Title: Snap integration in Qubes OS templates
Author: Solène
Date: 16 October 2024
Tags: snap qubesos linux
Description: In this guide, you will learn how to setup your Qubes OS
templates to integrate snap programs
# Introduction
Snap package format is interesting, while it used to have a bad
reputation, I wanted to make my opinion about it. After reading its
design and usage documentation, I find it quite good, and I have a good
experience using some programs installed with snap.
HTML Snapcraft official website (store / documentation)
Snap programs can be either packaged as "strict" or "classic"; when it
is strict there is some confinement at work which can be inspected on
an installed snap using `snap connections $appname`, while a "classic"
snap has no sandboxing at all. Snap programs are completely
decorrelated from the host operating system where snap is running, so
you can have old or new versions of a snap packaged program without
having to handle shared library versions.
The following setup explains how to install snap programs in a template
to run them from AppVMs, and not how to install snap programs in AppVMs
as a user, if you need this, please us the Qubes OS guide linked below.
Qubes OS documentation explains how to setup snap in a template, but
with a helper to allow AppVMs to install snap programs in the user
directory.
HTML Qubes OS official documentation: install snap packages in AppVMs
In a previous blog post, I explained how to configure a Qubes OS
template to install flatpak programs in it, and how to integrate it to
the template.
HTML Previous blog post: Installing flatpak programs in a Qubes OS template
# Setup on Fedora
All commands are meant to be run as root.
## Snap installation
HTML Snapcraft official documentation: Installing snap on Fedora
Installing snap is easy, run the following command:
```
dnf install snapd
```
To allow "classic" snaps to work, you need to run the following
command:
```
sudo ln -s /var/lib/snapd/snap /snap
```
## Proxy configuration
Now, you have to configure snap to use the http proxy in the template,
this command can take some time because snap will time out as it tries
to use the network when invoked...
```
snap set system proxy.http="http://127.0.0.1:8082/"
snap set system proxy.https="http://127.0.0.1:8082/"
```
## Run updates on template update
You need to prevent snap from searching for updates on its own as you
will run updates when the template is updated:
```
snap refresh --hold
```
To automatically update snap programs when the template is updating (or
doing any dnf operation), create the file
`/etc/qubes/post-install.d/05-snap-update.sh` with the following
content and make it executable:
```
#!/bin/sh
if [ "$(qubesdb-read /type)" = "TemplateVM" ]
then
snap refresh
fi
```
## Qube settings menu integration
To add the menu entry of each snap program in the qube settings when
you install/remove snaps, create the file
`/usr/local/sbin/sync-snap.sh` with the following content and make it
executable:
```
#!/bin/sh
# when a desktop file is created/removed
# - links snap .desktop in /usr/share/applications
# - remove outdated entries of programs that were removed
# - sync the menu with dom0
inotifywait -m -r \
-e create,delete,close_write \
/var/lib/snapd/desktop/applications/ |
while IFS=':' read event
do
find /var/lib/snapd/desktop/applications/ -type l -name "*.desktop" | while read line
do
ln -s "$line" /usr/share/applications/
done
find /usr/share/applications/ -xtype l -delete
/etc/qubes/post-install.d/10-qubes-core-agent-appmenus.sh
done
```
Install the package `inotify-tools` to make the script above working,
and add this to `/rw/config/rc.local` to run it at boot:
```
/usr/local/bin/sync-snap.sh &
```
You can run the script now with `/usr/local/bin/sync-snap.sh &` if you
plan to install snap programs.
## Snap store GUI
If you want to browse and install snap programs using a nice interface,
you can install the snap store.
```
snap install snap-store
```
You can run the store with `snap run snap-store` or configure your
template settings to add the snap store into the applications list, and
run it from your Qubes OS menu.
# Debian
The setup on Debian is pretty similar, you can reuse the Fedora guide
except you need to replace `dnf` by `apt`.
HTML Snapcraft official documentation: Installing snap on Debian
# Conclusion
More options to install programs is always good, especially when it
comes with features like quota or sandboxing. Qubes OS gives you the
flexibility to use multiple templates in parallel, a new source of
packages can be useful for some users.