Snap (package manager)
Snap is a software deployment and package management system developed by Canonical for the Linux operating system. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions allowing distribution-agnostic upstream software packaging. Snap was originally designed for Ubuntu Touch. The system is designed to work for internet of things, cloud and desktop computing.
Functionality
Snap application packages of software are self-contained and work across a range of Linux distributions. This is unlike traditional Linux package management approaches, like APT or YUM, which require specifically adapted packages for each Linux distribution therefore adding delay between application development and its deployment for end-users.Snaps themselves have no dependency on any "app store", can be obtained from any source and can be therefore used for upstream software deployment. When snaps are deployed on Ubuntu and other versions of Linux, the snap store is used as the back-end. Snaps introduces channels which define which release of a snap is installed and tracked for updates.
Developers can use snaps to create command line tools and background services as well as desktop applications. With snap applications, upgrades via atomic operation or by deltas are possible. With the use of ‘content snaps’ developers can enable snaps to share programs and data so to reduce library, framework and in general dependency redundancy.
In June 2016, snapd was ported to a wide range of Linux distributions to enable snaps to be used across any Linux distribution, not just the all-snap Ubuntu Core. snapd is also available or in progress for Arch Linux, CentOS, Debian, Fedora, Solus, Manjaro Linux, OpenEmbedded, Raspbian, OpenWrt and openSUSE. Each distribution is able to interpret the snap metadata to implement the security or other expectations of the snap in a distribution-specific fashion.
Snapcraft
Snapcraft is a tool for developers to package their programs in the Snap format..snap file format
The snap file format is a single compressed filesystem that is mounted dynamically by the host operating system, together with declarative metadata that is interpreted by the snap system to set up an appropriately shaped secure sandbox or container for that application. The file format extension is.snap.Usage
Programmers have deployed Snap packaging in Internet-of-Things environments, ranging from consumer-facing products to enterprise device management gateways. Ubuntu desktop images from version 16.04 onwards have included Snap by default. Software from Microsoft, i.e..NET Core 3.1, for Linux is also distributed in the snap format. Snapcraft supports macOS and plans to support Microsoft Windows.Criticism
While snaps can connect to platform snaps to reduce the size of application snaps, this setup still usually has a footprint many times larger than if the same program was installed from a traditional package that was compiled to use system libraries.In Ubuntu 20.04 LTS, Canonical quietly gave up shipping GNOME's Calculator and System Monitor as snaps because they were out of date compared with the rest of GNOME, took much longer to start up due to problems inherent to the snap format, and increased the size of the installation media as an entire GNOME Platform snap that was also out of date was shipped to accommodate these packages.
As there is a wall of separation between snaps and the system, integration issues such as incorrect theming frequently occur. Some applications attempt to "hack around" this problem by bundling the theme that they think is most likely in use on the end user's system. However, due to the many desktops and themes that a user could potentially have, there is no way to be certain that it will look right. A reviewer of Kubuntu 20.04 LTS pointed out that despite Canonical pushing snaps on Kubuntu users, when a KDE application was installed from the Snapcraft store, it did not integrate with the KDE desktop's dark theme. Another limitation is that because the snapd daemon which manages Snap packages relies on Systemd, at the moment it only works with distributions that use this init.
The developer of the screen capture tool Peek discontinued support for Snap packages in March 2018, while continuing support for Flatpak and AppImage, stating that
- Snap is "still mainly an Ubuntu show", criticizing the fact that snapd is no longer available in the official Arch Linux repository, even though it is available in the community repository of Arch Linux based distribution, Manjaro, and can be installed via pacman or Manjaro's GUI pamac.
- Using snap is more time-consuming than Flatpak or AppImage for developers,
- Ubuntu Software Center doesn't take advantage of AppStream data, requiring separate entry data.
Red Hat employee Adam Williamson, while acknowledging his own bias, has criticized Snap for keeping the server side closed-source, not having a mechanism for using third party servers, and having to sign a contributor license agreement to contribute to its development.
Clement Lefebvre has written that Snap is biased and has a conflict of interest. The reasons he cited include it being governed by Canonical and locked to their store, and also that Snap works better on Ubuntu than on other distributions.
LeFebvre, in the May 2020 edition of the Linux Mint Blog, announced that in Linux Mint 20, the next version of Mint, the APT software package management software would forbid installation of snapd. The decision resulted from Canonical's decision in 2019 to change the method for installing the Chromium web browser from APT to Snap. Instead, the Mint developers will instruct users how download and install Chromium themselves, without using Snap.
GNOME Software removed snap support in July of 2019, due to code quality issues, lack of integration, and the fact that it competes with the GNOME-supported Flatpak standard.
Security issues
Software in the Snapcraft store is not audited by Canonical to make sure that it is free of malware.Canonical does not require the author of the software to personally upload and maintain it, and encourages proprietary binary-only software which cannot be audited to be uploaded into the store.
On at least one instance, in May 2018, two such proprietary applications which were uploaded by a single developer, were found to contain a cryptocurrency miner, which uses the victim's computing resources to harvest cryptocurrency on behalf of the attacker.
In addition to making it easy for a bad actor to upload computer malware into a packaging system that is present in every official version of Ubuntu, the Snapcraft store often hosts outdated software, which could be accumulating unpatched security vulnerabilities. In one case, Microsoft left an outdated version of Skype in the Snapcraft store for over a year.
If Canonical decides to remove a malicious or outdated Snap from the store, there exists no remote deletion mechanism to make sure that it is removed from a user's computer, or that they are even warned about it.
Even if the user has no interest in using snap, there is still the snapd service consuming system memory and running at the root user. Dangling processes running as root can increase the attack surface of the operating system. Good computing hygiene requires that these be kept to a minimum, and sandboxed if possible.
When snaps are sandboxed, it relies on various methods that are fairly unique to Ubuntu, such as AppArmor. When AppArmor and/or anything else snapd requires to enforce the security sandboxing on an app are not present, there is no sandbox. As a result, on many distributions, running a snap is no more secure than running random unconfined software from any other source.
When a publisher uses the snap store to host an application, they can choose which confinement mode the sandbox will operate in, including no sandboxing. This allows a malicious person to choose to run their application unconfined. It would then be free to attack the victim's system, with no need to find a sandbox escape, beginning with the privileges of the logged-in user. Such privileges could then be escalated to root if a privilege escalation vulnerability is also used.