gopass icon indicating copy to clipboard operation
gopass copied to clipboard

Published 20 hours ago verified publisher icon gopasspw

RFC: Strictly confined snap package

Open ppd opened this issue 6 years ago • 4 comments

I want to gauge your interest in incorporating a snap build after the first attempt @ https://github.com/gopasspw/gopass/pull/16 was rejected.

I've set up WIP packaging @ https://github.com/ppd1990/gopass-snap which differs from the first attempt in the following ways:

  • confinement is strict instead of classic
  • ships gnupg, openssh and git stack. So no external dependencies and no access to the host's agents
  • top-level hidden directories in the user's $HOME cannot be accessed. This requires a bit of a compromise for commands like jsonapi configure
  • gpg keys sync is one-way. So creating a key inside the confinement is not advisable

Suitability for GUI

It can be used as a backend for graphical programs (I tried gopassbridge & QtPass) as it ships a graphical pinentry for gnupg & ssh. If that's not wanted, it's possible to drop large parts of snapcraft.yaml as well as lose 70% of the snap's compressed size.

Another approach is to ship the graphical stuff in another snap as a plugin. The user would install a second snap to enable graphical pinentries.

Finally, a snapped GUI could stage (include) this snap and additionally ship whatever pinentry etc. it deems fit (Gtk, Qt...).

ppd avatar Sep 20 '19 11:09 ppd

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Dec 19 '19 11:12 stale[bot]

I'm not opposed to adding a snap config, but couldn't make the previous PR work. If your approach works well I'd be happy to merge it.

dominikschulz avatar Dec 19 '19 12:12 dominikschulz

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Mar 18 '20 13:03 stale[bot]

Unfortunately I didn't make much progress here.

snap is a weird and poorly documented packaging format.

dominikschulz avatar Dec 21 '21 15:12 dominikschulz

I don't plan to spend time on this. snap is lacking documentation / examples for a CLI tool like gopass that is designed to interact with many parts of the filesystem. If anyone wants to contribute a snap package feel free to reopen this.

dominikschulz avatar Dec 04 '22 13:12 dominikschulz