Snaping Axolotl, electron shared libs not found by golang

Hey there,
I am trying to snap my axolotl, a signal client that exists for ubuntu touch.
For me it’s somehow difficult to get everything working, because I get lost a lot in the snapcraft documentation.
My app consists of a go app which servers a vuejs thing to a golang electron pendant.

For now I got it working that it actually builds a snap and that all files needed are in there.
But the app terminates without showing a screen. I think it fails in getting the golang-electron. I could circumvent that when i could start a browser pointing at the backend. I tried that once but failed.

When I start the bin /snap/axolotl/current/bin/axolotl it somehow works but my backend doesn’t find the vuejs compiled sources to deliver them. I think this one can be solved myself.

Apparmor shows following error, don’t know where this comes from but maybe from opening a the sqlite database, which i don’t want to drop.

Dec 16 12:40:17 nanu kernel: [ 9058.416850] audit: type=1400 audit(1576496417.623:1461): apparmor="DENIED" operation="open" profile="snap.axolotl.axolotl" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=13772 comm="axolotl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

And my snapcraft.yaml https://github.com/nanu-c/axolotl/snap/snapcraft.yaml

name: axolotl
version: git
summary: An signal client.
description: |
  Axolotl is a crossplattform signal client
grade: stable
confinement: strict
base: core18

parts:
  axolotl:
    plugin: go
    go-importpath: github.com/nanu-c/axolotl
    source: .
    source-type: git
    build-packages:
      - gcc
      - mercurial
      - bzr
    override-build: |
      echo "This runs before build!"
      snapcraftctl build
  axolotl-web:
    plugin: nodejs
    source: ./axolotl-web
    stage: [bin/axolotl-web]
    nodejs-version: 12.13.1
    nodejs-package-manager: npm
    build-environment:
      - SUDO_UID: '0'
      - SUDO_GID: '0'
      - SUDO_USER: 'root'
    override-build: |
      export PATH=/root/parts/axoltl-web/npm/bin:$PATH
      npm run build || true
      mkdir -p ../install/bin/ || true
      cp -r dist ../install/bin/axolotl-web
    organize:
      axolotl-web/dist: bin/axolotl-web
plugs:
  config-axolotl:
    interface: personal-files
    read:
      - $HOME/.local/share/textsecure.nanuc
      - $HOME/.config/textsecure.nanuc
    write:
      - $HOME/.local/share/textsecure.nanuc
      - $HOME/.config/textsecure.nanuc
apps:
  axolotl:
    command: bin/axolotl
    plugs:
      - desktop
      - desktop-legacy
      - wayland
      - unity7
      - opengl
      - network
      - network-bind
      - network-manager
      - pulseaudio
      - home
      - x11
      - config-axolotl
      - hardware-observe

Hi @nanu-c, could you please do a couple of things:

  1. make sure your latest changes are checked in and reflect your snapcraft.yaml url because I can’t get the snap to build (npm errors in axolotl-web)
  2. paste the full stdout error you see when trying to run your snap with $ snap run axolotl

It might help you to further debug by running the app’s shell to poke around: $ snap run --shell axolotl and then from there you can search for files created so far.

Hey @hellsworth, thanks a lot for the response, it guides me the way to go :slight_smile: . First, unfortunately I had some non working commits this afternoon but they are resolved now. I tried a snapcraft clean && snapcraft and it finished now without problems. The first thing you want to do then is snap connect axolotl:config-axolotl . The hint with the shell is helpful because running axolotl just ends with nothing but in the shell i see a go error which happens while writing to stdin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x7af1d9]

goroutine 22 [running]:
github.com/asticode/go-astilectron.(*writer).write(0x0, 0xbe77f7, 0x11, 0xbf635d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/root/parts/axolotl/go/src/github.com/asticode/go-astilectron/writer.go:38 +0x179
github.com/asticode/go-astilectron.synchronousEvent.func1()
	/root/parts/axolotl/go/src/github.com/asticode/go-astilectron/helper.go:171 +0x92
github.com/asticode/go-astilectron.synchronousFunc(0xc000239100, 0xd5b7e0, 0xc000278780, 0xc0000e7970, 0xbf05d3, 0x1c, 0x3, 0xc000106e00, 0x13e8700, 0x0, ...)
	/root/parts/axolotl/go/src/github.com/asticode/go-astilectron/helper.go:161 +0x19e

Hmm, I still can’t get this to build for me on 19.10. I have to at least add npm install -g @vue/cli to the axolotl-web override-build section and it still fails at vue-cli-service build

The segfault could mean there’s an issue with the way the go program is accessing memory, so maybe take a look at writer.go and helper.go, as it’s pointed you to.

Today I had time to look into the snaps again and they are building now successfully https://build.snapcraft.io/user/nanu-c/axolotl/769973
Then I did some steps to obtain more log and the error now is that the electron doesn’t find his/her libraries. In the last revision i added them to the stage-packages but they are still not found.

DEBU[0000] Stderr says: /home/nanu/go/src/github.com/nanu-c/axolotl/dist/vendor/electron-linux-amd64/electron: error while loading shared libraries: libnss3.so: cannot open shared object file: No such file or directory  source="astilectron.go:299"

Enough for today, thanks for pointing me in the right direction.

That sounds like progress!
When you run the app, you can run it with the --shell directive to hunt around for the missing library.

$ snapcraft run --shell axolotl
$ cd $SNAP
$ find . -name libnss3.so

If you do find it then it’s just in the wrong place, in which case you could go add to your PATH env var to look in the right place.

Found them now all, the errors don’t stop :sweat_smile:

DEBU[0001] Astilectron says: {"name":"window.event.move","targetID":"1"}  source="reader.go:61"
DEBU[0001] Stderr says: [27377:1220/005349.396111:FATAL:memory.cc(22)] Out of memory. size=262144  source="astilectron.go:299"
DEBU[0001] Astilectron says: {"name":"window.event.focus","targetID":"1"}  source="reader.go:61"
DEBU[0001] App has crashed                               source="astilectron.go:337"

It uses more than 128 mb on memory, then it gets killed by something…

It sounds like the program (nothing to do with snap) has some memory handling issue. Try and run this app in one terminal while in the other terminal you already have sudo journalctl -f going. See what the journalctl output is when the app runs and is killed. That might point you in the right direction.

Bingo! Apparmor blocks the electron writes to /proc and somewhere it’s mentioned that i maybe need the mount-observe but i don’t understand that at all.

Dez 20 21:59:56 nanu audit[18210]: AVC apparmor="DENIED" operation="open" profile="snap.axolotl.axolotl" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=18210 comm="axolotl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Dez 20 21:59:56 nanu kernel: audit: type=1400 audit(1576875596.348:2558): apparmor="DENIED" operation="open" profile="snap.axolotl.axolotl" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=18210 comm="axolotl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Dez 20 21:59:56 nanu audit[18315]: AVC apparmor="DENIED" operation="open" profile="snap.axolotl.axolotl" name="/proc/18315/setgroups" pid=18315 comm="electron" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
Dez 20 21:59:56 nanu kernel: audit: type=1400 audit(1576875596.392:2559): apparmor="DENIED" operation="open" profile="snap.axolotl.axolotl" name="/proc/18315/setgroups" pid=18315 comm="electron" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
Dez 20 21:59:56 nanu kernel: traps: electron[18306] trap int3 ip:563975b986cf sp:7ffe4e2e9940 error:0 in electron[563973c8f000+53aa000]

When i install it in --devmode it works, but I also get way more permission errors, here a short recipt:

Dez 20 22:08:58 nanu audit[28938]: AVC apparmor="ALLOWED" operation="mknod" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.M1QacB" pid=28938 comm="Chrome_IOThread" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Dez 20 22:08:58 nanu audit[28938]: AVC apparmor="ALLOWED" operation="open" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.M1QacB" pid=28938 comm="Chrome_IOThread" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
Dez 20 22:08:58 nanu audit[28938]: AVC apparmor="ALLOWED" operation="open" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.M1QacB" pid=28938 comm="Chrome_IOThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Dez 20 22:08:58 nanu audit[28938]: AVC apparmor="ALLOWED" operation="truncate" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.M1QacB" pid=28938 comm="Chrome_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
Dez 20 22:08:58 nanu audit[28938]: AVC apparmor="ALLOWED" operation="unlink" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.M1QacB" pid=28938 comm="Chrome_IOThread" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000
Dez 20 22:08:58 nanu audit[28938]: AVC apparmor="ALLOWED" operation="mknod" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.4tr5kL" pid=28938 comm="Chrome_IOThread" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Dez 20 22:08:58 nanu audit[28938]: AVC apparmor="ALLOWED" operation="open" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.4tr5kL" pid=28938 comm="Chrome_IOThread" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
Dez 20 22:08:58 nanu audit[28938]: AVC apparmor="ALLOWED" operation="open" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.4tr5kL" pid=28938 comm="Chrome_IOThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Dez 20 22:08:58 nanu audit[28938]: AVC apparmor="ALLOWED" operation="truncate" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.4tr5kL" pid=28938 comm="Chrome_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
Dez 20 22:08:58 nanu audit[28938]: AVC apparmor="ALLOWED" operation="unlink" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.4tr5kL" pid=28938 comm="Chrome_IOThread" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000
Dez 20 22:08:58 nanu audit[1578]: USER_AVC pid=1578 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="ALLOWED" operation="dbus_method_call"  bus="system" path="/" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.bluez" pid=28938 label="snap.axolotl.axolotl" peer_pid=1602 peer_label="unconfined"
                                   exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?'
Dez 20 22:08:59 nanu audit[28938]: SECCOMP auid=1000 uid=1000 gid=1000 ses=3 pid=28938 comm="ThreadPoolForeg" exe="/home/nanu/snap/axolotl/x1/vendor/electron-linux-amd64/electron" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7fe076071407 code=0x7ffc0000
Dez 20 22:08:59 nanu audit[28938]: AVC apparmor="ALLOWED" operation="mknod" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.AbwlwW" pid=28938 comm="Chrome_IOThread" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Dez 20 22:08:59 nanu audit[28938]: AVC apparmor="ALLOWED" operation="open" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.AbwlwW" pid=28938 comm="Chrome_IOThread" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
Dez 20 22:08:59 nanu audit[28938]: AVC apparmor="ALLOWED" operation="open" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.AbwlwW" pid=28938 comm="Chrome_IOThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Dez 20 22:08:59 nanu audit[28938]: AVC apparmor="ALLOWED" operation="truncate" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.AbwlwW" pid=28938 comm="Chrome_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
Dez 20 22:08:59 nanu audit[28938]: AVC apparmor="ALLOWED" operation="unlink" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.AbwlwW" pid=28938 comm="Chrome_IOThread" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000
Dez 20 22:09:00 nanu audit[28938]: AVC apparmor="ALLOWED" operation="mknod" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.Cur4ab" pid=28938 comm="electron" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Dez 20 22:09:00 nanu audit[28938]: AVC apparmor="ALLOWED" operation="open" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.Cur4ab" pid=28938 comm="electron" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
Dez 20 22:09:00 nanu audit[28938]: AVC apparmor="ALLOWED" operation="open" profile="snap.axolotl.axolotl" name="/dev/shm/.org.chromium.Chromium.Cur4ab" pid=28938 comm="electron" requested_mask="r" denied_mask="r" fsuid=1000 ouid=100

It works now,
so for everyone that needs electron and don’t uses the electron snap builder:

electron has to be run with following parameters:
--disable-dev-shm-usage --no-sandbox
and the most relevant part in the snapcraft.yaml are

plugs:
  browser-sandbox:
    allow-sandbox:  false
    interface: browser-support

and somewhere:

    stage-packages:
      - libasound2
      - libgconf-2-4
      - libnss3
      - libx11-xcb1
      - libxss1
      - libxtst6
1 Like

@hellsworth thanks for the help it’s now in the store and most of the things are working :slight_smile: :sunflower:

1 Like