Please allow use of personal-files for gitl [Was: Classic confinement for gitl]


#1

https://snapcraft.io/gitl is a git loop program, therefore it needs to access files under working directory. Source here.


#2

We’ve recently implemented the personal-files interface which should be quite useful for git, particularly when the snap also plugs home and removable-media. Please try this out and comment how it works for you (note, you’ll need to follow Process for aliases, auto-connections and tracks to distribute it via the store.


#3

I do not think this works for me. I would like my program to be run from any path. Please review for classic confinement: https://github.com/wieczorek1990/gitl/tree/15d741f660b7f6d24e67f9d923ced80eaa0601bf


#4

You said this is a “git loop program, therefore it needs to access files under working directory”. Why wouldn’t plugging home and removable-media be sufficient?


#5

Also, “I do not think this works for me. I would like my program to be run from any path” is not enough of a reason to grant classic confinement. In order to grant classic we need to understand the specific reasons for why strict mode is not sufficient. Please see Process for reviewing classic confinement snaps for details.


#6

@wieczorek1990 Just following up on this. Looks like gitl could be strictly confined and use the home and removable-media interfaces?


#7

Yeah, I’ll probably settle on this. But you can run git everywhere.


#8

When you say you can “run gitl everywhere”, I assume you mean that git repositories can potentially be cloned to arbitrary directories?


#9

FWIW icdiff seems to work fine strictly confined with home, removable-media, and personal-files, with the latter for ~/.gitconfig and ~/.config/git/config.


#10

Yes, this is what I meant.


#11

@wieczorek1990 - can you comment on @chipaca’s feedback? Lots of applications can potentially access files from anywhere, but in practice access them almost exclusively from locations that can be accommodated by strict confinement. That sounds like the case with gitl. If it is not, can you specifically comment on why?


#12

I think this is what I need.
Could you share an example configuration if available?


#13

It’s on github,


(in the snap directory)


#14

So do I need something else from this:


Should I request some approval, etc.?


#15

Yes. It sounds like you are saying that your use of personal-files fits your use case, so I have converted this classic request to a request to use personal-files.


#16

The snap is using:

plugs:
  gitconfig:
    interface: personal-files
    read:
      - $HOME/.gitconfig
      - $HOME/.config/git/config

+1 for use of and auto-connection of this interface.

@reviewers - can some of you also vote on this?


#17

+1 from me, the personal-files usage is very well constrained and auto-connection makes sense because people installing gitl whose purpose is quite clear and obvious are likely to be OK and explicitly want that anyway.

  • Daniel

#18

+1 from me too. These directories make sense for this application.


#19

git can write to .gitconfig with e.g. git config --global user.name wieczorek1990 too so I change the request from read to write.

I just tired these commands to check if it works, and it doesn’t:

snapcraft
snap install --dangerous git_0.3.0_amd64.snap
snap connect gitl:gitconfig
gitl
# acts like .gitconfig is not read
# writes to ~/snap/gitl/current/.gitconfig

I don’t know how to proceed.

EDIT:
Seems to somehow work, but not fully, I have a strange error now:

expansion of alias 's' failed; 'status' is not a git command

EDIT 2:

Writing to .gitconfig results in an error:

error: could not lock config file home/luke/snap/gitl/x3/.gitconfig: permission denied

The new snapcraft.yaml looks like that: