Let's kill "sideloading"

Sergio Schvezov sergio.schvezov at canonical.com
Fri Sep 2 15:55:52 UTC 2016 

El 02/09/16 a las 11:10, Gustavo Niemeyer escribió:
>
>
> On Fri, Sep 2, 2016 at 10:35 AM, Tony Espy <espy at canonical.com 
> <mailto:espy at canonical.com>> wrote:
>
>     On 09/01/2016 06:15 PM, Gustavo Niemeyer wrote:
>
>         Hello all,
>
>         With assertions finally being put to great use, it's time to
>         kill the
>         term "sideloading". That term does a disservice to our
>         conversations,
>         because it is vague and also limits the thinking around what
>         is possible.
>
>
>     I have a question related to "sideloading" a snap.
>
>     Yesterday while testing a fix for our network-manager snap, I
>     refreshed my rpi2 ( running the 'experimental' image ) which
>     resulted in a new ubuntu-core snap, which I discovered now
>     enforces the assertion that a snap must be signed in order to
>     install, even when side-loaded.  I was told on #snappy that I
>     could circumvent this check via the --force-dangerous parameter,
>     which worked for me.  I was also told that this parameter may just
>     be shortened to "--dangerous", and that "--devmode" may cause this
>     to automatically set.
>
>
> Indeed, we'll do those changes in the next couple of days.
>
>     My question is what is the process for getting a snap signed?  Is
>     this something that's done automatically when a snap is published
>     to the store?
>
>
> Yes, the goal is for the whole process to be mostly transparent. When 
> you build a snap you'll get an assertion next to it saying that you 
> built it. When you upload it, the assertion is shipped to the server, 
> the snap gets additional server assertions backing that process. No 
> effort on the developer end.
>
>     The snap I was testing was built by launchpad.  Is it possible to
>     sign a snap locally ( ie. like debsign )?
>
>
> Yes, Launchpad is likely using snapcraft already, which means it'll do 
> that by default once updated. We'll need to put a developer key there, 
> though.

So I guess what Tony might get value on knowing is which assertion needs 
to be available to avoid --devmode/--dangerous.

>
> Sergio and Colin Watson should know more details here.

Maybe subscribe to https://github.com/snapcore/snapcraft/pull/726 and 
https://bugs.launchpad.net/snapcraft/+bug/1612730

>
>
> gustavo @ http://niemeyer.net
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160902/2c3bb5a7/attachment.html>

More information about the Snapcraft mailing list