Remove-build flutter snap with private Github repository dependency

Hi!

I try to build a flutter snap in remote-build with a private github repository as a dependency. The problem I ran into is that I can’t setup a SSH key in my build that would make it possible to pull the repository. Is there something that I could have missed to enable this or can someone please advice how I could achieve this?

Thank you!

Hi ! @wunderlich-ben

Is your repository private ?

Hi! @baldeuniversel!

Thanks for the quick reply.

Yes the repository is private for the package.

Is your public key stored on your Github account ?

Yes the public key is stored in Github. I tried to pull the repository with the key and it worked as expected.

So, what’s the issue ? :face_with_monocle:

@wunderlich-ben, Is it possible to see the error log?

The issue is that because it is a private repository it needs the ssh key to access the repository. I tried to add the SSH key setup to the snapcraft.yaml but that failed with errors that github.com is not a know_host. I couldn’t resolve these issues even not by adding a known_host file. I tried then snapcraft --bind-ssh but that has thrown more errors and didn’t work for me. I’m also not quite sure if the last command is working with remote-builds.

Can I see your *.yaml (the content) file ?

Yes that is my snapcraft.yaml:

name: trunk-works-andon
# x-release-please-start-version
version: 1.17.0
# x-release-please-end
summary: trunk.works andon screen status for use with trunk.works
description: This is trunk-works-andons application.
confinement: strict
compression: lzo
grade: stable
base: core22

apps:
  trunk-works-andon:
    command-chain: &_command-chain
      - bin/graphics-core22-wrapper
      - bin/wayland-launch
    command: &_command bin/andon
    plugs: &_plugs
      - opengl
      - wayland
      - network
      - network-observe
      - network-bind
      - network-status
      - network-control
      - network-manager
      - network-manager-observe
      - netlink-audit
      - netlink-connector
      - qualcomm-ipc-router
      - network-setup-observe
      - bluetooth-control
      - avahi-observe
    environment: &_environment
      XDG_DATA_HOME: $SNAP_USER_DATA
      XDG_DATA_DIRS: $SNAP/usr/share
      GDK_GL: gles

  daemon:
    daemon: simple
    restart-delay: 3s
    restart-condition: always
    command-chain: *_command-chain
    command: *_command
    plugs: *_plugs
    environment: *_environment

plugs:
  graphics-core22:
    interface: content
    target: $SNAP/graphics
    default-provider: mesa-core22

environment:
  XDG_CACHE_HOME: $SNAP_USER_COMMON/.cache
  XDG_CONFIG_HOME: $SNAP_USER_DATA/.config
  XDG_CONFIG_DIRS: $SNAP/etc/xdg
  XDG_DATA_DIRS: $SNAP/usr/local/share:$SNAP/usr/share
  XKB_CONFIG_ROOT: $SNAP/usr/share/X11/xkb

layout:
  /usr/share/libdrm:
    bind: $SNAP/graphics/libdrm
  /usr/share/drirc.d:
    symlink: $SNAP/graphics/drirc.d
  /usr/local/share/fonts:
    bind: $SNAP/usr/local/share/fonts
  /usr/share/fonts:
    bind: $SNAP/usr/share/fonts
  /usr/share/icons:
    bind: $SNAP/usr/share/icons
  /usr/share/sounds:
    bind: $SNAP/usr/share/sounds
  /etc/fonts:
    bind: $SNAP/etc/fonts
  /usr/lib/$CRAFT_ARCH_TRIPLET/gdk-pixbuf-2.0:
    bind: $SNAP/usr/lib/$CRAFT_ARCH_TRIPLET/gdk-pixbuf-2.0
  /usr/lib/${CRAFT_ARCH_TRIPLET}/gtk-3.0:
    bind: $SNAP/usr/lib/${CRAFT_ARCH_TRIPLET}/gtk-3.0
  /usr/share/mime:
    bind: $SNAP/usr/share/mime
  /etc/gtk-3.0:
    bind: $SNAP/etc/gtk-3.0

parts:
  andon:
    plugin: nil
    source: .
    build-snaps:
      - flutter/latest/stable
    build-environment:
      - C_INCLUDE_PATH: /snap/flutter/current/usr/include
      - LD_LIBRARY_PATH: ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}/snap/flutter/current/usr/lib/$CRAFT_ARCH_TRIPLET
      - PKG_CONFIG_PATH: ${PKG_CONFIG_PATH:+$PKG_CONFIG_PATH:}/snap/flutter/current/usr/lib/$CRAFT_ARCH_TRIPLET/pkgconfig
      - XDG_DATA_DIRS: /snap/flutter/current/usr/share${XDG_DATA_DIRS:+:$XDG_DATA_DIRS}
      - SSH_KEY_PASSPHRASE: test
    override-build: |
      set -eux
      echo "Installing flutter"
      mkdir -p $CRAFT_PART_INSTALL/bin/lib

      flutter channel stable
      dart pub global activate fvm
      export PATH="$PATH":"$HOME/.pub-cache/bin"

      # Add github.com to known hosts
      mkdir -p ~/.ssh

      # Copy the ssh keys to the correct location
      openssl aes-256-cbc -d -in $CRAFT_PART_BUILD/snap/ssh/id_rsa_snapcraft.enc -out ~/.ssh/id_rsa -pass pass:$SSH_KEY_PASSPHRASE
      chmod 600 ~/.ssh/id_rsa

      # Add the public key
      cp $CRAFT_PART_SRC/snap/ssh/id_rsa_snapcraft.pub ~/.ssh/id_rsa.pub
      chmod 644 ~/.ssh/id_rsa.pub

      # Copy the known hosts file to the correct location
      cp $CRAFT_PART_SRC/snap/ssh/known_hosts ~/.ssh/known_hosts

      # Install dependencies
      fvm install
      fvm flutter config --enable-linux-desktop
      fvm flutter doctor
      fvm flutter pub get

      echo "Setting up .env file in assets/ folder"
      echo "SENTRY_DSN=https://xxx.com" > assets/.env
      echo "STREAM_URL=https://example.com" >> assets/.env
      echo "ANDONS_AUTH_SECRET_KEY=XXXXX" >> assets/.env
      echo "STREAM_API_VERSION=v2" >> assets/.env

      echo "Start building the app"
      fvm flutter build linux --release -v
      echo "Copying the build to the part install folder"
      cp -r build/linux/*/release/bundle/* $CRAFT_PART_INSTALL/bin/
    stage-packages:
      - libgtk-3-0
      - libgl1

  gsettings+pixbuf+immodules:
    plugin: nil
    build-packages:
      - libgdk-pixbuf2.0-0
      - librsvg2-common
      - shared-mime-info
      - libgtk-3-0
    override-build: |
      craftctl default
      # Update mime database
      update-mime-database ${CRAFT_PART_INSTALL}/usr/share/mime
      # build immodules cache
      mkdir -p ${CRAFT_PART_INSTALL}/usr/lib/${CRAFT_ARCH_TRIPLET}/gtk-3.0/3.0.0/
      /usr/lib/${CRAFT_ARCH_TRIPLET}/libgtk-3-0/gtk-query-immodules-3.0 > ${CRAFT_PART_INSTALL}/usr/lib/${CRAFT_ARCH_TRIPLET}/gtk-3.0/3.0.0/immodules.cache
    stage-packages:
      - librsvg2-common
      - gsettings-desktop-schemas
      - libglib2.0-bin
    override-prime: |
      craftctl default
      # Compile the gsettings schemas
      /usr/lib/${CRAFT_ARCH_TRIPLET}/glib-2.0/glib-compile-schemas "$CRAFT_PRIME/usr/share/glib-2.0/schemas"
      # Index the pixbuf loaders
      LOADERS_PATH=$(echo ${CRAFT_PRIME}/usr/lib/${CRAFT_ARCH_TRIPLET}/gdk-pixbuf-2.0/*/loaders)
      QUERY_LOADERS=/usr/lib/${CRAFT_ARCH_TRIPLET}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders
      GDK_PIXBUF_MODULEDIR=${LOADERS_PATH} ${QUERY_LOADERS} > ${LOADERS_PATH}/../loaders.cache
      sed s!$CRAFT_PRIME!!g --in-place ${LOADERS_PATH}/../loaders.cache

  setup:
    plugin: dump
    source: snap/local/wayland-launch
    override-build: |
      # The plugs needed to run Wayland. (wayland-launch checks them, setup.sh connects them)
      # You may add further plugs here if you want these options
      PLUGS="opengl wayland graphics-core22"
      sed --in-place "s/%PLUGS%/$PLUGS/g" $CRAFT_PART_BUILD/bin/wayland-launch
      sed --in-place "s/%PLUGS%/$PLUGS/g" $CRAFT_PART_BUILD/bin/setup.sh
      craftctl default
    stage-packages:
      - inotify-tools

  graphics-core22:
    after:
      - andon
      - gsettings+pixbuf+immodules
      - setup
    source: https://github.com/MirServer/graphics-core22.git
    plugin: dump
    override-prime: |
      craftctl default
      ${CRAFT_PART_SRC}/bin/graphics-core22-cleanup mesa-core22 nvidia-core22
      cd "$CRAFT_PRIME/usr/share/"
      rm -rf bug drirc.d glvnd libdrm lintian man
      rm -rf applications apport bash-completion dbus-1 doc-base doc gtk-doc\
             help pkgconfig libthai metainfo themes thumbnailers xml
    prime:
      - bin/graphics-core22-wrapper

architectures:
  - build-on: amd64
  - build-on: arm64

This part you mean ?

source: https://github.com/MirServer/graphics-core22.git

No the part that is failing is in my pubspec.yaml. I’m sorry, I can’t share the entire file but how I import the repository is like this:

...
widgets:
    git:
      url: git@github.com:org/libs.git
      ref: main
      path: widgets
...

@wunderlich-ben , I would have rather done like this :

...
widgets:
    plugin: dump
    source: git@github.com:org/libs.git
    source-type: git
    source-branch: main 
    source-subdir: widgets
...

But before the build, try to run this command (if it is not already done) :

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa  # Of course the real path

@baldeuniversel thanks for the update. I will try the ssh-add.

I might not have made that clear enough, the first part is in my flutter pubspec.yaml and specifies the dependency that I try to install. Here is the documentation for that: https://dart.dev/tools/pub/dependencies#git-packages

1 Like

Hi @baldeuniversel, I gave the ssh-add a try but I still get this error message:

Resolving dependencies...
:: Git error. Command: `git clone --mirror git@github.com:org/libs.git /root/.pub-cache/git/cache/libs-5f281768d50d6aab259de3de9ebca5f241f92f87`
:: stdout:
:: stderr: Cloning into bare repository '/root/.pub-cache/git/cache/libs-5f281768d50d6aab259de3de9ebca5f241f92f87'...
:: ssh: Could not resolve hostname github.com: Name or service not known
:: fatal: Could not read from remote repository.
::
:: Please make sure you have the correct access rights
:: and the repository exists.

Is there anything else that I could try?

@wunderlich-ben, did you try running it with the option --bind-ssh ?

Like this :

snapcraft --bind-ssh

@baldeuniversel I tried that command but it seams like it doesn’t exist for remote-build

@wunderlich-ben , try this before building :thinking:

ssh-keyscan -H github.com >> ~/.ssh/known_hosts

@baldeuniversel I tried that and we get a new error:

+ ssh-keyscan -H github.com
:: getaddrinfo github.com: Name or service not known
:: getaddrinfo github.com: Name or service not known
:: getaddrinfo github.com: Name or service not known
:: getaddrinfo github.com: Name or service not known
:: getaddrinfo github.com: Name or service not known

It might be a network issue with the remote-build but that would be odd since it is downloading other dependencies.

Check this file :

/etc/resolv.conf

If this line nameserver 8.8.8.8 is missing, I recommend you to add the line in question, like this :

nameserver 8.8.8.8


In this file /etc/hosts, if you find any github line, I recommend you to comment the line in question.