Linux Matters macOS Made Me Snap!
6 snips
Sep 30, 2025 The hosts dive into scanning Snap packages for vulnerabilities and discuss the technical differences between Snaps and OCI containers. Martin shares his personal journey of switching from MacOS to Linux, highlighting productivity challenges along the way. They explore self-hosting photos with Image and Nextcloud, focusing on advanced features like ML-based face recognition. Mark reveals how Image enhances photo organization while keeping data private. The conversation also touches on the quirks of Snap permissions and the importance of local data management.
AI Snips
Chapters
Transcript
Episode notes
Snaps Differ From OCI Containers
- Snaps are compressed SquashFS bundles, not OCI containers, so container scanners can't handle them directly.
- Extending SIFT to pull snaps and introspect their contents enables SBOM generation for vulnerability scanning.
Use Snap Metadata To Build SBOMs
- Read the metadata YAML inside a snap rather than just unsquashing to a directory for accurate package identification.
- Convert that metadata into an SBOM so vulnerability scanners can report precise CVE matches.
Compression Variety Adds Complexity
- Compression formats inside snaps vary (LZO, Zstd, gzip) which complicates unpacking.
- Implementing compatible decompression was necessary to inspect snap contents reliably.
