How to expose desktop files created by snaps to the DE?


#1

chromium has the ability to create desktop files that are shortcuts to websites, and it opens them in a standalone window, with a custom icon and minimal chrome (webapp mode).

Bug #1732482 tracks why this doesn’t work just yet in chromium, but with minimal changes I have managed to have it create said desktop files under $HOME/snap/chromium/current/.local/share/applications. This is not very useful though, as gnome shell (and other desktop environments) is not expecting desktop files there (it looks in $XDG_DATA_DIRS).

Appending $HOME/snap/chromium/current/.local/share to $XDG_DATA_DIRS does the trick, but it’s just a hack. I wonder if we could devise a proper mechanism for snaps in general to expose desktop files that they create for DEs to see. Or is it a terrible idea security-wise?


#2

This is tricky because if the snap can arbitrarily write to anything in $XDG_DATA_DIRS, then it can escape confinement by creating a desktop file with a crafted Exec line. I’m not sure how to solve this, but it is clear that snapd needs to be involved to sanitize the desktop file. One idea might be snapd userd gain a ‘register desktop file’ DBus API that snaps could call (perhaps via a helper command in a similar manner as the xdg-settings ideas). This obviously requires that snaps be modified to use it.


#3

Thanks for the analysis and suggestion @jdstrand. How do we go from there? Does this need to be discussed further, or can I file a feature request (if so in which form)?


#4

I don’t see a clear path forward so I definitely think it needs to be discussed further and I think it might be interesting if someone did some investigation on the major browsers to see if there are any commonalities. Would need @niemeyer and @mvo to comment on a general direction at the very least.


#5

As far as I know, firefox doesn’t expose such a webapp mode to allow users to create standalone shortcuts to their favourite websites.


#6

@niemeyer, @mvo: your opinion welcome on this topic (especially @jdstrand’s suggestion in the first comment).


#7

I like that the Snap package of Chromium blocks access to my .ssh folder from the browser. The Flatpak “home” access still allows hidden file and folder access.

However, the lack of this “web app” feature is a blocker to me adopting the Snap version of Chromium. Most of the “apps” I use throughout the day are web apps. I use this Chromium feature to add them to my Gnome dock and switch between them frequently using Super-1, Super-5, etc.

Also, this feature is very natural to use on Chromebooks, so it’s appealing to Ubuntu users like me who switch back and forth between and Chromebook are trying to keep our the experience consistently.

I’ll try Flatpak and see if it offers this feature.


#8

@niemeyer, @mvo: can I kindly ask for your opinion here, on @jdstrand’s suggestion in the first comment?

This is potentially a problem that would deter users from using the chromium snap, and thus prevent us from fully migrating the deb to the snap.


#9

@pedronis can authoritatively weigh in on this as well.