Let's kill "sideloading"

Gustavo Niemeyer gustavo.niemeyer at canonical.com
Fri Sep 2 14:10:59 UTC 2016


On Fri, Sep 2, 2016 at 10:35 AM, Tony Espy <espy at canonical.com> wrote:

> On 09/01/2016 06:15 PM, Gustavo Niemeyer wrote:
>
>> Hello all,
>>
>> With assertions finally being put to great use, it's time to kill the
>> term "sideloading". That term does a disservice to our conversations,
>> because it is vague and also limits the thinking around what is possible.
>>
>
> I have a question related to "sideloading" a snap.
>
> Yesterday while testing a fix for our network-manager snap, I refreshed my
> rpi2 ( running the 'experimental' image ) which resulted in a new
> ubuntu-core snap, which I discovered now enforces the assertion that a snap
> must be signed in order to install, even when side-loaded.  I was told on
> #snappy that I could circumvent this check via the --force-dangerous
> parameter, which worked for me.  I was also told that this parameter may
> just be shortened to "--dangerous", and that "--devmode" may cause this to
> automatically set.
>

Indeed, we'll do those changes in the next couple of days.


> My question is what is the process for getting a snap signed?  Is this
> something that's done automatically when a snap is published to the store?
>

Yes, the goal is for the whole process to be mostly transparent. When you
build a snap you'll get an assertion next to it saying that you built it.
When you upload it, the assertion is shipped to the server, the snap gets
additional server assertions backing that process. No effort on the
developer end.

The snap I was testing was built by launchpad.  Is it possible to sign a
> snap locally ( ie. like debsign )?
>

Yes, Launchpad is likely using snapcraft already, which means it'll do that
by default once updated. We'll need to put a developer key there, though.

Sergio and Colin Watson should know more details here.


gustavo @ http://niemeyer.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160902/66586a98/attachment.html>


More information about the Snapcraft mailing list