Classic confinement request for Notable

I’m the developer behind Notable: https://snapcraft.io/notable

I’m asking for the ability to push the app with “classic” confinement.

Without it the app doesn’t function properly, it currently can’t even update the files it itself created, which I don’t understand. It’s an Electron app bundled with electron-builder and I see no other way to enable the app to function properly other than switching to the classic confinement.

The app needs arbitrary access to the filesystem as notes can be stored anywhere and exported anywhere, additionally when opening a note with a third-party editor, which is a feature my users use frequently, the user is being prompted with a permission dialog, each time the very same note is being opened by a third-party editor, which is super annoying and I don’t understand the reason for being so strict.

The current version of the app shipped in the store has been publicized by the Snapcraftio Twitter account and right there I’ve got one potential user reporting this issue there. My understanding is that the app might be featured in the store next week, I’d be a shame if available version of the app wouldn’t be able to function properly so I’d like to get this fixed as soon as possible.

Thanks.

Ps. the 2 links limitation for new users doesn’t make sense, I can’t even post a bloody relevant link.

The requirement to to launch external editors is the main problem here. As it’s a note manager which launches external binaries, I see no other option than classic right now.

So +1 from me, and I’ve done the necessary vetting.

Another use case for this I’ll have soon: apparently I need to spawn up some shell processes in order to retrieve the possible image contained in the clipboard under Windows and Linux.

Can we get this sorted soon? I’d really like to be able to ship a usable snap in the store.

It is not clear to me that classic confinement is absolutely required - I would be suprised if it was only a small percentage of users who wanted to use notable to access notes outside their home directory or from external media (and so in these cases for strict confinement plugging the home and removable-media interfaces would give the vast majority of users all the access they would need).

If you need to spawn a shell process to access the clipboard, then you should plug the desktop interface and ship whatever binaries you need inside the snap to do this rather than relying on anything from the host environment.

I understand that launching external editors is only possible with classic confinement however as notable provides it’s own markdown editor, I assume this is the most used interface for note editing and so it is not clear to me that spawning an external editor is core functionality. However, our guidelines for classic confinement do include applications which need to launch external configured commands from the host so this is somewhere in between the two.

Note the making a snap classic does provide a small barrier to installation as there are some users who may not wish to install a classic snap since it does not provide the usual isolation guarantees of strict confinement.

As such, I believe if as the developer and publisher of notable that you really wish for it to be granted classic confinement in light of this, then this can be done to support this external editor use-case, but in my opinion strict confinement would be a better option.

It is not clear to me that classic confinement is absolutely required

I’m not sure about that either, but whatever the case might be I don’t have the man power to address all the issues, and there are many, the alternative is just pulling the app from the store.

I would be suprised if it was only a small percentage of users who wanted to use notable to access notes outside their home directory or from external media (and so in these cases for strict confinement plugging the home and removable-media interfaces would give the vast majority of users all the access they would need).

I don’t have any numbers on this, but I for one store my notes elsewhere. Supporting “most” users is not good enough.

If you need to spawn a shell process to access the clipboard, then you should plug the desktop interface and ship whatever binaries you need inside the snap to do this rather than relying on anything from the host environment.

I’m not sure it would be best to ship stuff like xclip (https://github.com/mushanshitiancai/vscode-paste-image/blob/master/res/linux.sh) with my app, and I surely don’t want to spend time figuring out how to compile it myself for all archs/distros. Plus I’m not sure just shipping these sorts of binaries with the app will be ok as far as the sandbox is concerned

I understand that launching external editors is only possible with classic confinement however as notable provides it’s own markdown editor, I assume this is the most used interface for note editing and so it is not clear to me that spawning an external editor is core functionality.

It doesn’t matter one bit how core this functionality is to the app. There actually are in fact a surprising amount of people who use this feature, the built-in editor doesn’t even have a search bar and surely doesn’t support all the fancy plugins one might have in a standalone general text editor.

Note the making a snap classic does provide a small barrier to installation as there are some users who may not wish to install a classic snap since it does not provide the usual isolation guarantees of strict confinement.

The alternative is a broken snap so I don’t see this as an issue.

As such, I believe if as the developer and publisher of notable that you really wish for it to be granted classic confinement in light of this, then this can be done to support this external editor use-case, but in my opinion strict confinement would be a better option.

Yes, let’s do it please.

Strict confinement is not a viable option right now, the other option at this point in time is just pulling the broken snap from the store. In the future, when more resources are available to me, I’d be happy to allocate some of those toward trying to make the app work under the strict sandbox if that’s possible.

I think this got lost in somebody’s inbox, can somebody please get me out of this limbo and either allow me to publish a functioning app or tell me to pull the current one out of the store?

Apologies for the delay - thanks for re-upping this - the requirements are understood re external editors etc, and the necessary vetting has been done. Granting classic confinement for notable. This is now live.

Thank you very much!

I’ve just now pushed a working version of the app to the store.