I now want to create an Ubuntu Core image by working through this proxy. When I try to do a ‘snapcraft login’, the connection always goes over the original URL, not the proxy URL. I want to remove any direct connections to the store from the workflow and do everything via the proxy because I am in a company network with ssl man in the middle interception. Does anybody know if snapcraft can work with the ‘snap-store-proxy’? If so, how do I have to configure it so it uses the proxy url?
Do you want to create a ubuntu core image as base for a server? I never did that but I do not think snap/snapcraft helps with that.
Or you trying to host a proprietary snap? I might be mistaken but I think the store proxy does not provide the means to only locally store a snap. I think the intended workflow is to add your snap to the store and one can proxy that. In this case https://gitlab.com/lol-snap/lol might be more suited to your needs.
The setup to run your own in-house store via the air-gapped proxy with the ability to self-sign in-house built snaps comes as part of the SmartStart product.
If you already have a commercial engagement, please talk to your field engineer she/he should be able to help with your issue …
If you do not yet, feel free to PM me your email address and I can get you in contact with sales.
Thanks for you replies. I will try to clarify again:
I am just trying to build an Ubuntu Core image without accessing the store directly. I want to access it via the proxy. The reason for this is because I am essentially in an air-gapped environment (because of ssl interception). I don’t want to store any snaps in-house or anything like this. I just want to use the proxy as a proxy to access the store when building an Ubuntu Core image.
The question is now for me: how do I tell snapcraft to do the login and build via the proxy and not via the store directly?
I dont think you can proxy the SSO communication to authenticate your user but you should be able to use the snapd proxy settings for everything else (ubuntu-image just uses snapd in the backend) …
Hi, it looks like you might be looking for a way of instructing snapcraft and or snapd to use the intercepting https proxy (and trusting its CA certificate), and not using the snap-store-proxy? If you used the snap-store-proxy, the communication between the snap-store-proxy and the online store would need to still happen via the intercepting https proxy I assume? If yes, then it doesn’t make much sense to use the snap-store-proxy.
Both snapcraft and snapd can be instructed to use an https proxy for outgoing communication. In addition to the system proxy.https option @ogra linked to, https://snapcraft.io/docs/system-options#heading--store-certs would need to be used to configure the intercepting proxy’s certificate.
For snapcraft the standard https_proxy env var in tandem with REQUESTS_CA_BUNDLE=<path-to-ca-certs-file> should do the trick.
So again, so far it sounds like snap-store-proxy is not necessary for your use case unless we’re missing some more information/requirements.
Thanks for your detailed answer. I had gotten snapd and the snap-store-proxy to access the store by providing the self signed cert. snapcraft is what I was having trouble with so I figured I would just run everything over the snap-store-proxy.
Somehow I was unable to find the info about the REQUESTS_CA_BUNDLE env var… I will give that a try and then my issue will probably be solved
