Ubuntu Software always asks for an Ubuntu Single Sign-On account when installing or removing a snap package

Bug #1581713 reported by Claudio André on 2016-05-14
246
This bug affects 51 people
Affects Status Importance Assigned to Milestone
Ubuntu GNOME
High
Unassigned
gnome-software (Ubuntu)
High
Unassigned
snapd (Ubuntu)
High
James Henstridge

Bug Description

If I try to uninstall a snap using Ubuntu Software, it asks for an Ubuntu Single Sign-On account. It seems strange since if I use a terminal and do:
$ sudo snap remove john-the-ripper

Everything works as expected.

BTW: Ubuntu Software takes ages to find out the size of the snap package.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in software-center (Ubuntu):
status: New → Confirmed
tags: added: xenial
Salman Mohammadi (salman.m) wrote :
affects: software-center (Ubuntu) → gnome-software (Ubuntu)
summary: - Ubuntu software ask for an Ubuntu Single Sign-On account to remove a
+ Ubuntu Software asks for an Ubuntu Single Sign-On account to remove a
snap
description: updated
Changed in gnome-software (Ubuntu):
importance: Undecided → High
Nathan Haines (nhaines) on 2016-05-24
Changed in gnome-software (Ubuntu):
status: Confirmed → Invalid

This behavior is consistent with Ubuntu Software Centre. Canonical works with third-party software providers to provide payment and hosting for commericial software in the partner repository. In Ubuntu 16.04 LTS, this is being replaced by the Ubuntu App Store which powers the snap repository's backend.

While the command line tools provide access to free-of-charge snaps without issue, the Ubuntu Software store uses Ubuntu One to handle payment processing and order history (so that previous purchases can be downloaded and installed on any number of systems that you own).

So this is an implementation detail that matches the behavior of the software being replaced by Ubuntu Software.

Changed in gnome-software (Ubuntu):
status: Invalid → Confirmed
Changed in gnome-software (Ubuntu):
status: Confirmed → Triaged
Robert Ancell (robert-ancell) wrote :

Technically why this happens is gnome-software asks snapd to remove the snap. Since gnome-software is run as as user (i.e. not as root) it prompts gnome-software for authorization. The only method of getting authorization is to call 'snap login' which prompts for store credentials.

What we actually want here is the equivalent of sudo. i.e. check if the user is an administrator and prompt them for their password. This would require snapd to have a "login-local" type concept that would return authorization without checking Ubuntu One credentials.

I'll ask the Snappy team what their thoughts are on this.

Reasonable observation, but there is something that worries me.
- It means my mother-in-law will have to create one SSO account if she wants to install/uninstall a snap package.

Okay, this might be necessary sooner or later, I'm just thinking out loud.

BTW: She doesn't speak English. Are these 'account' pages available in a good set of languages?

summary: - Ubuntu Software asks for an Ubuntu Single Sign-On account to remove a
- snap
+ Ubuntu Software asks for an Ubuntu Single Sign-On account to
+ install/remove a snap

Unfortunately trying to login with Ubuntu One credentials with sudo snap login <email address hidden> returns error: cannot authenticate to snap store: Provided email/password is not correct. (see "snap login --help")

I know these credentials are correct and also reflects the same authentication failure currently present in gnome-software when trying to install a snap as well.

Changed in ubuntu-gnome:
status: New → Triaged
importance: Undecided → High
Bastian Lembke (cakewhisperer) wrote :

You also can't install snap packages with gnome software. I have a valid Ubuntu One Account but I always get a "password or username invalid" message when I try to log in (needed for installation)

But maybe that is not quit the right place here? I'm relative new to bug reporting on launchpad.

If I try to install I got the same error message: "password or username invalid".
It is clearly related to permissions.

I am able to install software from command line, for example:

    sudo snap install krita

using sudo!!!

Software Center (ubuntu-software) however does not run as root! So it is not able to log in to my Ubuntu One account, so it is not able to install snap packages.

Ulrich Grothaus (uli123) wrote :

Same here. 16.04 and 16.10. High priority bug in my eyes.

Nanuk Henrichs (prakriti) wrote :

Same thing. No good. Not good at all. Howcome commercial tgings doesn't work?

Robert Ancell (robert-ancell) wrote :

Talked with the snappy people and they said they're working on a solution to this. Once that exists we can make GNOME Software only prompt for Ubuntu One credentials when required.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in snapd (Ubuntu):
status: New → Confirmed
DO TU TOAN (dotutoan) on 2016-10-17
Changed in gnome-software (Ubuntu):
assignee: nobody → DO TU TOAN (dotutoan)
Changed in snapd (Ubuntu):
importance: Undecided → High

Same problem on Yakkety ... and Zesty.I'm registered on Ubuntu One and Launchpad but I receive the message 'password invalid' and so I'm unable to logon.

Michał Borek (embepi) wrote :

Same for me. I cannot log in, even though I have an Ubuntu One account.

nehemiah jacob (nehemiahjacob) wrote :

Any update on this bug? I guess the scope of this bug got changed. It should say Ubuntu one login doesn't work to install snaps.

Anthony (anthonyanthonydd) wrote :

I just encountered this bug while trying to install vice-jz. Having to sign in with an account feels very controlling and I hope it's only a bug.

I decided to use Synaptic Package Manager instead which worked fine.

Harald H. (haarektrans) wrote :

While this can be explained for payed applications, it should not be a requirement for installing freely available applications. If this will be a requirement from now on then I'm sure that will upset a lot of people.

Ali Isingor (isingor) wrote :

Same here. This must be high priority bug.

Dane Mutters (dmutters) wrote :

I can confirm the presence of this bug, as well as the login, itself not working ("an error occurred"). I resent my Ubuntu One password, just to make sure I wasn't typing it wrong, and the error persists.

Dane Mutters (dmutters) wrote :

*reset

It doesn't make a lot of sense from a novice perspective.

summary: - Ubuntu Software asks for an Ubuntu Single Sign-On account to
- install/remove a snap
+ Ubuntu Software always asks for an Ubuntu Single Sign-On account when
+ installing or removing a snap package
Max Kristen (kristbaum) wrote :

This really is annoying, and leads Desktop Users to believe that an Ubuntu Acc is required to use the snap format. On another note: It is also weird if people try to use Snappy Ubuntu Core, and need to have a SSO Acc to start their machines..

Here is our thinking on Ubuntu Core devices and user accounts.

Ubuntu Core is largely for devices that operate with almost no human
interaction. You install the device, it updates itself forever, life is
good.

In that case, most devices will not have many or any user accounts.
That's completely different to a laptop or developer system, or a normal
server, which has many people who might log into it on any given day.

For that reason, having the user account on Ubuntu Core be single-sign
accounts makes sense. This is exactly the trend in the world - look at
modern wifi access points, for example. You get a single management
account, usually in the cloud, and you manage all devices through that.

The net effect is much better security for these devices. In due course,
we will reduce dependency on the Ubuntu SSO (this is just the current
implementation, we envisage enabling people to have their own identity
systems). But the base idea that you don't want to be setting a separate
username and password on these devices is very well reasoned and
appropriate.

Mark

Changed in gnome-software (Ubuntu):
assignee: DO TU TOAN (dotutoan) → nobody
kg (joshorjeff) wrote :

Apologies for accidental status change, missclick!

Changed in gnome-software (Ubuntu):
status: Triaged → Confirmed
Robert Ancell (robert-ancell) wrote :

I did an attempt to resolve this by trying to get snapd to generate a Macaroon without store access. But as I understand it getting a Macaroon requires a round trip to the store.

So I think the solution to this is to either allow snapd to generate local Macaroons or use some other type of authentication token for local access.

Robert Ancell (robert-ancell) wrote :

Here's what I wrote mailing list post I linked to, it gives an example of why this feature is required:

There are a number of cases where it makes sense to be able to remove a
snap without logging in:
- You may be offline and so can't do an Ubuntu One login at this time.
- You don't have an Ubuntu One account but you want to remove something.
- The snap came pre-installed, and you want to remove it. You have no need
to log in and install more snaps (at that time).
- You are a different user to the one who installed it.

The reason gnome-software triggers the login is the following happens:
1. g-s finds the snap using GET /v2/snaps on snapd.
2. The user clicks "Remove"
3. g-s requests removal using POST /v2/snaps/[name]
4. snapd returns the error "login-required"
5. g-s prompts the user for email address / password
6. g-s asks the system D-Bus service snapd-login-service to login with the
email address / password
7. snapd-login-service checks with Polkit that the user is allowed to do
this
8. Polkit triggers a password prompt to check the user is there
9. snapd-login-service calls POST /v2/login on snapd
10. snapd returns a macaroon
11. snapd-login-service returns the macaroon to g-s
12. g-s repeats POST /v2/snaps/[name] using the macaroon

The question is - does it make sense to make a new request to snapd that
gets an authorization macaroon without logging into Ubuntu One? i.e.
something like this:
1. g-s finds the snap using GET /v2/snaps on snapd.
2. The user clicks "Remove"
3. g-s requests removal using POST /v2/snaps/[name]
4. snapd returns the error "login-required"
5. g-s asks the system D-Bus service snapd-login-service to authorize
6. snapd-login-service checks with Polkit that the user is allowed to do
this
7. Polkit triggers a password prompt to check the user is there
8. snapd-login-service calls POST /v2/authorize on snapd
9. snapd returns a macaroon
10. snapd-login-service returns the macaroon to g-s
11. g-s repeats POST /v2/snaps/[name] using the macaroon

If we do this at what point do we prompt a user to do an Ubuntu One login?
Do we have two error messages "auth-required" and "login-required"? Or is
login an optional thing that we let the user decide if they want to do it?

Gustavo Niemeyer (niemeyer) wrote :

As we discussed the last time this came up, yes, that seems fine. Handing out a token to root that provides an authorization to manipulate the system is analogous to allowing root itself to be doing removals without further store information, which we allow.

The necessary infrastructure for that is pretty much in place since we already have to maintain the local and remote macaroons separately, and the situation where the remote macaroon is missing or incorrect is already handled. If a store operation depends on a valid user, it will prompt for a full login, and once performed that will associate the remote macaroon with the existing local user instead of creating a new one.

muzzol (muzzol) wrote :

I get what sabdfl is trying to achieve, but I don't understand why this isn't just an option.
forcing people to log in on Ubuntu SSO to install or remove a package don't seem a nice policy from a desktop perspective.

My mom just encountered the dialog prompting her to sign-in to Ubuntu One when she went to install Krita from the GNOME software center. She has used Gnome software for over a year to find, install, and update software. It's a convenient way for ordinary users to do so. It is jolting for non-power users to suddenly need a separate, cloud based account to manage an application. Even as a power user I do not understand the need for this. Unfortunately it does not look like there is a way to hide applications in GNOME software center that require this, so the best option for ordinary users might be to avoid Ubuntu, and have them use debian testing + Gnome instead. It just really sucks because everything else I had setup for her until this was so easy for her and less hassle for me to support than Windows.

Jeremy Bicha (jbicha) wrote :

Adam, I believe the intention is for this bug to be fixed in snapd.

If you need a temporary workaround and don't want to see snaps, you should be able to uninstall snapd.

Zesty Zapus affect this release also.

Anthony (anthonyanthonydd) wrote :

This bug reminds me of Windows activation. This whole being controlled from some remote system thing really takes that "free" feeling out of open source. Next we'll have to fill out requisition forms and provide proof of our IP location.

Issue is still present, i installed VLC from command line and it didn't ask for username and password, but if i tried to uninstall the software thats VLC, its asking me to sign on.

James Henstridge (jamesh) wrote :

The snapd side of things has been committed. Both on master:

https://github.com/snapcore/snapd/commit/44611140566f6e6aa2a3b583e0b2970b69c8f53f

... and the release/2.28 branch:

https://github.com/snapcore/snapd/commit/69a00bc4f4e54d7e0312c253b46b97fca834b736

Together with the already released snapd-glib 1.19, this version of snapd will let you install snaps via gnome-software without an Ubuntu One account. Instead you'll get a graphical prompt for your local password, similar to when installing debs.

Changed in snapd (Ubuntu):
assignee: nobody → James Henstridge (jamesh)
status: Confirmed → Fix Committed
aaronfranke (arnfranke) wrote :

How long until this fix is pushed downstream to Ubuntu and GNOME Software? The issue is present in Ubuntu 17.10 64-bit Beta 2 Artful Aardvark.

Changed in gnome-software (Ubuntu):
status: Confirmed → Fix Released
Changed in ubuntu-gnome:
status: Triaged → Fix Released
Changed in snapd (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers