Please allow personal-files interface for jhack

ppasotti · January 17, 2023, 9:54am

Hi all, Last week I requested manual review for a personal-files interface for jhack. Jhack already has a home-read interface (which however does not include hidden folders) and a separate personal-files interface to read the juju config.

The goal is to allow users to store their jhack-specific config in a ~/.jhack/ folder. It might in the future be used to cache some files or temporary data.

I think the naming of the directory makes it unambiguous that it’s owned by jhack and does not put the users at risk of mistakenly dropping sensitive data in there.

Not sure if this request is necessary without a previous rejection, only some time has passed and the edge snap is stuck because of this issue. Many thanks,

Pietro

jnsgruk · January 17, 2023, 9:26pm

Seems totally reasonable; while I’m not on the review team, can I advocate for ~/.config/jhack rather than polluting the top-level home directory?

ppasotti · January 18, 2023, 8:45am

Will do that first. Please put the request on hold as the interface will change shortly.

ppasotti · January 18, 2023, 9:12am

Done. While we’re at it, can this interface be autoconnect-enabled? I think it’s safe to assume whatever is stored in .config/jhack is meant for jhack.

ppasotti · January 18, 2023, 3:08pm

@emitorino there is the store-request ^

alexmurray · January 19, 2023, 1:04am

@ppasotti can you confirm my understanding of this request is correct:

jhack is requesting use-of and auto-connect for a personal-files instance named dot-config-jhack for write access to ~/.config/jhack?

If so, given this snap is the clear owner of this path, +1 from me.

ppasotti · January 19, 2023, 8:47am

Thanks for confirming. Yes, as you said.

emitorino · January 23, 2023, 8:51pm

+1 from me as well for auto-connect personal-files with write access to ~/.config/jhack using the iface reference dot-config-jhack since the snap is the clear owner of the directory.

+3 votes for, 0 votes against. This is now live.

emitorino · January 23, 2023, 9:00pm

@ppasotti it seems there is an issue in the snap yaml:

jhack:
    command: bin/jhack
    plugs:
    - (...)
    - dot-jhack-config

Please note it should be dot-config-jhack instead of dot-jhack-config, so this is preventing the latest revision to pass review :).

emitorino · January 24, 2023, 12:18pm

@ppasotti another issue is that your snap specifies read access to dot-jhack-config, but I granted write since:

Is write really needed or read is enough?

ppasotti · January 24, 2023, 1:18pm

At the very moment, read is enough since jhack is only accessing that config file. However I was planning to use .config/jhack as cache for some temporary data (although I should probably be using a separate .local/share/jhack interface for that) and at that point it’ll also need write. So I think we should leave it at write and be more future-proof.

ppasotti · January 24, 2023, 1:25pm

the plug name issue you mentioned earlier should be fixed in https://dashboard.snapcraft.io/snaps/jhack/revisions/161/

is there a way to remove the earlier revisions from the build queue or will they forever show up as failed?

emitorino · January 24, 2023, 1:51pm

Ok so I have updated the granted the declaration to be read instead of write to keep the min privileges required at this moment. Feel free to ask for further permissions when you need it since it will be for a different directory. With this change, the latest revisions have passed automated review.

@roadmr is this possible? ^

ppasotti · January 25, 2023, 10:13am

Oh, that’s OK. I read this too late so there’s a build that’s going to fail because it has ‘write’. Would remove it from the queue, but…

Already pushed a new version which should pass.

ppasotti · January 27, 2023, 11:25am

@emitorino do I need to do something to activate the auto-connection? At the moment it’s not showing up as manual, but it’s not connected either:

emitorino · January 27, 2023, 8:51pm

@ppasotti you should not need to do anything else. I tried to review the declaration but is seems we are having some networking issue on the server side. I will do it as soon as its available.

emitorino · January 30, 2023, 5:38pm

Hi @ppasotti,

Since I did not find any issue on the declaration, I installed jhack from edge and I see dot-config-jhack auto-connected for personal-files:

$ snap connections jhack
Interface       Plug                        Slot             Notes
home            jhack:home-read             :home            -
network         jhack:network               :network         -
network-bind    jhack:network-bind          :network-bind    -
personal-files  jhack:dot-config-jhack      :personal-files  -
personal-files  jhack:dot-local-share-juju  -                -
shared-memory   jhack:shared-memory         :shared-memory   -
ssh-keys        jhack:ssh-read              -                -

Can you please double check and let me know if you still see some issues?

ppasotti · January 30, 2023, 5:53pm

Oh! You’re very much right. I posted this in the wrong thread. I was hoping to get autoconnect for ssh-keys. Which, correct me if I’m wrong, does not have it at the moment. Should I open a separate store request for that?

emitorino · January 30, 2023, 8:20pm

@ppasotti ok no worries.

I see you have this other post created Ssh-read personal-files request for jhack so we can continue the request/process/voting there. Please feel free to add/update it to reflect the latest requirements from the snap side.

I have added it to our review queue.