Call for testing and usage: classic-snap-analyzer

Hey everyone

In order to improve the quality of the snaps published under classic confinement I have made a new utility that is aimed at snap authors.
The analyser looks at all the processes looking for those belonging to a given snap and at the memory map of each such process.

Memory map shows the files that are mapped into the address space of the process. Typically this is used for loading shared libraries, a place where many classically confined snaps fail.

Static analysis can only do so much, it doesn’t capture many typical cases of GTK dynamically loading plugins and their dependencies. While testing and developing your classically confined snap please run the new tool and ensure that you are not loading shared libraries from the host unexpectedly.

The usage instructions are as simple as it gets:

$ snap install --classic classic-snap-analyzer

Then run your classically confined snap, for instance I used sublime-text that I was also using at the time.

$ classic-snap-analyzer sublime-text
The snap sublime-text uses the following files from the host:
/lib/x86_64-linux-gnu/libgcc_s.so.1
/lib/x86_64-linux-gnu/libnss_mdns4_minimal.so.2
/usr/lib/locale/locale-archive
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
/usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/engines/libmurrine.so
/usr/lib/x86_64-linux-gnu/gtk-2.0/modules/libatk-bridge.so
/usr/lib/x86_64-linux-gnu/gtk-2.0/modules/libcanberra-gtk-module.so
/usr/lib/x86_64-linux-gnu/gtk-2.0/modules/libgail.so
/usr/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0.0.0
/usr/lib/x86_64-linux-gnu/libatspi.so.0.0.1
/usr/lib/x86_64-linux-gnu/libcanberra-gtk.so.0.1.9
/usr/lib/x86_64-linux-gnu/libcanberra.so.0.2.5
/usr/lib/x86_64-linux-gnu/libgailutil.so.18.0.1
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.5400.1
/usr/lib/x86_64-linux-gnu/libltdl.so.7.3.1
/usr/lib/x86_64-linux-gnu/libogg.so.0.8.2
/usr/lib/x86_64-linux-gnu/libtdb.so.1.3.13
/usr/lib/x86_64-linux-gnu/libvorbisfile.so.3.3.7
/usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.8
/usr/share/locale-langpack/pl/LC_MESSAGES/libc.mo

As you can see, sublime-text uses many shared libraries from the host. This is how the snap is made, it’s not disallowed but in many cases when such snaps break it is done without full awareness.

Each file printed by the tool is a potential for the snap to break on another machine. The snap operates not because it contains all of its dependencies but because it piggy-backed on the files available on system of the end user. Typically shared libraries should be bundled with the snap, with proper provisions so that they are loaded (using environment variables, ELF rewriting and other tricks).

There’s an improved version of the application in the beta channel. Please snap refresh --beta classic-snap-analyzer to get it. It offers interactive window selection, a dock icon and much better advice wording.

I have released the 0.3.1 version to the stable channel. It contains numerous small improvements:

• an all-new interactive selection mode, just click on the app and then on a window of any snap
• the application has a desktop file and an icon and can be used without the terminal
• the application can now inspect specific process
• the application now handles processes with zeroed environment block
• the application gives much better and clearer message when potential issues are found

I would like to ask how to use this application with command-line apps that don’t stay running for a long time.

You have to force the application to stick around for a moment. One possible way is to just suspend it with CTRL+Z and then run classic-snap-analyzer with the name of the snap in a terminal window.