I know this is an evil hack, but isn’t that on which The Internet is built…
So if you need a stable system that has the SSL environment extended, here’s a systemd generator that dynamically bindmounts /etc/ssl (and any other paths you’d like, for good measure):
#!/bin/bash
OUTPUT_DIR="$1"
UNITFILES="$( ls /etc/systemd/system/snap-core{,18}-*.mount )"
BINDS="/etc/ssl /etc/environment" # add more paths as needed
for BIND in ${BINDS}; do
for UNITFILE in ${UNITFILES}; do
if [[ $UNITFILE =~ snap-([-a-z0-9]+)-([0-9]+).mount$ ]]; then
UNIT="${BASH_REMATCH[0]}"
SNAP="${BASH_REMATCH[1]}"
REVISION="${BASH_REMATCH[2]}"
else
echo "Could not parse $UNIT…" 2>&1
exit 1
fi
BINDUNIT="snap-${SNAP}-${REVISION}${BIND//\//-}.service"
BINDTARGET="/snap/${SNAP}/${REVISION}${BIND}"
WANTSPATH="${OUTPUT_DIR}/${UNIT}.wants"
# Couldn't get heredoc to work here…
echo "# Automatically generated by $( basename $0 )
[Unit]
Description=${BIND} bindmount for ${SNAP}-${REVISION}
After=${UNIT}
Requires=${UNIT}
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/mount --bind ${BIND} ${BINDTARGET}
ExecStop=/bin/umount ${BINDTARGET}" > ${OUTPUT_DIR}/${BINDUNIT}
mkdir -p "${WANTSPATH}"
ln -s "../${BINDUNIT}" "${WANTSPATH}"
done
done
I couldn’t get it to work well with mount units, because those don’t support files being the targets of a mount. I’ll leave it as an exercise to the reader to make this work for paths that don’t exist on the target (NB: you need to (d’uh, it’s a snap, you can’t…).touch the target if bindmounting a single file).