Snapcraft builds are always auto rejected

[RobbieTheWagner]

Preflight Checklist

• I have read the contribution documentation for this project.
• I agree to follow the code of conduct that this project follows, as appropriate.
• I have searched the issue tracker for a bug that matches the one I want to file, without success.

Issue Details

• Electron Forge Version:
  • 6.0.0-beta.51
• Electron Version:
  • 8.2.3
• Operating System:
  • Ubuntu 18.04 x64
• Last Known Working Electron Forge version::
  • N/A

Expected Behavior

The created snapcraft files should be able to be uploaded and pass review.

Actual Behavior

The snap builds always fail the automatic review and are rejected with this:

checksums do not match. Please ensure the snap is created with either 'snapcraft pack <DIR>' (using snapcraft >= 2.38) or 'mksquashfs <dir> <snap> -noappend -comp xz -all-root -no-xattrs -no-fragments'. 
If using electron-builder, please upgrade to latest stable (>= 20.14.7). See https://forum.snapcraft.io/t/automated-reviews-and-snapcraft-2-38/4982/17 for details. 
security-snap-v2_squashfs_repack_checksum What does this mean?
found errors in file output: unusual mode 'rwsr-xr-x' for entry './swach/chrome-sandbox' security-snap-v2_squashfs_files
human review required due to 'deny-connection' constraint (interface attributes). If using a chromium webview, you can disable the internal sandbox (eg, use --no-sandbox) and remove the 'allow-sandbox' attribute instead. 
For QtWebEngine webviews, export QTWEBENGINE_DISABLE_SANDBOX=1 to disable its internal sandbox. 
declaration-snap-v2_plugs_connection (browser-sandbox, browser-support)

To Reproduce

Additional Information

I have read in a bunch of places to use --no-sandbox which I am doing with this:

if (process.platform === 'linux') {
  app.commandLine.appendSwitch('--no-sandbox');
}

I have also tried setting browserSandbox: false in the forge config. My current config:

    {
      name: '@electron-forge/maker-snap',
      platforms: ['linux'],
      config: {
        confinement: 'strict',
        description: 'A robust color management tool for the modern age.',
        features: {
          audio: true,
          browserSandbox: false,
          webgl: true
        },
        grade: 'stable',
        name: 'swach',
        summary: 'A robust color management tool for the modern age.'
      }
    },

Is there a way to get this to work?

[malept]

Closing in favor of electron-userland/electron-installer-snap#74

[RobbieTheWagner]

@malept wherever the issue should live, the problem exists in both places and will have to be documented. Do you have any feedback here on how to fix this?

[malept]

wherever the issue should live, the problem exists in both places and will have to be documented.

It's still a duplicate issue and it's linked so I don't see a problem with marking this as duplicate and closing it.

Do you have any feedback here on how to fix this?

I would need to make some time to investigate this, although I maintain this in my very limited free time, so I don't know when that will be.

For the record, the reasons for enabling browser sandbox for Electron >= 5.0.0 is documented here: electron-userland/electron-installer-snap#22

[RobbieTheWagner]

@malept I see in that PR you linked part of the changes added a console.warn saying 'The browser-sandbox feature will trigger a manual review in the Snap store.'. So does that mean there is no possible way to build an electron app that can pass auto review and it will always be rejected and require manual review?

I see that the PR says this was implemented to support electron/electron#17269, but is sandbox required for Electron apps to run at all on Linux? I am still confused why this is the default with no options to disable it.

[VerteDinde]

Reopening this to review/make some snap improvements

[RobbieTheWagner]

@VerteDinde I'm using https://github.com/davidwinter/electron-forge-maker-snap to get snap to work, since the base lib didn't support it

[VerteDinde]

This was fixed upstream in electron-installer-snap, closing this as Fixed.