On 04/06/2025 22:56, Charles Choi wrote:
I see why Captee is missed in the updated text (mentioning it still might be
helpful
Will take that guidance.
It is merely an opinion. Do not hesitate to object or just to ignore.
Am I to understand that expectations of Apple is that Emacs application
should be published with implementation of share target and either
universal links or custom URL scheme?
If I understand your question correctly, then the answer is yes.
Is there similar requirement of signed application to configure
association of file (Media, MIME) types with an app? I mean opening in
Emacs from file browser.
As local domain sockets are tied to the file system, Apple has precluded
their usage as IPC for hardened runtime apps as they exist outside an
app’s sandbox.
It is sad. I had hope that it is possible to either declare a custom
permission (entitlement) or to consider socket selected in file picker
(similar to file with secret) as granting permission to use it.
Is it possible to invoke emacsclient or to connect to Emacs socket from
native messaging helper for a browser extension?
No.
Again it is unfortunate. I expected that since native host helpers were
added for tasks impossible to perform inside browser extension sandbox,
it might be possible at least to access file system and so UNIX domain
sockets.
Frankly speaking, I expected to find more discussions and complains
related to emacsclient on macOS, but quick search gives mostly outdated
results.
This might reflect that there are _so_ many hoops to jump to make Org
Protocol work, sandboxing or not. Most Org mode users get funneled out
because of this.
I anticipated complains concerning emacsclient unrelated to
org-protocol. There are some users of emacsclient on macOS, e.g.
https://www.they.es/posts/emacs-on-osx/ suggests homebrew-emacs-plus.
Likely emacsclient is not useless for the person submitted
https://debbugs.gnu.org/77276
I am unsure which way they invoke emacsclient though.
P.S. It seems macOS desktop/laptop security model became
indistinguishable from mobile OS where data are tightly sealed withing
each app.
UWP for Windows and Flakpak for Linux comes to mind.
Firefox shipped as snap was the reason why I decided to give up with
Ubuntu. I do not mind to run browser for regular sessions to run in a
network namespace with no routing to LAN, but there is no such a
feature. I do not like that whole home directory is accessible by
default, but not local HTML files from /usr/share/doc. I have seen bug
reports that people can not use their USB authentication tokens.
Emacs is an example of an app that is hardly usable and inconvenient
without broad permissions.
I have not tried to configure Desktop Portal permissions on Linux, but
my impression that they should be flexible enough.
