Currently snapcraft runs itself as root to do everything inside a LXD container. The same is true for Launchpad. This is usually fine, however
- Due to a bug in pacote the npm plugin breaks when built as root.
- JHBuild discourages building as root (the plugin hasn’t been merged yet).
More generally speaking
- Snaps built on developer machines tend be built as a user because otherwise file ownership would get messed up
- Build tools may not be designed to run as root
- Launchpad is moving towards building snaps as a user
On the flip side, specific use cases may require root
- os and kernel snaps usually need root to be snapped
In consequence, I’m proposing that
- containers use a regular user
- snapcraft mirror the user’s intention, if it’s invoked as root it can do the same in the container to allow enforcing privileges
- snapcraft elevate privileges if needed if
type: osand step is stage
- documentation of plugins be improved to point out build requirements