Request for classic confinement of racket

zyga · November 30, 2023, 7:43pm

The existing racket snap uses strict confinement, which is useful in some but not all cases. Racket contains an compiler, language-specific package manager (raco) and a full blown IDE (drracket). I would like to request that a specific track of racket to use classic confinement, while the default track stay on strict confinement.

This request is coming directly out of Racket community: https://racket.discourse.group/t/ubuntu-linux-racket-8-10-snap-emacs-racket-mode/2263/9 and would allow using racket in emacs.

EDIT: there’s some desire to have the classic confinement to be on the default track. So please treat this part as TBD.

alexmurray · December 1, 2023, 12:53am

As an IDE and compiler etc racket definitely appears to fit within one of the supported categories for classic confinement as per Process for reviewing classic confinement snaps.

In addition though, a snap must also have a requirement for classic confinement via the need to execute arbitrary binaries from the host, or access files outside the snap’s mount namespace from the host (eg. /usr/ etc) - however in the linked issue, the underlying problem seems to be that racket wants to access the emacs configuration for racket-mode - so I wonder if this could be solved by granting racket personal-files access to ~/.emacs.d/elpa which is the standard location where emacs packages are installed?

zyga · December 1, 2023, 7:46am

I think this makes sense for strict racket, but the nature of the problem is open-ended. I think having both confinement levels co-exist makes sense, as for some users the strictly confined version or the classically confined version will be simply more appropriate.

zyga · December 1, 2023, 8:19am

I think I would like to have the following setup:

racket/strict/stable - 8.11.1 with strict confinement for IOT and some workstation use-cases
racket/stable - 8.11.1 with classic confinement for developers

There are about 500-600 active installations, we can work upstream do document the two snap packages and clearly indicate which snap to install.

cav · December 6, 2023, 1:38am

The requirements for classic for racket are understood are understood. As far as I know, the publisher has not been vetted previously so I will start that process now.

zyga · December 6, 2023, 8:35pm

I’ve replied to the message now. Thanks!

cav · December 10, 2023, 11:06pm

I have also messaged with some additional info. Thank you!

zyga · December 11, 2023, 12:14am

Apologies, I’ve missed this. Looking into this now. EDIT: and replied with the last requirement.

cav · December 11, 2023, 12:24am

I have verified the publisher - classic confinement override for racket has now been granted. Thanks!

zyga · December 11, 2023, 12:26am

Thank you! I will discuss next steps upstream, as I suspect we want to help people migrate to the classic confined snap without having everyone stuck on the old version. I will look at publishing a classic snap to the beta channel tomorrow.