Python apps

Snapcraft can be used to package and distribute Python applications in a way that enables convenient installation by users.

The process of creating a snap for a Python application builds on standard Python packaging tools, making it possible to adapt or integrate an application’s existing packaging into the snap building process.

:information_source: For Python projects using pyproject.toml and PEP 517, use Snapcraft from its edge channel:
sudo snap refresh snapcraft --edge

Getting started

Snaps are defined in a single snapcraft.yaml file placed in a snap folder at the root of your project. This YAML file describes the application, its dependencies and how it should be built.

The following example shows an entire snapcraft.yaml file based on the snap of an existing project, liquidctl, a command line tool to control the power, cooling and LED status for a variety of USB-attached devices:

name: liquidctl
summary: a status and control utility to for power, cooling and LED components
description: |
     liquidctl is a command-line tool to monitor and control the fan speed,
     LED colour and pump volumes of specific power supplies, 
     motherboards, graphics cards and cooling solutions.
     The liquidctl snap unofficial and is not endorsed by the upsteam project.
version: test
base: core22
confinement: strict

parts:
  liquidctl:
    plugin: python
    source: .
    stage-packages:
       - python3-usb

apps:
  liquidctl:
    command: bin/liquidctl
    plugs:
      - raw-usb
      - hardware-observe

We’ll break this down in the following sections.

Metadata

The snapcraft.yaml file starts with a small amount of human-readable metadata, which is often already available in the project’s own packaging metadata or project README.md. This data is used in the presentation of the application in the Snap Store.

name: liquidctl
summary: a status and control utility to for power, cooling and LED components
description: |
     liquidctl is a command-line tool to monitor and control the fan speed,
     LED colour and pump volumes of specific power supplies, motherboards,
     graphics cards and cooling solutions.
     The liquidctl snap unofficial and is not endorsed by the upsteam project.
version: test

The name must be unique in the Snap Store. Valid snap names consist of lower-case alphanumeric characters and hyphens. They cannot be all numbers and they also cannot start or end with a hyphen.

The summary can not exceed 79 characters. More detail can be provided after description, where a chevron can be used to declare a multi-line description.

The version value is arbitrary. We’re calling this version test, but it could equally be a number. The output snap will include the version value in its filename. More advanced snaps set this value automatically with External metadata.

Base

The base keyword declares which base snap to use with the project. A base snap is a special kind of snap that provides a run-time environment alongside a minimal set of libraries that are common to most applications.

base: core22

This example uses core22, which is built from Ubuntu 22.04 LTS and is the currently recommended base for most snaps. See Base snaps for more details.

Security model

Snaps are containerised to ensure more predictable application behaviour and greater security. Unlike other container systems, the shape of this confinement can be changed through a set of interfaces. These are declarations that tell the system to give permission for specific tasks, such as accessing a webcam or binding to a network port.

The next section describes the level of confinement applied to the running application:

confinement: strict

Confinement determines the amount of access an application has to system resources, such as files, the network, peripherals and services. A value of strict is ideal because this isolates a snap, except for access permitted through its interfaces.

However, it is best to start creating a snap with a confinement level that provides warnings for confinement issues instead of strictly applying confinement. This is done by specifying the devmode (developer mode) confinement value. When a snap is in devmode, runtime confinement violations will be allowed but reported. These can be reviewed by running journalctl -xe.

Because devmode is only intended for development, snaps must be set to strict confinement before they can be published as “stable” in the Snap Store. Once an application is working well in devmode, you can review confinement violations, add appropriate interfaces, and switch to strict confinement.

Parts

Parts define what sources are needed to build the application. Parts can be anything: programs, libraries, or other needed assets, but for this example, we only need to use one part:

parts:
  liquidctl:
    plugin: python
    source: .
    stage-packages:
       - python3-usb

The plugin keyword is used to select a language or technology-specific plugin that knows how to perform the build steps for the project. In this example, the Python plugin is used to automate the build of this Python-based project.

The source keyword points to the source code of the Python project, which can be a local directory or remote Git repository. In this case, it refers to a local copy of the source code in a directory called liquidctl.

Apps

Apps are the commands you want to expose to users, and also the names of any background services the application provides. Each key under apps is the command name that should be made available on users’ systems.

The command specifies the path to the binary to be run. This is resolved relative to the root of the snap contents.

apps:
  liquidctl:
    command: bin/liquidctl
    plugs:
      - raw-usb
      - hardware-observe

If the command name matches the name of the snap specified in the top-level name keyword (see the Metadata section above), the binary file will be given the same name as the snap, as in this example.

If the names differ, the binary file name will be prefixed with the snap name to avoid naming conflicts between installed snaps. An example of this would be liquidctl.some-command.

The plugs section declares which interfaces an app needs to function, such as home to access local files, or network to access the network. In this case, liquidctl needs access to USB devices, which can be satisfied with the raw-usb interface for device input and output, and hardware-observe to enable the system to see which devices are connected.

Building the snap

First, clone the upstream project:

git clone https://github.com/liquidctl/liquidctl.git 

Inside this, create a snap directory and inside this create a snapcraft.yaml file that contains the above metadata.

The snap can now be built by running the snapcraft command in the project’s root directory (up one level from snap/snapcraft.yaml):

$ snapcraft
Executed: pull liquidctl
Executed: build liquidctl
Executed: stage liquidctl
Executed: prime liquidctl
Executed parts lifecycle
Generated snap metadata
Created snap package liquidctl_test_amd64.snap

The resulting snap can be installed locally. This requires the --dangerous flag because the snap is not signed by the Snap Store.

snap install liquidctl_test_amd64.snap --dangerous 

You can then try it out:

liquidctl -h

Removing the snap is simple too:

sudo snap remove liquidctl

You can also clean up the build environment, although this will slow down the next initial build:

snapcraft clean

By default, when you make a change to snapcraft.yaml, snapcraft only builds the parts that have changed. Cleaning a build, however, forces your snap to be rebuilt in a clean environment and will take longer.

Publishing your snap

To share your snaps you need to publish them in the Snap Store. First, create an account on the dashboard. Here you can customise how your snaps are presented, review your uploads and control publishing.

You’ll need to choose a unique “developer namespace” as part of the account creation process. This name will be visible by users and associated with your published snaps.

Make sure the snapcraft command is authenticated using the email address attached to your Snap Store account:

snapcraft login

Reserve a name for your snap

You can publish your own version of a snap, provided you do so under a name you have rights to. You can register a name on dashboard.snapcraft.io, or by running the following command:

snapcraft register mypythonsnap

Be sure to update the name: in your snapcraft.yaml to match this registered name, then run snapcraft again.

Upload your snap

Use snapcraft to push the snap to the Snap Store.

snapcraft upload --release=edge mypythonsnap_*.snap

If you’re happy with the result, you can commit the snapcraft.yaml to your GitHub repo and turn on automatic builds so any further commits automatically get released to edge, without requiring you to manually build locally.

Congratulations! You’ve just built and published your first Python snap. For a more in-depth overview of the snap building process, see Creating a snap.


Last updated 5 months ago.