snap - can't push to snapcraft anymore because of execstack

[Qiplex]

Hello,

I was able to push 3 electron apps to Snapcraft without issues earlier. But recently I was getting following error while pushing the same apps using the same environment:

Found files with executable stack. This adds PROT_EXEC to mmap(2) during mediation which may cause security denials. Either adjust your program to not require an executable stack, strip it with execstack --clear-execstack ... or remove the affected file from your snap. Affected files: speedy-duplicate-finder functional-snap-v2_execstack What does this mean?

The affected file Snapcraft erroring about always is the application file.

I've tried to use different platforms and different electron builder versions to workararound this

OS - Mac, Ubuntu (x64)
Electron-builder - 19.50.0, 19.53.7, 20.0.4

But issue seems to be there. I believe this error somehow related to snapcraft internal change. Fix for this error Snapcraft team describes here

Can someone have a look on it? Thanks!

[develar]

This bug is confirmed by both Electron and Snapcraft team. Well, as you use electron-builder, it means that it will be fixed for you :) Workaround will be added in 2 days.

electron/electron#11628

See workaround — https://forum.snapcraft.io/t/fonts-fail-to-load-when-desktop-plug-added/3414/3?u=develar (but yeach, not easy — you need to use afterPack hook in the electron-builder).

Are you on Linux?

So, please wait several days.

[develar]

Ok, it seems I have time to add workaround in one hour.

[Qiplex]

@develar you are awesome! 🥇

Are you on Linux?

I'm on Mac usually, but spin up Ubuntu virtual machine while trying to workaround this issue.

but yeach, not easy — you need to use afterPack hook in the electron-builder

Yep. I saw this scary post. So tried to
$ cd linux-unpacked && execstack --clear-execstack speedy-duplicate-finder
as Snapcraft describes in their solution. But had troubles to rebuild snap directly with snapcraft.yaml copied from meta/snap.yaml

Maybe it will be easier for electron-builder to install execstack from buildPackages
and run --clear-execstack on app before packaging?

[Qiplex]

Thanks @develar

Unfortunetely wasn't able to snap application. Looks like icons issue in 20.0.7 still present

  ⨯ icon directory /home/osboxes/edc/icons doesn't contain icons

osboxes@osboxes:~/edc$ time electron-builder -l snap

  • electron-builder version=20.0.7
  • loaded configuration file=package.json ("build" field)
  • writing effective config file=release-builds/electron-builder.yaml
  • rebuilding native production dependencies platform=linux arch=x64
  • packaging       platform=linux arch=x64 electron=1.8.2 appOutDir=release-builds/linux-unpacked
  • building        target=snap arch=x64 file=release-builds/easy-disk-cleaner_1.0.2_amd64.snap
  ⨯ icon directory /home/osboxes/edc/icons doesn't contain icons
github.com/develar/app-builder/pkg/icons.ConvertIcon
	/Users/develar/go/src/github.com/develar/app-builder/pkg/icons/icon-converter.go:190
github.com/develar/app-builder/pkg/icons.ConfigureCommand.func1
	/Users/develar/go/src/github.com/develar/app-builder/pkg/icons/icon-converter.go:27
github.com/develar/app-builder/vendor/github.com/alecthomas/kingpin.(*actionMixin).applyActions
	/Users/develar/go/src/github.com/develar/app-builder/vendor/github.com/alecthomas/kingpin/actions.go:28
github.com/develar/app-builder/vendor/github.com/alecthomas/kingpin.(*Application).applyActions
	/Users/develar/go/src/github.com/develar/app-builder/vendor/github.com/alecthomas/kingpin/app.go:557
github.com/develar/app-builder/vendor/github.com/alecthomas/kingpin.(*Application).execute
	/Users/develar/go/src/github.com/develar/app-builder/vendor/github.com/alecthomas/kingpin/app.go:390
github.com/develar/app-builder/vendor/github.com/alecthomas/kingpin.(*Application).Parse
	/Users/develar/go/src/github.com/develar/app-builder/vendor/github.com/alecthomas/kingpin/app.go:222
main.main
	/Users/develar/go/src/github.com/develar/app-builder/main.go:59
runtime.main
	/usr/local/Cellar/go/1.10/libexec/src/runtime/proc.go:198
runtime.goexit
	/usr/local/Cellar/go/1.10/libexec/src/runtime/asm_amd64.s:2361

Error: /usr/local/lib/node_modules/electron-builder/node_modules/app-builder-bin-linux/x64/app-builder exited with code 1
    at ChildProcess.childProcess.once.code (/usr/local/lib/node_modules/electron-builder/node_modules/builder-util/src/util.ts:248:14)
    at ChildProcess.g (events.js:292:16)
    at emitTwo (events.js:106:13)
    at ChildProcess.emit (events.js:191:7)
    at maybeClose (internal/child_process.js:920:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:230:5)
From previous event:
    at LinuxPackager.resolveIcon (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/out/platformPackager.js:610:11)
    at /usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/src/targets/LinuxTargetHelper.ts:41:35
    at next (native)
From previous event:
    at LinuxTargetHelper.computeDesktopIcons (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/out/targets/LinuxTargetHelper.js:72:11)
    at Lazy.LinuxTargetHelper.iconPromise.Lazy (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/src/targets/LinuxTargetHelper.ts:13:54)
    at Lazy.get value [as value] (/usr/local/lib/node_modules/electron-builder/node_modules/lazy-val/src/main.ts:18:23)
    at LinuxTargetHelper.get icons [as icons] (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/src/targets/LinuxTargetHelper.ts:21:17)
    at /usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/src/targets/snap.ts:132:16
    at next (native)
From previous event:
    at SnapTarget.build (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/out/targets/snap.js:174:11)
    at taskManager.addTask.default.map.it (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/src/platformPackager.ts:121:67)
From previous event:
    at LinuxPackager.packageInDistributableFormat (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/src/platformPackager.ts:121:23)
    at /usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/src/platformPackager.ts:116:10
    at next (native)
    at runCallback (timers.js:672:20)
    at tryOnImmediate (timers.js:645:5)
    at processImmediate [as _immediateCallback] (timers.js:617:5)
From previous event:
    at LinuxPackager.pack (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/out/platformPackager.js:188:11)
    at /usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/src/packager.ts:372:24
    at next (native)
    at xfs.stat (/usr/local/lib/node_modules/electron-builder/node_modules/fs-extra/lib/mkdirs/mkdirs.js:56:16)
    at /usr/local/lib/node_modules/electron-builder/node_modules/graceful-fs/polyfills.js:287:18
From previous event:
    at Packager.doBuild (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/out/packager.js:441:11)
    at /usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/src/packager.ts:316:52
    at next (native)
    at /usr/local/lib/node_modules/electron-builder/node_modules/graceful-fs/graceful-fs.js:99:16
    at /usr/local/lib/node_modules/electron-builder/node_modules/graceful-fs/graceful-fs.js:43:10
    at FSReqWrap.oncomplete (fs.js:123:15)
From previous event:
    at Packager._build (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/out/packager.js:385:11)
    at /usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/src/packager.ts:278:23
    at next (native)
    at runCallback (timers.js:672:20)
    at tryOnImmediate (timers.js:645:5)
    at processImmediate [as _immediateCallback] (timers.js:617:5)
From previous event:
    at Packager.build (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/out/packager.js:341:11)
    at /usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/src/index.ts:50:40
    at next (native)
From previous event:
    at build (/usr/local/lib/node_modules/electron-builder/node_modules/electron-builder-lib/out/index.js:47:21)
    at build (/usr/local/lib/node_modules/electron-builder/src/builder.ts:228:10)
    at then (/usr/local/lib/node_modules/electron-builder/src/cli/cli.ts:48:33)
    at runCallback (timers.js:672:20)
    at tryOnImmediate (timers.js:645:5)
    at processImmediate [as _immediateCallback] (timers.js:617:5)
From previous event:
    at Object.args [as handler] (/usr/local/lib/node_modules/electron-builder/src/cli/cli.ts:48:33)
    at Object.runCommand (/usr/local/lib/node_modules/electron-builder/node_modules/yargs/lib/command.js:235:44)
    at Object.parseArgs [as _parseArgs] (/usr/local/lib/node_modules/electron-builder/node_modules/yargs/yargs.js:1042:24)
    at Object.get [as argv] (/usr/local/lib/node_modules/electron-builder/node_modules/yargs/yargs.js:957:21)
    at Object.<anonymous> (/usr/local/lib/node_modules/electron-builder/src/cli/cli.ts:42:15)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)
    at Module.runMain (module.js:604:10)
    at run (bootstrap_node.js:383:7)
    at startup (bootstrap_node.js:149:9)
    at bootstrap_node.js:496:3

real	4m32.720s
user	1m19.905s
sys	0m26.926s

osboxes@osboxes:~/edc$ ls -1 /home/osboxes/edc/icons

icon.icns
icon.ico
icon.png
icon-src.svg
icon.svg

[develar]

Please provide your electron-builder config.

[Qiplex]

@develar UPD:

This happens on both Mac and Ubuntu with following config

"build": {
    "appId": "yourappid",
    "directories": {
      "output": "release-builds"
    },
    "appx": {
      "applicationId": "EasyDiskCleaner",
      "identityName": "Qiplex.EasyDiskCleaner",
      "publisher": "CN=",
      "publisherDisplayName": "Qiplex"
    },
    "mac": {
      "target": [
        "dir"
      ]
    },
    "linux": {
      "target": [
        "AppImage",
        "snap"
      ],
    },
    "win": {
      "target": [
        "nsis",
        "portable",
        "appx"
      ],
      "icon": "icons/icon.ico"
    }
  }

[develar]

@Qiplex Icon issue fixed in the upcoming 20.0.8.

[Qiplex]

@develar thanks much! :) Will give it a try right away.

This issue seems to be very related #2577

[Qiplex]

Oh... I was able to make it work in previous version (20.0.7) few seconds ago

After lots of errors and trials such as mentioned here

I can't set an icon on Linux either, using any of the methods listed in the docs. Implicit conversion from .icns, setting it explicitly as icon.png or 1024x1024.png, or setting buildResources, or providing icon names, or copying the icons to all imaginable locations, all these methods just don't work.

I will try to reproduce the fix and update guys in #2577 with it.

[develar]

@Qiplex Your icon issue is not an issue. It is feature.

1. You didn't set build resources dir (defaults to build, but you use icons).
2. Ok, there is convention that icons dir will be used as icons set dir. But your dir doesn't contain file names with size (e.g. 512.png).
3. You didn't set mac.icon and because of reason 1 (resources dir), icns is not used to generate icons for Linux.
4. You didn't set linux.icon and because of reason 1 (resources dir), icons/icon.png file is not used as icon for Linux.

So, quite logical, that icon was not found :)

What was implemented: now we also use icons/icon.png as possible source if icons for Linux.

[Qiplex]

@develar great! Thanks for the hotfix with default icons/icon.png I just replied in #2577 (comment) that after upgrading snapcraft the icons issue completely gone. I was using build directory with icons succesfully for a long time earlier.

Regarding the main issue:

snap - can't push to snapcraft anymore because of execstack

Just tried to push snap built with 20.0.7 Got following error:

 ⚙  /opt/bin/edc/release-builds   master ●  time snapcraft push easy-disk-cleaner_1.0.2_amd64.snap

Pushing easy-disk-cleaner_1.0.2_amd64.snap
Preparing to push '/opt/bin/edc/release-builds/easy-disk-cleaner_1.0.2_amd64.snap' to the store.
Found cached source snap /Users/nameless/.cache/snapcraft/projects/easy-disk-cleaner/snap_hashes/amd64/34c4bdae5796e2cd4fefae2d0c6241fb419ab7d0ea13265e12698145014c6ed067f8bad561af849908c4272a03b85d3a.
Error generating delta: delta_tool_path must be set in subclass!
Falling back to pushing full snap...
Pushing easy-disk-cleaner_1.0.2_amd64.snap [==========================================================================================================================================================] 100%
Processing...|
Error while processing...
The store was unable to accept this snap.
  - unknown fields for app 'easy-disk-cleaner': 'adapter'
  - bin/desktop-launch $SNAP/app/easy-disk-cleaner does not exist
  - found errors in file output: unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/10-antialias.conf -> ../conf.avail/10-antialias.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/10-hinting-slight.conf -> ../conf.avail/10-hinting-slight.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/10-hinting.conf -> ../conf.avail/10-hinting.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/10-scale-bitmap-fonts.conf -> ../conf.avail/10-scale-bitmap-fonts.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/11-lcdfilter-default.conf -> ../conf.avail/11-lcdfilter-default.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans-mono.conf -> ../conf.avail/20-unhint-small-dejavu-lgc-sans-mono.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans.conf -> ../conf.avail/20-unhint-small-dejavu-lgc-sans.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/20-unhint-small-dejavu-lgc-serif.conf -> ../conf.avail/20-unhint-small-dejavu-lgc-serif.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/20-unhint-small-dejavu-sans-mono.conf -> ../conf.avail/20-unhint-small-dejavu-sans-mono.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/20-unhint-small-dejavu-sans.conf -> ../conf.avail/20-unhint-small-dejavu-sans.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/20-unhint-small-dejavu-serif.conf -> ../conf.avail/20-unhint-small-dejavu-serif.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/20-unhint-small-vera.conf -> ../conf.avail/20-unhint-small-vera.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/30-metric-aliases.conf -> ../conf.avail/30-metric-aliases.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/30-urw-aliases.conf -> ../conf.avail/30-urw-aliases.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/40-nonlatin.conf -> ../conf.avail/40-nonlatin.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/45-latin.conf -> ../conf.avail/45-latin.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/49-sansserif.conf -> ../conf.avail/49-sansserif.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/50-user.conf -> ../conf.avail/50-user.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/51-local.conf -> ../conf.avail/51-local.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/57-dejavu-sans-mono.conf -> ../conf.avail/57-dejavu-sans-mono.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/57-dejavu-sans.conf -> ../conf.avail/57-dejavu-sans.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/57-dejavu-serif.conf -> ../conf.avail/57-dejavu-serif.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/58-dejavu-lgc-sans-mono.conf -> ../conf.avail/58-dejavu-lgc-sans-mono.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/58-dejavu-lgc-sans.conf -> ../conf.avail/58-dejavu-lgc-sans.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/58-dejavu-lgc-serif.conf -> ../conf.avail/58-dejavu-lgc-serif.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/60-latin.conf -> ../conf.avail/60-latin.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/65-fonts-persian.conf -> ../conf.avail/65-fonts-persian.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/65-nonlatin.conf -> ../conf.avail/65-nonlatin.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/69-unifont.conf -> ../conf.avail/69-unifont.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/70-no-bitmaps.conf -> ../conf.avail/70-no-bitmaps.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/80-delicious.conf -> ../conf.avail/80-delicious.conf', unusual mode 'rwxr-xr-x' for symlink './etc/fonts/conf.d/90-synthetic.conf -> ../conf.avail/90-synthetic.conf', unusual mode 'rwxr-xr-x' for symlink './etc/pki/nssdb -> ../../var/lib/nssdb', unusual mode 'rwxr-xr-x' for symlink './lib/x86_64-linux-gnu/libbsd.so.0 -> libbsd.so.0.8.2', unusual mode 'rwxr-xr-x' for symlink './lib/x86_64-linux-gnu/libdbus-1.so.3 -> libdbus-1.so.3.14.6', unusual mode 'rwxr-xr-x' for symlink './lib/x86_64-linux-o
..............................
snapcraft push easy-disk-cleaner_1.0.2_amd64.snap  4.12s user 1.39s system 1% cpu 5:47.05 total

[develar]

@Qiplex Please refile as a new issue please about symlinks.

[Qiplex]

@develar sure. #2616