Snap (package manager)

Snap is a software packaging and deployment system developed by Canonical for the operating systems that use the Linux kernel. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap was originally released for cloud applications[1] but was later ported to work for Internet of Things devices[3][4] and desktop[5][6] applications too.

snapd
Developer(s)Canonical Ltd.
Initial release9 December 2014 (2014-12-09)[1]
Stable release
2.48.2 [2] / 16 December 2020 (2020-12-16)
Repositoryhttps://github.com/snapcore/snapd
Written inGo, C
Operating systemLinux
LicenseGPLv3 (client), proprietary (server)
Websitesnapcraft.io

Functionality

Snap Store

The Snap Store allows developers to publish their applications directly to users.[7] With traditional Linux package management approaches like APT or YUM, the applications are packaged and distributed as part of the operating system. This creates a delay between application development and its deployment for end-users.[8][9] In contrast, application developers can publish their applications in the Snap Store and get them directly to users without any intervention from distribution maintainers.

All apps uploaded to the Snap Store undergo automatic testing, including a malware scan. However, Snap apps do not receive the same level of verification as software in the regular Ubuntu archives. In one case in May 2018, two applications by the same developer were found to contain a cryptocurrency miner which ran in the background during application execution. When this issue was found, Canonical removed the applications from the Snap Store and transferred ownership of the Snaps to a trusted third-party which re-published the Snaps without the miner present.[10][11][12] Although the Snap sandbox reduces the impact of a malicious app, Canonical recommends users only install Snaps from publishers trusted by the user.[13][14]

Because packages in the Snap Store are maintained by developers themselves, distribution maintainers cannot ensure packages meet quality standards and are timely updated. In one case, Microsoft left an outdated version of Skype in the Snapcraft store for over a year.[15]

Although the Snap Store by Canonical is currently the only existing store for snaps, Snap itself can be used without a store. Snap packages can be obtained from any source, including the website of a developer. Red Hat employee Adam Williamson and Linux Mint project lead Clement Lefebre have criticized Canonical for keeping some server side parts of the Snap Store closed-source.[16] Clement states that this creates a conflict of interest which harms the neutrality of Snap given that Canonical develops Ubuntu.[17]

Universal Linux packages

Snaps are self-contained packages that work across a range of Linux distributions. This is unlike traditional Linux package management approaches, which require specifically adapted packages for each Linux distribution.[18][19]

The snap file format is a single compressed filesystem using the SquashFS format with the extension .snap. This filesystem contains the application, libraries it depends on, and declarative metadata. This metadata is interpreted by snapd to set up an appropriately shaped secure sandbox for that application. After installation, the snap is mounted by the host operating system and decompressed on the fly when the files are used.[20][21] Although this has the advantage that snaps use less disk space, it also means some large applications start slower.[22]

A significant difference between Snap and other universal Linux packaging formats such as Flatpak is that Snap supports any class of Linux application such as desktop applications, server tools, IoT apps and even system services such as the printer driver stack.[7][23][24] As a result of this, Snap relies on systemd for features such as running socket-activated system services in a Snap.[25] This causes Snap to only work on distributions that use this init system.[26]

Configurable sandbox

Applications in a Snap run in a container with limited access to the host system. Using Interfaces, Users can give an application mediated access to additional features of the host such as recording audio, accessing USB devices and recording video.[27][28][29] These interfaces mediate regular Linux API's so that applications can function in the sandbox without needing to be rewritten. Desktop applications can also use the XDG Desktop Portals, a standardized API originally created by the Flatpak project to give sandboxed desktop applications access to host resources.[30][31] These portals often provide a better user experience compared to the native Linux API's because they prompt the user for permission to resources such as a webcam at the time the application uses them. The downside is that applications and toolkits need to be rewritten in order to use these newer API's.

The Snap sandbox also supports sharing data and Unix sockets between Snaps.[32] This is often used to share common libraries and application frameworks between Snaps to reduce the size of Snaps by avoiding duplication.[33][34]

The Snap sandbox heavily relies on the AppArmor Linux Security Module from the upstream Linux kernel. Because only one "major" Linux Security Module (LSM) can be active at the same time,[35] the Snap sandbox is much less secure when another major LSM is enabled. As a result, on distributions such as Fedora which enable SELinux by default, the Snap sandbox is heavily degraded. Although Canonical is working with many other developers and companies to make it possible for multiple LSM's to run at the same time, this solution is still a long time away.[36][35][37]

The Snap sandbox prevents snapped desktop applications from accessing the themes of the host operating system to prevent compatibility issues. In order for Snaps to use a theme, it also needs to be packaged in a separate Snap. Many popular themes are packaged by the Snap developers[38] but some themes are not supported yet[39] and uncommon themes have to be installed manually. If a theme is not available as a Snap package, users have to resort to choosing the best matching theme available.[40] Work is ongoing to make it easier for third parties to package themes in a Snap and to automatically install uncommon system themes.[41]

Automatic and atomic updates

Multiple times a day, snapd checks for available updates of all Snaps and installs them in the background using atomic operation. Updates can be reverted[42][43] and use delta encoding to reduce their download size.[44][45][46]

Publishers can release and update multiple versions of their software in parallel using channels. Each channel has a specific track and risk, which indicate the version and stability of the software released on that channel. When installing an application, Snap defaults to using the latest/stable channel, which will automatically update to new major releases of the software when they become available. Publishers can create additional channels to give users the possibility to stick to specific major releases of their software. For example, a 2.0/stable channel would allow users to stick to the 2.0 version of the software and only get minor updates without the risk of backwards incompatible changes. When the publisher releases a new major version in a new channel, users can manually update to the next version when they choose.[47][48][49][21]

Although automatic updates cannot be turned off, there are many ways to configure updates to suit particular needs. User can choose to remain on a specific major version of the software by specifying the channel, they can configure the update interval to have time to manually check updates, and they can hold updates for up to 60 days. In addition, updates are also automatically disabled on metered connections.[50][51] Even with these controls, a number of users have voiced their complaints about the lack of an option to turn automatic updates completely off.[52]

Snapcraft

snapcraft
Developer(s)Canonical Ltd.
Initial release29 October 2015 (2015-10-29)[1]
Stable release
4.4.2 [53] / 13 November 2020 (2020-11-13)
Repositoryhttps://github.com/snapcore/snapcraft
Written inPython
Operating systemLinux, macOS, Microsoft Windows
LicenseGPLv3
Websitesnapcraft.io

Snapcraft is a tool for developers to package their programs in the Snap format.[54] It runs on any Linux distribution supported by Snap, macOS[55] and Microsoft Windows.[56] Snapcraft builds the packages in a Virtual Machine using Multipass,[57] in order to ensure the result of a build is the same, regardless of which distribution or operating system it is built on.[58] Snapcraft supports a great number of build tools and programming languages such as Go, Java, JavaScript, Python, C/C++ and Rust. It also allows importing application metadata from multiple sources such as AppStream, git, shell scripts and setup.py files.[55][59]

Adoption

Snap initially only supported the all-Snap Ubuntu Core distribution but in June 2016, it was ported to a wide range of Linux distributions to become a format for universal Linux packages.[60] Snap requires functionality (systemd), available in Linux, some other Unix-like systems do not have, so e.g. FreeBSD doesn't have Snap. Chrome OS doesn't support Snap directly, only through Linux distros installed in it that support Snap, such as Gallium OS.[61]

A number of Linux distributions support Snap out of the box such as Ubuntu (and e.g. Kubuntu),[62] Manjaro,[63] Zorin OS,[64] KDE Neon,[65] Solus[66] and Li-f-e.[67] Snap is also available for many other distributions such as CentOS, Debian, Elementary OS, Fedora, GalliumOS, Kali Linux, Linux Mint, OpenEmbedded, Parrot Security OS, Pop! OS, Raspbian, Red Hat Enterprise Linux and openSUSE.[68]

A number of notable Desktop software development companies publish their software in the Snap Store, including Google,[69] JetBrains,[70] KDE,[71] Microsoft (for Linux versions of e.g. .NET Core 3.1,[72] Visual Studio Code, Skype,[73] and PowerShell), Mozilla[74] and Spotify.[75] Snaps are also used in Internet-of-Things environments, ranging from consumer-facing products[76] to enterprise device management gateways[77] and satellite communication networks.[78][79] Finally, Snap is also used by developers of server applications such as InfluxDB,[80] Kata Containers,[81] Nextcloud[82] and Travis CI.[83]

In 2019, Canonical decided to switch the Chromium web browser in future Ubuntu releases from an APT package to a Snap. They explained that Snap made it much easier to support Chromium on all supported Ubuntu releases. This allowed them to focus engineering resources on other parts of the Ubuntu desktop.[84][7] As a result of this decision, Ubuntu derivatives such as Linux Mint had to choose between maintaining their own version of the Chromium package or switching to the snapped version of Chromium maintained by Canonical. Clement Lefebre, Linux Mint founder and project leader,[85] cited this as the reason why Linux Mint 20 blocks users from installing Snap.[86] Since Snap is still available in the Linux Mint repositories, users can still install it after manually removing the restrictions.[87]

See also

References

  1. Shuttleworth, Mark (9 December 2014). "Announcing Ubuntu Core, with snappy transactional updates!". Retrieved 2020-08-07.
  2. "Releases · snapcore/snapd". GitHub. Retrieved 2021-02-05.
  3. "Ubuntu Core and Snappy [LWN.net]". lwn.net. Retrieved 2020-08-08.
  4. "Canonical unveils Snappy Ubuntu Core, a lightweight operating system for your home - ExtremeTech". www.extremetech.com. Retrieved 2020-08-08.
  5. Bhartiya, Swapnil (2015-04-27). "Is Ubuntu moving away from .deb packages? Here is the complete story". CIO. Retrieved 2020-08-08.
  6. Vaughan-Nichols, Steven J. "The future of Linux desktop application delivery is Flatpak and Snap". ZDNet. Retrieved 2020-08-08.
  7. S, James; August 6, ers in Software on; 2019; Pst, 8:53 Am. "Why Canonical views the Snap ecosystem as a compelling distribution-agnostic solution". TechRepublic. Retrieved 2020-08-05.CS1 maint: numeric names: authors list (link)
  8. Upgrading packaged Ubuntu application unreasonably involves upgrading entire OS Bug #578045 on bugs.launchpad.net/ubuntu by John King (2010-05-10)
  9. Linus Torvalds on the problems of distro packaging Linus Torvalds on DebConf 2014
  10. "How Canonical Is Improving Ubuntu Linux Security". eWEEK. Retrieved 2020-08-08.
  11. "Malware Found on the Ubuntu Snap Store". OMG! Ubuntu!. 2018-05-13. Retrieved 2020-07-19.
  12. Canonical (2018-05-15). "Trust and security in the Snap Store". Snapcraft. Retrieved 2020-08-05.
  13. "Packages for Ubuntu". Ubuntu. Retrieved 2020-08-07.
  14. "Bogus apps in store". snapcraft.io. 2018-03-27. Retrieved 2020-08-07.
  15. "Hey Microsoft, why is the Skype Snap app hopelessly outdated?". OMG! Ubuntu!. 2019-07-09. Retrieved 2020-07-19.
  16. "On Snappy and Flatpak: business as usual in the Canonical propaganda department". Happyassassin. Retrieved June 5, 2019.
  17. "Monthly News – June 2019". blog.linuxmint.com. Retrieved October 23, 2019.
  18. June 21, Jack Wallen in Open Source on; 2016; Pst, 8:13 Am. "Canonical changes the game by announcing universal snap packages". TechRepublic. Retrieved 2020-08-08.CS1 maint: numeric names: authors list (link)
  19. Kepes, Ben (2016-06-14). "Snap! Do the Linux distros finally agree on something?". Computerworld. Retrieved 2020-08-08.
  20. ReadySpace (2019-11-14). "A technical comparison between the snap and the Flatpak formats". ReadySpace Indonesia. Retrieved 2020-08-05.
  21. McKay, Dave. "How to Work with Snap Packages on Linux". How-To Geek. Retrieved 2020-08-05.
  22. "Squashfs performance effect on snap startup time". snapcraft.io. 2019-10-29. Retrieved 2020-08-05.
  23. "Call for testing: OpenPrinting's printing-stack-snap (Printing in a Snap)". snapcraft.io. 2018-03-09. Retrieved 2020-08-05.
  24. "Canonical unveils 6th LTS release of Ubuntu with 16.04". Ubuntu Insights. Canonical Ltd. Retrieved 22 April 2016.
  25. "Services and daemons".
  26. "WSL2- Ubuntu 20.04 Snap store doesn't work due to systemd dependency · Issue #5126 · microsoft/WSL". GitHub. Retrieved 2020-08-07.
  27. "Supported interfaces | Snapcraft documentation". Snapcraft. Retrieved 2020-08-05.
  28. ReadySpace (2019-06-06). "Snapcraft confinement & interfaces". ReadySpace China (in Chinese). Retrieved 2020-08-05.
  29. ReadySpace (2018-11-02). "A guide to snap permissions and interfaces". ReadySpace Hong Kong. Retrieved 2020-08-05.
  30. "Flatpak's XDG-Desktop-Portal Adds Initial Support For Snaps - Phoronix". www.phoronix.com. Retrieved 2020-08-05.
  31. "Desktop Integration — Flatpak documentation". docs.flatpak.org. Retrieved 2020-08-05.
  32. "The content interface". Snapcraft. Retrieved 2020-04-29.
  33. "Snappy Is Finally Doing Something About Super Large App Sizes". OMG! Ubuntu!. 2017-06-11. Retrieved 2020-08-07.
  34. "Bundling KDE". archive.fosdem.org. Retrieved 2020-08-07.
  35. "LSM stacking and the future [LWN.net]". lwn.net. Retrieved 2020-08-06.
  36. "How Are SNAPS claiming to have no internet plug regulated?". snapcraft.io. 2020-07-11. Retrieved 2020-08-06.
  37. Johansen, John (3 February 2019). "Containers with Different Security Modules".
  38. "How to use the system GTK theme via the gtk-common-themes snap". snapcraft.io. 2020-02-21. Retrieved 2020-08-06.
  39. "Kubuntu 20.04 LTS Review | ORDINATECHNIC". www.ordinatechnic.com. Retrieved 2020-07-19.
  40. "How to Change Snap App Theme on Ubuntu (With Examples)". OMG! Ubuntu!. 2020-06-18. Retrieved 2020-08-06.
  41. "Automatic theme snap installation notes". snapcraft.io. 2020-05-25. Retrieved 2020-08-06.
  42. "How to revert to a previous version of a snap package? wekan in this case". costales.github.io. 2017-03-08. Retrieved 2020-08-05.
  43. "A Beginners Guide to Snaps in Linux - Part 1". www.tecmint.com. Retrieved 2020-08-05.
  44. "Snapcraft - Snaps are universal Linux packages". Snapcraft.
  45. Willis, Nathan (28 January 2015). "Ubuntu Core and Snappy". Linux Weekly News. Retrieved 7 November 2015.
  46. Vaughan-Nichols, Steven J. "Ubuntu Snap takes charge of Linux desktop and IoT software distribution". ZDNet.
  47. "Controlling snap releases with channels, tracks and branches – Part 1". Ubuntu. Retrieved 2020-08-07.
  48. "Controlling snap releases with channels, tracks and branches – Part 2". Ubuntu. Retrieved 2020-08-07.
  49. Prakash, Abhishek. "Using Snap Packages In Ubuntu & Other Linux [Complete Guide]". Retrieved 2020-08-07.
  50. Logix. "How To Change Snap Refresh (Update) Schedule". Linux Uprising Blog. Retrieved 2020-08-07.
  51. Pope, Alan (3 March 2020). "Controlling Snap Updates".
  52. "Disabling automatic refresh for snap from store". Retrieved July 31, 2019.
  53. "Releases · snapcore/snapcraft". GitHub. Retrieved 2020-11-27.
  54. Brodkin, Jon. "Adios apt and yum? Ubuntu's snap apps are coming to distros everywhere". Ars Technica. Retrieved 13 August 2016.
  55. Nestor, Marius. "Canonical Releases Snapcraft 3.1 Snap Creator Tool with Various Improvements". softpedia. Retrieved 2020-08-05.
  56. Nestor, Marius. "Ubuntu's Snapcraft Snap Creator Tool Will Soon Get a Windows Installer". softpedia. Retrieved 2020-08-08.
  57. https://snapcraft.io/docs/build-options
  58. ReadySpace (2019-03-15). "Make your snap development faster". ReadySpace China (in Chinese). Retrieved 2020-08-05.
  59. "Using external metadata | Snapcraft documentation". Snapcraft. Retrieved 2020-08-05.
  60. "Ubuntu's container-style Snap app packages now work on other Linux distributions". TechCrunch. Retrieved 2020-08-08.
  61. "Installing snap on GalliumOS | Snapcraft documentation". Snapcraft. Retrieved 2020-08-18.
  62. Hoffman, Chris; PCWorld | (2016-04-18). "Ubuntu 16.04 will support 'Snaps' alongside Deb packages for improved software installation". PCWorld. Retrieved 2020-08-08.
  63. Evangelho, Jason. "Manjaro Linux 18.1 Is Officially Released, And You Have A New Choice To Make". Forbes. Retrieved 2020-08-08.
  64. "And the next version of Zorin OS is… | The official Zorin Blog". Retrieved 2020-08-05.
  65. "KDE Neon to Support Snap Apps in Plasma Discover". OMG! Ubuntu!. 2017-02-10. Retrieved 2020-08-05.
  66. Strobl, Joshua. "Solus 3 Released". Solus. Retrieved 2020-08-05.
  67. cyberorg (2020-07-07). "Li-f-e: Installing more applications". Li-f-e: Linux for Education | Enterprise. Retrieved 2020-08-05.
  68. "Installing snapd | Snapcraft documentation". Snapcraft. Retrieved 2020-08-05.
  69. "Google and Canonical bring Flutter apps to Linux and the Snap Store". VentureBeat. 2020-07-08. Retrieved 2020-08-05.
  70. "Install IntelliJ IDEA on Ubuntu with Snaps – IntelliJ IDEA Blog | JetBrains". JetBrains Blog. Retrieved 2020-08-05.
  71. "Month of KDE Applications Snaps – KDE neon Developers' Blog". Retrieved 2020-08-05.
  72. .NET Core 3.1.0 Preview 2, .NET Foundation, 2019-11-08, retrieved 2019-11-08
  73. Vaughan-Nichols, Steven J. "Use Ubuntu's snap to install Skype on any Linux desktop". ZDNet. Retrieved 2020-08-08.
  74. Hoffman, Chris; PCWorld | (2016-04-25). "Mozilla will provide Firefox as a Snap package for Ubuntu, cutting out the middleman". PCWorld. Retrieved 2020-08-05.
  75. "Spotify Now Available as a Snap App on Ubuntu". OMG! Ubuntu!. 2017-12-30. Retrieved 2020-08-05.
  76. Vaughan-Nichols, Stephen J. (11 May 2015). "Ubuntu jumps into Internet of Things with Acer, GE, and Microsoft". ZDNet. Retrieved 7 November 2015.
  77. Sherman, Jordana. "Snappy Core unlocks IoT value within the Dell Edge Gateway 5000 Series". Ubuntu Insights. Canonical Ltd. Retrieved 7 November 2015.
  78. "LimeSDR Mini takes off in satellites". LinuxGizmos.com. 2018-03-14. Retrieved 2020-08-05.
  79. "Ubuntu Core 18 released for secure, reliable IoT devices". Ubuntu. Retrieved 2020-08-05.
  80. "Install influxdb for Linux using the Snap Store". Snapcraft. Retrieved 2020-08-05.
  81. Nestor, Marius. "You Can Now Install Kata Containers VM as a Snap on Ubuntu, Other Linux Distros". softpedia. Retrieved 2020-08-05.
  82. April 27, Jack Wallen in Cloud on; 2020; Pst, 8:50 Am. "How to install Nextcloud with SSL using snap". TechRepublic. Retrieved 2020-08-08.CS1 maint: numeric names: authors list (link)
  83. "Install travis-worker for Linux using the Snap Store". Snapcraft. Retrieved 2020-08-05.
  84. Vaughan-Nichols, Steven J. "Ubuntu opens the door to talking with Linux Mint about Snap". ZDNet. Retrieved 2020-08-08.
  85. "Q&A: Clement Lefebvre: The man behind Linux Mint". techworld.com.au. Retrieved January 7, 2020.
  86. Vaughan-Nichols, Steven J. "Linux Mint dumps Ubuntu Snap". ZDNet. Retrieved 2020-08-08.
  87. Kumar, Sarvottam (2020-06-12). "How To Enable Snap And Install Snap Packages On Linux Mint 20?". Fossbytes. Retrieved 2020-08-08.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.