More secure replacement for debs coming to Fedora, Arch, Debian, and more.
Ubuntu's "snappy" new way of packaging applications is no longer exclusive to Ubuntu. Canonical today is announcing that snapd, the tool that allows snap packages to be installed on Ubuntu, has been ported to other Linux distributions including Debian, Arch, Fedora, Gentoo, and more.

If you have no idea what the above paragraph means, here's a summary. Traditionally, applications for Ubuntu and similar distributions are packaged in the deb (short for Debian) format. These packages consist of the application a user wants to install, and can also install other things that the package depends on in order to run (libraries, other applications, scripting, support files, and so on). Applications often require a lot of dependencies, making things more complicated, for example when one application needs one version of another piece of software and a second application needs a different version of that other piece of software.

"Snap packages solve this problem by creating self-contained packages," we noted in our review of Ubuntu 16.04, which brought snaps to servers and desktops. "With snap packages, applications are installed in their own container, and all the third-party applications are installed with them so there are no version conflicts. Snap packages are also smart enough to not install a package more than once, meaning applications installed via Snappy don't take any more disk space than regular applications."

This allows users to update and roll back applications without causing problems to the rest of their operating system. It also comes with security benefits because applications are more isolated from each other and from core parts of the OS than they normally would be.

But snaps—initially created for Ubuntu phones and then Internet of Things devices—could only be installed on Ubuntu. That's what's changing this week. Developers who package applications as snaps can now expect them to run on a bunch of Linux-based operating systems without creating multiple types of packages. Developers can use a tool called Snapcraft to build and package their snaps.

"Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu," Canonical's announcement says. "They are currently being validated on CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL, and are easy to enable on other Linux distributions." (Ubuntu will continue to support deb packages, but developers can choose to package applications as snaps instead of or in addition to debs.)

A community-driven project

Canonical founder Mark Shuttleworth and a few of his tech gurus gave us a preview of the announcement yesterday, though they stressed that the project was driven by open source community members rather than Canonical itself. Arch developer Tim Jester-Pfadt and Gentoo developer Richard Yao were among the key contributors, Shuttleworth said.

To install snap packages on non-Ubuntu distributions, Linux desktop and server users will have to first install the newly cross-platform snapd. This daemon verifies the integrity of snap packages, confines them into their own restricted space, and acts as a launcher. Instructions for creating snaps and installing snapd on a variety of distributions are available at this website.

Snapd itself is installed as traditional packages on these other operating systems. That means there's a snapd RPM package for Fedora, for example. It's the same snapd code for every Linux distribution, just packaged differently, and applications packaged as snaps should work on any Linux distro running snapd without needing to be re-packaged.

Snaps can exist on the same system as either deb or RPM packages. "Installing snapd lets you install any snap on your RPM-based environment and the snaps sit off to the side, they don't conflict, there's no way for them to touch your RPM-based system," Shuttleworth said.

Debs are obviously still far more common than snaps, but Mozilla is planning to deliver Firefox (Ubuntu's default browser) as a snap package. Several other technology makers praised cross-platform snaps in today's press release, including Dell, Samsung, The Document Foundation (maker of LibreOffice), Krita, Mycroft, and Horizon Computing.

"With the introduction of snaps, continually optimizing Firefox will become possible, providing Linux users the most up-to-date features,” Mozilla VP Nick Nguyen said in the announcement. Snaps are "easier to maintain, package and distribute" than deb packages, Krita Foundation project lead Boudewijn Rempt said.

Red Hat spoke to Canonical about snaps early in the development process, but Shuttelworth said it isn't clear whether the company will make snaps available by default. Even without official support, users of Red Hat operating systems will get snap support by installing snapd.

Canonical developers told us that it's always been a "nightmare," month-long project to package Jenkins in deb format because of this application's various Java dependencies. But they were able to snap Jenkins into place in a weekend, putting all the dependencies into a container without having to worry about Java version mismatches, they said. Now users can install Jenkins with the terminal command, snap install jenkins. Snaps can also be published to the Ubuntu Software store.

Switching from the stable channel to beta

With snaps, application developers can also make it easier for users to choose different release channels, such as beta, release candidates, daily builds, and stable releases. “Rolling updates are popular in the Arch community,” Jester-Pfadt said in the announcement. “One nice feature of snaps is support for edge and beta channels, which allow users to opt in to the pre-release developer versions of software or stick with the latest stable versions."

Canonical wasn't planning to make snaps cross-platform itself; it happened when community members expressed interest in bringing the new packaging format to other distros. Canonical developers initially thought that snaps would have to be "forked," so that you'd have different snap formats for each Linux distribution. But community developers figured out how to let snaps run across a variety of Linux-based operating systems without being altered and without losing their security benefits. Applications won't have to be "snapped" for each Linux distribution, as Canonical first thought; they can be snapped once and run across them all.

"Very quickly the people working on that figured out that actually the same snap will work across all those platforms, and that feels like a fundamental shift and a very exciting and dynamic shift," Shuttleworth said. "People publishing snaps can be confident that those snaps can run securely wherever they run, unless the user has every explicitly taken them out of the box [where they are isolated from the rest of the system]."

Shuttleworth touts security of snaps

Snaps aren't the only new package manager for Linux distributions that aims to simplify installation of applications. There's also AppImage and OrbitalApps, Shuttleworth noted. Shuttleworth said he wouldn't criticize anyone for choosing a different application delivery system, but he argues that snaps offer better security.

"It's not that exciting to basically fetch a binary from the Internet and run it on your machine, that's always been possible," he said. "What's exciting is to be able to do that in a way where it's confined, so you know the data that you're trusting it with, and you can make a choice of what you trust that binary with. That's something that snaps have that, for example, Windows apps don't have and traditional Linux apps don't have either."

Snap security did come under scrutiny recently when CoreOS security developer Matthew Garrett demonstrated how a maliciously designed snap application can receive keystrokes from any other application and type into other windows.

But this is really due to the workings of the X window system used by most Linux distributions, rather than a flaw in snap packages themselves. The limitation will be removed when Ubuntu finishes its plan to replace X with Mir, its own display server. (Wayland, the other major display server in the works for Linux distributions, also changes this behavior.)

But even now, Shuttleworth said snaps bring real security benefits. Snaps by default don't have the same access to the file system that Linux applications typically have, he said. For example, a browser delivered in a snap package would be unable to read a user's SSH keys, because snap-based applications are given their own private space and can only read and write in that area.