There’s a lot more to snap packaging than the simple installation and removal of snaps. This is one of several tutorials that cover more advanced snap usage and details how to download a snap, read its associated assertions, and install the snap locally.
- Download a snap
- Install a local snap
- Inside the assertion file
- View cached assertions
This tutorial is suitable for anyone running Ubuntu (or any other system that supports snaps).
You should also be familiar with the concepts covered in the Quickstart guide, and also with basic terminal and command line functions.
Login for convenience
By first logging in to your online snap account you remove the need to use
sudo with privileged snap commands like install, refresh, remove and revert.
If you haven’t already, create a snap account at https://login.ubuntu.com/ and login with the
snap login command:
$ snap login Personal information is handled as per our privacy notice at https://www.ubuntu.com/legal/dataprivacy/snap-store E-mail address: <your-email-address> Password of <user>: <your-password> Two-factor code: <your-two-factor-code> Login successful
You will only be asked for a two-factor code if you have it enabled on your account.
Another advantage of being logged in is that you get access to your private snaps. Private snaps allow developers to share snaps with a small group of people, which is useful for beta-testing, for instance.
You can use
snap logout to log the current user out.
Download a snap
Downloading a snap enables it to be locally archived or installed on a machine without network access.
A snap is downloaded with the
snap download <snap-name> command:
$ snap download nethack Fetching snap "nethack" Fetching assertions for "nethack" Install the snap with: snap ack nethack_87.assert snap install nethack_87.snap
Two files are downloaded together. In the above example, these have been downloaded as c and
The first file contains all the assertions necessary to authenticate and verify a snap’s validity.
The second file contains the snap package itself. A snap is a SquashFS file carrying content alongside metadata to tell the system how it should be manipulated (see Snap Format for more details).
Install a local snap
Attempting to install a locally downloaded snap will initially produce a warning message:
$ snap install nethack_87.snap error: cannot find signatures with metadata for snap "nethack_87.snap"
The warning is issued because the integrity of the snap can’t be verified without its signature, and this is part of the missing assertion. It’s also why you won’t get this warning if you previously installed the same revision of the snap, as the signature will already be known.
Install without verification
We don’t recommend forcing an installation without a correctly signed assertion. It’s the equivalent to accepting an invalid HTTPS connection, and could put your entire system’s integrity at risk.
However, for developers perhaps working within a contained environment, installation is possible with the
snap install nethack_87.snap --dangerous
Install with verification
When a snap is installed from the Snap Store, its assertions are checked automatically. When a snap is downloaded, we need to do this manually.
To do this, we must first import the assertions we downloaded alongside the snap. This is accomplished with the
snap ack <assertion-filename> command:
snap ack nethack_87.assert
snap ack command checks the snap by verifying its signature against a known public key held in a local snapd database. Even if a snap is removed and reinstalled, including with the
--purge option, the signature is cached and checked automatically each time.
Inside the assertion file
The assertion file contains several different assertions, all signed with a GPG key.
type: account-key authority-id: canonical revision: 2 public-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul account-id: canonical name: store since: 2016-04-01T00:00:00.0Z body-length: 717 sign-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk [...] type: account authority-id: canonical revision: 94 account-id: QfOqF7d2M1Pk2O0SbEKqTdB9Ry2aI0BP display-name: Oliver Grawert timestamp: 2016-09-19T09:07:05.497416Z username: ogra validation: unproven sign-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul [...] type: snap-declaration authority-id: canonical revision: 4 series: 16 snap-id: i2ba1vb7DvsIzb8R987xvPGMQWNHiARe publisher-id: QfOqF7d2M1Pk2O0SbEKqTdB9Ry2aI0BP snap-name: nethack timestamp: 2016-09-05T18:41:50.410382Z sign-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul [...] type: snap-revision authority-id: canonical snap-sha3-384: uqJ4ch__0ikIkgqLbq15E2AFtEMpJ4KOcj4h5bJwjVfrIB87ebJDmNfq8x_TxZfC developer-id: QfOqF7d2M1Pk2O0SbEKqTdB9Ry2aI0BP snap-id: i2ba1vb7DvsIzb8R987xvPGMQWNHiARe snap-revision: 87 snap-size: 13201408 timestamp: 2019-08-24T10:16:24.232541Z sign-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul [...]
We are not going to go into too much detail, but you can see that there are different types of assertions (account-key, account, snap-declaration, snap-revision), each one with some metadata and signature. See Assertions for more information on what each assertion is responsible for.
We can see that the snap-declaration corresponds to the snap-name “nethack” and has as well a snap-revision assertion type for snap revision “87”.
View cached assertions
Previously stored assertions can be viewed with the
snap known command.
You can find previously stored assertions on the system with the
snap known command combined with a filter to limit the results to the types of assertions and keys you want to retrieve:
$ snap known snap-declaration snap-name=nethack type: snap-declaration authority-id: canonical revision: 4 series: 16 snap-id: i2ba1vb7DvsIzb8R987xvPGMQWNHiARe publisher-id: QfOqF7d2M1Pk2O0SbEKqTdB9Ry2aI0BP snap-name: nethack timestamp: 2016-09-05T18:41:50.410382Z sign-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul [...]
It sounds natural that download and validation are the first steps performed by snapd when we are installing a snap. But that’s clearly not the end of the story. The permission model and interfaces are a core concept of snaps, and this is a good next step when finding out more about snap.
To find out more:
- Snap confinement explains how snaps are isolated from one another
- while Interface management describes how they share data
- alternatively, try a practical approach by building your own snap with Snapcraft
Finally, you can find our friendly and welcoming community at https://forum.snapcraft.io.