Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Igor Ljubuncic
on 4 November 2022


Automatic updates grant snap users an ability to receive timely patches to their software, both in aspects of security and functionality. This can be rather useful and convenient, especially for applications that have online access. On the other hand, automatic updates can potentially disrupt users’ workflows if they happen to coincide.

By default, snap refreshes are triggered four times a day. Users have the option to fine-tune the exact schedule, which can help minimize any conflict with actual work, but even so, there might be an update to a running application while it’s in use. In this case, a notification is shown to the user asking them to close the application, in order to allow it to be refreshed in the next slot (about six hours later), or to allow them to manually run the snap refresh command. Of course, this behavior is confusing and inconvenient, and that’s why the snapd team is working on a number of methods designed to minimize impact in these scenarios. These include snap refresh awareness and deferral for when the application is closed.

Refresh notifications

The basic concept is, after having notified the user that one of their running programs has a pending update, to trigger a new refresh operation as soon as the user closes the program. This allows the users to continue working with the updated application as soon as possible.

A good example would be Firefox or Chrome. As Web browsers, they neatly fit into the earlier story: an essential tool with online functionality, strong requirement for timely security, and they are often used for a long period without closing, which can preclude the patches from being installed and applied. This is not specific to snaps, or Linux, though.

On Windows, for instance, the Firefox update service will apply the patches in the background, and will then prompt the user to restart the program. In Linux, if you run a distribution that ships the browser through its repository archive mechanism, and you update the system, you will see a notification that tells you to restart the application.

With the desktop integration in place, the same basic principle applies to snaps. If you open Firefox and there’s an update at that time (manually or automatically initiated), you will see a notification on your system. It will tell you that there’s a pending update, and you will have fourteen days to restart the browser to complete the process. Ideally, you will do that sooner, in order to patch the browser. But this gives you time to prepare, save any work, and then gracefully apply the update.

With the changes that are being worked on, the snapd service will wait, and once you close the browser, update the application – but only if the refresh was started as part of the normal schedule. For manually initiated updates, you will need to rerun the command yourself. 

On the command line, if you try to run an update while the application is running, you will see something like:

snap refresh firefox
error: cannot refresh "firefox": snap "firefox" has running apps (firefox), pids:
      1870,2159,2193,2287,2312,2425,2427,2437

This looks easy to implement, why are we still waiting?

While seemingly trivial, these changes have to be added into the core snapd, which is a critical component for the functionality of the ecosystem, and must behave in a rock-solid manner. This means that any change must pass a very strict set of reviews before being allowed to be published.

Summary

Update notifications are one of the many ways by which the snap teams are trying to make the experience more streamlined both for developers and the end users. The balance between security and functionality is always a delicate one, and requires careful attention to details. With better awareness and smoother application of updates, snap users should benefit from improved security without having a degraded experience. While the tooling is still in early stages, the notifications work well and display reasonably well on both the GNOME and Plasma desktops. On the latter, at the moment, the notifications do not expire, and you need to dismiss them manually.

This is where you can help, by testing the desktop integration in different distributions and desktop environments, and provide feedback to the snapd team. If you’d like to participate, please grab the snapd and desktop integration snaps from the edge channel, and try them on your system. You can provide feedback directly on the snapd GitHub page, or join our forum and let us know what’s missing.

Photo by Валерия on Unsplash.

Related posts


Igor Ljubuncic
15 November 2022

Hold your horses, I mean snaps! New feature lets you stop snap updates, for as long as you need

Desktop Article

One of the core aspects of the snap ecosystem is the built-in, robust auto-update mechanism. Whenever there is a snap update available in the Snap Store, the snapd service will apply it, keeping your software patched and up to date. Most of the time, this works great. In some scenarios, though, this may not be ...


Igor Ljubuncic
14 April 2022

Private shared memory support for snaps

Ubuntu Article

At first glance, the title of this article may sound like an oxymoron. However, what it highlights is the introduction of a rather useful feature that will enable a far more robust and elegant handling of the /dev/shm implementation inside the snap sandbox. This will make snap development easier, more secure, and reduce potential bugs ...


Gokhan Cetinkaya
28 October 2024

Unleash new ways of working with flexible, cost-effective VDI

Desktop User Experience

Empower your modern workforce with VDI from HPE and Canonical For years, virtual desktop infrastructure (VDI) has helped power the most complex IT environments—and the technology is still relevant today. After all, VDI allows employees to access their work applications and data across any device, anywhere. And the growth of 5G networked e ...