This fixes CVE-2020-27348 where snapcraft/snapd don't set an LD_LIBRARY_PATH upon invoking a snap so including `:$LD_LIBRARY_PATH` at the end of our custom setting we were causing an empty entry to be appended. This causes the ability for someone to potentially load an arbitrary library into our runtime because the empty entry in the search path means the dynamic linker will search the "current working directory" of where the app was launched from outside of confinement.
We also include the SuperBuild `lib` directory in the search path.
The multiprocessing python module should function correctly with the newer method of using a private shared memory for the snap (see the plug `shared-memory` with `private` set to `true`).
This fixes#1438: `encodings` module not found
The variable replaces the `sitecustomize.py` file from `snap/local` because it is no-longer functional due to changes in snapcraft.
I think this was caused by the release of Snapcraft 4.4 recently which
might have different behaviour. The snap is missing a few python
packages/modules now, which were present when building earlier.
* Add missing Python packages
* Ensure libblas and liblapack can be found with an LD_LIBRARY_PATH
override.
* Rename reference to `python3.6` to `python3.8`.
Signed-off-by: Daniel Llewellyn <daniel@snapcraft.ninja>
Snapcraft complains about missing `libwebpdemux2` when building. This
commit adds it as a runtime dependency to fix the warning.
Signed-off-by: Daniel Llewellyn <daniel@snapcraft.ninja>
It seems that snapcraft-preload[1] installs to a different location when
building with core20 vs core18. This meant the snap builds fail with
being unable to find the executable. This commit changes the reference
to the preload script in the `snapcraft.yaml` to the core20-built
location.
[1] https://github.com/sergiusens/snapcraft-preload
Signed-off-by: Daniel Llewellyn <daniel@snapcraft.ninja>
Snap packages marked as `grade: devel` are not permitted to be released
to the `candidate` or `stable` channels in the Snap Store. This commit
changes the grade to `stable` now that everything seems to be working
well. Snaps build from this commit forward will be releasable to the
`candidate` and/or `stable` channels in the Snap Store :-)
Signed-off-by: Daniel Llewellyn <daniel@snapcraft.ninja>
* Adjust `PYTHONPATH` in Dockerfiles to newer `python3.8`
* Switch to 20.04 base images in Dockerfiles
* Switch snapcraft to use `base20`
* Update APT dependency versions in `snapcraft.yaml` to match those
available in Ubuntu 20.04
* Bump `pyproj` from version `2.2.2` to `3.0.0`
* Bump `numpy` from version `1.19.2` to `1.19.4`
* Add missing exclusions to `snapcraft.yaml` to reduce the size of snap
packages
* Add missing exclusions to Dockerfiles to reduce the size of container
images
* Update `configure.sh` to account for Ubuntu 20.04 instead of 18.04
* Nit: make `configure.sh` executable directly with `./configure.sh`
instead of `bash configure.sh`
Signed-off-by: Daniel Llewellyn <daniel@snapcraft.ninja>
* Use `snapcraft.yaml` as the source-of-truth for APT dependencies to reduce burden of maintianing multiple lists
Signed-off-by: Daniel Llewellyn <daniel@snapcraft.ninja>
* Add `snap/` directory containing
- `snapcraft.yaml` the build script
- `local/usr/lib/python3.6/sitecustomize.py` a snap-specific override
file to get python to recognise the snap's python paths
* Add `*.snap` to gitignore so built snap packages aren't accidentally
committed to the repository.
Piero Toffanin