Classic confinement request: automaton-builder


#1

Hi snapcraft team: I am the developer of automaton-builder from khipu. Automaton Builder is an tool we use inside our company to do a lot of work. We need it to be in classic confinement because it uses other tools, like xml-lint, javascript-beautifier (installed via pip) , a linter (installed via node) and other packages. We know it can be all installed inside the snap, but we want to keep it simple. Also, this tool will always be private. We do not want to distribute it to people outside our company so I think we are not a threat to ubuntu users in the wild :slight_smile:

Thanks


#2

“Wanting to keep it simple” by avoiding having it “all installed inside the snap” is not typically a reason for classic confinement. The fact that you want to keep it private is interesting and you might consider a brand store so you can distribute snaps associated with your brand as you see fit (https://docs.ubuntu.com/core/en/build-store/). Please note that there are currently no controls for ‘granting classic when private’, but maybe that is worth considering.

@pedronis and @noise - can you weigh in? This is twice in a week that I’ve seen a classic request justified because it is private. (I’d like to formalize our response on the topic)


Classic confinement request - bart
#3

Thanks!! I wasn’t aware of the brand stores. In a live snapcraft session I asked for something similiar, but they told me there were no option like that…

If it is not the right for us, I will use the beta channel and private. May be the best option is to add everything inside the snap and use the home plug only


#4

@pedronis and @noise - gentle ping (I know you’re sprinting this week)


#5

Unfortunately we can not support that case currently. We could look into adding a feature to disable classic if granted while private and then later made public, but without that there is a large hole that I’d rather not leave open. I will add this to our ideas list for consideration.

Your best bet for now is to bundle those dependencies and avoid the use of classic.


Classic confinement request - bart
#6

Based on @noise comments, I agree. Either this should bundle and be strict or a brand store should be used.