Removing a snap without using sudo or using /v2/login

Robert Ancell robert.ancell at canonical.com
Thu Sep 22 03:48:18 UTC 2016


Hi all,

There's an open bug for gnome-software about how you can't remove a snap
without first logging in with your Ubuntu One credentials [1]. However, if
you use the command line you can easily do this using 'sudo snap remove
foo'.

There are a number of cases where it makes sense to be able to remove a
snap without logging in:
- You may be offline and so can't do an Ubuntu One login at this time.
- You don't have an Ubuntu One account but you want to remove something.
- The snap came pre-installed, and you want to remove it. You have no need
to log in and install more snaps (at that time).
- You are a different user to the one who installed it.

The reason gnome-software triggers the login is the following happens:
1. g-s finds the snap using GET /v2/snaps on snapd.
2. The user clicks "Remove"
3. g-s requests removal using POST /v2/snaps/[name]
4. snapd returns the error "login-required"
5. g-s prompts the user for email address / password
6. g-s asks the system D-Bus service snapd-login-service to login with the
email address / password
7. snapd-login-service checks with Polkit that the user is allowed to do
this
8. Polkit triggers a password prompt to check the user is there
9. snapd-login-service calls POST /v2/login on snapd
10. snapd returns a macaroon
11. snapd-login-service returns the macaroon to g-s
12. g-s repeats POST /v2/snaps/[name] using the macaroon

The question is - does it make sense to make a new request to snapd that
gets an authorization macaroon without logging into Ubuntu One? i.e.
something like this:
1. g-s finds the snap using GET /v2/snaps on snapd.
2. The user clicks "Remove"
3. g-s requests removal using POST /v2/snaps/[name]
4. snapd returns the error "login-required"
5. g-s asks the system D-Bus service snapd-login-service to authorize
6. snapd-login-service checks with Polkit that the user is allowed to do
this
7. Polkit triggers a password prompt to check the user is there
8. snapd-login-service calls POST /v2/authorize on snapd
9. snapd returns a macaroon
10. snapd-login-service returns the macaroon to g-s
11. g-s repeats POST /v2/snaps/[name] using the macaroon

If we do this at what point do we prompt a user to do an Ubuntu One login?
Do we have two error messages "auth-required" and "login-required"? Or is
login an optional thing that we let the user decide if they want to do it?

--Robert

[1] https://bugs.launchpad.net/bugs/1581713
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160922/f2c51311/attachment.html>


More information about the Snapcraft mailing list