How does it stack up against traditional package management and others like AUR and Nix?
Best of the three major agnostic package formats. If it brings more focus to Linux development, I don’t see how it can be a bad thing. A bit more space needed but for most setups this is a non-issue
Yeah duplication of running libraries is also a RAM/CPU resource issue but for modern well resourced machines probably not noticable. It is an issue when scaling down to low powered / old devices though. Like, running a web browser which runs in it’s own sandbox with duplicate libraries running is going to have noticable performance differences compared to a non-sandboxed program running native libraries on a low RAM or low CPU system.
That’s not to say Flatpak isn’t a good solution; and all the agnostic package formats have the same issue compared to non-sandboxed apps. Plus the added security issues and stability on bleeding edge systems is good.
Plus, being able to sandbox user space applications, which previously had free reign, is nice.
Sandboxing isn’t 100% there yet, but it’s come along way.
I love them. They make the immutable distributions possible.
We need to stop with the idea of shared libraries, it’s nice on the paper but in practice you only save a bit of disk space and it’s a pain for developers to package for different distributions.
Distribution packages are great for core components of the system, or utilities everyone needs, but for end users applications something like flatpak makes more sense. This way it can be packaged by the upstream developer for all distributions, and sandboxing adds a layer of security. You wouldn’t install an app that have all permissions on mobile, why do it on desktop?
I love flatpak. It makes it easier for Linux to become mainstream.
People need to realize that before Flatpak, distributing a small-time Linux app was a nightmare. Appimages were your best option if you wanted to avoid distro specific builds, PPAs and AUR, etc. Ever since packaging 2009scape on Flathub I haven’t looked back. It auto updates. People can find it from software centers. It works on all distros. It connects straight to upstream’s CICD. It even forced us to adopt XDG compliance so we could sandbox it better.
Yes, Flatpak has downsides like the download size (on disk it doesn’t matter because it gets compressed and the runtimes are shared, same as literally any other package manager). But overall, I hugely welcome it over the options we had before. Much love to the Flatpak and Flathub devs!
Ever since packaging 2009scape on Flathub I haven’t looked back.
So YOU are the one to blame for my latest Runescape addiction relapse! I only learned of the project because I stumbled on it while browsing flathub
LOL
As a non-technical user: fucking love it.
As a semi-technical user: I also fucking love it. It gets out of the way so I can focus my time on my work and not OS maintenance.
I click install, app launches and I don’t need to deal with dependency hell for it. (I like them)
I personally think it is trash…
Just putting “personally” in front of an unfounded statement doesnt make it better
Why it is unfounded?? The sandbox is still a lie (flatseal is impractical security since it makes you become a security researcher overnight), apps are not properly filesystem-unveiled. But a new level of complexity.
Could you explain “filesystem-unveiled”?
Apps are not updated to support portals for “compatibility” or just lack of maintenance. Flatpak needs to follow their approach if they want to have many apps being supported.
Desktop Linux doesnt have the marketshare to dictate that all apps need to adopt portals. In the meantime, flathub.org has a rating system and verified checks, this is simply not well shown in KDE Discover and not sure about GNOME software.
Could you explain “filesystem-unveiled”?
Means its filesystem access is restricted.
For example, chromium on OpenBSD use the unveil(2) system call to restrict itself to /tmp and $HOME/Downloads .
Many popular flatpak applications have filesystem=host. This is equal to restrict all filesystem access and then unveil the whole filesystem.
Apps are not updated to support portals for “compatibility” or just lack of maintenance. Flatpak needs to follow their approach if they want to have many apps being supported.
Desktop Linux doesnt have the marketshare to dictate that all apps need to adopt portals. In the meantime, flathub.org has a rating system and verified checks, this is simply not well shown in KDE Discover and not sure about GNOME software.
If they can’t even enforce portals, flatpak is a new level of complexity.
So I said it is trash.
Good that Chromium does that, but this means if it doesnt use portals many things will be broken.
The host access is not actually everything
These directories are blacklisted: /lib, /lib32, /lib64, /bin, /sbin, /usr, /boot, /root, /tmp, /etc, /app, /run, /proc, /sys, /dev, /var
Exceptions from the blacklist: /run/media These directories are mounted under /var/run/host: /etc, /usr
Portals need a change in the app code that is not huge but differs from other packaging formats on any distro and OS. So it sucks that its so slow but that has a reason.
The host access is not actually everything
Not as restrictive as chromium’s unveil.
For home it even restrict to the downloads folder, not accessing the whole home directory.
Yes that only works for browsers and would completely break image viewers, document editors etc
Flatpaks are great. I install my core os and gui with the base package management. All my user side packages are Flatpaks. I then use Flatseal to lock down and modify Flatpaks as needed. What’s great is running programs like wine without installing a ton of dependencies and then locking the install from parts of my computer I don’t want it to have access to.
What package manager do you currently use?
Depends. Ha ha
RPMs at work, Debs for my RaspberryPi devices. PacMan (Arch) and Flatpaks for home.
How does it stack up against traditional package management and others like AUR and Nix?
I only used AUR for a few packages (<5 at a time). It’s to be avoided and only used if the other options are a massive pain (unless it’s an official package).
Then I left Arch and eventually landed on MX. During that time Nix with home-manager has slowly replaced flatpak, and I don’t even have it installed anymore. Nix is better in every way, except for ease of use.
Flatpak has great gui integration (for gui tools). You can click through everything, and the updates are unified. It usually works perfectly fine if you just need to install a few programs.
With nix, there’s a lot more setup, but there are many benefits. You end up with a list of packages, and that’s really useful because you can take a fresh install, install nix and home manager, and then run a single line to reinstall everything. You can rollback updates, pin specific versions, install packages from a repo (if it has a flake.nix with outputs), and also configure them. I’m using the unstable branch, and it’s giving me bleeding edge packages on Debian. And there’s no risk of outdated system libraries, like with flatpak, because it provides everything.
That all sounds great, thanks!
Do you have any tips for an “easy” start, where everything is already pre-configured?Nope, and that’s the worst part of nix. I’m actually planning on writing a short startup guide, but I need to solve a few more issues first.
But, this should help you out until then:
- installation commands (per user installations, no sudo needed for using nix or home-manager)
- ~/.config/nix/nix.conf ( you might need to add this before installing home-manager, i’m not 100% sure)
- ~/.config/home-manager/flake.nix
- ~/.config/home-manager/home.nix
The home.nix should be automatically generated, and that’s where you put all of your packages. I left a few as an example.
NixGL is needed to use openGL (
nixGL lutrisfor example). It works in most cases, but I couldn’t get alacritty or kitty to work. There are some ways to have packages automatically use it, but I still haven’t tried them out.Flake allows you to select the correct nix repo (stable/unstable), appropriate home-manager version, and add outside packages like nixgl. It’s technically not necessary, but I wouldn’t go without it. Here I’m using the unstable repository, check the relevant docs if you want to go with releases instead.
The equivalent of
apt update && apt upgradeisnix flake update && home-manager switch --impure. I like cd-ing into the nix dotfile directory (all of the files are in there and symlinked to ~/.config/ locations), but you can also use command line arguments to point to the flake.nix flake updateupdates the package definitions to what’s in the repohome-manager switchinstall them, and also updates any configs it’s managing. The --impure is only needed if you’re using nixgl (bad build commands depend on system time).nix-collect-garbageto force a clean up of unused packageshttps://search.nixos.org/packages makes searching for packages a lot easier
https://mynixos.com/search?q=home-manager+ same, but for finding options to configure packages through home-manager
Comment if you need help
update: removed nixGL from flake and home, installed it through nix-channel in order to not use
--impureduringhome-manager switch
I’ll always prefer the repositories, but Flatpak comes in handy for applications with weird dependencies where you need to compile everything needed on your own - or outdated 32 bits software.
