if I have a model.json snaps header like this:
"snaps": [
{
"name": "pc",
"type": "gadget",
"default-channel": "20/edge",
"id": "UqFziVZDHLSyO3TqSWgNBoAdHbLI4dAH"
},
{
"name": "pc-kernel",
"type": "kernel",
"default-channel": "20/edge",
"id": "pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza"
},
{
"name": "snapd",
"type": "snapd",
"default-channel": "latest/edge",
"id": "PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4"
},
{
"name": "core20",
"type": "base",
"default-channel": "latest/edge",
"id": "DLqre5XGLbDqg9jPtiAhRRjDuPVa5X1q"
},
{
"name": "core",
"type": "core",
"default-channel": "latest/edge",
"id": "99T7MUlRhtI3U0QFgl5mXXESAiSwt776",
"modes": [
"run"
]
},
{
"name": "http",
"type": "app",
"default-channel": "latest/edge",
"id": "TJEfggNhgEJ4XKJ8o7ahsvRklz5kRK5w",
"modes": [
"run",
"recover"
]
}
]
when I go into recovery mode, it will fail to seed because for the http snap in recovery mode, I also need the core snap (the base of http) to be included in recovery mode, but signing this model is perfectly valid. We should add additional verification to the model for the various mode combinations.
we cannot check this at model signing them, in general we don't know what the snaps bases are etc without consulting the store.
We can check at image built time though, I opened a PR about that:
https:/ /github. com/snapcore/ snapd/pull/ 9710