Build fails with a mksquashfs error: cannot pack "/root/prime"

I created an issue recently saying the latest mongoDB is not available on snapcraft and the latest one on the store is 3.3 while the actual latest mongoDB version is 4.4 So I set out to snap mongoDB 4.4 so that I can use it on my groovy gorilla installation.

This is the snapcraft.yml I have setup (A lot of it has been shamelessly copied from @niemeyer mongo 3.3 snapcraft.yaml )

name: mongo
version: 4.4.1
summary: MongoDB document-oriented database
base: core20

description: |
    MongoDB is a high-performance, open source, schema-free
    document-oriented data store.

grade: stable
confinement: devmode

apps:
    mongo:
        command: bin/mongo

    mongod:
        command: bin/mongod
        daemon: simple

plugs:
    home:
    network:
    network-bind:

parts:
    mongodb:
        source: https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu2004-4.4.1.tgz
        plugin: dump
        stage-packages: [libssl1.1, libcurl4]

On running

snapcraft --debug

This is the output/error

Launching a VM.
snapd is not logged in, snap install commands will use sudo
snap "core20" has no updates available
Skipping pull mongodb (already ran)
Skipping build mongodb (already ran)
Skipping stage mongodb (already ran)
Skipping prime mongodb (already ran)
The requested action has already been taken. Consider
specifying parts, or clean the steps you want to run again.
Snapping |                                                                                                                                                          
Failed to create snap, snap command failed:
stdout:

stderr:
error: cannot pack "/root/prime": mksquashfs call failed: Could not create destination file: Operation not permitted

I was able to find [one post which talked about a similar issue (Unable to access /root/project when the project directory path contains Chinese(Unicode) characters), but that had to do with Chinese characters, which I do not think is the case here.

What am I missing?

It’s actually 2 months ago

The other case is that the project directory path contains spaces: multipass mount w/ ID mapping creates unwritable mountpoints when the source path contains spaces · Issue #1693 · canonical/multipass 1

Damn, Looked at " [Aug 17]" and thought it was August 2017 . Thanks for the heads up, updated the post

Unfortunately, I do not think this is the case. The project directory path does not contain spaces in my case.

how does your source tree look like and where exactly is it on the host when snapping ? (is your source tree “just the snapcraft.yaml dropped into your home”)

I have a folder called mongodb-snap, this is the tree output in that folder

mongodb-snap ❯ tree
.
└── snap
    └── snapcraft.yaml

1 directory, 1 file

Contents of snapcraft.yaml

build output:

mongodb-snap ❯ snapcraft --debug                                                                                                                            ⏎
Launching a VM.
snapd is not logged in, snap install commands will use sudo
snap "core20" has no updates available
Skipping pull mongodb (already ran)
Skipping build mongodb (already ran)
Skipping stage mongodb (already ran)
Skipping prime mongodb (already ran)
The requested action has already been taken. Consider
specifying parts, or clean the steps you want to run again.
Snapping |                                                                                                                                         
Failed to create snap, snap command failed:
stdout:

stderr:
error: cannot pack "/root/prime": mksquashfs call failed: Could not create destination file: Operation not permitted

My current working directory is /home/bharatkalluri/Projects/mongodb-snap

Let me know if I missed any other information.

this looks all fine … did you do as snapcraft suggested and called snapcraft clean once (there might be stale files in the VM) ?

Run the following command in your project directory and see if it works:

• multipass launch --name multipass-mount-problem xenial
• multipass exec multipass-mount-problem -- mkdir /home/ubuntu/mountpoint
• multipass mount --verbose --uid-map "$(id --user)":1000 --gid-map "$(id --group)":1000 . multipass-mount-problem:/home/ubuntu/mountpoint
• multipass exec multipass-mount-problem -- ls /home/ubuntu/mountpoint
• multipass delete --purge multipass-mount-problem

Output for the commands you have suggested

mongodb-snap ❯ multipass launch --name multipass-mount-problem xenial        
One quick question before we launch … Would you like to help                    
the Multipass developers, by sending anonymous usage data?
This includes your operating system, which images you use,
the number of instances, their properties and how long you use them.
We’d also like to measure Multipass’s speed.

Send usage data (yes/no/Later)? yes
Thank you!
Launched: multipass-mount-problem                                               
mongodb-snap ❯ multipass exec multipass-mount-problem -- mkdir /home/ubuntu/mountpoint
mongodb-snap ❯ multipass mount --verbose --uid-map "$(id --user)":1000 --gid-map "$(id --group)":1000 . multipass-mount-problem:/home/ubuntu/mountpoint
[2020-10-15T15:15:41.314] [warning] [apparmor] Failed to load AppArmor policy 
#include <tunables/global>
profile multipass.multipass-mount-problem.787a5936.sshfs_server flags=(attach_disconnected) {
    #include <abstractions/base>
    #include <abstractions/nameservice>

    # Sshfs_server requires broad filesystem altering permissions, but only for the
    # host directory the user has specified to be shared with the VM.

    # Required for reading and searching host directories
    capability dac_override,
    capability dac_read_search,
    # Enables modifying of file ownership and permissions
    capability chown,
    capability fsetid,
    capability fowner,
    # Multipass allows user to specify arbitrary uid/gid mappings
    capability setuid,
    capability setgid,

    # Allow multipassd send sshfs_server signals
    signal (receive) peer=snap.multipass.multipassd,

    # sshfs gathers some info about system resources
    /sys/devices/system/node/ r,
    /sys/devices/system/node/node[0-9]*/meminfo r,

    # binary and its libs
    /snap/multipass/2604/bin/sshfs_server ixr,
    /snap/multipass/2604/{usr/,}lib/** rm,

    # CLASSIC ONLY: need to specify required libs from core snap
    /{,var/lib/snapd/}snap/core18/*/{,usr/}lib/@{multiarch}/{,**/}*.so* rm,

    # allow full access just to this user-specified source directory on the host
    /home/bharatkalluri/Projects/mongodb-snap/ rw,
    /home/bharatkalluri/Projects/mongodb-snap/** rwlk,
}
    : errno=10 ()

 \[2020-10-15T15:15:41.565] [warning] [sshfs-mounts] Mount '/home/ubuntu/mountpoint' in instance "multipass-mount-problem" has stopped unexpectedly: Process returned exit code: 9

Enabling support for mounting \[2020-10-15T15:16:19.106] [warning] [apparmor] Failed to load AppArmor policy 
#include <tunables/global>
profile multipass.multipass-mount-problem.787a5936.sshfs_server flags=(attach_disconnected) {
    #include <abstractions/base>
    #include <abstractions/nameservice>

    # Sshfs_server requires broad filesystem altering permissions, but only for the
    # host directory the user has specified to be shared with the VM.

    # Required for reading and searching host directories
    capability dac_override,
    capability dac_read_search,
    # Enables modifying of file ownership and permissions
    capability chown,
    capability fsetid,
    capability fowner,
    # Multipass allows user to specify arbitrary uid/gid mappings
    capability setuid,
    capability setgid,

    # Allow multipassd send sshfs_server signals
    signal (receive) peer=snap.multipass.multipassd,

    # sshfs gathers some info about system resources
    /sys/devices/system/node/ r,
    /sys/devices/system/node/node[0-9]*/meminfo r,

    # binary and its libs
    /snap/multipass/2604/bin/sshfs_server ixr,
    /snap/multipass/2604/{usr/,}lib/** rm,

    # CLASSIC ONLY: need to specify required libs from core snap
    /{,var/lib/snapd/}snap/core18/*/{,usr/}lib/@{multiarch}/{,**/}*.so* rm,

    # allow full access just to this user-specified source directory on the host
    /home/bharatkalluri/Projects/mongodb-snap/ rw,
    /home/bharatkalluri/Projects/mongodb-snap/** rwlk,
}
    : errno=10 ()

mongodb-snap ❯ multipass exec multipass-mount-problem -- ls /home/ubuntu/mountpoint
snap
mongodb-snap ❯ multipass delete --purge multipass-mount-problem

I’m not sure if this worked, I did get a warning and later it printed C code (I think so?)… It does say Failed to load AppArmor policy. Although I did not modify/change it.

Is it possible you don’t have permissions to write ‘mongodb_4.4.1_amd64.snap’ in your project directory (mongodb-snap)?

If snapcraft clean doesn’t fix it, perhaps try LXD and see if the behavior is different:
snapcraft --use-lxd.

That seems to be the cause .Not sure where to look at though… Maybe @saviq can help?

Bharat Kalluri via snapcraft.io forum@forum.snapcraft.io 於 2020年10月15日 週四 下午7:42 寫道：

@BharatKalluri hey, is “your groovy gorilla” installation where you’re trying to build the snap? The permission error is a result of the apparmor profile being unable to load.

This is a groovy incompatibility, being fixed in snapd here:

https://github.com/snapcore/snapd/pull/9509

Got it, I will keep an eye on this issue and retry once it is merged and released. Thanks for the pointer

Just an update that PR was closed in favor of https://github.com/snapcore/snapd/pull/9516, which has been merged to edge, so using snapd from edge should enable this again, you can switch with:

snap install snapd --edge || snap refresh snapd --edge

and then after 2.48 is released to stable (should be a couple of weeks at most), switch back with:

snap refresh snapd --stable

@ijohnson, I tried

 snap refresh snapd --edge

on my Groovy system, as you suggest, but still get the same error:

Snapping |                                                           
Failed to create snap, snap command failed:
stdout:

stderr:
error: cannot pack "/root/prime": mksquashfs call failed: Could not create destination file: Operation not permitted

We would appreciate it if you anonymously reported this issue.
No other data than the traceback and the version of snapcraft in use will be sent.
Would you like to send this error data? (Yes/No/Always/View) [no]: yes
Thank you, sent.
Run the same command again with --debug to shell into the environment if you wish to introspect this failure.

The Snap I am trying to build is my newly posted PostScript Printer Application:

On your system can you provide the output of running the following commands:

snap version
snap list multipass
snap list snapd

Here we go:

$ snap version
snap    2.47.1+git838.g0bce146
snapd   2.47.1+git838.g0bce146
series  16
ubuntu  20.10
kernel  5.4.0-44-generic

$ snap list multipass
Name       Version  Rev   Tracking       Publisher   Notes
multipass  1.4.0    2779  latest/stable  canonical✓  -

$ snap list snapd
Name   Version                 Rev   Tracking     Publisher   Notes
snapd  2.47.1+git838.g0bce146  9897  latest/edge  canonical✓  snapd

Just to be clear, have you rebooted this machine after refreshing? It should not be necessary, but the solution did involve changing how the mount namespaces for snaps is setup, so it’s possible that your system has a stale mount namespace for the multipass snap.

Sorry for the late answer, I have only rebooted now because I was busy with other things. It is solved now! After the reboot with the snapd from Edge I can finally build Snaps on Groovy! Thank you very much.

I just landed here after trying to diagnose an error on a builder. My scenario was this: I had a VM setup to do snapcraft builds with LXD. I had not used LXD yet to do anything. Builds using LXD with snapcraft failed with the same above error (or very similar):

stderr:
error: cannot pack "/root/prime": mksquashfs call failed: Could not open regular file for writing as destination: Permission denied

Not sure if it’s the identical case or not and I see that this is VM and mine is LXD but I thought I would post the info I had. It appeared that after I pulled an ubuntu:20.04 image to LXD, manually, then my builds started working.

Linux ubuntu-desktop-vm 5.8.0-63-generic #71~20.04.1-Ubuntu SMP Thu Jul 15 17:46:08 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux                                                                                                                     

snapcraft, version 4.8.3      

name:      lxd                                                                                                                                                                                                                                  
summary:   System container and virtual machine manager                                                                                                                                                                                         
publisher: Canonical✓                                                                                                                                                                                                                           
store-url: https://snapcraft.io/lxd                                                                                                                                                                                                             
contact:   https://github.com/lxc/lxd/issues                                                                                                                                                                                                    
license:   unset                                                                                                                                                                                                                                
...
snap-id:      J60k4JY0HppjwOjW8dZdYc8obXKxujRu
tracking:     latest/stable
refresh-date: 6 days ago, at 22:09 EDT
...
installed:          4.16                   (21039) 71MB -

Those are all bonafied Canonical snaps. Hope it helps! I don’t have time to really RCA it right now.