Autoconnect request for snap savedesktop

soumyaDghosh · November 3, 2023, 6:05am

The snap savedesktop is a backup tool. It backs up the current config of the desktop and imports it from the file. This app copies the files under .local, .config and some other DE specific folders in a tar file, which the user later can import and sync through local network(not to any internet drive). This also needs to logout the entire desktop to do proper restoration. Thus the following plugs are necessary to be auto-connected.

plugs:
  dot-folders:
    interface: personal-files
    write:
      - $HOME/.config
      - $HOME/.local
      - $HOME/.themes
      - $HOME/.icons
      - $HOME/.xfce4
      - $HOME/.fonts
      - $HOME/.cinnamon

# slots:
#   savedesktop:
#     interface: dbus
#     bus: session
#     name: io.github.vikdevelop.SaveDesktop

apps:
  savedesktop:
    extensions: [gnome]
    command: usr/bin/run.sh
    desktop: usr/share/applications/io.github.vikdevelop.SaveDesktop.desktop
    common-id: io.github.vikdevelop.SaveDesktop.desktop
    plugs:
      - home
      - network
      - login-session-control

Need auto-connect for dot-folders and login-session-control. If needed I can change the plug name.

vikdevelop · November 7, 2023, 6:29pm

Here is a link to repository source code (with the whole file snapcraft.yaml): https://github.com/vikdevelop/SaveDesktop

@review-team please, review this request.

vikdevelop, developer of the app.

soumyaDghosh · November 9, 2023, 8:11pm

ping @Igor kindly look into this. Publisher vetting also needed here. Kindly look into them.

Igor · November 10, 2023, 7:11am

The Store team decides what kind of vetting is required, and how to direct the requests. Let’s leave it to them to look into this and figure out the next step.

soumyaDghosh · November 10, 2023, 7:24am

Actually it’s almost a week now, so, I thought to ping you on this. Thanks for the info.

soumyaDghosh · November 11, 2023, 5:08pm

@review-team @alexmurray can this review be done a little fast now? It’s been more than a week now. Please look into this.

alexmurray · November 13, 2023, 12:03am

@odysseus-k @lofidevops as the main store team folks here, can you please take a look at this as mentioned by Igor earlier?

soumyaDghosh · November 14, 2023, 7:24pm

Any updates on this?

soumyaDghosh · November 26, 2023, 5:22pm

@dclane can you look into this also?

dclane · November 29, 2023, 10:22am

My opinion on this one is that dot-folders access, especially write access, is generally pretty sensitive/powerful and so perhaps this is best left as a manual connection and you could prompt & warn the user if the plug is not connected. I’ll give a tentative -1 auto-connecting dot-folders, but certainly other @reviewers are welcome to disagree.

soumyaDghosh · November 29, 2023, 11:30am

The biggest problem is, even if we use portals to save to these folders, if we try to set the initial directory in the file dialog, it’ll show one such popup, which is the case in my app too, that requires access to .local/share/applications.

emitorino · November 30, 2023, 2:57pm

A major issue here is that granting write access to the requested directories, allows for escape confinement. Please see a related discussion in Request for personal-files interface in Chromium for ~/.local/share/applications - #4 by alexmurray.

Pinging @odysseus-k and @lofidevops here again to see if next steps were defined.

soumyaDghosh · November 30, 2023, 3:53pm

Well, if I may, I would like to give some suggestions on this:

Allow this to only open-source snaps(so that anyone can verify it)
Allow auto-connect only if the app upstream/developer confirms by showing their code that they don’t write to those folders directly.
With every new release, the maintainers must create a post in forum asking continuation of the autoconnection and if they don’t after a week, revoke the auto-connection. Thus, malicious changes done in new releases, can’t be pushed to the users.
Backup apps should be given some space. This app falls into that category as it takes backup of the current desktop. If an app can qualify even for the classic confinement, why not this.

Elaborating point - 2:

As I showed in my screenshot(it’s my WIP desktop file installer/editor app), even if I/devs use the portals to get the path, if they want to open up that path with Gtk.FileDialog::set_initial_folder or in flutter(my case) FilePicker/ FileSelector::setinitialDirectory, it’ll show that popup, No permission to folder .local/share/applications and the process will not complete, until the user clicks the okay button. Else, in my app, I made it work, even without using the home plug.

odysseus-k · December 1, 2023, 7:51am

@emitorino As per the Process for aliases, auto-connections and tracks the next step here would be for a reviewer or architect (not necessarily someone from the Store team) to tally the results and provide a short summary. In this specific scenario, the outcome would be a rejection of this request if the current voting remains unchanged.

soumyaDghosh · December 1, 2023, 7:59am

Can atleast the plug be allowed, and not auto connected?

jslarraz · December 4, 2023, 9:04am

I fully agree with @dclane, write access to dot-folders is very sensitive/powerful and we must be very cautious to grant it. Thus, I’ll also give a -1 to auto-connectdot-folders. However, considering the purpose of the snap I’ll support manually connectthe dot-folders interface, +1 from me.

dclane · December 5, 2023, 10:37am

Yes, +1 for a installation and connection of dot-folders, without auto-connect.

alexmurray · December 5, 2023, 10:32pm

FYI @reviewers - before granting this, since this permission allows sandbox escape, publisher vetting is required first.

soumyaDghosh · December 6, 2023, 6:23am

@vikdevelop Pinging you as you’re needed here now

vikdevelop · December 6, 2023, 6:48am

I am publisher and developer of this app.