Snap sandbox not allowing creation of $HOME/.config/harsh files?

wakatara · June 30, 2020, 5:45am

Hola snapcrafters,

TLDR

The snap package I have built does not create a habit and log file in the snap “home” directories on onboarding which I assume is because of security sandboxing. Do I need to change that option and to what in my snap build config? (it’s currently “strict”).

The Longer Tale

I’ve recently attempted to create a snap so linux users can use harsh easily (and I apologize if I am asking a stupid question, this is the first time I’ve created a snap package). It builds and releases fine, but the app is not working when it needs to create the habits and log file on onboarding.

I currently build binaries for the GoLang program via goreleaser and a github action and then push the snap. This works fine for the regular binaries I create in OSX, linux, and Windows and via homebrew, but people installing the new snap I created are not getting the onboarding files created on the first run. I imagine this has something to do with the sandboxing model, however, I just wanted to check here before altering my config file for creating the snap.

Using goreleaser, I have the following yaml for the snap which builds successfully and is currently in the snap store:

snapcrafts:
  - name_template: '{{ .ProjectName }}_{{ .Arch }}'
    summary: habit tracking for geeks. A minimalist CLI for examining your habits.
    description: |
      Harsh provides a simple, portable, minimalist command line interface for
      tracking and examining your habits with text files and actionable
      consistency graphs, sparklines, and scoring to let you know how you are 
      doing on progressing (or breaking) your habits.
      https://github.com/wakatara/harsh
    grade: stable
    confinement: strict
    license: MIT
    publish: true

It builds fine, but as I say, once installed on a system via snap it appears not to allow the initial habits and log file to be created on the first onboarding run (if those are required).

You get the following when you run the command which triggers onbaording if the config/setup files are not present:

Welcome to harsh!

Created /home/ubuntu/snap/harsh/1/.config/harsh/habits   This file lists your habits.
Created /home/ubuntu/snap/harsh/1/.config/harsh/log      This file is your habit log.

No habits of your own yet?
Open your habits file @ /home/ubuntu/snap/harsh/1/.config/harsh/habits
with a text editor (nano, vim, VS Code, Atom, emacs) and modify and save the habits list.
Then:

Run       harsh ask     to start tracking
Running   harsh todo    will show you undone habits for today.
Running   harsh log     will show you a consistency graph of your efforts.
                        (the graph gets way cooler looking over time.
For more depth, you can read https://github.com/wakatara/harsh#usage

Happy tracking! I genuinely hope this helps you with your goals. Bueno suerte!

thanks!
Daryl.

jamesh · June 30, 2020, 6:23am

So are you saying that /home/ubuntu/snap/harsh/1/.config/harsh/habits is not created? Note that the configuration file is not written to ~/.config in your real home directory because strictly confined applications are not allowed to write there.

wakatara · June 30, 2020, 7:29am

Hi @jamesh

Yes, that is correct. Neither the directory .config/harsh nor the files habits and log appear to get created - at least with the initial snap I created using “strict” confinement.

(and yes, I realize snaps do not allow things to be written in the ~/.config directory.).

Would it be better to use another confinement option or is there a better way to handle this issue (I was surprised as I would have assumed from the description of strict in the documentation that it would have allowed writing to ~/.config/harsh as it was under the user’s home directory.

lemme know. And thanks for helping!

jamesh · June 30, 2020, 8:19am

If your application is failing to write to ~/snap/harsh/current/.config/harsh but not reporting that, is there a problem with its error reporting? You shouldn’t see things apparently succeed but silently fail like that.

wakatara · June 30, 2020, 11:12am

Sorted. It appears Go has a slightly subtle difference in creating directories in linux versus osx. I foind a more generic approach to it (and added errors… =] ) and tested via multipass. New snap pushed.

thanks for your help.

jamesh · June 30, 2020, 12:03pm

Based on the change you made, it looks like your old code was assuming that ~/.config existed (which would be required in order to do an mkdir on ~/.config/harsh).

I would strongly recommend that you add the missing error handling to your code. Without that, you’ve got no idea where things have gone wrong.