Jump to content
Enpass Discussion Forum

Adding Enpass to the Snap Store with your help


chrismin13
 Share

Recommended Posts

Hello to the Enpass Community and Developers,

First of all, thank you for the great app! Enpass has been my password manager of choice for more than 2 years and I have enjoyed my time using it. One of the main reasons I chose Enpass originally was for its great cross-platform compatibility and support. The Linux support was especially important and mostly unique to Enpass at the time.

That being said, Enpass has been traditionally distributed on Linux through the use of various third-party repositories that depend on the distribution used. This has had various disadvantages:

  1. Each distribution needs its own installation instructions, which is in stark contrast to the easy one-click install that is offered through the App Store and Microsoft Store
  2. Each distribution requires its own packaging format, which adds complexity to releases
  3. The dependencies of the app aren't always included and are updated independently of the app, allowing for possible compatibility issues
  4. The installation process requires root privileges which aren't always available and are a security concern

As such, in order to work around these issues, I would like to present my efforts of turning Enpass into a Snap package. 

 

Snap is a packaging format by Canonical that aims to bring the app experience on Linux on-par with other modern platforms. It focuses on:

  • Discoverability - by showcasing Snap apps on the Snap Store, which is included in all Ubuntu releases (accounting for the majority of active Linux machines) and many other distributions
  • Compatibility - by being available on almost every Linux distro
  • Ease of development - by offering a plethora of metrics and auto updates
  • Security - with sandboxing technologies that limits the app's access to system users and ensures the user's privacy
  • Stability - by including all necessary dependencies at build time

Snap is easy to develop for, regardless of if you're starting from an existing .deb file or are building from source. As a proof of concept, I have successfully converted Enpass into a Snap package starting from the deb. The app functions as expected for the most part, and most people would likely be unable to tell the difference between the Snap version and the traditional package. You can check out my progress and install the app on the following GitHub repository:

https://github.com/chrismin13/enpass-snap

 

This is a personal effort and is not associated with Sinew Software Systems. Because of that, this Snap has not been published to the Snap Store yet. While the app is ready for the most part, there are a few show-stoppers that I would like to have your collaboration in resolving, as I am unable to solve them on my own.

Most importantly, Enpass' Terms of Use state that redistribution is not allowed. I am especially concerned with ensuring that Sinew Software Systems are in full accordance with any redistribution preformed and it is why I found it especially important to contact you on the forums in regards to this matter. I have taken this initiative as I recognize that the Enpass developers are busy with more important manners and I wanted to contribute in my own way to the development of the app. For that reason, I would like to publish the app on the Snap Store. However, that does not mean that I hold any rights to the app or its publication. At any point, you are able to contact Canonical to set up an official account and transfer ownership of the Snap Store page. Please let me know if you allow this instance of redistribution. I would be happy to discuss the matter further, either here or personally, if you would like further clarification on anything.

More details in relation to this issue can be found here: https://github.com/chrismin13/enpass-snap/issues/4

There are also two issues that have to do with the app itself and its compatibility with the sandboxing environment of Snaps. I am unable to fix these issues since I do not have access to the code of Enpass. As such, the help of the Enpass developers would be especially appreciated.

First of all, the command displayed for the assistant is incorrect and causes some side effects. This is a rather simple fix, as I have added the `enpass` command through the Snap package, which could be shown instead. All details for this issue are found here: https://github.com/chrismin13/enpass-snap/issues/1

Second, the browser extension does not work under `strict` confinement. This means that while the app is sandboxed, the browser extension does not function correctly. While this problem can be overcome by using `classic` confinement, which disables the sandboxing, it also voids many of the advantages of the Snap platform and isn't allowed on the store without contacting Canonical to ask for permission. The reason this problem occurs is because Enpass detects a different user is running the client and does not allow the browser to connect. You can view related logs and more details here: https://github.com/chrismin13/enpass-snap/issues/3

Assuming these two issues are fixed, the app will be fully functional as a Snap and indistinguishable from its APT and RPM counterparts!

 

Thank you for taking the time to read through this rather large post. I hope that you share my excitement on this matter and that you will consider this initiative. I will be more than happy to answer any questions or concerns.

Best regards,
Chris.

Link to comment
Share on other sites

  • 2 weeks later...

Hi @chrismin13,

Thanks for your efforts to bundle Enpass for snap store. We are a short on team to handle all kind of packaging. We will give you explicit permission to redistribute our software for snap store. Please share your email id in PM.  

As about other bugs, issue 1 can be resolved from our side by checking a Environment variable set by snap. Browser extension connection requires permissions to require system commands like readlink/netstat/lsof and a port open on localhost. Team is investigating the issues and possible fixes.

Thanks,
Vinod

  • Like 2
Link to comment
Share on other sites

On 2/2/2021 at 12:07 PM, Vinod Kumar said:

Hi @chrismin13,

Thanks for your efforts to bundle Enpass for snap store. We are a short on team to handle all kind of packaging. We will give you explicit permission to redistribute our software for snap store. Please share your email id in PM.  

As about other bugs, issue 1 can be resolved from our side by checking a Environment variable set by snap. Browser extension connection requires permissions to require system commands like readlink/netstat/lsof and a port open on localhost. Team is investigating the issues and possible fixes.

Thanks,
Vinod

Hello,

Thank you for taking the time to help me with my request and allowing me to publish the app!  I have gone ahead and sent you my email in a private message.

I will resume work on the snap. You can track any updates and issues reported in the Github page: https://github.com/chrismin13/enpass-snap

Thanks again,
Chris

Link to comment
Share on other sites

The Snap is now available on the Snap Store! Here's a link:

https://snapcraft.io/enpass

I tried to make the store page resemble the rest of the platforms and used the official Linux Presskit for artwork and screenshots. If there's anything you would like to see changed or improved, please let me know! Even the smallest details matter.

The Snapcraft Builds are synchronized with the Github Repository, so any changes pushed there will be immediately compiled and published to the edge channel. Once I see that the changes are functioning correctly, I will manually promote the build to stable. The Github Repo will also be automatically updated to the latest version of Enpass on the APT repository, as it checks for updates every 30 minutes via a Github Action, and I will be notified via email when that happens to ensure that it was released correctly.

As I've mentioned in the Snap page, two issues still persist: the System-wide hotkey and browser autofill. I understand these are going to take a while to implement, as this isn't a top priority. However, the System-wide hotkey should be doable. You have already mentioned that we could use an Environment Variable, how does ENPASS_CMD sound?

Thanks again for all the help. I'm open for discussion on anything.
Chris.

  • Thanks 1
Link to comment
Share on other sites

  • 2 weeks later...

Hello,

Just thought I'd chime in with some data on the Snap's distribution. I'm happy to announce that it's actively in use by over 200 machines! Here are some stats on which distributions are using it:

Screenshot_20210221-121550.thumb.png.7709a3365ca875f4462059854cb506a1.png

You can also see on the Snap Store public page which countries are most actively using, the top 3 being:

- Germany: 45 active
- USA: 27 active
- Russia: 11 active

Finally, I was wondering if you have any updates on the two bugs that are currently present (the assistant command and the browser extension).

Thanks again for your help. Let me know if there's anything else I could do from my part!

Chris.

  • Thanks 1
Link to comment
Share on other sites

  • 7 months later...

Good day everyone, good day @Vinod Kumar,

I attempted to do the same with the Flatpak format for usage on Fedora Silverblue. It turns out the usage of "lsof" mentioned earlier is mostly incompatible with Flatpak as a whole [1], as the host "/proc" folder queried is never shared with any Flatpak. The only form of sharing I did find is child-parent Flatpaks [2], which would require the browser (and thus the Enpass extension) to be a child process Flatpak of the Enpass flatpak (which queries "/proc" via "lsof"). This doesn't only violate the sandbox, it's vastly impractical to enforce this relation. I did not test whether this would work in practice at all.

As Enpass is proprietary, I can neither efficiently fix the issue myself, nor even provide a proposal right now as there is no information on how it works. "netstat" was mentioned above, but I'm quite sure one of my setups does not even have it, and yet Enpass works with the browser extension. "lsof" on the other hand is a package dependency, at the very least for Fedora. Of course it'd be ideal if you could just drop the dependency on "lsof" somehow, but if you could provide further information on what for and how exactly those tools are used, I could maybe try to come up with a workaround at some point. Thank you!

Best regards, Marvin

[1] https://github.com/flatpak/flatpak/issues/4001

[2] https://github.com/flatpak/flatpak/commit/62797b4be9b06de19639ca881c57fb9a15db190f ; https://docs.flatpak.org/en/latest/flatpak-command-reference.html (--parent-expose-pids)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...