Exposing shared library contained in snap to host system

RandomFish227 · October 18, 2021, 7:54am

Hi everyone, i have a very specific question. I am currently working on a project which enables users to digitally sign the document using their ID card by using the external signing application. In order to sign the document we use our custom PKCS11 wrapper library that will be shipped with the application. The signing scenario is as follows:

User start external signing application
User specifies the PATH to our PKCS11 wrapper library shipped alongside the application
User is prompted to enter 2 security codes to confirm his identity
Document signed!

The PKCS11 shared library is also dependent on other shared libraries shipped alongside the application.

So my questions are:

Is there any way I can expose our PKCS11 library to the host system?

If so can i make the path to the PKCS11 library always be the same on all distros and different hosts?

lucyllewy · October 18, 2021, 4:21pm

If you’re shipping the library along with the application then why do you need to expose the library to the system?

RandomFish227 · October 18, 2021, 5:16pm

Hi, thank you for your reply. Its because the external independent app is the one that uses this library. And it uses it by selecting (browsing) the path to our PKCS11 library

ogra · October 18, 2021, 5:49pm

you could use an install hook to put the lib into $SNAP_COMMON and then tell your users to point their authentication app to /var/snap/<snapname>/common (which the variable translates to) … though i’m not sure how you actually plan to make your app communicate with the signing app, confinement might get in your way here …

RandomFish227 · October 19, 2021, 9:02am

Thank you for your reply i will look into this.