Cannot see USB devices to export channels to

[wjt]

I tried to use Kolibri's USB export feature to export a channel to a USB disk:

1. Log in as an administrator
2. Select Device → Channels
3. Select Manage for a channel
4. Select one or more content nodes
5. Select Export

Expected result: I can pick a directory or device to export to Actual result: Kolibri complains that it can't find any connected devices

Looking at the code it is reasonably clear why:

1. Kolibri parses the output of mount to find removable storage devices;
2. It then tries to import the dbus Python library, which is a binding for libdbus…
3. …and uses it to talk to UDisks2 on the system bus and find some facts about the devices it found from mount

All of these steps fail (or would fail if they were run, in the case of 2 and 3):

1. The app runs in a new filesystem namespace, so mount inside the sandbox can't see the USB devices mounted on the host system
2. import dbus fails because dbus Python binding for libdbus is not present in the Flatpak runtime or app
3. The Flatpak does not have the --system-talk-name=org.freedesktop.UDisks2 permission

You could imagine incrementally adding stuff to the Flatpak or granting it more permissions, but I don't think that's the right approach here. The "correct" approach to access stuff on the host system in a Flatpak'd app is for the app to ask a "portal", which runs outside the sandbox and prompts the user as appropriate. In this case, the appropriate API is the OpenFile call, which since a recent version supports a directory option to let the app request that the user open a directory.

This would necessarily mean the flow in Kolibri's interface would be a bit different – rather than Kolibri being able to see all available USB devices and take action, it would have to call out to kolibri-installer-gnome, which would talk to the portal, which would ask the user to pick a directory using the native file-chooser dialog. When the user picked a directory, the portal would give it to kolibri-installer-gnome, which would give it back to Kolibri. Kolibri would then go forth and export the data to that directory.

(I don't actually know what Kolibri's own UI for choosing a directory looks like.)

[wjt]

Real-time discussion informed me that the Kolibri team is already aware of needing to do something similar to this portal flow for Android.

[wjt]

@dylanmccall has discovered https://github.com/learningequality/kolibri/pull/7629.

With that change, he says that --filesystem=host --talk-name=org.freedesktop.UDisks2 is sufficient to make this work. (Did something else cause the dbus Python module to be present in the Flatpak?)

[dylanmccall]

Taking a look now, looks like the dbus module is not present, so it isn't talking to UDisks2 in that case despite the added permission :) Happily, Kolibri is okay without it and continues as usual (with a little less information available for the UI). We'll need to add dbus-python in the flatpak manifest in addition to whatever other work is needed here.