I’d like to request classic confinements for ubuntu-mate-welcome (name registration pending review) and software-boutique. As a team we are keen to deploy these applications as snaps so we can deliver continual updates and improvements to the users of Ubuntu MATE. Up until now we’ve used PPAs to deliver updates to users.
The requirement for classic confinement is because both applications are capable of installing software using AptDaemon, and snapd-glib support will also land soon for some application installs. Both applications are snapped and hooked up to the build farm on Launchpad to build snaps for all supported architectures.
Ubuntu MATE Welcome
Provides end user documentation, support/community links and a post install “wizard” that offers one click installation of system monitoring/debugging tools and additional drivers for some peripherals/hardware. Installs are currently brokered via AptDaemon.
This is our “software center” application that offers a curated selection of software (~150 applications). Installs are currently brokered via AptDaemon but support for snapd-glib will land very soon.
The fact that it uses AptDaemon is good since it is protected by polkit and the default policies should prompt for anything other than triggering upgrades. I’m curious if this would work in strict mode if we had an interface for apt-daemon (you could try to install in strict and add a single dbus rule: dbus bus=system, as a start (just grants all to the system bus, but this would demonstrate that the snap truly only does things over dbus)).
I am +1 on classic. This would not work as strict today. I would like to see us investigate whether we can get there once auto-starting support lands, and with interfaces for aptdaemon (dbus) and snapd (snapd-control).
I understand that if the Ubuntu MATE team don’t get this done soon, they’ll miss the deadline and the Boutique will have to be a deb. Classic snaps are an improvement over that deb.
Please note that classic confinement for these variants of installer snaps are being evaluated on a case by case basis. This snap is different from gnome-software and so I asked @niemeyer to weigh in.
Please also note that my question regarding testing strict was not meant to block this request, but to gather the requirements (which is part of the process for granting classic). If (iiuc) the only reason the snap is classic is for talking to AptDaemon then we can work towards creating an AptDaemon interface. Assuming this is granted classic, you could use classic until that interface is written.
Just a heads up, but I’m watching this thread with great interest, as we (Ubuntu Budgie) will also be making a request for classic confinement for our welcome app as well very shortly (Just waiting for a store transfer). Or use case and reasoning is pretty much identical to @Wimpress.
@jdstrand I think we can open an exception for classic confinement for that sort of application, with the following rationale:
These are image frontend applications, which means they are being shipped in the image itself by the image builders
The particular image (the Linux distribution or flavor) needs to have a visible community behind it that would justify the snap to be publicly available
The snap name, summary, and description need to clearly describe that use case, so people wouldn’t risk installing it without intending to
On that last point, I see a pattern of <distro name>-welcome for this sort of snap on the two requests we got. It sounds like a good one. As a detail, one of those has the “ubuntu-” prefix, while the other doesn’t. Can we agree on doing one or the other consistently?
@bashfulrobot Can I suggest you name the budgie-welcome snap as ubuntu-budgie-welcome, since it is intended to be a distro specific application, right?
We already have some guards around how Ubuntu MATE Welcome behaves when run on something other than Ubuntu MATE, those need expanding slightly in the snap to cater for the case where is may be installed on a non-Ubuntu distro.
Hi @Wimpress - we can rename. It makes sense. We are planning on adding some checks and balances in the app itself for distro specifics. But that will likely come post 18.04 (unless we can squeeze it in).
@niemeyer - please also consider that there is also a request for software-boutique which sounds like gnome-software for MATE. Also note that we did not require that gnome-software be prefixed with <distro name>- (not surprising since the criteria came up after gnome-software ). I wonder if we want to adjust your point ‘3’ accordingly. Honestly, I like it as is and am kinda wondering if gnome-software should be changed to ubuntu-gnome-software since I doubt the snap would be able to install rpms on Fedora for example (maybe it can, I don’t know).