mborzecki | morning | 06:07 |
---|---|---|
pstolowski | morning | 07:07 |
mup | PR snapd#11765 opened: deps: bump libseccomp to include build fixes, run unit tests using CC=clang <Simple 😃> <Needs security review> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11765> | 08:16 |
mup | PR snapd#11766 opened: wrappers: refactor EnsureSnapServices <Created by Meulengracht> <https://github.com/snapcore/snapd/pull/11766> | 08:36 |
mup | PR snapd#11767 opened: osutil/disks: partition UUID lookup <Simple 😃> <factory reset 🔌> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11767> | 10:02 |
mup | PR snapd#11768 opened: o/snapshotstate: add ~/Snap to snapshots <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/11768> | 11:02 |
mup | PR snapd#11761 closed: image/preseed: umount the base snap last after writable paths <Preseeding 🍞> <Created by stolowski> <Closed by stolowski> <https://github.com/snapcore/snapd/pull/11761> | 15:08 |
mup | PR snapd#11761 opened: image/preseed: umount the base snap last after writable paths <Preseeding 🍞> <Created by stolowski> <https://github.com/snapcore/snapd/pull/11761> | 15:23 |
mup | PR snapd#11761 closed: image/preseed: umount the base snap last after writable paths <Preseeding 🍞> <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/11761> | 19:29 |
MrConorAE | hi snapcrafters! i'd like to modify the firefox snap apparmor profile to allow it to access USB security keys | 22:24 |
MrConorAE | i've found a set of modifications that seem to work, at https://askubuntu.com/questions/1175950/apparmor-enforce-mode-prevents-firefox-from-reading-u2f-security-key | 22:25 |
MrConorAE | and i can make the changes manually, but every time the snap refreshes it overwrites my changes | 22:25 |
MrConorAE | is there a) any chance of getting these changes merged into the actual snap itself and b) a way to keep these changes between refreshes? | 22:25 |
ogra | MrConorAE, if you have an USB key that is not working, you shuld rater get it added to the u2f interface https://forum.snapcraft.io/t/the-u2f-devices-interface/9722 ... | 23:04 |
ogra | MrConorAE, i.e. it should likely be added to the list at https://github.com/snapcore/snapd/blob/master/interfaces/builtin/u2f_devices.go#L44 | 23:04 |
MrConorAE | just to clarify: this is a new interface that I would connect Firefox to (with snap connect)? | 23:05 |
ogra | it is an old interface that firefox auto-connects already ... but unknown keys will be ignored | 23:05 |
MrConorAE | hm | 23:06 |
MrConorAE | problem is that i'm using WearAuthn, an app that lets you use a WearOS watch as a security key | 23:06 |
MrConorAE | meaning that each watch model will appear differently | 23:06 |
MrConorAE | https://github.com/fmeum/WearAuthn | 23:06 |
ogra | then you should open a thread on forum.snapcraft.io in the snapd category | 23:07 |
MrConorAE | it's mentioned in their README | 23:07 |
MrConorAE | like this? https://forum.snapcraft.io/t/modify-firefox-apparmor-to-access-usb-security-keys/29915 | 23:07 |
MrConorAE | i'll modify it in a moment to add the WearAuthn bit | 23:08 |
ogra | err, no | 23:08 |
MrConorAE | ok, withdrew it | 23:09 |
ogra | pretty much the opposite 🙂 start a discussion how to get your wearOS stuff integrated properly instead of promoting a hack to work around confinement | 23:09 |
ogra | if it shows up as hidraw device there is perhaps a common udev criteria or whatnot that makes it possible to identify such devices and grant them permissions | 23:10 |
ogra | the u2f interface clearly grants all you need, but wants a way to check the device is known | 23:11 |
ogra | that should likely get etended | 23:11 |
ogra | *extended | 23:11 |
MrConorAE | ah ok | 23:17 |
MrConorAE | i've opened an issue on WearAuthn to ask what vendor/id it uses | 23:17 |
MrConorAE | if it's one consistent one, then i can ask for that to be added to the u2f list | 23:17 |
ogra | 👍 | 23:18 |
MrConorAE | if not - e.g. it uses the id of your bluetooth adapter, or it is actually different for each watch model - then could we ask u2f to add that? or is that not gonna happen | 23:19 |
ogra | that's something you should start a discussion about on the forum 😉 | 23:19 |
MrConorAE | ok :) | 23:19 |
MrConorAE | thanks a lot for your help | 23:19 |
ogra | np | 23:20 |
MrConorAE | getting it integrated into the snap is definetly a better solution than hacking it around the confinement | 23:20 |
ogra | yep | 23:20 |
MrConorAE | quick question | 23:28 |
MrConorAE | i just checked, and it does show up as a hidraw device | 23:28 |
MrConorAE | how do i check what the id is for that? | 23:28 |
MrConorAE | it's not in lsusb | 23:29 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!