最後更新: 2024-11-14

目錄

• Install snapd
• Snaps
• Install Snaps
• Snap 's updates(refresh)
• Versions and Revisions
• Service management
• Interface management
• Snap 's Snapshot
• Snap 's confinement level

---

介紹

 

HomePage: https://snapcraft.io

Snaps are applications packaged with all their dependencies
  to run on all popular Linux distributions from a single build.

They update automatically and roll back gracefully.

The applications can be found under "/snap/bin".

Snap

 * read only images, called snaps.

  * System components and applications as self contained
   (except for the most basic OS features, such as network access)

  * Offers snaps a secure storage area isolated from other snaps

  * snap available using the Snap Store

OS snaps

The OS snap is a repacked rootfs that contains just ‘enough’ to run and manage snaps on a read-only file system.

When you install a snap for the first time, the OS snap (ubuntu-core) gets installed first,

it’s used as the platform for subsequently installed application snaps.

(you can be confident that a snap always runs on the same core stack)

Program

• sanp - a tool for interacting with snaps
• snapd - a management environment that handles installing and updating snaps using the transactional system

Link

HomePage: https://snapcraft.io/

Store(applications): https://snapcraft.io/store

 

---

Install snapd

 

Snapd is the background service(Daemon) that manages and maintains your snaps
(Install, configure, refresh and remove snap packages)

 

Debian 10

apt install snapd

reboot

Centos 7(EPEL)

yum install snapd

reboot

OR

systemctl enable --now snapd.socket

# To enable classic snap support

ln -s /var/lib/snapd/snap /snap

Check Version

snap version

snap    2.43.3
snapd   2.43.3
series  16
debian  10
kernel  4.19.0-6-amd64

Test it

snap install hello-world

hello-world

Hello World!

# Original snap, located in /var/lib/snapd/snaps

mount | grep snap

tmpfs on /run/snapd/ns type tmpfs (rw,nosuid,noexec,relatime,size=1623812k,mode=755)
/var/lib/snapd/snaps/core_8935.snap on /snap/core/8935 type squashfs (ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/hello-world_29.snap on /snap/hello-world/29 type squashfs (ro,nodev,relatime,x-gdu.hide)

ps aux | grep [s]napd

root     23563  2.5  0.2 1290420 32832 ?       Ssl  18:02   0:04 /usr/lib/snapd/snapd

 

---

Snaps

 

Snaps are Linux app packages

core

The core runtime environment for snapd

ubuntu-core

...

 

---

Install Snaps

 

Search snap package

snap find lxd

Name             Version        Publisher       Notes    Summary
lxd              3.23           canonical✓      -        System container manager and API

The ✓ alongside videolan in the above output indicates that the snap publisher has been verified

Show snap package info

snap info lxd

name:      lxd
summary:   System container manager and API
publisher: Canonical✓
store-url: https://snapcraft.io/lxd
contact:   https://github.com/lxc/lxd/issues
license:   unset
description: |
...
commands:
...
services:
  lxd.activate: oneshot, enabled, inactive
  lxd.daemon:   simple, enabled, inactive
snap-id:      J60k4JY0HppjwOjW8dZdYc8obXKxujRu
tracking:     latest/stable
refresh-date: today at 15:15 HKT
channels:
  latest/stable:    3.23        2020-03-30 (14133) 70MB -
  ...
installed:          3.23                   (14133) 70MB -

Install snap ( i.e. lxd )

snap install lxd

Remark: 指定安裝某一 version

snap install lxd --channel=stable    # risk: stable, beta, edge

詳見 Channels

List installed snaps on system

snap list [package]

Name  Version    Rev    Tracking  Publisher   Notes
core  16-2.43.3  8689   stable    canonical✓  core
lxd   3.23       14066  stable    canonical✓  -

"core"     automatically install by snapd to satisfy the requirements of other snaps.

Listing all installed revisions for a package

snap list --all lxd

Name  Version        Rev    Tracking      Publisher   Notes
lxd   5.0.0-b0287c1  22923  5.0/stable/…  canonical✓  disabled
lxd   5.0.2-838e1b2  24322  5.0/stable/…  canonical✓  -

snap list --all core

Name  Version    Rev   Tracking       Publisher   Notes
core  16-2.43.3  8689  latest/stable  canonical✓  core,disabled
core  16-2.44.1  8935  latest/stable  canonical✓  core

Notes:

'disabled' 即是

ls -l /snap/core

total 0
drwxr-xr-x 24 root root 321 Feb 13 01:41 8689
drwxr-xr-x 24 root root 321 Mar 22 03:18 8935
lrwxrwxrwx  1 root root   4 Mar 31 09:37 current -> 8935

Check for updates (check the channel being tracked by the snap)

snap refresh vlc

Removing a snap

snap remove lxd

 

---

Snap 's updates(refresh)

 

Snaps update automatically, and by default, the snapd daemon checks for updates 4 times a day.

Each update check is called a refresh.

人手 update (refresh)

snap refresh lxd

snap "lxd" has no updates available

Disabled automatically update (--hold)

e.g.

snap refresh --hold=24h firefox

snap refresh --hold=forever firefox

# Remove a hold

snap refresh --unhold firefox

查看 Auto update time

snap refresh --time

timer: 00:00~24:00/4
last: n/a
hold: today at 20:00 HKT
next: today at 18:02 HKT (but held)

OR

timer: 00:00~24:00/4
last: today at 13:27 HKT
next: today at 21:19 HKT

Settings

• refresh.timer: defines the refresh frequency and schedule
• refresh.hold: delays the next refresh until the defined time and date
• refresh.metered: pauses refresh updates when network connection is metered
• refresh.retain: sets how many revisions of a snap are stored on the system

i.e.

snap set system refresh.timer=4:00-7:00,19:00-22:10

snap set system refresh.timer=mon,wed                 # Monday and on Wednesday, at 0:00

snap set system refresh.hold="2020-05-01T00:00:00+08:00"

snap unset system refresh.hold

snap get system refresh.hold

2020-05-01T00:00:00+08:00

# To see details about what changed during the last refresh

snap changes

ID   Status  Spawn               Ready               Summary
6    Done    today at 17:47 HKT  today at 17:47 HKT  Switch "lxd" snap to channel "5.9/stable"
7    Done    today at 17:47 HKT  today at 17:48 HKT  Refresh "lxd" snap

Channels

Structure: <track>/<risk>/<branch>

The default track is called latest

Tracks (Default: latest)

Enable snap developers to publish multiple supported releases of their application under the same snap name.

Risk-levels

stable, candidate, beta, edge

安某 channel 的 package

snap install ---channel=beta vlc

snap install --channel=edge vlc

轉另一個 Version

snap switch --channel=stable vlc

snap switch --channel=3.22/stable lxd

snap refresh lxd

 

---

Versions and Revisions

 

Version: the version of the software being packaged, as assigned by the developers

Revision: the sequence number assigned by the store when the snap file was uploaded

Revision

tree -L 1 /snap/core

/snap/core
├── 8689
├── 8935
└── current -> 8935

 

Reverting an installed snap (revisions)

snap list lxd --all

Name  Version  Rev    Tracking       Publisher   Notes
lxd   3.23     14133  latest/stable  canonical✓  disabled
lxd   4.0.0    14194  latest/stable  canonical✓  -

# 由 4.0.0 downgrade 回 3.23

snap revert lxd

lxd reverted to 3.23

Keep revisions

# maximum number of a snap's revisions stored by the system after the next refresh

snap set system refresh.retain=3

snap get system refresh.retain

3

人手清沒用的 revision

ls -l /snap/core

total 0
drwxr-xr-x 24 root root 321 Feb 13 01:41 8689
drwxr-xr-x 24 root root 321 Mar 22 03:18 8935
lrwxrwxrwx  1 root root   4 Mar 31 09:37 current -> 8935

snap remove core --revision=8689

 

 

---

Service management

 

# Lists all services

snap services

Service       Startup  Current   Notes
lxd.activate  enabled  inactive  -
lxd.daemon    enabled  inactive  socket-activated

# restart, stop, start

• snap restart lxd
• snap stop lxd
• snap start lxd

# To prevent a service from starting on the next boot

• snap stop --disable lxd

# 開機自動 start

• snap start --enable lxd

# keep log output open

snap logs lxd [-f]

 

---

Interface management

 

When a snap needs to access a resource outside of its own confinement, it uses an interface.

listing is for connected plugs and slots for all snaps in the system

snap connections [<snap>]

e.g.

snap connections lxd

Interface       Plug                Slot             Notes
lxd             -                   lxd:lxd          -
lxd-support     lxd:lxd-support     :lxd-support     -
network         lxd:network         :network         -
network-bind    lxd:network-bind    :network-bind    -
system-observe  lxd:system-observe  :system-observe  -

--all to also           list unconnected plugs and slots.

slot is the provider of the interface (can support multiple plug connections) while the plug is the consumer

Interfaces provided by the system begin with the : (colon) symbol and are implemented by the Core snap

# To make a connection

snap connect <snap>:<plug interface> <snap>:<slot interface>

# To disconnect an interface

snap disconnect <snap>:<plug interface> <snap>:<slot interface>

 

---

Snap Configuration

 

snap get SNAP

If there are no configuration options, you will see "error: snap <snap name> has no configuration"

 

---

Snap 's Snapshot

 

# manually (creates a snapshot for all installed snaps)

# automatically when a snap is removed

# --no-wait => regaining access to your terminal

snap save [--no-wait]

Set  Snap  Age    Version    Rev    Size    Notes
2    core  304ms  16-2.44.1  8935     124B  -
2    lxd   204ms  3.23       14133    451B  -

List snapshots

snap saved [--id=2]

Set  Snap  Age    Version    Rev    Size    Notes
1    lxd   2d22h  3.23       14066    451B  auto
2    core  22.3s  16-2.44.1  8935     124B  -
2    lxd   22.2s  3.23       14133    451B  -

* auto in the Notes => Automatic snapshot

To verify the integrity of a snapshot

snap check-snapshot 2

Snapshot #2 verified successfully.

Restoring a snapshot

snap restore 2

Deleting a snapshot

snap forget 2

Snapshot #2 forgotten.

Automatic snapshot

 *  a snapshot is generated automatically when a snap is removed

# The default value is 31 days

# change to 30 hours

snap set system snapshots.automatic.retention=30h

# To Disable

snap set system snapshots.automatic.retention=no

Snapshot anatomy

Snapshots are stored as a zip file for each snap

• meta.json: describes the contents of the snapshot,
                   alongside its configuration and checksums for the archives.
• archive.tgz: contains system data.
• user/<username>.tgz: contains any user data (for each system user).

Ubuntu-based systems: /var/lib/snapd/snapshots

 

---

Snap 's confinement level

 

The degree of isolation it has from your system. Strict, Classic

Strict

Do not access your files, network, processes or any other system resource without requesting specific access via an interface.

It uses security features of the Linux kernel, including AppArmor, seccomp and namespaces,
  to prevent applications and services accessing the wider system.

Classic

Allows access to your system 's resources in much the same way traditional packages do.

Checking

snap info --verbose lxd | grep confinement

  confinement:       strict

 

---