Why do snap-packages exist - is there a real need?

Question

Assumptions

Honestly, I do not know much about snap-packages - but this is irrelevant for this question - see below. I assume the system is significantly different from the existing one.

Does the change make sense?

Is there an actual need, strong enough? That is - is there a new use case, that is important enough to develop a new format - and the associated infrastructure?

Was it not feasible to change the current method to cover the new use cases too?

Or am I missing the point?

It is possible that what I see is mostly marketing - new names and presentation for minimal technical change, to get a chance that any body assumes it as "new and better" and it may be actually used. Also, it may be that the new packages are so closely based on the existing format that it is mostly a change in presentation to the user. That could be a good solution, of course. In this case, this question would have not much relevance.

Then, I would hope that is still useful enough to answer to side aspects. Just let me know if the question is not helpful or confusing to new users, I'm happy to delete it.

So, why do they exist?

Background

My first reaction was "That makes no sense!"

This is similar to a situation where, on the physics site, someone asked, unhappy, why nobody discusses his brilliant new ideas in answers. It looked strongly like crackpot ideas; So far from actual physical knowledge that it was hard to find a point to even start. I wrote an answer that did not touch his ideas with a single word, but explained why one would just not discuss assuming crackpot ideas - not the first case of that. The answer was actually hitting the point, I think.

If my assumptions were right, this case is similar.

But then, maybe not - let's see.

There is close vote saying "mainly opinion based" - does that mean that the answers are expected to be opinion based? That would basically an answer in itself, as it means that there is no established consensus that the change is needed. So there would be pro and contra arguments; That would mean my question is actually very much to the point, and more useful than I expected! — Volker Siegel, Jun 15 '16 at 20:11
I've voted to reopen this question. It's really asking why snaps were introduced, when package managers already existed and Ubuntu (and other OSes) already had them. So you're right: if this were actually a primarily opinion-based question, that would mean that no answer to that could be given based primarily on facts and experience. However, as you saw from muru's excellent answer, this is not the case. When (or even if) snaps should be used is still something that people can have primarily opinion-based discussions about, but that's not what this was. — Eliah Kagan, Oct 17 '17 at 23:08

score 20 · Accepted Answer · answered Jun 15 '16 at 19:24

20

Yes, there is a real need.

There has been a real need for something like this since the first time one software depended on another.

Let's make this clear:

Managing dependencies is hard.

There's a reason why it's called dependency hell. Packaging systems like RPM and Debian were created with the intent of avoiding dependency hell. However, somebody must pay the cost:

On Windows, where programs bundle their dependencies, the user has to take care of upgrades (and any security problems from lack thereof). If I the dev want version X of something for my app, simple: I provide it with my app. Now how do I handle updates?
On most Linux distros (following Debian or Red Hat), where a program can depend on software from the repository, a program from the repository must depend on software from the repository. If I want version X of something for my app, and the distro provides X, simple: I depend on it. And if the distro doesn't? Then: ???
- Adding multiple versions to the distro increases the load on the maintainer
- Losing the ability to use the version of choice of dependencies increases the load on the developer
- Losing the ability to use the version of choice of applications frustrate the user

There is a considerable loss of freedom in either method.

And this is where snaps come in: they let the dev include version X, and let the packaging system manage updates. Who pays the cost? The user:

by requiring more space.
by putting them at risk due to a careless dev not rebuilding their snaps when a dependency is patched.

What benefits do I get, in exchange?

Aside from security via updates (which, frankly, not enough people care about), I the user don't have to worry about dependencies with snaps. The word mostly loses meaning.
Aside from security updates, the software developer doesn't need to worry about getting users to install the correct dependencies.

answered Jun 15 '16 at 19:24

muru

197,895
55
485
740

5

Yes, I think dependency hell describes it quite well. – Volker Siegel Jun 15 '16 at 19:46
1

Let me create the opposite voice :), Why they don't just use /opt? – user.dz Jun 15 '16 at 21:33
@Sneetsher think of it this way: what prevents one app in /opt from writing over another app in /opt? Worse, how do you prevent one app from reading the private keys of another app? – Evan Jun 17 '16 at 21:42
@Evan, well AppArmor is already exited to cover that. but the way of protection may be different. Anyway the topic is to board. – user.dz Jun 17 '16 at 21:54
muru, thank you for writing all this. This was the first answer on Google, by the way, about why. I am curious, though. I can see my system is using snaps for, say, Chromium. And now I would like to install Skype. Usually I would sudo apt-get install skype but then I see it is available as a snap. But when I installed Chromium I didn't do anything special to make it use snap. Yet it does. So now I understand WHY snaps exist, and am glad they do. I am now curious if I need to worry about sudo snap install skype ? – SDsolar Apr 25 '18 at 02:56
@SDsolar yes, there is a snap for Skype: https://snapcraft.io/skype You can have both apt and snap versions installed together, but the snap version is likely to be newer and more quickly updated. – muru Apr 25 '18 at 03:01
OK, Gotcha. Thank you very much for preparing such a thorough explanation of this. (It all started when I saw the /dev/loopx entries in fdisk -l) I will now go to https://snapcraft.io/store and get both Skype and Remmina there. (should I uninstall the regular remmina first?) Excellent reference Q&A here. – SDsolar Apr 25 '18 at 03:17
@SDsolar the configuration of snaps are kept in ~/snap, separate from the configuration of the same apps installed via apt or other means, so it's possible to have both installed and running together. – muru Apr 25 '18 at 03:23
OK, and I can see the difference in Unity between the two. This is great. – SDsolar Apr 25 '18 at 03:58
It's only hell if you don't know what you're doing. It's really not hard if you know just a handful of solutions and read the errors. – mchid Jan 19 '22 at 17:39
The user also apparently pays the cost of more broken software. I just installed Ubuntu 22.04 which came with snap firefox, in which core features (open file dialog!) were so broken that I immediately uninstalled snap firefox, installed apt firefox, and everything works great. Now I'm looking at uninstalling snap altogether. I update software rarely and only at need, and greatly prefer a stable system. Snap QA is apparently severely lacking. – Bogatyr Mar 18 '23 at 13:05

ccpizza · Answer 2 · 2020-09-06T10:45:34.197

One particular feature of snaps which might be useful is the ability to choose a channel for developers that provide more than one channel, such as release, candidate, master, etc.

For example, clicking the Channel button for nextcloud will show the dialog in the screenshot below.

The other strong selling points are isolation, immutability, and sandboxing which are controlled by a security policy context, which allows defining per-app permissions, also called 'plugs' for e.g.:

read/write locations
access to removable storage
countries where the snap is whitelisted/blacklisted
network access
camera, printer, joystick, GPS location
system settings
...full list of snap interfaces

The approach mimics to some degree the MacOS app bundles and Android's app sandboxing with permissions and content providers/receivers.

Now, imagine you need to run a dozen of apps each with its own version of certain libraries, its own version of Python/Ruby/NodeJS runtime and you don't want to run into dependency hell and mess up or pollute your system libraries, your system Python/Node/Perl/Ruby modules, etc..

Real-life use cases

On a raspberry pi 4 the latest version of PHP available in the repos is 7.3 and if you by chance need to run something that requires a higher version (e.g. a newer version of nextcloud) then you would have to find a way to do it bypassing the ootb package manager, which in turn might break other packages or cause instability. Running nextcloud as a snap lets you run the version you want no matter what dependencies you have installed by default via the system package manager. Moreover, the snap has the option to autoupdate itself which can also come in handy.
you need to run concurrently different versions of the same web-server, for example, apache2, nginx or caddy because you have multiple apps each requiring a specific version.