Snapd enforcing snap versions


#1

As of version v[TBD], snapd will validate version strings in snaps.

For historically reasons snapd has been very lax about validation of the version string of snaps. However, the time seems right to make it consistent with what snapcraft and the review tools check. In doing this work we found that those two had diverging opinions on what constituted a valid version, so we’ve fixed this as well.

Here’s what’s a valid version, now (via the awesome regexper):

snap version validator

In case you’re curious, that’s

^[a-zA-Z0-9](?:[a-zA-Z0-9:.+~-]{0,30}[a-zA-Z0-9+~])?$

HTH, HAND.


#2

The Snapcraft PR: https://github.com/snapcore/snapcraft/pull/1924. Note that we don’t validate the length with regex-- we use a different schema option so we can provide a more helpful error if the version is longer than 32 characters.


#3

#4

The snapd PR is now on master. It special cases the empty version already, but I think I’ll do a followup that also special cases the too-long case.


#5

Snapcraft PR has also landed, and should be available shortly in 2.39.1. Probably good for snapcraft to start rejecting these before snapd or the store.


#6

@chipaca @kyrofa Do we have versions using underline already? Given that it’s conventionally used to separate the fields in filenames, might be nice to avoid that one if there’s still time. If it’s too late, no big deal.

@chipaca Btw, wasn’t aware of regexper… very nice.


#7

Have we identified any existing snaps that violate this regexp? What happens with existing snaps that are in violation?


#8

the one in the store was (weird, and) more restrictive.


#9

Support for the underscore has already landed in both snapd and snapcraft (it’s contained in the snapcraft release we’re shipping now). We can remove it, but we’ll need to synchronize again. @jdstrand, @chipaca? Sooner probably better than later if you guys agree with this.


#10

I agree with dropping underscore, I’ll have a PR for snapd up in a mo’.


#11

Thanks @chipaca. Here’s the one for snapcraft.


#12

And here’s the one from snapd.


#13

https://github.com/snapcore/snapd/pull/4659 will likely need to be updated as well.


#14

The review-tools have not been updated yet and they never allowed underscore, so +1 on dropping it now.


#15

I proposed a merge (or maybe this other one) for it, if that helps.