From 9a2aad16adff0cc9cf6d7ce8d6a7bd7cd09810bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9E=97=E5=8D=9A=E4=BB=81=28Buo-Ren=20Lin=29?=
 <Buo.Ren.Lin@gmail.com>
Date: Thu, 29 Mar 2018 17:59:48 +0800
Subject: [PATCH 1/4] Add removable-media plug so that scripts in removable
 media can be checked
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Otherwise it will be blocked by Apparmor with the following message:

```
$ shellcheck script
audit: type=1400 audit(TIMESTAMP): apparmor="DENIED" operation="open" profile="snap.shellcheck.shellcheck" name=2F6D656469612F4C696E2D42756F2D52656E2F57696E646F7773205553422F717569636B72756E pid=10175 comm="shellcheck" requested_mask="r" denied_mask="r" fsuid=FSUID ouid=OUID
script: script: openBinaryFile: permission denied (Permission denied)
```

NOTE:

* This plug is not Auto-connect plug, it has to be manually connected by user with `snap connect shellcheck:removable-media :removable-media`
* Currently files under /mnt is not checkable as snapd doesn't provide an interface for it for now.

Refer-to: Interfaces reference - Snaps are universal Linux packages <https://docs.snapcraft.io/reference/interfaces>
Signed-off-by: 林博仁(Buo-Ren Lin) <Buo.Ren.Lin@gmail.com>
---
 snap/snapcraft.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index 0854217..09fe2cc 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -22,7 +22,7 @@ confinement: strict
 apps:
   shellcheck:
     command: usr/bin/shellcheck
-    plugs: [home]
+    plugs: [home, removable-media]
 
 parts:
   shellcheck:

From 1ed743e4101b12c54ed05c53d5b58a6336cc1c24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9E=97=E5=8D=9A=E4=BB=81=28Buo-Ren=20Lin=29?=
 <Buo.Ren.Lin@gmail.com>
Date: Thu, 29 Mar 2018 20:05:52 +0800
Subject: [PATCH 2/4] Add snapcraft generated files to the Git tracking ignore
 rules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This patches uses the following gitignore syntax so that only entries in the root folder is ignored, it is suggested to apply it to existing rules as well.

```
A leading slash matches the beginning of the pathname. For
example, "/*.c" matches "cat-file.c" but not
"mozilla-sha1/sha1.c".
```

Refer-to: gitignore(5) manpage
Signed-off-by: 林博仁(Buo-Ren Lin) <Buo.Ren.Lin@gmail.com>
---
 .gitignore | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.gitignore b/.gitignore
index bdba958..6d5f1ae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,10 @@ cabal-dev
 cabal.sandbox.config
 cabal.config
 .stack-work
+
+### Snap ###
+/snap/.snapcraft/
+/stage/
+/parts/
+/prime/
+*.snap

From 366dc5d3f8b56166df8aa7406794019280e5a071 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9E=97=E5=8D=9A=E4=BB=81=28Buo-Ren=20Lin=29?=
 <Buo.Ren.Lin@gmail.com>
Date: Thu, 29 Mar 2018 20:24:31 +0800
Subject: [PATCH 3/4] Add snap install instructions to README
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Currently shellcheck is only provided by the edge channel, should remove the --channel argument after it is in candidate/stable.

Signed-off-by: 林博仁(Buo-Ren Lin) <Buo.Ren.Lin@gmail.com>
---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index d74f998..d9b5f1f 100644
--- a/README.md
+++ b/README.md
@@ -139,6 +139,10 @@ On Solus:
 
     eopkg install shellcheck
 
+From Snap Store:
+
+    snap install --channel=edge shellcheck
+
 From Docker Hub:
 
 ```sh

From 68c24925bc85116e1fef673cb621d8ebaa6d6cfc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9E=97=E5=8D=9A=E4=BB=81=28Buo-Ren=20Lin=29?=
 <Buo.Ren.Lin@gmail.com>
Date: Thu, 29 Mar 2018 23:44:23 +0800
Subject: [PATCH 4/4] Add info on connecting to removable-media interface in
 snap description
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 林博仁(Buo-Ren Lin) <Buo.Ren.Lin@gmail.com>
---
 snap/snapcraft.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index 09fe2cc..b7f0e96 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -15,6 +15,13 @@ description: |
   - To point out subtle caveats, corner cases and pitfalls that may cause an
     advanced user's otherwise working script to fail under future
     circumstances.
+
+  By default ShellCheck can only check non-hidden files under /home, to make 
+  ShellCheck be able to check files under /media and /run/media you must
+  connect it to the `removable-media` interface manually:
+
+      # snap connect shellcheck:removable-media
+  
 version: git
 grade: devel
 confinement: strict