This article is more than 1 year old

Strong support for Snap and Ubuntu Core as Canonical meet IRL

Reg FOSS desk chats with one of the core architects

Ubuntu Summit Canonical remains committed to its Snap format as the coverage at its first public gathering in a few years shows.

Vulture Towers Central Europe are in Prague – which, handily, is also the location for Canonical's 2022 Ubuntu Summit. A significant amount of the coverage is devoted to the company's IoT offering, Ubuntu Core, and the Snap packaging system that it's built from. Indeed the second talk of the event was by Oliver Grawert, one of the core architects of the system, titled: "An Ubuntu for a 10 ton steel press and your window shades: UbuntuCore at a glance."

The Snap project emerged from Ubuntu's 2014 effort to build an Ubuntu-powered phone. When the phone project proved "not to be commercially viable", the company looked at moving some tech from the phone project into its nascent Ubuntu Core distribution, its play for the internet of things market, aimed at being "fail-safe, tinker-proof and reliable at a higher level."

This means that while Snap only appeared as a standard part of Ubuntu 15.04, this was already over a year down the line: it predates its cross-platform packaging rival Flatpak. Grawert told us that the Ubuntu Phone developers evaluated Flatpak and its forerunner xdg-app and decided that it wasn't suitable for their needs.

Grawert's talk outlined some of the core features that Snap offers: packages are a single compressed file, using the existing squashfs format, which is then GPG signed. So, as a signed, read-only single file, it's possible to verify that they have not been modified or tampered with – exactly the same desirable properties claimed by the new, more secure Unified Kernel Image boot system.

Oliver Smith, Canonical's product manager for Ubuntu Desktop, told us that this is a justification for the single-source for desktop app snaps, the Ubuntu Snap Store: the company carefully curates the apps available from the store, checks their integrity and functionality, and because the desktop version will by default only fetch snaps from this one source, snaps are considerably inherently more secure than the older Personal Package Archive external-repositories system for distributing software that isn't in Ubuntu's repos.

As Grawert put it, "PPAs give an unknown third party root access to your OS." You can't be sure of the intentions of whoever maintains a PPA, and merely by publishing an ostensibly newer version of an existing package, the next software update will install it, whatever it is, whether it includes a Bitcoin mining app or a rootkit.

And although there is still only one official Snap store, it is possible to host them elsewhere. We previously mentioned Ubuntu Unity creator Rudra Saraswat's proof-of-concept "lol" snap store, but co-founder Viktor Petersson explained that his company Screenly pushes snaps out to its intelligent signs from its own private snap store, built entirely from tools from the Ubuntu repositories.

Ubuntu Core uses four core types of snap: kernel, base , app and gadget snaps. The snapd infrastructure itself can also be distributed as a snap, enabling it to update itself. Snapd depends on systemd's mount units to loop-mount the packages, but this has a desirable side effect: it's possible to install snapd, use it to install a snap, and then remove snapd itself. The snap file will remain as part of the OS and still work, even if snapd is no longer present.

In Ubuntu Core, the kernel itself is distributed as a snap package, although they concede that this does require some kernel patches. This means Snap's atomic, transactional updates also apply to Core's kernel package: a new kernel snap can be installed, the machine rebooted, and if the system fails to start correctly, it will automatically reboot into the previous kernel without intervention.

Because older snaps are retained, this speeds up downloading updates: only the differences need be sent over the wire, which can be important for remote IoT devices fetching updates over a cellular link.

The different types of snaps enable one "content" snap to provide functionality to others, so for instance, there are base snaps that provide the core files of each LTS Ubuntu release since snap support appeared in 14.04: there are core16, core18, core20 and core22 snaps. Canonical started packaging Firefox as a snap in Ubuntu 21.10, but that means that the company now need only maintain a single Firefox snap. Every time the Firefox snap is updated, the same package updates the Firefox version in Ubuntu 21.10, 22.04, 22.10, and those in the foreseeable future too. Each successive Ubuntu release means a modest reduction in Canonical's support burden.

Snaps are isolated using three different mechanisms: AppArmor, seccomp and namespaces. The combination means that even if a snap apps is run from the root account, then bugs aside it can't escape the confinement.

Grawert's talk listed nine other distros with snap support: Debian, Gentoo, Yocto, OpenEmbedded, openSUSE, Arch, OpenWRT, and Fedora. There is a significant caveat, though: snapd's AppArmor isolation mechanism is not present on all of those distros, with many favouring the rival SELinux. When AppArmor is absent, snap confinement is significantly weaker.

Although Canonical does not track downloads, installations, machines running snaps or anything else, unofficially, a company representative told us that the company believes that snap adoption is considerably more widespread than one might suspect from the coverage of other cross-distro app packaging tools, and Canonical suspects that many times more machines are running snap apps than are running Flatpak ones.

An early-access version of the Steam game store has been available as a snap for about six months, and the company told us it has been installed over 100,000 times already, even before its official release.

The positivity around the Snapcraft tooling and their use, both from the company and the Summit attendees who are using it, together with more explanations of how it works and why, reassures us. Although it remains controversial, as of course does systemd – upon which it depends – snap looks unlikely to disappear any time soon, and simply through Ubuntu's large base of users of the free product, notably in the large Chinese market, it may yet prevail.

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like