=== ChanServ changed the topic of #ubuntu-security to: Twitter: @ubuntu_sec || https://usn.ubuntu.com || https://wiki.ubuntu.com/SecurityTeam || https://wiki.ubuntu.com/Security/Features || Community: leosilva
[13:50] <hallyn> argh!   You know how two weeks ago or so I downgraded on jammy from firefox snap to deb bc the snap broke ability to use textern, bc of snap's/apparmor's refusal to run things from the host?
[13:50] <hallyn> now apt-get upgrade is telling me it's going to forcibly upgrade mt to the snap
[13:51] <hallyn> it says they recomend i close all windows, but does not give me an 'abort' option
[13:51] <hallyn> I'm working here!  What did I buy a mac by mistake?
[13:52]  * hallyn goes to take a peek at void linux
[18:00] <jdstrand> hallyn: :\ note, afair, this is actually mozilla's doing (they've been pushing for the snap by default). I wonder about what installing from https://www.mozilla.org/en-US/firefox/linux/ is like? it has you download a tarball...
[18:02] <jdstrand> hallyn: (not that 'fault' helps you get your work done :( )
[19:05] <hallyn> jdstrand: yeah doesn't help me but good to know :)  thank you.
[19:05] <hallyn> i do suspect i can install a gvim snap or something (or make my own) and 'connect' firefox snap to it, and then ff will be able to shell out to gvim fo rediting fields.  which is what i want.
[19:14] <jdstrand> that is possible in theory. the snaps would need to coordinate. it might be worth discussing in the forum before you spend much time on it
[19:26] <jjohansen1> hallyn: I hit the same pos snap problem. Forcabily killed the window instead of saying okay, unfortunately broke apt/deb so no more updates until I fix it and I haven't bothered
[19:27] <jjohansen1> jdstrand: I know the push has come some from mozilla, but it is not ready and breaks people
[19:27] <jjohansen1> snap updates in the background and every time the snap firefox updates it breaks
[19:27] <jjohansen1> ...
[19:27] <jjohansen1> its an absolute mess
[19:28] <jjohansen1> all I can say for it, is that at least the chromium snap is just as bad about breaking ...
[19:39] <ahasenack> I wonder if firefox snap will work with my smart card reader, which I use to login to government sites...
[19:45] <hallyn> how is the smart card reader connected?  Doe sit use a daemon (like gnupg or yubioauth?)?
[19:46] <sarnold> ahasenack: ogra might have something for that https://forum.snapcraft.io/t/cant-make-firefox-snap-work-with-smart-card-reader/19244
[19:46] <ahasenack> hallyn: usb reader, with all that smart card middleware stack
[19:47] <ahasenack> pcscd daemon
[19:47] <ahasenack> also a proprietary lib for the actual card that I've been copying to /usr/lib since bionic
[19:47] <ahasenack> or even earlier
[19:51] <ahasenack> I have that setup for chrome too
[19:51] <hallyn> chrome snap?
[19:52] <ahasenack> no, chrome. I did something in the nss lib
[19:52] <ahasenack> I thought chromium would read that too, maybe it does, but chromium snap isn't
[19:53] <ahasenack> ah, ~/.pki/nssdb/pkcs11.txt
[19:54] <ahasenack> I have this in there, after the default "internal pkcs11 module"
[19:54] <ahasenack> library=/usr/lib/x86_64-linux-gnu/libaetpkss.so.3
[19:54] <ahasenack> name=safesign
[19:54] <ahasenack> that's the proprietary lib
[19:55] <ahasenack> the same one I load in firefox
[19:55] <ahasenack> but there with a gui in firefox itself
[20:03] <ahasenack> yeah, certutil(1) can read the details of the smartcard, that's from libnss3-tools
[21:09] <hallyn> jjohansen1: so you're just not upgrading, and using the ff deb?  or do you have another browser you're using?
[21:09] <hallyn> (i've got some tabs i have to have available for the next two days for moving/rent reasons, so i'm going to not mess with it until after that)
[21:12] <jjohansen1> hallyn: atm, I just haven't had time to fix it, so I am stuck with a machine I can't update at all
[21:13] <jjohansen1> I haven't figured out if I am going with the ff deb, or another browser solution. I know the chromium snap does not work for me
[21:15] <jjohansen1> hallyn: is it just the apparmor profile that is the problem, or other breakage around snap updates etc that is the main problem?
[21:16] <sarnold> I keep hoping someone pops up with a shell script to wget the latest firefox binary from mozilla, unpack it, and double-plus brownie points if it also has ann apparmor profile and bwrap wrappers..
[21:17] <jjohansen1> wouldn't that be nice
[21:18] <hallyn> jjohansen1: it's not just the apparmor profile i don't think.  I use 'textern' which calls out to a script on the host which then runs the editor you choose, for me "st" "-e" "vim" "+cols[whatever]" .  st and the editor are not in the chroot the snap runs in.
[21:18] <hallyn> iiuc
[21:18] <jjohansen1> ah yeah
[21:19] <hallyn> which is why i say if i can 'link' to a gvim snap maybe it'll work well enough for me.
[21:19] <hallyn> i did not have breakages on snap updates, but then i didn't run jammy long before i downgraded from snap to deb
[21:19] <hallyn> like, a few days.
[21:20] <hallyn> if there was a concept of "here's a 10 line script which creates a virtual snap that binds in a binary from the host and lets another snap link to it", that would be cool...
[21:21] <jjohansen1> ah, yeah its a known issue, not just me, we keep getting bugs like https://bugs.launchpad.net/bugs/1962718
[21:21] <ubottu> Launchpad bug 1962718 in snapd (Ubuntu) "Firefox snap crashes on every upgrade" [High, Confirmed]
[21:21] <jjohansen1> and yeah that would be nice
[21:22] <mdeslaur> sarnold: how about a script that repackages the upstream tarball as a deb?
[21:22] <sarnold> mdeslaur: oooo, that'd be *very* fancy indeed
[21:23] <sarnold> though honestly maybe less pants than what I had in mind, hah