We have some snap packages which due to property rights, very tight restrictions are applied on them in terms of distribution, such that we are not allowed to upload into 3rd-party repositories, including Snap Store (even with a private snap package, because essentially Canonical is not a partner of the project but would have access to the package). On the other hand, as far as I searched on the Internet, there is no way to sign and verify a package without publishing it to the Snap Store, nor a local private Snap Store functionality. Then we are forced to use --devmode
option which does not apply the expected snap sandboxing, degrading what we planned to achieve from producing the snap packages in the first place.
The question is that could we manually and locally do the signing, with or without an account, with or without an Internet connection, and then share this source of trust with our own hosted machines (for testing) and target customers (for distribution) so that no developer mode flag would be required and we could have the full features of snap packaging, isolation, and sandboxing all together? This means for this certain set of snaps, we prefer a distribution mechanism that short-circuits the Canonical Snap Store. I believe then for those snaps there would be no automatic refresh, which in our scenarios is acceptable until someday Canonical decides to open source the Store or provide means by which we could have fully private internal Store mechanisms.