Snapping applications that uses keyring

Kyle Fazzari kyle.fazzari at canonical.com
Thu Dec 22 22:30:37 UTC 2016


On 12/22/2016 02:13 PM, Sergio Schvezov wrote:
> 
> 
> El 21 dic. 2016 3:16 PM, "Kyle Fazzari" <kyle.fazzari at canonical.com
> <mailto:kyle.fazzari at canonical.com>> escribió:
> 
>     Hey all.
> 
>     Has anyone tried to snap an application that uses a keyring to store
>     passwords? I took a crack at the Nextcloud desktop client yesterday, and
>     as it stands right now I need to enter my Nextcloud password every time
>     I start it up as it has nowhere to save it.
> 
>     I know relatively little about the gnome-keyring-daemon, but I assume it
>     encrypts its keyring typically with the login password, and is unlocked
>     by pam as a side effect of logging in. Do we have an interface covering
>     access to the default keyring? Or do we need to embed
>     gnome-keyring-daemon inside our snaps?
> 
> 
> 
> Not answering your question and instead making you go a different path,
> this app feels like a classic confinement candidate. 

Perhaps, but there are a few issues with that:

- Xenial is still on snapd 2.17.1, so no classic confinement for the
majority of my target users.
- Classic confinement is a big hammer, and in some cases, nothing else
will do. However, in the cases where you can take a more fine-grained
approach to confinement, why wouldn't you? This application works
perfectly fine under strict confinement other than two issues:

- The aforementioned keyring
- The broken tray icon that we've seen a few times

Honestly that latter issue might be the one to convince me to use
classic confinement before the former :P .

I guess what I'm saying is that I still think it's important to strive
for strict confinement, even with classic available. In some cases it
won't be possible (shells, vim, etc.) but in this case, I'd like to
think it is.

-- 
Kyle Fazzari (kyrofa)
Software Engineer
Canonical Ltd.
kyle at canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20161222/73370e05/attachment.sig>


More information about the Snapcraft mailing list