Package Gnome Extension together with snap app


#1

I’m wondering if it is possible to package a gnome extension into my snap app and export it after install.
For reference, this seems to be impossible with flatpak: https://github.com/flatpak/flatpak/issues/481


#2

Today this is not possible because there is no mechanism to export the extension to gnome-shell. It is technically possible for snappy to support this-- it would be similar to what we do with desktop files. Ie, the snap ships the files, then snappy puts them in place, perhaps sanitizing the files.

The concern is that gnome-shell runs unconfined and it runs its extensions unconfined so if we implemented this, the snap would be able to escape confinement by shipping files that gnome-shell would execute. This could be put behind a manually connected interface, but this is not ideal. The best solution would be for gnome-shell to run the extension under confinement, but I’m not sure this is possible (perhaps it would be possible for snapd to ship an extension that could run snap-provided extensions under confinement). We would need someone from the desktop team to comment (cc @willcooke).


#3

The shell won’t be able to run the extensions under confinement. The extensions all run in the shell process, they essentially monkey patch the running javascript.


#4

sooo, this will be not possible in the near future?
Do you know if this is in the Gnome pipeline i.e. changing the shell to put extensions under confinement?


#5

are there now plans to support extensions now?
Since Ubuntu ships with gnome, we should have a solution for that