Basically title.
I’m wondering if a package manager like flatpak comes with any drawback or negatives. Since it just works on basically any distro. Why isn’t this just the default? It seems very convenient.
For me, the question is why I should add an extra layer of complexity. If the things I use already work well using apt, and if most things are bundled in the default distro install, then my life is already good.
This all depends on your software needs, if course. Some people are using a lot of new stuff, so the above setup leads to annoying situations.
Flatpak is a distro on its own, but with original dev support. Its like a Linux Distro replacing others.
So it adds complexity but with the potential to remove it from the OS. For example Libreoffice, Browsers, Thunderbird etc are huge and its a good approach to use official versions here.
Then what’s the point in having different distros lol we don’t have duplication for the sake of duplication there are reasons why there are different distros, philosophies and packaging method. I see this mistake from many usually newer Linux users, there are different distros because there is a point in packaging the OS differently.
Flatpak for example completely abandons makig apps use patched system libraries. Or having different packages for different init systems. Or , god forbid, supporting BSDs
Some developers don’t want to deal with building an app for multiple versions. Sure some DEBs can work without needing to deal with that, but some don’t.
some devs don’t want to debug last arch/ubuntu broken setup.
For me it’s lacking in user friendliness. Go easy on the downvotes if I’m doing it the hard way.
- Flatpaks aren’t really single-executables. You have to use to the
flatpakcommand to run them. - I can’t just say
flatpak run firefox, I have to use the full app-id which could be quite long.
Yes, I could make this simpler with scripts or aliases but how hard would it have been for Flatpak to automatically do this for me?
I’m using KDE and when I download a flatpak it automatically creates a .desktop file. I think gnome does this too if I’m not mistaken. I do have to restart or relogin for it to put the file there but that’s not that bad IMO.
I’m on Endeavour xfce and the .desktop files are just there immediately. I never even knew this wasn’t the case on other systems
I agree, tho trivially solvable with aliases and Desktop app definitions, but still an extra step.
- Flatpaks aren’t really single-executables. You have to use to the
Take a look at this site that goes into the details of the shortcomings of Flatpak, its from 2020 but I’m sure some of this is relevant still
That blogpost is considered to be somewhat flawed with its information, as explained here: https://tesk.page/2021/02/11/response-to-flatkill-org/
Thank you! Very interesting read!
I don’t think anyone dislike this comment is really correct: When they said you can use flatseal, they are making user become security expert overnight.
Too much for anyone claim themselves “practical” “security”
As everything in life, yes, there is downside. Major downside is that it can occupy more space in your hd or ssd.
However I think the downsides are not that bad to justify all the hatred some guys have.
Flatpak positive sides are way more relevant then the downsides
The biggest downside is that it’s only for distributing applications with a graphical user interface. Command line utilities still need another method of distribution.
That’s a good point!
I keep seeing this criticism, but flatpak provides a run command on its cli that works just fine. It is a little clunky though.
Clunky as in
flatpak run io.neovim.nviminstead of justnvimYep. But,
sudo tee /usr/local/bin/nvim <<EOF #!/bin/sh flatpak run io.neovim.nvim "$@" EOF chmod +x /usr/local/bin/nvim(I haven’t tested this, that I use similar code for a different program)
It sure would be nice if flatpak bundled some functionality to do this for you, though.
@oldfart@lemm.ee
Can’t you alias that?
I don’t need to do it with native-installed programs. And they are properly integrated with the OS, if you install them:
- You get a menu entry in gui
- You get a binary or a wrapper in /usr/bin
There’s still a few edge cases that Flatpak is not great for. The Flatpak version of Kdenlive video editor can’t see Whisper, which it uses to generate subtitles. The Appimage and native builds work flawlessly.
I’m assuming these problems will be addressed eventually but it takes time.
IPC and the correct location may be able to fix that. Have you opened an issue?
I ran into an issue with flatpak version of Kdenlive that it would render only the topmost V track if it was a simple still image.
Preview worked fine.
Luckily, someone in Kdenlive’s Matrix suggested that I use an appimage. I used my distro’s version and the final render was fine.Other than that I had positive experience with flatpaks in general.
I use flatpak for all GUI apps I use.
Startup time and disk space.
It’s HUGE. That’s the biggest downside for me. I’m always use a deb/native package first because they are way smaller.
Of course they are. they share dependencies with other software. flatpaks bundle all dependencies,which is great for sandboxing,even though some sort of break the rule and share some,they are still sandboxed.
Unless you “firejail” or “bubblewrap” your software, security is much better OOB for flatpaks.
That’s a myth. Security of flatpaks depends entirely on the given permissions, and since most flatpaks just set their own permissions on installation, or require filesystem access to work, there is no meaningful difference in security OOB.
Flatpak apps cannot set their own permissions “on installation”. If flatpak tells you some weather app uses only the network permission then that is all the app is going to get.
For an app to be able to change its own permissions, it first needs permission to the flatpak overrides directory. Any app that does this gets an “Unsafe” designation in gnome-software.
Also about most apps requiring filesystem access to work: I have 41 flatpak apps on my system (Silverblue so everything is flatpak). Only 6 have access to my home or Documents directory. (11 apps requested full filesystem or homedir permission, but 5 of these work perfectly fine after I turned off their permissions in Flatseal).
Notably, “large attack surface” apps like Thunderbird or Firefox don’t have access to my Documents. File uploads and email attachments go through the file picker portals.
Those dependencies adenoid and no kept Upton date, unlike deb/rpm installed stuff. Best sandbox to not compromise your system. Also hope that sandboxing is done right…
No proper estimate of download size.
To say nothing of a signed manifest of contents. It’s like 1995-era package management was lost on the kids who built this dreck.
No downside, only flatpak
The upside over Snaps is that they’re not so controlled by a central source
I’d say they still share a couple downsides: a) use a lot of them and stuff is gonna get bloaty vs native packages
b) updating a library etc for security on your system can still leave you with vulnerable apps where the packages aren’t updated
Generally using only a few flatpaks is where it’s generally “bloaty”. Adding more actually balances out the equation ans you have more apps using generally shared runtimes.
Snaps are very much controlled by a central source. With flatpak you can add custom repos
Yeah that was what I said.
Yes, security
How? Security is one of its selling points.
It sells security through isolation, but packages are not cryptographically verified after download. This is done in package managers like apt, but not flatpak
libxyz has security vulnerability:
Your distro updates libxyz. Fixed and every piece of software gets the fix for free.
Every single flatpak that uses libxyz has to update to include the fix. Let’s hope all those package maintainers are on the their game.
That’s not how Flatpak works.
Flatpak has runtimes, which is where most shared libraries are. There’s a common base one called Freedesktop, a GNOME runtime, a KDE runtime , an Elementary runtime, and more. (The GNOME and KDE ones are built on top and inherit from the Freedesktop base runtime.)
https://docs.flatpak.org/en/latest/available-runtimes.html
Additionally, at least for Flathub, they have shared modules for commonly used libraries that aren’t in runtimes. (Many are related to games or legacy support like GTK2.)
https://github.com/flathub/shared-modules
Lastly, some distributions are building their own runtimes and apps on top, so the packages they build are available as flatpaks as well. This is the case for Fedora, Elementary, Endless, and others.
That’s not how Flatpak works.
That’s exactly how flatpaks work if the library you need is not in the runtime. Which is very often the case.
I know because I made one for my personal use and the package was not available elsewhere.
Additionally, at least for Flathub, they have shared modules for commonly used libraries that aren’t in runtimes. (Many are related to games or legacy support like GTK2.)
So we’re just reinventing the wheel with more bloat? Brilliant.
Yeah, that’s a big, weird if though. Most modern apps can rely on the runtimes for their dependencies and not have to ship their own custom dependencies.
It’s different from something like AppImage, where everything is bundled (or Snap, where a lot more needs to be bundled than a typical Flatpak, but not as much as with an AppImage).
Additionally, there’s always some level of sandboxing in Flatpaks (and Snap packages) and none at all for RPMs, Debs, or AppImages.
Also, Flatpak dedupicates common files shared across flatpak apps and runtimes, so there isn’t “bloat” like what you’re talking about.
https://blogs.gnome.org/wjjt/2021/11/24/on-flatpak-disk-usage-and-deduplication/
IMO yes but it might not be an issue for you, flatpaks work like windows standalone executables where each app brings all their dependencies with them, the advantage is the insane stability that method provides, the downside is the huge size the app will ultimately take, flatpaks are compressed and they don’t really bring all their dependencies with them (because they can share runtimes) but the gist of it is a flatpak is usually much heavier than a system (.deb .rpm .PKG) package.
If you are ok with tweaking I recommend nix pkgs as they work on any distro and take slightly more space than regular packages. I have a terrible connection and low disk space, flatpaks aren’t something I can use on the long run.
Oh and if you’re wondering flatpak >>>> snap > appimages (IMO)
I think using AppImage like Flatpak is silly. It is perfect for keeping some programs on a USB drive for example, but not as a way of installed software.
flatpak >>>> snap > appimages
I didn’t know we were ranking the horsement of the apocalypse. Leave room for shitty supply-chain victims like cpan/composer/npm and other irresponsible shortcut tools that throw security out the window.
flatpaks work like windows standalone executables where each app brings all their dependencies
No thats appimage. Flatpaks run on shared libraries and even different runtimes containing the same packages share those using deduplication
https://gitlab.com/TheEvilSkeleton/flatpak-dedup-checker
A Flatpak is exactly as heavy as a system app, just that on the system you already have some libraries installed.
Initial download size is bigger, okay. And in general more downloads, I guess the deduplication happens on the disk.
Its like, shared runtimes but also not. Its a bad situation tbh.
It ruins single source of truth for said and their installed state. It hides installed state from standard enterprise tools.
That seems like a shortcoming in those tools, that I’d expect them to fix as Flatpaks are pretty commonplace.
- no OS level components
- duplicate libraries as some core apps (editor, filemanager, Desktop) cannot be flatpaks (yet?)
- old runtimes etc. dont force developers to keep them updated. Often thats because or 3rd party packagers though
- complicate packaging, XML sucks (are there good editors or something?), I heard that the Flatpak builder is better for certain languages.
- theming issues I heard (on Fedora Kinoite Wayland it just works, and I can also force themes per app)
- bad permissions by default (best we have though)
- bad run commands (this could easily be fixed, and I have a script for it)
For OS components / packaging every part, Snaps may work, but for GUI apps they seem subpar and nobody really cares.
Nix may be way better for installing just anything compartimentalized, but there is no permission system (thats why packaging is easier).
But Flatpaks are really great overall, Bubblewrap, KDE Settings / Flatseal, Portals, official app support. Its really really important.
complicate packaging, XML sucks (are there good editors or something?), I heard that the Flatpak builder is better for certain languages.
What has XML got to do with it? Flatpak manifests are either JSON (not great but OK) or YAML, which is great.
YAML, which is great.
Well, someone had to finally believe that.
YAML, which is great
countries: - fi - se - no - dk => { "countries": ["fi", "se", false, "dk"] }Weird? One I saw was XML or maybe JSON
Probably JSON. I haven’t been involved in Flatpak for a long time but I’ve never seen XML. JSON is quite close to XML in it’s layout sometimes I find so easily mistaken.
