Snapcraft

Bug #1636981
Comment #1

Comment 1 for bug 1636981

Revision history for this message

Natalia Bidart (nataliabidart) wrote on 2021-01-20:

Python3 helper to revoke an existing validation assertion Edit (4.7 KiB, text/x-python)

Attaching a script to act as a workaround for this issue. Instructions to use it:

1- be sure to have handy the snap ID of the gating snap, the account ID of the publisher of the gating snap, the snap ID of the gated snap and the gated revision that it's being revoked

2- be sure you have access to a valid, store-registered key belonging to the publisher of the gating snap

3- install "surl" (source code at https://github.com/Roadmaster/surl/), which is a CLI helper to make macaroon-authenticated requests against the store APIs

$ sudo snap install surl

3- obtain a suitable macaroon with the right permissions to (later) upload the new assertion to the store:

$ surl -a store-token -e <publisher-email> -p package_access -p package_release -s production

4- generate and sign a new (local) revision of the validation assertion revoking a previous validation (this will create a file that you can review later, nothing will be pushed to the store yet):

$ python3 revoke_assertion.py <publisher-account-id> <gating-snap-id> <gated-snap-id> <gated-revision> --key <key-name>

5- Review the output and execute the printed surl command

Example of a run:

$ python3 revoke_assertion.py AfdTtIZrrGjK2D0xQgvZmGJiVIt6Y3cd ivnP3NKZiyReJIJdlzXBRxxl4n3SkcnC 99T7MUlRhtI3U0QFgl5mXXESAiSwt776 9437 --key validations-test

** Please review the assertion before submitting it to the store, assertion was signed and stored in:

/home/nessita/ivnP3NKZiyReJIJdlzXBRxxl4n3SkcnC-99T7MUlRhtI3U0QFgl5mXXESAiSwt776-9437-r3.assertion

** After assertion review, submit it to the store with:

surl -a store-token -X PUT https://dashboard.snapcraft.io//dev/api/snaps/ivnP3NKZiyReJIJdlzXBRxxl4n3SkcnC/validations -d '{"assertion": "type: validation\nauthority-id: AfdTtIZrrGjK2D0xQgvZmGJiVIt6Y3cd\nrevision: 3\nseries: 16\nsnap-id: ivnP3NKZiyReJIJdlzXBRxxl4n3SkcnC\napproved-snap-id: 99T7MUlRhtI3U0QFgl5mXXESAiSwt776\napproved-snap-revision: 9437\nrevoked: true\ntimestamp: 2021-01-20T14:28:59.663730Z\nsign-key-sha3-384: 39Yykj3WyH-fL3h-Q_3YSlDlEj-XUlT-SxYd6qTJL4dN3BP2Q0rGRO2lQm7XZiEm\n\nAcLBcwQAAQoAHRYhBJAtR/3peIgjQB/uhd0t1+KrVFrbBQJgCD4rAAoJEN0t1+KrVFrbyfMP/j1g\nWnUDvSMpuAJ4hOzI5U3Qt/j9mzhNnpXKw/OuLH3rYGRWEQFMlRZHRc6myOlEZovhORkhy/WJjszR\nP9WA4uNXOzFnZc/dfj74AQwBio5JqMqBcGoIMZi6AgmJ4tyJAJkvxz/lrGLqXftMa9/Yv+bC9tN8\nqHnyBaKc7rjxEjXfeAljBhZbl/ovUlPb+/cCrYIS4gc3rvoAhB8SDboG6h4SVCCzyquyU+MogZQ9\nH3GYw8jKhjrfVMJd/jexanLH2dhAfu4vL7so7yO6VnkEeDMg8W00EA75i8vXUnHi4XrboUvu2tF2\njbJmbPAiyL/C3XDo6eCOZovZE3q7KJaNIwhkig278x1VzCiy+yhq0rbrMgXx8/AqGkGIHE80d3Th\n5Z95QiUObTkW3kIjyDhUYLuy4dG5ikstE7DUC1pL0mzNMZwhTwJzhXZM7HYbwXGFtZC8Jx+CxuMR\nPql1k0jOk4NKHktFaQ5D8ARR0rdU9HGuzkqpOOas9D9tuigOXw8U2gIEdHpWHJJCvPkG1PzRblkx\nBAf45pob9ujVZckUAtBGsmyGrNsJoGk7JitYEhcgJd9KQqU21sZeV/XyGgW4wd8L9X7DJJxdwutP\n1qbxzgCaSFCtDRv7MJWHnhnBkWAoEDGXThdEWLXesPEKNDn1bGpL9lDldqhHumAdsXnSKaET\n"}'