Download snaps and install offline

There’s a lot more to snap packaging than the simple installation and removal of snaps. This is one of several tutorials that cover more advanced snap usage and details how to download a snap, read its associated assertions, and install the snap locally.


  1. Requirements
  2. Download a snap
  3. Install a local snap
  4. Inside the assertion file
  5. View cached assertions

Requirements

This tutorial is suitable for anyone running Ubuntu (or any other system that supports snaps).

You should also be familiar with the concepts covered in the Quickstart guide, and also with basic terminal and command line functions.

Login for convenience

By first logging in to your online snap account you remove the need to use sudo with privileged snap commands like install, refresh, remove and revert.

If you haven’t already, create a snap account at https://login.ubuntu.com/ and login with the snap login command:

$ snap login
Personal information is handled as per our privacy notice at
https://www.ubuntu.com/legal/dataprivacy/snap-store

E-mail address: <your-email-address> 
Password of <user>: <your-password>
Two-factor code: <your-two-factor-code>
Login successful

:information_source: You will only be asked for a two-factor code if you have it enabled on your account.

Another advantage of being logged in is that you get access to your private snaps. Private snaps allow developers to share snaps with a small group of people, which is useful for beta-testing, for instance.

You can use snap logout to log the current user out.

Download a snap

Downloading a snap enables it to be locally archived or installed on a machine without network access.

A snap is downloaded with the snap download <snap-name> command:

$ snap download nethack
Fetching snap "nethack"
Fetching assertions for "nethack"
Install the snap with:
   snap ack nethack_87.assert
   snap install nethack_87.snap

Two files are downloaded together. In the above example, these have been downloaded as c and nethack_87.snap.

The first file contains all the assertions necessary to authenticate and verify a snap’s validity.

The second file contains the snap package itself. A snap is a SquashFS file carrying content alongside metadata to tell the system how it should be manipulated (see Snap Format for more details).

Install a local snap

Attempting to install a locally downloaded snap will initially produce a warning message:

$ snap install nethack_87.snap
error: cannot find signatures with metadata for snap "nethack_87.snap"

The warning is issued because the integrity of the snap can’t be verified without its signature, and this is part of the missing assertion. It’s also why you won’t get this warning if you previously installed the same revision of the snap, as the signature will already be known.

Install without verification

We don’t recommend forcing an installation without a correctly signed assertion. It’s the equivalent to accepting an invalid HTTPS connection, and could put your entire system’s integrity at risk.

However, for developers perhaps working within a contained environment, installation is possible with the --dangerous option:

snap install nethack_87.snap --dangerous

Install with verification

When a snap is installed from the Snap Store, its assertions are checked automatically. When a snap is downloaded, we need to do this manually.

To do this, we must first import the assertions we downloaded alongside the snap. This is accomplished with the snap ack <assertion-filename> command:

snap ack nethack_87.assert

The snap ack command checks the snap by verifying its signature against a known public key held in a local snapd database. Even if a snap is removed and reinstalled, including with the --purge option, the signature is cached and checked automatically each time.

Inside the assertion file

The assertion file contains several different assertions, all signed with a GPG key.

type: account-key
authority-id: canonical
revision: 2
public-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul
account-id: canonical
name: store
since: 2016-04-01T00:00:00.0Z
body-length: 717
sign-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk
[...]

type: account
authority-id: canonical
revision: 94
account-id: QfOqF7d2M1Pk2O0SbEKqTdB9Ry2aI0BP
display-name: Oliver Grawert
timestamp: 2016-09-19T09:07:05.497416Z
username: ogra
validation: unproven
sign-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul
[...]

type: snap-declaration
authority-id: canonical
revision: 4
series: 16
snap-id: i2ba1vb7DvsIzb8R987xvPGMQWNHiARe
publisher-id: QfOqF7d2M1Pk2O0SbEKqTdB9Ry2aI0BP
snap-name: nethack
timestamp: 2016-09-05T18:41:50.410382Z
sign-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul
[...]

type: snap-revision
authority-id: canonical
snap-sha3-384: uqJ4ch__0ikIkgqLbq15E2AFtEMpJ4KOcj4h5bJwjVfrIB87ebJDmNfq8x_TxZfC
developer-id: QfOqF7d2M1Pk2O0SbEKqTdB9Ry2aI0BP
snap-id: i2ba1vb7DvsIzb8R987xvPGMQWNHiARe
snap-revision: 87
snap-size: 13201408
timestamp: 2019-08-24T10:16:24.232541Z
sign-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul
[...]

We are not going to go into too much detail, but you can see that there are different types of assertions (account-key, account, snap-declaration, snap-revision), each one with some metadata and signature. See Assertions for more information on what each assertion is responsible for.

We can see that the snap-declaration corresponds to the snap-name “nethack” and has as well a snap-revision assertion type for snap revision “87”.

View cached assertions

Previously stored assertions can be viewed with the snap known command.

You can find previously stored assertions on the system with the snap known command combined with a filter to limit the results to the types of assertions and keys you want to retrieve:

$ snap known snap-declaration snap-name=nethack
type: snap-declaration
authority-id: canonical
revision: 4
series: 16
snap-id: i2ba1vb7DvsIzb8R987xvPGMQWNHiARe
publisher-id: QfOqF7d2M1Pk2O0SbEKqTdB9Ry2aI0BP
snap-name: nethack
timestamp: 2016-09-05T18:41:50.410382Z
sign-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul
[...]

It sounds natural that download and validation are the first steps performed by snapd when we are installing a snap. But that’s clearly not the end of the story. The permission model and interfaces are a core concept of snaps, and this is a good next step when finding out more about snap.

To find out more:

Finally, you can find our friendly and welcoming community at https://forum.snapcraft.io.

From what I have read (sorry I can’t quote sources), the hope is that more apps can be supplied as snaps in the future, and 18.04 is being used as a “trial run” with a few of the standard minor apps like calculator and system monitor.

But there are a few problems at the moment, such as snaps not respecting your theme. This isn’t just a “looking pretty” issue: on a high DPI display like on my Dell XPS 13 many snaps appear unusably small and the available software is severely restricted as a result. The developers are aware and are working on it.

That is why it is available as both a snap and in the repository: in case of unforseen problems.

Snaps do provide certain advantages regarding app isolation and could could be a good solution to software supply,installation and upgrades in the future, but we are not there yet for everybody MyCCPay Log In

Hi,

Looks like the Snap confinement in the Chapter Next steps should have a link, I guess it might be this link.

This is my first time replying to a topic, sorry in advance if I did anything incorrectly.

Hello! Thanks so much for letting us know, and sorry for the delay getting back to you. Just commenting on an error is perfect.

Many of our pages should also be editable, and anyone is free to make their own changes (weirdly, this page wasn’t, but I’ve just made it a wiki). Thanks again!