Originally Posted by
grahammechanical
If we update/upgrade through the terminal snap apps do not get updated.
This has not been my experience.
Snap packages are checked for available updates daily, even though I have disabled all APT updates on the system. Further, the default settings keep 3 versions of every snap package on the local system, so falling back to either of the prior 2 versions is possible. I've modified the snap settings to only keep 2, but there's no way to keep just the current package. Another override that the snap team decided we weren't smart enough to decide for ourselves. Haven't snaps use 3G of storage on a 16G system drive is offensive.
The only way I've been able to prevent snapd from checking for updates was to block the snap remote repo at the network layer.
Forcing a new package system isn't very nice, especially when the default constraints which cannot be locally changed, conflict with local policy choices. For example, create a user's HOME directory in /u/{username} and try to run any snap - doesn't matter which - using that account. No snaps work. This is a huge failure. It isn't like the /etc/passwd or LDAP HOME directory location shouldn't be trusted. There are a number of other choices made in the name of 'security' which seem more about control, and less about true security.
But what do I know? I just expect my workstations to allow users to do their jobs in the way they decide it should be done, not under the control of someone creating package tools.
Flatpak allows local controls WITH sandboxing. That's the right mix of more security AND flexibility, IMHO.
So, here's an example:
Code:
$ snap list
Name Version Rev Tracking Publisher Notes
core18 20220309 2344 latest/stable canonical✓ base
core20 20220329 1434 latest/stable canonical✓ base
lxd 5.0.0-b0287c1 22923 latest/stable canonical✓ -
snapd 2.55.3 15534 latest/stable canonical✓ snapd
wormhole 0.12.0 349 latest/stable snapcrafters -
I want to use wormhole to share a file with a buddy. It works on other systems here. But not on this system:
Code:
$ /snap/bin/wormhole
Sorry, home directories outside of /home are not currently supported.
See https://forum.snapcraft.io/t/11209 for details.
See, we have users placed into different directories. Local-only users can be in /home/, but LDAP users are placed on storage elsewhere using NFS mounts. The suggestion to use a bind-mount to place those other directories over /home/ would break all the users already there. Plus, their "workaround" requires that we change the HOME specified in LDAP to /home/{userid} ... which will break the users' access across all other systems where it works fine. Most users have access to 20 other systems - that aren't Ubuntu. Canonical needs to realize their desktop isn't the only system in a corporate environment. It is common to have AIX, Solaris, HP-UX, RHEL, and other systems too.
Local control for a few items in the constraints is needed. Until then, snaps are useful for IoT stuff without users. Desktops require much more flexibility.
Sigh.
Bookmarks