Classic confinement for rust-bindgen

liushuyu · June 14, 2024, 2:30pm

Hi there,

I would like to request the classic confinement for rust-bindgen Snap. It’s a Rust-related build tool that needs unrestricted file access to system development files (mainly C/C++ headers).

Thanks!

0xnishit · June 19, 2024, 12:00pm

Hi @liushuyu ,

The link you provided is not working, can you please elaborate more on what the snap does, and what kind of error you’re facing while confining the snap in strict env? Also for “classic” you need to make sure your snap lands in one of the supported categories here

thanks

alexmurray · September 4, 2024, 4:30am

Ping @liushuyu - this request cannot proceed without your response.

alexmurray · September 18, 2024, 2:36am

@liushuyu as stated above, this request is still waiting on input from you - can you please respond, otherwise we will close it on our side after another 7 days of inactivity. Thanks.

liushuyu · September 18, 2024, 5:47pm

This is now addressed. rust-bindgen is set to “public” now. Previously, there was an issue with the Launchpad builder, but it seems to have been fixed recently.

pfsmorigo · September 25, 2024, 8:19pm

Hello @liushuyu , just to clarify, your request for classic is no longer required, right?

liushuyu · September 25, 2024, 8:36pm

I’m sorry, but the request for classic is still required because the system needs to read C/C++ development files.

jslarraz · October 1, 2024, 8:40am

Hey @liushuyu

So rust-bindgen automatically generates Rust FFI bindings to C (and some C++) libraries. Thus, it clearly needs access to the development files (mainly C/C++ headers).

However, rust-bindgen does not seems to fit very well in any of the supported categories for classic. I wonder if access to the required files via system-files (/var/lib/snapd/hostfs/usr/include ) would be more appropriate for this requirement

alexmurray · October 2, 2024, 1:54am

Hmm rust-bindgen feels like a compiler to me… and so would fit in that supported category, right?

liushuyu · October 2, 2024, 2:53am

The issue here is, aside from /usr/include, it might also need to access other locations if the user specified extra include paths (just like clang or GCC). The path might be inside /usr/lib(where we put cross-compilers) if some compile builtin headers are used.

I think rust-bindgen could be classified as a compiler, except it ingests C/C++ sources and outputs Rust source files instead of assembly or binary.

alexmurray · October 2, 2024, 3:46am

A compiler takes inputs and produces outputs - which is what rust-bindgen does.

Also it needs access to system installed headers etc, very much like a traditional C/C++ compiler. So I still think this fits quite clearly into this category. As such, the requirements for classic confinement are understood. I have vetted the publisher. This is now live.

liushuyu · October 2, 2024, 5:03pm

Hi there,

I can see the ppc64el and s390x builds are still in the “pending review” state while the other builds are approved for release. Is this expected?

alexmurray · October 2, 2024, 9:23pm

Apologies, they need to be queued manually and it appears I forgot to do these last two. Done.