This is the talk I gave in Ubuntu release party at Shenzhen University, which is an introduction to the new snap packaging format and its companion build tools snapcraft/snapcraft.io.

1. Snap :
the universal packaging format for Linux distros
Anthony Wong Engineering Manager, Canonical
Shenzhen University, 2 June 2018

2. Why a new packaging format?
As a user
● I want applications that are easy to install, keep up-to-date and
secure.
As a developer/publisher
● I want an easy and fast way to distribute my software for different
Linux distributions.

5. Snap Features
● Better security
● By default, snaps are confined. No network access, limited filesystem
access, etc.
● Interact with system and other snaps through fine-grained interfaces.
● Kernel sandbox features has matured over the years
● cgroups, namespace, seccomp, Apparmor
● But snap is not quite like container
● Provides strict, devmode and classic policies
● Self-contained
● All libraries are bundled

6. Snap Features
● Immutable: snap is a mounted read-only squashfs
● Multiple versions are kept on filesystem, can easily roll back to
previous version
● Auto-update by default
● Smaller size
● Squashfs is compressed and is mounted, not decompressed.
● Co-exist with existing packaging systems (deb, RPM, etc)

7. Snap Store
● Centralized software store
● No need to install third-party
repository or PPA
● Tracks
● different versions can co-exist in the
store
● each track has its own risk channels
(edge, beta, candidate, stable)
● Enterprise features such as update
control (paid service)

8. Snap Store

9. Snap Architecture
● Let's look at the hello-world snap
$ tree /snap/hello-world/current/
/snap/hello-world/current/
├── bin
│ ├── echo
│ ├── env
│ ├── evil
│ └── sh
└── meta
├── gui
│ └── icon.png
└── snap.yaml
● The important file that snapd cares is meta/snap.yaml

10. Snap Architecture
$ cat /snap/hello-world/current/meta/snap.yaml
name: hello-world
version: 6.3
architectures: [ all ]
summary: The 'hello-world' of snaps
description: |
This is a simple snap example that includes a few interesting binaries
to demonstrate snaps and their confinement.
* hello-world.env - dump the env of commands run inside app sandbox
* hello-world.evil - show how snappy sandboxes binaries
* hello-world.sh - enter interactive shell that runs in app sandbox
* hello-world - simply output text
apps:
env:
command: bin/env
evil:
command: bin/evil
sh:
command: bin/sh
hello-world:
command: bin/echo

11. Sandbox
● Every snap is sandboxed by snapd
● Snap can only see its own private mount namespace, like chroot
● Certain syscalls are blocked by seccomp, e.g. networking
● Process is isolated, e.g. you cannot send signals to other processes
owned by same user
● Every snap has its own /tmp
● Access to sensitive devices is blocked, e.g. /dev/video*, /dev/kmsg
● There are common and per-user writeable area to store data
● snapd interface allows snap to get more privileges.

12. snapd Interface
● If your snap needs to do something outside of confinement, you
need to use interface.
● An interface consists of a plug and a slot
● Slot is the provider, plug is the consumer
● Example slots are home, gsettings, network, x11, wayland,
pulseaudio. Many are offered by core snap.
● Run snap interface to find out more

13. snap.yaml of vlc
name: vlc
version: 3.0.3-1-3-gf09fd0d
summary: Read, capture, broadcast your multimedia streams
confinement: strict
grade: stable
apps:
vlc:
command: command-vlc.wrapper
plugs:
- unity7
- network
- network-bind
- home
- opengl
- pulseaudio
- mount-observe
- optical-drive
- camera
- removable-media
- screen-inhibit-control
- x11
- desktop
- desktop-legacy
slots:
- mpris

14. Advantages for Publishers
● Build once runs everywhere
● Give control back to publishers, not distro vendor
● No middle man to distribute your software, quick feedback loop
● Publishers to decide when to update, when to promote from
beta to stable.

15. Snapcraft for App publishers
● snapcraft provides a super easy way to package any kind of
applications
$ snapcraft plugins
ament dotnet jhbuild nodejs rust
ant dump kbuild plainbox-provider scons
autotools go kernel python tar-content
catkin godeps make python2 waf
catkin-tools gradle maven python3
cmake gulp meson qmake
copy jdk nil ruby
● snapcraft cleanbuild: build within LXD container

16. Sample snapcraft.yaml
name: hello
version: "2.10"
summary: GNU Hello, the "hello world" snap
description: GNU hello prints a friendly greeting.
This is part of the snapcraft tour at https://snapcraft.io/create/
confinement: strict
apps:
hello:
command: hello
parts:
gnu-hello:
plugin: autotools
source: http://ftp.gnu.org/gnu/hello/hello-2.10.tar.gz

18. How snap is made

19. Snapcraft websites
https://dashboard.snapcraft.io
https://build.snapcraft.io
https://forum.snapcraft.io
https://docs.snapcraft.io

21. dashboard.snapcraft.io

22. build.snapcraft.io

23. build.snapcraft.io

24. build.snapcraft.io

25. Beautiful Frontpage for Snaps
https://snapcraft.io/<app_name>

26. Beautiful Frontpage for Snaps
https://snapcraft.io/electronic-wechat

27. Private Metrics for Your Snap

28. Thanks!
Anthony Wong
Engineering manager, Canonical