Snapcraft

stage-snaps not usable with a brand store

Bug #1833220 reported by Ian Johnson on 2019-06-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Snapcraft	New	Undecided	Unassigned

Bug Description

It's not possible AFAICT to configure snapcraft to download snaps from a brand store with build-snaps or stage-snaps. Poking around at the source, it looks like snapcraft is downloading snaps with this function: https://github.com/snapcore/snapcraft/blob/master/snapcraft/internal/repo/snaps.py#L163-L175

which if I run `snap download` outside of snapcraft I am able to download snaps from my brand store by specifying the env vars:

UBUNTU_STORE_AUTH_DATA_FILENAME=./creds UBUNTU_STORE_ID=my-cool-brand-store-id snap download my-cool-brand-store-snap --edge

(where creds is from snapcraft export-login)

Attempting to provide this env vars to snapcraft doesn't seem to propogate them to the snap download command that snapcraft runs. I.e. this fails:

UBUNTU_STORE_AUTH_DATA_FILENAME=./creds UBUNTU_STORE_ID=my-cool-brand-store-id snapcraft

It also fails in destructive-mode:

UBUNTU_STORE_AUTH_DATA_FILENAME=./creds UBUNTU_STORE_ID=my-cool-brand-store-id snapcraft --destructive-mode

Revision history for this message

Natalia Bidart (nataliabidart) wrote on 2021-10-19:

Ian, I have just replied to a customer that what you proposed should work as long as the path to the credentials is absolute. Would you be able to try that and confirm that works for you?

(Sergio mentioned that the snap build occurs in a different path than where you are at when providing the creds)

Changed in snapcraft:
status:	New → Incomplete

Revision history for this message

Ian Johnson (anonymouse67) wrote on 2021-10-19:

So setting the env var for the credentials file to an absolute file works in destructive / host building only, it still does not work for snapcraft building snaps in a LXD or multipass environment in my testing. This seems to be because the credentials file is on the host and the snaps are downloaded inside the container?

Tested with snapcraft 5.0, revision 6751

Changed in snapcraft:
status:	Incomplete → New

Revision history for this message

Natalia Bidart (nataliabidart) wrote on 2021-10-22:

I believe so Ian (re: the credentials file is on the host and the snaps are downloaded inside the container).

If `snap download` would be changed in a way where a serialized authentication macaroon is taken from an env var (not via a file but via a string that is used as is in a Authorization header), snapcraft could pass that in the build env and things will work. I believe a change like this is planned for the snap revision authority delegation.

Revision history for this message

Ian Johnson (anonymouse67) wrote on 2021-10-26:

Yes that's correct we do eventually plan on having snap download be able to download snaps with authentication indirectly via snapd rather than going directly to the store first.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.