1. 49

  2. 31

    Remove the entire thing from snap and install it via apt. Problem solved.

    sudo snap remove --purge firefox
    sudo add-apt-repository ppa:mozillateam/ppa # Press [ENTER] when it prompts for confirmation
    echo '
    Package: *
    Pin: release o=LP-PPA-mozillateam
    Pin-Priority: 1001
    ' | sudo tee /etc/apt/preferences.d/mozilla-firefox
    sudo apt install firefox
    1. 19

      Followed by this to remove snap and not run into such issues again:

      sudo apt autoremove --purge snapd gnome-software-plugin-snap
      rm -fr ~/snap
      sudo apt-mark hold snapd
      1. 8

        Be careful with that. Firefox is not the only thing that is installed by snap. Here’s the list for Ubuntu 22.04 LTS:

        testuser@testvm:~$ snap list
        Name               Version          Rev    Tracking         Publisher   Notes
        bare               1.0              5      latest/stable    canonical✓  base
        core20             20220318         1405   latest/stable    canonical✓  base
        firefox            99.0.1-1         1232   latest/stable/…  mozilla✓    -
        gnome-3-38-2004    0+git.1f9014a    99     latest/stable/…  canonical✓  -
        gtk-common-themes  0.1-79-ga83e90c  1534   latest/stable/…  canonical✓  -
        snapd              2.54.4           15177  latest/stable    canonical✓  snapd

        I keep snapd around because I haven’t yet looked into what happens when you remove it entirely.

        1. 9

          I’m pretty sure everything but Firefox in that list is just a runtime, and if you aren’t using any other snaps, you can do without it

    2. 16

      Ran myself into several issues, the most important being that Snap-Firefox cannot be used to login into belgian gov websites. I think that the problem is really deeper than just container-issue. It’s deeply philosophical.

      Basically : people thought that packaging was hard so let’s create a new layer called “containers” which is easier. And doesn’t work for every non-straightforward cases. By the time those issues are solved, containers will be as hard, complex and insecures as current packaging tools. Which will prompt a new era of solutionism.

      For complete solution and analysis, see : gemini://rawtext.club/~ploum/2022-04-05-firefox-ubuntu.gmi


      1. 5

        How can it be unable to log into Belgian government websites..? I don’t know the context, but I would be extremely surprised if it isn’t because of Belgian government websites doing extremely stupid things they shouldn’t be doing in the name of “security”. I’m ready to be proven wrong tho, if it’s actually an issue with Firefox itself.

        1. 26

          no, the gov is doing a wonderful job here. Context : we all have an ID card with a chip. In order to login into a gov website, you need to plug a simple USB reader into your computer and insert the card into the reader.

          Gov has developed a software to read this eID card. Software is free software and available for Windows, Mac and Linux. There’s even an official debian repository for it. (hence the good job). It has been that way for the last 15 years.

          In order to use it on the web, gov is providing a Chrome and a Firefox plugin which makes the link between the browser and the official software.

          Problem : contained Firefox (Flatpak or Snap) cannot, by design, talk with any software running on your computer. Which means it’s impossible, by design, to login to government websites with Snap Firefox. It’s exactly the same issue that OP has with keepass.

          So the root cause here is 100% related to Ubuntu moving to snap (the belgian eid software has been working since the very first Ubuntu 4.10).

          The move to snap is really a reckless move for a lot of corner cases. The worst being that, despite having pinned mozilla PPA, I already had to deal twice with dist-upgrade silently upgrading firefox to Snap.

          Was waiting for Regolith to support Debian to abandon Ubuntu, which is a heart breaker for me (I’ve been used and contributed to Ubuntu since before it was called Ubuntu (it was “no-name-yet” and was a stealth project at the time), early 2004, so, yes, emotionnaly difficult for me to abandon it)

          1. 5

            Latest snap beta for Firefox can do this, I had to set it up for my Dad so he could use keepassxc

      2. 25

        If I wanted sandboxing that breaks my software, I’d run Android.

        I really don’t understand why there’s such excitement to replicate the worst parts of Android and iOS on real computers.

        1. 8

          Because it makes security explicit instead of implicit and that should make exploits harder. Nobody’s ever made a full-bore desktop system where everything runs in this sort of model though, so we actually don’t know how to do it well. Desktop applications tend to chat with each other a lot, and sandboxing breaks that unless the sandbox knows what it is and isn’t supposed to be able to chat with.

          It also, in theory, simplifies distribution channels because you can have different programs use different versions of libraries, instead of the current Linux distro model where everything on a system is built with the same libraries. I expect this will work fine until our chatty desktop apps can’t talk to each other anymore because one is using libFoo.10 which defines some message type and another is using libFoo.11 which changes the behavior of that message.

          Also because it makes it easier to have more of a walled garden with an app store, which is a money mine. I expect that’s why Canonical is doing it. As usual, they are building their own boutique solution instead of collaborating with others (Flatpak, Appimage). As usual, it’s not working out great for them. See: Mir, Upstart, probably others I’m forgetting.

          1. 6

            While these security boundaries are technically good idea, pretty much all of them fall down the vendor arrogance hole in practice: “if some functionality is no longer available, it’s not like you needed it anyway, you stupid luser.” If there’s an out at all, it tends to be hidden behind some masterpiece of dark pattern engineering (e.g. the Android “battery optimization” toggle).

            Obviously proprietary platforms such as iOS and Android¹ are massively guilty here, but unfortunately open source has not been a paragon of success in this department either. In addition to the snap failboat discussed here, Wayland re: screenshots and clients moving/resizing their own windows comes to mind.

            ¹ While Android is technically quasi-non-proprietary, relatively few people will have a good time without the Gapps spyware bundle and SafetyNet’s attestion of allegiance to Google overlords present.

        2. 8

          Is there something good to read about Ubuntu’s strategy with snap? It sort of baffles me; even simple shell programs like htop or ripgrep have Snap builds. Why?

          1. 8

            Do not underestimate the effect of something being considered hip, trendy and labeled “best practice”.

            1. 3

              Also, the sunk cost fallacy.

            2. 2

              htop, ripgrep, etc. have snap builds because snap is marked (and works) as a way to package once, run on any Linux distribution, and reaching your users directly (without a distribution maintainer in between) to boot. Flatpak has this property as well but it is not really designed for non-GUI applications, whereas snap is.

              Edit: unless you mean, why is Canonical making snap builds for these kinds of packages? If that’s the case it’s likely so these programs can run on Ubuntu Core, which ships a version of Ubuntu managed entirely using snaps - the base system image is just a snap, and there is no APT package manager.

              1. 4

                Isn’t the Snap Store closed source and run by Canonical? So it’d be “package once, run on any distro” by virtue of rejiggering the distro to be Ubuntu Core?

                1. 1

                  Oh thank you, that makes so much sense! I’ve only ever encountered Snap in the Ubuntu context and it felt like something Canonical alone was pushing. Didn’t realize it was a cross-distro distribution format.

                  1. 4

                    It should be noted that Flatpak is also a cross-distro distribution format. As far as I know, Snap is the first choice of only Ubuntu & Canonical, whereas Flatpak is the first choice of a variety of different distributions. Snap still only supports Canonical’s repository, and Canonical hasn’t open-sourced the Snap store.


                  2. 1

                    To be fair most package managers are essentially runable anywhere. A lot of them even cross OS, some like pkgsrc on a pretty big amount of OSs and does also allow you to choose where applications are installed, so you don’t interfere with the main package manager.

                    Of course it’s not like Snap and Flatpak in other regards, like the “no maintainer” part you mentioned, even though it basically just makes the author the maintainer which again also would likely be pretty much the same if there was only one package manager. But given that package managers tend to be one of the or the only differentiator of Linux distributions it’s a a bit of an odd “selling point”.

                    I also think that just like with containers what people end up wanting to have for the largest part is static and “fat” (as in resources and static files compiled in) binaries or if they want more something like WASI in the long run.

                  3. 1

                    https://discourse.ubuntu.com/t/feature-freeze-exception-seeding-the-official-firefox-snap-in-ubuntu-desktop/24210 Here is a post about the justification for FF in particular. Snaps theoretically let people ship “unmodified” binaries without having to change things up to play nice with package manager or distro issues (for example you want to use Python 3.4 but distro repo has 3.6)

                  4. 4

                    I got bitten hard by the KeePassXC integration break. Even more because it happend to another person I had to help with, for which Ubuntu 22.04 LTS simply broke everything in that regard. According to this ask-ubuntu post it looks like more people got problems by this unfinished, untested release into an LTS distribution. No it’s not fine to release this breaking change, then wait for people to shout, and only then start fixing issues that are open since three years, showing all the open problems for a real migration.

                    1. 7

                      Breaking FF is not really a first for snap cock-ups either. The whole saga around the “close the application to update” notification where closing the application does not actually result in updating the application unless you wait for 3+ hours was a pretty incredible show of release engineenering.

                    2. 2

                      Strongly agree with this — the snap, which I first encountered in 22.04 LTS — is in no way LTS quality.

                      The issue I encountered immediately on upgrade is that activating the save dialog by pressing Ctrl-S has completely botched focus management. The focus moves to the dialog so quickly that the key up event isn’t received on the original window, which pops a fresh dialog as soon as the first is closed. The only way to recover is to kill the whole app.

                      If packaging Firefox is so difficult Canonical should make a .deb that dumps it in /opt/firefox and be done with it.

                      1. 1

                        The packaging isn’t difficult. Snap exists not for packaging reasons but rather sandboxing reasons.

                        1. 1

                          I don’t understand this.

                          1. If the goal is sandboxing, you don’t have to introduce a bunch of layered filesystem stuff to do it. Didn’t we already have AppArmor for this? Add portals to that or whatever. Why did we need a new artifact format and build toolchain?
                          2. Both Chromium and Firefox do their own sandboxing internally — why are they then the primary targets for snapification? Their security posture is waaay better than most apps that ship in the Ubuntu desktop. Sandbox Eye of Gnome like the thumbnailers!

                          Like, it’s great that I can install Discord as a Snap — I like having that sandboxed. But aggressively applying this tech to the most complicated and rapidly changing apps shipped on an Ubuntu system (web browsers) seems frightfully optimistic. You’re inevitably going to hit tons of long tail bugs and niche features like we’re seeing.

                      2. 2

                        I only use this on my couch laptop and thus only ran into less than half of the mentioned issues - so I guess it may not be that bad for casual users but I’m kinda glad I don’t have that on my main machine, yeah.

                        1. 4

                          It sounds as if most of these are issues that are more or less intrinsic to running the browser in a container: it doesn’t see the rest of the system or, if it does, it doesn’t seem them in normal locations.

                          1. 3

                            Yeah, but nevertheless it looks rushed and no one thought of the more serious implications or just ignored them. It looks like a bad default in this state.

                        2. 2

                          The current Firefox snap beta has an attempted fix for this (a Native Messaging portal):


                          It works for some applications, but sounds like it doesn’t work when the other application is also containerized.

                          1. 1

                            To Canonicals credit while there are loads of issues, there is also progress on fixing them. I had a couple messy ones and they actually got fixed!

                            I am sympathetic to the primary issue here, which is that the apt repo distro model basically means you don’t get bug fixes for things (or rather, they come every 6 months). Browsers have recently faster update cycles, but honestly it makes me feel like everything being rolling release would lead to stuff getting fixed faster. Lot easier to debug issues when you can granularly update just one package, for example.

                            But the snap security model really does run up against tooling that expects things to not have security (for example access to /tmp). I don’t know how you resolve this question of file access overall