Gatekeeper in a Snap

December 11, 2020
By Lukas Reschke

As described in our earlier post: "SaaS ate the world.". And one of the reasons for that is the fact that it is easy.

You don't need to bother with long installation processes, backups, let alone deploy updates timely. In the cloud, someone else is doing all this for you.

How can we get to a state in which on-premise software can compete with this?

Appliances done right are rare.

Many software projects tend to offer appliances for download.

While this often allows for an easy installation, it doesn't solve the problem of updates. And that is what many appliances get wrong. They still require significant technical knowledge to be updated and maintained. (you get to update the operating system AND the software).

The sad reality is that many of these appliances get installed once and never updated. Not even for critical security vulnerabilities.

Meet Snaps

Snaps are containerized software packages. Compared to standard Linux packages (e.g., .deb), they are executed in a sandbox but have full control over the container.

Besides, Snaps are automatically kept updated and read-only by design. There's only a single folder that you need to update. And you don't have to take care of software updates at all.

Installing Snaps is also ridiculously easy. You have to run a single command. For example, to install Gatekeeper, all you have to do is run the following:

sudo snap install gatekeeper

And within less than a minute, you should have Gatekeeper installed and will automatically receive all security updates.

How does this all work?

In case you are interested how this all works, we have published our Snap package on GitHub. In a nutshell, what it currently does is:

If we ever decide to add additional dependencies, you don't have to worry about this. Snap will take care of all that for you.

See also

Why is there a need for Gatekeeper?

I wrote down some of the reasons for the creation of the Gatekeeper project. Gatekeeper aims to be an open-source Identity Access Management solution, done in a way that anyone can run it.

Read more