How does it stack up against traditional package management and others like AUR and Nix?
Best of the three major agnostic package formats. If it brings more focus to Linux development, I don’t see how it can be a bad thing. A bit more space needed but for most setups this is a non-issue
Plus, being able to sandbox user space applications, which previously had free reign, is nice.
Sandboxing isn’t 100% there yet, but it’s come along way.
Yeah duplication of running libraries is also a RAM/CPU resource issue but for modern well resourced machines probably not noticable. It is an issue when scaling down to low powered / old devices though. Like, running a web browser which runs in it’s own sandbox with duplicate libraries running is going to have noticable performance differences compared to a non-sandboxed program running native libraries on a low RAM or low CPU system.
That’s not to say Flatpak isn’t a good solution; and all the agnostic package formats have the same issue compared to non-sandboxed apps. Plus the added security issues and stability on bleeding edge systems is good.
I love them. They make the immutable distributions possible.
We need to stop with the idea of shared libraries, it’s nice on the paper but in practice you only save a bit of disk space and it’s a pain for developers to package for different distributions.
Distribution packages are great for core components of the system, or utilities everyone needs, but for end users applications something like flatpak makes more sense. This way it can be packaged by the upstream developer for all distributions, and sandboxing adds a layer of security. You wouldn’t install an app that have all permissions on mobile, why do it on desktop?
I love flatpak. It makes it easier for Linux to become mainstream.
People need to realize that before Flatpak, distributing a small-time Linux app was a nightmare. Appimages were your best option if you wanted to avoid distro specific builds, PPAs and AUR, etc. Ever since packaging 2009scape on Flathub I haven’t looked back. It auto updates. People can find it from software centers. It works on all distros. It connects straight to upstream’s CICD. It even forced us to adopt XDG compliance so we could sandbox it better.
Yes, Flatpak has downsides like the download size (on disk it doesn’t matter because it gets compressed and the runtimes are shared, same as literally any other package manager). But overall, I hugely welcome it over the options we had before. Much love to the Flatpak and Flathub devs!
Ever since packaging 2009scape on Flathub I haven’t looked back.
So YOU are the one to blame for my latest Runescape addiction relapse! I only learned of the project because I stumbled on it while browsing flathub
LOL
As a non-technical user: fucking love it.
As a semi-technical user: I also fucking love it. It gets out of the way so I can focus my time on my work and not OS maintenance.
I click install, app launches and I don’t need to deal with dependency hell for it. (I like them)
deleted by creator
I personally think it is trash…
Just putting “personally” in front of an unfounded statement doesnt make it better
Why it is unfounded?? The sandbox is still a lie (flatseal is impractical security since it makes you become a security researcher overnight), apps are not properly filesystem-unveiled. But a new level of complexity.
Could you explain “filesystem-unveiled”?
Apps are not updated to support portals for “compatibility” or just lack of maintenance. Flatpak needs to follow their approach if they want to have many apps being supported.
Desktop Linux doesnt have the marketshare to dictate that all apps need to adopt portals. In the meantime, flathub.org has a rating system and verified checks, this is simply not well shown in KDE Discover and not sure about GNOME software.
Could you explain “filesystem-unveiled”?
Means its filesystem access is restricted.
For example, chromium on OpenBSD use the unveil(2) system call to restrict itself to /tmp and $HOME/Downloads .
Many popular flatpak applications have filesystem=host. This is equal to restrict all filesystem access and then unveil the whole filesystem.
Apps are not updated to support portals for “compatibility” or just lack of maintenance. Flatpak needs to follow their approach if they want to have many apps being supported.
Desktop Linux doesnt have the marketshare to dictate that all apps need to adopt portals. In the meantime, flathub.org has a rating system and verified checks, this is simply not well shown in KDE Discover and not sure about GNOME software.
If they can’t even enforce portals, flatpak is a new level of complexity.
So I said it is trash.
Good that Chromium does that, but this means if it doesnt use portals many things will be broken.
The host access is not actually everything
These directories are blacklisted: /lib, /lib32, /lib64, /bin, /sbin, /usr, /boot, /root, /tmp, /etc, /app, /run, /proc, /sys, /dev, /var
Exceptions from the blacklist: /run/media These directories are mounted under /var/run/host: /etc, /usr
Portals need a change in the app code that is not huge but differs from other packaging formats on any distro and OS. So it sucks that its so slow but that has a reason.
The host access is not actually everything
Not as restrictive as chromium’s unveil.
For home it even restrict to the downloads folder, not accessing the whole home directory.
Yes that only works for browsers and would completely break image viewers, document editors etc
Flatpaks are great. I install my core os and gui with the base package management. All my user side packages are Flatpaks. I then use Flatseal to lock down and modify Flatpaks as needed. What’s great is running programs like wine without installing a ton of dependencies and then locking the install from parts of my computer I don’t want it to have access to.
What package manager do you currently use?
Depends. Ha ha
RPMs at work, Debs for my RaspberryPi devices. PacMan (Arch) and Flatpaks for home.
Get Job done but remember don’t use it for Browser and Text Editor. It will make you suffer.
I’m using it for my browser on Steam Deck and it’s fine. You just have to give it the right permissions.
Yea, I know but still some time it doesn’t interact with system.
Sure, if you don’t give it filesystem permissions it won’t be able to download files and save them to disk.
Wow Cool
Edit: NVM and Sorry bro, I was feeling kinda annoyed that’s why I comment this but actually my problem was GNOME extensions integration.
They are awesome but personally I don’t use them. I have an obsession with memory management. Flatpak apps don’t share libraries so they get chunky at times. This shouldn’t be a problem for most people. It’s a personal problem.
Man this Missinformationen is hard to squash. Yes Flatpaks absolutely share libraries. These are called runtimes and are shared between all the Flatpak apps that use the same version of it. You will only get more than one version of a given runtime if some apps need this other version. For most runtimes that I know of, most only have 2 currently maintained versions, so I almost never get more than that on my system (and when I do, app devs tend to update their apps shortly after so that they’re using a maintained runtime). For example on my system where I mostly use GTK apps, I only have two versions of the Gnome runtime (44 and 45). And even when you have more than one version of a runtime, they get deduplicated, so even runtimes share parts between them.
If you’re interested here is an article about it.
I’ll always prefer the repositories, but Flatpak comes in handy for applications with weird dependencies where you need to compile everything needed on your own - or outdated 32 bits software.
