How to make pre-installed snaps work with --devmode from u-d-f ?

Jamie Bennett jamie.bennett at canonical.com
Fri May 20 13:45:39 UTC 2016 

> On 20 May 2016, at 14:39, Gustavo Niemeyer <gustavo.niemeyer at canonical.com> wrote:
> 
> In principle it feels fine to allow people to build images with snaps in devmode. If one is willing to go over the trouble to create an image with the offending snap baked in, surely the prompt informing of what it means to install it in the first place was seen several times by then.
> 
> Then, it should be very easy to have a flag on ubuntu-image itself: ubuntu-image --devmode, which would also have exactly the same semantics of either prompting interactively, or forcing the user to specify --i-completely-trust=dev1,dev2,dev3. So both ways to get a snap into the image would have the same behavior and awareness of the sensitivity of such operations.

This is fine for the image builder but I like Jamie’s suggestion about informing the user, probably through a column in snap list, that the snap is installed in devmode.

Regards, 
Jamie.

> On Fri, May 20, 2016 at 10:11 AM, Jamie Strandboge <jamie at canonical.com <mailto:jamie at canonical.com>> wrote:
> On Fri, 2016-05-20 at 09:07 +0200, Zygmunt Krynicki wrote:
> > Hi
> >
> > The way images are built is being reorganized now. What this means for
> > you in practice:
> >  - you will be able to define what an image should contain in a simple
> > file (model assertion)
> >  - the new ubuntu-image tool will take that assertion and create an image
> >  - on first boot, everything will be installed by snapd
> >  - if your snap has confinement: devmode it will be installed as such
> > (I'll confirm with the rest of the team to be sure)
> >
> I'm not sure if you are talking about the image generation process only, but I
> thought for normal install the 'confinement' flag in the yaml indicates that the
> snap cannot be installed without specifying --devmode. If it is instead simply a
> way to tell 'snap install' to install in devmode without specifying --devmode,
> then we've effectively reintroduced 'unconfined' and people might install things
> thinking they are confined when they are not.
> 
> Speaking of which-- do we indicate anywhere that a snap is operating in devmode?
> I just installed hello-world with --devmode and I don't see in 'snap list' or
> 'snap interfaces' anything indicating it is in devmode.
> 
> --
> Jamie Strandboge             | http://www.canonical.com <http://www.canonical.com/>
> 
> 
> --
> Snapcraft mailing list
> Snapcraft at lists.ubuntu.com <mailto:Snapcraft at lists.ubuntu.com>
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft <https://lists.ubuntu.com/mailman/listinfo/snapcraft>
> 
> 
> 
> 
> -- 
> gustavo @ http://niemeyer.net <http://niemeyer.net/>-- 
> Snapcraft mailing list
> Snapcraft at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160520/74619143/attachment.html>

More information about the Snapcraft mailing list