Classic confinement request for Plenti

Plenti is a static site generator command-line tool. Part of its fundamental purpose is to generate website scaffolding (folders and files), which it is unable to do with strict confinement.

The project is open source and the code can be reviewed here:

This request is related to this specific issue:

classic confinement is not usually required for snaps like this - instead strict confinement with the use of the home (and optionally removable-media) interfaces is usually sufficient (see the existing hugo snap as an example) - it looks like this snap does not plug home interface at the moment - so you should add something like the following to the snapcraft.yaml and switch confinement back to strict and this should support most use-cases:

    command: plenti
      - home
      - removable-media

Ok excellent! Thank you for the help @alexmurray, I’ll give this a shot!

1 Like

Adding a plug for the home interface fixed the issue of not being able to write to the filesystem, thanks for the help! I also added network-bind to fix port issues when running a local webserver:

One thing I’m still having trouble with is executing third party scripts, namely when you create a new website Plenti runs npm install behind the scenes. Then when building the static assets it uses the user’s system nodejs to execute a custom build.js file (to compile svelte components). I’ve looked through the supported interfaces but I’m not sure exactly what I’d need to add. Is there a plug I can add to accomplish this without needing manual review? Thank you!

Unfortunately execution of scripts which are not provided by the snap itself (ie from the host environment) is not possible when using strict confinement. If this is a common use-case for Plenti then classic confinement may be the only appropriate option.

Thanks for following up Alex. The way the build is currently setup it needs to run NodeJS. Down the road we might re-architect but unfortunately we don’t have a good way to compile svelte without node for the foreseeable future.

Is there anything you need for me to further the review for classic confinement? Thank you for the help!

You could bundle npm and nodejs inside the snap for plenti - then you will be able to execute these bundled versions fine as they are part of the snap and still operate under strict confinement.

I was thinking that might be a good idea, is the best way to accomplish this with a “parts” declaration?

I tried that on my last build:

Unfortunately it failed because I’m using Goreleaser which doesn’t currently support it:

If using “parts” is the right way to accomplish bundling npm and node with the app, I’ll follow up on that issue with goreleaser. Thanks!

parts can be used to achieve this if you want to say build them from source etc - the other option is to use stage-packages or stage-snaps with the current part if there is an existing package in the Ubuntu archive / existing snap in the store which you could use.

I am removing this request for classic confinement from our internal queue as it looks like you should be able to use parts / stage-packages etc and stage npm / nodejs. If you require further assistance in using parts / stage-packages, I suggest creating a new post under the snapcraft category.

Sounds good, thank you for the assistance Alex!