Hey guys,
My snap doesn’t seem to copy files using the install hook :
my install hook script
#!/bin/sh -e
cp $SNAP/xwiki-platform-distribution-jetty-hsqldb-13.10.8/stop_xwiki.sh $SNAP_USER_DATA/stop_xwiki.sh
after installing the snap the $SNAP_USER_DATA folder has only one current file and the stop_xwiki.sh is not being copied. am I missing something?
hooks run as root … you can not write to $SNAP_USER_DATA this way.
if you want to write to a users home (i.e. $SNAP_USER_DATA) you need to do it from a command-chain script on first start of the app instead …
if your app is a daemon, you instead want to use $SNAP_DATA for all your writable data (which translates to /var/snap/<snapname>/current)
hey @ogra,
I changed the SNAP_USER_DATA to SNAP_DATA in the install hook, but that also doesn’t seem to copy the files .
/var/snap/snapname>/current is also empty for my snap, despite /snap/snapname> containing files.
What might be the reason for the following? Any guesses?
did you remove the snap first ? the install hook might only run on fresh installs …
also, your source path for the copy command looks a bit strange, do you actually have xwiki-platform-distribution-jetty-hsqldb-13.10.8/ as a dir in the top level of your snap ?
another thing to note is that snap hooks are always run with -e so your “/bin/sh -e” is redundant, drop the -e there …
to see any issues with the hook you can use journalctl -f from a second terminal while installing your snap …
yes, I had removed the snap first before reinstalling it.
there is a folder called platform-distribution-jetty-hsqldb-13.10.8/ in /snap/xwiki/x1/platform-distribution-jetty-hsqldb-13.10.8/. I hope that that’s what you meant.
my hooks/install script:
#!/bin/sh
cp $SNAP/xwiki-platform-distribution-jetty-hsqldb-13.10.8/stop_xwiki.sh $SNAP_DATA/stop_xwiki.sh
my journalctl -f logs
Aug 09 20:48:57 pop-os kernel: audit: type=1400 audit(1660058337.282:474): apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap.xwiki.hook.install” pid=15761 comm=“apparmor_parser”
Aug 09 20:48:57 pop-os systemd[1]: apt-daily.service: Deactivated successfully.
Aug 09 20:48:57 pop-os systemd[1]: Finished Daily apt download activities.
Aug 09 20:48:57 pop-os audit[15815]: AVC apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name="/snap/snapd/16292/usr/lib/snapd/snap-confine" pid=15815 comm=“apparmor_parser”
Aug 09 20:48:57 pop-os audit[15815]: AVC apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name="/snap/snapd/16292/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=15815 comm=“apparmor_parser”
Aug 09 20:48:58 pop-os audit[15818]: AVC apparmor=“STATUS” operation=“profile_replace” profile=“unconfined” name=“snap.xwiki.start” pid=15818 comm=“apparmor_parser”
Aug 09 20:48:58 pop-os kernel: audit: type=1400 audit(1660058338.182:477): apparmor=“STATUS” operation=“profile_replace” profile=“unconfined” name=“snap.xwiki.start” pid=15818 comm=“apparmor_parser”
Aug 09 20:48:58 pop-os kernel: audit: type=1400 audit(1660058338.194:478): apparmor=“STATUS” operation=“profile_replace” profile=“unconfined” name=“snap.xwiki.stop” pid=15819 comm=“apparmor_parser”
Aug 09 20:48:58 pop-os kernel: audit: type=1400 audit(1660058338.194:479): apparmor=“STATUS” operation=“profile_replace” profile=“unconfined” name=“snap.xwiki.hook.install” pid=15817 comm=“apparmor_parser”
Aug 09 20:48:58 pop-os audit[15821]: AVC apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap-update-ns.xwiki” pid=15821 comm=“apparmor_parser”
Aug 09 20:48:58 pop-os kernel: audit: type=1400 audit(1660058338.198:480): apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap-update-ns.xwiki” pid=15821 comm=“apparmor_parser”
Aug 09 20:48:58 pop-os systemd[1]: Started snap.xwiki.hook.install.c2cf2773-ed8a-42e6-8428-5b2c13e2dc92.scope.
Aug 09 20:48:58 pop-os audit[15822]: AVC apparmor=“DENIED” operation=“open” profile="/snap/snapd/16292/usr/lib/snapd/snap-confine" name="/etc/pop-os/os-release" pid=15822 comm=“snap-confine” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Aug 09 20:48:58 pop-os audit[15822]: AVC apparmor=“DENIED” operation=“open” profile="/snap/snapd/16292/usr/lib/snapd/snap-confine" name="/etc/pop-os/os-release" pid=15822 comm=“snap-confine” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Aug 09 20:48:58 pop-os audit[15822]: AVC apparmor=“DENIED” operation=“open” profile="/snap/snapd/16292/usr/lib/snapd/snap-confine" name="/etc/pop-os/os-release" pid=15822 comm=“snap-confine” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Aug 09 20:48:58 pop-os audit[15840]: AVC apparmor=“DENIED” operation=“open” profile=“snap-update-ns.xwiki” name="/etc/pop-os/os-release" pid=15840 comm=“5” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Aug 09 20:48:58 pop-os systemd[1]: tmp-snap.rootfs_Dn8Yve.mount: Deactivated successfully.
Aug 09 20:48:58 pop-os audit[15822]: AVC apparmor=“ALLOWED” operation=“open” profile=“snap.xwiki.hook.install” name="/etc/pop-os/os-release" pid=15822 comm=“snap-exec” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Aug 09 20:48:59 pop-os systemd[1]: snap.xwiki.hook.install.c2cf2773-ed8a-42e6-8428-5b2c13e2dc92.scope: Deactivated successfully.
(attached relevant logs )
The copy still does not seem to work . Is there an alternative approach I can take ?
oh, you are using popos …
are snaps actually genrally running at all on your system, given the snap-confine binary stumbles over their /etc/os-release hackery (popos symlinks that file to an (for snapd) unreadable location) ?
but regardless, it does not seem like your hook gets executed anywhere in the process, are you sure it is executable ?
I don’t understand what you meant here but the snaps are working on my system. The install script is executable(verified with ./install).
can I run a script in that copies the snap/xwiki/x1/platform-distribution-jetty-hsqldb-13.10.8/stop_xwiki.sh to /home/snap/xwiki/stop_xwiki.sh and call it in a command in snapcraft.yaml would that be a valid way to make a snap?
no, this is not a place a snap could write to …
looking at
i do not see any hooks directory at all …
you also seem to define a stop command that uses the stop_xwiki.sh script directly from the $SNAP dir in your snapcraft.yaml, what is actually the purpose of your install hook here ?
hey @ogra,
oops, pushed the hooks folder now. (here)
I wanted to run the script start_xwiki.sh, but almost all the files under snap/xwiki/platform-distribution-jetty-hsqldb-13.10.8/ need to be writable .which is not possible I guess. So I plan on copying almost all the files of the snap from /snap/XWiki/* to $SNAP_DATA/. Then I could run the start_xwiki.sh using another shell script that I define in the snap something like this (./home/username/snap/xwiki/x1/start_xwiki.sh).
since all the files in $SNAP_DATA are writeable it would work just fine .
is there a better alternative ?
okay, looking at your hook on GH, i dont see you creating the dir, try something like:
#! /bin/sh # (there is really no reason to waste 5MB ram to load bash for a simple cp, always use sh if possible)
# put target dir name into a variable to make everything shorter and more readable
TARGET="$SNAP_DATA/xwiki-platform-distribution-jetty-hsqldb-13.10.8"
# make sure the dir we want to copy to is actually existing
[ -d $TARGET ] || mkdir -p $TARGET
# copy the script only if it does not yet exist
if [ ! -e $TARGET/stop_xwiki.sh ]; then
cp $SNAP/xwiki-platform-distribution-jetty-hsqldb-13.10.8/stop_xwiki.sh $TARGET/
fi
there is no dir being created in home/snap/for xwiki
and I don’t think that the script is running either 
(used the sh script recommended by you)
what might be the possible reason?
why would it be created there (there should be no /home/snap at all)?
$SNAP_DATA is /var/snap/<snapname>/current … so the hook should create the dir there and copy the script into that dir in the end …
if you want to create the script in someones home dir, you can not use the install hook at all (as discussed before) but would need to use a command-chain script that copies over the files on first use of the app …
the var/snap//current is empty . and how can i use the command-chain script to copy over the files?
anything new in the journal for the hook execution ?
The logs are the same
well, again, that popos hack seems to prevent snap-confine from actually being able to detect the OS at all and then seems to disable hook execution.
do you have a chance to perhaps try it in a VM on any system that is not as hacked up as popos ?
hey @ogra,
I used a KVM of ubuntu 22.04(on my popOS) to install the snap . Unfortunately, it had similar results (used the install script recommended by you(https://github.com/xwiki-contrib/packaging-snap) )
journalctl logs:
Aug 11 17:31:48 vm2-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1660219308.304:218): apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap.xwiki.hook.install” pid=8481 comm=“apparmor_parser”
Aug 11 17:31:48 vm2-Standard-PC-Q35-ICH9-2009 audit[8482]: AVC apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap.xwiki.start” pid=8482 comm=“apparmor_parser”
Aug 11 17:31:48 vm2-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1660219308.448:219): apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap.xwiki.start” pid=8482 comm=“apparmor_parser”
Aug 11 17:31:48 vm2-Standard-PC-Q35-ICH9-2009 audit[8483]: AVC apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap.xwiki.stop” pid=8483 comm=“apparmor_parser”
Aug 11 17:31:48 vm2-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1660219308.620:220): apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap.xwiki.stop” pid=8483 comm=“apparmor_parser”
Aug 11 17:31:49 vm2-Standard-PC-Q35-ICH9-2009 audit[8503]: AVC apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name="/snap/snapd/15177/usr/lib/snapd/snap-confine" pid=8503 comm=“apparmor_parser”
Aug 11 17:31:49 vm2-Standard-PC-Q35-ICH9-2009 audit[8503]: AVC apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name="/snap/snapd/15177/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=8503 comm=“apparmor_parser”
Aug 11 17:31:49 vm2-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1660219309.748:221): apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name="/snap/snapd/15177/usr/lib/snapd/snap-confine" pid=8503 comm=“apparmor_parser”
Aug 11 17:31:49 vm2-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1660219309.748:222): apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name="/snap/snapd/15177/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=8503 comm=“apparmor_parser”
Aug 11 17:31:49 vm2-Standard-PC-Q35-ICH9-2009 audit[8505]: AVC apparmor=“STATUS” operation=“profile_replace” profile=“unconfined” name=“snap.xwiki.hook.install” pid=8505 comm=“apparmor_parser”
Aug 11 17:31:49 vm2-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1660219309.960:223): apparmor=“STATUS” operation=“profile_replace” profile=“unconfined” name=“snap.xwiki.hook.install” pid=8505 comm=“apparmor_parser”
Aug 11 17:31:50 vm2-Standard-PC-Q35-ICH9-2009 audit[8506]: AVC apparmor=“STATUS” operation=“profile_replace” profile=“unconfined” name=“snap.xwiki.start” pid=8506 comm=“apparmor_parser”
Aug 11 17:31:50 vm2-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1660219310.148:224): apparmor=“STATUS” operation=“profile_replace” profile=“unconfined” name=“snap.xwiki.start” pid=8506 comm=“apparmor_parser” Aug 11 17:31:50 vm2-Standard-PC-Q35-ICH9-2009 audit[8507]: AVC apparmor=“STATUS” operation=“profile_replace” profile=“unconfined” name=“snap.xwiki.stop” pid=8507 comm=“apparmor_parser”
Aug 11 17:31:50 vm2-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1660219310.344:225): apparmor=“STATUS” operation=“profile_replace” profile=“unconfined” name=“snap.xwiki.stop” pid=8507 comm=“apparmor_parser”
Aug 11 17:31:50 vm2-Standard-PC-Q35-ICH9-2009 audit[8509]: AVC apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap-update-ns.xwiki” pid=8509 comm=“apparmor_parser”
Aug 11 17:31:50 vm2-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1660219310.352:226): apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap-update-ns.xwiki” pid=8509 comm=“apparmor_parser”
Aug 11 17:31:50 vm2-Standard-PC-Q35-ICH9-2009 systemd[1]: Started snap.xwiki.hook.install.eb3eb781-a3a5-4b63-9b4e-cfdd417217d2.scope.
Aug 11 17:31:50 vm2-Standard-PC-Q35-ICH9-2009 systemd[1]: tmp-snap.rootfs_LnZjaI.mount: Deactivated successfully.
Aug 11 17:31:50 vm2-Standard-PC-Q35-ICH9-2009 systemd[1]: snap.xwiki.hook.install.eb3eb781-a3a5-4b63-9b4e-cfdd417217d2.scope: Deactivated successfully.
Aug 11 17:31:51 vm2-Standard-PC-Q35-ICH9-2009 sudo[8362]: pam_unix(sudo:session): session closed for user root
will try it on another machine running different os
well, that shows no errors at all, also note you can ignore all the apparmor="STATUS" lines, they are just info messages when setting up the snap during install …
the hook starts:
and seems to finish without errors:
to get some more debugging data you can add set -x to the second line of the hook and put exit 1 at the very end … hooks only print out any stuff when they do not exit successfully (thus the “exit 1”) and the “set -x” will make it print out all lines and variable values …
I updated the hook as you suggested (https://github.com/xwiki-contrib/packaging-snap/blob/main/xwiki-jetty/hooks/install).
journalctl logs:
Aug 11 18:11:05 vm2-Standard-PC-Q35-ICH9-2009 systemd[1]: Started snap.xwiki.hook.install.20372f2e-4d49-483e-aa9d-5b1a35bccb95.scope.
Aug 11 18:11:05 vm2-Standard-PC-Q35-ICH9-2009 systemd[1]: tmp-snap.rootfs_v8kEqQ.mount: Deactivated successfully.
Aug 11 18:11:06 vm2-Standard-PC-Q35-ICH9-2009 systemd[1]: snap.xwiki.hook.install.20372f2e-4d49-483e-aa9d-5b1a35bccb95.scope: Deactivated successfully.
Aug 11 18:11:06 vm2-Standard-PC-Q35-ICH9-2009 sudo[9245]: pam_unix(sudo:session): session closed for user root
It doesn’t seem to have changed much.
hmm, nothing there … that is weird … the hook does not seem to be executed at all … could you try removing the plug definition (comment out line 17-19) in your snapcraft.yaml ?