-
Notifications
You must be signed in to change notification settings - Fork 574
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/snap: implement userd command as replacement for snapd-xdg-open #3260
Conversation
daemon/user/daemon.go
Outdated
type Daemon struct { | ||
tomb tomb.Tomb | ||
conn *dbus.Conn | ||
ifaces []registeredInterface |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The overlord of the word interface is unfortunate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True, but we deal with dbus interfaces here ..
daemon/user/safelauncher.go
Outdated
) | ||
|
||
var ( | ||
allowedUrlSchemes = []string{"http", "https", "mailto"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we audit this already inside the core snap, before sending the call to the dbus ... i think it would be nice to agree to only do this auditing in one place (either at the start or at the end of the chain) so you do not need to change two places (core snap as well as snapd code) when adding or removing a protocol handler (i dont care which side we drop, but having a single place will prevent errors)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where are we doing this? The xdg-open script in the core snap has only:
$ cat /snap/core/current/usr/local/bin/xdg-open
#!/bin/sh
dbus-send --print-reply --session --dest=com.canonical.SafeLauncher / com.canonical.SafeLauncher.OpenURL string:"$1"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in the mimetype handler of the .desktop file we install inside core: https://github.com/snapcore/core/blob/master/live-build/hooks/500-create-xdg-wrapper.binary#L23
and in the mimeapps.list we implement:
https://github.com/snapcore/core/blob/master/live-build/hooks/500-create-xdg-wrapper.binary#L28
protocols not defined in there will simply be ignored. as i said above i'm not opposed to drop this if it doesnt break things, i'd just like if we have only one place defining it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Anything inside the core snap is untrusted as it can be altered by the attacker. This filtering really does belond on this side.
@@ -112,3 +112,12 @@ Section: oldlibs | |||
Pre-Depends: dpkg (>= 1.15.7.2) | |||
Description: Transitional package for snapd | |||
This is a transitional dummy package. It can safely be removed. | |||
|
|||
Package: snapd-xdg-open |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
keeping this as separate package will break for users using only "apt-get upgrade" (vs dist-upgrade) if snapd gets a dependency on it.
...it was one of the main reasons to actually start discussing to move snapd-xdg-open into snapd in the beginning to actually get it into distros that have not seeded it (like elementary) without introducing a package dependency.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
similar to snap-confine btw ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It will stay a separate package but produced by the snapd source package so we can migrate people away from the other snapd-xdg-open deb package. That was the idea. Didn't tested yet this works well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
well, but that means you have to either add a recommends (in which case the package will never be installed for users only doing "apt-get upgrade") or you add a hard dependency in which case users of "apt-get upgrade" will get an upgrade error. we have tons of bugs for that case from snap-confine which was one of the reasons to include it without a separate package, keeping a separate binary package looks to me like we are exactly re-introducing the same problem again just with another package now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need one or another way to get the snapd-xdg-open package removed from installations out there. If we have a binary package produced by two different source packages but the second one has a higher version as the first one isn't then the one from the first source package overwritten?
The Recommends is for sure missing. Any other ways how we can achieve this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, include the binaries in snapd and have the proper breaks/replaces lines (and perhaps a provides) in the snapd package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, including the binaries in the snapd package was the plan. Will add the Breaks/Replaces line.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CC @mvo5 - I think we just want to have this in the main snapd package and have snapd-xdg-open as an empty transitional package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
8645bb7
to
1df07bc
Compare
1e7a9c9
to
ac5783e
Compare
Personally, given the scope of this branch, I'd like to re-target a smaller subset. Let's start with the basic mechanics (user session daemon) even if it does nothing. Then follow up with more things. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some more comments.
data/upstart/Makefile
Outdated
# You should have received a copy of the GNU General Public License | ||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
|
||
LIBEXECDIR := /usr/lib |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should come from the outside. Ideally we'd have one makefile for everything in data/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My point is that :=
is stronger than ?=
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got it, will change to ?=
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
packaging/ubuntu-14.04/rules
Outdated
@@ -103,6 +103,8 @@ override_dh_auto_build: | |||
cd cmd && ( autoreconf -i -f ) | |||
cd cmd && ( ./configure --prefix=/usr --libexecdir=/usr/lib/snapd $(VENDOR_ARGS)) | |||
$(MAKE) -C cmd all | |||
# Build any available upstart configurations | |||
$(MAKE) -C data/upstart all |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could convey things like LIBEXECDIR and anything else through make variables.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aren't we doing that already? We just take the defaults here as we do similar for the systemd build step. This works similar like with default values for configure scripts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, not with LIBEXECDIR := /usr/lib
that you can see in data/upstart/Makefile
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't that already a variable set in the Makefile which can be optionally overridden by the caller?
packaging/ubuntu-14.04/rules
Outdated
@@ -142,6 +144,10 @@ override_dh_install: | |||
# and now the normal install rules | |||
install --mode=0644 debian/snapd.system-shutdown.service debian/snapd/$(SYSTEMD_UNITS_DESTDIR) | |||
$(MAKE) -C cmd install DESTDIR=$(CURDIR)/debian/tmp | |||
|
|||
# install any available upstart jobs | |||
$(MAKE) -C data/upstart install DESTDIR=$(CURDIR)/debian/snapd/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you go with one makefile you could just roll that into the existing make install on data.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can do a single makefile but this would make it a bit harder for people to skip the installation of the upstart files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some comments, good luck! :-)
cmd/snapd/main.go
Outdated
if err := run(); err != nil { | ||
|
||
parser := flags.NewParser(&opts, flags.HelpFlag|flags.PassDoubleDash|flags.PassAfterNonOption) | ||
_, err := parser.ParseArgs(os.Args[1:]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can combine this into one line:
if _, err := parser.ParseArgs(os.Args[1:]); err != nil {
...
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can combine that. The code was exactly this way before.
cmd/snapd/main.go
Outdated
if opts.User { | ||
d, err = user.NewDaemon() | ||
} else { | ||
httputil.SetUserAgentFromVersion(cmd.Version) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we call SetUserAgentFromVersion
unconditionally? I suspect we can and it would not hurt in any way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was done this way before so I guess it's ok.
daemon/user/daemon.go
Outdated
import ( | ||
"bytes" | ||
|
||
"github.com/godbus/dbus" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good luck a packaging that everywhere ^_^
Quick question: how many dependencies does godbus itself pull in?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I only had to add godbus itself to our vendoring setup, no more. And the good thing is, it is already on Fedora, the only distro where this would hurt.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about Debian?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Somebody would have to submit a package but our story for debian is basically that we rely on re-execution to work. For unstable and next testing this would be a thing somebody has to look into but I guess that will be a natural thing once we task somebody to package a more recent snapd version for debian.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this somebody is you and me We should pick this up in anticipating of this thing landing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've talked with Michael and Steve in the past and they weren't much interested as re-execution is supposed to handle this and we can't really update snapd in stable or testing. So unstable is our only possible landing bed. You're a debian developer? If you're I would prefer you do this as I am not one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a DM, in either case we must package this for Sid.
daemon/user/daemon.go
Outdated
"fmt" | ||
|
||
"github.com/godbus/dbus/introspect" | ||
tomb "gopkg.in/tomb.v2" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you can skip tomb
as it will be imported like that anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will try.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
daemon/user/daemon.go
Outdated
) | ||
|
||
const ( | ||
busName = "com.canonical.SafeLauncher" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: I know this is what we currently implement but I'd like us to listen on both io.snapcraft.SomethingNice
and com.canonical.SafeLauncher
(the second one can be deprecated later)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would not like to open another gate here with the upcoming xdg portal working which will introduce a very similar API. Lets keep it to what it is today and then refine / rework in a follow up PR.
data/upstart/Makefile
Outdated
# You should have received a copy of the GNU General Public License | ||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
|
||
LIBEXECDIR := /usr/lib |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My point is that :=
is stronger than ?=
data/upstart/Makefile
Outdated
UPSTART_SERVICES := $(patsubst %.conf.in,%.conf,$(wildcard *.conf.in)) | ||
|
||
%.conf: %.conf.in | ||
cat $< | \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick, this fits on one line nicely:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
data/upstart/Makefile
Outdated
|
||
%.conf: %.conf.in | ||
cat $< | \ | ||
sed s:@libexecdir@:${LIBEXECDIR}:g | \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use single quote around this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will do
data/systemd/snapd-user.service.in
Outdated
@@ -0,0 +1,10 @@ | |||
[Unit] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I bet I'm missing something but isn't it the case that user services have this funky syntax including @
in the service name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They don't have to. @ basically allows to pass arguments to the systemd unit which we don't need in this case as systemd will ensure we're started as the right user and in the right scope.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aha, I see, thank you!
@@ -112,3 +112,12 @@ Section: oldlibs | |||
Pre-Depends: dpkg (>= 1.15.7.2) | |||
Description: Transitional package for snapd | |||
This is a transitional dummy package. It can safely be removed. | |||
|
|||
Package: snapd-xdg-open |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CC @mvo5 - I think we just want to have this in the main snapd package and have snapd-xdg-open as an empty transitional package.
I also created the companion PR for the core side: canonical/core#54 |
@@ -0,0 +1,3 @@ | |||
[D-BUS Service] | |||
Name=io.snapcraft.Launcher | |||
Exec=@bindir@/snap userd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feels like libexecdir thing to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the regular snap
binary that provides the userd subcommand. So we need bindir here unless I miss something.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is correct, though I expected this to be implemented in a libexecdir command, as users shouldn't usually do things here. Not a biggie, though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey
Thank you for picking this up mvo. Two nitpicks, one about libexecdir vs bindir (no manual page for us to write) and one more about ping. I really really want to use the ping method because it's the right thing to do in this context.
tests/main/snap-userd/task.yaml
Outdated
--type=method_call \ | ||
--print-reply \ | ||
/io/snapcraft/Launcher \ | ||
io.snapcraft.Launcher.OpenURL string:"ping-ping-ping:" \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use the regular peer ping method here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortuantely ping is not implemented by us, I can dig a bit more into this but it looks like a limiation/missing feature of the godbus library which is not very high-level.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I changed the code to use "ping" now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great, but a few comments.
@@ -0,0 +1,3 @@ | |||
[D-BUS Service] | |||
Name=io.snapcraft.Launcher | |||
Exec=@bindir@/snap userd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is correct, though I expected this to be implemented in a libexecdir command, as users shouldn't usually do things here. Not a biggie, though.
path=/io/snapcraft/Launcher | ||
interface=io.snapcraft.Launcher | ||
member=OpenURL | ||
peer=(label=unconfined), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 🎉
packaging/fedora/snapd.spec
Outdated
@@ -380,12 +380,11 @@ autoreconf --force --install --verbose | |||
popd | |||
|
|||
# Build systemd units | |||
pushd ./data/systemd | |||
make BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" \ | |||
make -C data \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please refrain from making unrelated changes to the spec. Changing from pushd
/ popd
to using make -C
is a different type of change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I just inherited this change, I can revert this back if you prefer.
packaging/fedora/snapd.spec
Outdated
@@ -441,13 +440,11 @@ rm -fv %{buildroot}%{_bindir}/ubuntu-core-launcher | |||
popd | |||
|
|||
# Install all systemd units | |||
pushd ./data/systemd | |||
%make_install SYSTEMDSYSTEMUNITDIR="%{_unitdir}" BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" | |||
%make_install -C data SYSTEMDSYSTEMUNITDIR="%{_unitdir}" BINDIR="%{_bindir}" LIBEXECDIR="%{_libexecdir}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ditto here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above.
@@ -64,8 +64,8 @@ Depends: adduser, | |||
systemd, | |||
${misc:Depends}, | |||
${shlibs:Depends} | |||
Replaces: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22) | |||
Breaks: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22) | |||
Replaces: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22), snapd-xdg-open (<< 0.0.0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is an insane number of Breaks
/Replaces
directives!
bdbf7ee
to
cf2ac03
Compare
Thank you guys for this! So, snaps that call |
@feikname correct :) |
@mvo5 I owe you a beer or something else on the next sprint for taking this over and finishing it! |
This should have been caught when canonical#3260 was being worked on. Signed-off-by: Neal Gompa <ngompa13@gmail.com>
This should have been caught when canonical#3260 was being worked on. Signed-off-by: Neal Gompa <ngompa13@gmail.com>
Hello. I have no idea how this is supposed to work internally, but apparently it doesn't for me. As far as i understood, it should work out-of-the-box after 2.28 or something.
Particular snap which causes xdg-open fork-bomb:
I have snapd-xdg-open-git^AUR package installed on host which provides 2 binaries Why is that? Should I file an issue? Thanks. |
@ratijas you should file an issue on https://forum.snapcraft.io, there you will have more visibility for your issue. It's not clear to me if this PR is the cause of your issue or not, more debugging is necessary |
In https://forum.snapcraft.io/t/integrate-snapd-xdg-open-into-snapd-repository/100 we decided to implement a
snap userd
command which replacessnapd-xdg-open
.Based on discussion from https://forum.snapcraft.io/t/integrate-snapd-xdg-open-into-snapd-repository/100