A review of snap, the Linux app format

Brain-dead but didn’t notice a thing

I reckon that canonical’s `snap` Linux app container format is a rectal cancer on the colon of Linux. Sure, Linux has major issues regarding packaging and shared libraries, resulting in a situation where the user is often better off by statically compiling their apps (instead of dynamic which would be ideal) in cases where later updates breaks older software, and crazy splintering of all the distros. But now that I’ve switched to Arch I have a better perspective. I’ve noticed:

  • snaps are slower to start and perform slower
  • often are firewalled from the system in super annoying ways, such as a video editing app not able to open media on external drives
  • make a mess of your view of your filesystems in `df` and feel a bit heavy handed doing all that mounting of virtual volumes
  • are proprietary, good for shipping secret code, but I predict will become infected with adware, spyware and eventually malware over the next 5 years I predict
  • can never beat the performance of freshly compiled native code running on bare metal!
  • skip the sanity check that maintainers provide

Who Wants This? Your boss.

I have some theories on why some people think snap is not evil.

They enjoy or tolerate snap probably due to:

  • less uncertainty about “will it work”?
  • increased consistency due to the OS abstraction similar to how docker increases the reliability of server apps
  • they aren’t the people who  have to have to struggle use it!
  • they need to ship proprietary code or need a cryptographic secure rights management environment safe from “hackers”
  • believe it to be more “secure” or “locked down” which is partly true it is much harder to debug and reverse engineer snaps
  • are likely to be the owners of the machines it’s running on
  • would rather have reliability over beauty, speed, elegance, and functionality
    • it’s true that reliability is arguably the only characteristic that matters on computers that are already incredibly fast, don’t need to be beautiful, and might not urgently need certain functions not deemed mission critical or show-stopper but still fucking annoying

Me I find that it seems nothing works well on snap. Nothing at all is better! Microsoft probably love snap, as it makes windows seem more awesome.

KeePass: Browsers installed as snaps are currently not supported – surprised?

You should be surprise My hunch is they will never be supported. Who cares anyhow. Probably not your boss, who just wants you to run MS Edge browser as a snap or something retarded like that, see screenshot:

I often spot little comments like this one over at Reddit 2 years ago, where the suggested fix replies:

Did you make sure you are not using the snap version of Firefox? The snap version doesn’t play nice with KeepassXC. Just do sudo purge snapd and re-install it by sudo apt install snapd. That will automatically remove all snap applications without you having to go line by line.”

People Seem Way Too Kind About Snapd

I like to start a review of free software with something positive to say about the app in question, I mean it’s kinda whack to complain about something you didn’t even have to pay for. But in this case the opposite is true, I feel the need to use murder level violence toward it: the snap packaging format seems to be causing damage to the eco-system and needs a kick in the teeth, a punch in the balls, and a silver dagger through the heart. It is undead software.

Usually if I am writing a review at all that is because I used the software a lot and so it is really something very positive and it’s usually so I can document some bug or feature that I’d love fixed. Not snapd and snaps though.

💩 Snap fucking sucks huge turds 🚭️ 

Most writing on the subject is too mild, and doesn’t go far enough to explain the badness. Snap sucks shit and that’s why Linux Mint decided enoughs enough… They patched Ubuntu (their upstream) by removing snap. The only reason big companies like Google, JetBrains, KDE, Microsoft, Skype, Mozilla, Nextcloud and Spotify dabble with snap packages is seemingly laziness and perhaps the slight support for systemd and server apps (really?), CLI apps (really?), and the ease of deployment update and rollbacks…

Nobody who has to use the thing wants to use it.

It’s not good for the end-user use, and seems to be relegating Linux desktop apps to second class citizens on their own operating system?! I struggled with running snap versions of OBS Studio and noticed as new versions came out my config folders got replicated and super fucked up.

Linux Mint 20 – codenamed Ulyana – will not ship with any snap packages or the snapd daemon, and will be tweaked so that the Chromium package will be “an empty package which tells you why it’s empty and tells you where to look to get Chromium yourself.” Further, “In Linux Mint 20, APT will forbid snapd from getting installed.” APT is the standard manager for traditional Linux packages. I agree. Use APT. Yes, you will have to wait a bit longer, but the benefit is that maintainers protect the linux eco-system.

I’m religiously opposed to snapd

Maybe it’s a marketing thing, but what appears to users to be horrific bug, appear to be considered features by the makers of Snap:

  • Enormous binary size = slow loading time
  • Firewalled disk access = makes a mess of `df` output with many mounted volumes
  • Locks down filesystem = Cognitive dissonance from not being able to access external USB drives in video editing app
  • More secure? = Webcams, audio not working!
  • Easy for developers = Crapola experience for users
  • .config and .local prefs folders seem to become victim to a kind of pandoras box effect, migrating to a new path when a new version comes out, yay so you can “roll back” if it does not work out. No thanks.
  • Do you work with audio? Strongly suggest you give Arch a try, I’m enjoying Parch Linux lately.

Could I be wrong? What if snap is actually all good?

Maybe I am full of shit and snap is all good. If this is true, Canonical has made a botch job of selling the benefits of Snaps “on by default” file-socket firewall functionality. Is that intentional? Perhaps the firewall should be off by default to start with or some kind of wizard appears during the install informing you of the wizardry of snap and explaining that it’s actually a benefit to you for your app to now be buggy and show which sockets have been blocked so you can figured out why the app sucks. The fact it is closed source and a central point of authority add to the animosity. Maybe that is the point? DRM and preventing hackers from reverse engineering code? Probably. It’s super hard to hack…

Screenshot: Why is snap using 1 MB/sec of IO today? Because it is the container format of Satan.

Asciinema clip of me trying to remove snapd:

Comparison with AppImage and Flatpak

By comparison, although it is primitive and brutish, AppImage is way better; it seems to essentially be just a big statically compiled version of an app; no dynamic libs, just a huge binary with all the code needed to run the app. Sweet. Updates are a bit nuts though.

Flatpak does the updates a lot better by instigated a kind of dynamic library support. And it does what snap tries to do without setting up a labyrinth of mounted virtual disks and just kinda seems to work fine. NextCloud flatpak runs fine, no complaints.

Snap makes Java Applications seem delightful and sensible way to write software.

People of the internet created unsnap

Since it is monumentally difficult to remove snap from your system, some kind person created unsnap:

https://github.com/popey/unsnap

sudo ./unsnap
WARNING! Care has been taken to ensure this script is safe.
The generated scripts will remove applications and data.
Please ensure you have backups in case you need to recover data.
Also note significant disk space may be required to migrate,
while both snaps and equivalent flatpaks are installed.
Press enter now to continue or CTRL+C to abort.
INFO: Detected ubuntu
INFO: Checking for snap binary
INFO: snap found
INFO: Check for any snaps installed
INFO: Checking for flatpak binary
INFO: flatpak found no need to generate flatpak install script
INFO: Checking for flathub remote
INFO: flathub already enabled
INFO! Getting list of installed snaps to ./log-2024-07-21.21.45.56/allsnaps.txt
INFO! Trimming list of installed snaps to ./log-2024-07-21.21.45.56/filteredsnaps.txt
INFO: Generating snap backup script in ./log-2024-07-21.21.45.56/00-backup
INFO: Generating flatpaks installer script in ./log-2024-07-21.21.45.56/03-install-flatpaks
WARNING: No equivalent flatpak for firmware-updater found
WARNING: No equivalent flatpak for gnome-42-2204 found
INFO: Generating snap removal script in ./log-2024-07-21.21.45.56/04-remove-snaps
firmware-updater
WARNING: firmware-updater snap has no equivalent, not candidate for removing
gnome-42-2204
WARNING: gnome-42-2204 snap has no equivalent, not candidate for removing
INFO: Generating snapd removal script in ./log-2024-07-21.21.45.56/99-remove-snapd
tom@putin:~/scripts/unsnap$

Here is an old laptop running as a surveillance camera all day taking jpegs:

╭─┐⁴proc┌┐filter┌────────────────────────────────────────────────────────┐per-core┌┐reverse┌┐tree┌┐< cpu lazy >┌─╮
│    Pid: Program:         Command:                                        Threads: User:       MemB       Cpu% ↑│
│    4081 cam2ip           cam2ip                                                14 summer       26M ⣀⢸⣿⣿⣿ 92.8 █│
│  505142 snapd            /usr/lib/snapd/snapd                                  16 root         32M ⣀⢀⣀⣀⣀  9.5  │
│  607869 btop             /snap/btop/588/usr/local/bin/btop                      3 root        4.1M ⣀⢀⣀⣀⣀  1.1  │
│  607935 kworker/u9:1-uvc                                                        1 root          0B ⣀⢀⣀⣀⣀  1.6  │
│  607823 mosh-server      mosh-server new -c 256 -s -l LANG=en_NZ.UTF-8 -l LA    1 root        5.9M ⣀⢀⣀⢀⢀  0.2  │
│    2380 cinnamon         cinnamon --replace                                    13 summer      121M ⣀⢀⣀⣀⣀  0.5  │
│  605668 kworker/u9:0-uvc                                                        1 root          0B ⣀⣀⣀⣀⣀  0.0  │
│    3863 cinnamon-screen  cinnamon-screensaver                                   4 summer       53M ⣀⢀⣀⣀⣀  0.2  │
│    1375 Xorg             /usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/    4 root         45M ⣀⢀⣀⣀⣀  0.8  │
│    3787 gbr3             gbr3 /etc/xdg/update                                   3 summer       31M ⣀⢀⣀⣀⣀  0.2  │
│  519464 kworker/3:1-even                                                        1 root          0B ⣀⢀⢀⢀⡀  0.0  │
│  607050 kworker/u9:2-uvc                                                        1 root          0B ⣀⣀⣀⣀⣀  0.0  │
│  607707 systemd          /lib/systemd/systemd --user                            1 root        9.9M ⣀⣀⣀⣀⣀  0.0  │
│  552160 kworker/3:2-even                                                        1 root          0B ⣀⣀⣀⣀⣀  0.0  │
│      11 rcu_sched                                                               1 root          0B ⣀⣀⣀⡀⣀  0.2 ↓│
╰┘↑ select ↓└┘info ↵└┘terminate└┘kill└┘signals└───────────────────────────────────────────────────────────┘0/270└╯

This needs to be said because some apps are only available via snap and that aint right long-term. It will make Linux seem like a fucked system.

I suppose it could be argued it might be of benefit to the user to be able to easily have some of the fine-grained permissions controls newly available to mobile users also available in their computing stack too; control of the camera and mic etc but those in my case ended up seeming like the cause of half my issues with it. It was unclear the effect of its firewall.

Snap supposedly supports:

  • reversible updates (don’t need it – I can roll back with timeshift)
  • only one version of app running at a time (extremely rare one would need this)
  • some support of permissions (this is fair, but blah)
  • ways to lock down application permissions (good for your boss, bad for you)

Forget new users, advanced users are mostly what counts. Is this a storm in a teacup meaning, can I just uninstall snapd and then get moving with Flatpak’s (which are far superior) on a distro like Kubuntu? I’m not sure, and so to be sure I have made this blog post to show that why… I fear it is not that simple.

So I switched to Arch.

Because I found that snapd fucks me in the arse due to:

  • Huge CPU use seemingly constantly
  • Slow to remove apps sometimes not removing them!
  • Each update to OBS Studio wiped my config folder settings
  • Number virtual folders start to appear like /snap/gnome-3-38-2004/140 and ~/snap/1234 I hate it
  • Various other programs appeared to have sand-boxed file-system access, in particular, all the video editing and multimedia apps I tried before hurling at the wall
  • My Nemo bookmarks that appear left-hand side of File Manager windows disappear from File dialogs (this maybe a Flatpak weakness ah well)
  • Look and Feel does not match desktop (static compile)
  • Video editing app was unable to reach my external disk drive mount under /mnt
  • Some apps take 30+ seconds to launch seriously
  • Most apps needed to have sockets opened like a firewall
  • Permissions need to be granted for things like a webcam access, maybe you love this, I am not keen
  • No clear way to disable the firewall completely for the system or a specific app
  • Obominable output from `df` CLI app is unreadable now
  • Creates a virtual drive for each app it seems (unbelievable to be honest – this is too heavy-handed)
  • `snapd` shows up lagging reboot latencies + startup + too high IO use
  • Neither snaps nor Flatpak can auto-start when logging into KDE Plasma like normal app
  • Above 1% to be high usage by the way for a system either at rest or been in use for a long time, sure “it’s doing an update” but no i could not see this.
  • Not sure but maybe certain keyboard commands maybe get firewalled? Need to check this. I forget which but at a guess maybe it was screen Magnifier [meta][+] ceased working (maybe was not snaps fault this may have been the GL compositor for x11/Wayland in KDE Plasma somehow being disabled or crashing I noticed Arch sometimes had this until I reboot)
  • Terminal command used to launch an app changes (this is spooky and awful)
  • Normally to run /usr/bin/obs I can just type ‘obs’ in terminal to launch, now I have no idea what to type in

So I switchewd to Linux Mint (and later Arch) – which is fantastic except because it comes without snapd pre-installed.  But now I want to run Kubuntu to get KDE Plasma direct. Not installed on top of  XFCE as is the case presently on Linux Mint XFCE. I’m about to try a system refresh based on Kubuntu and will be ripping snapd out post install, hence wrote this blog. Update: I’m on Parch linux atm.

Configuration ~/.config

Unix has this very cool way of doing it’s file-system. An app can always access the users home folder with tilde ~ and many store there preferences in ~/.config.

It was fairly good, but you neglected to mention that with snap I end up with a huge ~/snap folder surprisingly which ends up looking a lot like ~/.config but much much more complex. For the directly installed 3D app Blender it’s got it’s config just in ~/.config/ and I can see I’ve used it in 2 versions, v2.82 and v3.0. This makes sense, and the app launches in under 1 second on my beastly machine. I can start it at terminal with just `blender` as it’s located at /usr/sbin/blender. But with snap rather than launch the app I launch snap with blender as a parameter? Looking in ~/snap/blender/ is another story. This has 5 folders but none seem relevant to Blender.They are: 65, 168, 624, common and current symlink, which is pointing at the 624 folder. I guess these are versions of the snap build? No idea. All three are empty. I guess I never ran the snap version cos it is shit. I spent a lot of wasted time configuring OBS Studio as a snap until I realised such an app require realtime performance and runs way way quicker on bare metal. And my settings were not persisting through upgrades.

File Load and Save Dialogs

This was the last straw that did break my camels back. That and confusion about Gnome, and why on earth they seem to act like Apple forcing me to use my mouse.

The snapd component is written primarily in C and Golang whereas the Snapcraft framework is built using Python.  snapd has proprietary code from Canonical for its server-side operations with just the client side being published under the GPL license.

Snap Packages Are A Security Hole

You have no control on what the software packager can install unless you dissect the contents of the squashfs filesystem that came with the package (I’ve no idea how this is done). Further, you have no control on when they do the install/upgrade. I’ve never seen a Linux app with ads, but I predict we will see this within 5 years thanks to snap.

Resource Pig

Snaps are self-contained, and come delivered in a compressed SquashFS filesystem. Each snap package will have its own associated SquashFS filesystem. While in use, “mounting” and accessing the content of each one involves uncompressing and caching the unsquashed data somewhere either in memory or disk. After a while, it’s hard not to notice the performance hit, especially when using using several snap-based packages at once. Finally, when you go to cleanup a bunch, it seems impossible to remove certain snaps. I struggled to remove Firefox snap.

I’ve seen it take over 10 seconds to launch a snap, when the same app installed native starts in 3 or 4 seconds. That’s an enormous difference.

Alternatives to Snap

Snap is Written in Go, C, Shell script, Python, JavaScript, NASL, but the source is not fully available. Ubuntu and its official derivatives pre-install Snap by default, as well as other Ubuntu-based distributions such as KDE Neon, Solus, and Zorin OS. While other official Ubuntu derivatives such as Kubuntu, Xubuntu, and Ubuntu MATE have also shipped with the competing Flatpak as a compliment, Canonical will prohibit them from doing so beginning with Ubuntu 23.04, meaning that it must be installed manually by the user!

Flatpak

Over winner with a balanced use of shared libraries, balanced level of deep integration with desktop (it’s like a statically compiled binary, so works brilliantly, no loss in performance through virtualization). The use of “runtimes” enables shared libraries like Java, Node, Python, dotnet etc to be used efficiently, yet also allows developer to package beta or cutting edge copy of a library if desired.

AppImage

It’s predecessor was created in 2004 by Simon Peter according to this OS Technix site.  Boiling it all down, I would say the stand out features of AppImage are:

  • Unique but rarely beneficial ability to run multiple versions of the same program simultaneously
  • One app – one file. All needed files are included in the one archive, like a True Rasta. One Love.
  • Downsides: is a huge file, does not use shared libraries well, does not received upgrades from system
  • Same fast performance as Flatpak. Reliable static compile (as are all 3 packaging formats to be honest)

No daemon required prior to running – probably why Microsoft chose this format for Unity game dev app.

How is snap running under Manjaro?

So I did another full re-install of my os. I think the stated reason this time was…. a desire to get away from BTRFS file-system. If du and qdirstat would behave I could tolerate that. BTRFS makes sense for /home I reckon.

An Example Of The General Vibe Of Snap

My favorite snap is “Sosumi”. It is basically macOS inside a huge 8 GB snap. It runs like a pre-diabetic dog.

Take for example, the following guidance getting MS dotnet SDK up on Linux in relation to Snap:

Special instructions – Linux Snap instructions
The Linux Snap packages for the .NET Core SDK, by default, will not create the dotnet link. To do so, run sudo snap alias dotnet-sdk.dotnet dotnet. More information about this can be found in the .NET Core SDK release notes. Note that, as of the time of this writing, there are also other incompatibilities between this extension and the .NET Core SDK Snap package beyond the dotnet PATH issue. This incompatibility may result in: Some projects have trouble loading. Please review the output for more details. It was not possible to find any installed .NET Core SDKs Did you mean to run .NET Core SDK commands? Install a .NET Core SDK from: https://aka.ms/dotnet-download

More information about this problem can be found in dotnet/cli#12110.

Some community members have been successful in using the Snap install by following the instructions listed in Configuring Snap installs of dotnet-sdk. Another possible workaround is to add the following to ~/.omnisharp/omnisharp.json.

{
  "MSBuild": {
  "UseLegacySdkResolver": true
  }
}

Examples of Weird Issues With Snap

jason-persson commented Apr 8, 2022:

I have the same issue. I tried using the snap package of the sdk instead, but this segfaults when doing a dotnet restore. I’m not sure why the snap segfaults considering snap packages are meant to be self contained.  see: https://github.com/dotnet/sdk/issues/24759

A Final Word From Tim Berners Lee

He is not talking about snaps below, but just imagine it…

“It seems unthinkable that the Internet Web is over 25 years old and most of us can barely imagine life without it. It was created by the efforts of millions. We all helped to build it and the future of the Internet still depends on us. We all need to use our creativity, skills and experience to make it better: stronger, safer, fairer and more open. Let’s choose the network we want and thus the world we want”, – Sir Tim Berners-Lee (the creator of Internet Web)

As Gandhi said “Be the change you want to see in the world”.

Scroll to Top