Request auto-connect interfaces for easyroam

l.p · June 18, 2025, 12:55pm

name: easyroam
description: The easyroam app installs EAP-TLS WiFi profiles for authentication with the eduroam infrastructure.
snapcraft: PRIVATE
upstream: PRIVATE
upstream-relation: I am a developer for the easyroam project
interfaces:
- network-manager:
  - request-type: auto-connection
  - reasoning: The app needs this connection to install/renew the WiFi profiles
- home:
  - request-type: auto-connection
  - reasoning: The user certificate and private key for the EAP-TLS WiFi profile are saved in the user’s home directory

store-requests-bot · June 18, 2025, 12:55pm

This request has been added to the queue for review by the @reviewers team.

cav · June 25, 2025, 12:15am

home is auto-connected by default when added as a plug in the snapcraft.yaml

l.p · June 26, 2025, 9:48am

Hi, I must have misunderstood the documentation then. The documentation states, that the interface is auto-connect on traditional distributions. How are these traditional distributions defined?

Anyway can we then just exclude the home interface for auto-connection and continue with the request for network-manager only?

jslarraz · June 26, 2025, 10:08am

Hey @l.p

If I’m right, traditional distributions refers to any distribution besides Ubuntu Core.

network-manager looks expected and appropriate considering the snap functionality.

Just one question from my side, can easyroam be used to obtain client certificate/priv. key or it just uses certificate/priv. key obtained by the user via alternative methods?

l.p · June 26, 2025, 11:16am

Hi @jslarraz

Thanks for the clarification.

Users use the easyroam app to obtain the profile (client certificate/priv. key). The easyroam app does not accept a profile that has been obtained via alternative methods e.g. browser.

jslarraz · June 26, 2025, 12:29pm

In that case I wonder if it would be possible for easyroam to store the credentials in the per-snap home (See https://snapcraft.io/docs/environment-variables#heading--home) rather than real user home.

That way, you would effectively prevent other snaps installed in the system from accessing the private key.

If easyroam uses the $HOME environment variable to define the credentials location it should be the case already. In this case you won’t even need to plug the home interface

l.p · June 26, 2025, 2:00pm

The credentials themselves are already stored in the per snap home. However, network-manager has issues reading the user credentials if the home interface is not included in the snapcraft.yaml, which is why I included it.

jslarraz · June 30, 2025, 2:56pm

Thus +1 from me for granting auto-connection to network-manager interface (#voteFor)

cav · July 2, 2025, 2:10am

Given the discussion above, +1 (#voteFor) granting auto-connection of the network-manager interface

store-requests-bot · July 2, 2025, 2:10am

Voting period has ended. This request is approved with 2 votes for and 0 votes against.

cav · July 2, 2025, 2:14am

Request has been granted. This is now live.