Error when launching snap on Ubuntu 18.04

[kemsar]

Unhandled Promise Rejection Error: EPERM: operation not permitted, chown '/home/kevin/snap/email-securely-app/x1/.config/email-securely-app/config.json.1511853580'

[kemsar]

[vladimiry]

This is something snap package related, looks like no one tried to run a snap build before.

Does it start working after executing this command sudo snap connect email-securely-app:password-manager-service?

[joshirio]

Prior to the error above this is shown by a message dialog by snapd:

Unhandled Promise Rejection
Error: EPERM: operation not permitted, chown '/home/user/snap/email-securely-app/x1/.config/email-securely-app/config.json.2907777585'

Does it start working after executing this command (...) ?

user@virtual-ubuntu:~/Downloads$ sudo snap connect email-securely-app:password-manager-service
Error: snap "email-securely-app" has no plug named "password-manager-service"

[vladimiry]

Looks like I need to enable password-manager-service plug in electron-builder.yml in order to make sudo snap connect email-securely-app:password-manager-service command work.

[vladimiry]

Can someone try this build?

Try first without running sudo snap connect email-securely-app:password-manager-service but just starting the app.

[joshirio]

Works but the keep me signed in feature is disabled and the console shows some messages, but at least it is usable.

user@virtual-ubuntu:~/Downloads$ email-securely-app 
Gtk-Message: Failed to load module "canberra-gtk-module"
Gtk-Message: Failed to load module "canberra-gtk-module"
(node:7292) ExperimentalWarning: The fs.promises API is experimental
** Message: Remote error from secret service: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.81" (uid=1000 pid=7292 comm="/snap/email-securely-app/x1/email-securely-app " label="snap.email-securely-app.email-securely-app (enforce)") interface="org.freedesktop.Secret.Service" member="OpenSession" error name="(unset)" requested_reply="0" destination=":1.20" (uid=1000 pid=1115 comm="/usr/bin/gnome-keyring-daemon --daemonize --login " label="unconfined")

Connecting the correct plug makes the keyring work with "keep me signed in" feature:

user@virtual-ubuntu:~/Downloads$ sudo snap connect email-securely-app:password-manager-service
user@virtual-ubuntu:~/Downloads$ email-securely-app 
Gtk-Message: Failed to load module "canberra-gtk-module"
Gtk-Message: Failed to load module "canberra-gtk-module"
(node:17797) ExperimentalWarning: The fs.promises API is experimental

Great work! I'd like to suggest to upload the snap package to the snap store once 2.3.2 is released and then in the description you could just describe the needed command for users wishing to use that feature: sudo snap connect email-securely-app:password-manager-service

EDIT: I think it is also possible to request canonical to do the auto connection once the app is vetted, AFAIK a request must be done over the snapd forum.

If you don't have interest or time I could maintain it as an unofficial package (like I do with the AUR). Let me know. Thanks.

[vladimiry]

in the description you could just describe the needed command for users wishing to use that feature: sudo snap connect email-securely-app:password-manager-service

What was in the log file without executing sudo snap connect email-securely-app:password-manager-service?

I'm considering showing the custom information message right in the app. But I need to be able to detect that the app got Error: snap "email-securely-app" has no plug named "password-manager-service" error conducting testing the system for keytar support. The error received during testing is logged. Though error may be different since password-manager-service plug is now enabled.

EDIT: I think it is also possible to request canonical to do the auto connection once the app is vetted, AFAIK a request must be done over the snapd forum.

So far I tend to show a message to a user describing why the feature is disabled and how to enable it. So a user will make own choice. But going this way requires the ability to distinguish the exact snap related error (see the previous point).

If you don't have interest or time I could maintain it as an unofficial package (like I do with the AUR).

That would be great. I'm not planning to do so on my own in the near future.

[vladimiry]

If there is such error in the log then that also should be enough for showing custom information message for snap builds as the app can use gnome-keyring-daemon as a keyword.

** Message: Remote error from secret service: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.81" (uid=1000 pid=7292 comm="/snap/email-securely-app/x1/email-securely-app " label="snap.email-securely-app.email-securely-app (enforce)") interface="org.freedesktop.Secret.Service" member="OpenSession" error name="(unset)" requested_reply="0" destination=":1.20" (uid=1000 pid=1115 comm="/usr/bin/gnome-keyring-daemon --daemonize --login " label="unconfined")

[joshirio]

This is all what's in the log file:

[2019-02-11 11:14:10.185] [error] "keytar" module is unsupported by the system Error: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.78" (uid=1000 pid=6812 comm="/snap/email-securely-app/x1/email-securely-app " label="snap.email-securely-app.email-securely-app (enforce)") interface="org.freedesktop.Secret.Service" member="OpenSession" error name="(unset)" requested_reply="0" destination=":1.20" (uid=1000 pid=1115 comm="/usr/bin/gnome-keyring-daemon --daemonize --login " label="unconfined")

[vladimiry]

That should be enough, thanks. Going to use test like the following:

const message = String(error.message).toLowerCase();
const showSnapPasswordManagerServiceHint = (
    message.includes(`email-securely-app`)
    &&
    message.includes(`snap`)
    && (
        message.includes("org.freedesktop.secret.service")
        ||
        message.includes("gnome-keyring")
    )
);

[vladimiry]

I added the password-manager-service enabling hint message.

There should be the "Keep me signed in" feature is unsupported by the system, toggle details. message shown under the password input on the master password login form. Clicking toggle details link should uncollapse such messages:

• See log file in settings folder for details, where settings folder is clickable.
• Try executing sudo snap connect email-securely-app:password-manager-service and restart the app.

Does it work as described?

Build link is the same.

[joshirio]

Yes it works

[vladimiry]

This is how it looks if someone is interested, suggestions about improving the text of the message or its position are welcomed (checkbox is disabed). I'm going to release this build by the end of the week.

@kevinsarsen would be geat if you confirm this build works for you.

[joshirio]

The snap doesn't run under wayland. The solution requires to disable wayland by setting the DISABLE_WAYLAND environment variable. This is required to use XWayland. Most electron apps do this by adding the following to the snap yaml file:

(...)
apps:
  myapp:
    command: desktop-launch myapp
    desktop: usr/share/applications/myapp.desktop
    environment:
      DISABLE_WAYLAND: 1 # disable wayland (not ready yet)
(...)

I'm not exactly sure how this can be added to the electron-builder.yml snap section, there's a documentation entry about the environment setting, maybe something like this?

snap:
  confinement: "strict"
  stagePackages:
    - default
  plugs:
    - default
    - password-manager-service
  environment:
    DISABLE_WAYLAND: 1

Anyway, a temporary workaround is to run email-securely-app like this from the terminal: DISABLE_WAYLAND=1 email-securely-app

I guess, once electron supports wayland natively this won't be an issue anymore.

Just as reference, interesting also, this is from the generated desktop-launch script by electron/snap:

# If detect wayland server socket, then set environment so applications prefer
# wayland, and setup compat symlink (until we use user mounts. Remember,
# XDG_RUNTIME_DIR is /run/user/<uid>/snap.$SNAP so look in the parent directory
# for the socket. For details:
# https://forum.snapcraft.io/t/wayland-dconf-and-xdg-runtime-dir/186/10
# Applications that don't support wayland natively may define DISABLE_WAYLAND
# (to any non-empty value) to skip that logic entirely.
wayland_available=false
if [[ -n "$XDG_RUNTIME_DIR" && -z "$DISABLE_WAYLAND" ]]; then
    wdisplay="wayland-0"
    if [ -n "$WAYLAND_DISPLAY" ]; then
        wdisplay="$WAYLAND_DISPLAY"
    fi
    wayland_sockpath="$XDG_RUNTIME_DIR/../$wdisplay"
    wayland_snappath="$XDG_RUNTIME_DIR/$wdisplay"
    if [ -S "$wayland_sockpath" ]; then
        # if running under wayland, use it
        #export WAYLAND_DEBUG=1
        wayland_available=true
        # create the compat symlink for now
        if [ ! -e "$wayland_snappath" ]; then
            ln -s "$wayland_sockpath" "$wayland_snappath"
        fi
    fi
fi

[vladimiry]

@joshirio thanks for this info, I just have updated the build here with DISABLE_WAYLAND: 1 env variable added for snap package, can you try it?

[joshirio]

Yes it is working properly! Thanks for the quick fix.

[vladimiry]

Going to release 2.3.2 today as Snap package seems to work well.

[vladimiry]

v2.3.2 has been released.

[joshirio]

Available now on the snap store:

@vladimiry I added your email to the collaborators in case you want to take over, edit the listing or view usage metrics (quite interesting).