How to execute binaries inside a Snap app

I have been going back and forth in Cannot publish an electron app for many days trying to figure out how to get my Electron app to work with Snap. I eventually moved from electron-forge to electron-builder, just for the Snap build, and did some workarounds to be able to build --destructive-mode and I now have a built Snap app published with the name swach.

However, as part of the Electron app, we bundle the scrot binary as part of electron-color-picker. When we try to execute it, it does not seem to have the permissions it needs to run under Snap.

Is there a way to whitelist binaries shipped with the app or do we need to somehow use a stage package instead or something?

This is where the scrot binary is called in electron-color-picker https://github.com/mockingbot/electron-color-picker/blob/master/source/linux/linux-scrot/index.js#L7. My first thought was perhaps we could make that path configurable, and ship scrot as a stage package in the Snap app, then switch the path out.

My next thought was we could add the existing bundled scrot from inside electron-color-picker to the `parts for the app or something. Perhaps something like:

parts:
  scrot:
    plugin: dump
    source: app/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot

This is all purely speculation, as I am not very familiar with Snap, and I would love some help figuring out how to successfully get this binary to run please! Thanks in advance! :slight_smile:

What are the filesystem permissions on the scrot binary once you’ve built your snap? There is no “allow-list” nor “deny-list”; if a program exists inside your snap then you can call it from the context of your snap. The only limits are with interaction with the outside world via the confinement rules and the filesystem permissions allowing read or execute¹.

¹Note that the writable permission is not controlled via the relevant filesystem permission bit for files shipped in the snap package because the package is read-only anyway.

@daniel scrot takes screenshots, so it likely needs permissions for the outside world in some way. Here is the info from the previous post on permissions:

It appears the permissions on scrot are for root:

-rwxr-xr-x 1 root root 27928 May 19 13:46 /snap/swach/19/app/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot

And it appears the run/user/1000/snap.swach where it saves the screenshot has these permissions:

drwx------ 4 rwwagner90 rwwagner90 100 May 19 14:04 snap.swach

I am not sure if they both need to be root, or both should be my user or what.

Is there a specific way you wanted me to check permissions? This was running ls -l on the files, but I’m unsure if those permissions even apply inside Snap, since of course this is executable directly.

In the previous post you recommended I run:

snap run --shell swach /snap/swach/current/app/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot

I ran that and got cannot execute binary file. How might I allow Snap to execute this file?

Curious, from outside the snap, what is the output of file /snap/swach/current/app/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot?

@jdstrand

/snap/swach/current/app/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=a3f6c2a8ca69d878895beb573f65b2d9b5268fdf, stripped

@jdstrand is that what you were expecting to see?

@daniel @jdstrand any ideas here? I’m quite anxious to get this wrapped up. I’m happy to pay for someone to help wrap this up if necessary.

@jdstrand @daniel how do we proceed from here? I may have to abandon Snap and try something like Flatpak instead if we cannot resolve this issue.

It would probably be helpful for @jdstrand and I if you could share either your work-in-progress sources or a snap package built from them so that we can try to reproduce the error on our own system(s). We might be able to spot something running it locally that we don’t think to ask about when going back and forth in the forum :slight_smile:

1 Like

@daniel it’s a publicly available snap. It’s called swach. It has been published and available since I first started this thread.

If you would be willing to install it locally and see if you can spot anything, that would be great!

1 Like

It looks like it may be missing some dependencies for scrot:

snap run --shell swach -c '/snap/swach/20/app/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot'

/snap/swach/20/app/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot: error while loading shared libraries: libX11.so.6: cannot open shared object file: No such file or directory
$ apt-file search libX11.so.6
libx11-6: /usr/lib/x86_64-linux-gnu/libX11.so.6
libx11-6: /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
libx11-6-dbg: /usr/lib/debug/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
$

so you likely want libx11-6 in stage-packages:

@cjp256 @ogra thanks for the tip! I added libx11-6 to stage-packages and released a new version but I still see the same error when I run the command from above.

snap run --shell swach -c '/snap/swach/21/app/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot'

/snap/swach/21/app/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot: error while loading shared libraries: libX11.so.6: cannot open shared object file: No such file or directory

well, the way you call it via snap run --shell wont have LD_LIBRARY_PATH set … what about the scrot feature when you run the app normally (the snapcraft ,launcher and desktop-launch should set these variables properly?

@ogra no it does not work, still the same errors as before:

Error: Command failed: /snap/swach/21/app/resources/app.asar.unpacked/node_modules/electron-color-picker/library/linux/linux-scrot/scrot /run/user/1000/snap.swach/temp-screenshot.png
giblib error: Saving to file /run/user/1000/snap.swach/temp-screenshot.png failed

@daniel @cjp256 @ogra any other suggestions? I would still be happy to pay someone to help debug this on their machine, as I do not regularly use Linux and don’t know much about Snapcraft or how to debug this.

Strangely, I can’t get the snap to open on my system at all :frowning: Running on the command line exits with a return code of 1 and no output. I suspect that is due to something about my system though, but can’t prove it.

@daniel that’s strange. It is a menubar app, and I know some Linux distros have an issue with showing the tray icon or something. What is your system?

I’m running Ubuntu 20.04 (i.e. Gnome)