Request for classic confinement, gum

aalmiray · November 20, 2020, 6:29pm

I’d like to request classic confinement for gum snap which is built from

https://github.com/kordamp/gm
https://snapcraft.io/gum

Gum’s snap is currently published (via goreleaser) as strict and as far as I can tell it performs its job as long as its target 3rd party executables (gradle, maven, and jbang) are installed with alternate means such as Homebrew or SDKMAN.

However if jbang (recently released as classic because it invokes the Java compiler if I’m not mistaken) is installed via snap then it won’t be reachable by Gum’s in its current form.

TIA.

alexmurray · November 24, 2020, 10:54am

Strict confinement does not allow a snap to launch any binaries which it does not provide itself - as such unless gum provides maven / gradle etc it is unlikely to work at all as a strict-mode snap. Can you confirm whether it is functional at all at the moment and if so, are you shipping these tools inside the gum snap?

aalmiray · November 24, 2020, 11:19am

Understood. Gum does not work if shipped as a strict snap at the moment. Maven, Gradle, and JBang executables are not intended to be shipped with Gum, as these tools have their own release cycles and their development is handled by different teams.

Thus I think the way to make Gum work as expected is to move it to classic confinement.

TIA.

alexmurray · November 25, 2020, 2:52am

@aalmiray well it is more a question of what users of gum would need / expect - would they need gum to use these binaries from their host system, or could it work fine if gum were to ship these itself? There can be a bunch of rough edges with classic snaps due to the fact that they are not isolated from the host system and so due to things like library incompatibilities etc, it can be easier to maintain and use strict mode snaps in some cases. As such, if it is possible for gum to work correctly in strict mode by shipping these binaries itself, that would be the best option.

However, if this is not possible (say due to incompatibilities between the version of say maven shipped in a strict-mode gum vs the host installed maven) - then classic would be the better option I suppose. Let me know what you think.

aalmiray · November 25, 2020, 1:29pm

Gum complements Gradle, Maven, and JBang, and as such it does not make much sense for Gum to provide additional binaries. Also, Gum works with any versions of said binaries, it does not force a particular release, nor does it have to.

I believe classic mode is the best course of action.

TIA.

alexmurray · November 25, 2020, 11:05pm

Ok, requirements for classic confinement of gum are understood. Since gum is essentially a compiler wrapper, this fits within the category of known use-cases for classic confinement (ie compilers / build tools etc).

@advocacy can you please perform publisher vetting?

Igor · December 9, 2020, 12:22pm

+1 from me, I’ve verified the publisher.

emitorino · January 5, 2021, 5:39pm

Granting use of classic. This is now live.

aalmiray · December 14, 2020, 7:19pm

Thank you!

I can now proceed with the steps from my side to publish Gum’s next release.