Using a dyamically linked library correctly (.so) with softlinks

Dear Snapcrafters, I am trying to package a pre-built application for arm64, called “runtime” which depends on a shared library libpaho-mqtt3cs.so

I have the library libpaho-mqtt3cs.so.1.3.9 which needs to be linked to the application I have kept the runtime binary and libpaho-mqtt3cs.so.1.3.9 on the top level directory say $TOP. The snapcraft.yaml file is under $TOP/snap/. The runtime expects to find the library under /usr/local/lib

However when I build my snap, I receive a warning “CVE-2020-27348: A potentially empty LD_LIBRARY_PATH has been set for environment in ‘runtime’. The current working directory will be added to the library path if empty. This can cause unexpected libraries to be loaded.”

and the snap is built

When I finally install the snap on the target machine, I get a library libpaho-mqtt3cs.so.1 file too short error.

I have also created softlinks from libpaho-mqtt3cs.so.1 to libpaho-mqtt3cs.so.1.3.9 in my folder under $TOP/

In general, what is the best practice in such cases.

Here is my snapcraft.yaml file.

name: runtime # you probably want to 'snapcraft register ’

base: core20 # the base snap is the execution environment for this snap

version: ‘0.1’ # just for humans, typically ‘1.2+git’ or ‘1.3.2’

grade: stable

summary: SRT

confinement: strict

description: | An XYZ snap

apps:

runtime:

command: runtime 

environment:

  LD_LIBRARY_PATH: $LD_LIBRARY_PATH:$SNAP/usr/local/lib/

plugs:

  - network

layout:

  /usr/local/lib/libpaho-mqtt3cs.so.1:

     bind-file: $SNAP/usr/local/lib/libpaho-mqtt3cs.so.1

parts:

runtime:

plugin: dump

source: .