Hi there,
I’m new at this — I did go through the docs and couldn’t find much that is relevant, so apologies if this is answered elsewhere conclusively.
We’re using Snap to ship a software that stores data and user’s own profile in the user’s local machine. For the time being, we don’t have it in the snap store, we’re delivering it unsigned, the user needs to install it with the --dangerous flag.
We do update our app fairly often. Whenever those upgrades happen, the user removes the app via snap remove [appname] and installs the new snap.
Unfortunately what seems to happen is whenever the user upgrades, we seem to lose the user profile. Our user profiles include a private key, so upgrading the software in Linux does came with a significant risk of losing your private keys if you don’t back them up beforehand.
Is there any way for us to actually save our config data to the user’s ~ instead of within the snap sandbox, so when the user migrates to a new version, the data is not obliterated by snap remove [appname]? In short, we want the user data to survive a version update.
I do realise installing snaps with the —dangerous flag is for developers and (far as I can see) not intended as a way to ship software to the end users. However, it does work with our app, and we would prefer to not create a dependency on Canonical’s servers if at all possible.
Is the snap remove really necessary? It should be possible to just snap install --dangerous the new snap. That way nothing is deleted from the user’s machine.
Also it should be possible to sign your app and distribute the .snap and .assert file, which would eliminate the need to do --dangerous
1 Like
I thought remove was mandatory while upgrading. Thanks for the tip!
We’re actually using snap through electron-builder, and it doesn’t appear to be able to sign snaps, at least not at the version we’re on. I’d love to be able to sign them somehow if that’s a step that you can do to an existing snap after it is built.
(The snap building process happens under Mac OS — the answers I’ve found say things like snap grabbing the user keys from Ubuntu login. That isn’t possible in this specific case.)
You can upload to the snap store with snapcraft push *.snap (which will also automatically sign the snap and store an assertion for the snap) and then after releasing the snap to a channel with snapcraft release ... it is available for download with snap download $THE_SNAP --channel=$THE_CHANNEL.
snap download will download both the .snap file and the .assert file. The .assert file is a cryptographic signing of the .snap file and some other metadata about the snap. You can install/trust the .snap file by running snap ack *.assert and then snap install *.snap.
Thank you — I’ll take a look and figure out if there’s a way to do this without having to make the snap publicly downloadable on the Snap Store.
