Apt-secure complaints with classic snap on arm


#1

I would like to discuss this bug #1670475 raised on Launchpad:
https://bugs.launchpad.net/snappy/+bug/1670475

In short this prevents apt in classic snap to verify GPG signatures and leads to the fact that you need to ignore them and install debs in insecure manner. Besides snapcraft calls apt install to install missing packages and fails without prompt to ignore signatures so that you need to manually copy-paste and launch apt install.

I can confirm this bug on my armhf board with custom zesty kernel 4.10.1:

Linux cvc2 4.10.1-cpu+ #1 SMP Tue Apr 25 11:27:22 CEST 2017 armv7l armv7l armv7l GNU/Linux

It was found by @ogra that it relates somehow to old kernels and then it was closed by @jdstrand.
But here I have a very recent 4.10.1 kernel from zesty’s repository. On raspi3 with stock image and the same core snap 1690 everything works well.

This makes think that it’s not the problem of UbuntuCore. But interesting fact:
The same 4.10.1 kernel without any rebuilds works very well with armhf UbuntuBase 16.04 on the same hardware board. It is capable to verify GPG signatures and gives absolutely no complains installing packages. I even installed snapd + core snap and snapcraft on UbuntuBase and was able to build and install some packages.

Wouldn’t it be great to find the real problem and to define kernel requirements so that it would be clear for everyone who builds kernels?