Context: I’m trying to figure out what’s necessary for the Snap distribution of Barrier to work with Systemd (275 on my Ubuntu 18.04.3 machine, but that can be changed if necessary). One of the problems I’ve run into is that the Systemd service config sets up some environment variables to point to persistent data. Here’s an excerpt of the [Service]
section (I’ve hard coded the snap paths in for now, don’t worry about that):
Environment=XDG_DATA_HOME=/var/lib/barrier/barrier@%i
# TrustedServers.txt Directory
Environment=FP_DIR=/var/lib/barrier/barrier@%i/barrier/SSL/Fingerprints
# Ensure the Fingerprints directory exists
ExecStartPre=/bin/mkdir -p "${FP_DIR}"
# This uses openssl commands and grep to get the server's key and
# store it in the TrustedServers.txt file. OpenSSL is a requirement
# for barrier on Linux so these commands should exist. This will only
# work if using the default 24800 port (since the port number must be
# specified for openssl)
ExecStartPre=/bin/sh -c "[ -f "${FP_DIR}/TrustedServers.txt" ] ||\
openssl s_client -connect %i:24800 2>/dev/null |\
openssl x509 -noout -sha1 -fingerprint |\
grep -oE '([A-Z0-9]{2}:?){20}' > ${FP_DIR}/TrustedServers.txt"
# Main executable
ExecStart=/snap/bin/barrier.barrierc --enable-crypto --display ${DISPLAY} --debug ${LOG_LEVEL} --no-daemon %i
What this does is set up a persistent log of acceptable fingerprints under /var/lib/barrier/barrier@<hostname>/...
and then set XDG_DATA_HOME
to point to that directory.
In theory, Barrier will then look up XGD_DATA_HOME
, construct the full path to the fingerprint file, and find it there.
What I’m actually seeing in the logs is:
May 29 13:33:59 fox barrier.barrierc[2595]: [2020-05-29T13:33:59] NOTE: trustedServersFilename: /root/snap/barrier/83/.local/share/barrier/SSL/Fingerprints/TrustedServers.txt
May 29 13:33:59 fox barrier.barrierc[2595]: [2020-05-29T13:33:59] NOTE: Unable to open trustedServersFile: /root/snap/barrier/83/.local/share/barrier/SSL/Fingerprints/TrustedServers.txt
Barrier is looking for /root/snap/barrier/83/.local/share/barrier/SSL/Fingerprints/TrustedServers.txt
. The directory doesn’t exist, so it fails. I haven’t tried, but I suspect that even if I created it, Apparmor would deny access.
It looks for all the world like XDG_DATA_HOME
is being overriden to be ${HOME}/snap/barrier/83/.local/share
. I kind of see this hinted at in some forum posts, but I can’t find any mention of it in the “Environment variables” section of the docs. (Sorry, I had some direct links to the posts, but I’m not allowed to post them )
Snap info from snap --version
:
snap 2.44.3
snapd 2.44.3
series 16
ubuntu 18.04
kernel 4.15.0-101-generic
Is XDG_DATA_HOME
getting overridden by Snap here? And can I stop it?