Calling app in configure script

How do I call one of the apps in my snap in the configure script?

I need to (re)authorize to a Backblaze B2 bucket whenever the user changes their keys, the keys are stored via the snap set/get system so it makes sense the configure script would take care of this.

My snapcraft.yaml:

# ---- 8< snip ---
  b2:
    command: usr/bin/python3 $SNAP/bin/b2
    plugs:
      - network-bind
# ---- 8< snip ---

In my executable hooks/configure script:

#!/bin/sh -e
KEY="$(snapctl get key)"
snap run "$SNAP_NAME".b2 authorize-account $KEY

But when installing the snap via --dangerous I get /snap/xxx/x1/meta/hooks/configure: /snap/xxx/x1/meta/hooks/configure: snap: Permission denied.

This command needs network access, does the configure hook get network access?

you can give the hook itself the reqiored permissions, try adding (at the toplevel of your snapcraft.yaml):

hooks:
  configure:
    plugs: [ network ]

(perhaps also ```network-bind``)

and indeed the hook script needs to be executable

Thanks for the help but it still doesn’t work. :slightly_frowning_face: I simplified my snapacraft.yaml and configure script a bit more.

The snapcraft.yaml:

name: xxx
version: xxx
summary: xxx
description: xxx
base: core18
grade: stable
confinement: strict
hooks:
  configure:
     plugs: [ network, network-bind ]
apps:
  b2:
    command: usr/bin/python3 $SNAP/bin/b2
    plugs: [ network-bind ]
parts:
  b2:
    plugin: python
    python-packages: [ b2 ]

And super simple hooks/configure script:

#!/bin/sh -e
ping -c 1 example.com

A clean rebuild still gives me a

/snap/xxx/x1/meta/hooks/configure: /snap/xxx/x1/meta/hooks/configure: ping: Permission denied` error

ah, ping is special … not sure you can overcome this, ping requires to be suid root, but none of the confinement rules will allow that … (you could try to ship ping yourself and call it from inside the $SNAP path but i’m not sure if it will work (snapcraft would strip the suid bit))

Stupid me, I don’t really need ping, I was just looking for the smallest example I could use to illustrate the problem. I would like to us the Backblaze B2 CLI.

I don’t think it’s related to the network access. How do I call an application from the snap in the configure script?

name: test
version: "0.1"
summary: Test
description: Test
base: core18
grade: stable
confinement: strict
apps:
  b2:
    command: usr/bin/python3 $SNAP/bin/b2
    plugs: [ network-bind ]
hooks:
  configure:
    plugs: [ network ]
parts:
  b2:
    plugin: python
    python-packages: [ b2 ]

And the configure script:

#!/bin/sh -e
snap run "$SNAP_NAME".b2 -h

Gives a permission denied even though the b2 -h simply prints the help, without accessing the network.

You cannot use snap run from inside a Snap package’s world-view. You should instead use the direct path inside your snap to call b2 directly. e.g. $SNAP/usr/bin/python3 $SNAP/bin/b2

Thank you both. I had 2 issues: one was the missing hooks: authorization in my snapcraft.yaml, the other was trying to use snap run in my configure script.

Off-topic but @ogra and @daniel, I see both of your names in almost every single thread in this forum. Thank you for the countless hours you both undoubtedly spent helping people out.

2 Likes