Hello, I would like to know if the snap api is blocked for Cuba. Before I could use it but a while ago it throws connection refused.
You mean the snap store? Can you run curl -D- -v https://api.snapcraft.io/
and attach the output?
Hi, the output is:
networld@srv0:~# curl -D- -v http s:// api. snapcraft .io /
- Trying 91.189.92.41:443…
- TCP_NODELAY set
- Connected to api. snapcraft .io (91.189.92.41) port 443 (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.2 (IN), TLS handshake, Certificate (11):
- TLSv1.2 (IN), TLS handshake, Server key exchange (12):
- TLSv1.2 (IN), TLS handshake, Server finished (14):
- TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
- TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
- TLSv1.2 (OUT), TLS handshake, Finished (20):
- TLSv1.2 (IN), TLS handshake, Finished (20):
- SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
- ALPN, server did not agree to a protocol
- Server certificate:
- subject: C=GB; L=London; O=Canonical Group Ltd; CN=api .snapcraft .io
- start date: Sep 23 00:00:00 2021 GMT
- expire date: Sep 23 23:59:59 2022 GMT
- subjectAltName: host “api. snapcraft .io” matched cert’s “ap i.snapcraft. io”
- issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
- SSL certificate verify ok.
GET / HTTP/1.1 Host: api. snapcraft .io User-Agent: curl/7.68.0 Accept: /
- Mark bundle as not supporting multiuse < HTTP/1.1 200 OK HTTP/1.1 200 OK < server: gunicorn server: gunicorn < date: Tue, 18 Jan 2022 23:02:03 GMT date: Tue, 18 Jan 2022 23:02:03 GMT < content-type: text/html; charset=utf-8 content-type: text/html; charset=utf-8 < content-length: 64 content-length: 64 < snap-store-version: 44 snap-store-version: 44 < x-view-name: snapdevicegw.webapi.root x-view-name: snapdevicegw.webapi.root < x-vcs-revision: 774419d5 x-vcs-revision: 774419d5 < x-request-id: 98CF1BBE099D0A325D7301BB61E746E98F188C2 x-request-id: 98CF1BBE099D0A325D7301BB61E746E98F188C2
< snapcraft.io store API service - Copyright 2018-2021 Canonical.
- Connection #0 to host api.snapcraft.io left intact
seems to work fine, but if I run sudo snap install rocketchat-server for example, the output is as follows:
networld@srv0:~# sudo snap install rocketchat-server error: cannot install “rocketchat-server”: Post https :// api.snapcraft. io/v2/snaps/refresh: read tcp 10.10.20.6:36272->91.189.92.40:443: read: connection reset by peer
Is this repeatable? Is it always the same remote IP address?
I see that curl accessed 91.189.92.41, while snapd hit 91.189.92.40. FWIW both are among the IPs that api.snapcraft.io resolves to:
;; ANSWER SECTION:
api.snapcraft.io. 451 IN A 91.189.92.39
api.snapcraft.io. 451 IN A 91.189.92.40
api.snapcraft.io. 451 IN A 91.189.92.19
api.snapcraft.io. 451 IN A 91.189.92.38
api.snapcraft.io. 451 IN A 91.189.92.20
api.snapcraft.io. 451 IN A 91.189.92.41
Try to run curl -v -D- -X POST -H "Snap-Device-Series: 16" 'https://api.snapcraft.io/v2/snaps/refresh'
and attach the output.
Hi, you can also try crafting a payload that’s similar to what snapd is using:
YOUR_ARCH=amd64
YOUR_SERIES=16
curl -X POST https://api.snapcraft.io/v2/snaps/refresh -H "Snap-Device-Series: $YOUR_SERIES" -H "Snap-Device-Architecture: $YOUR_ARCH" -H "Content-type: application/json" -d '{"context": [], "actions": [{"action": "install", "instance-key": "foo", "name":"rocketchat-server"}]}' | jq .
Did you by chance configure a proxy for snapd only? sounds about the only way for the connection to work differently via snapd vs. curl; snapd doesn’t do, to my knowledge, any black magic to establish the HTTP connection.
- Daniel