Pycom-firmware-updater Use of the system-files interface

store-requests
1

Hi,

As requested by the Snapcraft team, we are requesting to use the system-files interface for
pycom-firmware-updater

Our App is used to allow our clients to access the device connected to the P so they can write firmware, and get information about the connected device.

As we understood from the comments history on the submitted version we have to request this in the Forum with store-requests Category.

Let us know if we need more details to provide.

Company: Pycom Product: Pybytes

Best Regards, Ahmad EL Masri

2

Hey @ahmad,

I see you have requested:

config-hosts:
    interface: system-files
    write:
    - /etc/hosts
    - /var

But this is not quite correct. system-files is typically used to provide read-only access to system configuration directories created by a non-snap version of an application now running from an equivalent snap.

Does pycom-firmware-updater need write access to the entire /var directory? Could you please explain what exactly the snap need to read/write so we can help you getting the correct declaration?

Also, for writing to /etc/hosts you should plug the network-control interface instead https://github.com/snapcore/snapd/blob/master/interfaces/builtin/network_control.go#L168

3

Hi @emitorino,

Thank you for your support.

We will update the configuration file based on the feedback you provided.

Concerning the /var, we need access to write on /var/tmp/fw-updater where we store related helpers’ certs.

Thank you for your help one more time.

Best Regards, Ahmad EL Masri

4

are you aware that snap packages have a dedicated and namespaced private /tmp folder that you could simply use instead of /var/tmp without requiring any interfaces ?

5

Hi @ogra,

We are kind of new in publishing an app using snap, maybe we have missed this part from the documentation. thank you for the suggestion we will take a look.

Have a nice day.

Best Regards, Ahmad El Masri

2 Likes
6

Hi, @emitorino Can you pls look at the snapcraft.yaml of 36 version of pycom-firmware-updater I add network-control plugin to the plugin list. But when I try to run the app after the snap was installed i got next error: In the Screenshot window, select whether to grab the whole screen, the current window, or an area of the screen. Set a delay if you need to select a window or otherwise set up your desktop for the screenshot.

Screenshot from 2022-03-10 12-55-57
Screenshot from 2022-03-10 12-55-57937×294 34.4 KB

That’s why i tried to use system-files interface with the access to the /etc/hosts. But even with this workaround I have the same error with permisions when try to install with the next command sudo snap install pycom-firmware-updater_1.0.2_amd64.snap --dangerous

What can be the problem?

7

you need to conect the interface using the snap connect ... command

8

Hey @ogra, thx for your response. it seems that it was already connected. but even after manual connection i still had this error.

Screenshot from 2022-03-10 17-48-33
Screenshot from 2022-03-10 17-48-331109×441 51.2 KB

9

hmm, works fine over here:

$ sudo snap run --shell htop
[...] 
root@acheron:/home/ogra# cat /etc/hosts
cat: /etc/hosts: Permission denied
root@acheron:/home/ogra# exit
[...]
ogra@acheron:~$ snap connections htop
Schnittstelle     Plug                   Slot               Notizen
hardware-observe  htop:hardware-observe  :hardware-observe  -
mount-observe     htop:mount-observe     -                  -
network-control   htop:network-control   -                  -
process-control   htop:process-control   :process-control   -
system-observe    htop:system-observe    :system-observe    -
ogra@acheron:~$ sudo snap connect htop:network-control
ogra@acheron:~$ sudo snap run --shell htop
root@acheron:/home/ogra# cat /etc/hosts
127.0.0.1	localhost
127.0.1.1	acheron

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
root@acheron:/home/ogra# echo foo >>/etc/hosts
root@acheron:/home/ogra# cat /etc/hosts
127.0.0.1	localhost
127.0.1.1	acheron

# manually added
#192.168.2.125        aleph   mail.grawert.net
#192.168.2.125        www             www.grawert.net

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
foo
root@acheron:/home/ogra#

(note that you need to be root to write to that file (nothing related to snaps indeed, this is how the file permissions for the file are set up)

10

ahhh, so network-control interface won’t give a permissions to general user, that’s make sense. so to run it with being able to write to /etc/hosts the only way is to run sudo pycom-firmware-updater? and there is no other workaround for pemisions like --devmode flag during instalation but inside snapcraft.yaml configs? we try to make it more userfrienly and runing it with sudo is not very convinient

11

@stansdev

I think we can write documentation on how users should install the app, and one of the steps is to enable the connections as @ogra provided in the previous post.

No need to ask the user to run the app in an elevated privilege. and it will give the end-user a better idea about what we will be using.

@ogra, the user has to do the connection only once right?

Thank you for your support.

12

well, how would you do it when not packaged as a snap ?

the /etc/hosts file is never writable by normal users and this is not snap specific.

the snap interface just gets you access in general to actually “see” the file but is not able to alter the existing file-system permissions of the existing file …

if you have a way to edit/change the file in a non-snap context as a normal user, you will definitely be able to use that same way inside your snap (i.e. by running a daemon as root that your end-user application talks to through a socket or via d-bus or such …)

well, yes, but this thread is about auto-connection :slight_smile:

you can just change the topic title to ask for network-control instead of system-files

if the interface connection is essential for your app to work, the @reviewers are typically just granting auto connection and your user does not need to do anything…

13

@ahmad can you please explain more why the snap needs to modify /etc/hosts in the first place? As a snap reviewer I don’t really feel comfortable granting this permission without knowing why it is needed - and perhaps there is a better solution to solve the underlying issue than using /etc/hosts. Perhaps your snap can use something like a HOSTALIASES file instead which just lives inside the snap’s own local storage (e.g. you could set HOSTALIASES=$SNAP_USER_COMMON/hosts in the snap’s environment and then add whatever entries are needed to this file instead). See https://man7.org/linux/man-pages/man7/hostname.7.html for more details on using HOSTALIASES.

14

Hi, We have an application running on user PC that is comunicating with our IOT devices. And this application should also take signals from frontend. For comunication with frontend we need to add a line to user /etc/hosts.

15

As detailed above, you should be able to use HOSTALIASES for this purpose without having the edit the global /etc/hosts - can you please try this instead?

16

We will try after some other fixes, and i will post the result here. Thx a lot for all your advices

17

@stansdev,

Did you have a change to test HOSTALIASES?

Thanks!

18

Hi @emitorino,

We end up removing the host change from the application and set it in the list of steps that are required from the user to install and run the app.

Thank you for your support.

Have a nice day.

1 Like
19

@ahmad, thanks for letting us know.

Have a great day!