Manual review request for the master-pdf-editor-5 snap - classic

Anna22 · February 8, 2024, 1:44pm

This is what appears when i run the app and try to search devices to scan

ogra · February 8, 2024, 1:47pm

Right, you should stage libffi and libbz2 i guess (the first two apparmor denials in your output, the rest looks harmless)…

Could you do a build with the linter enabled and share the linter output from the end if your build log ?

Anna22 · February 8, 2024, 1:56pm

Sure,

Lint warnings:

library: libsepol.so.2: unused library ‘lib/x86_64-linux-gnu/libsepol.so.2’.
library: libtirpc.so.3: unused library ‘lib/x86_64-linux-gnu/libtirpc.so.3.0.0’.
library: libEGL_mesa.so.0: unused library ‘usr/lib/x86_64-linux-gnu/libEGL_mesa.so.0.0.0’.
library: libGLX_mesa.so.0: unused library ‘usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0’.
library: libgthread-2.0.so.0: unused library ‘usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0.7200.4’.
library: libicuio.so.70: unused library ‘usr/lib/x86_64-linux-gnu/libicuio.so.70.1’.
library: libicutest.so.70: unused library ‘usr/lib/x86_64-linux-gnu/libicutest.so.70.1’.
library: libnetsnmpmibs.so.40: unused library ‘usr/lib/x86_64-linux-gnu/libnetsnmpmibs.so.40.1.0’.
library: libpcre16.so.3: unused library ‘usr/lib/x86_64-linux-gnu/libpcre16.so.3.13.3’.
library: libpcre2-32.so.0: unused library ‘usr/lib/x86_64-linux-gnu/libpcre2-32.so.0.10.4’.
library: libpcre2-posix.so.3: unused library ‘usr/lib/x86_64-linux-gnu/libpcre2-posix.so.3.0.1’.
library: libpcre32.so.3: unused library ‘usr/lib/x86_64-linux-gnu/libpcre32.so.3.13.3’.
library: libpcrecpp.so.0: unused library ‘usr/lib/x86_64-linux-gnu/libpcrecpp.so.0.0.1’.
library: libpcreposix.so.3: unused library ‘usr/lib/x86_64-linux-gnu/libpcreposix.so.3.13.3’.
library: libsnmp.so.40: unused library ‘usr/lib/x86_64-linux-gnu/libsnmp.so.40.1.0’.
library: libssl3.so: unused library ‘usr/lib/x86_64-linux-gnu/libssl3.so’.

I tried to delete unused library, but output was the same. In my list all libraries are necessary)

ogra · February 8, 2024, 2:04pm

Well, some of them might simply already come from the kde-neon extension so they wouldn’t be used from that location but from the library path the extension defines… but they are harmless and just add a little bloat, i was more hoping for some “missing library” messages, but that side seems to be fine…

Anna22 · February 8, 2024, 2:11pm

I have tried to fix this problem with scanner for 3 month and only classical confinement solved this problem(

ogra · February 8, 2024, 2:39pm

well, lets try the following …

remove the etc-mpe plug definition and remove it from your plugs: of the app …

instead add a layout like:

layout:
  /etc/sane.d:
    bind: $SNAP/etc/sane.d

and add libsane-common and libsane-hpaio to your stage-packages so etc/sane.d in your snap is populated, see if that helps …

additionally try changing cups to cups-control (and connect it after installing the snap), though this last bit will likely only help for printing, not for scanning i guess

Anna22 · February 9, 2024, 1:33pm

Thanks, I will try and inform you about results

Anna22 · February 12, 2024, 11:21am

Hi! Unfortunately, adding a layout and libraries does not solve the problem. App does not find devices to scan. And there is nothing regarding scanning in logs…

Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/snap/core22/1033/usr/lib/x86_64-linux-gnu/libffi.so.8.1.0" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /snap/core22/1033/usr/lib/x86_64-linux-gnu/libffi.so.8.1.0 (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/snap/core22/1033/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /snap/core22/1033/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4 (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/usr/lib64/" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /usr/lib64/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/usr/lib32/" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /usr/lib32/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/usr/lib64/" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /usr/lib64/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/usr/lib32/" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /usr/lib32/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/usr/lib64/" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /usr/lib64/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/a11y/bus" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.a11y.Bus" pid=4930 label="snap.master-pdf-editor-5.masterpdfeditor5" peer_pid=2205 peer_label="unconfined"
DBus access

= Seccomp =
Time: 2024-02-12T12:5
Log: auid=1001 uid=1001 gid=1001 ses=4 subj=snap.master-pdf-editor-5.masterpdfeditor5 pid=4930 comm="masterpdfeditor" exe="/snap/master-pdf-editor-5/x1/masterpdfeditor5" sig=0 arch=c000003e 203(sched_setaffinity) compat=0 ip=0x7f88251b0531 code=0x50000
Syscall: sched_setaffinity
Suggestion:
* ignore the denial if the program otherwise works correctly (unconditional sched_setaffinity is often just noise)

= Seccomp =
Time: 2024-02-12T12:5
Log: auid=1001 uid=1001 gid=1001 ses=4 subj=snap.master-pdf-editor-5.masterpdfeditor5 pid=4930 comm="masterpdfeditor" exe="/snap/master-pdf-editor-5/x1/masterpdfeditor5" sig=0 arch=c000003e 141(setpriority) compat=0 ip=0x7f882522f97b code=0x50000
Syscall: setpriority
Suggestion:

* ignore the denial if the program otherwise works correctly (unconditional setpriority is often just noise)

= Seccomp =
Time: 2024-02-12T12:5
Log: auid=1001 uid=1001 gid=1001 ses=4 subj=snap.master-pdf-editor-5.masterpdfeditor5 pid=4930 comm="masterpdfeditor" exe="/snap/master-pdf-editor-5/x1/masterpdfeditor5" sig=0 arch=c000003e 203(sched_setaffinity) compat=0 ip=0x7f88251b0531 code=0x50000
Syscall: sched_setaffinity
Suggestion:
* ignore the denial if the program otherwise works correctly (unconditional sched_setaffinity is often just noise)

= Seccomp =
Time: 2024-02-12T12:5
Log: auid=1001 uid=1001 gid=1001 ses=4 subj=snap.master-pdf-editor-5.masterpdfeditor5 pid=4930 comm="masterpdfeditor" exe="/snap/master-pdf-editor-5/x1/masterpdfeditor5" sig=0 arch=c000003e 141(setpriority) compat=0 ip=0x7f882522f97b code=0x50000
Syscall: setpriority
Suggestion:
* ignore the denial if the program otherwise works correctly (unconditional setpriority is often just noise)

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/a11y/bus" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.a11y.Bus" pid=4930 label="snap.master-pdf-editor-5.masterpdfeditor5" peer_pid=2205 peer_label="unconfined"
DBus access

Printing works nicely with cups-control… And another problem with my snap: it runs with master-pdf-editor-5.masterpdfeditor5, not with masterpdfeditor5… And there is no Master PDF Editor in the app’s list

ogra · February 12, 2024, 2:09pm

well, I’d have expected the first two (libffi and libbz2) to not show up anymore after you add them to stage packages, can you run the following commands on a system that has your snap installed:

find /snap/master-pdf-editor-5/current/ -name '*libffi.*' 2>/dev/null

find /snap/master-pdf-editor-5/current/ -name '*libbz2.*' 2>/dev/null

and:

snap run --shell master-pdf-editor-5.masterpdfeditor5 -c 'echo $LD_LIBRARY_PATH'

That should show if the libs are really in your snap and if the library search path includes all locations needed to actually find them …

regarding the need for master-pdf-editor-5.masterpdfeditor5, you will only be able to run the command with a single name if the app name matches exactly the snap name, so you’d either need to rename your app: entry in snapcraft.yaml to have the dashes in the name or you need to drop the currect snap and register it newly without the dashes…

Anna22 · February 13, 2024, 12:46pm

That is output:

arogozina@codeindustry-PC:~$ find /snap/master-pdf-editor-5/current/ -name '*libffi.*' 2>/dev/null
/snap/master-pdf-editor-5/current/usr/lib/x86_64-linux-gnu/libffi.a
/snap/master-pdf-editor-5/current/usr/lib/x86_64-linux-gnu/libffi.so
/snap/master-pdf-editor-5/current/usr/lib/x86_64-linux-gnu/pkgconfig/libffi.pc
/snap/master-pdf-editor-5/current/usr/share/doc/libffi8/html/Using-libffi.html
/snap/master-pdf-editor-5/current/usr/share/info/libffi.info.gz
arogozina@codeindustry-PC:~$ find /snap/master-pdf-editor-5/current/ -name '*libbz2.*' 2>/dev/null
arogozina@codeindustry-PC:~$ snap run --shell master-pdf-editor-5.masterpdfeditor5 -c 'echo $LD_LIBRARY_PATH'
update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/boot /boot none bind,ro 0 0): permission denied
/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl32:/var/lib/snapd/void:/snap/master-pdf-editor-5/x1/lib:/snap/master-pdf-editor-5/x1/usr/lib:/snap/master-pdf-editor-5/x1/lib/x86_64-linux-gnu:/snap/master-pdf-editor-5/x1/usr/lib/x86_64-linux-gnu:/snap/master-pdf-editor-5/x1/kf5/lib/x86_64-linux-gnu:/snap/master-pdf-editor-5/x1/kf5/usr/lib/x86_64-linux-gnu:/snap/master-pdf-editor-5/x1/kf5/usr/lib:/snap/master-pdf-editor-5/x1/kf5/lib:/snap/master-pdf-editor-5/x1/kf5/usr/lib/x86_64-linux-gnu/dri:/var/lib/snapd/lib/gl:/snap/master-pdf-editor-5/x1/kf5/usr/lib/x86_64-linux-gnu/pulseaudio

ogra · February 13, 2024, 12:54pm

so this is not the right package … you seem to have seeded libffi-dev into stage-packages, not libffi8 which is the one it is looking for … (note that -dev packages should only be used in build-packages (and only if it is actually needed to build the binaries you want to ship))

you also seem to still be missing libbz2-1.0 in stage-packages …

the library search path seems to be fine …

Anna22 · February 13, 2024, 1:23pm

I have checked libffi8 - it is not dev.

I added libbz2 in stage packages

    stage-packages:
            - libpkcs11-helper1
            - libsane1
            - zlib1g
            - libstdc++6
            - libqt5svg5
            - libqt5printsupport5
            - libqt5widgets5
            - libqt5gui5
            - libqt5qml5
            - libqt5network5
            - libqt5xml5
            - libqt5concurrent5
            - libqt5core5a
            - libgl1
            - libgcc-s1
            - libusb-1.0-0
            - libxml2
            - libpng16-16
            - libharfbuzz0b
            - libmd4c0
            - libgssapi-krb5-2
            - libdouble-conversion3
            - libicu70
            - libicu70
            - libpcre2-16-0
            - libzstd1
            - libglib2.0-0
            - libglib2.0-dev
            - libglvnd0
            - libglx0
            - libudev1
            - liblzma5
            - libfreetype6
            - libgraphite2-3
            - libkrb5-3
            - libk5crypto3
            - libcom-err2
            - libkrb5support0
            - libicu70
            - libpcre3
            - libx11-6
            - libkeyutils1
            - libxcb1
            - libxau6
            - libxdmcp6
            - libmd0
            - libbsd0
            - libffi8
            - libbz2
            - libsane-hpaio
            - libsane-common

and

Stage package not found in part 'masterpdfeditor5': libbz2.                                                                                                 
Failed to execute pack in instance.

ogra · February 13, 2024, 2:01pm

The package name is libbz2-1.0

Anna22 · February 13, 2024, 2:06pm

Then:

Failed to fetch package: The item '/root/.cache/snapcraft/download/libqt5qml5_5.15.3+dfsg-1_amd64.deb' could not be fetched: Could not connect to archive.ubuntu.com:80 (2620:2d:4002:1::101). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (2620:2d:4002:1::103). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (2620:2d:4002:1::102). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (185.125.190.36). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (185.125.190.39). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (91.189.91.83). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (91.189.91.82). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (91.189.91.81). - connect (113: No route to host).                                                                                                                                     
Failed to execute pack in instance.                                                                                                                         
Recommended resolution: Run the same command again with --debug to shell into the environment if you wish to introspect this failure.                       
Full execution log: '/root/.local/state/snapcraft/log/snapcraft-20240213-164033.218244.log'

ogra · February 13, 2024, 3:16pm

Well, that looks more like a network issue …

Anna22 · February 15, 2024, 7:35am

What else can I try to make my app search devices?

ogra · February 15, 2024, 11:21am

Did you fix the network issue with your container?

Anna22 · February 16, 2024, 11:50am

Yes, it is ok now. Snap was created

Anna22 · February 16, 2024, 1:25pm

But app does not search devices

emitorino · February 16, 2024, 8:21pm

@Anna22 can you share error logs, if you have them? Thanks!