Announcement

Collapse
No announcement yet.

apt ignoring pin files to block snapd installation!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    apt ignoring pin files to block snapd installation!

    Noticed today that a box I had previously purged of the snapd infestation was reinfected when doing some updates... and it brought in FF100 snap and snapd!

    Checked my /etc/apt/preferences.d/snapd file, yep still there, with blocks on snapd

    Ok. ... repurge snapd, and FF 100 snap, reinstall my FF DEB package...

    Did several tries on using differing file names, and pin priorities in there, and even reboots... snapd will still attempt to be installed!

    Pick a package at random, I picked 2ping... cp the snapd block file over, edit it to 2ping for the package, sudo apt-get update... and FAILURE can not install 2ping! as I would expect...

    Same pin/block files, in 20.04,. and still fails on any attempts to infect with snapd....

    See similar post here about 2 months ago.... https://askubuntu.com/questions/1404...nored-in-22-04

    Any one else seeing apt ignore the block on snapd/? I smell a rat!

    #2
    sudo apt-mark hold snapd
    should do the trick. I don't know anything about pinning and prioritizing with regard to apt. I have always just purged snapd and all of its installed apps first, then the above command to have apt to never install snap or snaps and never had any problems.
    I think the other method is messy and unmanageable.

    Comment


      #3
      Originally posted by rab0171610 View Post
      sudo apt-mark hold snapd should do the trick.
      Nope.. That has NEVER WORKED on 20.04, or 22.04... it will attempt to sneak it back in again.....

      Originally posted by rab0171610 View Post
      I don't know anything about pinning and prioritizing with regard to apt. I have always just purged snapd and all of its installed apps first,
      This is my 22.04 test box for some things, and it was cleansed on install ready to do some test on a piece of software I use that had a huge bug fix for me, and it reinfects the machine....


      Originally posted by rab0171610 View Post
      then the above command to have apt to never install snap or snaps and never had any problems.
      I think the other method is messy and unmanageable.
      That command has never worked on any package I've tried it with, never, from 8.04 on.. only thing that works and blocks or holds stuff is the files in preferences.d/ otherwise they just come back or try to install... now I' have to manage by hand even more the packages on my other 22.04 box...

      I think there is something shady going on, as any other package and that works, EXCEPT snadp! I picked about 5-6 random packages out, all fail to load...

      Checked my earlier BASE VM image of 22.04 and that block file, WORKS... something changed.. either in apt or something...


      Comment


        #4
        I followed this guide which involved modifying files in that folder. It didn't work and the firefox updates auto installed the snap version. I disabled the automatic firefox updates in the browser and I have done "sudo apt-mark hold" on both snapd and squashfs-tools. It has been fine since.

        Comment


          #5
          Did you try correctly setting PPA Priority using the Mozilla Team PPA for FF?

          I suspect that anytime a package that requires snapd is updated or installed, it will draw snapd back in.

          https://www.kubuntuforums.net/forum/...-without-snapd
          Please Read Me
          Be not the first by whom the new are tried, Nor yet the last to lay the old aside. - Alexander Pope, An Essay on Criticism, 1711

          Comment


            #6
            https://techwiser.com/remove-snap-ubuntu
            I basically follow the above steps and have never had snap try to reinstall. I am not using firefox ppa's but installing manually as per instructions on how to install firefox in linux, step 4. I update in the app by going to about firefox tab and do not use apt or repositories to update. I have never had any problems with apt trying to reinstall snap programs or snap itself on either release of Kubuntu. It also works fine on NEON.
            Last edited by rab0171610; Jun 09, 2022, 11:15 AM.

            Comment


              #7
              I suspect it will only get worse over time and with each new release more and more of the system will be snaps by default, like pulseaudio/pipewire, plasma, etc. Best to be looking for alternatives while you can in case you want to jump ship.

              Comment


                #8
                Originally posted by oshunluvr View Post
                Did you try correctly setting PPA Priority using the Mozilla Team PPA for FF?

                I suspect that anytime a package that requires snapd is updated or installed, it will draw snapd back in.

                https://www.kubuntuforums.net/forum/...-without-snapd

                I followed your instructions, it didn't work for me. I don't know why

                Code:
                [FONT=monospace][COLOR=#5454ff][B]~[/B][/COLOR][COLOR=#000000]$ apt policy firefox [/COLOR]
                firefox:
                 Installed: 101.0.1+build1-0ubuntu0.22.04.1~mt1
                 Candidate: 101.0.1+build1-0ubuntu0.22.04.1~mt1
                 Version table:
                    1:1snap1-0ubuntu2 500
                       500 http://gb.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
                *** 101.0.1+build1-0ubuntu0.22.04.1~mt1 900
                       900 https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu jammy/main amd64 Packages
                       100 /var/lib/dpkg/status[/FONT]

                Comment


                  #9
                  did you remove ALL snap and snapd-depending packages, such as plasma-discover-backend-snap


                  Code:
                  ~$ apt-rdepends -r snapd
                  Reading package lists... Done
                  Building dependency tree        
                  Reading state information... Done
                  snapd
                   Reverse Depends: gnome-software-plugin-snap (3.36.0-0ubuntu3)
                   Reverse Depends: livecd-rootfs (>= 2.664)
                   Reverse Depends: plasma-discover-backend-snap (5.18.4.1-0ubuntu1)
                   Reverse Depends: python3-ubuntu-image (>= 1.9+20.04ubuntu1)
                   Reverse Depends: snap-confine (= 2.44.3+20.04)
                   Reverse Depends: snapd-xdg-open (= 2.44.3+20.04)
                   Reverse Depends: ubuntu-core-launcher (= 2.44.3+20.04)
                   Reverse Depends: ubuntu-core-snapd-units (2.44.3+20.04)
                   Reverse Depends: ubuntu-snappy (2.44.3+20.04)
                   Reverse Depends: ubuntu-snappy-cli (2.44.3+20.04)
                   Reverse PreDepends: chromium-browser (80.0.3987.163-0ubuntu1)
                   Reverse PreDepends: cyphesis-cpp (0.7.0~snap1)
                   Reverse PreDepends: ember (0.8.0~snap1)
                   Reverse PreDepends: lxd (1:0.9)
                   Reverse PreDepends: maas (1:0.6)
                   Reverse PreDepends: snapcraft (3.0ubuntu1)
                  gnome-software-plugin-snap
                  livecd-rootfs
                   Reverse Depends: python3-ubuntu-image (>= 1.11+20.04ubuntu1)
                   Reverse Depends: ubuntu-defaults-builder (>= 0.57)
                  python3-ubuntu-image
                   Reverse Depends: ubuntu-image (= 1.9+20.04ubuntu1)
                  ubuntu-image
                   Reverse Depends: livecd-rootfs (2.664.41)
                  ubuntu-defaults-builder
                  plasma-discover-backend-snap
                   Reverse Depends: plasma-discover-backend-snap-dbgsym (= 5.24.5-0xneon+20.04+focal+release+build57)
                   Reverse Depends: plasma-discover-snap-backend (5.18.4.1-0ubuntu1)
                  plasma-discover-backend-snap-dbgsym
                  plasma-discover-snap-backend
                  snap-confine
                  snapd-xdg-open
                  ubuntu-core-launcher
                  ubuntu-core-snapd-units
                  ubuntu-snappy
                  ubuntu-snappy-cli
                  chromium-browser
                   Reverse Depends: chromium-browser-l10n (>= 80.0.3987.163-0ubuntu1)
                   Reverse Depends: chromium-chromedriver (>= 80.0.3987.163-0ubuntu1)
                   Reverse Depends: gnome-core (1:3.30+2)
                  chromium-browser-l10n
                  chromium-chromedriver
                  gnome-core
                   Reverse Depends: gnome (= 1:3.30+2)
                  gnome
                  cyphesis-cpp
                   Reverse Depends: cyphesis-cpp-clients (>> 0.7.0~snap1)
                   Reverse Depends: cyphesis-cpp-mason (>> 0.7.0~snap1)
                  cyphesis-cpp-clients
                  cyphesis-cpp-mason
                  ember
                  lxd
                   Reverse Depends: adapt (1.5-0ubuntu1)
                   Reverse Depends: lxd-client (>= 1:0.9)
                   Reverse Depends: lxd-tools (>= 1:0.9)
                  adapt
                  lxd-client
                  lxd-tools
                  maas
                   Reverse Depends: maas-rack-controller (= 1:0.6)
                   Reverse Depends: maas-region-api (= 1:0.6)
                  maas-rack-controller
                  maas-region-api
                   Reverse Depends: maas-region-controller (= 1:0.6)
                  maas-region-controller
                  snapcraft
                   Reverse Depends: snapcraft-examples (>= 3.0ubuntu1)
                   Reverse Depends: snapcraft-parser (>= 3.0ubuntu1)
                  snapcraft-examples
                  snapcraft-parser


                  Last edited by Snowhog; Jun 09, 2022, 12:51 PM.
                  I'll ask Jeeves

                  Comment


                    #10
                    As well as the snap cache
                    Code:
                    sudo rm -rf /var/cache/snapd/

                    Comment


                      #11
                      OK.. THIS IS A BUG!

                      See: https://bugs.launchpad.net/ubuntu/+s...t/+bug/1978125

                      and

                      https://discourse.ubuntu.com/t/phase...in-21-04/20345

                      The SOLUTION FOR NOW IS:

                      Create a file to turn on this new "feature" and

                      Code:
                      sudo nano /etc/apt/apt.conf.d/20phased-updates
                      / Never include phased updates
                      APT::Get::Never-Include-Phased-Updates "0";
                      Save and then

                      sudo apt-get update

                      Run a test on the inoculation:

                      sudo apt-get -s install snapd

                      Success! or well really failure, it CAN NOT infect with snapd!

                      Enjoy being free of snapd infection!


                      Comment


                        #12
                        Originally posted by claydoh View Post
                        did you remove ALL snap and snapd-depending packages, such as [FONT=monospace]plasma-discover-backend-snap
                        Yes, my first steps on creating a install is to cleanse the infection of snapd, all directories of it are removed...and all snaps....

                        Comment


                          #13
                          Originally posted by oshunluvr View Post
                          Did you try correctly setting PPA Priority using the Mozilla Team PPA for FF?

                          I suspect that anytime a package that requires snapd is updated or installed, it will draw snapd back in.

                          https://www.kubuntuforums.net/forum/...-without-snapd
                          I am NOT USING a PPA/alternate repo for FF. I pull the DEB's from some place else by hand and either dpkg -i or QtApt install them.. I don't live by the must update FF or anything really the second there is an update... updates OS or otherwise are done on MY TERMS AND TIME FRAME...

                          I might look into one which is packing up current releases of FF in DEB format in a repo for updating in the future.. but that requires a testing phase and right now I've got other projects that are higher priority.. updating one piece of software because in this the sky is falling mode is not one of them... Too many people from winslopper land getting their panties too knotted up. Actually this is under review on if we plan to use a repo that is putting a DEB back or setup something to do this via the TGZ from Mozilla.. plus and minuses on both paths... but that needs review...

                          Comment


                            #14
                            Originally posted by rab0171610 View Post
                            I suspect it will only get worse over time and with each new release more and more of the system will be snaps by default, like pulseaudio/pipewire, plasma, etc. Best to be looking for alternatives while you can in case you want to jump ship.
                            I think you are correct, that much like the poettering infestation that took root, and now this, and eventually wayland... I use the interval release between each ESR to know what I have to fix for the next ESR for new boxes/VM/containers.... Maybe if the push back continues and grows on snaps there will be less inclination to enforce more adoption. They are already using their brigades of devotees to squash any posts in places with down votes etc. if you don't support the infestation.

                            Not sure where I would jump ship to .... although its on the radar.. but when you take the hard rules, KDE AND Debian based.. that narrows the field....using real base Debian, is non starter for me due to the DFSG, and thats why Kubuntu is used.. it de'DFSG's Debian... thats a lot of work that would get dumped on me...

                            i have a feeling that very soon things are going to get frozen for me... as I do not intend to accept a NON X11 world.. I use X11 Forwarding etc. in a MASSIVE WAY, and there are no SIMILAR REPLACEMENTS.. We/I rejected all these heavy VNC like setups for a reason...

                            I think this could derail very hard way off this issue as my views on this are pretty hard core and way tangential to this bug......

                            Comment

                            Working...
                            X