Problem with releasing kiosk app

@jdstrand sorry for the digression (I know that there are gaps that need filling before we can reach anyone’s version of the ideal world).

With the current state of system-usernames (needing to inject code to drop privileges) I don’t believe it would simplify the process of packaging software for “kiosk” deployment.

Hmm I tried adding:

system-usernames:
  snap_daemon: shared

section like mentioned here: https://snapcraft.io/docs/snap-format
but I get following error while building:

Issues while validating snapcraft.yaml: Additional properties are not allowed ('system-usernames' was unexpected)
script returned exit code 2

My snapcraft file looks like this:

name: terminal-app
version: '0.1.7'
summary: Terminal electron app for a Kiosk
description: |
  Terminal app for a Kiosk
base: core18
confinement: strict
grade: devel
system-usernames:
  snap_daemon: shared

apps:
  terminal-kiosk:
    command: desktop-launch xwayland-kiosk-launch "$SNAP/terminal-linux-x64/terminal" "--no-sandbox"
  daemon:
    daemon: simple
    restart-condition: always
    command: desktop-launch xwayland-kiosk-launch "$SNAP/terminal-linux-x64/terminal" "--no-sandbox"

environment:
  XWAYLAND_FULLSCREEN_WINDOW_HINT: window_role="browser-window"

plugs:
  browser-support:
  network:
....

Any ideas?

I think you either need to use a more recent snapcraft (i.e. on edge I think) or you need to use passthrough.

Thanks, I added it, but unfortunately I cannot build a working kiosk snap with a latest snapcraft.

https://forum.snapcraft.io/t/after-update-to-snapcraft-3-9-5-electron-kiosk-build-fails/15088

Maybe you might know a solution for this.

@jdstrand
Finally, after struggling to build my app with latest snapcraft, I was able to release snap with

system-usernames:
  snap_daemon: shared

but now it gets automatically rejected, because of previous manual rejection.


Could you look into it ?

:smile: should I just create another topic regarding this snap approval ?

EDIT. OK, there was a button “Request manual review” … :man_facepalming:

Hmm It has been 9 days since I requested Manual review. Is it always that long ?

@PiotrD - sorry this slipped off our list since it wasn’t in the ‘store-requests’ category.

Thank you for adjusting your snap to use ‘snap_daemon’. @advocacy, in comment 14 I mentioned:

can you review this snap’s suitability for the public store and vet the publisher?

@PiotrD - in addition to the vetting, assuming this snap will be granted access, can you state that you intend to not change your snap to run a command which plugs ‘browser-support’ under the root user (ie, you will keep using the ‘snap_daemon’ with any commands/daemons that plugs “browser-support”)?

Hi, @jdstrand
What do you mean by “vet the publisher” ? verify ? by creating a store-request in forum ?
I have already read this:
"the publisher should be vetted, as with classic snaps "
and I still don’t get this, because my terminal application runs in strict confinement and it is not intended to be a public snap. Only private, for internal use. Isn’t it possible to just publish snap as private only? Please explain it for me.

And Yes, I will not change this snap to run a command which plugs “browser-support” under root user.

@PiotrD - you don’t need to do anything, the @advocacy team will reach out to you (those instructions were for them, not you).

Ok, great. So I will just wait for information, that it was approved. How long does it usually take ?

Vetting has been done, +1 from advocacy team.

Thanks @popey!

@PiotrD - ok, I have made the necessary change to the review-tools to allow your snap to pass automated review, but that change is not in production yet. Please request a manual review for your revision 6 or upload a new revision and we’ll manually approve it and any new revisions until the change is in production.

Great, I already requested another manual review. Thank you.