Auth token expiration date

Hi, we are building our snaps and images on our CI and it’s really inconvenient that they expire quickly all the time. Causes the builds to fail with this error.

error: user credentials need to be refreshed but update in place only supported in snapd

Any way to get longer living auth tokens?

Are you referring to the auth tokens needed to build an image that pulls snaps from a “secure” store? @pedronis may know.

Yes. I think the same happens for usual snapcraft authentication as well though.

for snapcraft and CI nowadays there’s snapcraft export-login which takes an --expires, I don’t remember if there’s a maximum for it though. The output of that can be used with ubuntu-image as well.

There is nothing equivalent for snapd itself though.

Was export-login not added to cli help?

$ snapcraft --help | grep -i export

$ apt policy snapcraft
Installed: 2.35

you probably need the snapcraft from the snap.

But now noticed that I misread the user problem, it’s about soft-expiration, that is something we don’t have a good solution for atm for snapd stuff. I dont’ know about snapcraft.

No, it’s not about snapd. This is what ubuntu-image prints to logs.

behind the scene it’s using a bit of snap/snapd.

the issue relates to to this backlog topic: Improvements in snap download

indeed it’s probably hard to address it before independently

What is the exact timeout for the tokens right now?

soft-expiration is 5 weeks I think.