Rofi-totp snap require personal-files to read configuration


rofi-totp requires to read 2 configuration files from user’s HOME directory.

  1. ~/.gauth
  2. ~/2fa.yml (for backward compatibility)




~/.gauth appears to be used by the google authenticator desktop app. A quick search didn’t show anything for ~/2fa.yml (is this rofi-totp specific)?

There isn’t enough information to understand why the read access is needed. Can you provide more detail on why the snap-specific value for $HOME is not sufficient (eg, ~/snap/rofi-totp/<revision>)? The interface is intended to be used to import data from non-snap installs where the snap is the clear owner of the specified file/directory.


@jdstrand Thanks for the reply.

~/.gauth appears to be used by the google authenticator desktop app.

Yes, .gauth is used by alfred-workflow-gauth. from 0.2.0 rofi-totp start supporting the ~/.gauth so that users who are using mac and linux can use the same config file, sync via Dropbox.

~/2fa.yml (is this rofi-totp specific)

Yes the version 0.1.0 (Initial release) used this configuration and still supports along with .gauth.

Regarding the $HOME, rofi-totp is distributed as executable as of now and will continue to do so along with snap distrubution. As of now it reads the config from users $HOME directory. So the snap specific $HOME directory won’t be a good idea if the user decide to use the executable without snapd

Hope this clarifies the intention.


+1 for use of personal-files for read with auto-connection for 2fa.yml with the following snap.yaml (since this snap owns ~/2fa.yml):

    interface: personal-files
    - $HOME/2fa.yml

+1 for use of personal files for read without auto-connection for ~/.guath with the following snap.yaml (since this snap does not own ~/.gauth):

    interface: personal-files
    - $HOME/.gauth

@reviewers - can others vote on this?


does $HOME/2fa.yml really require the personal-files interface, it seems like it’s already allowed via the home interface. Unless really what’s meant is $HOME/.2fa.yml?


Looked at the upstream source and it certainly looks for ~/2fa.yml not ~/.2fa.yml. So +1 from me for the personal files use for .gauth as described by @jdstrand


I am :+1: for using personal files to read without auto-connection for ~/.guath

:-1: on the personal file to read ~/2fa.yml since that can be accessed via the home interface.


@ijohnson, @popey, @Wimpress - note that the personal-files interface is typically used for dot files, but it can be used to allow a specific area of the filesystem instead of allowing all of home, which is what I was thinking. That said, the snap does already plugs home, so that is unneeded.

3 votes for, 0 against for use of .gauth without auto-connection
1 vote for, 2 against for use of 2fa.yml

Granting use of .gauth as described. This is now live.

Please adjust your snap to use (and drop 2fa.yml):

    interface: personal-files
    - $HOME/.gauth

and your next upload should pass automated review.


I forgot that the review-tools need an update for this to pass automated review. This is committed but not in production yet. It should be soon. In the meantime, you can request a manual review and we can approve it that way.