Ubuntu Summit Canonical remains true to its snap format, as evidenced by coverage at its first public meeting in several years.
Vulture Towers Central Europe are located in Prague – which is also, conveniently, the location for Canonical’s Ubuntu Summit 2022. A significant portion of the coverage is devoted to the company’s IoT offering, Ubuntu Core, and the Snap packaging system it’s built on. In fact, the second talk at the event was by Oliver Grawert, one of the core architects of the system, entitled: “An Ubuntu for a 10-ton steel press and your window blinds: UbuntuCore at a glance.”
The Snap project grew out of Ubuntu’s 2014 effort to build an Ubuntu-powered phone. When it became apparent that the phone project was “not commercially viable,” the company attempted to move some technology from the phone project into its nascent Ubuntu Core distribution, its game for the Internet of Things market, with the aim of ” fail-safe, craft-proof and reliable at a higher level.”
This means that while Snap only appeared as a standard part of Ubuntu 15.04, that was already over a year later: it predates its cross-platform package competitor Flatpak. Grawert told us that Ubuntu Phone developers evaluated Flatpak and its predecessor xdg app and decided that it was not suitable for their needs.
Grawert’s talk outlined some of the core features Snap offers: Packages are a single compressed file that uses the existing one pumpkins Format which is then GPG signed. So as a signed, read-only single file, it’s possible to verify that they haven’t been modified or tampered with — exactly the same desirable qualities claimed by the new, more secure Unified Kernel Image boot system.
Oliver Smith, Canonical’s product manager for Ubuntu Desktop, told us that this is a justification for the single-source desktop app snaps, the Ubuntu Snap Store: The company carefully curates the apps available in the store, checking their integrity and functionality and Because the desktop version only pulls snaps from this one source by default, snaps are significantly more secure than the older one Personal package archive External repositories System for distributing software not included in Ubuntu’s repos.
As Grawert put it, “PPAs give an unknown third party root access to your operating system.” You can’t be sure of the intentions of whoever maintains a PPA, and only releasing a supposedly newer version of an existing package will do that next software update install it, whatever it is, whether it contains a bitcoin mining app or a rootkit.
And while there’s still only one official Snap store, it’s possible to host them elsewhere. We’ve already mentioned Ubuntu Unity creator Rudra Saraswat’s proof-of-concept “lol” snap store, but co-founder Viktor Petersson explained that his company is releasing Screenly Snaps from his own private snap store, made entirely of tools was created by Ubuntu repositories.
Ubuntu Core uses four core types of Snap: kernel, base , apartment and device snaps. That
snapd The infrastructure itself can also be distributed on the fly, allowing it to update itself. Snapd depends on systemd’s mount units to loop mount packages, but this has a desirable side effect: it’s possible to install snapd, use it to install a snap, and then remove snapd itself. The snap file remains part of the operating system and works even if snapd no longer exists.
In Ubuntu Core, the kernel itself is distributed as a snap package, although they acknowledge that this requires some kernel patching. This means that Snap’s atomic, transactional updates also apply to Core’s kernel package: a new kernel Snap can be installed, the machine restarted, and if the system doesn’t start properly, it will automatically update without intervention in the previous kernel rebooted.
Because older snapshots are preserved, this speeds up downloading of updates: only the differences need to be sent over the wire, which can be important for remote IoT devices that pull updates over a cellular connection.
The different types of snaps allow a “content” snap to provide other functionality, for example there are base snaps that provide the core files of every LTS Ubuntu release since snap support appeared in 14.04: There is
core22 snaps. Canonical started packaging Firefox as a snap in Ubuntu 21.10, but that means the company now only has to maintain a single Firefox snap. Each time the Firefox snap is updated, the same package updates the Firefox version in Ubuntu 21.10, 22.04, 22.10 and this one in the foreseeable future as well. Each subsequent Ubuntu release means a modest one reduction in Canonical’s support load.
Snaps are isolated using three different mechanisms: AppArmor, seccomp, and namespaces. The combination means that even if a Snap app runs from the root account, bugs aside, it can’t escape the confinement.
Grawert’s talk listed nine other distributions with Snap support: Debian, Gentoo, Yocto, OpenEmbedded, openSUSE, Arch, OpenWRT, and Fedora. There is one important caveat though: Snapd’s AppArmor isolation mechanism isn’t present on all of these distros, with many preferring its rival SELinux. With AppArmor absent, the snap constraint is significantly weaker.
While Canonical doesn’t track downloads, installs, computers running Snaps, or anything else, a company representative unofficially told us that the company believes Snap adoption is significantly more widespread than what other cross-distribution reports suggest App packaging tools might suspect. and Canonical suspects that many more computers are running Snap apps than Flatpak apps.
An Early Access version of the Steam game store has been available as a snap for about six months, and the company tells us that it has already been installed over 100,000 times before its official release.
We are reassured by the positive attitude towards the Snapcraft tools and their use by both the company and the Summit attendees who use them, along with further explanations of how they work and why. While it remains debatable how naturally systemd – on which it depends – Snap seems unlikely to go away any time soon, and simply because of Ubuntu’s large base of users of the free product, particularly in the large Chinese market, it may yet catch on.
https://www.theregister.com/2022/11/09/canonical_conference/ Strong support for Snap, Ubuntu Core at Canonical conference • The Register