Classic confinement request for webcatalog

quanglam2807 · August 21, 2019, 1:27pm

My app, WebCatalog (https://snapcraft.io/webcatalog) is being published with strict confinement. But recently, after an user’s report, I found out that the app didn’t work with strict mode.

After testing, I recognized that the app requires classic confinement to work correctly. I would like to request classic confinement for the snap (webcatalog).

Reasoning

WebCatalog requires access to external commands, especially electron-packager. Without classic confident, it returns the error libnss3 . so cannot open shared object file even though libnss3 and libnss3-dev are both installed.

quanglam2807 · August 21, 2019, 1:28pm

Code reference: https://github.com/quanglam2807/webcatalog/blob/master/public/libs/app-management/install-app-async/forked-script.js

lucyllewy · August 22, 2019, 10:38am

Have you tried shipping electron-packager within your snap?

The library issue might be alleviated by judicious usage of the LD_LIBRARY_PATH environment variable.

quanglam2807 · August 22, 2019, 2:42pm

Thank you for response.

Yes, I’m shipping electron-packager with my snap. I’m not familiar with LD_LIBRARY_PATH so I’m not sure what you’re suggesting.

There’s an example on StackOverflow regarding this: https://stackoverflow.com/questions/51261976/how-can-i-use-ffplay-from-electron-js-app. But it involves the users running the command on their side. classic confinement lets the app run out of the box. I hope the team would fast-track my request or provide me with a simple solution as I’m supporting the app on multiple platforms so it would be infeasible to make too many customizations to have the app available on Snap.

Thank you.

ogra · August 22, 2019, 3:11pm

classic confinement is usually only granted if there are technical limitations you can not overcome at all under strict confinement.

if your libraries are not found but shipped in your package this is usually simply a packaging error you can overcome by adding the correct bits to snapcraft.yaml (like extending LD_LIBRABRY_PATH with the proper directories to make the app find the libnss you ship inside your snap package) like @lucyllewy said already.

quanglam2807 · August 22, 2019, 5:48pm

Thank you for the response.

So I use electron-builder to build the app and it seems like LD_LIBRARY_PATH is defined here: https://github.com/electron-userland/electron-builder/blob/master/packages/app-builder-lib/src/targets/snap.ts#L104. What should I add to fix the issue?

The error is /snap/webcatalog/x1/app/webcatalog: error while loading shared libraries: libnss3.so: cannot open shared object file: No such file or directory.

Please help!
Thank you.

quanglam2807 · August 22, 2019, 5:58pm

Additionally, the snap also need to create .desktop files in ~/.local/usr/share/applications and save Linux executables to ~/.webcatalog. So I’m not sure if these things are possible with strict mode.

quanglam2807 · August 23, 2019, 2:32am

Thank you, Snap team!
I decided not to release webcatalog in snap format because of this fallback. Still, I’ll use it for other projects in the future.

Thank you for helping me.

ogra · August 23, 2019, 8:42am

while electron-builder is awesome for very simple apps, i’d recommend using something else if your app is more complex, needs additional adjustments or dependencies …

take a look at:

about how to use electron-packager instead and have the ability to manage everything through a snapcraft.yaml file. that way you have far more control about the snap side of things while still basing everything around your package.json.