From 5ab34603a6163d57590365ef62ceeece0c3d8477 Mon Sep 17 00:00:00 2001
From: Dani Llewellyn <diddledani@ubuntu.com>
Date: Mon, 29 Aug 2022 20:46:33 +0100
Subject: [PATCH 1/3] Add PYTHONPATH environment variable to snapcraft.yaml

This fixes #1438: `encodings` module not found

The variable replaces the `sitecustomize.py` file from `snap/local` because it is no-longer functional due to changes in snapcraft.
---
 snap/local/usr/lib/python3.8/sitecustomize.py | 22 -------------------
 snap/snapcraft.yaml                           |  1 +
 2 files changed, 1 insertion(+), 22 deletions(-)
 delete mode 100644 snap/local/usr/lib/python3.8/sitecustomize.py

diff --git a/snap/local/usr/lib/python3.8/sitecustomize.py b/snap/local/usr/lib/python3.8/sitecustomize.py
deleted file mode 100644
index 39595b57..00000000
--- a/snap/local/usr/lib/python3.8/sitecustomize.py
+++ /dev/null
@@ -1,22 +0,0 @@
-import site
-import os
-
-snap_dir = os.getenv("SNAP")
-snapcraft_stage_dir = os.getenv("SNAPCRAFT_STAGE")
-snapcraft_part_install = os.getenv("SNAPCRAFT_PART_INSTALL")
-
-# Do not include snap_dir during builds as this will include
-# snapcraft's in-snap site directory.
-if snapcraft_stage_dir is not None and snapcraft_part_install is not None:
-    site_directories = [snapcraft_stage_dir, snapcraft_part_install]
-else:
-    superbuild_dir = os.path.join(snap_dir, 'odm/SuperBuild/install')
-    site_directories = [snap_dir, superbuild_dir]
-
-for d in site_directories:
-    if d:
-        site_dir = os.path.join(d, "lib/python3.8/site-packages")
-        site.addsitedir(site_dir)
-
-if snap_dir:
-    site.ENABLE_USER_SITE = False
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index 4dd0b4bd..38d79132 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -209,6 +209,7 @@ apps:
     environment:
       # Ensure libraries are found
       LD_LIBRARY_PATH: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/blas:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/lapack:$LD_LIBRARY_PATH
+      PYTHONPATH: $SNAP/odm/SuperBuild/install:$SNAP/lib/python3.8/site-packages:$SNAP/usr/lib/python3/dist-packages/:$SNAP/usr/lib/python3.8
     plugs:
       - home
       - network

From 07fcf73a884a7a333799242a36da0a9cdfcf8089 Mon Sep 17 00:00:00 2001
From: Dani Llewellyn <diddledani@ubuntu.com>
Date: Mon, 29 Aug 2022 20:48:12 +0100
Subject: [PATCH 2/3] Drop snapcraft-preload from snap package

The multiprocessing python module should function correctly with the newer method of using a private shared memory for the snap (see the plug `shared-memory` with `private` set to `true`).
---
 snap/snapcraft.yaml | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index 38d79132..e17ab37d 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -191,21 +191,13 @@ parts:
     source: snap/local
     plugin: dump
 
-  snapcraft-preload:
-    source: https://github.com/sergiusens/snapcraft-preload.git
-    plugin: cmake
-    cmake-parameters:
-      - -DCMAKE_INSTALL_PREFIX=/
-    build-packages:
-      - on amd64:
-        - gcc-multilib
-        - g++-multilib
+plugs:
+  shared-memory:
+    private: true
 
 apps:
   opendronemap:
     command: odm/run.sh
-    command-chain:
-      - bin/snapcraft-preload # Fixes multiprocessing python module
     environment:
       # Ensure libraries are found
       LD_LIBRARY_PATH: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/blas:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/lapack:$LD_LIBRARY_PATH

From c6508b3f8bee4e6586d6b1fe285eaad4410abb62 Mon Sep 17 00:00:00 2001
From: Dani Llewellyn <diddledani@ubuntu.com>
Date: Mon, 29 Aug 2022 20:51:49 +0100
Subject: [PATCH 3/3] Update LD_LIBRARY_PATH in snapcraft.yaml

This fixes CVE-2020-27348 where snapcraft/snapd don't set an LD_LIBRARY_PATH upon invoking a snap so including `:$LD_LIBRARY_PATH` at the end of our custom setting we were causing an empty entry to be appended. This causes the ability for someone to potentially load an arbitrary library into our runtime because the empty entry in the search path means the dynamic linker will search the "current working directory" of where the app was launched from outside of confinement.

We also include the SuperBuild `lib` directory in the search path.
---
 snap/snapcraft.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index e17ab37d..6856a9a8 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -200,7 +200,7 @@ apps:
     command: odm/run.sh
     environment:
       # Ensure libraries are found
-      LD_LIBRARY_PATH: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/blas:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/lapack:$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH: $SNAP/odm/SuperBuild/install/lib:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/blas:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/lapack
       PYTHONPATH: $SNAP/odm/SuperBuild/install:$SNAP/lib/python3.8/site-packages:$SNAP/usr/lib/python3/dist-packages/:$SNAP/usr/lib/python3.8
     plugs:
       - home