Hi!
I’d like to publish my Clojure linter called clj-kondo as a classic snap. Since the linter must be able to read user files and write results to a directory, I assume --classic is the right setting for this tool.
More information on why this linter needs classic confinement: Access to specific hidden file path in users $HOME
Edit by @chipaca: moved below
I have a linter (https://github.com/borkdude/clj-kondo) which needs read and write access to a .clj-kondo directory which is created by the user to be used with this tool. Each project can have its own .clj-kondo directory. E.g.:
~/git/project1/.clj-kondo
~/git/project2/.clj-kondo
In these directories the user will store a config file and the linter will maintain some cache files there. Currently I see no other way of putting the confinement to classic because of this issue.
(I moved your response under this because this is where it should be – not in a year-old topic about a feature that has since been implemented)
If your app uses the home interface, of a users’ files only ~/.clj-kondo would be blocked. You can ask for personal-files to cover that, if that’s a use case you need to cover.
(actually also blocked would be anything under a hidden directory in the user’s home, but in practice that’s rare).
The linter needs access to .clj-kondo directories in arbitrary places on the system. E.g.:
~/git/project1/.clj-kondo
~/git/project2/.clj-kondo
both of those examples would be granted access when using the home interface, no special work needed.
Thank you! I only test this from the home directory’s root, so I assumed it wouldn’t work for all of these. I retested it, and can confirm this works.
@chipaca I updated the clj-kondo snap now with personal-files with r/w access to $HOME/.clj-kondo. This needs review.
it doesn’t need review, you need to do the
I’ve converted this to the personal-files request.
Your snap is currently using:
plugs:
clj-kondo-dir:
interface: personal-files
read:
- $HOME/.clj-kondo
write:
- $HOME/.clj-kondo
To follow established patterns, please rename clj-kondo-dir as dot-clj-kondo.
Please note that write implies read so you can drop the ‘read’ part. Please note that “This interface is typically used to provide read-only access to top-level hidden data directories within a user’s home directory in order to support importing data from existing applications where the snap is the clear owner of the target directory.” (per the docs).
This snap is the clear owner of ~/.clj-owner, but it isn’t clear why write access is required or why $HOME/.clj-owner from within the snap isn’t sufficient (remember, inside the snap, $HOME is set to $SNAP_USER_DATA (ie, ~/snap/clj-owner/<revision>). Can you describe why this is not sufficient?
1 Like
@jdstrand Access to ~/.clj-kondo isn’t strictly necessary, but I think some users might put their configuration files there. But for now only home access might be sufficient. I’ll revert these changes and only require home.
1 Like