Human review required due to 'allow-installation' constraint

MakAndJo · June 20, 2023, 4:13pm

When i publish my new revision of app, this message appears:

Status: processing                                                                                                                                                
Status: error while processing                                                                                                                                    
Issues while processing snap:
- human review required due to 'allow-installation' constraint (bool)

Automated review gives one fail:

human review required due to 'allow-installation' constraint (bool) declaration-snap-v2_plugs_installation (tjmc-launcher, personal-files)

I just enabled personal-files plug in my build. What human review should i do to publish my app?

SamAlex · June 20, 2023, 5:08pm

personal-files interface is privileged and as such needs one to request it in the forum see for example --> Personal files interface for lutris

MakAndJo · June 20, 2023, 5:42pm

Okay. Is that request of interface going automaticaly during a week or i need to trigger it manually using a forum tag store-requests. Is that ‘human review’ needed for every build/revision in future?

SamAlex · June 20, 2023, 6:14pm

No its a one-time request, once it has been granted by the review team, its permanent.

alexmurray · June 21, 2023, 3:28am

@MakAndJo can you please provide details on what access is being requested by your snap through the personal-files interface (feel free to copy-and-paste the plug declaration here), as well as the reason your snap needs this access? Then it can be reviewed. Thanks.

MakAndJo · June 21, 2023, 4:07am

My app is packed through electron-builder. I don’t have snap plug declaration.

My application doesn’t need access system or user files. It just need to write and read its own. And by default I don’t have access to do it.

dclane · June 27, 2023, 3:46am

Documentation and examples of how to use personal-files can be found here: https://snapcraft.io/docs/personal-files-interface

As mentioned above, if you take a look at how the lutris snap has been put together and the accompanying forum thread you will see another example of how to use the personal-files interface.

Thanks

0xnishit · July 3, 2023, 5:51am

Hey @MakAndJo

I saw your snap declaration(snap: tjmc-launcher, revision: #29, version 0.1.1008) and it has just declared personal-files interface under the plugs but not defined what personal files your snap requires access to, so review-tools flagged this revision and ultimately the revision got rejected.

I would suggest if your snap doesn’t require personal-files plug then remove it from the declaration and try to submit the new revision, and if it is needed then kindly paste here what files your snap requires and why?

Thanks

MakAndJo · July 3, 2023, 10:57am

So, after a bunch of tests, I’d like to say: I want to request a classic confinement for my app.

Reasons:

Strict confinement not allowed me to write additional files to home dir. Only to it’s own snap revision dir, which will be removed with app (and revision?). Also I’m unable describe all of them to use personal-files plug. Because they are created dynamically, and sometimes file name contains some hash variable.
It’s need to manually connect password-manager-service, which is bad to UX.
Cannot spawn child process separately. Spawned process always attaches to main process as a new window, which gives to child process strict access to gpu - it launches in VMWare renderer, which is bad for render performance. I want to use native gpu access in a separate process.

ogra · July 3, 2023, 11:17am

Writing to the users homedir is fully allowed (for all non-hidden files and dirs in there) if you plug the home interface…

When you uninstall a snap a backup of all user data is automatically taken, nothing is removed, during updates the content of the versioned dir is copied forward…

If you do not want this behavior, make your app use the $SNAP_USER_COMMON dir, which is unversioned…

Full gpu access is provided via the opengl interface, adding the plug gives you exactly the same access as running your app non-snapped…

For password-manager you could attempt to get autoconnect granted or simply pop up a message for the user from I.e. a yad or kdialog command-chain script…

None of the above justifies classic confinement, your app would have to fit into one of the supported categories at Process for reviewing classic confinement snaps

emitorino · July 27, 2023, 11:12pm

@MakAndJo did you have a change to analyze @ogra’s detailed explanation?

sahnaseredini · August 7, 2023, 5:14pm

Hi @MakAndJo, ping, this request cannot proceed without the information regarding the analysis of the explanation (from @ogra ) given above. Thanks.

0xnishit · August 16, 2023, 11:49am

Hey @MakAndJo, ping again, did you have a chance to analyze the above explanation?

thanks

emitorino · September 7, 2023, 3:21pm

@MakAndJo hey,

Since we’ve not heard back from you, we are removing this request from our review queue. When you have more time to respond, simply do so here and we can add the request back to the queue. Thanks!