Snapcraft

Latest version: v4.8.1

Safety actively analyzes 682387 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 6

4.8

Special thanks to the contributors that made this release happen: cjp256 and sergiocazzolato

Stories

Remove experimental flag from package repositories

This feature is finally stable and is documented at https://snapcraft.io/docs/package-repositories.

- [PR 3520](https://github.com/snapcore/snapcraft/pull/3520)

Bug fixes

apt cache: improve error handling when packages do not have candidates available
- [LP: 1853682](https://bugs.launchpad.net/snapcraft/+bug/1853682)
- [PR 3528](https://github.com/snapcore/snapcraft/pull/3528)

project: validate snapcraft yaml before using it
- [LP: 1853682](https://bugs.launchpad.net/snapcraft/+bug/1853682)
- [PR: 3526](https://github.com/snapcore/snapcraft/pull/3526)

ua manager: install ubuntu-advantage-tools as needed
- [PR: 3524](https://github.com/snapcore/snapcraft/pull/3524)

build providers: set hostname for lxd
- [PR: 3521](https://github.com/snapcore/snapcraft/pull/3521)

dotnet plugin: use https for release metadata url
- [PR: 3525](https://github.com/snapcore/snapcraft/pull/3525)

4.7

Special thanks to the contributors that made this release happen: Saviq, abitrolly, cjp256, jhenstridge and sergiusens

Validation Sets

Validation Sets is a new feature to manage _validations_, improving the experience over the existing
`gated` and `validate` commands.

Two new commands are introduced:

- list-validation-sets
- edit-validation-sets

Find out more about it's use on https://snapcraft.io/docs/validation-sets

UA Token

A new flag when building snaps is available, --ua-token, which is significant due to the upcoming even
of Ubuntu 16.04 LTS entering ESM (Extended Security Maintenance) as outlined in this blog post
https://snapcraft.io/blog/how-does-ubuntu-16-04-entering-extended-security-maintenance-esm-affect-snap-publishers

The technicalities are detailed on https://github.com/snapcore/snapcraft/blob/master/specifications/ua-token.org

Users of Github Actions will be glad to know that this is one keyword away as described on
https://github.com/snapcore/action-build#ua-token

Conda plugin

When using core20, the recently introduced conda plugin now supports more architectures,
those new ones being:

- i386 (x86)
- armhf (armv7l)
- ppc64el (ppc64le)

Extension Improvements

Better font handling by integrating a new snapd feature to not expose the host font cache to the snap
when using the desktop related extensions.

General cleanup into the _launcher_ script which ensures a proper environment has been setup is
also part of this release.

Store whoami

The `snapcraft whoami` command has fully migrated to the store `whoami` endpoint, enabling
logged in users, either with the existing flow or the experimental one, to query for their identity.

Stage Snaps

The `stage-snaps` keyword now allows specifying channel branches. This solves a long standing
request!

Full list of changes

- cli: introduce edit-validation-sets sergiusens (3512)
- cli: introduce list-validation-sets sergiusens (3510)
- extensions: don't expose host system fontconfig cache jhenstridge (3509)
- storeapi: add binding for validations-sets sergiusens (3508)
- storeapi: add classes for validation sets sergiusens (3507)
- extensions/desktop: use fonts from $XDG_DATA_DIRS, and remove unnecessary includes jhenstridge (3504)
- cli, repo: add support for UA tokens cjp256 (3488)
- snaps: don't validate snaps before `SnapPackage.download()` Saviq (3505)
- deb: do not filter python3 packages on core20 cjp256 (3503)
- Update Docker image instructions abitrolly (3499)
- conda v2 plugin: support for more architectures sergiusens (3495)
- snaps: do not validate snaps before install/refresh (Fixes LP1901733) Saviq (3502)
- docker: Need to repeat ARG in every section abitrolly (3500)
- store: use whoami dashboard endpoint for cli sergiusens (3501)

4.6.3

Special thanks to the contributors that made this release happen: cjp256

Full list of changes

- elf: add fallback methods to detect library dependencies cjp256 (3514)

4.6.2

Special thanks to the contributors that made this release happen: cjp256 and sergiusens

Full list of changes

- repo: fix regression in fix_symlink() cjp256 (3497)
- storeapi: set content-type and accept headers for close sergiusens (3498)

4.6.1

Special thanks to the contributors that made this release happen: MarcusTomlinson, MrCarroll, abitrolly, cjp256 and sergiusens

Full list of changes

- cli: rename experimental login environment variable sergiusens (3493)
- spread: run cross compile tests on amd64 only sergiusens (3491)
- docker: parametrize risk and OS for image builds (core18 etc) abitrolly (2673)
- repo: account for arch & version when filtering stage packages cjp256 (3461)
- errors: introduce details_from_called_process_error() helper cjp256 (3489)
- extensions: suppress realpath noise on headless systems MrCarroll (3446)
- Use has-signed-canonical-cla GitHub Action MarcusTomlinson (3479)

4.6

Special thanks to the contributors that made this release happen: MarcusTomlinson, cjp256, cmatsuoka, mvo5, sergiusens and ycheng

This is a feature packed release, from new extensions, core20 supported extensions and plugins, and a new login mechanism.

<a id="orgdad2c93"></a>

Support for candid

A new option, `--experimental-login` can now be used when using
`snapcraft login` or `snapcraft export-login` and when signing assertions.

Using this option will trigger a web based authentication flow. To go
back to the previous login method you must first `snapcraft logout`.


<a id="orgef9c987"></a>

Conda plugin

The conda plugin has been ported to core20. These are the available
plugin options:

- conda-packages
(list of strings, default [])
List of conda packages to install.
- conda-python-version
string
Python version major and minor version (e.g. 3.8).
- conda-miniconda-version
string, default latest
The version of miniconda to initialize.


<a id="orgf1dba5b"></a>

Package Repositories

The road to making this feature stable is closer, a breaking change
lands with 4.6 for this experimental feature. Keys are now using the
suffix and not prefix of the key id.


<a id="orgf9adb32"></a>

Metadata

Snapcraft is now aware of the existence of `kernel.yaml` for snaps of
type `kernel`.

The `install-mode` option for applications is now supported with this release.


<a id="org322ab2f"></a>

Extensions


<a id="org3c4d9ee"></a>

Page 1 of 6

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.