Ubuntu Image

ubuntu-image should fetch correct assertion revision from the store while building image

Bug #2002293 reported by Bugra Aydogar on 2023-01-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu Image	New	Undecided	Unassigned

Bug Description

The ubuntu-image always gets/downloads the latest snap-declaration assertion from the Store and there is no "official" way to inject old versions of the snap-declaration assertion files to the image.

The current workaround is mounting the created image and adding required snap-declaration assertions. The required snap-declaration assertion can be fetch from the store using the following api; `api/v1/snaps/assertions/snap-declaration/<SnapDeviceSeries>/<snapName>?max-format=4`.

The use case is that, when a device manufacturer would like to provide an old image with specific snaps included, the system fetches the latest assertion from the store and thus, the installation of the ubuntu core image fails because of the max-supported-assertion mismatch.

Thanks

Revision history for this message

William Wilson (jawn-smith) wrote on 2023-01-09:

Which version of ubuntu-image are you currently using and are you building core or classic images? Assuming you're using version 2.x to build core images, the documentation states the following:

```
          --snap=SNAP Install extra snaps. These are passed through to "snap prepare-image".
                                             The snap argument can include additional information about the channel
                                             and/or risk with the following syntax: <snap>=<channel|risk>
```

Which leads me to believe this is just something we don't have support for yet. If I'm correct about this we will need to write a spec for expanding the command line arguments.

Revision history for this message

Bugra Aydogar (bugraaydogar) wrote on 2023-01-09:

Hi William,

The customer is using the ubuntu-image to build Ubuntu Core images. They are using the latest available version which is `2.2+snap10`.

Essentially, it is a missing feature but according to the latest discussion with Samuele, this needs to be addressed as part of the "repeatable builds epic". As of now, the assertions are tightly coupled with snapd version available in the machine while building the Ubuntu Core image. If you try to download a snap from the Store, the Store will check the snapd version and based on that it will provide the snap declaration assertion which can be run on the specific snapd version. Thus, as a workaround, the customers might have multiple CI pipeline that has multiple snapd versions available but this is not a sustainable solution.

Ideally, it would be best if `ubuntu-image` takes an argument say "--max-assertion-format" and based on this value, it could fetch the relevant assertion and embed it in the image. Or, the ubuntu-image must respect to the snapd revision that is being used as part of the refresh-control or validation-sets. I think, a spec would be needed to address this problem.

Thanks,
Bugra

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.