Gallery-dl: Previously granted *-files plugs now trigger manual review

Lin-Buo-Ren · May 1, 2019, 5:15pm

Dear @reviewers, recently gallery-dl’s upstream informed me that the snap publishing is blocked due to the usage of the *-files security confinement interfaces(which is already granted at Interface auto-connection request for the gallery-dl snap ), please help fixing it.

override not found for ‘plugs/system-files’. Use of the system-files interface is reserved for vetted publishers. If your snap legitimately requires this access, please make a request in the forum using the ‘store-requests’ category (https://forum.snapcraft.io/c/store-requests), or if you would prefer to keep this private, the ‘sensitive’ category. security-snap-v2_interface-reference (system-files)

override not found for ‘plugs/personal-files’. Use of the personal-files interface is reserved for vetted publishers. If your snap legitimately requires this access, please make a request in the forum using the ‘store-requests’ category (https://forum.snapcraft.io/c/store-requests), or if you would prefer to keep this private, the ‘sensitive’ category. security-snap-v2_interface-reference (personal-files)

Thanks in advance!

jdstrand · May 1, 2019, 6:20pm

We started to enforce the use of specific interface references outside of snap declarations (as discussed in Requesting auto-connection of personal-files to sam-cli) and since then the documentation has been updated: The personal-files interface

Today your snap uses:

plugs:
  personal-files:
    read:
    - $HOME/.config/gallery-dl
    - $HOME/.gallery-dl.conf
  system-files:
    read:
    - /etc/gallery-dl.conf

which is not compliant. I’ll manually approve this for now and have added an override to the review-tools so that it will start passing automated review if you do:

plugs:
  config-gallery-dl:
    interface: personal-files
    read:
    - $HOME/.config/gallery-dl
    - $HOME/.gallery-dl.conf
  etc-gallery-dl:
    interface: system-files
    read:
    - /etc/gallery-dl.conf

jdstrand · May 1, 2019, 6:29pm

This should be done. Please note that while they are approved, you still need to release to a channel. Additionally, while the review-tools have been updated, it will take a few days before they are in production. I’m happy to manually review in the meantime. I apologize for the inconvenience.

Lin-Buo-Ren · May 2, 2019, 12:33am

Thanks! I’ll patch the plug declarations so it will pass automated review.

mikf · May 4, 2019, 10:47pm

Plug declarations have been updated a couple of days ago (https://github.com/mikf/gallery-dl/pull/243), but those updated review-tools still aren’t in production, it seems.

Could you manually approve the latest snap-builds so the next stable version can be released @jdstrand? Thanks in advance!

jdstrand · May 6, 2019, 8:48pm

There were a lot of these up for review. I approved 1.8.3 revisions 398-403. Hopefully the review-tools will be in production this week.