Variants and strict confinement

[janesser]

Hi, i am rather new to snaps - though long time dev biz.

In fact i wanted to install eclipse-pde. I wonder how snap/tracks could be used to have a few more eclipse-flavours available.

[merlijn-sebrechts]

Thanks for your interest! Welcome to this snapcrafters project! I would love for you to help us out with this. There are a few issues though:

• IDEs should use classic confinement, so they can access source files, compilers etc from wherever on the host system.
• The discussion on this PR explains how to go about creating multiple flavours: Create variants for Java and CDT #10

Work on that has stalled, but we're still interested in doing this. If you want to contribute, the best approach would be to create a PR that adds different snapcraft.yaml files for the different flavours in different subfolders in this repo. When that is done, I can take a look at setting up the automation to deploy it to different tracks in the store.

If you want to update the snap to core22, feel free to do so. But best to do this in a separate pull request from the one where you work on the support for multiple eclipse flavours.

If you have any questions, feel free to ask them here or contact me personally on Telegram @mesebrec. If you're interested in diving into this, I can add you to the Snapcrafters telegram channel where you can ask us questions and see what we're working on!

[janesser]

Thanks for your interest! Welcome to this snapcrafters project! I would love for you to help us out with this. There are a few issues though:

• IDEs should use classic confinement, so they can access source files, compilers etc from wherever on the host system.
• The discussion on this PR explains how to go about creating multiple flavours: Create variants for Java and CDT #10

Work on that has stalled, but we're still interested in doing this. If you want to contribute, the best approach would be to create a PR that adds different snapcraft.yaml files for the different flavours in different subfolders in this repo. When that is done, I can take a look at setting up the automation to deploy it to different tracks in the store.

If you want to update the snap to core22, feel free to do so. But best to do this in a separate pull request from the one where you work on the support for multiple eclipse flavours.

If you have any questions, feel free to ask them here or contact me personally on Telegram @mesebrec. If you're interested in diving into this, I can add you to the Snapcrafters telegram channel where you can ask us questions and see what we're working on!

I've been checking the snaps of the few IDEs i know, and indeed all are classic-confined. Not sure, if we gonna see the shift towards secure software development lifecycle one day. Myself having been attacked once on the IDE, you might remember the eclipse decompiler plugin attack in 2017, i have a biased view on that. For the time being i would revert to classic confinement as that PR reaches maturity.

There is a proposal for building any eclipse package you like, which is strongly based on yq-processing. If that has your liking i would pursue and embed this in .travis.yml.

What i couldn't yet figure out, is where to find the controls for uploading to the corresponding channels. Somewhere along the snap-building there should be an env-variable leading the way i guess.

Looking forward to share further thoughts with you soon.

[merlijn-sebrechts]

I also want to add that we don't use travis anymore. All CI is now done using GitHub actions and the snapcraft.io build farm.

[janesser]

I ship latest commit with grade: stable again.
eclipse-java is working okay with HelloWorld.java samples from git.

There is an implication along core22 and gnome which i met when attempting to revert to classic confinement, gnome-extension requires strict confinement.

Took ages to figure out why any outgoing call from eclipse to the jre was blocked (error 13 permission denied), you see the resulting chmod, according to journalctl -u snapd which made it working again.

Moving over to eclipse-pde brought a few complications, like snap-revision in absolute path to target-platform configuration, would be annoying whenever refreshing the snap.

There are some minor concerns about sharing .m2 and .gitconfig into the snap, and opposite way how have a sourcecode from outside snap. Last but not least, the gtk theme looks really bad (having xfce locally) - i will be looking for a better one.

@merlijn-sebrechts about git actions, i hope you get the required pointers from ./try-build.sh

[merlijn-sebrechts]

Unfortunately, we can't create IDEs that have strict confinement.

Since IDE's need to access files anywhere on the system, and integrate with build tools installed on the host system, they should only run in classic confinement. Although compiling simple examples should work, more thorough examples will cause issues.

This means you won't be able to use the gnome extension, unfortunately.