snapcraft icon indicating copy to clipboard operation
snapcraft copied to clipboard
verified publisher icon canonical

snapcraft and Snap Store validation rules mismatch for `classic` snaps

Open dmitry-lyfar opened this issue 5 months ago • 4 comments

Bug Description

It's not possible to publish a classic snap that has a daemon with a managed unix socket, something like this:

  myd:
    environment:
    command: commands/run_daemon
    daemon: notify
    restart-condition: on-failure
    sockets:
      unix:
        listen-stream: $SNAP_COMMON/myd/myd.socket
        socket-mode: 0666
    plugs:
      - network-bind

due to the difference between snapcraft (aka snap pack from snapd in this case) validation rules and the store's validation rules.

The former will respond with:

Cannot pack snap: error: cannot validate snap "workshop": invalid definition of application "workshopd": "network-bind" interface plug is required when sockets are used
Detailed information: Command '['snap', 'pack', '--check-skeleton', PosixPath('/root/prime')]' returned non-zero exit status 1.

If the plug is removed then, then the snap will be packed but the Store will complain on upload:

- confinement 'classic' not allowed with plugs/slots

See also https://github.com/canonical/snapd/blob/846d56dff4ac86e820d20ad5157f522de4df6db6/snap/validate.go#L917

To Reproduce

See the description.

Environment

  • Ubuntu 24.04 LTS

snapcraft.yaml

myd:
    environment:
    command: commands/run_daemon
    daemon: notify
    restart-condition: on-failure
    sockets:
      unix:
        listen-stream: $SNAP_COMMON/myd/myd.socket
        socket-mode: 0666
    plugs:
      - network-bind

Relevant log output

See the description.

Additional context

No response

dmitry-lyfar avatar Jul 03 '25 05:07 dmitry-lyfar

Hi, can you please raise issues against snapd and review-tools?

As you pointed out, since Snapcraft calls snap pack, there isn't much we can do in Snapcraft.

mr-cal avatar Jul 03 '25 20:07 mr-cal

Thank you for reporting your feedback to us!

The internal ticket has been created: https://warthogs.atlassian.net/browse/SNAPCRAFT-1173.

This message was autogenerated

syncronize-issues-to-jira[bot] avatar Jul 03 '25 20:07 syncronize-issues-to-jira[bot]

@mr-cal submitted here after an internal discussion: https://bugs.launchpad.net/snapd/+bug/2117121. I think it should also be tracked here as snapcraft would be a user-facing tool here that produces these errors, so the bug would mostly affect its users rather than snapd's.

dmitry-lyfar avatar Jul 17 '25 03:07 dmitry-lyfar

Thanks for submitting an upstream bug.

I agree, we'll leave this issue open here until it's resolved between snapd and review-tools.

mr-cal avatar Jul 17 '25 12:07 mr-cal