Hey everybody!
I just had the need to build a snap behind an HTTP proxy with SSL Bump in a Vagrant VM that can’t use multipass ( because it doesn’t support the multipass virtualization inside the VM ). I figured out how to do it so I figured I’d post the instructions here in case anybody ever needed to do the same thing!
So the first issue I ran into in the Vagrant VM ( Ubuntu 18.04 ) was that I couldn’t use Multipass. If I remember correctly it was because it needed KVM virtualization and I didn’t have it in my VM. The solution ( or, more accurately, a solution ) is to use Docker. So the first step is to install Docker:
# Using apt
$ sudo apt install docker.io
# Or using Snap
$ sudo snap install docker
After you install Docker you will need to configure Docker for your proxy. You do this by creating a systemd service dropin file that looks like this:
http-proxy.conf:
[Service]
Environment="HTTP_PROXY=http://name:password@123.456.789.100:1234"
Environment="HTTPS_PROXY=http://name:password@123.456.789.100:1234"
This config file must be placed in:
- For the snap:
/etc/systemd/system/snap.docker.dockerd.service.d/http-proxy.conf
- Or for the apt package:
/etc/systemd/system/docker.service.d/http-proxy.conf
After that reload the systemd configuration and restart Docker:
- For the snap:
systemctl daemon-reload
snap restart docker
- Or for the apt package:
systemctl daemon-reload
systemctl restart docker
Now that we have Docker installed we are going to run the snapcraft container and mount our project and our proxy’s SSL bump certificate into the container:
$ cd /path/to/my/snap/project
$ docker run -it --rm -v $(pwd):/project -v /path/to/proxy/cert.crt:/usr/local/share/ca-certificates/proxyca.crt snapcore/snapcraft bash
# Now we are inside of the snapcraft container
OK, now that we are inside of the snapcraft container, we could build our snap except for the fact that snapcraft does not trust our HTTP proxy’s certificate. We have to hijack the cacert.pem
files that snapcraft will use to verify sites that it connects to:
# Replace all `cacert.pem` files in the snapcraft snap with our proxy cert file
# that we mounted in.
$ for cert in $(find /snap/snapcraft/current/ -name cacert.pem); do cp /usr/local/share/ca-certificates/proxyca.crt $cert; done
# Switch to our snap project dir
$ cd /project
# Build the snap
$ snapcraft
# Exit the container
$ exit
Now you should have yoursnapname_version_arch.snap
in your project directory. You can install the snap like so:
$ snap install ./yoursnapname_version_arch.snap --dangerous --devmode
Congratulations! You’re snapped!