How does it stack up against traditional package management and others like AUR and Nix?
It’s the easiest solution to packaging software for Linux that doesn’t mean it’s good, In fact fhe way no dependencies are shared absolutely wrecks my hard drive and makes everything super long (downloading, updating, etc…).
Where it shines is security but to be honest do you really need an open source app to be in it’s own secure sandbox?
I vastly prefer nix and I wish packaging stuff for it was easier.
As other have pointed out, saying that “no dependencies are shared” is a very missinformed take, given that sharing dependencies as runtimes is an integral part of Flatpak’s structure. But what makes it even funnier and more obvious that you don’t know what your talking about, is that you than cite Nix as something you “vastly prefer” when Nix actually deals with dependencies in a very similar way to Flatpak. From the official site:
You can have multiple versions or variants of a package installed at the same time. This is especially important when different applications have dependencies on different versions of the same package — it prevents the “DLL hell”.
In both Flatpak and Nix, apps will only download a different version of a dependency when they need it. This ensure that, instead of breaking, the app will work the same on any system (be it an old stable Debian or a bleeding edge Arch system), without requiring devs to create monkey patches that they have to maintain as things evolve. It has the potential to immensely reduce the burden on app devs and maintainers, and make it a lot easier to make apps for Linux.
It does share dependencies, but in a different way than a regular package manager. You share runtimes and base apps: https://docs.flatpak.org/en/latest/dependencies.html
It still takes forever to update compared to more traditional package managers
I never notice any update times, as the default in Fedora is to auto-update (I think?). Everything is just always up to date.
Edit: coming from ten years of Arch, this has significantly reduced my time fixing things related to an update 😆
Yeah I disabled those because my Internet is shit. I’m also on fedora and when I update, the 3 flatpak apps that I have installed take as long as my entire system to update. But I get it doesn’t make much of a difference if it just happens in the background
The problem with Flatpak is that for me I would only use it to sandbox propietary apps, and most of these are not officially supported, so there is almost always something broken, like screen sharing, etc.
deleted by creator
I have to agree. I tried some of the JetBrains IDEs from Flathub, and I switched back to the regular JetBrains Toolbox versions.
Have you tried granting additional permissions via Flatseal?
Its a solution to one of the typical Linux issues. Its a step toward overcaming the fragmentation of Linux package managers.
I don’t personally like it too much, I prefer the distro package stuff, but I understand the app developers cannot manage a plethora of different package formats.
Distro maintainters should, but its clearly more and more a massive task for different distros to keep up with the amount of apps out there.
Also, npm, pip and the various “packaging” ways existing add to the chaos.
I see distro package managers converge toward providing basic packages for the general system and some other solution like flatpack to provide additional stuff.
I think it would be wrong for flatpack/containers to replace package managers as well, it’s not their scope.
I see distro package managers converge toward providing basic packages for the general system and some other solution like flatpack to provide additional stuff.
IMHO doing this would be suicide for most distros.
There are only so many ways you can make a basic system and the distro scene is already saturated by various interpretations of “basic”.
A distro needs to offer more than the basic system and a huge part of that added value lies in its packages (and by extension package manager).
👍
They are awesome but personally I don’t use them. I have an obsession with memory management. Flatpak apps don’t share libraries so they get chunky at times. This shouldn’t be a problem for most people. It’s a personal problem.
Man this Missinformationen is hard to squash. Yes Flatpaks absolutely share libraries. These are called runtimes and are shared between all the Flatpak apps that use the same version of it. You will only get more than one version of a given runtime if some apps need this other version. For most runtimes that I know of, most only have 2 currently maintained versions, so I almost never get more than that on my system (and when I do, app devs tend to update their apps shortly after so that they’re using a maintained runtime). For example on my system where I mostly use GTK apps, I only have two versions of the Gnome runtime (44 and 45). And even when you have more than one version of a runtime, they get deduplicated, so even runtimes share parts between them.
If you’re interested here is an article about it.
I love them. They make the immutable distributions possible.
We need to stop with the idea of shared libraries, it’s nice on the paper but in practice you only save a bit of disk space and it’s a pain for developers to package for different distributions.
Distribution packages are great for core components of the system, or utilities everyone needs, but for end users applications something like flatpak makes more sense. This way it can be packaged by the upstream developer for all distributions, and sandboxing adds a layer of security. You wouldn’t install an app that have all permissions on mobile, why do it on desktop?
As a generalist I have to learn many concepts and dont have time to delve into any one that deep. Flatpak works and isnt proprietary like snap so I enjoy that. My recent debian+kde installation works well with if. Open discover and install flatpaks as much as you wish.
isnt proprietary like snap
Exactly, proprietary.
The Snap Store is run and controlled by Canonical and is not open source. The rest of Snap is open source, meaning the daemon and core software. [emphasis mine] How threatening this is depends on you POV and has been the subject of much discussion.
Exactly, proprietary.
if the only way to use the open source client, is with a closed source server, is it really open source at all? The platform is the server.
This isn’t threatening in a way that Canonical would hack my computer with it. It’s threatening the Linux ecosystem. They created a distro agnostic package manager which is solely controlled by them. In other words they want everyone to use Snap and then vendor lock in everyone into it. “embrace, extend, extinguish”
I honestly wouldn’t care if snap was both Canonical proprietary and Ubuntu proprietary but this M$ like strategy sucks.
As a guix/nix user
Please, no more copies of the same dependencies 10 times over. My hard drive is tired.
It is awesome
Ambivalent. I like the consistency between distros and the idea of sandboxing, in practice sandboxing is a pain in the ass and Flatpaks use up an inordinate amount of space for different library versions. However, if I have to use a proprietary application I do appreciate the sandboxing and Flatpak is my preferred install method.
I use it as the primary way of installing apps on my Steam Deck, as well as my Ubuntu PC (I also use Snap over there). The apps installed via Flatpak just work, so I have nothing to complain about.
@tet @linux Fundamentally, I’m just not interested in containerizing applications on my host computer. If I needed to do that, I’d use docker, so Flatpaks and such feel redundant.
I also don’t like that distros like Ubuntu increasingly force snaps via apt, because it results in an unknown factor in case I ever need to troubleshoot.
AUR works for me best in cases when something isn’t in the package manager. it’s easier to make a custom aur package as opposed to a .deb
“I use Arch btw”
I personally think it is trash…
Just putting “personally” in front of an unfounded statement doesnt make it better
Why it is unfounded?? The sandbox is still a lie (flatseal is impractical security since it makes you become a security researcher overnight), apps are not properly filesystem-unveiled. But a new level of complexity.
Could you explain “filesystem-unveiled”?
Apps are not updated to support portals for “compatibility” or just lack of maintenance. Flatpak needs to follow their approach if they want to have many apps being supported.
Desktop Linux doesnt have the marketshare to dictate that all apps need to adopt portals. In the meantime, flathub.org has a rating system and verified checks, this is simply not well shown in KDE Discover and not sure about GNOME software.
Could you explain “filesystem-unveiled”?
Means its filesystem access is restricted.
For example, chromium on OpenBSD use the unveil(2) system call to restrict itself to /tmp and $HOME/Downloads .
Many popular flatpak applications have filesystem=host. This is equal to restrict all filesystem access and then unveil the whole filesystem.
Apps are not updated to support portals for “compatibility” or just lack of maintenance. Flatpak needs to follow their approach if they want to have many apps being supported.
Desktop Linux doesnt have the marketshare to dictate that all apps need to adopt portals. In the meantime, flathub.org has a rating system and verified checks, this is simply not well shown in KDE Discover and not sure about GNOME software.
If they can’t even enforce portals, flatpak is a new level of complexity.
So I said it is trash.
Good that Chromium does that, but this means if it doesnt use portals many things will be broken.
The host access is not actually everything
These directories are blacklisted: /lib, /lib32, /lib64, /bin, /sbin, /usr, /boot, /root, /tmp, /etc, /app, /run, /proc, /sys, /dev, /var
Exceptions from the blacklist: /run/media These directories are mounted under /var/run/host: /etc, /usr
Portals need a change in the app code that is not huge but differs from other packaging formats on any distro and OS. So it sucks that its so slow but that has a reason.
The host access is not actually everything
Not as restrictive as chromium’s unveil.
For home it even restrict to the downloads folder, not accessing the whole home directory.
Don’t like it, I try to avoid it wherever I can.
