Updateing snap replaces old data

wingman_pol · August 27, 2022, 11:52am

Hey guys,

Updating the xwiki snap package clears the old snap data. The snap saves certain files in var/snap/xwiki/18/ .After snap update the var/snap/xwiki/18 folder goes empty and var/snap/xwiki/19 is also empty .

The install hook I use for the snap to save data that user can later edit :

#! /bin/sh 

# put the target dir name into a variable to make everything shorter and more readable
TARGET="$SNAP_DATA/"

# make sure the dir we want to copy to is actually existing
[ -d $TARGET ] || mkdir -p $TARGET

# copy the script only if it does not yet exist
if [ ! -e $TARGET/stop_xwiki.sh ]; then
  cp -r $SNAP/xwiki-platform-distribution-jetty-hsqldb-13.10.8/* $TARGET/
fi

is there a way to perform manually upgrade of data from /var/snap/xwiki/18/ to-> /var/snap/xwiki/19

zyga · August 27, 2022, 1:37pm

You should not create $SNAP_DATA, in fact, the snap does not have permission to create it.

The install hook is only invoked once, on the very first install. You may want to look at other hooks if you need something like that.

On each update snapd copies the data of the snap from the old revision to the new revision. If data is being lost then something else must be going on.

hgolden · August 27, 2022, 11:48pm

I’m uncertain from your description of what happens to the apparmor profile when an update of an existing snap occurs. If I have edited the /var/lib/snapd/apparmor/profiles of the old version, will those edits automatically be added to the new version’s apparmor profile?

As I understand it, for apparmor profiles in /etc/apparmor.d, we are instructed to put the apparmor profile local modification we want to make into /etc/apparmor.d/local.

It doesn’t appear to me that this approach is used for apparmor profiles stored in /var/lib/snapd/apparmor/profiles because I don’t see a /var/lib/snapd/apparmor/profiles/local directory (Possibly the local subdirectory is only created once a local modification is made?). I would appreciate a link to the source code if it exists that is used to persist any local modification to the old snap version’s apparmor profile to the new snap version’s apparmor profile. Thank you.

jamesh · August 28, 2022, 3:34pm

Snapd will overwrite the profiles in /var/lib/snapd/apparmor at various points, so you shouldn’t rely on modifying them.

In general, you should make your application conform to the security policy of the sandbox, and make use of interface plugs/slots to describe the what you need to be able to do within the sandbox.

hgolden · August 28, 2022, 8:18pm

@jamesh: If I’m having problems with a snap written by others (e.g., /snap/bin/firefox), how can I make persistent changes in the profile? This can be done for profiles in /etc/apparmor.d by using /etc/apparmor.d/local, but that doesn’t work for snaps. I believe this feature is worth allowing for snap profiles also. (Please consider this as a feature request.)

ogra · August 29, 2022, 9:32am

since all snap profiles are generated on the fly by snapd, you would have to commit changes to the respective interfaces in the snapd code (or create a new interface) …