How do assertions work?


I was doing some digging through Snap, and I found snap assertions. What are they for, and how do they work?

Example assertion:

Are assertions mainly for security, and do they have an override switch or not?

Please have a look at the official documentation at which explains already what assertions are, how they are structured, what types of assertions exists, etc.

Is it possible to manually generate an assertion for a snap? I can’t quite figure it out from the document.

Like, right after it finishes downloading a snap, it downloads an assertion. Where is that assertion generated?

this specific one … in the store

there are others though, like the model assertion when building an Ubuntu Core image, or the system-user assertion for having a system user created on an Ubuntu Core image, that you (or the image manufacturer) create and sign yourself with your snapcraft key

Is it possible to manually generate an assertion like this, or not?

i dont think it is, since you would need the store key for it to be valid … (ICBW though … some store person would have to chime in here)

A snap-build or snap-revision assertion is signed by the authority which gives you access to the snap, so the store. For others like the system-user assertion it’s signed by the brand. Check the documentation for a few examples. describes how to generate a model assertion and what you need to do to generate a system-user assertion. That will give you basic idea of how assertions are generated. The store does the same but with its own private key.


I am looking at the old open-source snap store implementation, and have managed to get it to mostly work except Snaps won’t install, because they don’t have a valid assertion.

I’m trying to figure that out. How do I generate a valid assertion for that? Does Snap require a specific signing authority?

snap-build is to be signed by the snap developer but yes, snap-declaration and snap-revision are signed by the store

yes, currently that is the case, because of the reasonings around curation and single global namespace as extensively treated in External repositories