Library linter

The library linter is a Snapcraft linter that is used to verify whether any ELF file dependencies, typically libraries, are missing from a snap. It also verifies if any libraries are included in a snap but are not used.

• How the library linter helps
• Linter warnings
  • Example
• Addressing linter issues

See Disabling linters for details on how to stop this linter running.

How the linter helps

If a snapped application depends on libraries neither provided by the base system, nor included as a dependency, the snap package may execute in an incorrect or unpredictable way. The library linter issues a warning if a missing dependency is detected.

Snap package size can be reduced by removing extra libraries that are not used by the applications in the snap. The library linter issues a warning if unused libraries are detected.

Linter warnings

The library linter will issue a warning if:

• ELF dependencies are detected as missing from the snap package.
• Libraries not used by an ELF file in the snap package are detected.

Example

The example below shows two missing libraries (libcaca and libslang) and one unused library (libpng16).

Running linter: library
Lint warnings:
- library: my-app: missing dependency 'libcaca.so.0'.
- library: my-app: missing dependency 'libslang.so.2'.
- library: libpng16.so.16: unused library 'usr/lib/x86_64-linux-gnu/libpng16.so.16.37.0'. 

Addressing issues

To address library linter issues, packages containing any missing libraries need to be added to the list of stage-packages. Unused libraries can be removed from stage-packages. See Build and staging dependencies for further details.

It’d be useful to also check to see if the snap contains libraries that shadow libraries from the base snap or content snaps. That’s something that has bitten us a few times in the past.

One example was the snap-store snap. At one point it was shipping libatk, shadowing the copy from the gnome platform snap. There were other libraries within the platform snap that linked with libatk, but weren’t shadowed by snap-store. When an update was pushed to the platform snap that upgraded libatk and some other libraries, it broke snap-store because those other libraries didn’t work with the old libatk.

I’m sure there are cases where shadowing is intended, but maybe it is better to get people to be explicit about it and silence the linter for those specific cases.

I would like to ask whether this may generate false positives such as a program loading the shared libraries only in runtime.

Also, how to silent the warning when false positives are occurred, thanks!

If you have dlopen() calls or a similar mechanism in your code then yes, you will get a false positive.

See this page for disabling them.