| *** zbenjamin is now known as Guest66669 | 02:03 | |
| *** zbenjamin_ is now known as zbenjamin | 02:03 | |
| *** frinring_ is now known as frinring | 08:58 | |
| RubenDeSmet[m] | Has anyone already tried making a third-party app to use/enter/configure the Firejail? | 17:12 |
|---|---|---|
| RubenDeSmet[m] | Actually this looks quite well documented https://github.com/sailfishos/sailjail | 17:15 |
| mighty17 | Any idea about Android apps in community ports (sorry if this has been asked many times) | 17:20 |
| attah | RubenDeSmet[m]: I set up the required voodoo for SeaPrint... seems to have worked | 17:34 |
| attah | so well in fact i got it right the first time, so now i start to question it a bit :P | 17:34 |
| RubenDeSmet[m] | Cool! Do you still try to support SailfishOS 3.4 while you do this? | 17:35 |
| RubenDeSmet[m] | lol | 17:35 |
| attah | I don't think that is orthogonal at all... it will just run unjailed there | 17:35 |
| RubenDeSmet[m] | Not even because of the `/usr/bin/sailjail` call in .desktop? | 17:35 |
| RubenDeSmet[m] | `Exec=harbour-seaprint` Ah interesting | 17:36 |
| attah | hmm so maybe i did fail... it shows correctly in settings | 17:36 |
| RubenDeSmet[m] | It probably show the permissions, but did you ever have to accept them? | 17:36 |
| attah | yeah, i probably derped | 17:36 |
| abranson | btw, sailjail is a long way from third-party app support. it will probably change a lot on the way there. | 17:36 |
| RubenDeSmet[m] | Can imagine, abranson. | 17:37 |
| attah | guess i'll have to throw it away for the time being then | 17:37 |
| abranson | no harm in playing around, but whatever you do will most definitely break on the next release | 17:37 |
| RubenDeSmet[m] | The problem is, the introduction of Sailjail borked contact name resolution and contact selection here (which was - of course not a public interface on its own) | 17:37 |
| attah | abranson: did you get your printer working with SeaPrint btw? | 17:37 |
| abranson | yeah it's wonderful. use it all the time :) | 17:38 |
| RubenDeSmet[m] | I'm not eligible for The Store any time soon either way :D | 17:38 |
| attah | cool! happy to hear :) | 17:38 |
| abranson | contacts aren't working? any idea what's broken? | 17:38 |
| RubenDeSmet[m] | In Whisperfish, that is :) | 17:38 |
| abranson | ah probably the api change | 17:38 |
| RubenDeSmet[m] | well, contact db moved into a protected directory | 17:39 |
| RubenDeSmet[m] | (has it? I gotta check now) | 17:39 |
| abranson | hmm, maybe not yet. | 17:39 |
| abranson | the contacts were privileged before afaik? you had to include a .privileges file? | 17:39 |
| abranson | or have they actually moved too? | 17:39 |
| RubenDeSmet[m] | [nemo@Sailfish ~]$ ls ~/.local/share/system/privileged/Contacts/qtcontacts-sqlite/contacts.db | 17:40 |
| RubenDeSmet[m] | ls: /home/nemo/.local/share/system/privileged/Contacts/qtcontacts-sqlite/contacts.db: Permission denied | 17:40 |
| RubenDeSmet[m] | They used to be in `~/.local/share/system/Contacts/qtcontacts-sqlite/contacts.db` | 17:40 |
| RubenDeSmet[m] | I mean, I have to admit, we're using quite a few APIs that we shouldn't, but WF wouldn't be as awesome otherwise... | 17:41 |
| RubenDeSmet[m] | This all made me wonder about rockpool too: aren't the calendars shielded too now? | 17:42 |
| attah | Okay, now i got it jailed properly | 17:44 |
| RubenDeSmet[m] | For 3.4 backwards compatibility, I was thinking that a script that just executes its parameters in place of /usr/bin/sailjail should basically be enough... But that should probably be a community package. | 17:44 |
| attah | funny i could trick settings into showing it | 17:44 |
| RubenDeSmet[m] | haha :) | 17:45 |
| attah | but boy did it get broken by that | 17:45 |
| RubenDeSmet[m] | Yeh, can imagine. | 17:45 |
| abranson | calendars were privileged onto too | 17:45 |
| abranson | *only | 17:45 |
| attah | crashed on opening the ImagePickerPage (: | 17:46 |
| RubenDeSmet[m] | rockpool views them through dbus then, I suppose. | 17:46 |
| abranson | no, the old fashioned way through kf5 | 17:47 |
| abranson | mKCal | 17:48 |
| abranson | that should all change before sailjail is 3rd party though. no-one should be using that privileged thing. | 17:49 |
| RubenDeSmet[m] | ack, but at least through some interface then; will rockpool still work then for now? For contact names, I *was* relying on opening the `.db` raw, and was thinking about the Dbus approach (apparently there's an interface), but I was also using the public but not supported `RecipientField` QML element for contact selection. | 17:49 |
| abranson | dunno, having a go of it now :) | 17:49 |
| RubenDeSmet[m] | Let me know, feel free to tag me here, on Github, on Gitlab, on Twitter or using smoke signals. | 17:50 |
| attah | Is it too early to start filing bugs on sailjail? | 17:51 |
| RubenDeSmet[m] | (what's the worst that could happen, closing them?) | 17:51 |
| attah | and people getting annoyed | 17:52 |
| RubenDeSmet[m] | I mean, if it's well documented and dupe-checked, I don't think you're doing anything wrong... | 17:52 |
| RubenDeSmet[m] | (I'm not a Jolla dev though) | 17:52 |
| attah | last time i troed i got told off basically | 17:53 |
| attah | not sailjail obviously | 17:53 |
| attah | does the .desktop really have to be named net.attah.seaprint? | 17:53 |
| RubenDeSmet[m] | I don't think it's necessary, given that `sailfish-browser.desktop` is a thing. | 17:54 |
| RubenDeSmet[m] | Having the path as name is mostly done for Dbus-related things iirc | 17:54 |
| attah | hmm, becauselaunching from shell works, but the exact same thing doesn't in Exec= | 17:54 |
| RubenDeSmet[m] | That's interesting. Maybe you have to restart the compositor, or reload the desktop database for that? | 17:56 |
| abranson | it should be something like that. when the sailjail comes in, your app's data dirs will have to conform to a package/app structure like the jolla ones have moved to | 17:56 |
| RubenDeSmet[m] | Yikes, another migration. How do you move to that directory structure if your app is already jailed? :'-) | 17:57 |
| RubenDeSmet[m] | Also, may I kindly invite abranson and attah to comment on https://gitlab.com/rubdos/whisperfish/-/merge_requests/118 ? :-) | 17:58 |
| RubenDeSmet[m] | No code has been written, but I'd love to hear some opinions. | 17:58 |
| attah | I guess it will be impossible to get permission to launch arbitrary *other* programs? | 17:58 |
| RubenDeSmet[m] | (and maybe someone else from the Jolla people, if they're there) | 17:58 |
| RubenDeSmet[m] | attah: I think that should be possible through dbus | 17:59 |
| attah | hmmmmm | 17:59 |
| RubenDeSmet[m] | dbus-launching is a thing in the Maemo/Jolla world | 17:59 |
| attah | I'm using QProcess currently | 17:59 |
| RubenDeSmet[m] | I dove into that head-first when doing the Signal captcha stuff, and it still hurts a bit (but that's not Maemo/Jolla's fault, it's damned Signal's fault). | 18:00 |
| RubenDeSmet[m] | Do you need access to the actual process? | 18:00 |
| attah | yes, both stdin and stdout | 18:00 |
| RubenDeSmet[m] | Because if it's just for launching, you just... launch! | 18:00 |
| attah | fair point | 18:00 |
| RubenDeSmet[m] | ahhh. Yeh. If you need it for IPC, you may have to move towards a Dbus iface... | 18:00 |
| RubenDeSmet[m] | dbus launch + dbus iface... | 18:00 |
| attah | but yea... ptdftowhatever from poppler utils | 18:01 |
| attah | brb, food | 18:01 |
| RubenDeSmet[m] | <attah "but yea... ptdftowhatever from p"> Ah you'll probably need a custom permission for that... Sounds like a can of worms that you don't want to touch until Jolla decides that SailJail is 3rd-party stable. | 18:01 |
| RubenDeSmet[m] | I imagine that the `.desktop` spec is gonna stay kinda-stable, but having third-party permissions... that doesn't sound remotely like a stable interface. | 18:02 |
| RubenDeSmet[m] | Having runtime-decided permissions would be cool too, but I don't suppose that FireJail already can do that. | 18:30 |
| attah | RubenDeSmet[m]: i'm not sure i quite understand why that is useful... i mostly find it annoying with all the popups thrown by Android to do that | 18:35 |
| RubenDeSmet[m] | Eg. Whisperfish can perfectly live without the contact permission, it's just more convenient to people. | 18:36 |
| attah | also, re: compatibility strategy, I would want to ask Jolla for a solution where they shim the Exec= command instead of us having to mess with it | 18:36 |
| RubenDeSmet[m] | That wouldn't solve it on 4.0.1.48 though, and they'd have to backport the shim to 3.4 | 18:37 |
| attah | for mie piece-meal and runtime are not quite the same thing, but i guess people will get confused with just the former | 18:37 |
| attah | well if only their apps are allowed to use it until it is in place, yes it would | 18:37 |
| attah | (not counting OpenRepos use of it targeted at 4.0) | 18:38 |
| attah | and by shim i mean we could keep ot old-style Exec= and they e.g. prepend it, so 3.4 would keep working | 18:39 |
| RubenDeSmet[m] | True.. but then we cannot use firejail in 4.0.1 :D | 18:54 |
| attah | oh, well... have we made it this far, it's no biggie... and nobody looks to get stuck on that release | 18:56 |
| RubenDeSmet[m] | Yes that's true | 19:06 |
| attah | It would be really nice if newer apps had to do basically nothing, and those that happen to work on 3.4 keep working without any special treatment | 19:07 |
| RubenDeSmet[m] | I also wonder how we're supposed to migrate from .local/share/X to .local/share/some-org/X | 19:10 |
| attah | yeah.. i started trying and... yeah, not fun | 19:11 |
| RubenDeSmet[m] | attah: https://github.com/sailfishos/sailjail-permissions/blob/master/permissions/AppLaunch.permission | 19:32 |
| RubenDeSmet[m] | not really application launch though | 19:32 |
| attah | seems to be *only* background services | 19:33 |
| attah | the naming schemes need a bit or work /methinks | 19:33 |
| attah | DataStorages for example means only external media it seems | 19:34 |
| RubenDeSmet[m] | Yeh, it's a bit confusing. Do we have any application that actually did a real migration of data form .local/share to jailed? | 19:35 |
| attah | just the jolla ones afaik | 19:36 |
| RubenDeSmet[m] | ... but did any of them actually migrate? :P | 19:38 |
| RubenDeSmet[m] | I guess they did | 19:38 |
| RubenDeSmet[m] | hmm | 19:38 |
| RubenDeSmet[m] | although jolla-messages.desktop still doesn't use the jail; all the jailing is commented out there. | 19:39 |
| RubenDeSmet[m] | the -contacts app does use a jail, but I hear many people lost contacts (which might indicate that migration isn't that... migratory) | 19:39 |
| attah | There was the note to resync contacts | 19:40 |
| attah | and it doesn't appear wide-spread | 19:40 |
| RubenDeSmet[m] | I saw some disappear | 19:40 |
| RubenDeSmet[m] | Only noticed after a while, because those were people that I didn't really talk to very often... | 19:41 |
| attah | sounds odd since it's all one database, isn't it? | 19:41 |
| RubenDeSmet[m] | yes. Hypothesis: there's no migration, only resync. | 19:41 |
| attah | Doubt it... most people have only local contacts afaik | 19:43 |
| RubenDeSmet[m] | Actually, I did lose quite a few. Going through them now. | 19:43 |
| RubenDeSmet[m] | Not sure whether they were/are Nextcloud or not. | 19:43 |
| RubenDeSmet[m] | All numbers that I've had from WAAAAY before this phone though. | 19:44 |
| attah | I don't have much to offer, borked the update so i restored into 4.0 from backup | 19:45 |
| RubenDeSmet[m] | Meh. Scrolled through all my texts and reassigned those that I recognised. | 19:47 |
| RubenDeSmet[m] | Had to skip the generic "happy new year"s | 19:47 |
| RubenDeSmet[m] | https://gitlab.com/rubdos/whisperfish/-/merge_requests/118/diffs?commit_id=84ee75ad3c816ed90288ae9285d82e3450dd412a wasn't too difficult to implement for WF, at least if I ignore 3.4 for now. I do wonder why I need the Privileged permission though, on top of Contacts. | 20:16 |
| RubenDeSmet[m] | the RecipientSelector seems to require that; it opens the contact db directly... | 20:16 |
| attah | so the .permission thingy, where did you even find what to put in there, elt alone that it is a thing? | 20:20 |
| attah | i sometimes wonder if i am actually retarded :) | 20:20 |
| RubenDeSmet[m] | https://github.com/sailfishos/sailjail-permissions/tree/master/permissions | 20:21 |
| RubenDeSmet[m] | and the rpm spec that's in that same repo | 20:21 |
| RubenDeSmet[m] | They also include a Python script to generate .ts files... | 20:22 |
| attah | hmmmm | 20:25 |
| attah | i thought i had an overview of the concpt, but this just throws me off completely | 20:27 |
| RubenDeSmet[m] | oh | 20:27 |
| RubenDeSmet[m] | Tell me, maybe I can help. | 20:27 |
| attah | staring at it some more i'm starting to see where it fits in... but seems at least half of it needs to get abstracted away behind good defualts to make it somewhat approachable | 20:33 |
| RubenDeSmet[m] | Well that repo seems to be setting good defaults... Except for .local/share ;D | 20:47 |
Generated by irclog2html.py 2.17.1 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!