📢 Actions Speak Louder Than Words!

Control Your Snap Package

Posted: Jul 30, 2021 | Reading time: 7 min
post Robbi Nespu

Press here to skip the rant

I checking my email today and saw Bret Busby posted on Ubuntu-users mailing-list asking about “How do we disable the snap stuff” and likely it trigger some Ubuntu kipas-susah-mati replies when he typed:

As this snap stuff can not be trusted to not make unauthorised changes , and, cannot be trusted to not sabotage the system operation (this unauthorised snap interference probably explains the error messages that I have been getting, about incomplete and partial upgrades and resultant systems instability across my systems), how do we disable this malicious snap thing?

Well, it understandable how frustrated of him (as end user) about this snap thing. Ubuntu linux are well know previously as the most easier distro, good for newbie to start using linux and very supportive (that why it so popular back then) but now seem most of Ubuntu kipas-susah-mati expecting:

  • You can find solutions by yourself or I suggesting just removed it
  • Don’t complaint or we hammer you back..whack..whack < dig up old posts >
  • Don’t use it if you don’t like it. < close ears > lalalaaa…

This is bad, to me what Bret Busby is partial true from end-user perspective. If I refering back to CoC it said

Ubuntu is about showing humanity to one another: the word itself captures the spirit of being human

Do you know how old are him or anyone else that (stranger to you) communicate with you? He maybe old-man and a child. So try to be gentle and respect each others. Honestly what Bret Busby said there is nothing wrong actually because snap do that malicious thing behind us unless we configure it properly as per need and it is against GNU philosophy which likely it been mistreat the users by developers:

With free software, the users control the program, both individually and collectively. So they control what their computers do (assuming those computers are loyal and do what the users' programs tell them to do).

With proprietary software, the program controls the users, and some other entity (the developer or “owner”) controls the program. So the proprietary program gives its developer power over its users. That is unjust in itself; moreover, it tempts the developer to mistreat the users in other ways.

I don’t want to typed much more about thus mailing list stuff, but I just want to highlight, sometimes reality are harsh and please accept the user feedback and do something, else it will be like snap which ignoring feedback for many years and every newcomers are always frustrated about it. I hope one day, new developer of snap will do something about this as for now the current developer from Canonical Group Limited are ignoring the important feedback like this.

There is many reason why I use snap, but there is two main reason for me:

  1. Newer version of application (package) and sometimes it only available on snaps stores (such as fakecam )
  2. It easier for developer to package for both RPM and DEB Linux distribution platforms because it use it own packaging containers. Some distribution have strict deb package release (official), so compiling and package it by yourself is quite harder but snap offer easy way to package it.

So the choice is your preferences, to use it or not, if you use it then please take care and control it. You may refer to my guidelines below.


How to control and configure your snap stuff

You can read my mailing list replied here but I gonna posted here too, because it much easier for read to understand with HTML formatted instead of just plain text.

What is “snap refresh”?

This malicious updates check, download and update changes are called “snap refresh”. We need to configure it as by default it overkill for someone who have expensive disk space and network bandwidth. As far i know, there is no GUI application available to configure snap, so you must use CLI to take care the controls.

Timer of snap refresh

Timer is like scheduler / cronjob that execute snap refresh on specific timing. Ok, first take a look on the default timer setting (I using Debian BTW, so the default setting might be different for you).

$ snap refresh --time
timer: 00:00~24:00/4
last: today at 00:41 +08
next: today at 08:18 +08

That means by default it execute 4 times a day from 00:00 until 24:00 and I don’t like it. I change it to execute refresh on every last Sunday of the month at 23:00 (so it update after 30 days, once during 23:00 only)

$ sudo snap set system refresh.timer=sun5,23:00

Let verify changes..

$ snap refresh --time
timer: sun5,23:00
last: today at 00:41 +08
next: in 30 days, at 23:00 +08

Don’t do snap refresh on my metered network

it better to put some control for metered network too

$ sudo snap set system refresh.metered=hold

Number of a snap’s revisions stored on my storage

The value should be from >=2 until 20 only based on snap documentation. On my side (Debian) the numbers are already minimum (2) which is great!

$ sudo snap get system refresh.retain # get the current value

$ sudo snap set system refresh.retain=2 # you can set it using this command

Monitoring snap stuff

Last not least, you can use snap changes to monitor what happening behind

$ snap changes
ID   Status  Spawn                   Ready                   Summary
116  Done    yesterday at 11:26 +08  yesterday at 11:26 +08 Auto-refresh snap "snapd"
117  Done    today at 00:41 +08      today at 00:42 +08 Auto-refresh snap "gitkraken"

$ snap change 117
Status  Spawn               Ready               Summary
Done    today at 00:41 +08  today at 00:41 +08  Ensure prerequisites for "gitkraken" are available
Done    today at 00:41 +08  today at 00:42 +08  Download snap "gitkraken" (180) from channel "latest/stable"
Done    today at 00:41 +08  today at 00:42 +08  Fetch and check assertions for snap "gitkraken" (180)
Done    today at 00:41 +08  today at 00:42 +08  Mount snap "gitkraken" (180)
Done    today at 00:41 +08  today at 00:42 +08  Run pre-refresh hook of "gitkraken" snap if present
Done    today at 00:41 +08  today at 00:42 +08  Stop snap "gitkraken" services
Done    today at 00:41 +08  today at 00:42 +08  Remove aliases for snap "gitkraken"
Done    today at 00:41 +08  today at 00:42 +08  Make current revision for snap "gitkraken" unavailable
Done    today at 00:41 +08  today at 00:42 +08  Copy snap "gitkraken" data
Done    today at 00:41 +08  today at 00:42 +08  Setup snap "gitkraken" (180) security profiles
Done    today at 00:41 +08  today at 00:42 +08  Make snap "gitkraken" (180) available to the system
Done    today at 00:41 +08  today at 00:42 +08  Automatically connect eligible plugs and slots of snap "gitkraken"
Done    today at 00:41 +08  today at 00:42 +08  Set automatic aliases for snap "gitkraken"
Done    today at 00:41 +08  today at 00:42 +08  Setup snap "gitkraken" aliases
Done    today at 00:41 +08  today at 00:42 +08  Run post-refresh hook of "gitkraken" snap if present
Done    today at 00:41 +08  today at 00:42 +08  Start snap "gitkraken" (180) services
Done    today at 00:41 +08  today at 00:42 +08  Clean up "gitkraken" (180) install
Done    today at 00:41 +08  today at 00:42 +08  Run configure hook of "gitkraken" snap if present
Done    today at 00:41 +08  today at 00:42 +08  Run health check of "gitkraken" snap
Done    today at 00:41 +08  today at 00:42 +08  Consider re-refresh of "gitkraken"

Additional script

You can use this script to clean older snap and untangle revisions of your systems (copy and save it as snap_cleaner.sh, then chmod +x snap_cleaner.sh and executed it from terminal ./snap_cleaner.sh)

That all tips from me on how to takecare your snap stuff. Hopefully, the article helps you to take care snap packages and it revisions 👍

Edit

Have some thoughts, discussion or feedback on this post?
Webmentions IndieWeb

Below you can find the interactions that this page has had using Indieweb. Which means, you can mentioned this URL on any website that support WebMention. Have you written a response to this post? Let me know the URL:

(Do you not have a website set up with WebMention capabilities? You can use Comment Parade.)