Restrict directories

[TheEvilSkeleton]

I just want to suggest to remove --filesystem=home and allow xdg-{desktop,documents,pictures,downloads,videos} instead. Also using --persist would stop the Arduino programs from cluttering the user directory.

I wouldn't mind submitting an MR.

[A6GibKm]

I am not comfortable with removing this permissions, even though I do use the requested permissions in my setup.

• The app will simply break for many users and there is no clear way to communicate this
• Many people do not use the standard Arduino folders, they wont be able to read their files, same applies to config after using persist.
• This practice (home access) seems ok with IDEs

[TheEvilSkeleton]

• The app will simply break for many users and there is no clear way to communicate this

I tested it and it worked fine for me, which is why I opened the issue.

• Many people do not use the standard Arduino folders, they wont be able to read their files, same applies to config after using persist.

The persisted files will be located in ~/.var/app/cc.arduino.arduinoide. Unless I'm completely wrong?

Changing it to

- "--filesystem=home"
+ "--persist=.arduino15",
+ "--persist=Arduino"

should persist properly.

[A6GibKm]

I tested it and it worked fine for me, which is why I opened the issue.

Were you able to load your old files in ~/some-custom-folder-similar-to-Arduino? It is completely possible that many users have their files somewhere which is not ~/Arduino. I do agree that it won't crash in the strict sense of the word crash, it is just the expectations of the user that might crash.

The persisted files will be located in ~/.var/app/cc.arduino.arduinoide. Unless I'm completely wrong?

Yes, but the older ones in ~/.arduino15 wont be magically migrated.

EDIT: This would have been a great idea when the flatpak was proposed. Now I am not sure about it. I asked the flathub devs about a month ago, they were also of the idea of not changing it.

Any proper solution requires upstream involvement.

[TheEvilSkeleton]

Were you able to load your old files in ~/some-custom-folder-similar-to-Arduino? It is completely possible that many users have their files somewhere which is not ~/Arduino. I do agree that it won't crash in the strict sense of the word crash, it is just the expectations of the user that might crash.

Can you guide me on that? I don't think I'm understanding this.

My assumption is that if it has rw access to the directory, then it should work.

Yes, but the older ones in ~/.arduino15 wont be magically migrated.

Fair point, though users should be able to move the contents manually.

Any proper solution requires upstream involvement.

I agree. Unfortunately they rejected following XDG standards arduino/arduino-ide#1514.

[A6GibKm]

 Can you guide me on that? I don't think I'm understanding this.

My assumption is that if it has rw access to the directory, then it should work.

Suppose the user store his files at ~/src after the migration of permissions he would not be able to see his files, it would be understandable if the userr thinks his files are gone and flatpak bad.

The average user should not be expected to understand the fs permissions, and flatpak is intended to be as transparent as possible.

[TheEvilSkeleton]

Suppose the user store his files at ~/src after the migration of permissions he would not be able to see his files, it would be understandable if the userr thinks his files are gone and flatpak bad.

I'm pretty sure that they won't be able to store their files in /src because they won't have access to it to begin with, because of --filesystem=home, so the flatpak only allows $HOME at a maximum. Maybe you meant to say that they store their files somewhere in their $HOME, and then after the migration of permissions they would not be able to see their files.

The average user should not be expected to understand the fs permissions, and flatpak is intended to be as transparent as possible.

Fair point. Now that I think of it, migration will be extremely annoying, but in my opinion, having files in ~/ is extremely annoying as well, especially when one can't persist a writable directory.

[A6GibKm]

I'm pretty sure that they won't be able to store their files in /src

I was referring to the user having files in ${HOME}/src prior to the change.

Fair point. Now that I think of it, migration will be extremely annoying

It is a little worse than annoying, most people are not flatpak-sawy enough (and I cannot put enough emphasis in that they should not be) to know how to do this migration before going back to, say the outdated rpm version provided by Fedora (which I am sure was only updated recently).

I personally think that it would not be that bad to add --persist for .arduino15 but since it would still use --filesystem=home I fear that it will still default to ~/.arduino15.

[TheEvilSkeleton]

I personally think that it would not be that bad to add --persist for .arduino15 but since it would still use --filesystem=home I fear that it will still default to ~/.arduino15.

Correct. It will make the --persist=.arduino15 line completely useless. --persist is only used when the flatpak doesn't have write access to it.