Master IoT software updates with validation sets on Ubuntu Core 22

This article is more than 2 years old.


Save your seat for an intro webinar

If you are packaging your IoT applications as snaps or containers, you are aware of the benefits of bundling an application with its dependencies. Publishing snaps across different operating system versions and even distributions is much easier than maintaining package dependencies. Automated IoT software updates make managing fleets of devices more efficient. While you can avoid the dependency hell between software packages, how could you ensure that the diverse applications on an IoT device work well together?

Ubuntu Core 22 introduces the feature of validation sets that makes IoT device management easier. A validation set is a secure policy (assertion) that is signed by your brand and distributed by your dedicated Snap Store. With validation sets you can specify which snaps are required, permitted or forbidden to be installed together on a device. Optionally, specific snap revisions can be set too.

Applying a validation set

An IoT gateway device, for example, will often run various applications that come from different teams or vendors. This software can be released and updated at different intervals.  Moreover, how applications interface with each other can change in ways that are unpredictable. Even loosely coupled applications need to be tested to observe how well they perform together.

With validation sets, you can describe verified combinations of software. It is your decision if you want such a policy to be optional and monitored when needed or enforced by snapd. When enforcing a validation set, snapd will ensure that:

  • Snaps required by a validation set are both present and, if specified, at the correct revision. Attempting to remove a required snap will result in an error and the process will be rejected.
  • Snaps are only refreshed to newer revisions if they continue to satisfy the applied validation sets.
  • Invalid snaps are not allowed to be installed. Attempting to install them will result in an error.

By enforcing validation sets you can ensure that your devices maintain testing and certification integrity over time and across software changes.

Fine control for your IoT software updates

With effective use of validation sets, you can orchestrate how IoT software updates are performed to your fleet of devices. Even if applications are released and updated at different times, changes to installed software will be kept consistent according to the validation set policy. Application updates in Ubuntu Core are automatic and distributed through the Snap Store. By default, the snapd daemon checks for updates multiple times per day. Each update check is called a refresh. Validation sets provide an elegant alternative to refresh control or using the Snapd REST API to control the conditions under which software updates are performed on a device. Just like updating snaps, rolling out policy updates to your devices can happen automatically through your dedicated Snap Store. This makes managing large scale deployments easier and verifiable.

Learn more

Be sure to read the validation sets and validation-set assertion documentation for more information on how to use this feature with your dedicated Snap Store. This new feature is still under active development. Questions and feedback are always appreciated in the Snapcraft.io forum. If you want to learn more about using snaps, the Snapcraft docs are also a good place to start.

Stay tuned

Watch the Ubuntu Core 22 webinar on June 28th, 2022 at 4:00PM CET.

Curious how your existing project or exciting new idea can benefit from the new features of Ubuntu Core 22, get in touch with us.


smart start

IoT as a service

Bring an IoT device to market fast. Focus on your apps, we handle the rest. Canonical offers hardware bring up, app integration, knowledge transfer and engineering support to get your first device to market. App store and security updates guaranteed.

Get your IoT device to market fast ›

smart start logo

IoT app store

Build a platform ecosystem for connected devices to unlock new avenues for revenue generation. Get a secure, hosted and managed multi-tenant app store for your IoT devices.

Build your IoT app ecosystem ›

Newsletter signup

Get the latest Ubuntu news and updates in your inbox.

By submitting this form, I confirm that I have read and agree to Canonical's Privacy Policy.

Related posts

Space pioneers: Lonestar gears up to create a data centre on the Moon

Why establish a data centre on the Moon? Find out in our blog.

EdgeIQ and Ubuntu Core; bringing security and scalability to device management 

Today, EdgeIQ and Canonical announced the release of the EdgeIQ Coda snap and official support of Ubuntu Core on the EdgeIQ Symphony platform. EdgeIQ Symphony...

What is IoT device management?

IoT device management refers to processes or practices used to deploy, monitor and maintain IoT devices. As organizations scale up their IoT efforts, a solid...