When packaging a new kiosk app that uses the xwayland launch helper for mir-kiosk, these apps always go into manual review and the reviewers team needs to do an initial bump to get them released …
during a discussion on IRC @jdstrand said he had an idea how to automate this process, this post is supposed to serve as a base to outline this idea …
Right, I think we should adjust the base declaration to have this work something like the content snap.
Eg, today we have:
Perhaps this should be changed to (untested):
- on-classic: true
- on-classic: true
Ie, we use alternate constraints for auto-connection and connection such that we continue to auto-connect on classic, but we also allow auto-connect and and connect when the publisher is the same. With this, I can adjust the review-tools to be less strict about snaps that slots x11.
@pedronis - thoughts?
@jdstrand If understand the reasoning is that any application from the author of the X server can talk to it. Anything bad they could do, the author could do it inside the server? is that the reasoning here?
@pedronis - when I wrote this, there was the assumption that on classic, x11 would be an implicit classic interface where we want to continue to allow connect and auto-connect by default. For !classic, we do not want to connect and auto-connect without snap declaration because it would allow other snaps to connect to the providing snap’s X server, and then sniff, inject, etc, etc. The idea I had in April was to relax this on !classic to allow connect and auto-connect for any snaps from the same publisher. In this manner, kiosk developers are generally unblocked and we can always allow cross publisher connect/auto-connect via snap declarations.
Considering https://github.com/snapcore/snapd/pull/7417, we may want to adjust the above. That said, the PR is for wayland and this is for x11 and the change on its own is not unreasonable, so perhaps this change would be ok, and then adapted once the details of 7417 are worked out.