Cannot get snap to set/add environment variables

When I snap my current app it gives a warning about an empty LD_LIBRARY_PATH like the following:

   Priming wickr 
    + snapcraftctl prime
    The 'passthrough' property is being used to propagate experimental properties to snap.yaml that have not been validated.
    CVE-2020-27348: A potentially empty LD_LIBRARY_PATH has been set for environment in 'wickrproalpha'. The current working directory will be added to the library path if empty. This can cause unexpected libraries to be loaded.
    Snapping |                                                                                              
    Snapped wickrproalpha_6.17.1_amd64.snap

In my yaml I am trying to expose certain paths and key names but to no avail, like adding things to LD_LIBRARY_PATH. How do I do that? Currently in the process of updating my yaml for 20.04 from 18.04.

My current attempt:

apps:

  WICKRLCAPPNAME:
    environment:
      DISABLE_WAYLAND: 1
      QT_QPA_PLATFORMTHEME: gtk3  
      QT_BASE_DIR: /opt/qt51512
      QTDIR: $QT_BASE_DIR
      PATH: $QT_BASE_DIR/bin:$PATH
      LD_LIBRARY_PATH: $QT_BASE_DIR/lib:$LD_LIBRARY_PATH
      PKG_CONFIG_PATH: $QT_BASE_DIR/lib/pkgconfig:$PKG_CONFIG_PATH

My whole yaml file that I am trying to get working for 20.04 (NEW):

name: WICKRLCAPPNAME
version: WICKRVERSIONNUM
summary: Secure Messaging for Teams
description: >
  Wickr Secure Messaging

grade: stable
confinement: strict
base: core20
icon: snap/gui/WICKRLCAPPNAME.png

apps:

  WICKRLCAPPNAME:
    environment:
      DISABLE_WAYLAND: 1
      QT_QPA_PLATFORMTHEME: gtk3  
      QT_BASE_DIR: /opt/qt51512
      QTDIR: $QT_BASE_DIR
      PATH: $QT_BASE_DIR/bin:$PATH
      LD_LIBRARY_PATH: $QT_BASE_DIR/lib:$LD_LIBRARY_PATH
      PKG_CONFIG_PATH: $QT_BASE_DIR/lib/pkgconfig:$PKG_CONFIG_PATH

    command: bin/desktop-launch WICKRAPPNAME #alsa-launch WICKRAPPNAME
    plugs:
    - alsa
    - audio-playback
    - audio-record
    - desktop
    - desktop-legacy
    - x11
    - unity7
    - wayland
    - gsettings
    - opengl
    - home
    - removable-media
    - network
    - network-bind
    - network-manager
    - network-observe
    - network-control
    - camera
    - screen-inhibit-control
    - raw-usb

parts:
  qt515:
    plugin: dump
    source: /opt/qt51512/qt51512_5.15.12-wickr_amd64.deb
    source-type: deb
    stage-packages:
      - libasn1-8-heimdal
      - libatk-bridge2.0-0
      - libatk1.0-0
      - libatspi2.0-0
      - libavahi-client3
      - libavahi-common3
      - libcairo-gobject2
      - libcairo2
      - libclang1-6.0
      - libcups2
      - libdatrie1
      - libdouble-conversion3
      - libdrm2
      - libegl1
      - libepoxy0
      - libevdev2
      - libevent-2.1-7
      - libffi7
      - libfontconfig1
      - libfreetype6
      - libfribidi0
      - libgbm1
      - libgdk-pixbuf2.0-0
      - libgl1
      - libglvnd0
      - libglx0
      - libgraphite2-3
      - libgssapi3-heimdal
      - libgstreamer-gl1.0-0
      - libgstreamer-plugins-base1.0-0
      - libgstreamer1.0-0
      - libgtk-3-0
      - libgudev-1.0-0
      - libharfbuzz0b
      - libhcrypto4-heimdal
      - libheimbase1-heimdal
      - libheimntlm0-heimdal
      - libhogweed5
      - libhunspell-1.7-0
      - libhx509-5-heimdal
      - libice6
      - libicu66
      - libinput10
      - libjbig0
      - libjpeg-turbo8
      - libkrb5-26-heimdal
      - libldap-2.4-2
      - libllvm6.0
      - libltdl7
      - libmtdev1
      - libnettle7
      - libnspr4
      - libnss3
      - libodbc1
      - libopenal1
      - liborc-0.4-0
      - libpango-1.0-0
      - libpangocairo-1.0-0
      - libpangoft2-1.0-0
      - libpixman-1-0
      - libpng16-16
      - libpq5
      - libroken18-heimdal
      - libsasl2-2
      - libsm6
      - libsnappy1v5
      - libsndio7.0
      - libsybdb5
      - libthai0
      - libtiff5
      - libtinfo6
      - libwacom2
      - libwayland-client0
      - libwayland-cursor0
      - libwayland-egl1
      - libwayland-server0
      - libwebp6
      - libwind0-heimdal
      - libx11-6
      - libx11-xcb1
      - libxcb-glx0
      - libxcb-icccm4
      - libxcb-image0
      - libxcb-keysyms1
      - libxcb-randr0
      - libxcb-render-util0
      - libxcb-render0
      - libxcb-shape0
      - libxcb-shm0
      - libxcb-sync1
      - libxcb-util1
      - libxcb-xfixes0
      - libxcb-xinerama0
      - libxcb-xinput0
      - libxcb-xkb1
      - libxcomposite1
      - libxcursor1
      - libxdamage1
      - libxext6
      - libxfixes3
      - libxi6
      - libxinerama1
      - libxkbcommon-x11-0
      - libxkbcommon0
      - libxml2
      - libxrandr2
      - libxrender1
      - libxslt1.1
      - libxtst6
      - libpcre2-16-0
      - libxau6
      - libxcb1
      - libxdmcp6
      - libclang1-10
      - libgstreamer-plugins-good1.0-0
      - libmysqlclient21
      - libopus0
      - libpulse0


  wickr:
    source: ../../WickrDesktopApp/ #../../sample_app/ this is relative to the "parts" directory that's created by snapcraft
    qmake-project-file: "../../../../WickrDesktopApp/desktop.pro"  #   "../../../../sample_app/sample_app.pro" this is relative to the "parts/wickr/src" directory
    plugin: qmake
    after: [desktop-qt5]#[alsa-mixin, desktop-qt5]
    qmake-parameters: [WICKRQMAKECONFIGS]
    build-environment:
    - PATH: "/root/parts/wickr/src/conan_include/google:/opt/qt51512/bin:$PATH"
    build-packages:
      - libdouble-conversion3
      - libicu66
      - libpcre2-16-0
      - libglib2.0-0
      - freeglut3-dev # needed by -lGL
      - libharfbuzz0b
      - libsqlcipher-dev
      - libssl-dev
      - uuid-dev
      - libbsd-dev
      - libblocksruntime-dev
      - libhunspell-dev

      - libasound2
      - libxcomposite1
      - libxdamage1
      - libxrandr2
      - libjpeg-turbo8
      - libxtst6
      - libnss3
      - libnspr4
      - libevent-2.1-7
      - libopus0
      - libfontconfig1
      - libsnappy1v5
      - libxml2
      - libxslt1.1
      - libpulse0
      - libqt5webengine5

    stage-packages:
      - libaom0
      - libavcodec58
      - libavformat58
      - libavutil56
      - libbluray2
      - libchromaprint1
      - libcodec2-0.9
      - libgme0
      - libgsm1
      - libminizip1
      - libopenjp2-7
      - libopenmpt0
      - libre2-5
      - libshine3
      - libsoxr0
      - libssh-gcrypt-4
      - libswresample3
      - libva-drm2
      - libva-x11-2
      - libva2
      - libvdpau1
      - libvorbisfile3
      - libwebpdemux2
      - libwebpmux3
      - libx264-155
      - libx265-179
      - libxvidcore4
      - libzvbi0

    override-build: |
      
      echo $PWD
      # For now CRAFT_PART_INSTALL does not work, what snapcraft changed it to for later versions
      mkdir -p $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/resources/icudtl.dat $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/resources/qtwebengine_devtools_resources.pak $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/resources/qtwebengine_resources_100p.pak $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/resources/qtwebengine_resources_200p.pak $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/resources/qtwebengine_resources.pak $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/libexec/QtWebEngineProcess $SNAPCRAFT_PART_INSTALL/usr/bin

      snapcraftctl build

  
   
  #ppa:
    #plugin: nil
    #override-pull: |
      #QT_BASE_DIR=/opt/qt51512
      #export QTDIR=$QT_BASE_DIR
      #export PATH=$QT_BASE_DIR/bin:$PATH
      ##export LD_LIBRARY_PATH=$QT_BASE_DIR/lib:$LD_LIBRARY_PATH
      #export PKG_CONFIG_PATH=$QT_BASE_DIR/lib/pkgconfig:$PKG_CONFIG_PATH

  desktop-qt5:
    source: https://github.com/spompelio/snapcraft-desktop-helpers.git
    source-commit: 6a4a132be505da069485473bb5f486afd69f28ba
    source-subdir: qt
    plugin: make
    after: [qt515]
    make-parameters: ["FLAVOR=qt5"]
    build-packages:
      - build-essential
      - dpkg-dev
    override-stage: |
        snapcraftctl stage
        strip --remove-section=.note.ABI-tag opt/qt51512/lib/libQt5Core.so.5
    override-prime: |
      snapcraftctl prime
      # needed for glib-compile-schemas to work
      apt-get update && apt-get install libglib2.0-0 libglib2.0-bin apt-utils -y
      cp /usr/share/glib-2.0/schemas/org.gtk.Settings.FileChooser.gschema.xml usr/share/glib-2.0/schemas
      glib-compile-schemas usr/share/glib-2.0/schemas
    stage-packages:
      - ttf-ubuntu-font-family
      - dmz-cursor-theme
      - light-themes
      - adwaita-icon-theme
      - gnome-themes-standard
      - shared-mime-info
      - libgdk-pixbuf2.0-0
      - locales-all
      - xdg-user-dirs
      - libgtk2.0-0
      - libavahi-client3
      - libavahi-common3
      - libboost-all-dev
      - libcapnp-0.7.0 #libcapnp-0.6.1
      - libcups2
      - libgbm1
      - libflac-dev
      - libxcomposite1
      - libxcursor1
      - libxi6
      - libxrender1
      - libxss1
      - libxtst6
      - libasyncns0
      - libfontconfig1
      - libhunspell-1.7-0 #libhunspell-1.6-0
      - libnspr4
      - libnss3
      - libogg0
      - libpulse0
      - libsndfile1
      - libvorbis0a
      - libvorbisenc2
      - libxml2
      - libxslt1.1
      - gstreamer1.0-plugins-base
      - gstreamer1.0-plugins-good
      - libslang2
      - liborc-0.4-0
      - libxcb-xfixes0
      - libwayland-client0
      - libwayland-cursor0
      - libwayland-egl1
      - libglu1-mesa
      - libgl1-mesa-dri
      - libmtdev1
      - libdb5.3
      - libgl1-mesa-glx
      - libgpm2
      - libxcb-glx0
      - libxxf86vm1
      - libdouble-conversion3 #libdouble-conversion1
      - libxcb1
      - libsm6
      - libice6
      - libxrandr2
      - libxcb-xkb1
      - libxcb-render-util0
      - libxcb-randr0
      - libxcb-image0
      - libxcb-keysyms1
      - libxcb-icccm4
      - libxcb-shape0
      - libxcb-util1
      - libxcb-xinput0
      - libxcb-xinerama0
      - xkb-data
      - libxkbcommon0
      - libxkbcommon-x11-0
      - libuuid1
      - zlib1g
      - libsystemd0
      - liblzma5
      - liblz4-1
      - libgpg-error0
      - libsqlcipher0
      - libpsm-infinipath1
      - libstdc++6
      - xdg-utils
      - libc-bin
      - freeglut3
      - libpsm2-2-compat

passthrough:
  layout:
    #/etc/asound.conf:
      #bind-file: $SNAP/etc/asound.conf
    #/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/salsa-lib:
      #bind: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib
    #/usr/share/alsa/alsa.conf:
      #bind-file: $SNAP/usr/share/alsa/alsa.conf
    #/usr/share/alsa:

      #bind: $SNAP/usr/share/alsa

plugs:
  # Support for common GTK themes
  # https://forum.snapcraft.io/t/how-to-use-the-system-gtk-theme-via-the-gtk-common-themes-snap/6235
  gsettings:
  gtk-3-themes:
    interface: content
    target: $SNAP/data-dir/themes
    default-provider: gtk-common-themes
  icon-themes:
    interface: content
    target: $SNAP/data-dir/icons
    default-provider: gtk-common-themes
  sound-themes:
    interface: content
    target: $SNAP/data-dir/sounds
    default-provider: gtk-common-themes
  browser-sandbox:
    interface: browser-support
    allow-sandbox: false

This is the OLD 18.04 yaml file where the LD_LIBRARY_PATH and the other ones are exposed where the app sees it and the app snaps correctly. Look at the ppa part (OLD):

The notable section:

  ppa:
    plugin: nil
    override-pull: |
      QT_BASE_DIR=/opt/qt51514
      export QTDIR=$QT_BASE_DIR
      export PATH=$QT_BASE_DIR/bin:$PATH
      export LD_LIBRARY_PATH=$QT_BASE_DIR/lib:$LD_LIBRARY_PATH
      export PKG_CONFIG_PATH=$QT_BASE_DIR/lib/pkgconfig:$PKG_CONFIG_PATH

The old yaml:

name: WICKRLCAPPNAME
version: WICKRVERSIONNUM
summary: Secure Messaging for Teams
description: >
  Wickr Secure Messaging

grade: stable
confinement: strict
base: core18
icon: snap/gui/WICKRLCAPPNAME.png

apps:

  WICKRLCAPPNAME:
    environment:
      DISABLE_WAYLAND: 1
      QT_QPA_PLATFORMTHEME: gtk3  
    command: desktop-launch alsa-launch WICKRAPPNAME
    plugs:
    - alsa
    - audio-playback
    - audio-record
    - desktop
    - desktop-legacy
    - x11
    - unity7
    - wayland
    - gsettings
    - opengl
    - home
    - removable-media
    - network
    - network-bind
    - network-manager
    - network-observe
    - network-control
    - camera
    - screen-inhibit-control
    - raw-usb

parts:
  qt515:
    plugin: dump
    source: /opt/qt51512/qt51512_5.15.12-wickr_amd64.deb
    source-type: deb

  wickr:
    source: ../../../ #this is relative to the "parts" directory that's created by snapcraft
    project-files: ["../../../../../desktop.pro"]  #this is relative to the "parts/wickr/src" directory
    plugin: qmakeppa
    after: [alsa-mixin, desktop-qt5]
    options: [WICKRQMAKECONFIGS]
    override-prime: |
      snapcraftctl prime

  alsa-mixin:
    plugin: nil
    source: https://github.com/diddlesnaps/snapcraft-alsa.git
    override-pull: |
      cat > asound.conf <<EOF
      pcm.!default {
          type pulse
          fallback "sysdefault"
          hint {
              show on
              description "Default ALSA Output (currently PulseAudio Sound Server)"
          }
      }
      ctl.!default {
          type pulse
          fallback "sysdefault"
      }
      EOF
      cat > alsa-launch <<EOF
      #!/bin/bash
      export ALSA_CONFIG_PATH="\$SNAP/etc/asound.conf"

      if [ -d "\$SNAP/usr/lib/alsa-lib" ]; then
          export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/usr/lib/alsa-lib"
      elif [ -d "\$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib" ]; then
          export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib"
      fi
      export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/pulseaudio"
      export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/opt/qt51512/lib"

      # Make PulseAudio socket available inside the snap-specific $XDG_RUNTIME_DIR
      if [ -n "\$XDG_RUNTIME_DIR" ]; then
          pulsenative="pulse/native"
          pulseaudio_sockpath="\$XDG_RUNTIME_DIR/../\$pulsenative"
          if [ -S "\$pulseaudio_sockpath" ]; then
              export PULSE_SERVER="unix:\${pulseaudio_sockpath}"
          fi
      fi

      exec "\$@"
      EOF
      chmod +x alsa-launch
    override-build: |
      snapcraftctl build
      install -m644 -D -t $SNAPCRAFT_PART_INSTALL/etc asound.conf
      install -m755 -D -t $SNAPCRAFT_PART_INSTALL/snap/command-chain alsa-launch
    build-packages:
      - libasound2-dev
    stage-packages:
      - libasound2
      - libasound2-plugins

  ppa:
    plugin: nil
    override-pull: |
      QT_BASE_DIR=/opt/qt51512
      export QTDIR=$QT_BASE_DIR
      export PATH=$QT_BASE_DIR/bin:$PATH
      export LD_LIBRARY_PATH=$QT_BASE_DIR/lib:$LD_LIBRARY_PATH
      export PKG_CONFIG_PATH=$QT_BASE_DIR/lib/pkgconfig:$PKG_CONFIG_PATH

  desktop-qt5:
    source: https://github.com/spompelio/snapcraft-desktop-helpers.git
    source-commit: 6a4a132be505da069485473bb5f486afd69f28ba
    source-subdir: qt
    plugin: make
    after: [qt515, ppa]
    make-parameters: ["FLAVOR=qt5"]
    build-packages:
      - build-essential
      - dpkg-dev
    override-stage: |
        snapcraftctl stage
        strip --remove-section=.note.ABI-tag opt/qt51512/lib/libQt5Core.so.5
    override-prime: |
      snapcraftctl prime
      cp /usr/share/glib-2.0/schemas/org.gtk.Settings.FileChooser.gschema.xml usr/share/glib-2.0/schemas
      glib-compile-schemas usr/share/glib-2.0/schemas
    stage-packages:
      - ttf-ubuntu-font-family
      - dmz-cursor-theme
      - light-themes
      - adwaita-icon-theme
      - gnome-themes-standard
      - shared-mime-info
      - libgdk-pixbuf2.0-0
      - locales-all
      - xdg-user-dirs
      - libgtk2.0-0
      - libavahi-client3
      - libavahi-common3
      - libcapnp-0.6.1
      - libcups2
      - libgbm1
      - libflac-dev
      - libxcomposite1
      - libxcursor1
      - libxi6
      - libxrender1
      - libxss1
      - libxtst6
      - libasyncns0
      - libfontconfig1
      - libhunspell-1.6-0
      - libnspr4
      - libnss3
      - libogg0
      - libpulse0
      - libsndfile1
      - libvorbis0a
      - libvorbisenc2
      - libxml2
      - libxslt1.1
      - gstreamer1.0-plugins-base
      - gstreamer1.0-plugins-good
      - libslang2
      - liborc-0.4-0
      - libxcb-xfixes0
      - libwayland-client0
      - libwayland-cursor0
      - libwayland-egl1
      - libglu1-mesa
      - libgl1-mesa-dri
      - libmtdev1
      - libdb5.3
      - libgl1-mesa-glx
      - libgpm2
      - libxcb-glx0
      - libxxf86vm1
      - libdouble-conversion1
      - libxcb1
      - libsm6
      - libice6
      - libxrandr2
      - libxcb-xkb1
      - libxcb-render-util0
      - libxcb-randr0
      - libxcb-image0
      - libxcb-keysyms1
      - libxcb-icccm4
      - libxcb-shape0
      - libxcb-util1
      - libxcb-xinput0
      - libxcb-xinerama0
      - xkb-data
      - libxkbcommon0
      - libxkbcommon-x11-0
      - libuuid1
      - zlib1g
      - libsystemd0
      - liblzma5
      - liblz4-1
      - libgpg-error0
      - libsqlcipher0
      - libpsm-infinipath1
      - libstdc++6
      - xdg-utils
      - libc-bin

passthrough:
  layout:
    /etc/asound.conf:
      bind-file: $SNAP/etc/asound.conf
    /usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib:
      bind: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib
    /usr/share/alsa/alsa.conf:
      bind-file: $SNAP/usr/share/alsa/alsa.conf

plugs:
  # Support for common GTK themes
  # https://forum.snapcraft.io/t/how-to-use-the-system-gtk-theme-via-the-gtk-common-themes-snap/6235
  gsettings:
  gtk-3-themes:
    interface: content
    target: $SNAP/data-dir/themes
    default-provider: gtk-common-themes
  icon-themes:
    interface: content
    target: $SNAP/data-dir/icons
    default-provider: gtk-common-themes
  sound-themes:
    interface: content
    target: $SNAP/data-dir/sounds
    default-provider: gtk-common-themes
  browser-sandbox:
    interface: browser-support
    allow-sandbox: false

When I run ‘sudo snap install wickrproalpha_6.17.1_amd64.snap --devmode --dangerous’ and then run the app with ‘wickrproalpha’ I get this error:

WickrProAlpha: error while loading shared libraries: libQt5WebEngine.so.5: cannot open shared object file: No such file or directory

Which I assume is because not setting the variables spoken about above properly.

Just drop the :$LD_LIBRARY_PATH from the end of the line, this is what is causing the security breach the CVE points to…

How about the other lines in?:

      DISABLE_WAYLAND: 1
      QT_QPA_PLATFORMTHEME: gtk3  
      QT_BASE_DIR: /opt/qt51512
      QTDIR: $QT_BASE_DIR
      PATH: $QT_BASE_DIR/bin:$PATH
      LD_LIBRARY_PATH: $QT_BASE_DIR/lib:$LD_LIBRARY_PATH
      PKG_CONFIG_PATH: $QT_BASE_DIR/lib/pkgconfig:$PKG_CONFIG_PATH

The snapcraft command is run using --use-lxd. When I log into the lxc container to see if those environmental variables stuck with “echo $ PKG_CONFIG_PATH” or “echo $QTDIR” they show up empty. I did a test and put those commands in a local test.sh file and ran “source test.sh” and those echo commands worked.

The whole point in having :$LD_LIBRARY_PATH is to be able to preprend to that variable. Is that not how you do it?

not since that CVE was raised … snapcraft now adds the LD_LIBRARY_PATH on its own so it can not be randomly set by an attacker to your current directory …

i.e. with the way you set the var you could provide your own libc with malicious functions via the homedir and do:

$ export LD_LIBRARY_PATH=.
$ snap run foo-snap

see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27348

So how do recommend I set

      DISABLE_WAYLAND: 1
      QT_QPA_PLATFORMTHEME: gtk3  
      QT_BASE_DIR: /opt/qt51512
      QTDIR: $QT_BASE_DIR
      PATH: $QT_BASE_DIR/bin:$PATH
      LD_LIBRARY_PATH: $QT_BASE_DIR/lib:$LD_LIBRARY_PATH
      PKG_CONFIG_PATH: $QT_BASE_DIR/lib/pkgconfig:$PKG_CONFIG_PATH

properly?

as i said before, just drop the last bit:

LD_LIBRARY_PATH: $QT_BASE_DIR/lib

Ok so the CVE-2020-27348: A potentially empty LD_LIBRARY_PATH has been set for environment in 'wickrproalpha'. The current working directory will be added to the library path if empty. This can cause unexpected libraries to be loaded. error is gone.

The new output: Priming wickr + snapcraftctl prime The passthrough property is being used to propagate experimental properties to snap.yaml that have not been validated. Snapping | Snapped wickrproalpha_6.17.1_amd64.snap

I then ran to make the snap: sudo snap install wickrproalpha_6.17.1_amd64.snap --devmode --dangerous

Then to run the snap: wickrproalpha

However I get this error: WickrProAlpha: error while loading shared libraries: libQt5WebEngine.so.5: cannot open shared object file: No such file or directory

How do I fix this error?

what exactly do you expect this to do ? your application runs on top of the (readonly) core18 snap that definitely does not have an /opt/qt51512 directory …

you should check your prime directory after the build (or simply look in your unpacked or mounted snap package) where that “qt51512” directory really resides and then fix that variable accordingly

I mount it like so:

lxc config device add $containername opt disk source=/opt/ path=/opt/

I put two examples above, you might have looked at the core18 version (the old version). the core20 is my current one.

See /opt/qt51512/lib is in the lxc container:

yes opt/qt51512/lib is on the container:

snapcraft-wickrproalpha /opt/qt51512# ls
bin  include  libexec  phrasebooks  qml resources
doc  lib      mkspecs  plugins qt51512_5.15.12-wickr_amd64.deb  translations

Would I need to put $SNAP as in $SNAP/$QT_BASE_DIR/lib?

I am not talking about your build container… the variable you set is for your runtime environment… take a look under /snap after you installed the package and try to find out where the directory resides. Then adjust the runtime variable accordingly…

So in the unpacked packages using try snap I get this location: squashfs-root/opt/qt51512/lib/

snap’s location: squashfs-root/snap

squashfs-root holds all the stuff and is outputed from the try snap command. its path for what I have for experimentation: /home/ubuntu/Desktop/try_test/squashfs-root/

Great, so you want:

QT_BASE_DIR: $SNAP/opt/qt51512

Ok with that I was able to run the app and it opened! However, the audio of the app does not work as I did not add the alsa part from my old 18.04 yaml that you can see in my first post:

  alsa-mixin:
    plugin: nil
    source: https://github.com/diddlesnaps/snapcraft-alsa.git
    override-pull: |
      cat > asound.conf <<EOF
      pcm.!default {
          type pulse
          fallback "sysdefault"
          hint {
              show on
              description "Default ALSA Output (currently PulseAudio Sound Server)"
          }
      }
      ctl.!default {
          type pulse
          fallback "sysdefault"
      }
      EOF
      cat > alsa-launch <<EOF
      #!/bin/bash
      export ALSA_CONFIG_PATH="\$SNAP/etc/asound.conf"

      if [ -d "\$SNAP/usr/lib/alsa-lib" ]; then
          export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/usr/lib/alsa-lib"
      elif [ -d "\$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib" ]; then
          export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib"
      fi
      export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/pulseaudio"
      export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/opt/qt51512/lib"

      # Make PulseAudio socket available inside the snap-specific $XDG_RUNTIME_DIR
      if [ -n "\$XDG_RUNTIME_DIR" ]; then
          pulsenative="pulse/native"
          pulseaudio_sockpath="\$XDG_RUNTIME_DIR/../\$pulsenative"
          if [ -S "\$pulseaudio_sockpath" ]; then
              export PULSE_SERVER="unix:\${pulseaudio_sockpath}"
          fi
      fi

      exec "\$@"
      EOF
      chmod +x alsa-launch
    override-build: |
      snapcraftctl build
      install -m644 -D -t $SNAPCRAFT_PART_INSTALL/etc asound.conf
      install -m755 -D -t $SNAPCRAFT_PART_INSTALL/snap/command-chain alsa-launch
    build-packages:
      - libasound2-dev
    stage-packages:
      - libasound2
      - libasound2-plugins 

passthrough:
  layout:
    /etc/asound.conf:
      bind-file: $SNAP/etc/asound.conf
    /usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib:
      bind: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib
    /usr/share/alsa/alsa.conf:
      bind-file: $SNAP/usr/share/alsa/alsa.conf

How do I do the 20.04 version of this alsa part? I believe a good amount of that (in the override pull) is work arounds due to limitations of the 18.04 version.

What I am currently trying:

name: WICKRLCAPPNAME
version: WICKRVERSIONNUM
summary: Secure Messaging for Teams
description: >
  Wickr Secure Messaging

grade: stable
confinement: strict
base: core20
icon: snap/gui/WICKRLCAPPNAME.png

apps:

  WICKRLCAPPNAME:
    environment:
      ALWAYS_USE_PULSEAUDIO: '1'
      DISABLE_WAYLAND: 1
      QT_QPA_PLATFORMTHEME: gtk3  
      QT_BASE_DIR: $SNAP/opt/qt51512
      QTDIR: $QT_BASE_DIR
      PATH: $QT_BASE_DIR/bin:$PATH
      LD_LIBRARY_PATH: $QT_BASE_DIR/lib # :$LD_LIBRARY_PATH
      PKG_CONFIG_PATH: $QT_BASE_DIR/lib/pkgconfig:$PKG_CONFIG_PATH

    command: bin/desktop-launch snap/command-chain/alsa-launch WICKRAPPNAME #alsa-launch WICKRAPPNAME
    plugs:
    - alsa
    - audio-playback
    - audio-record
    - desktop
    - desktop-legacy
    - x11
    - unity7
    - wayland
    - gsettings
    - opengl
    - home
    - removable-media
    - network
    - network-bind
    - network-manager
    - network-observe
    - network-control
    - camera
    - screen-inhibit-control
    - raw-usb

parts:
  qt515:
    plugin: dump
    source: /opt/qt51512/qt51512_5.15.12-wickr_amd64.deb
    source-type: deb
    stage-packages:
      - libasn1-8-heimdal
      - libatk-bridge2.0-0
      - libatk1.0-0
      - libatspi2.0-0
      - libavahi-client3
      - libavahi-common3
      - libcairo-gobject2
      - libcairo2
      - libclang1-6.0
      - libcups2
      - libdatrie1
      - libdouble-conversion3
      - libdrm2
      - libegl1
      - libepoxy0
      - libevdev2
      - libevent-2.1-7
      - libffi7
      - libfontconfig1
      - libfreetype6
      - libfribidi0
      - libgbm1
      - libgdk-pixbuf2.0-0
      - libgl1
      - libglvnd0
      - libglx0
      - libgraphite2-3
      - libgssapi3-heimdal
      - libgstreamer-gl1.0-0
      - libgstreamer-plugins-base1.0-0
      - libgstreamer1.0-0
      - libgtk-3-0
      - libgudev-1.0-0
      - libharfbuzz0b
      - libhcrypto4-heimdal
      - libheimbase1-heimdal
      - libheimntlm0-heimdal
      - libhogweed5
      - libhunspell-1.7-0
      - libhx509-5-heimdal
      - libice6
      - libicu66
      - libinput10
      - libjbig0
      - libjpeg-turbo8
      - libkrb5-26-heimdal
      - libldap-2.4-2
      - libllvm6.0
      - libltdl7
      - libmtdev1
      - libnettle7
      - libnspr4
      - libnss3
      - libodbc1
      - libopenal1
      - liborc-0.4-0
      - libpango-1.0-0
      - libpangocairo-1.0-0
      - libpangoft2-1.0-0
      - libpixman-1-0
      - libpng16-16
      - libpq5
      - libroken18-heimdal
      - libsasl2-2
      - libsm6
      - libsnappy1v5
      - libsndio7.0
      - libsybdb5
      - libthai0
      - libtiff5
      - libtinfo6
      - libwacom2
      - libwayland-client0
      - libwayland-cursor0
      - libwayland-egl1
      - libwayland-server0
      - libwebp6
      - libwind0-heimdal
      - libx11-6
      - libx11-xcb1
      - libxcb-glx0
      - libxcb-icccm4
      - libxcb-image0
      - libxcb-keysyms1
      - libxcb-randr0
      - libxcb-render-util0
      - libxcb-render0
      - libxcb-shape0
      - libxcb-shm0
      - libxcb-sync1
      - libxcb-util1
      - libxcb-xfixes0
      - libxcb-xinerama0
      - libxcb-xinput0
      - libxcb-xkb1
      - libxcomposite1
      - libxcursor1
      - libxdamage1
      - libxext6
      - libxfixes3
      - libxi6
      - libxinerama1
      - libxkbcommon-x11-0
      - libxkbcommon0
      - libxml2
      - libxrandr2
      - libxrender1
      - libxslt1.1
      - libxtst6
      - libpcre2-16-0
      - libxau6
      - libxcb1
      - libxdmcp6
      - libclang1-10
      - libgstreamer-plugins-good1.0-0
      - libmysqlclient21
      - libopus0
      - libpulse0


  wickr:
    source: ../../WickrDesktopApp/ #../../sample_app/ this is relative to the "parts" directory that's created by snapcraft
    qmake-project-file: "../../../../WickrDesktopApp/desktop.pro"  #   "../../../../sample_app/sample_app.pro" this is relative to the "parts/wickr/src" directory
    plugin: qmake
    after: [desktop-qt5]#[alsa-mixin, desktop-qt5]
    qmake-parameters: [alsa-mixin, WICKRQMAKECONFIGS]
    build-environment:
    - PATH: "/root/parts/wickr/src/conan_include/google:/opt/qt51512/bin:$PATH"
    build-packages:
      - libdouble-conversion3
      - libicu66
      - libpcre2-16-0
      - libglib2.0-0
      - freeglut3-dev # needed by -lGL
      - libharfbuzz0b
      - libsqlcipher-dev
      - libssl-dev
      - uuid-dev
      - libbsd-dev
      - libblocksruntime-dev
      - libhunspell-dev

      - libasound2
      - libxcomposite1
      - libxdamage1
      - libxrandr2
      - libjpeg-turbo8
      - libxtst6
      - libnss3
      - libnspr4
      - libevent-2.1-7
      - libopus0
      - libfontconfig1
      - libsnappy1v5
      - libxml2
      - libxslt1.1
      - libpulse0
      - libqt5webengine5

    stage-packages:
      - libaom0
      - libavcodec58
      - libavformat58
      - libavutil56
      - libbluray2
      - libchromaprint1
      - libcodec2-0.9
      - libgme0
      - libgsm1
      - libminizip1
      - libopenjp2-7
      - libopenmpt0
      - libre2-5
      - libshine3
      - libsoxr0
      - libssh-gcrypt-4
      - libswresample3
      - libva-drm2
      - libva-x11-2
      - libva2
      - libvdpau1
      - libvorbisfile3
      - libwebpdemux2
      - libwebpmux3
      - libx264-155
      - libx265-179
      - libxvidcore4
      - libzvbi0

    override-build: |
      
      echo $PWD
      # For now CRAFT_PART_INSTALL does not work, what snapcraft changed it to for later versions
      mkdir -p $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/resources/icudtl.dat $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/resources/qtwebengine_devtools_resources.pak $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/resources/qtwebengine_resources_100p.pak $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/resources/qtwebengine_resources_200p.pak $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/resources/qtwebengine_resources.pak $SNAPCRAFT_PART_INSTALL/usr/bin
      cp /opt/qt51512/libexec/QtWebEngineProcess $SNAPCRAFT_PART_INSTALL/usr/bin

      snapcraftctl build


  alsa-mixin:
    plugin: dump
    source: https://github.com/diddlesnaps/snapcraft-alsa.git
    source-subdir: snapcraft-assets
    build-packages:
      - libasound2-dev
    stage-packages:
      - libasound2
      - libasound2-plugins
      - yad
    stage:
      # restrict to only audio-related files - you need to ensure
      # that gtk3 is staged for yad to work correctly, to prompt
      # users to connect the alsa plug or proceed with pulseaudio.
      #
      # This helps prevent symbol conflicts in situations where
      # you're using a non-default library, such as those that the
      # gnome-3-34 extension for core18 provides.
      - etc/asound.conf
      - snap/command-chain/alsa-launch
      - usr/bin/yad*
      - usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib
      - usr/lib/$SNAPCRAFT_ARCH_TRIPLET/libasound*
      - usr/lib/$SNAPCRAFT_ARCH_TRIPLET/libdnsfile*
      - usr/lib/$SNAPCRAFT_ARCH_TRIPLET/libFLAC*
      - usr/lib/$SNAPCRAFT_ARCH_TRIPLET/libjack*
      - usr/lib/$SNAPCRAFT_ARCH_TRIPLET/libpulse*
      - usr/lib/$SNAPCRAFT_ARCH_TRIPLET/libsamplerate*
      - usr/lib/$SNAPCRAFT_ARCH_TRIPLET/libspeex*
      - usr/lib/$SNAPCRAFT_ARCH_TRIPLET/libvorbis*
      - usr/lib/$SNAPCRAFT_ARCH_TRIPLET/pulseaudio
      
  #ppa:
    #plugin: nil
    #override-pull: |
      #QT_BASE_DIR=/opt/qt51512
      #export QTDIR=$QT_BASE_DIR
      #export PATH=$QT_BASE_DIR/bin:$PATH
      ##export LD_LIBRARY_PATH=$QT_BASE_DIR/lib:$LD_LIBRARY_PATH
      #export PKG_CONFIG_PATH=$QT_BASE_DIR/lib/pkgconfig:$PKG_CONFIG_PATH

  desktop-qt5:
    source: https://github.com/spompelio/snapcraft-desktop-helpers.git
    source-commit: 6a4a132be505da069485473bb5f486afd69f28ba
    source-subdir: qt
    plugin: make
    after: [qt515]
    make-parameters: ["FLAVOR=qt5"]
    build-packages:
      - build-essential
      - dpkg-dev
    override-stage: |
        snapcraftctl stage
        strip --remove-section=.note.ABI-tag opt/qt51512/lib/libQt5Core.so.5
    override-prime: |
      snapcraftctl prime
      # needed for glib-compile-schemas to work
      apt-get update && apt-get install libglib2.0-0 libglib2.0-bin apt-utils -y
      cp /usr/share/glib-2.0/schemas/org.gtk.Settings.FileChooser.gschema.xml usr/share/glib-2.0/schemas
      glib-compile-schemas usr/share/glib-2.0/schemas
    stage-packages:
      - ttf-ubuntu-font-family
      - dmz-cursor-theme
      - light-themes
      - adwaita-icon-theme
      - gnome-themes-standard
      - shared-mime-info
      - libgdk-pixbuf2.0-0
      - locales-all
      - xdg-user-dirs
      - libgtk2.0-0
      - libavahi-client3
      - libavahi-common3
      - libboost-all-dev
      - libcapnp-0.7.0 #libcapnp-0.6.1
      - libcups2
      - libgbm1
      - libflac-dev
      - libxcomposite1
      - libxcursor1
      - libxi6
      - libxrender1
      - libxss1
      - libxtst6
      - libasyncns0
      - libfontconfig1
      - libhunspell-1.7-0 #libhunspell-1.6-0
      - libnspr4
      - libnss3
      - libogg0
      - libpulse0
      - libsndfile1
      - libvorbis0a
      - libvorbisenc2
      - libxml2
      - libxslt1.1
      - gstreamer1.0-plugins-base
      - gstreamer1.0-plugins-good
      - libslang2
      - liborc-0.4-0
      - libxcb-xfixes0
      - libwayland-client0
      - libwayland-cursor0
      - libwayland-egl1
      - libglu1-mesa
      - libgl1-mesa-dri
      - libmtdev1
      - libdb5.3
      - libgl1-mesa-glx
      - libgpm2
      - libxcb-glx0
      - libxxf86vm1
      - libdouble-conversion3 #libdouble-conversion1
      - libxcb1
      - libsm6
      - libice6
      - libxrandr2
      - libxcb-xkb1
      - libxcb-render-util0
      - libxcb-randr0
      - libxcb-image0
      - libxcb-keysyms1
      - libxcb-icccm4
      - libxcb-shape0
      - libxcb-util1
      - libxcb-xinput0
      - libxcb-xinerama0
      - xkb-data
      - libxkbcommon0
      - libxkbcommon-x11-0
      - libuuid1
      - zlib1g
      - libsystemd0
      - liblzma5
      - liblz4-1
      - libgpg-error0
      - libsqlcipher0
      - libpsm-infinipath1
      - libstdc++6
      - xdg-utils
      - libc-bin
      - freeglut3
      - libpsm2-2-compat

passthrough:
  layout:
    /etc/asound.conf:
      bind-file: $SNAP/etc/asound.conf
    /usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib:
      bind: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib
    /usr/share/alsa/alsa.conf:
      bind-file: $SNAP/usr/share/alsa/alsa.conf
    /usr/share/alsa:
      bind: $SNAP/usr/share/alsa

plugs:
  # Support for common GTK themes
  # https://forum.snapcraft.io/t/how-to-use-the-system-gtk-theme-via-the-gtk-common-themes-snap/6235
  gsettings:
  gtk-3-themes:
    interface: content
    target: $SNAP/data-dir/themes
    default-provider: gtk-common-themes
  icon-themes:
    interface: content
    target: $SNAP/data-dir/icons
    default-provider: gtk-common-themes
  sound-themes:
    interface: content
    target: $SNAP/data-dir/sounds
    default-provider: gtk-common-themes
  browser-sandbox:
    interface: browser-support
    allow-sandbox: false

With help from: https://snapcraft-alsa.readthedocs.io/en/latest/snapcraft_usage.html#snapcraft-usage

The build gets kinda far, but it currently gets this error:

Cannot find file: alsa-mixin.
Info: creating stash file /root/parts/wickr/build/.qmake.stash
Failed to build 'wickr'.

The error message suggests that the build process cannot find the alsa-mixin file. To fix this issue, you need to ensure that the alsa-mixin part is defined correctly in your snapcraft.yaml file. Here’s the modified version of your snapcraft.yaml file with the alsa-mixin part added correctly:

name: WICKRLCAPPNAME
version: WICKRVERSIONNUM
summary: Secure Messaging for Teams
description: >
  Wickr Secure Messaging

grade: stable
confinement: strict
base: core20
icon: snap/gui/WICKRLCAPPNAME.png

apps:
  WICKRLCAPPNAME:
    environment:
      ALWAYS_USE_PULSEAUDIO: '1'
      DISABLE_WAYLAND: 1
      QT_QPA_PLATFORMTHEME: gtk3  
      QT_BASE_DIR: $SNAP/opt/qt51512
      QTDIR: $QT_BASE_DIR
      PATH: $QT_BASE_DIR/bin:$PATH
      LD_LIBRARY_PATH: $QT_BASE_DIR/lib
      PKG_CONFIG_PATH: $QT_BASE_DIR/lib/pkgconfig:$PKG_CONFIG_PATH
    command: bin/desktop-launch snap/command-chain/alsa-launch WICKRAPPNAME
    plugs:
      - alsa
      - audio-playback
      - audio-record
      - desktop
      - desktop-legacy
      - x11
      - unity7
      - wayland
      - gsettings
      - opengl
      - home
      - removable-media
      - network
      - network-bind
      - network-manager
      - network-observe
      - network-control
      - camera
      - screen-inhibit-control
      - raw-usb

parts:
  qt515:
    plugin: dump
    source: /opt/qt51512/qt51512_5.15.12-wickr_amd64.deb
    source-type: deb
    stage-packages:
      - libasn1-8-heimdal
      # rest of the packages...

  wickr:
    # rest of the configuration...

  alsa-mixin:
    plugin: nil
    override-pull: |
      cat > asound.conf <<EOF
      pcm.!default {
          type pulse
          fallback "sysdefault"
          hint {
              show on
              description "Default ALSA Output (currently PulseAudio Sound Server)"
          }
      }
      ctl.!default {
          type pulse
          fallback "sysdefault"
      }
      EOF
      cat > alsa-launch <<EOF
      #!/bin/bash
      export ALSA_CONFIG_PATH="\$SNAP/etc/asound.conf"

      if [ -d "\$SNAP/usr/lib/alsa-lib" ]; then
          export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/usr/lib/alsa-lib"
      elif [ -d "\$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib" ]; then
          export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/alsa-lib"
      fi
      export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/pulseaudio"
      export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH:\$SNAP/opt/qt51512/lib"

      # Make PulseAudio socket available inside the snap-specific $XDG_RUNTIME_DIR
      if [ -n "\$XDG_RUNTIME_DIR" ]; then
          pulsenative="pulse/native"
          pulseaudio_sockpath="\$XDG_RUNTIME_DIR/../\$pulsenative"
          if [ -S "\$pulseaudio_sockpath" ]; then
              export PULSE_SERVER="unix:\${pulseaudio_sockpath}"
          fi
      fi

      exec "\$@"
      EOF
      chmod +x alsa-launch
    override-build: |
      snapcraftctl build
      install -m644 -D -t $SNAPCRAFT_PART_INSTALL/etc asound.conf
      install -m755 -D -t $SNAPCRAFT_PART_INSTALL/snap/command-chain alsa-launch
    build-packages:
      - libasound2-dev
    stage-packages:
      - libasound2
      - libasound2-plugins 

plugs:
  # rest of the plugs...

Make sure to replace the # rest of the configuration... with the appropriate configuration for the wickr part. With this updated configuration, the alsa-mixin part should be included correctly, and the build process should proceed without the “Cannot find file: alsa-mixin” error.

The alsa-mixin stuff has changed a lot upstream and this was already pointed out above… it ships the alsa-launch script as a file, there is no need for the override-pull block at all anymore… and the current upstream documentation has dropped it long ago…

EDIT ah, sorry not above but in one of the other wickr threads… sadly this is spread across multiple posts