Auth token expiration date


#1

Hi, we are building our snaps and images on our CI and it’s really inconvenient that they expire quickly all the time. Causes the builds to fail with this error.

error: user credentials need to be refreshed but update in place only supported in snapd

Any way to get longer living auth tokens?


#2

Are you referring to the auth tokens needed to build an image that pulls snaps from a “secure” store? @pedronis may know.


#3

Yes. I think the same happens for usual snapcraft authentication as well though.


#4

for snapcraft and CI nowadays there’s snapcraft export-login which takes an --expires, I don’t remember if there’s a maximum for it though. The output of that can be used with ubuntu-image as well.

There is nothing equivalent for snapd itself though.


#5

Was export-login not added to cli help?

$ snapcraft --help | grep -i export

$ apt policy snapcraft
snapcraft:
Installed: 2.35


#6

you probably need the snapcraft from the snap.

But now noticed that I misread the user problem, it’s about soft-expiration, that is something we don’t have a good solution for atm for snapd stuff. I dont’ know about snapcraft.


#7

No, it’s not about snapd. This is what ubuntu-image prints to logs.


#8

behind the scene it’s using a bit of snap/snapd.


#9

the issue relates to to this backlog topic: Improvements in snap download

indeed it’s probably hard to address it before independently


#10

What is the exact timeout for the tokens right now?


#11

soft-expiration is 5 weeks I think.