cmd/snap: implement userd command as replacement for snapd-xdg-open #3260
Conversation
daemon/user/daemon.go
Outdated
| type Daemon struct { | ||
| tomb tomb.Tomb | ||
| conn *dbus.Conn | ||
| ifaces []registeredInterface |
There was a problem hiding this comment.
The overlord of the word interface is unfortunate.
There was a problem hiding this comment.
True, but we deal with dbus interfaces here ..
daemon/user/safelauncher.go
Outdated
| ) | ||
|
|
||
| var ( | ||
| allowedUrlSchemes = []string{"http", "https", "mailto"} |
There was a problem hiding this comment.
we audit this already inside the core snap, before sending the call to the dbus ... i think it would be nice to agree to only do this auditing in one place (either at the start or at the end of the chain) so you do not need to change two places (core snap as well as snapd code) when adding or removing a protocol handler (i dont care which side we drop, but having a single place will prevent errors)
There was a problem hiding this comment.
Where are we doing this? The xdg-open script in the core snap has only:
$ cat /snap/core/current/usr/local/bin/xdg-open
#!/bin/sh
dbus-send --print-reply --session --dest=com.canonical.SafeLauncher / com.canonical.SafeLauncher.OpenURL string:"$1"
There was a problem hiding this comment.
in the mimetype handler of the .desktop file we install inside core: https://github.com/snapcore/core/blob/master/live-build/hooks/500-create-xdg-wrapper.binary#L23
and in the mimeapps.list we implement:
https://github.com/snapcore/core/blob/master/live-build/hooks/500-create-xdg-wrapper.binary#L28
protocols not defined in there will simply be ignored. as i said above i'm not opposed to drop this if it doesnt break things, i'd just like if we have only one place defining it.
There was a problem hiding this comment.
Anything inside the core snap is untrusted as it can be altered by the attacker. This filtering really does belond on this side.
| @@ -112,3 +112,12 @@ Section: oldlibs | |||
| Pre-Depends: dpkg (>= 1.15.7.2) | |||
| Description: Transitional package for snapd | |||
| This is a transitional dummy package. It can safely be removed. | |||
|
|
|||
| Package: snapd-xdg-open | |||
There was a problem hiding this comment.
keeping this as separate package will break for users using only "apt-get upgrade" (vs dist-upgrade) if snapd gets a dependency on it.
...it was one of the main reasons to actually start discussing to move snapd-xdg-open into snapd in the beginning to actually get it into distros that have not seeded it (like elementary) without introducing a package dependency.
There was a problem hiding this comment.
similar to snap-confine btw ...
There was a problem hiding this comment.
It will stay a separate package but produced by the snapd source package so we can migrate people away from the other snapd-xdg-open deb package. That was the idea. Didn't tested yet this works well.
There was a problem hiding this comment.
well, but that means you have to either add a recommends (in which case the package will never be installed for users only doing "apt-get upgrade") or you add a hard dependency in which case users of "apt-get upgrade" will get an upgrade error. we have tons of bugs for that case from snap-confine which was one of the reasons to include it without a separate package, keeping a separate binary package looks to me like we are exactly re-introducing the same problem again just with another package now.
There was a problem hiding this comment.
We need one or another way to get the snapd-xdg-open package removed from installations out there. If we have a binary package produced by two different source packages but the second one has a higher version as the first one isn't then the one from the first source package overwritten?
The Recommends is for sure missing. Any other ways how we can achieve this?
There was a problem hiding this comment.
yes, include the binaries in snapd and have the proper breaks/replaces lines (and perhaps a provides) in the snapd package.
There was a problem hiding this comment.
Ok, including the binaries in the snapd package was the plan. Will add the Breaks/Replaces line.
There was a problem hiding this comment.
CC @mvo5 - I think we just want to have this in the main snapd package and have snapd-xdg-open as an empty transitional package.
morphis
force-pushed
the
f/snapd-user-instance
branch
2 times, most recently
from
8645bb7
to
1df07bc
Compare
morphis
changed the title
morphis
force-pushed
the
f/snapd-user-instance
branch
from
1e7a9c9
to
ac5783e
Compare
|
Personally, given the scope of this branch, I'd like to re-target a smaller subset. Let's start with the basic mechanics (user session daemon) even if it does nothing. Then follow up with more things. |
data/upstart/Makefile
Outdated
| # You should have received a copy of the GNU General Public License | ||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
|
|
||
| LIBEXECDIR := /usr/lib |
There was a problem hiding this comment.
I think this should come from the outside. Ideally we'd have one makefile for everything in data/
There was a problem hiding this comment.
My point is that := is stronger than ?=
There was a problem hiding this comment.
Got it, will change to ?=
packaging/ubuntu-14.04/rules
Outdated
| @@ -103,6 +103,8 @@ override_dh_auto_build: | |||
| cd cmd && ( autoreconf -i -f ) | |||
| cd cmd && ( ./configure --prefix=/usr --libexecdir=/usr/lib/snapd $(VENDOR_ARGS)) | |||
| $(MAKE) -C cmd all | |||
| # Build any available upstart configurations | |||
| $(MAKE) -C data/upstart all | |||
There was a problem hiding this comment.
We could convey things like LIBEXECDIR and anything else through make variables.
There was a problem hiding this comment.
Aren't we doing that already? We just take the defaults here as we do similar for the systemd build step. This works similar like with default values for configure scripts.
There was a problem hiding this comment.
Well, not with LIBEXECDIR := /usr/lib that you can see in data/upstart/Makefile
There was a problem hiding this comment.
Isn't that already a variable set in the Makefile which can be optionally overridden by the caller?
packaging/ubuntu-14.04/rules
Outdated
| @@ -142,6 +144,10 @@ override_dh_install: | |||
| # and now the normal install rules | |||
| install --mode=0644 debian/snapd.system-shutdown.service debian/snapd/$(SYSTEMD_UNITS_DESTDIR) | |||
| $(MAKE) -C cmd install DESTDIR=$(CURDIR)/debian/tmp | |||
|
|
|||
| # install any available upstart jobs | |||
| $(MAKE) -C data/upstart install DESTDIR=$(CURDIR)/debian/snapd/ | |||
There was a problem hiding this comment.
If you go with one makefile you could just roll that into the existing make install on data.
There was a problem hiding this comment.
We can do a single makefile but this would make it a bit harder for people to skip the installation of the upstart files.
cmd/snapd/main.go
Outdated
| if err := run(); err != nil { | ||
|
|
||
| parser := flags.NewParser(&opts, flags.HelpFlag|flags.PassDoubleDash|flags.PassAfterNonOption) | ||
| _, err := parser.ParseArgs(os.Args[1:]) |
There was a problem hiding this comment.
You can combine this into one line:
if _, err := parser.ParseArgs(os.Args[1:]); err != nil {
...
}
There was a problem hiding this comment.
Can combine that. The code was exactly this way before.
cmd/snapd/main.go
Outdated
| if opts.User { | ||
| d, err = user.NewDaemon() | ||
| } else { | ||
| httputil.SetUserAgentFromVersion(cmd.Version) |
There was a problem hiding this comment.
Can we call SetUserAgentFromVersion unconditionally? I suspect we can and it would not hurt in any way.
There was a problem hiding this comment.
It was done this way before so I guess it's ok.
daemon/user/daemon.go
Outdated
| import ( | ||
| "bytes" | ||
|
|
||
| "github.com/godbus/dbus" |
There was a problem hiding this comment.
Good luck a packaging that everywhere ^_^
Quick question: how many dependencies does godbus itself pull in?
There was a problem hiding this comment.
I only had to add godbus itself to our vendoring setup, no more. And the good thing is, it is already on Fedora, the only distro where this would hurt.
There was a problem hiding this comment.
Somebody would have to submit a package but our story for debian is basically that we rely on re-execution to work. For unstable and next testing this would be a thing somebody has to look into but I guess that will be a natural thing once we task somebody to package a more recent snapd version for debian.
There was a problem hiding this comment.
I think this somebody is you and me We should pick this up in anticipating of this thing landing.
There was a problem hiding this comment.
I've talked with Michael and Steve in the past and they weren't much interested as re-execution is supposed to handle this and we can't really update snapd in stable or testing. So unstable is our only possible landing bed. You're a debian developer? If you're I would prefer you do this as I am not one.
There was a problem hiding this comment.
I'm a DM, in either case we must package this for Sid.
daemon/user/daemon.go
Outdated
| "fmt" | ||
|
|
||
| "github.com/godbus/dbus/introspect" | ||
| tomb "gopkg.in/tomb.v2" |
There was a problem hiding this comment.
I think you can skip tomb as it will be imported like that anyway.
daemon/user/daemon.go
Outdated
| ) | ||
|
|
||
| const ( | ||
| busName = "com.canonical.SafeLauncher" |
There was a problem hiding this comment.
Nitpick: I know this is what we currently implement but I'd like us to listen on both io.snapcraft.SomethingNice and com.canonical.SafeLauncher (the second one can be deprecated later)
There was a problem hiding this comment.
I would not like to open another gate here with the upcoming xdg portal working which will introduce a very similar API. Lets keep it to what it is today and then refine / rework in a follow up PR.
data/upstart/Makefile
Outdated
| # You should have received a copy of the GNU General Public License | ||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
|
|
||
| LIBEXECDIR := /usr/lib |
There was a problem hiding this comment.
My point is that := is stronger than ?=
data/upstart/Makefile
Outdated
| UPSTART_SERVICES := $(patsubst %.conf.in,%.conf,$(wildcard *.conf.in)) | ||
|
|
||
| %.conf: %.conf.in | ||
| cat $< | \ |
There was a problem hiding this comment.
Nitpick, this fits on one line nicely:
data/upstart/Makefile
Outdated
|
|
||
| %.conf: %.conf.in | ||
| cat $< | \ | ||
| sed s:@libexecdir@:${LIBEXECDIR}:g | \ |
There was a problem hiding this comment.
Please use single quote around this
data/systemd/snapd-user.service.in
Outdated
| @@ -0,0 +1,10 @@ | |||
| [Unit] | |||
There was a problem hiding this comment.
I bet I'm missing something but isn't it the case that user services have this funky syntax including @ in the service name?
There was a problem hiding this comment.
They don't have to. @ basically allows to pass arguments to the systemd unit which we don't need in this case as systemd will ensure we're started as the right user and in the right scope.
| @@ -112,3 +112,12 @@ Section: oldlibs | |||
| Pre-Depends: dpkg (>= 1.15.7.2) | |||
| Description: Transitional package for snapd | |||
| This is a transitional dummy package. It can safely be removed. | |||
|
|
|||
| Package: snapd-xdg-open | |||
There was a problem hiding this comment.
CC @mvo5 - I think we just want to have this in the main snapd package and have snapd-xdg-open as an empty transitional package.
|
I also created the companion PR for the core side: canonical/core#54 |
| @@ -0,0 +1,3 @@ | |||
| [D-BUS Service] | |||
| Name=io.snapcraft.Launcher | |||
| Exec=@bindir@/snap userd | |||
There was a problem hiding this comment.
Feels like libexecdir thing to me.
There was a problem hiding this comment.
This is the regular snap binary that provides the userd subcommand. So we need bindir here unless I miss something.
There was a problem hiding this comment.
This is correct, though I expected this to be implemented in a libexecdir command, as users shouldn't usually do things here. Not a biggie, though.
tests/main/snap-userd/task.yaml
Outdated
| --type=method_call \ | ||
| --print-reply \ | ||
| /io/snapcraft/Launcher \ | ||
| io.snapcraft.Launcher.OpenURL string:"ping-ping-ping:" \ |
There was a problem hiding this comment.
Please use the regular peer ping method here.
There was a problem hiding this comment.
Unfortuantely ping is not implemented by us, I can dig a bit more into this but it looks like a limiation/missing feature of the godbus library which is not very high-level.
There was a problem hiding this comment.
I changed the code to use "ping" now.
| @@ -0,0 +1,3 @@ | |||
| [D-BUS Service] | |||
| Name=io.snapcraft.Launcher | |||
| Exec=@bindir@/snap userd | |||
There was a problem hiding this comment.
This is correct, though I expected this to be implemented in a libexecdir command, as users shouldn't usually do things here. Not a biggie, though.
| path=/io/snapcraft/Launcher | ||
| interface=io.snapcraft.Launcher | ||
| member=OpenURL | ||
| peer=(label=unconfined), |
packaging/fedora/snapd.spec
Outdated
| @@ -380,12 +380,11 @@ autoreconf --force --install --verbose | |||
| popd | |||
|
|
|||
| # Build systemd units | |||
| pushd ./data/systemd | |||
| make BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" \ | |||
| make -C data \ | |||
There was a problem hiding this comment.
Please refrain from making unrelated changes to the spec. Changing from pushd / popd to using make -C is a different type of change.
There was a problem hiding this comment.
Sorry, I just inherited this change, I can revert this back if you prefer.
packaging/fedora/snapd.spec
Outdated
| @@ -441,13 +440,11 @@ rm -fv %{buildroot}%{_bindir}/ubuntu-core-launcher | |||
| popd | |||
|
|
|||
| # Install all systemd units | |||
| pushd ./data/systemd | |||
| %make_install SYSTEMDSYSTEMUNITDIR="%{_unitdir}" BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" | |||
| %make_install -C data SYSTEMDSYSTEMUNITDIR="%{_unitdir}" BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" | |||
| @@ -64,8 +64,8 @@ Depends: adduser, | |||
| systemd, | |||
| ${misc:Depends}, | |||
| ${shlibs:Depends} | |||
| Replaces: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22) | |||
| Breaks: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22) | |||
| Replaces: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22), snapd-xdg-open (<< 0.0.0) | |||
There was a problem hiding this comment.
That is an insane number of Breaks/Replaces directives!
mvo5
force-pushed
the
f/snapd-user-instance
branch
from
bdbf7ee
to
cf2ac03
Compare
|
Thank you guys for this! So, snaps that call |
|
@feikname correct :) |
|
@mvo5 I owe you a beer or something else on the next sprint for taking this over and finishing it! |
This should have been caught when canonical#3260 was being worked on. Signed-off-by: Neal Gompa <ngompa13@gmail.com>
This should have been caught when canonical#3260 was being worked on. Signed-off-by: Neal Gompa <ngompa13@gmail.com>
|
Hello. I have no idea how this is supposed to work internally, but apparently it doesn't for me. As far as i understood, it should work out-of-the-box after 2.28 or something. Particular snap which causes xdg-open fork-bomb: I have snapd-xdg-open-git^AUR package installed on host which provides 2 binaries Why is that? Should I file an issue? Thanks. |
|
@ratijas you should file an issue on https://forum.snapcraft.io, there you will have more visibility for your issue. It's not clear to me if this PR is the cause of your issue or not, more debugging is necessary |
In https://forum.snapcraft.io/t/integrate-snapd-xdg-open-into-snapd-repository/100 we decided to implement a
snap userdcommand which replacessnapd-xdg-open.Based on discussion from https://forum.snapcraft.io/t/integrate-snapd-xdg-open-into-snapd-repository/100