Hm, that’s true. But I think there are ways that this could be handled in a more clear and less error prone way. First the simple case when system
Version x of a snap is installed, the data is on version y. User tries to start the snap.
- When y=x or y=x-1 just start the snap. (Moving x to x+1 when y=x-1)
- Else notify the user that the data format is incompatible and he has to install version y of the snap to continue.
system refresh.retain=1 this does additionally protect against updates gone wrong.
- Only the latest version of the app data should be writable. This is important, so that we never get two diverging versions of the same data. I think that would make it too easy to shoot yourself in the foot.
- When the snap is started do apply the same logic as in case 1 with y being the latest data version of the snap.
- The user notices, that the update is gone wrong and wants to revert to a previous version of the snap. Snappy asks the user that it needs to delete the newer version of the data (again to not get two diverging versions). Maybe it could offer an option to make a backup or forcefully move the new data to the old version.
Additionally: Support atomic backups of the users snap directory, so he is able to backup his data while the system is running.
Some other use cases where it is important to treat the home directory as self contained entity:
- A user wants to encrypt his home directory. When a snap gets updated while the user is logged out, snappy can’t access the users snaps and can’t do the update. It needs to notify the user when the snap got updated more than one time while he wasn’t logged in.
- At my university the home directories are on a network file system and they can be accessed from different computers. Again snappy needs to handle cases where system and user data diverge. When in question it is always better to ask the user.
I’m not 100% certain how snappy handles all these scenarios currently. That’s because I couldn’t find good documentation on how exactly snappy handles all these cases. Sorry for the long text but I think it is extremely important to handle these things in a way that makes data loss and confusion about what happens with your data as hard as possible.
I did some experiments with the revert and refresh mechanism and it looks like what snappy is doing on a revert is to first keep the data of the new version. But when the snap is refreshed again it gets overwritten with the then current data from the old revision. That seems reasonable to me. The only thing that’s really missing then is to treat the home directories independent to support the scenarios I described. (backups, encrypted home, network filesystem, maybe missing something?)