Improving `snap prepare-image` to use local assertions

The CE team would like to build an image from a core snap that is not necessarily the current core snap in master any more. The reasons are reproducible image builds and to be able to continue with model specific validations at their own pace.

To support this case case I suggest the follow for snap prepare-image:

  • make the --extra-snaps option look for matching .assert files and use the snap-id/revision from the assertion
  • set the channel for local snaps with snap-id/revision to the global channel

A possible implementation for this is done in https://github.com/snapcore/snapd/pull/3241

With the above branch no changes to ubuntu-image are needed (except that the ubuntu-image snap needs an updated /usr/bin/snap inside). Then the following will work:

$ snap download pc-kernel
$ snap download core --beta
$ ubuntu-image canonical-amd64.model --extra-snap core_1689.snap --extra-snaps pc-kernel_60.snap -o /tmp/test-from-local.img
Copying "../core_1689.snap" (core)
Copying "../pc-kernel_60.snap" (pc-kernel)
Fetching pc
$ kvm -m 1500 -redir tcp:10022::22 /tmp/test-from-local.img 
# add user
$ ssh kvm.snappy snap list
Name       Version      Rev   Developer  Notes
core       16-2         1689  canonical  -
pc         16.04-0.8    9     canonical  -
pc-kernel  4.4.0-71.92  60    canonical  -
$ ssh kvm.snappy sudo snap refresh
[-] Setup snap "core" (1577) security profiles
# reboot
$ ssh kvm.snappy snap changes
ID   Status  Spawn                 Ready                 Summary
1    Done    2017-04-26T14:39:44Z  2017-04-26T14:39:47Z  Initialize system state
2    Done    2017-04-26T14:39:46Z  2017-04-26T14:39:48Z  Initialize device
3    Done    2017-04-26T14:40:07Z  2017-04-26T14:41:24Z  Refresh snap "core"

I.e. the generated image will initially contain a core that is the “wrong” revision (from beta instead of stable) and the subsequent refresh (or auto-refresh) will move the snap to the stable channel.

Note that the “contact” information for snaps installed via this local method will be available because this information is only available from the store and not backed by any assertion.

1 Like