Amber is a programming language that’s compiled to bash. Even though it might work well with strict confinement, being a programming language it might need access to arbitrary files from the system. Thus, it falls under the approved categories of compilers as this is a compiler for the bash. This is similar to the rustup snap. The snap is published by the upstream and is maintained by me as a part of the upstream. Requesting a review from the policy reviewers.
Thanks and Regards,
Soumyadeep Ghosh
2 Likes
Hi @soumyaDghosh, thank you for the amber-bash snap. You have added snapcraft file to upstream repo, here. It perfectly fits into “programming languages” category. I am okay to grant this snap classic.
@reviewers, let me know if you think otherwise
1 Like
Thank you! Sorry, I forgot to add the upstream repo.
I am not sure I agree that this needs classic confinement given the current reasoning - you say that it might need access to arbitrary files - can you please be more specific? What files does amber require access to from the host file-system?
Not in a normal use case, but if a user to compile files under the snapcraft environment. It completely depends on the usage. This app in particular needs no extra files to work. May be my request got a bit misleading.
Hi @alexmurray any review on this?
@soumyaDghosh I need more details to understand the nature of amber. You say it might need access to arbitrary files in the initial post but then you say it needs no extra files to work. So if in the general case amber works fine under strict confinement then I think that is most appropriate. Classic confinement has a number of drawbacks and limitations and so should only be requested when absolutely necessary but it seems in this case it is not.
If however you still feel that it is necessary please provide specific details. Thanks.
1 Like
We’ve moved to strict confinement, and until we find any proper use case for classic confinement, we’ll stick with the strict one. Thanks a lot @alexmurray @0xnishit for your help and support. We are closing this ticket.
Excellent, thanks for letting us know @soumyaDghosh - I will remove this request from our internal queue.
1 Like
Hii, @alexmurray We have found a usecase for the classic confinement. Please let us know how we should fix it
https://github.com/amber-lang/amber/issues/388
From what I can see on that issue I think you could fix it by staging the whois binary into the snap, right?
Actually, it basically needs to access that file, which is in a not so common folder. I don’t think only whois can fix it. I can’t find any interface that can give access to any file, so, I think classic confinement, because as the user says, they’d expect this compiler to work on any file without thinking about the location of that file.
Hmm but in the case from the github issue, the snap is processing a file from home which it should have access to - but it just doesn’t have access to the pwd. So perhaps it just needs to set pwd to be $SNAP_USER_COMMON or similar before actually executing?
somefolder$ amber-bash -e 'unsafe $ls$'
ls: cannot open directory '.': Permission denied
I am not sure if this will be helpful, amber also has a feature of inline evaluation, and probably with some recent changes, it doesn’t work properly with code from directly console passed as parameter.
EDIT: I just tested in classic and it’s properly working. I think we should convert it into a classic snap now. As it is a programming language and will change with its development continues. Users would want to compile files from random paths, or even under strict environments, like while building a snap. There is a talk of using this in github actions, so that’s the final way to give it arbitrary files access.
Hi @alexmurray can we go ahead with this request to voting?
Interesting language 
, we recognize a bit of Javascript and Python in there.
It would perhaps be simpler in terms of transformation if the patterns looked more like Python (due to the obligatory tabulations on certain sequences). 
1 Like
Hey @soumyaDghosh
amber-bash fits in the programming languages category and the requirement to run arbitrary binaries via the unsafe keyword seems to require classic. The publisher is vetted as a member of snapcrafters. Granting classic to amber-bash. This is now live.
1 Like
@jslarraz A little bit of correction, publisher is not me, it’s the upstream. I am a collaborator.
Hii @jslarraz our builds are being automatically rejected. Please help us fix it.
As you can see in the error, plugs/slots are not allowed with classic confinement. Please remove your plugs/slots definitions from the snapcraft.yaml and the automatic review should pass normally.
