functions
@@ -635,6 +635,15 @@ snap_preseed() {
             touch "$CHROOT_ROOT/var/lib/snapd/seed/.snapd-explicit-install-stamp"
             ;;
     esac
+
+    
+    # Do basic validation of generated snapd seed.yaml, doing it here
+    # means we catch all the places(tm) that snaps are added but the
+    # downside is that each time a snap is added the seed must be valid,
+    # i.e. snaps with bases need to add bases first etc.
+    if [ -e chroot/var/lib/snapd/seed/seed.yaml ]; then
+        snap debug validate-seed chroot/var/lib/snapd/seed/seed.yaml
+    fi
 }
 
 snap_from_seed() {
@@ -892,4 +901,4 @@ replace_kernel () {
         install --assume-yes "${new_kernel}" 
     env DEBIAN_FRONTEND=noninteractive chroot "${mountpoint}" apt-get \
         autoremove --purge --assume-yes
-}
\ No newline at end of file
+}

From 4fb73c2b19127018d3bb9d08a2f791b66c67ee79 Mon Sep 17 00:00:00 2001
From: Michael Vogt <mvo@ubuntu.com>
Date: Tue, 16 Jul 2019 08:29:09 +0200
Subject: [PATCH 4/4] functions: use CHROOT_ROOT in snap_preseed

---
 live-build/functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/live-build/functions b/live-build/functions
index a07fff55..d17e846d 100644
--- a/live-build/functions
+++ b/live-build/functions
@@ -642,7 +642,7 @@ snap_preseed() {
     # downside is that each time a snap is added the seed must be valid,
     # i.e. snaps with bases need to add bases first etc.
     if [ -e chroot/var/lib/snapd/seed/seed.yaml ]; then
-        snap debug validate-seed chroot/var/lib/snapd/seed/seed.yaml
+        snap debug validate-seed "$CHROOT_ROOT/var/lib/snapd/seed/seed.yaml"
     fi
 }