jbang makes it easy to run java apps/script and as such need to have access to users home directory but also be able to locate (via PATH or JAVA_HOME) and run processes based on the java, javac and in case of graalvm native-image exectuables.
I didn’t find any ways to do that unless using ‘classic’ thus hear is my request to enable that for jbang.
Thank you
Access to the user’s $HOME is provided by the home interface - however running external processes that are not shipped via the snap itself is not possible for strict mode snaps. Can you explain more the use cases for jbang and why it needs to run other processes, also where do the binaries for these other processes live?
jbang is a wrapper around users javac and java to let you write scripts/apps in java. It also helps download matching java from adoptopenjdk if the java available via PATH or JAVA_HOME is not compatible with the java version required for a script.
Its usecase is similar to what maven, gradle, gum and other tech does and they have the classic mode hence why I thought it would make sense for jbang too.
The binaries are built via github actions from the project at https://github.com/jbangdev/jbang/releases.
I have automatic build and setup of jbang for lots of other installers/packagers for OSX, Windows and some linux but with snaps I realize I can cover many more in one go.
Hope that clarifies, thank you!
Hi, is there anything I need to provide for this ?
Thank you,
Close to 2 weeks since this request started - I know its all voluntary but is it possible to get an ETA or should I consider this as jbang cannot be marked as classic ?
much appreciated!
@maxandersen apologize for the delay. Based on your explanation and after reading your project documentation, it is my understanding that jbang allows to compile apps as well. Can you please confirm? If yes we can say this request follows under the compilers supported category for classic and we can move fw with your request.
Still, remember classic snaps run in the global mount namespace, which means great care must be taken for the snap to work reliably across linux distributions (it is my understanding that it is something you are targeting). If you can provide the locations on the system for the binaries of the processes jbang needs to run as @alexmurray requested we can help you identify some interfaces you could plug (along with already mentioned home interface) and thus keep the strict confinement while enjoying the benefits of a stable runtime environment.
Are you familiar with snappy-debug? As you mentioned earlier you could not find any ways to make you snap work under strict confinement, if you run it while troubleshooting, it can help you identify missing interfaces. If you run into problems, post the snappy-debug output here and we are happy to help.
Thanks!
Yes, jbang uses javac to do compilation - consider jbang similar to a build too like make/gradle/ant/npm etc. that orchestrate build and execution of a script/app.
About multitude linux distributions then jbang runs on anything that has java available meaning, any linux I know of.
about location of system for the binaries jbang uses then there are many and I can’t fully list them as they user configurable, but by default I locate java and javac in the PATH env var, if not there then in JAVA_HOME and none of that works I download the right java into JBANG_HOME/jdks/ where JBANG_HOME defaults to ~/.jbang but could be set by the user.
Due to this need for adjusting to users configuration I’m pretty sure there is no way to make this fit in non-classic.
let me know if that helps.
As jbang behaves as a compiler (wrapper), it fits the criteria for classic. +1 from me for granting classic to jbang.
Can other @reviewers please vote?
Thanks @msalvatore !
How many votes are needed for it to happen ?
@msalvatore (cc @maxandersen) FYI we don’t vote on classic snap requests - either the snap has a valid requirement for classic confinement and it falls within one of the permitted categories for classic confinement as per Process for reviewing classic confinement snaps or it does not. In this case, since jbang is a wrapper for a compiler which is expected to be provided by and be integrated with the host environment, it meets these requirements for classic confinement.
As such, the requirements for classic confinement of jbang are understood, @advocacy can you please perform publisher vetting?
sorry for nagging here but now 11days since last update.
Anything I can/need to do ?
@maxandersen apologize for the delay. Publisher vetting is a mandatory step in our process for granting classic confinement.
@advocacy could you please perform publisher vetting?
@maxandersen Is there an official page for your software I could look at please?
https://jbang.dev website
https://github.com/jbangdev/jbang readme/doc and code
+1 from me, I’ve verified the publisher.
Granting use of classic. This is now live.
@maxandersen could you please either request a manual review or upload a new version so this changes take effect? Thanks!
Will do! Might take a few days but on my next of things to do for jbang release.
pushed 0.52.1 and on first look seem to have worked ! yay! thanks all!
