Auto-connecting the personal-files interface for the chromium snap


#1

Some code was recently added to the chromium snap to allow importing an existing chromium profile on first run (typically if chromium was installed by another packaging system, such as apt, and used previously).

This requires read-only access to $HOME/.config/chromium.

This requires the corresponding store declaration to auto-connect the interface.

Note that my goal is to migrate the chromium-browser deb packages in Ubuntu to the snap package, and this bit of functionality is a prerequisite.

Thanks for considering it.


#2

IIRC for requesting autoconnection to *-files interfaces you also need to specify:

  • The path(s) you want to allow access
  • Whether the access is R/W or R/O

Check out Interface auto-connection request for the gallery-dl snap for an example.

UPDATE: Nevermind, the required info is mentioned in the commit from OP.


#3
diff --git a/snapcraft.yaml b/snapcraft.yaml
index 442d6d1..506498c 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -17,6 +17,7 @@ apps:
     plugs:
       - browser-sandbox
       - camera
+      - chromium-config
       - cups-control
       - desktop
       - gsettings
@@ -41,6 +42,7 @@ apps:
       # executes chromium it inherits the correct set of permissions
       - browser-sandbox
       - camera
+      - chromium-config
       - cups-control
       - desktop
       - gsettings

I wonder if these hunks are really necessary as the chromium-config plug is already enumerated in the global plugs definition?


#4

+1 to autoconnect. This is actually the canonical (little ‘c’) use case for this interface. :slight_smile:


#5

a +1 vote from me as well. The access/ownership relationship is clear.


#6

You are right, this wasn’t needed. Fixed.


#7

@oSoMoN
What if user have both deb and snap installed and use different profiles for them? Will snap profile be overwritten?


#8

No, the profile import is a one-off thing, and will happen only the first time the snap is run, when there isn’t a profile for it yet.


#9

@jdstrand, @pedronis: there are 2 votes in favour, and 0 against, is that sufficient?


#10

The voting period is now over.

2 votes for, 0 against. Granting readonly access to $HOME/.config/chromium via personal-files to the snap. This is now live.


#11

FYI, I granted this but due to a regression introduced in the last commit of the review-tools (which wasn’t caught due to a bug in the testsuite that was meant to catch this regression :\ ), the snap still doesn’t pass automated review. This is now fixed in the review-tools and I’ll need to manually approve the snap revisions until this is in production.


#12

Thanks @jdstrand. There are 13 revisions of the chromium snap currently blocked on manual review (#673 to #685), can you please unblock them? Thanks!