snap-declaration assertion

The snap-declaration assertion defines some of the properties of the snap, such as the snap-id, the official name, the publisher, and so on. This assertion is downloaded along the snap when installing a snap from a store and has information on actions to take when performing the installation.

The format is as follows:

type:               snap-declaration
authority-id:       <authority account id>
revision:           <int>
series:             <series this assertion was created for>
snap-id:            <string>
snap-name:          <string>
publisher-id:       <the owner of this snap-id space>
timestamp:          <UTC datetime>
refresh-control:    <list of snap-ids that have gated updates>
  - [snap-id1]
  - [snap-id2]
  - ...
auto-aliases:       <optional list of aliases that are automatically enabled>
  - [alias1]
  - ...
plugs:              <map from [interface] to plug side rules>
  [interface]:      <optional plug side rules for [interface]>
    allow-installation:     <true|false>
    deny-installation:      <true|false>
    allow-connection:       <true|false>
    deny-connection:        <true|false>
    allow-auto-connection:  <true|false>
    deny-auto-connection:   <true|false>
slots:              <map from [interface] to slot side rules>
  [interface]:      <optional slot side rules for [interface]>
  ...               <similar options as rule entries for plugs>
sign-key-sha3-384: <key id> # Encoded key id of signing key

<signature>                 # Encoded signature

The index is the tuple <series, snap-id>. snap-id is a key with the same format as the account ids.

This assertion gives control on several aspects of the snap behaviour to the the authority:

  • refresh-control gives a list of snaps that are gated when the one specified by snap-id is installed, so they are not automatically refreshed until they are "validated". Validation is performed by using validation asserts, which specify the revision of the gated snap that should be installed if the gating snap has been installed.

  • auto-aliases gives a list of the aliases that we want to automatically enable when installing the snap. Aliases provide short names for applications contained in the snap, so we do not need to use the full command name .. They are defined inside snap.yaml, but they are not activated by default unless included in the auto-aliases list. Having this inside a signed assertion lets snapd create the aliases only if curated by a trusted authority.

  • plugs and slots define flags per interface. This lets define restrictions on how the snap plugs/slots used by the snap are handled. For instance, we can allow or deny connections with allow-connection and deny-connection. With allow-auto-connection or deny-auto-connection we let snapd know if it should automatically connect plugs/slots on snap installation.

snap-declaration assertions for installed snaps can be seen by issuing snap known snap-declaration.

As an example, for the modem-manager snap from the Ubuntu store we have:

type: snap-declaration
format: 1
authority-id: canonical
revision: 9
series: 16
snap-id: KtwxgRlwCAVKFw92BUdt1WloH1Va3QPo
    allow-auto-connection: true
publisher-id: canonical
    allow-connection: true
snap-name: modem-manager
timestamp: 2016-10-25T15:35:43.646671Z
sign-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul