Classic confinement request for Ubuntu MATE Welcome and Software Boutique


#1

I’d like to request classic confinements for ubuntu-mate-welcome (name registration pending review) and software-boutique. As a team we are keen to deploy these applications as snaps so we can deliver continual updates and improvements to the users of Ubuntu MATE. Up until now we’ve used PPAs to deliver updates to users.

The requirement for classic confinement is because both applications are capable of installing software using AptDaemon, and snapd-glib support will also land soon for some application installs. Both applications are snapped and hooked up to the build farm on Launchpad to build snaps for all supported architectures.

Ubuntu MATE Welcome

Provides end user documentation, support/community links and a post install “wizard” that offers one click installation of system monitoring/debugging tools and additional drivers for some peripherals/hardware. Installs are currently brokered via AptDaemon.

Software Boutique

This is our “software center” application that offers a curated selection of software (~150 applications). Installs are currently brokered via AptDaemon but support for snapd-glib will land very soon.


#2

@jdstrand @evan Any feedback on this?


#3

@Wimpress - this one needs feedback from @niemeyer.

The fact that it uses AptDaemon is good since it is protected by polkit and the default policies should prompt for anything other than triggering upgrades. I’m curious if this would work in strict mode if we had an interface for apt-daemon (you could try to install in strict and add a single dbus rule: dbus bus=system, as a start (just grants all to the system bus, but this would demonstrate that the snap truly only does things over dbus)).


#4

GNOME Software has been granted classic confinement, see the comments from @niemeyer here:

I’m more than happy to work towards confining Welcome and Software Boutique but as Gustavo notes the interfaces to do so are not currently available.


#5

I am +1 on classic. This would not work as strict today. I would like to see us investigate whether we can get there once auto-starting support lands, and with interfaces for aptdaemon (dbus) and snapd (snapd-control).

I understand that if the Ubuntu MATE team don’t get this done soon, they’ll miss the deadline and the Boutique will have to be a deb. Classic snaps are an improvement over that deb.


Transfer budgie-welcome to upstream account
#6

Please note that classic confinement for these variants of installer snaps are being evaluated on a case by case basis. This snap is different from gnome-software and so I asked @niemeyer to weigh in.

Please also note that my question regarding testing strict was not meant to block this request, but to gather the requirements (which is part of the process for granting classic). If (iiuc) the only reason the snap is classic is for talking to AptDaemon then we can work towards creating an AptDaemon interface. Assuming this is granted classic, you could use classic until that interface is written.


#7

Good day all on this thread.

Just a heads up, but I’m watching this thread with great interest, as we (Ubuntu Budgie) will also be making a request for classic confinement for our welcome app as well very shortly (Just waiting for a store transfer). Or use case and reasoning is pretty much identical to @Wimpress.


#8

Yep, I understood the point you’re making. Sorry my reply didn’t make that clear. Hopefully I’ll have some time at the weekend to experiment with this.


#9

I’ve not had the time to test these applications using strictly confinement yet, it is on my TODO list but I have limited time right now.

@jdstrand @evan Are these applications to be granted classic confinement so we can transition to the snaps or should we continue with the debs?


#10

I’m waiting for @niemeyer to comment before granting classic.


#11

@jdstrand I think we can open an exception for classic confinement for that sort of application, with the following rationale:

  1. These are image frontend applications, which means they are being shipped in the image itself by the image builders
  2. The particular image (the Linux distribution or flavor) needs to have a visible community behind it that would justify the snap to be publicly available
  3. The snap name, summary, and description need to clearly describe that use case, so people wouldn’t risk installing it without intending to

On that last point, I see a pattern of <distro name>-welcome for this sort of snap on the two requests we got. It sounds like a good one. As a detail, one of those has the “ubuntu-” prefix, while the other doesn’t. Can we agree on doing one or the other consistently?

(cc @bashfulrobot)


Classic Confinement Request: budgie-welcome
Process for reviewing classic confinement snaps
#12

@niemeyer Thanks for the comments.

@bashfulrobot Can I suggest you name the budgie-welcome snap as ubuntu-budgie-welcome, since it is intended to be a distro specific application, right?

We already have some guards around how Ubuntu MATE Welcome behaves when run on something other than Ubuntu MATE, those need expanding slightly in the snap to cater for the case where is may be installed on a non-Ubuntu distro.


#13

Hi @Wimpress - we can rename. It makes sense. We are planning on adding some checks and balances in the app itself for distro specifics. But that will likely come post 18.04 (unless we can squeeze it in).


#14

This makes sense to me. I’ll capture your criteria in the ‘process’ topic.


#15

@Wimpress - are you planning to rename software-boutique to ubuntu-software-boutique?


#16

FYI, I was about to approve ‘ubuntu-mate-welcome’ but it doesn’t appear to be in the store yet. Please respond here whenever its ready for review.


#17

Done: Process for reviewing classic confinement snaps


#18

@niemeyer - please also consider that there is also a request for software-boutique which sounds like gnome-software for MATE. Also note that we did not require that gnome-software be prefixed with <distro name>- (not surprising since the criteria came up after gnome-software :wink: ). I wonder if we want to adjust your point ‘3’ accordingly. Honestly, I like it as is and am kinda wondering if gnome-software should be changed to ubuntu-gnome-software since I doubt the snap would be able to install rpms on Fedora for example (maybe it can, I don’t know).


#19

Software Boutique is intended to be a general purpose “store” which is why it is not prefixed.


#20

@Wimpress That is an amazing approach. Out of context here (not snap related), but is it branded generic, or still Ubuntu mate? I know you had spoken about allowing branding to a degree.