<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
El 02/09/16 a las 11:10, Gustavo Niemeyer escribió:<br>
<blockquote
cite="mid:CANySw1mh_HSb5cu02P02sfBP4K4SpDXewS98pAk6Djg+88eeWw@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Sep 2, 2016 at 10:35 AM, Tony
Espy <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:espy@canonical.com" target="_blank">espy@canonical.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On
09/01/2016 06:15 PM, Gustavo Niemeyer wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello all,<br>
<br>
With assertions finally being put to great use, it's
time to kill the<br>
term "sideloading". That term does a disservice to our
conversations,<br>
because it is vague and also limits the thinking
around what is possible.<br>
</blockquote>
<br>
</span>
I have a question related to "sideloading" a snap.<br>
<br>
Yesterday while testing a fix for our network-manager
snap, I refreshed my rpi2 ( running the 'experimental'
image ) which resulted in a new ubuntu-core snap, which I
discovered now enforces the assertion that a snap must be
signed in order to install, even when side-loaded. I was
told on #snappy that I could circumvent this check via the
--force-dangerous parameter, which worked for me. I was
also told that this parameter may just be shortened to
"--dangerous", and that "--devmode" may cause this to
automatically set.<br>
</blockquote>
<div><br>
</div>
<div>Indeed, we'll do those changes in the next couple of
days.</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
My question is what is the process for getting a snap
signed? Is this something that's done automatically when
a snap is published to the store?<br>
</blockquote>
<div><br>
</div>
<div>Yes, the goal is for the whole process to be mostly
transparent. When you build a snap you'll get an assertion
next to it saying that you built it. When you upload it,
the assertion is shipped to the server, the snap gets
additional server assertions backing that process. No
effort on the developer end.</div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
The snap I was testing was built by launchpad. Is it
possible to sign a snap locally ( ie. like debsign )?<br>
</blockquote>
<div><br>
</div>
<div>Yes, Launchpad is likely using snapcraft already, which
means it'll do that by default once updated. We'll need to
put a developer key there, though.</div>
</div>
</div>
</div>
</blockquote>
<br>
So I guess what Tony might get value on knowing is which assertion
needs to be available to avoid --devmode/--dangerous.<br>
<br>
<blockquote
cite="mid:CANySw1mh_HSb5cu02P02sfBP4K4SpDXewS98pAk6Djg+88eeWw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div><br>
</div>
<div>Sergio and Colin Watson should know more details here.</div>
</div>
</div>
</div>
</blockquote>
<br>
Maybe subscribe to <a class="moz-txt-link-freetext" href="https://github.com/snapcore/snapcraft/pull/726">https://github.com/snapcore/snapcraft/pull/726</a>
and <a class="moz-txt-link-freetext" href="https://bugs.launchpad.net/snapcraft/+bug/1612730">https://bugs.launchpad.net/snapcraft/+bug/1612730</a><br>
<br>
<blockquote
cite="mid:CANySw1mh_HSb5cu02P02sfBP4K4SpDXewS98pAk6Djg+88eeWw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div><br>
</div>
<div><br>
</div>
<div>gustavo @ <a moz-do-not-send="true"
href="http://niemeyer.net" target="_blank">http://niemeyer.net</a><br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>