To add some background, I have done an implementation of an “overlay” snap store, that I currently can’t open up, employer policy for now.
I believe, patching snapd to allow Your custom signing authority is a good way to achieve a custom snap store, however that becomes unrealistic when You have to ask users to install Your custom build of snapd on their computers. However in our case, we build the whole OS (yocto), so patching snapd is not an issue. So I believe the most important change needs to happen in snapd to have a realistic third-party store.
Here is how we implemented it
- patched snapd to support custom signing authority
- patched snapd to only refresh snaps if the authority is canonical
- Wrote a django based service, that allows developers to register and upload their snaps
- On upload, the server unpacks the snap, extracts the snapcraft yaml and parses it and does necessary verification.
- Then
snap signcommand is used to create an assertion - Finally the snap and assertion are uploaded to S3
For the install/update we have a custom cli tool that allows to install/remove snaps from our store and transparently from Canonical store as well. The current policy is to first check if a snap exists on our store and install it, if not, we call the snapd sock to install it from Canonical store.
We support both channels (but not tracks) and delta updates (using desync).
edit: Automatic updates are a TODO but we know what we have to do to achieve that. We will be using Autobahn/WAMP for push notifications to the device, however that’s currently not an immediate requirement.