Resolve absolute paths in snap

corriibme · March 18, 2024, 9:39am

I am very new to snap application development.

I have a snap parts directory called secrets (which holds tls certificates for my application). squashfs on my snapped application reveals this (secrets) directory in the first level of squashfs-root directory. In the snap application, I have tried to access my tls certificates with $SNAP/secrets/* but failed 100% of the time.

What is the correct way to resolve absolute file paths within a snap?

ogra · March 18, 2024, 9:41am

Could you perhaps share your snapcraft.yaml?

corriibme · March 18, 2024, 10:43am

name: ventio 
version: '0.0.2'
summary: Single-line elevator pitch for your amazing snap
description: |
  You have a paragraph or two to tell the
  most important story about your snap. Keep it under 100 words though,
  we live in tweetspace and your description wants to look good in the snap
  store.

base: core18
grade: devel
confinement: devmode 

parts:
    ventio:
        plugin: python
        source: .
        requirements: ['requirements.txt']

    secrets:
        plugin: dump
        source: .

apps:

    ventio:
      command: bin/ventio
      environment:
        PATH: $SNAP/usr/bin:$SNAP/bin/:$PATH
        PYTHONPATH: $SNAP/usr/lib/python3/site-packages:$SNAP/usr/local/lib/python3.6/dist-packages:$PYTHONPATH

ogra · March 18, 2024, 11:07am

it helps if you add three backticks ``` in the line above and below text you paste, that way the indentation stays intact and it becomes better readable for us …

alan_g · March 18, 2024, 12:14pm

One thing that can help resolve such situations is to get a command-line shell in the snapped environment to poke around:

snap run --shell ventio

This will allow you to check, for example, ls $SNAP/secrets/* and gain a better understanding of what is happening with your application packaging.

corriibme · March 18, 2024, 12:26pm

Inside the snap, ls $SNAP/secrets reveals my files. But then, would you suggest doing stuff like this:
keyfile=“$SNAP/secrets/*”

OR

keyfile=$SNAP/secrets/*

I used the first, and I’m now imagining if the double quotes mess up the path resolution

alan_g · March 18, 2024, 12:28pm

You can try echo ${keyfile} and see what happens.

corriibme · March 18, 2024, 2:33pm

Gives nothing. ‘keyfile’ is not an env variable.

alan_g · March 18, 2024, 2:51pm

If I don’t know what keyfile is, or the context in which you are setting it, I don’t know how I can help.

corriibme · March 18, 2024, 8:35pm

It’s just a file that holds a TLS key for use in the app. It is located in the secrets dump as shown in the yaml file.

johntk005 · March 21, 2024, 6:52pm

To access files within snap packages use $SNAP variable followed by the relative path of file.

baldeuniversel · March 22, 2024, 3:09pm

Who is @johntk005 ?

His/her suggestions always seem offset or orthogonal to the discussion thread.

corriibme · March 22, 2024, 3:33pm

The fact is that you do not have read or write access to files inside your snap. But, if you’re packaging some extra files that you need to access later, the correct solution is to use layout in snapcraft.yaml : Snap layouts | Snapcraft documentation In my case,

layout:

  /etc/termi:

       bind: $SNAP/secrets

With this, I could read my key file from /etc/termi/keyfilename

This makes it look as if the file is coming from outside the snap.

Thanks for your responses