Ubuntu 16.04 LTS introduces “snaps” for new robust, secure app format

Canonical released Ubuntu 16.04 LTS, featuring the new “snap” package format and LXD pure-container hypervisor.

An Ubuntu Long Term Support (LTS) release is supported and maintained by Canonical for five years, making it a stable, reliable, and secure Linux platform for long-term, large-scale deployments. This is the 6th such LTS release for Ubuntu, and marks the first time that the platform is supported on mainframes.

Ubuntu 16.04 LTS adds new “snap” application package format

Ubuntu 16.04 LTS introduces a new application format, the ‘snap,’ which can be installed alongside traditional deb packages. These two packaging formats live quite comfortably next to one another and enable Ubuntu to maintain its existing processes for development and updates.

The ‘snap,’ format is much easier to secure and much easier to produce, and offers operational benefits for organisations managing many Ubuntu devices, which will bring more robust updates and more secure applications across all form factors from phone to cloud.

Creating ‘snaps’ is simplified for developers with the introduction of a new tool called ‘snapcraft’ to easily build and package applications from source and existing deb packages. ‘Snaps’ enable developers to deliver much newer versions of apps to Ubuntu 16.04 LTS over the life of the platform, solving a long-standing challenge with free platforms and enabling users to stay on a stable base for longer while enjoying newer applications.

The security mechanisms in “snap” packages allow for much faster iteration across all versions of Ubuntu and Ubuntu derivatives, as “snap” applications are isolated from the rest of the system. Users can install a “snap” without having to worry whether it will have an impact on their other apps or their system. Similarly, developers have a much better handle on the update cycle as they can decide to bundle specific versions of a library with their app. Operationally, transactional updates make deployments of “snap” packages more robust and reliable.

“With ‘snap’, Ubuntu solves a serious issue regarding software patch management. Previously if we would unveil a new version of Lynis just before the release of the LTS version, it would become the only version for that release. After years of getting the same bug reports it became a serious burden. The new format allows a better separation of packages and their dependencies. The result will be an operating system with newer software versions, yet less risk of breaking the system,” Michael Boelen, founder of CISOfy, told Help Net Security.

Cloud and container computing platform

A key new feature in this release is LXD, the pure-container hypervisor that delivers 14x the density and substantially greater speed for Linux guests compared to established traditional virtualisation. LXD is part of LXC 2.0, the latest release of the Linux Containers project and the basis for almost all PAAS infrastructures in production today. Canonical has led LXC development for several years, with contributions to LXC 2.0 coming from more than 80 companies.

Using LXD as a hypervisor for OpenStack enables greater density of workloads and has lower latency than any other cloud infrastructure in the market today. This offers significant benefits for companies doing time-sensitive work on cloud infrastructure, such as telco network-function virtualisation, real-time analytics of financial transactions, or media transcoding and streaming. It also provides significant improvements to the cost of infrastructure for organisations with large portfolios of idle guest workloads.

Also included in this release is support for ZFS-on-Linux, a combination of a volume manager and filesystem which enables efficient snapshots, copy-on-write cloning, continuous integrity checking against data corruption, automatic filesystem repair, and data compression. ZFS-on-Linux is a mature filesystem based on work published by Sun Microsystems under a free software license nearly a decade ago, and which is widely used in cloud and container operations on Ubuntu.

“Container technology is changing how we look at the operating system. This is interesting for security as we get smaller pieces, which we should be able to control better. At the same time security is still an after thought, as can be seen with Docker development over the last few years (first come the features, then the security measures). ZFS is everything what you can expect from a new file system, and better. It’s always been known for its high level of data integrity, and keeping data available,” added Boelen.

Continuing the storage theme, Ubuntu 16.04 LTS introduces support for CephFS, a distributed filesystem that provides an ideal platform for large-scale enterprise storage for cluster computing on open technology.

Ubuntu 16.04 LTS creates a common platform for cloud and container computing across an incredible range of devices, from embedded ARM devices like the RaspberryPi, to the standard 32-bit and 64-bit Intel/AMD servers, and up to the most powerful IBM Z, LinuxONE and POWER8 systems.