Hey everyone
In order to improve the quality of the snaps published under classic confinement I have made a new utility that is aimed at snap authors.
The analyser looks at all the processes looking for those belonging to a given snap and at the memory map of each such process.
Memory map shows the files that are mapped into the address space of the process. Typically this is used for loading shared libraries, a place where many classically confined snaps fail.
Static analysis can only do so much, it doesn’t capture many typical cases of GTK dynamically loading plugins and their dependencies. While testing and developing your classically confined snap please run the new tool and ensure that you are not loading shared libraries from the host unexpectedly.
The usage instructions are as simple as it gets:
$ snap install --classic classic-snap-analyzer
Then run your classically confined snap, for instance I used sublime-text
that I was also using at the time.
$ classic-snap-analyzer sublime-text
The snap sublime-text uses the following files from the host:
/lib/x86_64-linux-gnu/libgcc_s.so.1
/lib/x86_64-linux-gnu/libnss_mdns4_minimal.so.2
/usr/lib/locale/locale-archive
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
/usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/engines/libmurrine.so
/usr/lib/x86_64-linux-gnu/gtk-2.0/modules/libatk-bridge.so
/usr/lib/x86_64-linux-gnu/gtk-2.0/modules/libcanberra-gtk-module.so
/usr/lib/x86_64-linux-gnu/gtk-2.0/modules/libgail.so
/usr/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0.0.0
/usr/lib/x86_64-linux-gnu/libatspi.so.0.0.1
/usr/lib/x86_64-linux-gnu/libcanberra-gtk.so.0.1.9
/usr/lib/x86_64-linux-gnu/libcanberra.so.0.2.5
/usr/lib/x86_64-linux-gnu/libgailutil.so.18.0.1
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.5400.1
/usr/lib/x86_64-linux-gnu/libltdl.so.7.3.1
/usr/lib/x86_64-linux-gnu/libogg.so.0.8.2
/usr/lib/x86_64-linux-gnu/libtdb.so.1.3.13
/usr/lib/x86_64-linux-gnu/libvorbisfile.so.3.3.7
/usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.8
/usr/share/locale-langpack/pl/LC_MESSAGES/libc.mo
As you can see, sublime-text uses many shared libraries from the host. This is how the snap is made, it’s not disallowed but in many cases when such snaps break it is done without full awareness.
Each file printed by the tool is a potential for the snap to break on another machine. The snap operates not because it contains all of its dependencies but because it piggy-backed on the files available on system of the end user. Typically shared libraries should be bundled with the snap, with proper provisions so that they are loaded (using environment variables, ELF rewriting and other tricks).