Manual review request for the master-pdf-editor-5 snap - classic

This is what appears when i run the app and try to search devices to scan

Right, you should stage libffi and libbz2 i guess (the first two apparmor denials in your output, the rest looks harmless)…

Could you do a build with the linter enabled and share the linter output from the end if your build log ?

Sure,

Lint warnings:

  • library: libsepol.so.2: unused library ‘lib/x86_64-linux-gnu/libsepol.so.2’.
  • library: libtirpc.so.3: unused library ‘lib/x86_64-linux-gnu/libtirpc.so.3.0.0’.
  • library: libEGL_mesa.so.0: unused library ‘usr/lib/x86_64-linux-gnu/libEGL_mesa.so.0.0.0’.
  • library: libGLX_mesa.so.0: unused library ‘usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0’.
  • library: libgthread-2.0.so.0: unused library ‘usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0.7200.4’.
  • library: libicuio.so.70: unused library ‘usr/lib/x86_64-linux-gnu/libicuio.so.70.1’.
  • library: libicutest.so.70: unused library ‘usr/lib/x86_64-linux-gnu/libicutest.so.70.1’.
  • library: libnetsnmpmibs.so.40: unused library ‘usr/lib/x86_64-linux-gnu/libnetsnmpmibs.so.40.1.0’.
  • library: libpcre16.so.3: unused library ‘usr/lib/x86_64-linux-gnu/libpcre16.so.3.13.3’.
  • library: libpcre2-32.so.0: unused library ‘usr/lib/x86_64-linux-gnu/libpcre2-32.so.0.10.4’.
  • library: libpcre2-posix.so.3: unused library ‘usr/lib/x86_64-linux-gnu/libpcre2-posix.so.3.0.1’.
  • library: libpcre32.so.3: unused library ‘usr/lib/x86_64-linux-gnu/libpcre32.so.3.13.3’.
  • library: libpcrecpp.so.0: unused library ‘usr/lib/x86_64-linux-gnu/libpcrecpp.so.0.0.1’.
  • library: libpcreposix.so.3: unused library ‘usr/lib/x86_64-linux-gnu/libpcreposix.so.3.13.3’.
  • library: libsnmp.so.40: unused library ‘usr/lib/x86_64-linux-gnu/libsnmp.so.40.1.0’.
  • library: libssl3.so: unused library ‘usr/lib/x86_64-linux-gnu/libssl3.so’.

I tried to delete unused library, but output was the same. In my list all libraries are necessary)

Well, some of them might simply already come from the kde-neon extension so they wouldn’t be used from that location but from the library path the extension defines… but they are harmless and just add a little bloat, i was more hoping for some “missing library” messages, but that side seems to be fine…

I have tried to fix this problem with scanner for 3 month and only classical confinement solved this problem(

well, lets try the following …

remove the etc-mpe plug definition and remove it from your plugs: of the app …

instead add a layout like:

layout:
  /etc/sane.d:
    bind: $SNAP/etc/sane.d

and add libsane-common and libsane-hpaio to your stage-packages so etc/sane.d in your snap is populated, see if that helps …

additionally try changing cups to cups-control (and connect it after installing the snap), though this last bit will likely only help for printing, not for scanning i guess

Thanks, I will try and inform you about results

Hi! Unfortunately, adding a layout and libraries does not solve the problem. App does not find devices to scan. And there is nothing regarding scanning in logs…

Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/snap/core22/1033/usr/lib/x86_64-linux-gnu/libffi.so.8.1.0" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /snap/core22/1033/usr/lib/x86_64-linux-gnu/libffi.so.8.1.0 (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/snap/core22/1033/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /snap/core22/1033/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4 (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/usr/lib64/" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /usr/lib64/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/usr/lib32/" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /usr/lib32/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/usr/lib64/" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /usr/lib64/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/usr/lib32/" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /usr/lib32/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="open" class="file" profile="snap.master-pdf-editor-5.masterpdfeditor5" name="/usr/lib64/" pid=4930 comm="masterpdfeditor" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
File: /usr/lib64/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/a11y/bus" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.a11y.Bus" pid=4930 label="snap.master-pdf-editor-5.masterpdfeditor5" peer_pid=2205 peer_label="unconfined"
DBus access

= Seccomp =
Time: 2024-02-12T12:5
Log: auid=1001 uid=1001 gid=1001 ses=4 subj=snap.master-pdf-editor-5.masterpdfeditor5 pid=4930 comm="masterpdfeditor" exe="/snap/master-pdf-editor-5/x1/masterpdfeditor5" sig=0 arch=c000003e 203(sched_setaffinity) compat=0 ip=0x7f88251b0531 code=0x50000
Syscall: sched_setaffinity
Suggestion:
* ignore the denial if the program otherwise works correctly (unconditional sched_setaffinity is often just noise)

= Seccomp =
Time: 2024-02-12T12:5
Log: auid=1001 uid=1001 gid=1001 ses=4 subj=snap.master-pdf-editor-5.masterpdfeditor5 pid=4930 comm="masterpdfeditor" exe="/snap/master-pdf-editor-5/x1/masterpdfeditor5" sig=0 arch=c000003e 141(setpriority) compat=0 ip=0x7f882522f97b code=0x50000
Syscall: setpriority
Suggestion:

* ignore the denial if the program otherwise works correctly (unconditional setpriority is often just noise)

= Seccomp =
Time: 2024-02-12T12:5
Log: auid=1001 uid=1001 gid=1001 ses=4 subj=snap.master-pdf-editor-5.masterpdfeditor5 pid=4930 comm="masterpdfeditor" exe="/snap/master-pdf-editor-5/x1/masterpdfeditor5" sig=0 arch=c000003e 203(sched_setaffinity) compat=0 ip=0x7f88251b0531 code=0x50000
Syscall: sched_setaffinity
Suggestion:
* ignore the denial if the program otherwise works correctly (unconditional sched_setaffinity is often just noise)

= Seccomp =
Time: 2024-02-12T12:5
Log: auid=1001 uid=1001 gid=1001 ses=4 subj=snap.master-pdf-editor-5.masterpdfeditor5 pid=4930 comm="masterpdfeditor" exe="/snap/master-pdf-editor-5/x1/masterpdfeditor5" sig=0 arch=c000003e 141(setpriority) compat=0 ip=0x7f882522f97b code=0x50000
Syscall: setpriority
Suggestion:
* ignore the denial if the program otherwise works correctly (unconditional setpriority is often just noise)

= AppArmor =
Time: 2024-02-12T12:5
Log: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/a11y/bus" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.a11y.Bus" pid=4930 label="snap.master-pdf-editor-5.masterpdfeditor5" peer_pid=2205 peer_label="unconfined"
DBus access

Printing works nicely with cups-control… And another problem with my snap: it runs with master-pdf-editor-5.masterpdfeditor5, not with masterpdfeditor5… And there is no Master PDF Editor in the app’s list

well, I’d have expected the first two (libffi and libbz2) to not show up anymore after you add them to stage packages, can you run the following commands on a system that has your snap installed:

find /snap/master-pdf-editor-5/current/ -name '*libffi.*' 2>/dev/null
find /snap/master-pdf-editor-5/current/ -name '*libbz2.*' 2>/dev/null

and:

snap run --shell master-pdf-editor-5.masterpdfeditor5 -c 'echo $LD_LIBRARY_PATH'

That should show if the libs are really in your snap and if the library search path includes all locations needed to actually find them …

regarding the need for master-pdf-editor-5.masterpdfeditor5, you will only be able to run the command with a single name if the app name matches exactly the snap name, so you’d either need to rename your app: entry in snapcraft.yaml to have the dashes in the name or you need to drop the currect snap and register it newly without the dashes…

That is output:

arogozina@codeindustry-PC:~$ find /snap/master-pdf-editor-5/current/ -name '*libffi.*' 2>/dev/null
/snap/master-pdf-editor-5/current/usr/lib/x86_64-linux-gnu/libffi.a
/snap/master-pdf-editor-5/current/usr/lib/x86_64-linux-gnu/libffi.so
/snap/master-pdf-editor-5/current/usr/lib/x86_64-linux-gnu/pkgconfig/libffi.pc
/snap/master-pdf-editor-5/current/usr/share/doc/libffi8/html/Using-libffi.html
/snap/master-pdf-editor-5/current/usr/share/info/libffi.info.gz
arogozina@codeindustry-PC:~$ find /snap/master-pdf-editor-5/current/ -name '*libbz2.*' 2>/dev/null
arogozina@codeindustry-PC:~$ snap run --shell master-pdf-editor-5.masterpdfeditor5 -c 'echo $LD_LIBRARY_PATH'
update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/boot /boot none bind,ro 0 0): permission denied
/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl32:/var/lib/snapd/void:/snap/master-pdf-editor-5/x1/lib:/snap/master-pdf-editor-5/x1/usr/lib:/snap/master-pdf-editor-5/x1/lib/x86_64-linux-gnu:/snap/master-pdf-editor-5/x1/usr/lib/x86_64-linux-gnu:/snap/master-pdf-editor-5/x1/kf5/lib/x86_64-linux-gnu:/snap/master-pdf-editor-5/x1/kf5/usr/lib/x86_64-linux-gnu:/snap/master-pdf-editor-5/x1/kf5/usr/lib:/snap/master-pdf-editor-5/x1/kf5/lib:/snap/master-pdf-editor-5/x1/kf5/usr/lib/x86_64-linux-gnu/dri:/var/lib/snapd/lib/gl:/snap/master-pdf-editor-5/x1/kf5/usr/lib/x86_64-linux-gnu/pulseaudio

so this is not the right package … you seem to have seeded libffi-dev into stage-packages, not libffi8 which is the one it is looking for … (note that -dev packages should only be used in build-packages (and only if it is actually needed to build the binaries you want to ship))

you also seem to still be missing libbz2-1.0 in stage-packages …

the library search path seems to be fine …

I have checked libffi8 - it is not dev.

I added libbz2 in stage packages

    stage-packages:
            - libpkcs11-helper1
            - libsane1
            - zlib1g
            - libstdc++6
            - libqt5svg5
            - libqt5printsupport5
            - libqt5widgets5
            - libqt5gui5
            - libqt5qml5
            - libqt5network5
            - libqt5xml5
            - libqt5concurrent5
            - libqt5core5a
            - libgl1
            - libgcc-s1
            - libusb-1.0-0
            - libxml2
            - libpng16-16
            - libharfbuzz0b
            - libmd4c0
            - libgssapi-krb5-2
            - libdouble-conversion3
            - libicu70
            - libicu70
            - libpcre2-16-0
            - libzstd1
            - libglib2.0-0
            - libglib2.0-dev
            - libglvnd0
            - libglx0
            - libudev1
            - liblzma5
            - libfreetype6
            - libgraphite2-3
            - libkrb5-3
            - libk5crypto3
            - libcom-err2
            - libkrb5support0
            - libicu70
            - libpcre3
            - libx11-6
            - libkeyutils1
            - libxcb1
            - libxau6
            - libxdmcp6
            - libmd0
            - libbsd0
            - libffi8
            - libbz2
            - libsane-hpaio
            - libsane-common

and

Stage package not found in part 'masterpdfeditor5': libbz2.                                                                                                 
Failed to execute pack in instance.                                 

The package name is libbz2-1.0

Then:

Failed to fetch package: The item '/root/.cache/snapcraft/download/libqt5qml5_5.15.3+dfsg-1_amd64.deb' could not be fetched: Could not connect to archive.ubuntu.com:80 (2620:2d:4002:1::101). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (2620:2d:4002:1::103). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (2620:2d:4002:1::102). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (185.125.190.36). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (185.125.190.39). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (91.189.91.83). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (91.189.91.82). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (91.189.91.81). - connect (113: No route to host).                                                                                                                                     
Failed to execute pack in instance.                                                                                                                         
Recommended resolution: Run the same command again with --debug to shell into the environment if you wish to introspect this failure.                       
Full execution log: '/root/.local/state/snapcraft/log/snapcraft-20240213-164033.218244.log' 

Well, that looks more like a network issue …

What else can I try to make my app search devices?

Did you fix the network issue with your container?

Yes, it is ok now. Snap was created

But app does not search devices

@Anna22 can you share error logs, if you have them? Thanks!