What is Ubuntu Core?
What is Ubuntu Core?
As such, the distro focuses on security, bulletproof updates, and a minimal footprint. These objectives are achieved in large part by the exclusive use of snap packages instead of traditional deb packages like other flavors of Ubuntu. In this post we’ll dive into some of the details of what this actually means, and we’ll try to explain why Ubuntu Core is well suited for IoT.
What are Snaps?
Since, Ubuntu Core is based on snap packages, let’s start by explaining what snaps are.
Snaps are a next generation package management system. Unlike other software packages (such as debs), snaps run in a confined environment. This means they can’t affect other snaps on the system, nor can they affect the underlying system. For example, imagine you installed an app by an untrustworthy source. With traditional package management systems, this piece of software would have full access to your system. It could install malware on your system, and you couldn’t remove it by uninstalling the app. Snaps, however, run in a sandbox and therefore cannot compromise an entire system. If the snap did contain malware, you could remove it completely by uninstalling the snap.
Additionally, snap updates are completely transactional. If an update fails or is incomplete, it’s rolled back to a working state before the update. Think about when you’re updating your laptop; you’re probably familiar with the message, “Do not unplug your computer while the update is in progress”.
You’ve probably haven’t put much thought into that message. But you know what it means, if you unplug your computer while it’s updating, you’re going to mess it up. And this is because the update on your laptop are NOT transactional. On Ubuntu Core however they are. If your device loses power while an update is in progresss, no problem. The update is rolled back and the previous version runs.
Security on Ubuntu Core
Security in IoT has recently come into sharper focus thanks to a number of high profile breaches of embedded devices. The Mirai Botnet was a case where a variety of smart devices (including smart cameras) were infected by malware. Attacks by the botnet resulted in downtime for several major websites including GitHub, Twitter, Reddit, Netflix, Airbnb and many others. The two elements that made this exploit so nefarious were default passwords and the inability to update the infected devices. Ubuntu Core devices have no default passwords, and can only be accessed with ssh keys by default, and thus wouldn’t have been susceptible to such an attack. Secondly, all Ubuntu Core devices are connected to a centralized app store; therefore pushing out security updates is made easy.
In addition to these technical security features, Ubuntu Core also has the backing of Canonical which provides a minimum of 10 years security maintenance. When you’re thinking about developing your app, you might be thinking about security of the underlying operating system and therefore choosing a OS that takes care of this for you is critical.
Because Ubuntu Core is based on Snap packages, updates are transactional, cryptographically signed, and immutable. What may not be immediately obvious is these features extend to the lowest level of the operating system. That means that even the Linux Kernel is updated transactionally.
Every Ubuntu Core device has three special snaps installed: the kernel snap, core snap, and gadget snap. The kernel snap contains the linux kernel. The gadget snap contains device specific configuration. And finally the core snap provide essential operating system services.
Because Ubuntu Core is targeting IoT, many of the devices it runs on will be resource constrained. This can have a number of meaning, but specifically the devices may have small storage, low power, limited RAM, and a slow unreliable internet connection. Generally, Ubuntu Core is targeted at “gateway” class devices.
- Processor – 600 MHz processor (ARMv7 or greater, or x86)
- System Memory – 128 MB RAM (The system itself uses 40 MB RAM)
- Storage – 4GB flash / storage for factory reset and system rollback
So while Ubuntu Core is not small enough to run on the smallest embedded devices, it’s definitely on the smaller side of most linux distros.
Additionally, Ubuntu Core attempts to maintains a limit internet footprint too. Again this is due to the exclusive use of snaps for software distributution. When new versions of a snap package is downloaded only the binary difference between the versions is download. This is called delta updates. The exact amount of bandwidth savings depends on the snap, but in extreme case the delta update could be 100 times smaller than downloading the entire snap.
Sometimes finding good info on Ubuntu Core can be challenging. One of your best sources is https://snapcraft.io/. Snapcraft.io is dedicated to snaps in general, not exclusively Ubuntu Core, but it’s a great starting point.
|https://forum.snapcraft.io/||This is a go to place for discussion about all things snaps. The forum is quite active and it’s a great place to get help with both snap and Ubuntu Core.|
|https://snapcraft.io/store||This is the public app store for snaps. You can also search for snap on the command line, but this is sometimes easier.|
|https://ubuntu.com/blog/tag/iot||These blogs are from Canonical and the Ubuntu Community. These are focused on IoT in general, but of course they frequently discuss Ubuntu Core.|
|https://snapcraft.io/build||This is a free service to build snaps that connects to you github repo. This makes building snaps extremely easy.|
|https://snapcraft.io/docs/||Again these docs are for snaps in general.|
|https://certification.ubuntu.com/iot/models?query=&level=&release=Core+18&release=Core+16||Here is a list of currently supported hardware for Ubuntu Core. This is a great place to get started with Ubuntu Core.|
|https://www.brighttalk.com/topic/ubuntu/||Bright Talks is an awesome resource for technical webinars. The website is not exclusive to Ubuntu (nor Ubuntu Core), but they do frequently have talks on Ubuntu, Ubuntu Core, and snaps.|