Snap is unusable due to bad permissions

I’ve spent a lot of time trying to migrate my snapcraft.yaml from base18 to base22, and I’m still failing to build a snap.

After updating the base: the snapcraft tool started giving me the following error:

Cannot pack snap: 2024/08/19 13:47:50.774916 container.go:360: in snap "indicator-sound-switcher": "bin/launch.sh" should be world-readable and executable, and isn't: -rwxrwx---
2024/08/19 13:47:50.774968 container.go:379: in snap "indicator-sound-switcher": "bin/launch.sh" should be world-readable, and isn't: -rwxrwx---
2024/08/19 13:47:50.775025 container.go:379: in snap "indicator-sound-switcher": "meta/gui/icon.svg" should be world-readable, and isn't: -rwxrwx---
error: snap is unusable due to bad permissions                                                                                                                                                                                                                   

For two files:

  • bin/launch.sh
  • meta/gui/icon.svg

The first one is getting copied by the Dump plugin, so I managed to fix that by adding:

    override-prime: |
      craftctl default

      # Fix resource permissions
      chmod +rx $CRAFT_PRIME/bin/launch.sh
      chmod +r $CRAFT_PRIME/meta/gui/icon.svg

Now the second command is failing with

chmod: cannot access '/root/prime/meta/gui/icon.svg': No such file or directory

See the full build log here.

I spent a lot of time googling and reading snapcraft docs, but I still fail to figure out where and how I can fix this. There’s no mention of the meta dir in the docs.

Apart from that, I don’t understand why the permissions on copied files deviate from those in the source.

Please help.

Hi ! @yktoo .

What if you did? :face_with_monocle:

 override-prime: |
      # Fix resource permissions
      chmod +rx $SNAPCRAFT_STAGE/bin/launch.sh
      chmod +r $SNAPCRAFT_STAGE/meta/gui/icon.svg

      snapcraftctl prime

Sorry you got stuck on this, there isn’t useful documentation on what happens in between priming and packing.

After the snap is primed and before it is packed, snapcraft will copy assets from your project’s snap/gui/icon.[svg|png] into the prime/meta/gui/ directory in the build environment.

This means you don’t have access to prime/meta/gui/icon.svg in an override- script. Instead, you may be able to do chmod +r $CRAFT_PROJECT_DIR/snap/gui/icon.svg in your override-prime to fix the permissions before snapcraft copies it.

Thanks for the explanation and the tip, but it doesn’t seem to work:

$ snapcraft pack --debug
Cleaned build provider                                                                                                                                                                                                                                          
'override-prime' in part 'resources' failed with code 1
...
:: + craftctl default
:: + chmod +rx /root/prime/bin/launch.sh
:: + chmod +r /root/project/snap/gui/icon.svg
:: chmod: cannot access '/root/project/snap/gui/icon.svg': No such file or directory
'override-prime' in part 'resources' failed with code 1.
...
                                                                                                                                                       
Launching shell on build environment...                                                                                                                                                                                                                         
snapcraft-indicator-sound-switcher-on-amd64-for-amd64-17 ../project# ls -l snap/
total 8
drwxrwx--- 1 root nogroup 4096 Aug 18 18:31 local
-rwxrwx--- 1 root nogroup 1968 Aug 19 16:43 snapcraft.yaml

There’s no gui/ dir in snap/, any other ideas?

Is this project somewhere where you can share a link? I’d like to see where the icon is coming from.

2 Likes

Sure, here: indicator-sound-switcher/snap/snapcraft.yaml at dev · yktoo/indicator-sound-switcher · GitHub

1 Like

As @mr_cal said, it would be great if we could access the resources to reproduce the bug and potentially resolve the problem. :slightly_smiling_face:

I do not know, what’s you trying to do here (this part of your *.yaml) :face_with_monocle: .

organize:
      icons: usr/share/icons/hicolor/scalable/status
      snap/local/launch.sh: bin/

The link is in the above post, knock yourself out :smiley:

It copies icons (a resource shared between snap and non-snap versions of the app) and a launcher script (snap-specific).

I fully recommend you to use ´git´ as source (in your *.yaml file). :slightly_smiling_face:

Ah, I see this in your snapcraft.yaml:

icon: icons/indicator-sound-switcher.svg

so try this in your override-prime:

chmod +r $CRAFT_PROJECT_DIR/icons/indicator-sound-switcher.svg

As far as needing this change, I’m not sure why this is happening. Your snap built fine for me locally with LXD without changing icon permissions. Does it only fail when building via snapcraft.io? I can’t access the original log file you linked to.

On my side, I have a bug here ( yaml file) → icon: icons/indicator-sound-switcher.svg

I fixed it by this → icon: ../icons/indicator-sound-switcher.svg

That is an unexpected behavior. Are you using LXD, Multipass, or destructive-mode?

@mr_cal, I use lxd

This path towards image does not exist → $CRAFT_PRIME/meta/gui/icon.svg. The image(svg) does not exist in your project (not in your dev branch anyway).

@yktoo I succeeded to build and install your snap by applying some changes.

Here the update :
name: indicator-sound-switcher
base: core22
adopt-info: indicator-sound-switcher
summary: Sound input/output selector application for Linux
title: Sound Switcher Indicator
description: |
  Sound Switcher Indicator shows an icon in the indicator area or the
  system tray (whatever is available in your desktop environment).
  The icon's menu allows you to switch the current sound input and
  output with a single click.

  The appearance of the menu can be customised. For example, devices
  and ports can be given custom display names, hidden etc.

icon: ../icons/indicator-sound-switcher.svg
license: GPL-3.0
grade: stable
confinement: strict

apps:
  indicator-sound-switcher:
    command: bin/launch.sh $SNAP/bin/indicator-sound-switcher
    desktop: share/applications/indicator-sound-switcher.desktop
    autostart: indicator-sound-switcher.desktop
    extensions:
      - gnome
    plugs:
      - audio-playback

parts:
  indicator-sound-switcher:
    plugin: python
    source: https://github.com/yktoo/indicator-sound-switcher.git 
    source-type: git 
    build-packages:
      - gettext
    stage-packages:
      - gir1.2-ayatanaappindicator3-0.1
      - gir1.2-keybinder-3.0
      - libayatana-appindicator3-1
      - libayatana-indicator3-7
      - libkeybinder-3.0-0
      - python3-gi

    override-pull: |
      craftctl default 

      # Use version from setup.py
      version="$(sed -ne 's/\s*APP_VERSION\s*=\s*\x27\([^\x27]\+\)\x27.*/\1/p' setup.py)"

      craftctl set "version=$version"

      # Fix icon path in the .desktop
      sed -i -E 's!^Icon=.*!Icon=/usr/share/icons/hicolor/scalable/status/indicator-sound-switcher.svg!' indicator-sound-switcher.desktop

  resources:
    plugin: dump
    source: https://github.com/yktoo/indicator-sound-switcher.git 
    source-type: git  
    organize:
      icons: usr/share/icons/hicolor/scalable/status
      snap/local/launch.sh: bin/
    stage:
      - usr/*
      - bin/*
    override-prime: |
      
      # Fix resource permissions
      chmod +rx $CRAFT_STAGE/bin/launch.sh
      chmod +r $CRAFT_STAGE/usr/share/icons/hicolor/scalable/status/indicator-sound-switcher.svg
      chmod +r $CRAFT_STAGE/share/icons/hicolor/scalable/apps/indicator-sound-switcher.svg

      snapcraftctl prime 

The build process (somehow)

No, it fails both locally and on snapcraft.io, although the latter isn’t very helpful about what causes the error:

Creating snap package...
Command '['snap', 'pack', '--filename', 'indicator-sound-switcher_2.3.10_amd64.snap', '--compression', 'xz', PosixPath('/build/indicator-sound-switcher/prime'), PosixPath('/build/indicator-sound-switcher')]' returned non-zero exit status 1.
Full execution log: '/root/.local/state/snapcraft/log/snapcraft-20240819-054148.717557.log'
Build failed
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/lpbuildd/target/build_snap.py", line 324, in run
    self.build()
  File "/usr/lib/python3/dist-packages/lpbuildd/target/build_snap.py", line 308, in build
    self.run_build_command(["snapcraft"], cwd=output_path, env=env)
  File "/usr/lib/python3/dist-packages/lpbuildd/target/operation.py", line 62, in run_build_command
    return self.backend.run(args, cwd=cwd, env=full_env, **kwargs)
  File "/usr/lib/python3/dist-packages/lpbuildd/target/lxd.py", line 718, in run
    subprocess.check_call(cmd, **kwargs)
  File "/usr/lib/python3.8/subprocess.py", line 364, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['lxc', 'exec', 'lp-jammy-amd64', '--env', 'LANG=C.UTF-8', '--env', 'SHELL=/bin/sh', '--env', 'http_proxy=http://10.10.10.1:8222/', '--env', 'https_proxy=http://10.10.10.1:8222/', '--env', 'GIT_PROXY_COMMAND=/usr/local/bin/lpbuildd-git-proxy', '--env', 'SNAPPY_STORE_NO_CDN=1', '--env', 'SNAPCRAFT_BUILD_INFO=1', '--env', 'SNAPCRAFT_IMAGE_INFO={"build-request-id": "lp-91481452", "build-request-timestamp": "2024-08-19T05:37:58Z", "build_url": "https://launchpad.net/~build.snapcraft.io/+snap/67bd36622272fac52a0656a3584b10f1/+build/2572561"}', '--env', 'SNAPCRAFT_BUILD_ENVIRONMENT=host', '--env', 'SNAPCRAFT_BUILD_FOR=amd64', '--', '/bin/sh', '-c', 'cd /build/indicator-sound-switcher && linux64 snapcraft']' returned non-zero exit status 1.
Revoking proxy token...
RUN: /usr/share/launchpad-buildd/bin/in-target scan-for-processes --backend=lxd --series=jammy --arch=amd64 SNAPBUILD-2572561
Scanning for processes to kill in build SNAPBUILD-2572561

Thanks @baldeuniversel and @mr_cal. I managed to build snaps with both suggestions (see this and this commits).

However, the built snap wouldn’t run, giving me a segfault:

$ sudo snap install indicator-sound-switcher --channel=edge
indicator-sound-switcher (edge) 2.3.10 from Dmitry Kann (yktoo) installed
$ indicator-sound-switcher 
Segmentation fault

I have no idea how to debug this.

Also, ppc64el and s390x failed to build because they apparently don’t have the gnome extension:

Installing build-snaps
Failed to install or refresh snap 'gnome-42-2204-sdk'.
'gnome-42-2204-sdk' does not exist or is not available on channel 'latest/stable'.

Hi ! @yktoo.

Okay, please open another topic for the new issue (potentially there is a program trying to access a memory area that is not allocated to it). :face_with_monocle:

You can close this one by choosing one of the suggestions as solution.

Thanks !

1 Like