Snaps & better refresh notifications
by Igor Ljubuncic on 4 November 2022
Automatic updates grant snap users an ability to receive timely patches to their software, both in aspects of security and functionality. This can be rather useful and convenient, especially for applications that have online access. On the other hand, automatic updates can potentially disrupt users’ workflows if they happen to coincide.
By default, snap refreshes are triggered four times a day. Users have the option to fine-tune the exact schedule, which can help minimize any conflict with actual work, but even so, there might be an update to a running application while it’s in use. In this case, a notification is shown to the user asking them to close the application, in order to allow it to be refreshed in the next slot (about six hours later), or to allow them to manually run the snap refresh command. Of course, this behavior is confusing and inconvenient, and that’s why the snapd team is working on a number of methods designed to minimize impact in these scenarios. These include snap refresh awareness and deferral for when the application is closed.
Refresh notifications
The basic concept is, after having notified the user that one of their running programs has a pending update, to trigger a new refresh operation as soon as the user closes the program. This allows the users to continue working with the updated application as soon as possible.
A good example would be Firefox or Chrome. As Web browsers, they neatly fit into the earlier story: an essential tool with online functionality, strong requirement for timely security, and they are often used for a long period without closing, which can preclude the patches from being installed and applied. This is not specific to snaps, or Linux, though.
On Windows, for instance, the Firefox update service will apply the patches in the background, and will then prompt the user to restart the program. In Linux, if you run a distribution that ships the browser through its repository archive mechanism, and you update the system, you will see a notification that tells you to restart the application.
With the desktop integration in place, the same basic principle applies to snaps. If you open Firefox and there’s an update at that time (manually or automatically initiated), you will see a notification on your system. It will tell you that there’s a pending update, and you will have fourteen days to restart the browser to complete the process. Ideally, you will do that sooner, in order to patch the browser. But this gives you time to prepare, save any work, and then gracefully apply the update.
With the changes that are being worked on, the snapd service will wait, and once you close the browser, update the application – but only if the refresh was started as part of the normal schedule. For manually initiated updates, you will need to rerun the command yourself.
On the command line, if you try to run an update while the application is running, you will see something like:
snap refresh firefox
error: cannot refresh "firefox": snap "firefox" has running apps (firefox), pids:
1870,2159,2193,2287,2312,2425,2427,2437
This looks easy to implement, why are we still waiting?
While seemingly trivial, these changes have to be added into the core snapd, which is a critical component for the functionality of the ecosystem, and must behave in a rock-solid manner. This means that any change must pass a very strict set of reviews before being allowed to be published.
Summary
Update notifications are one of the many ways by which the snap teams are trying to make the experience more streamlined both for developers and the end users. The balance between security and functionality is always a delicate one, and requires careful attention to details. With better awareness and smoother application of updates, snap users should benefit from improved security without having a degraded experience. While the tooling is still in early stages, the notifications work well and display reasonably well on both the GNOME and Plasma desktops. On the latter, at the moment, the notifications do not expire, and you need to dismiss them manually.
This is where you can help, by testing the desktop integration in different distributions and desktop environments, and provide feedback to the snapd team. If you’d like to participate, please grab the snapd and desktop integration snaps from the edge channel, and try them on your system. You can provide feedback directly on the snapd GitHub page, or join our forum and let us know what’s missing.