Install snaps that are not hosted od snapstore

Hello all i am currently working as part of the team that is developing an app for the government. I am assigned with packaging and distribution of the app. I am currently looking into different packaging solutions for Linux. I am very interested in snaps as it is a great technology and i would love to use it for our product. The problem is that the government requirements states that the installation of the app must be hosted on theris servers (They have a webpage dedicated to this software) So my question is:

Can i distribute snaps without hosting them on snapstore?

Or if i publis my app on snapstore can i distribute it afterwards by hosting it independently on the official government website?

To function properly with all sand-boxing and automatic security updates your app needs to be signed by the store GPG key, which only happens during store upload …

While you can just offer an unsigned, locally built snap and advise your users to use the --dangerous switch at install time, this app will never get updated, so you can not roll out any fixes without them manually installing it again …

One thing you could do is to upload it to the store to get the GPG signature and then use snap download which will download the .snap and the .assert (GPG signature) file … then offer these two files for download on the web page and advise your users to first call snap ack against the .assert file.

after this snap install <yoursnap>.snap will work without --dangerous and all further updates will come from the store.

Thank you so much for your answer! Your solution really clarified it for me. I think i will use your suggestion and upload it to the store, than download it and publish it on the official website.

1 Like