Make chip-tool command work without root privileges

[farshidtz]

The chip-tool command installed by the snap requires root privileges to function. This is because the storage and config files are written under /mnt, which is bind mounted on /var/snap/chip-tool/common/mnt/. This directory is owned by the root user.

This also makes it problematic to use the tool independently with different users.

Ideally, the storage and config paths should be user specific (e.g. read from SNAP_USER_COMMON). This is currently not easily achievable since the paths are set at compile time.

[farshidtz]

A script could be used to bind mount /mnt to a directory under user's home directory. This script would have to be executed every time before executing Chip Tool commands, via snapcraft's command-chain, so that the environment gets setup promptly for the user. This will be problematic if two users start executing commands in parallel. Chances of collision are high since some commands take very long to complete, especially when using Chip Tool's interactive mode.

In my option, the best approach to solve this issue is to implement path configuration via environment variables. This needs to be implemented upstream to avoid added snap maintenance complexity. Created an issue for it: project-chip/connectedhomeip#30790

[farshidtz]

I came across the following flag allowing overriding the temp directory of chip tool:

[--storage-directory]:
  Directory to place chip-tool's storage files in.  Defaults to $TMPDIR, with fallback to /tmp

https://github.com/project-chip/connectedhomeip/blob/v1.3.0.0/docs/guides/chip_tool_guide.md#changing-storage-directory

$ sudo chip-tool pairing <...> --storage-directory /var/snap/chip-tool/current/test
...
$ sudo tree /var/snap/chip-tool/
/var/snap/chip-tool/
├── 58
│   └── test
│       ├── chip_tool_config.alpha.ini
│       ├── chip_tool_config.ini
│       └── chip_tool_kvs
├── common
│   └── mnt
│       ├── chip_config.ini
│       ├── chip_counters.ini
│       ├── chip_factory.ini
│       └── chip_tool_config.ini
└── current -> 58

6 directories, 7 files

Several other files do still get created at the original path. There are from the SDK, inline with the comment here, apart from the kvs file:

chip-tool-snap/snap/snapcraft.yaml

Lines 42 to 57 in b6dcc18

	# The project writes its data to /tmp which isn't persisted.
	#
	# Setting TMPDIR env var when running the app isn't sufficient as
	# chip_[config,counter,factory,kvs].ini still get written under /tmp.
	# The chip-tool currently has no way of overriding the default paths to
	# storage and security config files.
	#
	# Snap does not allow bind mounting a persistent directory on /tmp,
	# so we need to replace it in the source with another path, e.g. /mnt.
	# See the top-level layout definition which bind mounts a persisted
	# directory within the confined snap space on /mnt.
	#
	# Replace storage paths:
	sed -i 's/\/tmp/\/mnt/g' src/platform/Linux/CHIPLinuxStorage.h
	# Replace key-value store path:
	sed -i 's/\/tmp/\/mnt/g' src/platform/Linux/CHIPPlatformConfig.h