On 12/22/2016 02:13 PM, Sergio Schvezov wrote: > > > El 21 dic. 2016 3:16 PM, "Kyle Fazzari" <kyle.fazz...@canonical.com > <mailto:kyle.fazz...@canonical.com>> escribió: > > Hey all. > > Has anyone tried to snap an application that uses a keyring to store > passwords? I took a crack at the Nextcloud desktop client yesterday, and > as it stands right now I need to enter my Nextcloud password every time > I start it up as it has nowhere to save it. > > I know relatively little about the gnome-keyring-daemon, but I assume it > encrypts its keyring typically with the login password, and is unlocked > by pam as a side effect of logging in. Do we have an interface covering > access to the default keyring? Or do we need to embed > gnome-keyring-daemon inside our snaps? > > > > Not answering your question and instead making you go a different path, > this app feels like a classic confinement candidate.
Perhaps, but there are a few issues with that: - Xenial is still on snapd 2.17.1, so no classic confinement for the majority of my target users. - Classic confinement is a big hammer, and in some cases, nothing else will do. However, in the cases where you can take a more fine-grained approach to confinement, why wouldn't you? This application works perfectly fine under strict confinement other than two issues: - The aforementioned keyring - The broken tray icon that we've seen a few times Honestly that latter issue might be the one to convince me to use classic confinement before the former :P . I guess what I'm saying is that I still think it's important to strive for strict confinement, even with classic available. In some cases it won't be possible (shells, vim, etc.) but in this case, I'd like to think it is. -- Kyle Fazzari (kyrofa) Software Engineer Canonical Ltd. k...@canonical.com
signature.asc
Description: OpenPGP digital signature
-- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
