Information About Snap Packages

Alexzee

Well-Known Member
Joined
Jun 1, 2019
Messages
3,679
Reaction score
1,962
Credits
21,883
I found this article and found it informal at the very least about snap packages.

Mint founder Clement Lefebvre made it very clear that the Ubuntu spin-off does not approve of the new package format and wouldn’t include it on base installs. Further, he announced that Mint 20 would actively block users from installing the snap framework through the package manager. It can still be installed manually, but this move is seen as a way to prevent it from being added to the system without the user’s explicit consent.


My concern is if removing snap will break an os?


When I used Google to ask: are snap packages secure? I got:

According to Garret, “Any Snap package you install is completely capable of copying all your private data to wherever it wants with very little difficulty.”

Here's the search if you'd like to do research of your own.

 


Mint founder Clement Lefebvre made it very clear that the Ubuntu spin-off does not approve of the new package format and wouldn’t include it on base installs.
It is my understanding that 'Mint' does not approve of the installation of the 'Snap Store' or the Snap downloader or whatever it is called without alerting the user that it is being installed.

Further, he announced that Mint 20 would actively block users from installing the snap framework through the package manager. It can still be installed manually,
It seems that 'Mint' did not actually "block" it but just made it more difficult to install AND ensures that the user knows what is transpiring.
"but this move is seen as a way to prevent it from being added to the system without the user’s explicit consent."
I, for one, agree with 'Mint' on this.

My concern is if removing snap will break an os?
No. But it may 'break' Snap package updates.

According to Garret, “Any Snap package you install is completely capable of copying all your private data to wherever it wants with very little difficulty.”
This is true. But it is also true of any package which a user installs from any source.
Including from the OS 'official' repositories.
The only assurance we, as users, have is the reputation and trustworthiness of the maintainers.
If a person does not 'trust' the maintainers of a distro's repositories then the person should probably not install that distro!

I have always had 'doubts' and concerns regarding Snap packages. Mostly because I could not find any assurance that the Snap packages were being 'curated'. I 'assume' that the packages in my distro's repositories are or have been tested and/ or inspected by the distro maintainers or upstream. Sooner or later you have to trust someone - or just unplug the machine and walk away.
 
When I used Google to ask: are snap packages secure? I got:

According to Garret, “Any Snap package you install is completely capable of copying all your private data to wherever it wants with very little difficulty.”

Here's the search if you'd like to do research of your own.

Some users are concerned are about Snap packages collecting personal data and sending it to Canonical.

These same users have no concerns about a wife or family member in their house using Windows 10 and collecting personal data and sending it to Microsoft.

Hmm.

Don't make a lot of sense does it.
 
It is my understanding that 'Mint' does not approve of the installation of the 'Snap Store' or the Snap downloader or whatever it is called without alerting the user that it is being installed.


It seems that 'Mint' did not actually "block" it but just made it more difficult to install AND ensures that the user knows what is transpiring.
"but this move is seen as a way to prevent it from being added to the system without the user’s explicit consent."
I, for one, agree with 'Mint' on this.


No. But it may 'break' Snap package updates.


This is true. But it is also true of any package which a user installs from any source.
Including from the OS 'official' repositories.
The only assurance we, as users, have is the reputation and trustworthiness of the maintainers.
If a person does not 'trust' the maintainers of a distro's repositories then the person should probably not install that distro!

I have always had 'doubts' and concerns regarding Snap packages. Mostly because I could not find any assurance that the Snap packages were being 'curated'. I 'assume' that the packages in my distro's repositories are or have been tested and/ or inspected by the distro maintainers or upstream. Sooner or later you have to trust someone - or just unplug the machine and walk away.
Thanks for chiming in Vrai.
Getting your ideas and feedback about things that are going on always helps.

You're right, we have to trust the maintainers or just not use that particular distro. I completely agree.

I'm not sure where to look on my Elementary OS install to find out if those snap pkg's are installed, any ideas?
 
Some users are concerned are about Snap packages collecting personal data and sending it to Canonical.

These same users have no concerns about a wife or family member in their house using Windows 10 and collecting personal data and sending it to Microsoft.

Hmm.

Don't make a lot of sense does it.
No, it doesn't make a lot of sense.
Furthermore, what exactly is Canonical doing with that data and what's the real motive behind it?
So many questions--

Is there a way Nelson Muntz to disable the snap updates?
 
Last edited:
I recently installed Linux Lite XFCE on a friends laptop and he was happy with it.
However; he found out yesterday that Linux Lite uses the snap pkg system and the updates are done automatically.
My friend is not happy about this so I have to figure out either how to disable this or find another distro for that laptop.
 
I'm not sure where to look on my Elementary OS install to find out if those snap pkg's are installed, any ideas?
Code:
snap list

Is there a way Nelson Muntz to disable the snap updates?
Here is some info along with the sources:
Code:
disable
Disables a snap in the system

The disable command disables a snap. The binaries and services of the snap will no longer
be available. But all the data is still available and the snap can easily be enabled
again.

Usage: snap [OPTIONS] disable [disable-OPTIONS]

Code:
stop
Stop services

The stop command stops, and optionally disables, the given services.

Usage: snap [OPTIONS] stop [stop-OPTIONS]

Code:
--disable
As well as stopping the service now, arrange for it to no longer be started on
boot.


___________________________________________________________________

The snap Cheat Sheet

Using snap packages is pretty simple, but we’ve compiled a list of some commands that will help you:

To search for a package:
Code:
snap find package_name
To install a package:
Code:
sudo snap install package_name
To see all installed packages:
Code:
snap list
To get information about a single package:
Code:
snap info package_name
To change the channel a package tracks for updates:
Code:
sudo snap refresh package_name --channel=channel_name
To see whether updates are ready for any installed packages:
Code:
sudo snap refresh --list
To manually update a package:
Code:
sudo snap refresh package_name
To uninstall a package:
Code:
sudo snap remove package_name

From: https://www.howtogeek.com/660193/how-to-work-with-snap-packages-on-linux/
__________________________________________________________________________

More info to check out:




 
Here's how you create a Snap free Linux distro.
You download and install the Ubuntu core and the desktop you want and install that and then only what you want and need.



There are other Snap free distros.
Linux Mint 20
Lubuntu 20.04 LXQT

PCLinux OS
Antix Linux
MX Linux

I'm sure there are many more you just have to search to find which distros are Snap free.

Just because a Ubuntu based distro offer Snaps doesn't mean Snaps come installed by default.

Most Ubuntu based distros I've looked at offer Snaps although Snaps aren't always installed.

Generally a user has to download and install the Snap store and install the Snaps.

To my knowledge the mainstream flagship Ubuntu 20.04 is the only distro that comes with the Snap store installed by default.
 
Here's how you create a Snap free Linux distro.
You download and install the Ubuntu core and the desktop you want and install that and then only what you want and need.



There are other Snap free distros.
Linux Mint 20
Lubuntu 20.04 LXQT

PCLinux OS
Antix Linux
MX Linux

I'm sure there are many more you just have to search to find which distros are Snap free.

Just because a Ubuntu based distro offer Snaps doesn't mean Snaps come installed by default.

Most Ubuntu based distros I've looked at offer Snaps although Snaps aren't always installed.

Generally a user has to download and install the Snap store and install the Snaps.

To my knowledge the mainstream flagship Ubuntu 20.04 is the only distro that comes with the Snap store installed by default.
Thanks for the help mate.
 
@Alexzee
I forgot these for the links above. :oops:


 
I recently installed Linux Lite XFCE on a friends laptop and he was happy with it.
However; he found out yesterday that Linux Lite uses the snap pkg system and the updates are done automatically.
My friend is not happy about this so I have to figure out either how to disable this or find another distro for that laptop.
According to this Linux Lite is Snap free.
 
Let's just call it what it is .... a "fingerprint".

Probably not a 'big-deal' given all of the hundreds of fingerprints and metrics our devices are tagged with ... but .... just one more reason I believe the user should be informed up front and there should be transparency when installing software.

The Snap Store web UI can be used to track installation and usage statistics for snaps published with your developer account.

To accomplish this, the store assigns an anonymous identifier, the device-serial, to every new snapd client it sees. This exchange usually happens when a new installation contacts the store, and the identifier persists for the lifespan of the machine.

IoT devices and other specific workflows based on Ubuntu Core, use a more elaborate device-serial assignment which can be integrated with hardware identification capabilities and their factory provisioning process.
 
what exactly is Canonical doing with that data and what's the real motive behind it?

 
According to this Linux Lite is Snap free.
You're right.
When I ran 'snap list' in the console it returned:
snap command not found.

Last week after going through all of the setting in Linux Lite and making a few changes a small window opened and said that snap packages would be installed and updated automatically.

Anyway, Linux Lite is running great on my friends Toshibia laptop and snap has not be enabled.

Thank you Vrai and thank you Nelson Muntz for your help.
 
Last week after going through all of the setting in Linux Lite and making a few changes a small window opened and said that snap packages would be installed and updated automatically.
Interesting. I don't recall seeing that after two Linux Lite installs. Perhaps I just missed it? But I did install the 32bit version (3.8 I think).
I think I will install Linux Lite in a VM and 'poke around'. :)
 
According to Garret, “Any Snap package you install is completely capable of copying all your private data to wherever it wants with very little difficulty.”

Just to clarify for The Viewers, that is Matthew Garrett.

Article here

https://www.zdnet.com/article/linux...tu-16-04s-new-snap-format-is-a-security-risk/

Matthew is first lieutenant to Linus Torvalds, author of the Linux Kernel. Matthew and Linus, between them, sign off against all changes made to the Linux Kernel.

Matthew is also the author of Shim, which is used to allow Linux distros to satisfy Windows requirements in order for Linux Distros to run alongside Windows.

Bear in mind, though, that that ZDNet article was written over 4 years ago.

As @Vrai has said, removing Snap does not break a distro, provided it is done properly.

The snap issue was also covered with regard to installation of Chromium browser here, by none other than yours truly.

https://linux.org/threads/linux-min...tall-chromium-browser-in-a-snap-or-not.29724/

Cheers all and

Avagudweegend

Wizard
 
Interesting. I don't recall seeing that after two Linux Lite installs. Perhaps I just missed it? But I did install the 32bit version (3.8 I think).
I think I will install Linux Lite in a VM and 'poke around'. :)
It runs really fast on my friends Toshibia Satellite laptop and it was really easy to install.
 
Kubuntu 20.04.1 LTS. On a clean install, Kubuntu did install snap, but no chromium, because I don't use chromium and it was not anywhere on my computer, including any .config files. I removed snap and it's dependencies via Synaptic.
Today:
Code:
john@john-Desktop:~/Downloads$ sudo find / -iname snap
[sudo] password for john:
john@john-Desktop:~/Downloads$ sudo find / -iname snapd
john@john-Desktop:~/Downloads$
No snap, no snapd. No snap software at all.

Now are snaps "evil"? Not any more or less than any other software written by the hand of man. I do believe they are inefficient, and a poor implementation of a hardened containerized system. They have no place on my PC.

Your choice is your choice.
 

Thanks for the links.
Finally got some time to read them.
 

Staff online

Members online


Top