← Back to issue list

The 'url' of 'package-repositories' can't handle PPA token from the environment variable

View original Launchpad issue

Metadata

Project
snapcraft
Number
#2007480
Type
issue
State
open
Author
~laiderlai
Labels
Created
2023-02-16 05:10:32.913180+00:00
Updated
2023-02-16 05:10:32.913180+00:00
Closed

Current evaluation

snapcraft fails to expand environment variables in package-repositories URLs, writing literal placeholders to apt sources. The request to support env var expansion for secure token injection remains open, unassigned, and inactive with no comments.

Suggested action: needs triage

Reason: The issue has been inactive for over 3 years with zero maintainer interaction or labels, indicating high staleness (95). It presents a clear feature request/bug rather than a support question (support_request: 10) with low implementation complexity (complexity: 25). Since it remains completely unassessed and inactivity alone is insufficient for closure per guidelines, it requires maintainer triage to verify current relevance and determine if the functionality is already supported or should be prioritized.

Staleness: 95 Complexity: 25 Confidence: 80 Support Request: 10

Issue body

snapcraft version: 7.2.9, rev 8619 snapcraft.yaml content: package-repositories: - type: apt architectures: [arm64] components: [main] suites: [jammy] key-id: <PPA ID> url: https://${PPA_ACCESS_TOKEN}@private-ppa.launchpadcontent.net/<team>/<project>/ubuntu Build command: sudo env PPA_ACCESS_TOKEN="<account>:<token>" SNAPCRAFT_BUILD_ENVIRONMENT="host" snapcraft Problem: Since the PPA token is sensitive information for account permission. In general, we will not put the token content into snapcraft.yaml directly and use an environment parameter to provide the token content. We found the 'url' of 'package-repositories' can't handle token from the environment variable. The snapcraft create /etc/apt/sources.list.d/snapcraft-https_PPA_ACCESS_TOKEN_private_ppa_launchpadcontent..._ubuntu.sources directly with "URIs: https://${PPA_ACCESS_TOKEN}@private-ppa.launchpadcontent.net/<team>/<project>/ubuntu" Is this expected behavior? If yes, could the team make snapcraft support to transfer url with the environment parameter? The reason is we should not put PPA token information from somebody's account and upload it to a public place.

Evaluation history

Date Model Scores Action Summary
2026-06-19 07:33:03.548789+00:00 qwen3.6-35b-a3b-mtp-q6
Staleness: 95
Complexity: 25
Confidence: 80
Support Request: 10
needs triage snapcraft fails to expand environment variables in package-repositories URLs, writing literal placeholders to apt sources. The request to support env var expansion for secure token injection remains open, unassigned, and inactive with no comments.
2026-06-19 07:30:37.017984+00:00 pending