Autoconnect request for snap savedesktop

The snap savedesktop is a backup tool. It backs up the current config of the desktop and imports it from the file. This app copies the files under .local, .config and some other DE specific folders in a tar file, which the user later can import and sync through local network(not to any internet drive). This also needs to logout the entire desktop to do proper restoration. Thus the following plugs are necessary to be auto-connected.

    interface: personal-files
      - $HOME/.config
      - $HOME/.local
      - $HOME/.themes
      - $HOME/.icons
      - $HOME/.xfce4
      - $HOME/.fonts
      - $HOME/.cinnamon

# slots:
#   savedesktop:
#     interface: dbus
#     bus: session
#     name: io.github.vikdevelop.SaveDesktop

    extensions: [gnome]
    command: usr/bin/
    desktop: usr/share/applications/io.github.vikdevelop.SaveDesktop.desktop
    common-id: io.github.vikdevelop.SaveDesktop.desktop
      - home
      - network
      - login-session-control

Need auto-connect for dot-folders and login-session-control. If needed I can change the plug name.

Here is a link to repository source code (with the whole file snapcraft.yaml):

@review-team please, review this request.

vikdevelop, developer of the app.

ping @Igor kindly look into this. Publisher vetting also needed here. Kindly look into them.

The Store team decides what kind of vetting is required, and how to direct the requests. Let’s leave it to them to look into this and figure out the next step.

Actually it’s almost a week now, so, I thought to ping you on this. Thanks for the info.

@review-team @alexmurray can this review be done a little fast now? It’s been more than a week now. Please look into this.

@odysseus-k @lofidevops as the main store team folks here, can you please take a look at this as mentioned by Igor earlier?

Any updates on this?

@dclane can you look into this also?

My opinion on this one is that dot-folders access, especially write access, is generally pretty sensitive/powerful and so perhaps this is best left as a manual connection and you could prompt & warn the user if the plug is not connected. I’ll give a tentative -1 auto-connecting dot-folders, but certainly other @reviewers are welcome to disagree.

The biggest problem is, even if we use portals to save to these folders, if we try to set the initial directory in the file dialog, it’ll show one such popup, which is the case in my app too, that requires access to .local/share/applications.

A major issue here is that granting write access to the requested directories, allows for escape confinement. Please see a related discussion in Request for personal-files interface in Chromium for ~/.local/share/applications - #4 by alexmurray.

Pinging @odysseus-k and @lofidevops here again to see if next steps were defined.

Well, if I may, I would like to give some suggestions on this:

  1. Allow this to only open-source snaps(so that anyone can verify it)
  2. Allow auto-connect only if the app upstream/developer confirms by showing their code that they don’t write to those folders directly.
  3. With every new release, the maintainers must create a post in forum asking continuation of the autoconnection and if they don’t after a week, revoke the auto-connection. Thus, malicious changes done in new releases, can’t be pushed to the users.
  4. Backup apps should be given some space. This app falls into that category as it takes backup of the current desktop. If an app can qualify even for the classic confinement, why not this.

Elaborating point - 2:

As I showed in my screenshot(it’s my WIP desktop file installer/editor app), even if I/devs use the portals to get the path, if they want to open up that path with Gtk.FileDialog::set_initial_folder or in flutter(my case) FilePicker/ FileSelector::setinitialDirectory, it’ll show that popup, No permission to folder .local/share/applications and the process will not complete, until the user clicks the okay button. Else, in my app, I made it work, even without using the home plug.

@emitorino As per the Process for aliases, auto-connections and tracks the next step here would be for a reviewer or architect (not necessarily someone from the Store team) to tally the results and provide a short summary. In this specific scenario, the outcome would be a rejection of this request if the current voting remains unchanged.

Can atleast the plug be allowed, and not auto connected?

I fully agree with @dclane, write access to dot-folders is very sensitive/powerful and we must be very cautious to grant it. Thus, I’ll also give a -1 to auto-connectdot-folders. However, considering the purpose of the snap I’ll support manually connectthe dot-folders interface, +1 from me.

1 Like

Yes, +1 for a installation and connection of dot-folders, without auto-connect.

1 Like

FYI @reviewers - before granting this, since this permission allows sandbox escape, publisher vetting is required first.

@vikdevelop Pinging you as you’re needed here now

I am publisher and developer of this app.