Problem: I use a intrusion detection software (IDS) on my systems. My “automatic update” involves: 1) check system integrity, 2) run apt, and 3) update the integrity databases. Of course, this is scheduled via cron, the results are sent elsewhere, etc. The automatic refresh of snaps throws a not-insignificant wrench into the above workflow.
Question: I do not see a way to run scripts before and after refreshes. Am I missing something?
Proposal: Assuming I am missing nothing, could such a feature be added? I think it would be fairly simple to do and would really help me use snaps and still monitor the integrity of my systems while meeting the desire of the snap developers to encourage frequent updates.
I understood this question to be more about hooks for a snap that you don’t control, i.e. if you want some script to run after any snap is refreshed, not necessarily that your snap that you control the source to is published.
@niemeyer Thanks for the response. I appreciate it. However, as @ijohnson points out, I am asking for the ability to integrate IDS into refreshing all snaps (I am not a snap developer) as a part of monitoring an entire system for changes that might signal an intrusion. OTH, maybe I am missing something.
Hi all, I’d like to +1 @tony’s suggestion: a global hook that applies to any/all snap updates. This would useful to update system environment variables or perform testing of the system and force a “revert” if something fails.
