What are your thoughts on Flatpak/Flathub?
Flathub aims to be the place to get and distribute apps for Linux. It is powered by Flatpak which allows Flathub apps to run on almost any Linux distribution.
How does it stack up against traditional package management and others like AUR and Nix?
Best of the three major agnostic package formats. If it brings more focus to Linux development, I don't see how it can be a bad thing. A bit more space needed but for most setups this is a non-issue
Plus, being able to sandbox user space applications, which previously had free reign, is nice.
Sandboxing isn’t 100% there yet, but it’s come along way.
Yeah duplication of running libraries is also a RAM/CPU resource issue but for modern well resourced machines probably not noticable. It is an issue when scaling down to low powered / old devices though. Like, running a web browser which runs in it's own sandbox with duplicate libraries running is going to have noticable performance differences compared to a non-sandboxed program running native libraries on a low RAM or low CPU system.
That's not to say Flatpak isn't a good solution; and all the agnostic package formats have the same issue compared to non-sandboxed apps. Plus the added security issues and stability on bleeding edge systems is good.
I love flatpak. It makes it easier for Linux to become mainstream.
As a non-technical user: fucking love it.
As a semi-technical user: I also fucking love it. It gets out of the way so I can focus my time on my work and not OS maintenance.
It's fantastic, for two reasons:
@tet its great because you can listen to people whine about it now instead of systemd
The two whines are not mutually exclusive. ¯(ツ)¯
@kingmongoose7877 until someone tells me another way to run 2 python apps one which requires python 2 and one which requires python 3, on the same system, which is EASIER than installing a flatpak, im gonna maintain that they have a use case, even if they aren't idealized package management as we dreamed of
Are you trying to start a war? Hopefully no one mentions wayland vs xorg else it might go nuclear
@squidslime let me install this flatpak of kde wayland on my oracle unbreakable kernel running under redhat enterprise
I really like the idea of a universal app format and flatpak seems the best for it. And flathub has been great as a repo.
The idea of separate system layer (with traditional packages) and user app layer with flatpaks seems like the way to go. Perhaps even immutable system layer.
I think it's a good way for people to release software for Linux without having to deal with specific distro stuff (which historically has pretty much been "just provide a .deb for Ubuntu and a .tar.gz for other people to figure out").
I'm hoping that it pushes for more people porting stuff to Linux because it's a single target that gives you access to Steam Decks, Chromebooks and desktops.
I don't think it makes sense for things that aren't desktop applications such as servers or libraries, just because those tend to be open source, don't need to be that up to date and benefit from tighter system integration. I see it as something that sits on top of other package managers rather than replacing them.
For Flathub? Eh, if they turn out to be bad we can just all move to another server, we're not snap. :P I'm willing to bet that someone has already made a flatpak repo for Citra and Yuzu.
People need to realize that before Flatpak, distributing a small-time Linux app was a nightmare. Appimages were your best option if you wanted to avoid distro specific builds, PPAs and AUR, etc. Ever since packaging 2009scape on Flathub I haven't looked back. It auto updates. People can find it from software centers. It works on all distros. It connects straight to upstream's CICD. It even forced us to adopt XDG compliance so we could sandbox it better.
Yes, Flatpak has downsides like the download size (on disk it doesn't matter because it gets compressed and the runtimes are shared, same as literally any other package manager). But overall, I hugely welcome it over the options we had before. Much love to the Flatpak and Flathub devs!
Ever since packaging 2009scape on Flathub I haven’t looked back.
So YOU are the one to blame for my latest Runescape addiction relapse! I only learned of the project because I stumbled on it while browsing flathub
LOL
I personally prefer to use Flatpaks over traditional packages because of the added security, sandboxing, and overall convenience of not having to deal with dependency hell. It's especially nice being able to have proprietary applications sandboxed from the rest of my system without worrying that Steam is snooping on my 'super-important-tax-documents'.
Flatpaks are also very useful for having up-to-date packages on distros like Debian, and it's derivatives. People can still use their preferred distro without having to worry about not getting a certain update, feature, bug fix, etc, for their applications.
Being able to restrict what applications have access to is a game-changer for me. A lot of times Flatpaks, by default, have very lenient permissions, and with the use of Flatseal I can restrict it to my liking. Worried about Audacity's telemetry?? Turn network permissions off. Now, not all applications will work well (or at all) without internet connectivity, but for applications like Audacity, it works great!! Flatpaks can also be very useful for developers.
That's not to say that Flatpaks are without their fair share of issues. Are they bloated?? Yeah, and although it's not an issue for me, it may be for some people. Desktop integration is, meh. Themes, and fonts don't always integrate the best. (A while back there were issues with Flatpak's sandbox, but I won't touch on that because I need to refresh my mind on it, and it was actively being developed to fix those issues so it possibly isn't even an issue anymore.)
Overall I think Flatpaks are absolutely wonderful.
As a generalist I have to learn many concepts and dont have time to delve into any one that deep. Flatpak works and isnt proprietary like snap so I enjoy that. My recent debian+kde installation works well with if. Open discover and install flatpaks as much as you wish.
isnt proprietary like snap
I definitely prefer it over Snaps or appimages. Straight-forward to update, and Flatseal provides a nice GUI to control permissions (if needed). Themes may not work properly, but whatever, not a big deal for me.
The distro's repo is always my go-to. If it's not available there, then flatpak, and I'll use appimage under duress. If that doesn't work, I'll figure out a different solution.
Yeah I'm not a huge fan of Appimages because I don't like that to update it you usually have to go find and download the file again, instead of just getting it from a repository. They feel too Windows-y to me in that way.
Better than snaps and AppImages. Do I want every package on my system to be replaced by a Flatpak? No. Am I glad that I can ex. install Zotero as a Flatpak instead of having to build it myself? Yes.
I use them for some things and I think they are fine. Mostly apps that are kinda messy and I want to keep them and their atrocious dependency tree away from my base system. I also like to use them for proprietary apps or apps where I actually want to use the sandbox. Other than that I prefer native packages 99% of the time.
Flatpak is slower to update than pacman, the cli interface just doesn't feel good to use. There is the weird naming, no real way to get a dependency tree, can't hide those annoying eol messages even for apps that I specifically don't want to update. Another thing is that not every app was made to run in a sandbox or it is just more difficult to use sometimes. A lot of people tend to cite ide's, but in my case I was having issues with the steam flatpak. Running games with steam was fine, but anytime I wanted to hook up something third party eg: mods, cheat engine, etc. Doing so in the flatpak either required some tinkering around the sandbox or straight up didn't work.
I feel like that last sentence sums up the whole experience. If you just need to point and click and have it work. Flatpak does that amazingly. If you need any kind of integration with other things, expect problems.
Edit: just wanted to add that, the whole point and click and work is fine for 99% of people which is why I and many others choose to use it.
Yeah, I also had apps like Steam native break once or twice due to library updates (such as Mesa) - the downside to rolling distros. However, the Flatpak version continued to work so now I only use that. I don't use mods though.
I'm now gravitating towards treating my rolling distro a bit like an immutable; more Flatpaks, avoid user repositories.
Flatpak is fantastic for end-user GUI applications
Flathub is also great, but the fact that it's really the only repo that flatpak maintainers are using concerns me. I know I'm dreaming, but I would love to see some sort of federated or P2P hosting
While I don't think flatpak shouldn't replace traditional packages, I still like it.
Flatpak apps just work most of the time, they work without issues and are often very up to date. The sandboxing does have benefits because no apps interfere with it, the problem is that it doesn't work super well with other apps, sometimes the theming is off, and it doesn't work well with other apps, installing apps takes much longer, and it isn't as easily started from the command line.
Edit: typo
In my opinion, with a debian style distro as the example, apt-get should be used for syatemwide stuff. Individual users can go for flatpak.
Its a solution to one of the typical Linux issues. Its a step toward overcaming the fragmentation of Linux package managers.
I don't personally like it too much, I prefer the distro package stuff, but I understand the app developers cannot manage a plethora of different package formats.
Distro maintainters should, but its clearly more and more a massive task for different distros to keep up with the amount of apps out there.
Also, npm, pip and the various "packaging" ways existing add to the chaos.
I see distro package managers converge toward providing basic packages for the general system and some other solution like flatpack to provide additional stuff.
I think it would be wrong for flatpack/containers to replace package managers as well, it's not their scope.
I see distro package managers converge toward providing basic packages for the general system and some other solution like flatpack to provide additional stuff.
IMHO doing this would be suicide for most distros.
There are only so many ways you can make a basic system and the distro scene is already saturated by various interpretations of "basic".
A distro needs to offer more than the basic system and a huge part of that added value lies in its packages (and by extension package manager).
Some of the under-the-hood implementation of Flatpak irritates me, like why the hell are we installing software in /var? Using it with the terminal is a pain because of the org.something.SomeThing shit it does, and I think Flatpak gives you all the drawbacks of app sandboxing with none of the benefits. It likes to not see the whole file structure; for instance I found the Flatpak version of Steam to be unusable because it wouldn't see anywhere I wanted to put my games library. That needs to be fixed.
That said, I think it's the better of the three all-distro package managers, it's got a central repository and package manager unlike Appimage so it's a place to publish and get stuff, and it's not tied to Canonical so it's obviously better than Snap.
https://github.com/trytomakeyouprivate/flatalias
Try this script I wrote and help improve it!
if you want to change app permissions, use Flatseal and add the needed directory. This is very easy. If it is something all users generally need, open a bug on their repo.
It likes to not see the whole file structure; for instance I found the Flatpak version of Steam to be unusable because it wouldn't see anywhere I wanted to put my games library. That needs to be fixed.
That has been fixed with the introduction of Portals: https://docs.flatpak.org/en/latest/portal-api-reference.html
As a guix/nix user
Please, no more copies of the same dependencies 10 times over. My hard drive is tired.
Lol this ^
I love them. They make the immutable distributions possible.
We need to stop with the idea of shared libraries, it's nice on the paper but in practice you only save a bit of disk space and it's a pain for developers to package for different distributions.
Distribution packages are great for core components of the system, or utilities everyone needs, but for end users applications something like flatpak makes more sense. This way it can be packaged by the upstream developer for all distributions, and sandboxing adds a layer of security. You wouldn't install an app that have all permissions on mobile, why do it on desktop?
I use it as the primary way of installing apps on my Steam Deck, as well as my Ubuntu PC (I also use Snap over there). The apps installed via Flatpak just work, so I have nothing to complain about.
They have their uses. In particular they're useful for easily getting applications your system repositories don't have or getting more up to date version of applications. Downsides are certainly the space all the redundant dependencies take up and the sandboxing can be a PITA especially if you have an application that needs to run another application. Overall I think they're the best "third party" package system available but they're not great.
I prefer Flatpaks because it's a nice easy way of getting software without the chance of broken or missing dependencies for a program.
Much better than Snaps, snaps is flatpaks but MUCH worse and slower.
👍
very cool and awesome
I got sick and tired of the AUR for the simple packages so I started using it for most things I would use the AUR for, and I'm very happy with it. I think some packages have issues with default permissions - I was wondering why 86Box would forget my hard drive images but then I realised the permissions on my home folder weren't set properly - but that can be sorted anyway.
How does it stack up against traditional package management and others like AUR and Nix?
I only used AUR for a few packages (<5 at a time). It's to be avoided and only used if the other options are a massive pain (unless it's an official package).
Then I left Arch and eventually landed on MX. During that time Nix with home-manager has slowly replaced flatpak, and I don't even have it installed anymore. Nix is better in every way, except for ease of use.
Flatpak has great gui integration (for gui tools). You can click through everything, and the updates are unified. It usually works perfectly fine if you just need to install a few programs.
With nix, there's a lot more setup, but there are many benefits. You end up with a list of packages, and that's really useful because you can take a fresh install, install nix and home manager, and then run a single line to reinstall everything. You can rollback updates, pin specific versions, install packages from a repo (if it has a flake.nix with outputs), and also configure them. I'm using the unstable branch, and it's giving me bleeding edge packages on Debian. And there's no risk of outdated system libraries, like with flatpak, because it provides everything.
That all sounds great, thanks!
Do you have any tips for an "easy" start, where everything is already pre-configured?
Nope, and that's the worst part of nix. I'm actually planning on writing a short startup guide, but I need to solve a few more issues first.
But, this should help you out until then:
The home.nix should be automatically generated, and that's where you put all of your packages. I left a few as an example.
NixGL is needed to use openGL (nixGL lutris for example). It works in most cases, but I couldn't get alacritty or kitty to work. There are some ways to have packages automatically use it, but I still haven't tried them out.
Flake allows you to select the correct nix repo (stable/unstable), appropriate home-manager version, and add outside packages like nixgl. It's technically not necessary, but I wouldn't go without it. Here I'm using the unstable repository, check the relevant docs if you want to go with releases instead.
The equivalent of apt update && apt upgrade is nix flake update && home-manager switch --impure. I like cd-ing into the nix dotfile directory (all of the files are in there and symlinked to ~/.config/ locations), but you can also use command line arguments to point to the flake.
nix flake update updates the package definitions to what's in the repo
home-manager switch install them, and also updates any configs it's managing. The --impure is only needed if you're using nixgl (bad build commands depend on system time).
nix-collect-garbage to force a clean up of unused packages
https://search.nixos.org/packages makes searching for packages a lot easier
https://mynixos.com/search?q=home-manager+ same, but for finding options to configure packages through home-manager
Comment if you need help
update: removed nixGL from flake and home, installed it through nix-channel in order to not use --impure during home-manager switch
Great to me. My personal favorite piece is the portals system built to make permission access easier but transparent to the user. It also helps more pieces of the desktop space interoperate (for example use the system defined file picker instead of needing to ship your own).
My main problem with Flatpak is that it hands temporary /var/run/1000 file links to programs instead of real filenames. That would almost be bearable, if Flatpak also took responsibility for keeping those links from breaking sometime after your next reboot.
If I say "here is a path that an app is allowed to use", flatpak should just allow an open() in there to work. It should not lie about the name of files in there. An app should be able to open a file there, remember that name, and count on being able to access it again in the future.
Other than that, Flatpaks are the bees knees. I love finding something I want to do, finding a solution in the flatpak store, and click-click I'm already doing shit. Finding Windows software is absolute garbage next to this.
Thats basically persistent portals. Would be possible if Distro portals had a button to give the app permanent (static) permission to that dir.
Would indeed be useful and not hard to implement. In the portal window just add a button "permanent" which does
flatpak override --filesystem=$PWD org.app.name
Want to open a discussion or Feature request for your desktops portal?
Flatpak is very nice. Flathub is very nice. Flathub’s developer documentation is shit covered shit.
Banned at both my jobs; one for security and the other for breaking consistency.
That last point is often under-appreciated in its importance, especially when dealing with hundreds of servers.
good enough, still prefer the system package manager for most things though
I still prefer traditional packages, but I get why devs of complicated graphical apps with lots of dependencies hate them. As for Flatpak specifically, I'm not super impressed. It's just going to get more annoying over time having more old versions of all their libraries and more and more apps that aren't updating to the latest version so they eat up a ton of drive space and give constant notices to harass the devs, but out of all the major distro agnostic options they suck the least and they're getting better the fastest, which is why I think they've pretty much won at this point. I'm not currently using them, but it's pretty much inevitable that I'll have to at some point, and overall that's probably more good than bad. I think AppImages could have been better if the lead dev wasn't a walking, talking collection of weird hills to die on, but I'm afraid that ship has already sailed.
I mean if the apps are not maintained, they wouldnt work well as distro packages too, would they?
Don't like it, I try to avoid it wherever I can.
@tet @linux Fundamentally, I'm just not interested in containerizing applications on my host computer. If I needed to do that, I'd use docker, so Flatpaks and such feel redundant.
I also don't like that distros like Ubuntu increasingly force snaps via apt, because it results in an unknown factor in case I ever need to troubleshoot.
AUR works for me best in cases when something isn't in the package manager. it's easier to make a custom aur package as opposed to a .deb
"I use Arch btw"
I use it but I hate how much space it uses and I hate when I update flatpaks I have no idea how much is going to download.
https://gitlab.com/TheEvilSkeleton/flatpak-dedup-checker
And it should only download the diffs, not everything.
Does anyone know how they handle spoofed malware? I can never figure out whether I can trust the packages from flathub. I always have to check the official website of the particular software first.
Flathub maintainers do not upload anything, they just write a manifest pointing to the official source and flathub does the rest. They also cannot modify it freely, approval is required.
Flathub verifies you have permission from upstream before accepting it. Other than that, sandbox.
purely as an end user i hate how much it downloads with each update and how much it uses the disk space although that's much less of an issue. i know it's solving a real problem and relieving a lot of the headaches of developers maintaing packages for each distro's specific package standard, but it's simply not the software distribution solution for people without at least well enough internet.
i wouldn't use any distro with flatpaks as its main way of delivering software and i would in almost all cases always choose alternatives even if it's outdated. i don't necessarily hate flatpak itself but for me i don't want to spend money on extra data cap and wait 30 minutes for a small update for my game launcher to finish.
the appimage of one of the applications i was interested in was 3 times less than the average flatpak update so redownloading the appimage every time would be better. if i installed more packages yeah the math would be better but it's still wasted data per update no matter how small it actually is. i found out after a while of using flatpak that i wouldn't just update and was stuck with outdated software anyway.
Flatpak updates should generally download changed data, it does a poor job of showing how much this will be in advance though.
the actual update size for the application is logical as far as i remember, it's the other stuff alongside it (i think related to graphics card) which is the real issue. it added around 500MB each update while the actual update itself might've been 10 or 20 MB.
Yes, also it uses deduplication on the disk, where it is even less space actually used.
I'll always prefer the repositories, but Flatpak comes in handy for applications with weird dependencies where you need to compile everything needed on your own - or outdated 32 bits software.
Ambivalent. I like the consistency between distros and the idea of sandboxing, in practice sandboxing is a pain in the ass and Flatpaks use up an inordinate amount of space for different library versions. However, if I have to use a proprietary application I do appreciate the sandboxing and Flatpak is my preferred install method.
Mostly positive. My encoding utility Aviator can be shipped with a custom community-backed SVT-AV1 fork in the background without anyone noticing any issues like they would if I linked to system SVT-AV1. Flatpak makes this kind of thing easy, and users don't have to think about it.
Haven’t had issues, elementary uses them for system apps
I usually install Debian Linux on old Chromebooks that have only 16 GB SSD, and then gift them to my cousins or their kids. Flatpacks are out of the question, since pretty much every app I checked is between 500 and 1 GB of size. I only have 7.5 GB of free space in there after the base XFce Debian installation is done, plus 2 GB of swap. I find flatpacks to be space eaters, and I avoid them even on my normal, higher SSD size laptops.
You can probably reclaim at least 1 GB of that swap, maybe even a few hundred megabytes more. I've been running with a 512 MB swap for a while now and the most I've seen occupied was about 150 MB.
I really like them. They give us a reliable application that doesn't depend the distro building a version for specific platform. For example if the newest versions are compiled for Ubuntu 24.04 but you're on 22.04 it might take a while to get the update.
It does come at a cost though, it'll have to package all the dependencies for 24.04 in a layer of the package so it'll take a long time to start up and take a lot more memory than necessary.
This is mitigated by flatpaks using same base for their application (like Ubuntu with Electron) but it still isn't the same as just starting up a proper apt program.
I really like it since we can have a modern version of a program for small distros and in general the barrier to entry so much lower so companies can't just say "oh we can't support all Linux distros, not feasible".
Aur you compile yourself for your own distro instead of it being done already by apt and the like.
Nix is a super cool since you can just setup and configure pretty much everything so that you just press "install" and you'll have your Gimp, VPN and whatever apps all done for you. You'll have to do some heavy configuration so programming knowledge is not necessary but really helps.
On the one hand I like the basic idea, on the other hand I think that some fundamental problems aren't fully solved yet. There big use case are passkeys and direct password manager integration – neither mesh well with the idea of software that isn't allowed to talk to most of the system.
I'm certain that this will be resolved at some point but for now I don't think Flatpak and its brethren are quite there yet.
passkeys
Dont know, may already work? Keyword adaption
direct password manager integration
Not sure what that means, but probably native messaging, a biig missing portal.
Flatpak has an Inter-process-communication permission, so software could absolutely be opt-in allowed to talk, while keeping security for the rest. Apps cant see each others ~/.var/app/org.app.name/ storage though, never.
Flatpak is why i moved to Debian, Running a Stable OS with the latest packages have made my Linux Desktop a full replacement for Windows, MacOS and Rolling releases.
The problem with Flatpak is that for me I would only use it to sandbox propietary apps, and most of these are not officially supported, so there is almost always something broken, like screen sharing, etc.
It is awesome
I wish more apps where officially supported, instead of saying it supports Linux and providing a .deb. Good thing the community provides unofficial flatpaks at least.
Flatpaks are great. I install my core os and gui with the base package management. All my user side packages are Flatpaks. I then use Flatseal to lock down and modify Flatpaks as needed. What's great is running programs like wine without installing a ton of dependencies and then locking the install from parts of my computer I don't want it to have access to.
What package manager do you currently use?
Depends. Ha ha
RPMs at work, Debs for my RaspberryPi devices. PacMan (Arch) and Flatpaks for home.
A lot of people seem to complain about them, but I really like them. I've even started using them over the AUR for some things now. I like that they keep certain things like Steam a lot tidier, and I like being able to see and control permissions and settings for everything all in Flatseal. The main downside I guess is that they use up more space by downloading dependencies for each app individually which is kind of redundant, but for me I've got a pretty big SSD in my laptop so it's never caused me any trouble. I could see how it could be a problem for someone with limited space on their system though.
Generally I tend to go Flatpak/AUR as a first choice, Appimage if I really need to, and Snaps never lol.
Doesn't work properly, apps are bigger and don't always apply GTK themes. I also can't easily edit the desktop file to edit the icons. I therefore only use it as a backup when I can't find an app on the AUR or office repositories, which is very rare.
"Dont ask yourself if it works, but how it works"
For editing desktop entries, copy it fron this strange directory ~/.local/share/flatpak/exports/share/applications/ to your normal ~/.local/share/applications which will always override the others.
Get Job done but remember don't use it for Browser and Text Editor. It will make you suffer.
AUR is similar to flathub in that most packages aren't thoroughly checked. Except for the packaging guidelines which usually have to be followed. I'm not sure how in depth nixpkgs or other distros check the source of packages of new maintainers.
Flatpak runs on all distros and supports sandboxing, which makes it a great addition to all distro repos. AUR can cause issues with dependencies and unmaintained packages, and the make file should be read since it's run with root privileges. Additionally the AUR only works on Arch Linux. Breakage isn't a risk with Nix and it's seamless rollback, but has to be installed deeply into the system (/nix)
My personally preferred package manager for most GUI apps is flatpak. Nix is great because it allows to install packages declaratively.
Edit: NixOS -> Nix
I installed PyCharm via flatpak. I don’t appreciate that I can’t access vim via the IDE’s terminal, and so far that’s all I really have to say about it. I like that things are sandboxed, and I think maybe this wasn’t the kind of thing I ought to have used flatpak for.
Have you tried granting additional permissions via Flatseal?
I haven’t, and prior to this post I wasn’t even aware of flatseal. I haven’t been doing too much dev work on my home machine lately, so fixing this gripe is kinda low on my priority list, but I’ll keep that in mind as an option if I ever get around to it. Most likely, though, I’ll probably just go back to the tarball. I really do think that I picked a less-than-ideal use case for flatpak on this one.
I have to agree. I tried some of the JetBrains IDEs from Flathub, and I switched back to the regular JetBrains Toolbox versions.
