Master IoT software updates with validation sets on Ubuntu Core 22

by Vergil Yotov on 15 June 2022

Save your seat for an intro webinar

If you are packaging your IoT applications as snaps or containers, you are aware of the benefits of bundling an application with its dependencies. Publishing snaps across different operating system versions and even distributions is much easier than maintaining package dependencies. Automated IoT software updates make managing fleets of devices more efficient. While you can avoid the dependency hell between software packages, how could you ensure that the diverse applications on an IoT device work well together?

Ubuntu Core 22 introduces the feature of validation sets that makes IoT device management easier. A validation set is a secure policy (assertion) that is signed by your brand and distributed by your dedicated Snap Store. With validation sets you can specify which snaps are required, permitted or forbidden to be installed together on a device. Optionally, specific snap revisions can be set too.

Applying a validation set

An IoT gateway device, for example, will often run various applications that come from different teams or vendors. This software can be released and updated at different intervals.  Moreover, how applications interface with each other can change in ways that are unpredictable. Even loosely coupled applications need to be tested to observe how well they perform together.

With validation sets, you can describe verified combinations of software. It is your decision if you want such a policy to be optional and monitored when needed or enforced by snapd. When enforcing a validation set, snapd will ensure that:

  • Snaps required by a validation set are both present and, if specified, at the correct revision. Attempting to remove a required snap will result in an error and the process will be rejected.
  • Snaps are only refreshed to newer revisions if they continue to satisfy the applied validation sets.
  • Invalid snaps are not allowed to be installed. Attempting to install them will result in an error.

By enforcing validation sets you can ensure that your devices maintain testing and certification integrity over time and across software changes.

Fine control for your IoT software updates

With effective use of validation sets, you can orchestrate how IoT software updates are performed to your fleet of devices. Even if applications are released and updated at different times, changes to installed software will be kept consistent according to the validation set policy. Application updates in Ubuntu Core are automatic and distributed through the Snap Store. By default, the snapd daemon checks for updates multiple times per day. Each update check is called a refresh. Validation sets provide an elegant alternative to refresh control or using the Snapd REST API to control the conditions under which software updates are performed on a device. Just like updating snaps, rolling out policy updates to your devices can happen automatically through your dedicated Snap Store. This makes managing large scale deployments easier and verifiable.

Learn more

Be sure to read the validation sets and validation-set assertion documentation for more information on how to use this feature with your dedicated Snap Store. This new feature is still under active development. Questions and feedback are always appreciated in the Snapcraft.io forum. If you want to learn more about using snaps, the Snapcraft docs are also a good place to start.

Stay tuned

Watch the Ubuntu Core 22 webinar on June 28th, 2022 at 4:00PM CET.

Curious how your existing project or exciting new idea can benefit from the new features of Ubuntu Core 22, get in touch with us.


Newsletter Signup

Related posts

Managing software in complex network environments: the Snap Store Proxy

As enterprises grapple with the evolving landscape of security threats, the need to safeguard internal networks from the broader internet is increasingly important. In environments with restricted internet access, it can be difficult to manage software updates in an easy, reliable way. When managing devices in the field, change management […]

Creating Snaps on Ubuntu Touch

This article was written in collaboration with Alfred E. Neumayer of the UBports Project. Tablets, phones and current technology’s capabilities are phenomenal. Who would have thought a thin, light, barely 10 inch device would provide all the power necessary to run Virtual Machines, wherever one desires while powered on battery? That a sma […]

We wish you RISC-V holidays!

There are three types of computer users: the end user, the system administrator, and the involuntary system administrator. As it happens, everyone has found themselves in the last group at some point or another; you sit down to perform a task relevant to your needs or duties, but suddenly the machine does not work as […]