How does it stack up against traditional package management and others like AUR and Nix?
I think Flatpaks are great for applications like Firefox, Steam, etc. where dependencies or delay in package distribution due to building multiple versions can be a problem.
However, there are many situations where Flatpak’s sandbox can be more detriment than helpful, if the application wasn’t developed with that in mind. It’s not a silver bullet for everything.
I got sick and tired of the AUR for the simple packages so I started using it for most things I would use the AUR for, and I’m very happy with it. I think some packages have issues with default permissions - I was wondering why 86Box would forget my hard drive images but then I realised the permissions on my home folder weren’t set properly - but that can be sorted anyway.
@tet @linux Fundamentally, I’m just not interested in containerizing applications on my host computer. If I needed to do that, I’d use docker, so Flatpaks and such feel redundant.
I also don’t like that distros like Ubuntu increasingly force snaps via apt, because it results in an unknown factor in case I ever need to troubleshoot.
AUR works for me best in cases when something isn’t in the package manager. it’s easier to make a custom aur package as opposed to a .deb
“I use Arch btw”
I use it but I hate how much space it uses and I hate when I update flatpaks I have no idea how much is going to download.
https://gitlab.com/TheEvilSkeleton/flatpak-dedup-checker
And it should only download the diffs, not everything.
I definitely prefer it over Snaps or appimages. Straight-forward to update, and Flatseal provides a nice GUI to control permissions (if needed). Themes may not work properly, but whatever, not a big deal for me.
The distro’s repo is always my go-to. If it’s not available there, then flatpak, and I’ll use appimage under duress. If that doesn’t work, I’ll figure out a different solution.
Yeah I’m not a huge fan of Appimages because I don’t like that to update it you usually have to go find and download the file again, instead of just getting it from a repository. They feel too Windows-y to me in that way.
My totally unscientific opinion (with a double-your-money-back guarantee!):
I’m not crazy about either Flatpak or Snap for that matter as there’s so much backend baggage for both as well as certain hurdles regarding privileges and access to the file system (somebody please correct me if I’m wrong or working with dated information.)
My other completely prejudiced, unfounded bias against Flatpak is that it appears to have been adopted by RedHat as “the one true way,” and what with IBM’s/RedHat’s behaviour anti-FOSS behaviour lately, plus I’ve almost always have been an
aptuser, I find it a pill hard to swallow.Me, say what you will about the security issues and its other flaws, but I like AppImage.
AppImages are actually more secure than flatpak. At least it has a way for devs to sign them and users to verify them.
Flatpaks follow the concept “losen the sandbox as much as needed to make apps work”. This sucks, in constrast to android, but its needed.
So you shouldnt need to edit anything via Flatseal/KDEs settings, if you want to make apps work.
Flatpak is default on OpenSuse too, even more as they use Flathub instead of the Fedora Flatpaks repo. RHEL is just trying to get some money and stop people from using their work, as they need to make money.
Honestly it should be normalized that people on FOSS do weird things to make money. Fedora is RHEL upstream, so RHEL is not stealing any code, just take what Fedora does and wait a bit until its stable.
Appimages are completely flawed and as an apt user you should not like to use them, at all. This post of min may give some infos, I will update it soon.
And speaking of completely flawed, your link doesn’t work.
Anyway, thanks for
beratinginforming me about AppImage but it’s the closest thing on Linux to app bundles which IM<HO is the sanest way to package applications.Thats a lemmy problem, copy the link and remove the lemmy part
Thats a lemmy problem
Hmmm…my link in the previous post works. More proof of why Linux has never really taken off with the non-spectrum general public. I guess just following format (
[words](https://your.lousy.link)) or – god forbid – you select a word, click the link button and paste just isn’t esoteric enough…?In any case, I see that you edited your post to
cover your tracksfix Lemmy’s error.The error is that I dont use https as every browser defaults to that, but lemmy links it internally. I fixed it. Stop annoying me, my comment was constructive and trying to help, so
whatever this isstop it.
Plus, being able to sandbox user space applications, which previously had free reign, is nice.
Sandboxing isn’t 100% there yet, but it’s come along way.
Yeah duplication of running libraries is also a RAM/CPU resource issue but for modern well resourced machines probably not noticable. It is an issue when scaling down to low powered / old devices though. Like, running a web browser which runs in it’s own sandbox with duplicate libraries running is going to have noticable performance differences compared to a non-sandboxed program running native libraries on a low RAM or low CPU system.
That’s not to say Flatpak isn’t a good solution; and all the agnostic package formats have the same issue compared to non-sandboxed apps. Plus the added security issues and stability on bleeding edge systems is good.
I personally think it is trash…
Just putting “personally” in front of an unfounded statement doesnt make it better
Why it is unfounded?? The sandbox is still a lie (flatseal is impractical security since it makes you become a security researcher overnight), apps are not properly filesystem-unveiled. But a new level of complexity.
Could you explain “filesystem-unveiled”?
Apps are not updated to support portals for “compatibility” or just lack of maintenance. Flatpak needs to follow their approach if they want to have many apps being supported.
Desktop Linux doesnt have the marketshare to dictate that all apps need to adopt portals. In the meantime, flathub.org has a rating system and verified checks, this is simply not well shown in KDE Discover and not sure about GNOME software.
Could you explain “filesystem-unveiled”?
Means its filesystem access is restricted.
For example, chromium on OpenBSD use the unveil(2) system call to restrict itself to /tmp and $HOME/Downloads .
Many popular flatpak applications have filesystem=host. This is equal to restrict all filesystem access and then unveil the whole filesystem.
Apps are not updated to support portals for “compatibility” or just lack of maintenance. Flatpak needs to follow their approach if they want to have many apps being supported.
Desktop Linux doesnt have the marketshare to dictate that all apps need to adopt portals. In the meantime, flathub.org has a rating system and verified checks, this is simply not well shown in KDE Discover and not sure about GNOME software.
If they can’t even enforce portals, flatpak is a new level of complexity.
So I said it is trash.
Good that Chromium does that, but this means if it doesnt use portals many things will be broken.
The host access is not actually everything
These directories are blacklisted: /lib, /lib32, /lib64, /bin, /sbin, /usr, /boot, /root, /tmp, /etc, /app, /run, /proc, /sys, /dev, /var
Exceptions from the blacklist: /run/media These directories are mounted under /var/run/host: /etc, /usr
Portals need a change in the app code that is not huge but differs from other packaging formats on any distro and OS. So it sucks that its so slow but that has a reason.
The host access is not actually everything
Not as restrictive as chromium’s unveil.
For home it even restrict to the downloads folder, not accessing the whole home directory.
Yes that only works for browsers and would completely break image viewers, document editors etc
Are you trying to start a war? Hopefully no one mentions wayland vs xorg else it might go nuclear
@squid_slime let me install this flatpak of kde wayland on my oracle unbreakable kernel running under redhat enterprise
That’s like two keystrokes in emacs.
The two whines are not mutually exclusive. ¯\_(ツ)_/¯
@kingmongoose7877 until someone tells me another way to run 2 python apps one which requires python 2 and one which requires python 3, on the same system, which is EASIER than installing a flatpak, im gonna maintain that they have a use case, even if they aren’t idealized package management as we dreamed of
Uh. Python is like the worst example for this, conda/mamba?
I think pyenv would be the appropriate tool for doing a native install. And of course when it comes to CLI, Flatpak isn’t really for that.
@pingveno i think that two things get conflated. 1. flatpaks and appimages, snaps, have some niche uses for obsolete software and maybe some other edge cases 2. because the two major standards are backed by dumbass corporate entities, they have been promoted as the universal solution to everything that will revolutionize linux 3. the real thing everyone hates, is these stupid companies trying to get rid of a beautiful package management architechture so they can enshittify linux like windows
I think their uses extend beyond obsolete software. In particular, trying to get updates out to a wide variety of Linux distros has generally meant a tradeoff between “move fast, break things” and “move slow, never change”. Flatpak gives you a stable set of libraries to work with and the ability to run multiple versions of those libraries at once. Linux package managers have a place, but their sheer proliferation means that for most applications to reach all desktop Linux users, they have to go through something like Flatpak for distribution.
Easy, tiger. I think you misinterpreted my original reply.
I meant the whining about the two (systemd and flatpak) isn’t strictly OR but may be AND. Have a nice day.
Cheese with your whines?
You should use WINE only through Flatpak btw
🤦♂️
Speaking of which, didja hear that for the upcoming Easter holiday, Amazon is offering a special gift basket of northern Israeli cheeses.
They’re calling it Cheeses of Nazareth.
You have received the Dad Joke Gold Star
While I don’t think flatpak shouldn’t replace traditional packages, I still like it.
Flatpak apps just work most of the time, they work without issues and are often very up to date. The sandboxing does have benefits because no apps interfere with it, the problem is that it doesn’t work super well with other apps, sometimes the theming is off, and it doesn’t work well with other apps, installing apps takes much longer, and it isn’t as easily started from the command line.
Edit: typo
In my opinion, with a debian style distro as the example, apt-get should be used for syatemwide stuff. Individual users can go for flatpak.
I use it as the primary way of installing apps on my Steam Deck, as well as my Ubuntu PC (I also use Snap over there). The apps installed via Flatpak just work, so I have nothing to complain about.
On the one hand I like the basic idea, on the other hand I think that some fundamental problems aren’t fully solved yet. There big use case are passkeys and direct password manager integration – neither mesh well with the idea of software that isn’t allowed to talk to most of the system.
I’m certain that this will be resolved at some point but for now I don’t think Flatpak and its brethren are quite there yet.
passkeys
Dont know, may already work? Keyword adaption
direct password manager integration
Not sure what that means, but probably native messaging, a biig missing portal.
Flatpak has an Inter-process-communication permission, so software could absolutely be opt-in allowed to talk, while keeping security for the rest. Apps cant see each others
~/.var/app/org.app.name/storage though, never.
