The store is refusing downloads from your snapd because one of its macaroons has expired. We’ll need to check some more details about your system to work out exactly what’s gone wrong.
Is this a standard Ubuntu desktop/laptop or a little-used VM? What’s the mtime on ~/.snap/auth.json, and does /var/lib/snapd/state.json have a [‘data’][‘auth’][‘device’] key next to [‘data’][‘auth’][‘users’]?
If you want to update immediately you should be able to just “snap logout” and “snap login” again, but it’d be great if you could wait a bit so we can inspect your system first.
It seems you are hitting the user macaroons auth hard expiration limit (1 year). There is no auto-refresh in this case and the user should re-login. We should check/improve the error you get when trying a download, though (since it is not really a 404).
OTOH, there were some discussions in the past about extending this limit, maybe this is a good time to revisit it.
We discussed this a bit, and in order to avoid a flurry of arbitrarily expired macaroons with no friendly error message, we’ll extend macaroon lifetime by a few weeks. This will allow us to then work on returning a proper error code (a 401, which I assume snapd will surface to the client as a “you need to login again” message), as that’s the correct behavior in the face of an expired macaroon and will happen eventually again.
However, we probably need to think again about whether we want macaroons to expire, as they do now. In order not to pollute this topic (which is a very clear problem report, the mitigation for which I’ve outlined above), I’ll start a new topic with that.
probably a bit more explanatory like: “your authentication token has expired…” else we trigger support questions … “why do i have to log in again, is something wong ?”
It seems pretty unreasonable to have the download of snaps that do not require authentication in the first place failing because the macaroon has expired. Is there a valid reason to do that, and otherwise can we change the logic so it doesn’t fail at all in those cases?
I made the same argument, and logic is being changed afaiu.
The store-side use/meaning of the result of snap login has grown a bit too organically, we need to review it a bit at some point, also because we never implemented so far “store activation” as a concept which would cover/intersect with some of these issue.