GNOME Software

Merge ~jamesh/gnome-software:classic-snap-install into gnome-software:wip/ubuntu-master

Git
lp:~jamesh/gnome-software
classic-snap-install
Merge into wip/ubuntu-master

Proposed by James Henstridge on 2017-06-23

Status:	Needs review
Proposed branch:	~jamesh/gnome-software:classic-snap-install
Merge into:	gnome-software:wip/ubuntu-master
Diff against target:	168 lines (+75/-4) 3 files modified plugins/snap/gs-plugin-snap.c (+19/-2) src/gs-details-page.c (+14/-0) src/gs-details-page.ui (+42/-2)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
GNOME3 Team		2017-06-23	Pending
Review via email: mp+326206@code.launchpad.net

Description of the change

Add support for installing classic snaps through gnome-software.

This is using Robert Ancell's patch from bug 1690280, along with a change to the details page to display a warning for snap packages that don't have the SANDBOXED kudo (which is currently granted to any snap using strict confinement).

There are a few open questions:

1. Is this where the warning should sit?
2. What exact text should it contain?

As far as warnings to users go, I would tend to think a strict confined snap that connects to the home interface to be similarly dangerous to a classic snap. It doesn't look like we can detect that case from the metadata returned by "find" requests though.

Revision history for this message

Robert Ancell (robert-ancell) wrote on 2017-06-26:

This should be proposed upstream. I notice I didn't open an upstream bug - can you do that?

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

GNOME3 Team

James Henstridge

 diff --git a/plugins/snap/gs-plugin-snap.c b/plugins/snap/gs-plugin-snap.c
 index b268a13..c5d9124 100644
 --- a/plugins/snap/gs-plugin-snap.c
 +++ b/plugins/snap/gs-plugin-snap.c
@@ -24,6 +24,12 @@
  #include <snapd-glib/snapd-glib.h>
  #include <gnome-software.h>
++/* FIXME: <snapd-glib/snapd-glib.h> doesn't include
++ * snapd-enum-types.h, and it checks that this macro is defined */
++#define __SNAPD_GLIB_INSIDE__
++#include <snapd-glib/snapd-enum-types.h>
++#undef __SNAPD_GLIB_INSIDE__
++
  struct GsPluginData {
  	GsAuth		*auth;
  	GHashTable	*store_snaps;
@@ -175,6 +181,8 @@ static GsApp *
  snap_to_app (GsPlugin *plugin, SnapdSnap *snap)
+ {
  	GsApp *app;
++	SnapdConfinement confinement;
++	GEnumClass *enum_class;
  	/* create a unique ID for deduplication, TODO: branch? */
  	app = gs_app_new (snapd_snap_get_name (snap));
@@ -186,7 +194,13 @@ snap_to_app (GsPlugin *plugin, SnapdSnap *snap)
  	gs_app_set_name (app, GS_APP_QUALITY_HIGHEST, snapd_snap_get_name (snap));
  	if (gs_plugin_check_distro_id (plugin, "ubuntu"))
  		gs_app_add_quirk (app, AS_APP_QUIRK_PROVENANCE);
--	if (snapd_snap_get_confinement (snap) == SNAPD_CONFINEMENT_STRICT)
++
++	confinement = snapd_snap_get_confinement (snap);
++	enum_class = g_type_class_ref (SNAPD_TYPE_CONFINEMENT);
++	gs_app_set_metadata (app, "snap::confinement", g_enum_get_value (enum_class, confinement)->value_nick);
++	g_type_class_unref (enum_class);
++
++	if (confinement == SNAPD_CONFINEMENT_STRICT)
  		gs_app_add_kudo (app, GS_APP_KUDO_SANDBOXED);
  	return app;
@@ -541,6 +555,7 @@ gs_plugin_app_install (GsPlugin *plugin,
  		       GError **error)
+ {
  	g_autoptr(SnapdClient) client = NULL;
++	SnapdInstallFlags flags = SNAPD_INSTALL_FLAGS_NONE;
  	/* We can only install apps we know of */
  	if (g_strcmp0 (gs_app_get_management_plugin (app), "snap") != 0)
@@ -550,7 +565,9 @@ gs_plugin_app_install (GsPlugin *plugin,
  	client = get_client (plugin, cancellable, error);
  	if (client == NULL)
  		return FALSE;
--	if (!snapd_client_install_sync (client, gs_app_get_id (app), NULL, progress_cb, app, cancellable, error)) {
++	if (g_strcmp0 (gs_app_get_metadata_item (app, "snap::confinement"), "classic") == 0)
++		flags |= SNAPD_INSTALL_FLAGS_CLASSIC;
++	if (!snapd_client_install2_sync (client, flags, gs_app_get_id (app), NULL, NULL, progress_cb, app, cancellable, error)) {
  		gs_app_set_state_recover (app);
  		return FALSE;
+ 	}
 diff --git a/src/gs-details-page.c b/src/gs-details-page.c
 index d93c6b5..9a3d760 100644
 --- a/src/gs-details-page.c
 +++ b/src/gs-details-page.c
@@ -142,6 +142,7 @@ struct _GsDetailsPage
  	GtkWidget		*label_content_rating_none;
  	GtkWidget		*button_details_rating_value;
  	GtkWidget		*label_details_rating_title;
++	GtkWidget               *box_not_sandboxed_warning;
  };
  G_DEFINE_TYPE (GsDetailsPage, gs_details_page, GS_TYPE_PAGE)
@@ -964,6 +965,18 @@ gs_details_page_refresh_all (GsDetailsPage *self)
  		break;
+ 	}
++	/* Display a warning about non-sandboxed apps that may come
++	 * from third party sources.  Currently only checking snaps. */
++	ret = FALSE;
++	switch (gs_app_get_bundle_kind (self->app)) {
++	case AS_BUNDLE_KIND_SNAP:
++		ret |= (kudos & GS_APP_KUDO_SANDBOXED) == 0;
++		break;
++	default:
++		break;
++	}
++	gtk_widget_set_visible (self->box_not_sandboxed_warning, ret);
++
  	/* are we trying to replace something in the baseos */
  	gtk_widget_set_visible (self->infobar_details_package_baseos,
  				gs_app_has_quirk (self->app, AS_APP_QUIRK_COMPULSORY) &&
@@ -2351,6 +2364,7 @@ gs_details_page_class_init (GsDetailsPageClass *klass)
  	gtk_widget_class_bind_template_child (widget_class, GsDetailsPage, label_content_rating_none);
  	gtk_widget_class_bind_template_child (widget_class, GsDetailsPage, button_details_rating_value);
  	gtk_widget_class_bind_template_child (widget_class, GsDetailsPage, label_details_rating_title);
++	gtk_widget_class_bind_template_child (widget_class, GsDetailsPage, box_not_sandboxed_warning);
+ }
  static void
 diff --git a/src/gs-details-page.ui b/src/gs-details-page.ui
 index f1f1bd4..7d8cec5 100644
 --- a/src/gs-details-page.ui
 +++ b/src/gs-details-page.ui
@@ -601,6 +601,46 @@
                            </packing>
                          </child>
                          <child>
++                          <object class="GtkBox" id="box_not_sandboxed_warning">
++                            <property name="visible">False</property>
++                            <property name="can_focus">False</property>
++                            <property name="spacing">30</property>
++                            <child>
++                              <object class="GtkImage" id="image_not_sandboxed_image_icon">
++                                <property name="visible">True</property>
++                                <property name="can_focus">False</property>
++                                <property name="pixel_size">16</property>
++                                <property name="icon_name">dialog-warning</property>
++                                <property name="icon_size">6</property>
++                              </object>
++                              <packing>
++                                <property name="expand">False</property>
++                                <property name="fill">True</property>
++                                <property name="position">0</property>
++                              </packing>
++                            </child>
++                            <child>
++                              <object class="GtkLabel" id="label_not_sandboxed_warning">
++                                <property name="visible">True</property>
++                                <property name="can_focus">False</property>
++                                <property name="label" translatable="yes">This third party package is not sandboxed.  It will have access to your documents.</property>
++                                <property name="xalign">0</property>
++                                <property name="yalign">0.5</property>
++                              </object>
++                              <packing>
++                                <property name="expand">True</property>
++                                <property name="fill">True</property>
++                                <property name="position">1</property>
++                              </packing>
++                            </child>
++                          </object>
++                          <packing>
++                            <property name="expand">True</property>
++                            <property name="fill">True</property>
++                            <property name="position">12</property>
++                          </packing>
++                        </child>
++                        <child>
                            <object class="GtkBox" id="box_details_details">
                              <property name="visible">True</property>
                              <property name="can_focus">False</property>
@@ -1135,7 +1175,7 @@
                            <packing>
                              <property name="expand">False</property>
                              <property name="fill">True</property>
--                            <property name="position">12</property>
++                            <property name="position">13</property>
                            </packing>
                          </child>
                          <child>
@@ -1198,7 +1238,7 @@
                            <packing>
                              <property name="expand">False</property>
                              <property name="fill">True</property>
--                            <property name="position">13</property>
++                            <property name="position">15</property>
                            </packing>
                          </child>
                          <child>

GNOME Software

Merge ~jamesh/gnome-software:classic-snap-install into gnome-software:wip/ubuntu-master

Commit message

Description of the change

Preview Diff

Subscribers