hi There, I am new to SNAP and have a question regarding the enforced updates. I am running FRR and after some reading can see that it is not possible to fully control any updates other than specifying a time which i believe has to be within a certain period… Basically i want to stop any updates which looks to go against the grain of SNAP though want to understand any options;
So, my question is what are the possibilities and drawbacks of the below two options;
1, install the SNAP in devmode which will stop updates, but i guess this is not good to run in a production environment if it isn’t fully isolated.
2, is it possible to download a SNAP and rename so that when a refresh happens it doesn’t find it in the snap store hence not update available?
There’s a bunch of ways to shoot yourself in the foot. Here’s some, none of which I recommend:
snap install foo --devmode
+ve - it’s not going to auto-update
+ve - refresh can be forced with snap refresh foo
-ve - no automatic security updates
-ve - no confinement
snap download foo && snap install foo.snap --dangerous
+ve - it’s not going to auto-update
+ve - app is confined
-ve - refresh cannot be forced with snap refresh foo
-ve - no automatic security updates
-ve - no automatic store assertions (some interfaces not auto-connected)
snap download foo && snap ack foo.assert && snap install foo.snap +ve - it’s not going to auto-update
+ve - app is confined
+ve - refresh can be forced with snap refresh foo -ve - no automatic security updates
Rebuild snapd itself to disable (or lengthy postpone) updates
+ve - it’s not going to auto-update any application
+ve - apps are still confined
+ve - refresh of all apps can be forced with snap refresh foo
-ve - all applications are prevented from auto-update
-ve - no auto-updates for snapd itself
-ve - no auto-updates for core and platform snaps
It’s probably also worth mentioning some snaps support tracks. Whilst this doesn’t stop autoupdating the snap revision in the individual track, it allows you to prevent upgrading branches/releases entirely for snaps where that might make sense. For example the cmake snap (https://snapcraft.io/cmake) has multiple branches if you click the drop down menu left of the install button, offering branches 3.14 through 3.19 that you can select specifically.
It doesn’t answer the question right down to the individual revision of the snap like popeys, but it does still mean you might get some critical fixes without having to worry about certain snaps changing fundamentally under your feet.
will switch you back to the store version and re-enable auto updates
this is wrong, ack’ing a snap with a valid store assertion is identical to a plain snap instrall from the store, it will auto update and behave identical to normally installed snaps
(this is mainly for people using “sneaker network” to update their devices via USB key without any internet connection, snapd treats it the same as any other snap and will update if it can talk to the store)
So it looks like the best option for me is number 2… So this method will mean that i get no updates and it will still be isolated… great… so when i eventually want to update guess i just re-install…?
snap download foo && snap install foo.snap --dangerous
+ve - it’s not going to auto-update
+ve - app is confined
-ve - refresh cannot be forced with snap refresh foo
-ve - no automatic security updates
-ve - no automatic store assertions (some interfaces not auto-connected)
