Hello, I’m learning how packaging of snap applications is done and I’ve been going through the process of packaging the CLI portion of my tracex-parser Python library.
The CLI program
parse-trx needs read-only local file access in order to do its job - parsing ThreadX trace files into a human friendly format. To do this I’ve leveraged the
system-files interface with read access to
/media (two places where a user might put ThreadX trace files): https://github.com/julianneswinoga/tracex_parser/blob/js/add-snap-build/snap/snapcraft.yaml#L30. Ideally I could allow read access to
/opt as well but I don’t believe that is currently possible with snaps.
So in order to publish my snap (
tracex-parser) I require this human review:
human review required due to 'allow-installation' constraint (bool)
You do not need system-files here, the
removable-media interfaces grant you access to /home and /media… that way your snap will not go into manual review…
Thank you for the reply! Since I only need read access though, is there a way to lock down the
removable-media interfaces to not default to rw?
nope, they are RW for the users $HOME and their files in /media … and there is no option currently to limit this …
hi @julesinspaaace, (and thanks ogra).
For awareness, the
removable-media interface is considered sensitive, which means not only does it’s use require specific permission from the
reviewers team here, but also that the publisher be vetted. There are some guidelines on the process for auto-connections page (search for removable-media).
home interface of course is auto-connected once you plug that, but typically
removable-media remains a manual connection unless the criteria linked above are satisfied (I mention this especially because you mention you’re just learning how to package snaps).
Thank you for the help and information! I’ve reverted back to strict confinement and published the snap
Hey @julesinspaaace , I see that
tracex-parser has passed the automatic review and does not need manual review anymore. Therefore, I’ll go ahead and remove this request from our reviewing queue. Please let us know in case you need further assistance. Thanks.