'lxd' inteface for 'lxd-terminal'

ted · June 7, 2022, 3:25pm

I’m developing an integration which is a terminal that opens directly into an LXD container that it creates. The idea being that you can you can put developer tools in that container without installing them on your host system. The host system could then, potentially, be read-only as well. To setup the container and to execute a shell in it the snap needs access to LXD. The only container that the program uses is one with the name lxd-terminal-$username (to allow multi-user setups). It does not control, configure or adjust any other containers on the system.

alexmurray · June 8, 2022, 12:18am

+1 from me - the primary purpose of this snap is to utilise lxd and it cannot work without the lxd plug being connected - so consider this +1 for both use-of and auto-connect of lxd for the lxd-terminal snap. Note, since the lxd plug is super-privileged, if granted this will require publisher vetting as well.

pfsmorigo · June 8, 2022, 6:17pm

+1 too for interface access and auto-connect

ted · June 14, 2022, 7:37pm

It has been one week, so my understanding is that the voting is closed with a +2, which means it passes. Thank you @pfsmorigo and @alexmurray for your votes of confidence.

I’m not sure what “publisher vetting” is, as I can’t find anything about it in any of the published policies, but I’ll try to figure that out next.

alexmurray · June 15, 2022, 2:20am

+2 votes for, 0 votes against. @advocacy could you please perform publisher vetting? Then we can proceed to grant this for lxd-terminal. Thanks.

Igor · June 15, 2022, 12:06pm

@ted What is the official page for lxd-terminal please?

ted · June 15, 2022, 1:52pm

@Igor I haven’t setup a webpage or anything like that, but the Git repo is currently here: https://github.com/ted-gould/lxd-terminal

Igor · June 16, 2022, 12:34pm

@ted I don’t really have a good way to verify you based on the data that I have. I don’t doubt your credentials, but given the super-sensitive nature of the this snap, I need more than just the GH repo as the only reference point.

@alexmurray Any suggestions from your side?

ted · June 16, 2022, 2:23pm

Can you link me to the policy document regarding “publisher vetting” so that I can see what options are available? Perhaps there is something I can do there.

Igor · June 17, 2022, 11:22am

@ted If you don’t mind, I will leave that to @alexmurray as the representative of the Store/Security team. Thanks.

ted · July 19, 2022, 8:26pm

Any update? It’s been a month.

alexmurray · July 28, 2022, 8:32am

@Igor is the expert on publisher vetting to my knowledge so I can’t really give much context here - perhaps @holly can?

As far as I understand the general idea is to establish trust that the publisher is who they claim to be and are a representative of the upstream project in question (and hopefully that they also appear to have good standing in the community etc although this is a bit harder to gauge).

From what I can see @ted you definitely appear to meet these requirements but the hard bit is making sure you (ie the individual posting on the forum and uploading to the store) are who you claim to be - assuming your GPG key listed on Launchpad is still current (ie 0x46C2E0AE5B5639B4DCE1454D9E28586D33E6185C), could you please email me an email signed with this key, plus sign at least one commit in the upstream lxd-terminal repo and this should be sufficient to my mind to establish this trust.

ted · July 29, 2022, 6:37pm

Cool. I’m traveling right now and don’t have that key with me, but I’ll update when I get back home. Thanks!

ted · August 3, 2022, 3:27pm

ted · August 3, 2022, 3:27pm

And here is a signed commit: https://github.com/ted-gould/lxd-terminal/commit/0a4caceb4126f28484700cf4996b219387720f07

alexmurray · August 4, 2022, 12:39pm

Excellent - thanks @ted. I have vetted the publisher. This is now live.