Completely remove snap (and prevent it from ever installing)

I hope it's fine to post this, despite being in a community for an Ubuntu flavour. Snaps are Canonical's package format and deployment system, which I suppose we're already aware of. There are certain valid reasons why dislike snap though I don't see the need to tackle that on this post. Don't get me wrong though, they work just fine for me, I'm just more comfy with .deb packages.

For this very instance, I've made this script following my recent installation:

#!/bin/sh

# Remove snap packages (some need to be removed prior certain packages)
sudo snap remove --purge firefox
sudo snap remove --purge gnome-42-2204
sudo snap remove --purge gtk-common-themes
sudo snap remove --purge firmware-updater
sudo snap remove --purge bare
sudo snap remove --purge snapd-desktop-integration
sudo snap remove --purge core22
sudo snap remove --purge snapd

# Disable running services (this can be masked further)
sudo systemctl disable snapd.socket
sudo systemctl disable snapd.service
sudo systemctl disable snapd.seeded.service
sudo systemctl disable snapd
sudo systemctl mask snapd

# Wipe some of the remnants
sudo rm -rf /var/cache/snapd/
rm -rf ~/snap

# Purge snap and mask it 
sudo apt autoremove snapd --purge -y
sudo apt-mark hold snapd

echo "\e[1;32m\nSnapd is successfully removed.\n"

To discuss about it briefly, the first section is used to remove snap packages. I'm very certain that this can be shortened to one line, though I can't remember what packages need to be removed before the others.

bare and core22 (core24 for Noble) are base packages that provides a runtime environment with the libraries and dependencies common to other snap packages. On the other hand, snapd is the daemon (or background service) that manages and maintains your snaps.

The second section will disable the snapd services. snapd.socket handles/kickstarts communications to the snapd daemon as;

Socket units may be used to implement on-demand starting of services, as well as parallelized starting of services.

Masking a service (similar to the last line of the section) will make it impossible for a service to be started, without unmasking it first. This mechanism is similar to the apt-mark hold which prevents snapd from ever installing (even when called as a dependency).


For installing the .deb Firefox, import the repo signing key first:

wget -q https://packages.mozilla.org/apt/repo-signing-key.gpg -O- | sudo tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null

Add the Firefox repository afterwards (doesn't follow the deb822 format):

echo "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" | sudo tee -a /etc/apt/sources.list.d/mozilla.list > /dev/null

Update the package list and install Firefox normally:

sudo apt update && sudo apt install firefox

For installing .deb Thunderbird, add their PPA repository, update and install. If you dislike PPAs, you can stick with their tarballs or Evolution (love it so far).

sudo add-apt-repository ppa:mozillateam/ppa
sudo apt update && sudo apt install thunderbird

For installing .deb Chromium, you can add the Linux Mint repos. I didn't add it here since adding a repo of another distro can create problems. Personally, I manually download and install it from their website, and update it manually. Won't suggest it to anyone, ever.

EDIT 1: In place of Chromium and Thunderbird, I suggest installing Vivaldi by downloading it from their website. This automatically adds their repository upon installation (and can be easily updated thru the package manager) unlike the previous one.


Usually, there's the need to create a preference file that would set package priority under /etc/apt. For this instance however, this isn't necessary anymore since snapd is already masked earlier.

As a little thank you for reading to this point, here's a simple cleanup script I've done! Can't say it's any good but I hope it's helpful at least.

#!/bin/sh

sudo apt-get autoremove --purge -y
sudo apt-get autoclean
sudo apt-get clean
sudo dpkg --configure -a
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
sudo rm -rf ~/var/cache/apt/
rm -rf ~/.cache/*

echo "\e[1;32m\nSystem cleanup done.\n"

You can install it through this Makefile (sudo make install). This makes it more convenient to call by simply running cs in the terminal.

PREFIX = /usr/bin

all:
	@echo Run \'make install\' to install cleansystem.

install:
	@mkdir -p $(PREFIX)
	@cp -p cs.sh $(PREFIX)/cs
	@chmod 755 $(PREFIX)/cs

uninstall:
	@rm -rf $(PREFIX)/cs
4 Likes

I am anti-snap.

However ... there are snap packages that, if removed, will create havoc on your system. I will let the experts spell out which "core" packages, and how they impact, if they are completely purged.

For those "core" packages, "tread lightly" as they say! :slight_smile:

4 Likes

I can confirm, yeah. For instance, Pro and Livepatch is reliant on it. I suppose it is only intuitive to assume that snap packages and the daemon itself will be much tightly integrated to Ubuntu someday.

Thankfully, if you don't use those services or anything reliant on snap explicitly, it should work just as fine as it used to be. For now, that is. I can only hope this remains true for the years to come.

3 Likes

To see the packages installed on our systems that are dependent upon snapd, we can start by looking at the result of:

user@host:~$ apt-cache rdepends snapd --installed
snapd
Reverse Depends:
  apparmor
  ubuntu-mate-core
  firefox
  libsnapd-glib-2-1
  apparmor
  command-not-found

This doesn't necessarily mean that apparmor depends on snapd to run (we can use apt show to drill down, and it turns out, the apparmor package simply breaks earlier versions of snapd package, that's all). Similarly, libsnapd-glib-2-1 merely suggests that snapd is installed; it'll probably run fine without it:

snapd-glib is a library to allow GLib based applications access to snapd, the daemon that controls Snaps.

Looking at its reverse dependencies:

user@host:~$ apt-cache rdepends libsnapd-glib-2-1 --installed
libsnapd-glib-2-1
Reverse Depends:
  libpipewire-0.3-modules
  cups-daemon
...

I doubt either of those would care if they can't access the snap daemon for some reason.

Most users will probably be fine to disable snap if they aren't using it; but some of these commands could help us identify a problem with their particular setup.

3 Likes

I just wanted to add that if there are any non-Snap equivalents of packages that are default-Snap, I will absolutely disable/purge the Snap version and replace it with the Debian package version.

Somewhere in the various postings on the Community site, there is a discussion where it is explained what to do, in terms of configurations, to prevent a snap-based package from being installed (after removal) and to identify a mandatory preference for the debian version for such packages.

If I recall, it involved the reverting to non-Snap package for Firefox.

4 Likes

Looking back to this, it is one heck of a terrible script. I have included a similar functionality (which I copied from someone) in this post.

2 Likes

Same here. I remove what I can and install .deb packages. Then I hide snap in my home folder so as not be be annoyed by seeing it everyday.

1 Like

One doesn't need to remove snap packages one by one, purging the snapd package using apt is essentially enough.

The snapd package has an extensive postrm (post-removal) script performing the cleanup. Example: the postrm script from snapd_2.67.1+22.04_amd64.deb.

#!/bin/sh

set -e

# "powerpc" is not supported unfortunately, do nothing here# 
if [ "$DPKG_MAINTSCRIPT_ARCH" = powerpc ]; then
    exit 0
fi

systemctl_stop() {
    unit="$1"

    echo "Stopping unit $unit"
    systemctl stop -q "$unit" || true

    for i in $(seq 20); do
        echo "Waiting until unit $unit is stopped [attempt $i]"
        if ! systemctl is-active -q "$unit"; then
            echo "$unit is stopped."
            return
        fi
        sleep .1
    done
}

is_component_mount_unit() {
    systemctl show "$1" -p Where | sed 's#Where=##' | grep -q "${SNAP_MOUNT_DIR}/"'[^/]*/components/mnt/[^/]*/[^/]*'
}

if [ "$1" = "purge" ]; then
    # Undo any bind mounts to /snap and /var/snap that resulted from parallel
    # installs for classic snaps or LP:#1668659 (for /snap only, that bug can't
    # happen in trusty -- and doing this would mess up snap.mount.service there)
    for mp in /snap /var/snap; do
        if grep -q " $mp $mp" /proc/self/mountinfo; then
            umount -l "$mp" || true
        fi
    done

    units=$(systemctl list-unit-files --full | grep '^snap[-.]' | cut -f1 -d ' ' | grep -vF snap.mount.service || true)
    mounts=$(echo "$units" | grep '^snap[-.].*\.mount$' || true)
    services=$(echo "$units" | grep '^snap[-.].*\.service$' || true)
    slices=$(echo "$units" | grep '^snap[-.].*\.slice$' || true)

    # *.snap and *.comp mount points
    snap_mounts=""
    components_mounts=""

    for mount in $mounts; do
        if is_component_mount_unit "$mount"; then
            components_mounts="$components_mounts $mount"
        else
            snap_mounts="$snap_mounts $mount"
        fi
    done

    # component mounts must come first so that they are unmounted before we
    # unmount the snap mounts
    for unit in $services $components_mounts $snap_mounts $slices; do
        # ensure its really a snap mount unit or systemd unit
        if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then
            echo "Skipping non-snapd systemd unit $unit"
            continue
        fi

        echo "Stopping $unit"
        systemctl_stop "$unit"

        # if it is a mount unit, we can find the snap name in the mount
        # unit (we just ignore unit files)
        snap=$(grep 'Where=/snap/' "/etc/systemd/system/$unit"|cut -f3 -d/)
        rev=$(grep 'Where=/snap/' "/etc/systemd/system/$unit"|cut -f4 -d/)
        if [ -n "$snap" ] && ! is_component_mount_unit "$unit"; then
            echo "Removing snap $snap and revision $rev"
            # aliases
            if [ -d /snap/bin ]; then
                find /snap/bin -maxdepth 1 -lname "$snap" -delete
                find /snap/bin -maxdepth 1 -lname "$snap.*" -delete
            fi
            # generated binaries
            rm -f "/snap/bin/$snap"
            rm -f "/snap/bin/$snap".*
            # snap mount dir
            # we pass -d (clean up loopback devices) for trusty compatibility
            umount -d -l "/snap/$snap/$rev" 2> /dev/null || true
            rm -rf --one-file-system "/snap/$snap/$rev"
            rm -f "/snap/$snap/current"
            # snap data dir
            rm -rf --one-file-system "/var/snap/$snap/$rev"
            rm -rf --one-file-system "/var/snap/$snap/common"
            rm -f "/var/snap/$snap/current"
            # opportunistic remove (may fail if there are still revisions left
            for d in "/snap/$snap" "/var/snap/$snap"; do
                if [ -d "$d" ]; then
                    rmdir --ignore-fail-on-non-empty "$d" || true
                fi
            done
            # udev rules
            find /etc/udev/rules.d -name "*-snap.${snap}.rules" -execdir rm -f "{}" \;
            # dbus policy files
            if [ -d /etc/dbus-1/system.d ]; then
                find /etc/dbus-1/system.d -name "snap.${snap}.*.conf" -execdir rm -f "{}" \;
            fi
            # modules
            rm -f "/etc/modules-load.d/snap.${snap}.conf"
            rm -f "/etc/modprobe.d/snap.${snap}.conf"
            # timer and socket units
            find /etc/systemd/system -name "snap.${snap}.*.timer" -o -name "snap.${snap}.*.socket" | while read -r f; do
                systemctl_stop "$(basename "$f")"
                rm -f "$f"
            done
            # user services, sockets, and timers - we make no attempt to stop any of them.
            # TODO: ask snapd to ask each snapd.session-agent.service to stop snaps
            # user-session services and stop itself.
            find /etc/systemd/user -name "snap.${snap}.*.timer" -o -name "snap.${snap}.*.socket" -o -name "snap.${snap}.*.service" | while read -r f; do
                rm -f "$f"
            done
        fi

        echo "Removing $unit"
        rm -f "/etc/systemd/system/$unit"
        rm -f "/etc/systemd/system/multi-user.target.wants/$unit"
        rm -f "/etc/systemd/system/snapd.mounts.target.wants/$unit"
    done
    # Remove empty ".wants/" directory created by enabling mount units
    rmdir "/etc/systemd/system/snapd.mounts.target.wants" || true
    # Units may have been removed do a reload
    systemctl -q daemon-reload || true

    # snapd session-agent
    rm -f /etc/systemd/user/snapd.session-agent.socket
    rm -f /etc/systemd/user/snapd.session-agent.service
    rm -f /etc/systemd/user/sockets.target.wants/snapd.session-agent.socket

    # dbus activation configuration
    rm -f /etc/dbus-1/session.d/snapd.session-services.conf
    rm -f /etc/dbus-1/system.d/snapd.system-services.conf

    # generated readme files
    rm -f "/snap/README"

    echo "Discarding preserved snap namespaces"
    # opportunistic as those might not be actually mounted
    if [ -d /run/snapd/ns ]; then
        if [ "$(find /run/snapd/ns/ -name "*.mnt" | wc -l)" -gt 0 ]; then
            for mnt in /run/snapd/ns/*.mnt; do
                umount -l "$mnt" || true
                rm -f "$mnt"
            done
        fi
        find /run/snapd/ns/ \( -name '*.fstab' -o -name '*.user-fstab' -o -name '*.info' \) -delete
        umount -l /run/snapd/ns/ || true
    fi

    # inside containers we have a generator that creates a bind mount to /snap
    if [ -e /run/systemd/container ]; then
        echo "Unmount /snap inside a container"
        umount /snap || true
    fi

    echo "Final directory cleanup"
    for d in "/snap/bin" "/snap" "/var/snap"; do
        # Force remove due to directories for old revisions could still exist
        rm -rf --one-file-system "$d" || true
        if [ -d "$d" ]; then
            echo "Cannot remove directory $d"
        fi
    done

    echo "Removing extra snap-confine apparmor rules"
    rm -f /etc/apparmor.d/snap.core.*.usr.lib.snapd.snap-confine

    echo "Removing snapd cache"
    rm -rf /var/cache/snapd/*

    echo "Removing snapd state"
    rm -rf /var/lib/snapd
fi

# Automatically added by dh_installdeb/13.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/sudoers.d/99-snapd.conf 2.50~ -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/13.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/ld.so.conf.d/snappy.conf 2.0.7~ -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/13.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/grub.d/09_snappy 1.7.3ubuntu1 -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/13.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/apparmor.d/usr.lib.snapd.snap-confine 2.23.6~ -- "$@"
# End automatically added section
# Automatically added by dh_systemd_start/13.6ubuntu1
if [ "$1" = remove ] && [ -d /run/systemd/system ] ; then
	systemctl --system daemon-reload >/dev/null || true
fi
# End automatically added section
# Automatically added by dh_systemd_start/13.6ubuntu1
if [ "$1" = remove ] && [ -d /run/systemd/system ] ; then
	systemctl --system daemon-reload >/dev/null || true
fi
# End automatically added section
# Automatically added by dh_systemd_start/13.6ubuntu1
if [ "$1" = remove ] && [ -d /run/systemd/system ] ; then
	systemctl --system daemon-reload >/dev/null || true
fi
# End automatically added section
# Automatically added by dh_systemd_enable/13.6ubuntu1
if [ "$1" = "remove" ]; then
	if [ -x "/usr/bin/deb-systemd-helper" ]; then
		deb-systemd-helper mask 'snapd.apparmor.service' 'snapd.autoimport.service' 'snapd.core-fixup.service' 'snapd.recovery-chooser-trigger.service' 'snapd.seeded.service' 'snapd.service' 'snapd.snap-repair.timer' 'snapd.socket' 'snapd.system-shutdown.service' >/dev/null || true
	fi
fi

if [ "$1" = "purge" ]; then
	if [ -x "/usr/bin/deb-systemd-helper" ]; then
		deb-systemd-helper purge 'snapd.apparmor.service' 'snapd.autoimport.service' 'snapd.core-fixup.service' 'snapd.recovery-chooser-trigger.service' 'snapd.seeded.service' 'snapd.service' 'snapd.snap-repair.timer' 'snapd.socket' 'snapd.system-shutdown.service' >/dev/null || true
		deb-systemd-helper unmask 'snapd.apparmor.service' 'snapd.autoimport.service' 'snapd.core-fixup.service' 'snapd.recovery-chooser-trigger.service' 'snapd.seeded.service' 'snapd.service' 'snapd.snap-repair.timer' 'snapd.socket' 'snapd.system-shutdown.service' >/dev/null || true
	fi
fi
# End automatically added section
# Automatically added by dh_apparmor/3.0.4-2ubuntu2.4
if [ "$1" = "purge" ] && ! [ -e "/etc/apparmor.d/usr.lib.snapd.snap-confine.real" ] ; then
    rm -f "/etc/apparmor.d/disable/usr.lib.snapd.snap-confine.real" || true
    rm -f "/etc/apparmor.d/force-complain/usr.lib.snapd.snap-confine.real" || true
    rm -f "/etc/apparmor.d/local/usr.lib.snapd.snap-confine.real" || true
    rm -f /var/cache/apparmor/*/"usr.lib.snapd.snap-confine.real" || true
    rmdir /etc/apparmor.d/disable 2>/dev/null || true
    rmdir /etc/apparmor.d/local   2>/dev/null || true
    rmdir /etc/apparmor.d         2>/dev/null || true
fi
# End automatically added section

6 Likes

That's nice. Thank you for the clarification!

2 Likes