Closing the loop on this one: this is done by running the exact snapcraft validate command that was used to issue the validation assertion, but with an added --revoke flag.
For example:
# Issue a new validation assertion
$ snapcraft validate gating-snap gated-snap=123 --key-name key
# Revoke the validation assertion
$ snapcraft validate --revoke gating-snap gated-snap=123 --key-name key
Important note that’s insufficiently highlighted in the documentation in my opinion: in absence of a validation assertion, a gated snap will not refresh! You’re in this edge case if:
- You haven’t issued a validation assertion for gated-snap yet
- You have revoked all validation assertions for gated-snap
This bit me hard, because I was under the assumption that in the 2 cases above gated-snap would refresh to the latest available revision. I’m moving on to investigating if validation sets (a different type of assertion) are a better fit for my use-case: Validation sets
Sources:
- Confirmed by Canonical support
- Tested by me
- Also mentioned here: https://discourse.ubuntu.com/t/refresh-control/19726/4