I’d like to be able to publish the ubuntu-desktop-session snap, which triggered a few problems in the automated review.
The snap name is registered to canonical, and the source is currently available at https://github.com/canonical/ubuntu-core-desktop/tree/main/ubuntu-desktop-session. it is intended for use in an Ubuntu Core variant together with the
core22-desktop base snap. The snap implements the graphical login session for the user, running gnome-shell as a Wayland compositor and a few related services.
It triggered the following failures:
interface 'polkit-agent' not found in base declaration declaration-snap-v2_plug_known (polkit-agent, polkit-agent)
unknown interface 'polkit-agent' lint-snap-v2_plugs (polkit-agent, polkit-agent)
this is an interface that has not yet been merged to snapd master here: https://github.com/snapcore/snapd/pull/10598. The interface should probably be treated as fairly sensitive as snaps plugging the interface will be dealing with user passwords. In this case it is appropriate, as gnome-shell is in a position to securely take input without being impersonated by Wayland clients.
human review required due to 'allow-installation' constraint (bool) declaration-snap-v2_plugs_installation (desktop-launch, desktop-launch)
we want the shell to be able to launch application snaps running under their own snap confinement. This interface lets us achieve that.
human review required due to 'allow-installation' constraint (bool) declaration-snap-v2_plugs_installation (shell-config-files, system-files)
This grants access to some additional paths we needed to get gnome-shell to run. I’d like to eventually drop this plug and add its access rules to some other interface. If it makes things easier, I only need to have installation allowed: I can handle connection through the matching gadget snap.
human review required due to 'allow-installation' constraint (bool) declaration-snap-v2_plugs_installation (snapd-control, snapd-control)
This is in place to allow the terminal emulator in the snap to talk to snapd. I can probably drop this for now if it makes review easier.
human review required due to 'allow-installation' constraint (snap-type) declaration-snap-v2_slots_installation (desktop, desktop)
This relies on another not-yet-merged snapd change to allow application snaps to provide a desktop interface slot: https://github.com/snapcore/snapd/pull/10753. As there is no implicit desktop interface slot on Ubuntu Core systems, the intent is that the snap implementing the desktop shell would provide it.
human review required due to 'allow-connection' constraint (interface attributes) declaration-snap-v2_slots_connection (dbus-*, dbus)
We have a number of
dbus-*slots on the snap to allow it to provide various D-Bus services required to run the desktop session.
use of 'daemon: dbus' requires 'bus-name' lint-snap-v2_dbus_bus-name_required (*)
This is a case where the review-tools checks do not line up with snapd’s behaviour. If the daemon specifies one or more dbus slots via
activates-on, then the
bus-nameproperty is optional: the bus name from the last
activates-onslot will be used if it is absent. That is the case for all the daemons in the snap triggering this failure.