Let's kill "sideloading"
Tony Espy
espy at canonical.com
Fri Sep 2 13:35:39 UTC 2016
On 09/01/2016 06:15 PM, Gustavo Niemeyer wrote:
> Hello all,
>
> With assertions finally being put to great use, it's time to kill the
> term "sideloading". That term does a disservice to our conversations,
> because it is vague and also limits the thinking around what is possible.
I have a question related to "sideloading" a snap.
Yesterday while testing a fix for our network-manager snap, I refreshed
my rpi2 ( running the 'experimental' image ) which resulted in a new
ubuntu-core snap, which I discovered now enforces the assertion that a
snap must be signed in order to install, even when side-loaded. I was
told on #snappy that I could circumvent this check via the
--force-dangerous parameter, which worked for me. I was also told that
this parameter may just be shortened to "--dangerous", and that
"--devmode" may cause this to automatically set.
My question is what is the process for getting a snap signed? Is this
something that's done automatically when a snap is published to the store?
The snap I was testing was built by launchpad. Is it possible to sign a
snap locally ( ie. like debsign )?
Regards,
/tony
More information about the Snapcraft
mailing list