snap

最後更新: 2020-04-02

介紹

 

Snaps are applications packaged with all their dependencies to run on all popular Linux distributions from a single build.

They update automatically and roll back gracefully.

applications can be found under /snap/bin

Snap

 * read only images, called snaps.

  * System components and applications as self contained
   (except for the most basic OS features, such as network access)

  * Offers snaps a secure storage area isolated from other snaps

  * snap available using the Snap Store

OS snaps

The OS snap is a repacked rootfs that contains just ‘enough’ to run and manage snaps on a read-only file system.

When you install a snap for the first time, the OS snap (ubuntu-core) gets installed first,

it’s used as the platform for subsequently installed application snaps.

(you can be confident that a snap always runs on the same core stack)

Program

  • sanp - a tool for interacting with snaps
  • snapd - a management environment that handles installing and updating snaps using the transactional system

Link

HomePage: https://snapcraft.io/

Store(applications): https://snapcraft.io/store

 


Install

 

# Debian 10

apt install snapd

reboot

# Centos 7(EPEL)

yum install snapd

reboot

OR

systemctl enable --now snapd.socket

# To enable classic snap support

ln -s /var/lib/snapd/snap /snap

# Check Version

snap version

snap    2.43.3
snapd   2.43.3
series  16
debian  10
kernel  4.19.0-6-amd64

# Test it

snap install hello-world

hello-world

Hello World!

# Original snap, located in /var/lib/snapd/snaps

mount | grep snap

tmpfs on /run/snapd/ns type tmpfs (rw,nosuid,noexec,relatime,size=1623812k,mode=755)
/var/lib/snapd/snaps/core_8935.snap on /snap/core/8935 type squashfs (ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/hello-world_29.snap on /snap/hello-world/29 type squashfs (ro,nodev,relatime,x-gdu.hide)

ps aux | grep [s]napd

root     23563  2.5  0.2 1290420 32832 ?       Ssl  18:02   0:04 /usr/lib/snapd/snapd

 


Install Snaps

 

# search snap

snap find lxd

Name             Version        Publisher       Notes    Summary
lxd              3.23           canonical✓      -        System container manager and API

The ✓ alongside videolan in the above output indicates that the snap publisher has been verified

# show snap info

snap info lxd

name:      lxd
summary:   System container manager and API
publisher: Canonical✓
store-url: https://snapcraft.io/lxd
contact:   https://github.com/lxc/lxd/issues
license:   unset
description: |
...
commands:
...
services:
  lxd.activate: oneshot, enabled, inactive
  lxd.daemon:   simple, enabled, inactive
snap-id:      J60k4JY0HppjwOjW8dZdYc8obXKxujRu
tracking:     latest/stable
refresh-date: today at 15:15 HKT
channels:
  latest/stable:    3.23        2020-03-30 (14133) 70MB -
  ...
installed:          3.23                   (14133) 70MB -

# Install snap ( i.e. lxd )

snap install lxd

Remark: 指定安裝某一 version

snap install lxd --channel=3.23/stable

# list installed snaps on system

snap list

Name  Version    Rev    Tracking  Publisher   Notes
core  16-2.43.3  8689   stable    canonical✓  core
lxd   3.23       14066  stable    canonical✓  -

"core"     automatically install by snapd to satisfy the requirements of other snaps.

# list installed snap version

snap list lxd

Name  Version  Rev    Tracking       Publisher   Notes
lxd   4.0.0    14194  latest/stable  canonical✓  -

# Listing all installed revisions

snap list --all vlc

error: no matching snaps installed

snap list --all core

Name  Version    Rev   Tracking       Publisher   Notes
core  16-2.43.3  8689  latest/stable  canonical✓  core,disabled
core  16-2.44.1  8935  latest/stable  canonical✓  core

Notes 'disabled' 即是

ls -l /snap/core

total 0
drwxr-xr-x 24 root root 321 Feb 13 01:41 8689
drwxr-xr-x 24 root root 321 Mar 22 03:18 8935
lrwxrwxrwx  1 root root   4 Mar 31 09:37 current -> 8935

# Check for updates (check the channel being tracked by the snap)

snap refresh vlc

Channels

Tracks (Default: latest)

enable snap developers to publish multiple supported releases of their application under the same snap name.

Risk-levels

stable, candidate, beta, edge

  • snap install ---channel=beta vlc
  • snap install --channel=edge vlc
  • snap switch --channel=stable vlc

轉另一個 Version

i.e.

snap switch --channel=3.22/stable lxd

snap refresh lxd

Versions and revisions

  • Version: the version of the software being packaged, as assigned by the developers
  • Revision: the sequence number assigned by the store when the snap file was uploaded

Revision

tree -L 1 /snap/core

/snap/core
├── 8689
├── 8935
└── current -> 8935

# Reverting an installed snap(revisions)

snap list lxd --all

Name  Version  Rev    Tracking       Publisher   Notes
lxd   3.23     14133  latest/stable  canonical✓  disabled
lxd   4.0.0    14194  latest/stable  canonical✓  -

# 由 4.0.0 downgrade 回 3.23

snap revert lxd

lxd reverted to 3.23

# Removing a snap

snap remove lxd

 


Snaps

 

core snap

The core runtime environment for snapd

ubuntu-core

...

lxd

lightweight container hypervisor

 


Service management

 

# to lists all the service

snap services

Service       Startup  Current   Notes
lxd.activate  enabled  inactive  -
lxd.daemon    enabled  inactive  socket-activated

# restart, stop, start

  • snap restart lxd
  • snap stop lxd
  • snap start lxd

# To prevent a service from starting on the next boot

  • snap stop --disable lxd
  • snap start --enable lxd

# keep log output open

snap logs lxd [-f]

 


Snaps updates(refresh)

 

Snaps update automatically, and by default, the snapd daemon checks for updates 4 times a day.

Each update check is called a refresh.

# 人手 update

snap refresh lxd

snap "lxd" has no updates available

Auto update time

snap refresh --time

timer: 00:00~24:00/4
last: n/a
hold: today at 20:00 HKT
next: today at 18:02 HKT (but held)

OR

timer: 00:00~24:00/4
last: today at 13:27 HKT
next: today at 21:19 HKT

Setting

  • refresh.timer: defines the refresh frequency and schedule
  • refresh.hold: delays the next refresh until the defined time and date
  • refresh.metered: pauses refresh updates when network connection is metered
  • refresh.retain: sets how many revisions of a snap are stored on the system

i.e.

snap set system refresh.timer=4:00-7:00,19:00-22:10

snap set system refresh.timer=mon,wed                 # Monday and on Wednesday, at 0:00

snap set system refresh.hold="2020-05-01T00:00:00+08:00"

snap unset system refresh.hold

snap get system refresh.hold

2020-05-01T00:00:00+08:00

# 2~20

snap set system refresh.retain=3

# to see details about what changed during the last refresh

snap changes

Keep revisions

# maximum number of a snap's revisions stored by the system after the next refresh

snap set system refresh.retain=2

# 人手清沒用的 revision

ls -l /snap/core

total 0
drwxr-xr-x 24 root root 321 Feb 13 01:41 8689
drwxr-xr-x 24 root root 321 Mar 22 03:18 8935
lrwxrwxrwx  1 root root   4 Mar 31 09:37 current -> 8935

snap remove core --revision=8689

 


Interface management

 

When a snap needs to access a resource outside of its own confinement, it uses an interface.

snap connections lxd

Interface       Plug                Slot             Notes
lxd             -                   lxd:lxd          -
lxd-support     lxd:lxd-support     :lxd-support     -
network         lxd:network         :network         -
network-bind    lxd:network-bind    :network-bind    -
system-observe  lxd:system-observe  :system-observe  -

slot is the provider of the interface (can support multiple plug connections) while the plug is the consumer

Interfaces provided by the system begin with the : (colon) symbol and are implemented by the Core snap

# To make a connection

snap connect <snap>:<plug interface> <snap>:<slot interface>

# To disconnect an interface

snap disconnect <snap>:<plug interface> <snap>:<slot interface>

 


Snap Configuration

 

snap get SNAP

If there are no configuration options, you will see "error: snap <snap name> has no configuration"

 


Snapshot

 

# manually (creates a snapshot for all installed snaps)

# automatically when a snap is removed

# --no-wait => regaining access to your terminal

snap save [--no-wait]

Set  Snap  Age    Version    Rev    Size    Notes
2    core  304ms  16-2.44.1  8935     124B  -
2    lxd   204ms  3.23       14133    451B  -

# see the state of your system’s snapshots

snap saved [--id=2]

Set  Snap  Age    Version    Rev    Size    Notes
1    lxd   2d22h  3.23       14066    451B  auto
2    core  22.3s  16-2.44.1  8935     124B  -
2    lxd   22.2s  3.23       14133    451B  -

* auto in the Notes => Automatic snapshot

# To verify the integrity of a snapshot

snap check-snapshot 2

Snapshot #2 verified successfully.

# Restoring a snapshot

snap restore 2

# Deleting a snapshot

snap forget 2

Snapshot #2 forgotten.

Automatic snapshot

 *  a snapshot is generated automatically when a snap is removed

# The default value is 31 days

# change to 30 hours

snap set system snapshots.automatic.retention=30h

# To Disable

snap set system snapshots.automatic.retention=no

Snapshot anatomy

Snapshots are stored as a zip file for each snap

  • meta.json: describes the contents of the snapshot, alongside its configuration and checksums for the archives.
  • archive.tgz: contains system data.
  • user/<username>.tgz: contains any user data (for each system user).

Ubuntu-based systems: /var/lib/snapd/snapshots

 


snap's confinement level

 

the degree of isolation it has from your system.

Strict

not access your files, network, processes or any other system resource without requesting specific access via an interface

uses security features of the Linux kernel, including AppArmor, seccomp and namespaces,

to prevent applications and services accessing the wider system.

Classic

Allows access to your system 's resources in much the same way traditional packages do.

Checking

snap info --verbose lxd | grep confinement

  confinement:       strict

 


 

Creative Commons license icon Creative Commons license icon