Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
'sign-build' implementation. #831
Conversation
cprov
referenced this pull request
Sep 26, 2016
Closed
WIP: snap-build generation and pushing support #795
sergiusens
reviewed
Sep 26, 2016
Looks generally good, just two questions aside from the one inline:
- Do you know when is snapd 2.15 landing? Or what is your ETA for this?
- Is there a way out after uploading the first build asserted snap?
| + if os.path.isfile(snap_build_path): | ||
| + if local: | ||
| + raise RuntimeError( | ||
| + 'A signed build assertion already exists in {}.'.format( |
|
For your convenience:
|
|
the integration tests are also failing |
|
@sergiusens, thanks for the review. I will get a find out a realistic ETA for snapd 2.15 (EOW probably, still in -proposed). The loose/silly error message was removed and I will figure out a proper way to cleanup '-build' every time a blob is snap-ed ( |
|
@sergiusens, the given ETA for snapd 2.15 is EOW (30th), so I guess it's not wise to land this PR until then, when we can get proper integrations tests passing. Regarding your question about a "way out after uploading the first build assertion", the primary-key for a snap-build is the SHA3-384 digest of the snap, i.e. when rebuilt in any shape or form the new snap will not be tied to the previous snap-build anymore. Does it address your concerns ? |
|
@cprov Oh, as of way out I meant if I push a snap with a build assertion, would the next snap I push require an assertion as well? If so, are the possible push errors sorted? |
|
@sergiusens snap-build is orthogonal to pushing uploads, they are completely separated actions. You can push snap-builds to snap revisions already published as well as just before uploading them. Same goes for 'release' while Store and snapd don't enforce matching snap-build assertions. We will start requiring snap-build for releasing snaps to stables channel, then 'push --release' and 'release' commands will be extended to deal with a 'needs-signature' error scenario returned from the store, which will probably trigger an inline 'sign-build' action then re-submit. Does it sound plausible ? |
|
El 27/09/16 a las 13:59, Celso Providelo escribió:
This makes perfect sense. I just needed to know someone was thinking |
|
ok to test |
| + except KeyError: | ||
| + raise RuntimeError( | ||
| + ('Your account lacks information to sign build assertions ' | ||
| + 'for this snap.')) |
cprov commentedSep 26, 2016
•
Edited 1 time
-
cprov
Sep 27, 2016
Supporting snap-build assertion generation and pushing to the Store.
Implements
snapcraft sign-build <snap>as a discreet command for generating, signing and optionally pushing snap-build assertions to the store.Next stage, when snap-build start to be required/checked on Store and snapd side, we will extend push & release commands to take this in consideration as well.
Supersedes #795 since Caio on leave this week.
https://bugs.launchpad.net/snapcraft/+bug/1628679