Re: KAuth helper in flatpak - was - Re: Smb4K flatpak build fails due to KAuth helper
On Mon, Jun 3, 2019 at 2:13 AM Stefan Brüns wrote: > SMB4K is a quite lowlevel system tool. There are tools which are too lowlevel > to package as flatpak/snap/appimage/whatever in a useful way That is not true. Certainly not for appimage and snap anyway, both offer operation without/limited sandboxing. HS
Re: KAuth helper in flatpak - was - Re: Smb4K flatpak build fails due to KAuth helper
On Sonntag, 2. Juni 2019 20:02:50 CEST Nate Graham wrote: > On 6/2/19 4:37 AM, Albert Astals Cid wrote: > > El divendres, 31 de maig de 2019, a les 13:05:04 CEST, Alexander Reinholdt va escriure: > >> Has anyone on this list successfully packaged a program with a KAuth > >> helper > >> included? Or is it impossible to install a KAuth helper into a flatpak? > >> Help is much appreciated. > > > > I think that's the main question, does a KAuth helper make sense in a > > flatpak app? > > > > Given that flatpak apps are [supposed to be] sandboxed, personally I don't > > think it makes sense for them to let you have elevated permissions. > Hmm, that seems like it would be quite a restriction on what a Flatpak > app could accomplish. There must be a secure way to do this. > > Nate This is not a restriction, but a design principle. The sandbox defines what is allowed, not the program inside the sandbox. Whenever extra privileges are required, these are defined and provided by the sandbox. For flatpak, the portals provide access to things limited by default. I am not sure what SMB4K need root privileges for, but I assume it requires it for mounting CIFS shares. If you try to specify this, you will end up with something like "allow to mount an arbitrary filesystem". I don't think this can or should be provided by a portal. SMB4K is a quite lowlevel system tool. There are tools which are too lowlevel to package as flatpak/snap/appimage/whatever in a useful way, and SMB4K is one of these. If you want this to be done in a secure way, large parts of the SMB4K core would end up in the runtime, and SMB4K would be stripped down to the GUI only. But then, providing SMB4K as a Flatpak would hardly have any benefit over a regular package (if at all). Kind regards, Stefan -- Stefan Brüns / Bergstraße 21 / 52062 Aachen home: +49 241 53809034 mobile: +49 151 50412019 signature.asc Description: This is a digitally signed message part.
Re: KAuth helper in flatpak - was - Re: Smb4K flatpak build fails due to KAuth helper
On 6/2/19 4:37 AM, Albert Astals Cid wrote: El divendres, 31 de maig de 2019, a les 13:05:04 CEST, Alexander Reinholdt va escriure: Has anyone on this list successfully packaged a program with a KAuth helper included? Or is it impossible to install a KAuth helper into a flatpak? Help is much appreciated. I think that's the main question, does a KAuth helper make sense in a flatpak app? Given that flatpak apps are [supposed to be] sandboxed, personally I don't think it makes sense for them to let you have elevated permissions. Hmm, that seems like it would be quite a restriction on what a Flatpak app could accomplish. There must be a secure way to do this. Nate
KAuth helper in flatpak - was - Re: Smb4K flatpak build fails due to KAuth helper
El divendres, 31 de maig de 2019, a les 13:05:04 CEST, Alexander Reinholdt va escriure: > Has anyone on this list successfully packaged a program with a KAuth helper > included? Or is it impossible to install a KAuth helper into a flatpak? Help > is much appreciated. I think that's the main question, does a KAuth helper make sense in a flatpak app? Given that flatpak apps are [supposed to be] sandboxed, personally I don't think it makes sense for them to let you have elevated permissions. Elevated permissions to what if you're in a sandbox and can't see anything anyway? But I have to say my knowledge of flatpak is not very deep. Aleix? Jan? Do the flatpak people have a list where it make sense asking/discussing this? Cheers, Albert
Smb4K flatpak build fails due to KAuth helper
Hello everyone, I am currently trying to produce a flatpak for Smb4K. However, the build process always fails when the KAuth helper binary is to be installed into the flatpak folder. The following error message is displayed: [...] CMake Error at helpers/cmake_install.cmake:55 (file): file INSTALL cannot copy file "/run/build/smb4k/helpers/mounthelper" to "/usr/lib/x86_64-linux-gnu/libexec/kauth/mounthelper". Call Stack (most recent call first): cmake_install.cmake:110 (include) make: *** [Makefile:74: install] Error 1 Error: module smb4k: Der Kindprozess wurde mit Status 2 beendet So, it seems that when the KAuth helper is installed, the installation prefix is ignored. org.kde.Platform//5.12 and org.kde.Sdk//5.12 from flathub are installed and the build command looks like this (It's basically the one given on community.kde.org): $ flatpak-builder --ccache --repo=repo --subject="Build of Smb4K 2.9.90" app org.kde.smb4k.json I also attached the (still incomplete) JSON file that is used for the build process, so that it can be reviewed if is misconfigured something. Has anyone on this list successfully packaged a program with a KAuth helper included? Or is it impossible to install a KAuth helper into a flatpak? Help is much appreciated. Thank you very much and kind regards, Alexander org.kde.smb4k.json Description: application/json
