From 4f16274879f86849a432c707d3bb94f987835dfd Mon Sep 17 00:00:00 2001
From: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Date: Thu, 12 Mar 2026 18:06:38 +0100
Subject: [PATCH 1/2] snapcraft: add nss-snapd part

This ships a (so far) inert nss plugin that resolves user identity and
group information according to the SNAP_USER environment variable
that must be injected by snapd via "snap-run" mechanism.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
---
 snapcraft.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/snapcraft.yaml b/snapcraft.yaml
index ebaa8795..be85bcae 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -48,6 +48,13 @@ parts:
       copyright: usr/share/doc/plymouth-theme-ubuntu-core/copyright
     stage:
       - -README.md
+  nss-snapd:
+    plugin: make
+    source: https://github.com/canonical/nss-snapd.git
+    source-type: git
+    make-parameters:
+      - prefix=/usr
+      - libdir=/usr/lib/${CRAFT_ARCH_TRIPLET_BUILD_FOR}
   bootstrap:
     after:
       - base

From 01a0bc08a0b268945fefd7c95e40366888e97f2d Mon Sep 17 00:00:00 2001
From: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Date: Fri, 13 Mar 2026 15:23:18 +0100
Subject: [PATCH 2/2] hooks: wire nss-snapd into nsswitch.conf

This wires the previously inert nss plugin to the passwd and group
database resolvers.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
---
 hook-tests/002-setup_user.test | 4 ++++
 hooks/002-setup_user.chroot    | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/hook-tests/002-setup_user.test b/hook-tests/002-setup_user.test
index ec104e77..1adaab4a 100755
--- a/hook-tests/002-setup_user.test
+++ b/hook-tests/002-setup_user.test
@@ -5,3 +5,7 @@ set -e
 for prefix in passwd group shadow; do
     grep -q "^${prefix}:.*extrausers" etc/nsswitch.conf
 done
+
+for prefix in passwd group; do
+    grep -q "^${prefix}:.*snapd" etc/nsswitch.conf
+done
diff --git a/hooks/002-setup_user.chroot b/hooks/002-setup_user.chroot
index ad07b0e1..a0f2bee1 100755
--- a/hooks/002-setup_user.chroot
+++ b/hooks/002-setup_user.chroot
@@ -24,8 +24,8 @@ for name in gshadow shadow; do
 done
 
 # Enable libnss-extrusers
-sed -i 's/^passwd:.*files/\0 extrausers/' /etc/nsswitch.conf
-sed -i 's/^group:.*files/\0 extrausers/' /etc/nsswitch.conf
+sed -i 's/^passwd:.*files/\0 extrausers snapd/' /etc/nsswitch.conf
+sed -i 's/^group:.*files/\0 extrausers snapd/' /etc/nsswitch.conf
 sed -i 's/^shadow:.*files/\0 extrausers/' /etc/nsswitch.conf
 
 # Enable pam configuration for extrausers