Manual Review Requested - gitb (classic confinement)

vvatanabe · June 23, 2019, 1:08am

Requesting a classic confinement approval for the gitb snap.

About gitb

gitb command helps to use Backlog’s(Online project management tool) git comfortably. For example, can open PR, issue, branches, tags, etc in the browser with one action.

Also, gitb wraps all git commands, therefore can execute git-command using gitb like a gitb fetch, gitb pull, gitb push, and more…

Reasons

gitb snap requires git. I can use a git stage package and local build package with snapcraft cleanbuild, but the snap internal git command doesn’t have access.
gitb is a wrapper for git and git requires access to the keys in .ssh.
Same as why the snapcraft.io/hub needed Classic.

Information

Snap Store: https://snapcraft.io/gitb
Snapcraft username: vvatanabe
Snap name: gitb
gitb source: https://github.com/vvatanabe/gitb
About Backlog: https://backlog.com/

Thank you.

vvatanabe · June 26, 2019, 4:25am

@reviewers
Please check it.

vvatanabe · July 1, 2019, 1:33am

@reviewers
Are there any problems with this request? I am waiting for your reply.

jdstrand · July 1, 2019, 10:07pm

We have plenty of snaps that use git that do not require classic. For the reasons you stated above, you can use personal-files like so:

plugs:
  gitconfig:
    interface: personal-files
    write:
    - $HOME/.gitconfig
    - $HOME/.config/git/config

(though you’ll need a snap declaration for distribution in the public store). For ssh, there is the ssh-keys interface.

Please try these and report back. If they work for you, we can convert this classic request into a request for use of personal-files.

jdstrand · July 9, 2019, 7:33pm

@vvatanabe - how did this work for you?

vvatanabe · July 10, 2019, 9:09am

@jdstrand
I was able to execute the Git command with setting below! Thank you!
But this command line tool uses xdg-open to open the browser. So I need a classic.

apps:
  gitb:
    command: gitb
    plugs:
      - home
      - gitconfig

plugs:
  gitconfig:
    interface: personal-files
    read:
      - $HOME/.gitconfig
      - $HOME/.config/git/config
    write:
      - $HOME/.gitconfig
      - $HOME/.config/git/config

parts:
  gitb:
    plugin: nil
    build-snaps: [go/1.12/stable]
    source: .
    stage-packages:
      - git
      - openssh-client
    build-packages:
      - make
      - git

jdstrand · July 10, 2019, 11:10am

Note that write implies read so you can delete the ‘read’ portion.

jdstrand · July 10, 2019, 11:13am

If you plugs ‘desktop’ and be sure to not ship xdg-open in your snap, then your snap has access to the xdg-open from core which comes from snapd which should make everything work for you. As it happens, I just tested this a moment ago in a CLI app for an unrelated reason and it worked great.

vvatanabe · July 15, 2019, 12:41am

@jdstrand
I was able to execute xdg-open usinf desktop interface.
However, an error occurs because the git command does not have permission to access repo/.git/config in the repository.

my setting:

grade: stable
confinement: strict

apps:
  gitb:
    command: gitb
    plugs:
      - home
      - gitconfig
      - desktop

plugs:
  gitconfig:
    interface: personal-files
    write:
      - $HOME/.gitconfig
      - $HOME/.config/git/config

parts:
  gitb:
    plugin: nil
    build-snaps: [go/1.12/stable]
    source: .
    stage-packages:
      - git
      - openssh-client

jdstrand · July 23, 2019, 2:53pm

Where is repo/.git/config? Can you post the relevant security policy violations from journalctl/snappy-debug?

jdstrand · August 12, 2019, 9:15pm

@vvatanabe - ping. This request cannot proceed without your feedback.

jdstrand · August 22, 2019, 4:46pm

Removing this from our review queue. Please feel free to respond back when you have time and we can pick this up again.