Snap app names are too permissive

The review tools already mark '/' as an error and I just committed a test to make sure that stays true going forward.

@Jamie, note that previously snapd was allowing periods, colons, underscores, spaces, etc. I'm not sure what you were testing before, but I wanted to point out that this change is larger than just the ending / . I've revamped the bug to reflect.

Kyle, sorry that I wasn't clear-- I was referring to the review tools. You added a review tools task and the review tools do not allow '/' in either than snap name or in snap app names, thus I marked that task as invalid. If snapd is allowing these, yes, please continue to fix it there.

snap fix here: https://github.com/snapcore/snapd/pull/1280

snapcraft fix here: https://github.com/ubuntu-core/snapcraft/pull/555

Status changed to 'Confirmed' because the bug affects multiple users.

This bug was fixed in the package snapcraft - 2.12+16.10

---------------
snapcraft (2.12+16.10) yakkety; urgency=medium

  [ Simon Quigley ]
  * Change apt-get to apt in HACKING.md (#564) (LP: #1591421)
  * Changed the mailing list in HACKING.md from snappy-devel to snapcraft
    (#577)
  * Add Subversion support (#567) (LP: #1543243)

  [ Joe Talbott ]
  * Include 'maintainer' and 'description' in the parser output. (#565)
    (LP: #1591199)
  * Support "```" wiki code tags in the parser. (#569) (LP: #1592133)
  * Add snapcraft-parser integration test. (#560) (LP: #1590268)
  * Make most wiki fields required. (#581) (LP: #LP: #1592133)
  * Add more info about reusable parts. (#527) (LP: #1582499)
  * Allow parts without a 'source' entry. (#599)

  [ Sergio Schvezov ]
  * New plugin: gulp (#563) (LP: #1575880)
  * Support for a hidden snapcraft.yaml (#582) (LP: #1587933)
  * Implement `snapcraft update` for parts (#588) (LP: #1594643)
  * Support updating cache without content-length (#598) (LP: #1595610)
  * Switch from local copy to the proper python package. (LP: #1590813)
  * Integrate with new remote parts (#590) (LP: #1594976)
  * Implement `snapcraft define` for parts (#594) (LP: #1594643)
  * Update the remote parts cache before demo tests (#604) (LP: #1596114)
  * Add missing build-packages for rpath test (#605) (LP: #1596114)
  * Implement snapcraft search (#608) (LP: #1596222)

  [ Bayard Randel ]
  * Ignore .eggs dir. (#572)

  [ Leo Arias ]
  * Use pexpect when testing the building of snaps (#573) (LP: #1592943)
  * Allow to run a subset of integration tests. (#576) (LP: #1593009)
  * Improve the store errors returning exceptions (#585) (LP: #1594636)
  * Add the register command (#586) (LP: #1595012)
  * Improve error reporting (#591) (LP: #1588023)
  * Fix the store update test to register a unique name (#595) (LP: #1595319)
  * Use a xenial docker container for travis executions (#597) (LP: #1532213)
  * Simplify the list plugins integration test (#607) (LP: #1596112)
  * Remove the unittests from the autopkgtest execution (#600) (LP: #1596068)

  [ Evan Dandrea ]
  * Make lxd containers ephemeral. (#578) (LP: #1577548)

  [ Daniel Holbach ]
  * it's myapps.developer.ubuntu.com (#587) (LP: #1594844)

  [ Rob Loach ]
  * Fix Snap icons for Demos (#574)

  [ Kyle Fazzari ]
  * Add qmake plugin. (#566) (LP: #1574774)
  * Don't copy libraries that are already in prime. (#580) (LP: #1570895)
  * Make app names more restrictive. (#555) (LP: #1589613)

 -- Sergio Schvezov <email address hidden> Mon, 27 Jun 2016 13:58:10 -0300

Hello Kyle, or anyone else affected,

Accepted snapcraft into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapcraft/2.12 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Tested in an up-to-date xenial:

- enabled -proposed
- update snapcraft to 2.12
- made snapcraft.yaml with valid names:
asseble, 1assemble, 1-asse-mble, 1-asse-mble1, 1-asse-159-mble1
- snapcraft <- it works
- made snapcraft.yaml with invalid names:
*(, -l, a1+, a1/
- snapcraft <- it fails with a nice error.

I'm going to mark this as verified, thanks Steve!

This bug was fixed in the package snapcraft - 2.12

---------------
snapcraft (2.12) xenial; urgency=medium

  [ Simon Quigley ]
  * Change apt-get to apt in HACKING.md (#564) (LP: #1591421)
  * Changed the mailing list in HACKING.md from snappy-devel to snapcraft
    (#577)
  * Add Subversion support (#567) (LP: #1543243)

  [ Joe Talbott ]
  * Include 'maintainer' and 'description' in the parser output. (#565)
    (LP: #1591199)
  * Support "```" wiki code tags in the parser. (#569) (LP: #1592133)
  * Add snapcraft-parser integration test. (#560) (LP: #1590268)
  * Make most wiki fields required. (#581) (LP: #LP: #1592133)
  * Add more info about reusable parts. (#527) (LP: #1582499)
  * Allow parts without a 'source' entry. (#599)

  [ Sergio Schvezov ]
  * New plugin: gulp (#563) (LP: #1575880)
  * Support for a hidden snapcraft.yaml (#582) (LP: #1587933)
  * Implement `snapcraft update` for parts (#588) (LP: #1594643)
  * Support updating cache without content-length (#598) (LP: #1595610)
  * Switch from local copy to the proper python package. (LP: #1590813)
  * Integrate with new remote parts (#590) (LP: #1594976)
  * Implement `snapcraft define` for parts (#594) (LP: #1594643)
  * Update the remote parts cache before demo tests (#604) (LP: #1596114)
  * Add missing build-packages for rpath test (#605) (LP: #1596114)
  * Implement snapcraft search (#608) (LP: #1596222)

  [ Bayard Randel ]
  * Ignore .eggs dir. (#572)

  [ Leo Arias ]
  * Use pexpect when testing the building of snaps (#573) (LP: #1592943)
  * Allow to run a subset of integration tests. (#576) (LP: #1593009)
  * Improve the store errors returning exceptions (#585) (LP: #1594636)
  * Add the register command (#586) (LP: #1595012)
  * Improve error reporting (#591) (LP: #1588023)
  * Fix the store update test to register a unique name (#595) (LP: #1595319)
  * Use a xenial docker container for travis executions (#597) (LP: #1532213)
  * Simplify the list plugins integration test (#607) (LP: #1596112)
  * Remove the unittests from the autopkgtest execution (#600) (LP: #1596068)

  [ Evan Dandrea ]
  * Make lxd containers ephemeral. (#578) (LP: #1577548)

  [ Daniel Holbach ]
  * it's myapps.developer.ubuntu.com (#587) (LP: #1594844)

  [ Rob Loach ]
  * Fix Snap icons for Demos (#574)

  [ Kyle Fazzari ]
  * Add qmake plugin. (#566) (LP: #1574774)
  * Don't copy libraries that are already in prime. (#580) (LP: #1570895)
  * Make app names more restrictive. (#555) (LP: #1589613)

 -- Sergio Schvezov <email address hidden> Mon, 27 Jun 2016 13:58:10 -0300

The verification of the Stable Release Update for snapcraft has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This is fixed in xenial and yakkety.