Review for private snaps

I see the need for a review if one wants to upload a snap with classic confinement to the public store or make a snap public. But if a snap is registered as private, is this review really required? I mean, it is for my devices only.

Yes this is still required - once classic confinement is granted there is nothing stopping a publisher from making their snap public and then encouraging users to install it - at which point they have ownership over those users devices as well.

Thank you for your answer. I’m quite new to this. I personally would think that the process of publishing is done when making something publicly available. Since private snaps can literally only be installed by that very account (correct me, if I’m wrong) I personally don’t see a need for check at this point. But I wasn’t aware that one can change the visibility that easy.

Anyway, is there any possible way of having my own private space where I don’t bother others? Right now, e.g., the reason for classic confinement is that I’m too stupid to figure out, how to auto-connect a serial port with hot-plugging without any manual intervention.

Brand stores offer a private space but these are designed for large ISVs etc.

Regarding the issue you describe - auto-connect of a serial port with hot-plug - this can be achieved by requesting a snap store declaration right here in the forum that allows so-called greedy plugs - see Auto-connection request for `arduino-mhall` serial-port for a good historical discussion from another snap publisher requesting this exact same access.

So all you need to do is update this forum post to instead request a greedy plugs declaration for serial-port for your snap and provide some details as to why this is required for your snap. Also I think so far you have not mentioned what the snap is either - that is also required ;). Thanks.

Yes, I just read it and realized, that I’m unable to fix the problem.

The snap I’m talking about is not uploaded. It is a C++ application that I built for a company, that takes commands from the internet and forwards them over serial port to some other hardware.

I used to build a deb file which I would provide them. However, this is going to scale up to 1k remote IoT devices withing the next year and people recommended me to use some IoT os rather than ubuntu server. Since I’m with Ubuntu since dapper drake, I went for Ubuntu core. It seems to do what I want: it is minimal, seems secure and does automatic (security-) updates.

The things is, the snap would never be public, because it wouldn’t be useful for anyone without the corresponding hardware and communication interface. I’m also not a large ISV… ^^

I understand - can you explain why you think the snap will not work under strict confinement with serial-port enabled for auto-connect with greedy hotplug? Also if you are targeting Ubuntu Core, then you can achieve the same thing as a snap store declaration through the device’s gadget snap - but then you need to use a custom gadget snap. In this case it might make more sense for a store declaration to be granted. Let me know.

No, I actually think strict confinement with greedy hotplug would work very well… And I appreciate your support here. I will likely get back to you.

But the thing is, I feel that I shouldn’t need to bother you with tha since there is literally zero contribution to the community… It would be actually kind of nice to be able to tinker with these features and only start a review when something will be made publicly available. Can I actually test locally if greedy hotplug would work?

I also read about the gadget snaps, but this seems really complicated and overkill for something as simple as gaining access to a serial port.

Unfortunately I don’t think it is possible to test something like greedy hotplug without an assertion being declared in the store - but perhaps @roadmr or @pedronis may know.