From e6558e254184db1ac826b6a0d7e4583bbaa234e3 Mon Sep 17 00:00:00 2001
From: Olivier Gayot <olivier.gayot@canonical.com>
Date: Tue, 16 Dec 2025 14:30:41 +0100
Subject: [PATCH] ubuntu: add a filter for snaps too

We now filter snaps using jq rather than grep. The change has a slight impact
because snapd-desktop-integration was filtered out by "grep snapd" but isn't
filtered out anymore with jq.

Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
---
 debian/changelog                               |  1 +
 .../hooks/030-ubuntu-live-system-seed.binary   | 18 +++++++++++++-----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 0f6fe88d..c40f8753 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,7 @@ livecd-rootfs (26.04.12) UNRELEASED; urgency=medium
     - if we decide to override the definition of a snap (i.e., by taking in
       from a different model), we also need to override the definition of its
       components.
+  * desktop: refactor how we filter the snaps when overriding
 
  -- Olivier Gayot <olivier.gayot@canonical.com>  Tue, 16 Dec 2025 14:54:17 +0100
 
diff --git a/live-build/ubuntu/hooks/030-ubuntu-live-system-seed.binary b/live-build/ubuntu/hooks/030-ubuntu-live-system-seed.binary
index 24aa5974..e3e5f1ca 100644
--- a/live-build/ubuntu/hooks/030-ubuntu-live-system-seed.binary
+++ b/live-build/ubuntu/hooks/030-ubuntu-live-system-seed.binary
@@ -31,15 +31,23 @@ json.dump(yaml.safe_load(sys.stdin), sys.stdout, default=str)
 
 
 # Use jq to retrieve a list of --snap options from a given *signed* model.
-get_snaps_args()
+get_snaps_args_excluding()
 {
     local model=$1
 
+    shift
+
     # The model is signed and is not valid YAML unless we get rid of the
     # signature. Here we assume the only blank line is before the signature.
     sed '/^$/,$d' -- "$model" \
      | yaml_to_json \
-     | jq --raw-output '.snaps[] | "--snap=" + .name + "=" + .["default-channel"]'
+     | jq --raw-output '.snaps[] | select(.name | IN($ARGS.positional[]) | not) | "--snap=" + .name + "=" + .["default-channel"]' --args "$@"
+}
+
+# Use jq to retrieve a list of --snap options from a given *signed* model.
+get_snaps_args()
+{
+    get_snaps_args_excluding "$1"
 }
 
 _get_components_filtered()
@@ -140,13 +148,13 @@ else
     # allows us to override snaps. But we don't want all snaps from edge like
     # the dangerous model has, we want most of them from stable excluding:
     # * snapd (for TPM/FDE)
+    # * snapd-desktop-integration (for TPM/FDE)
     # * firmware-updater (for TPM/FDE)
     # * desktop-security-center (for TPM/FDE)
-    snaps_from_dangerous=(snapd firmware-updater desktop-security-center)
+    snaps_from_dangerous=(snapd snapd-desktop-integration firmware-updater desktop-security-center)
     while read -r snap_arg; do
         prepare_args+=("$snap_arg")
-    done < <(get_snaps_args "$stable_model" \
-    | grep -v -F -e snapd -e firmware-updater -e desktop-security-center)
+    done < <(get_snaps_args_excluding "$stable_model" "${snaps_from_dangerous[@]}")
 
     for comp in $(get_components_excluding "$stable_model" "${snaps_from_dangerous[@]}"); do
         components+=("$comp")