A More Stable Future for Ubuntu

Canonical has announced plans to switch all versions of Ubuntu to its new Snappy package manager. The new tool offers the promise of greater stability and security for the system and applications.

Snappy already is used in Ubuntu core, a minimal version of Ubuntu intended for use in the cloud, on mobile devices and in embedded systems.

The next step is rolling Snappy into "Ubuntu Desktop Next". Next is a special version of Ubuntu that acts as a test bed for new technology before it is included in the desktop version. Testers use Next to try out new features, such as Mir and Unity 8.

Currently, Ubuntu uses the Advanced Packaging Tool (apt) and the lower-level dpkg tool to manage packages. They are inherited from Debian and are used on a wide range of distros.

Snappy takes a radically different approach to package management. This means developers will need to replace all the existing Debian packages with Snappy packages. Of course, this will be a major undertaking. There are thousands of packages to switch, so we can expect a lengthy wait before Snappy makes it into the mainline version.

In light of the change, some people are concerned that Ubuntu will sever ties with Debian. The Next team leader has clarified that Canonical intends to maintain Ubuntu's relationship with Debian. The plan is to create Snappy packages based on the Debian equivalents.

Snappy is a new breed of package manager with a different approach to security, package contents and updating. It originally was designed for better performance on mobile devices, but it has a range of benefits for all users. Here are some of the features that make Snappy different:

  • Separate application code and user data: Snappy separates user files, such as configuration settings and data, from application code. The application code is read-only to ensure stability. This prevents tampering and ensures a predictable update process.
  • Protects user data: user files are backed up automatically when packages are updated or rolled back. This eliminates risk for users.
  • Atomic packages: Snappy packages are self-contained. All the dependencies of an application are bundled together into a single package, and they are shipped together. With APT, installing one package often requires multiple dependent packages to be installed at the same time. Snappy puts an end to this. Atomic packages make applications more self-contained and stable, but there is a cost. It inevitably will lead to some duplication between packages, requiring more disk space overall.
  • Smaller updates: Snappy uses a delta image-based update system. This means when a package is changed, Snappy downloads only the parts that have been altered. As a result, updates are much smaller. This is a key feature on mobile devices with limited bandwidth and strict data limits, but smaller updates are great news for everyone.
  • Stability: the main thing that breaks working apps is changing code. Sometimes it's a change in the code of the app itself. Quite often, the change is in some other code on which the app depends, such as a library. Sometimes applications stop working when a new version of a library is released. Snappy insulates apps from both of these sources of change. Because all dependencies are bundled up with the application code, it always will use the correct versions. As each package is updated through a series of delta images, nothing is deleted. All versions are available on the user's machine. So if a new update of the app doesn't work properly, a user easily can "roll back" to a version that works.
  • Improved security: Snappy improves security with two new features, AppArmor and digital signatures. Digital signatures ensure that the package you are installing is from the correct developer and has not been altered since it was bundled. This safeguards against malware, because if infected files were added to the package, it would invalidate the signature. AppArmor enforces restrictions on what applications are allowed to do on your system. It limits the resources that each app can access and alter. The aim is to prevent apps from causing harm or reading secure information.

The promise of smaller updates, greater security and stability definitely are appealing. By the time Snappy arrives, it will have been thoroughly tested on Desktop Next, so hopefully it will be a smooth transition.

______________________