The communication with the servers is not authenticated with macaroons

Bug #1586910 reported by Leo Arias
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snapcraft
Fix Released
High
Leo Arias
snapcraft (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Yakkety
Fix Released
Undecided
Unassigned

Bug Description

The snapcraft interaction with the servers is currently usingn oauth. The servers now support macaroons authentication, and we must use it for all the snapcraft commands.

[Impact]

 * No visual impact for users, the commands are untouched.
 * This change improves the security of the communications with the servers.
 * Users who have logged in with previous versions will have to log out and log in again.

[Test Case]

 * Run snapcraft login with and without one-time password.
 * Upload a snap.
 * Build the 96boards demo, in order to download a snap.

[Regression Potential]

 * The existing features that interact with the servers might fail: login, upload, download.

Leo Arias (elopio)
Changed in snapcraft:
status: New → In Progress
importance: Undecided → High
assignee: nobody → Leo Arias (elopio)
description: updated
Revision history for this message
Leo Arias (elopio) wrote :
Leo Arias (elopio)
Changed in snapcraft:
milestone: none → 2.10
Changed in snapcraft:
status: In Progress → Fix Committed
Changed in snapcraft (Ubuntu Xenial):
milestone: none → xenial-updates
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package snapcraft - 2.10+16.10

---------------
snapcraft (2.10+16.10) yakkety; urgency=medium

  [ Martin Wimpress ]
  * Correct autotools tests to use configflags (#521)

  [ Leo Arias ]
  * Run the integration tests against a local fake server when the user
    password is not in the environment. (#511) (LP: #1585023)
  * Move the login and logout methods to a client. (#518) (LP: #1586504)
  * Improve the config handling. (#519) (LP: #1586511)
  * Fix the one-time password login. (#529) (LP: #1586832)
  * Moved the download to the store client. (#530) (LP: #1586836)
  * Moved the upload to the store client. (#531) (LP: #1586836)
  * Updated the documentation about the icon. (#542) (LP: #1578231)
  * Improve the error message when a part binary is not found. (#541)
    (LP: #1582367)
  * Reenable the ROS demo for autopackage testing. (#520) (LP: #1588098)
  * Add macaroon support to login, upload and download. (#532) (LP: #1586910)
  * Set the no_proxy environment variable to access the local fake servers.
    (#546) (LP: #1588631)

  [ Stephen Stewart ]
  * nodejs plugin: Support configurable node version (#509) (LP: #1586104)

  [ Kyle Fazzari ]
  * Use correct cross-build packages for ppc64le. (#539) (LP: #1570944)

  [ Sergio Schvezov ]
  * Support zip files as source (#523) (LP: #1577062)
  * A nicer error message for incorrect stage-packages (#524) (LP: #1568131)
  * Support the assumes keyword (#525) (LP: #1586429)
  * Improve the template for snapcraft init (#528) (LP: #1575581)
  * Filter out *.snap from sourcedir (#535) (LP: #1575628)
  * Support setting a gopath for a go project from vcs (#538) (LP: #1583426)
  * Add a ticker for snapping (#540) (LP: #1582955)
  * Rename strip to prime (#543) (LP: #1582515)

  [ Didier Roche ]
  * Wrap plugin list output content (#534) (LP: #1587057)
  * Add snapcraft examples to scaffold getting started tour (#513)
    (LP: #1586137)

  [ Joe Talbott ]
  * Add support for parsing the parts wiki (#545) (LP: #1587583)

 -- Sergio Schvezov <email address hidden> Fri, 03 Jun 2016 13:37:58 -0300

Changed in snapcraft (Ubuntu Yakkety):
status: New → Fix Released
Changed in snapcraft:
status: Fix Committed → Fix Released
Revision history for this message
Leo Arias (elopio) wrote :

Tested in an up-to-date xenial system:
- Enabled the proposed archive
- Updated snapcraft to 2.10
- snapcraft login
- Entered the credentials of a user with 2fa enabled.
- The login was successful.
- snapcraft upload any test snap.
- The snap was uploaded.
- Ran snapcraft pull in the 96boards example.
- The os snap was downloaded.

I'm marking the verification as done.

Changed in snapcraft (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-done
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package snapcraft - 2.10.1

---------------
snapcraft (2.10.1) xenial; urgency=medium

  * Backwards compatible clean with strip (#556) (LP: #1590256)

 -- Sergio Schvezov <email address hidden> Wed, 08 Jun 2016 16:32:27 -0300

Changed in snapcraft (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.