• JRaccoon@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    29
    ·
    5 months ago

    Sorry to ask, I’m not really familiar with Linux desktop nowadays: I’ve seen Flatpak and Flathub talked about a lot lately and it seems to be kinda a controversial topic. Anyone wanna fill me in what’s all the noice about? It’s some kind of cross-distro “app store” thingy?

    • Lettuce eat lettuce@lemmy.ml
      link
      fedilink
      arrow-up
      77
      ·
      edit-2
      5 months ago

      Flatpak is a universal application packaging standard for Linux. It allows devs to create a single application that gets bundled with all necessary dependencies including versioning.

      These apps run in their own semi-isolated “container” which makes immutable distros possible. (Distros like Fedora Silverblue that are effectively impossible to break by installing or removing critical system files.)

      This means that a Linux app doesn’t have to have a .deb version, an .rpm version, or be pre-compiled for any other distros. A user can simply go to Flathub, (the main repository for Flatpak apps), download the flatpak, and install it on their distro of choice.

      It’s quickly becoming the most popular way for users to install apps on Linux because it’s so easy and quick. But there are a few downsides like size on disk, first party verification, per-distro optimizations, and the centralization of application sources. That’s why some users aren’t fully endorsing or embracing how popular they are becoming.

      • JRaccoon@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        17
        ·
        edit-2
        5 months ago

        Cool, thanks for the explanation.

        a single application that gets bundled with all necessary dependencies including versioning

        Does that mean that if I were to install Application A and Application B that both have dependency to package C version 1.2.3 I then would have package C (and all of its possible sub dependencies) twice on my disk? I don’t know how much external dependencies applications on Linux usually have but doesn’t that have the potential to waste huge amounts of disk space?

        • Lettuce eat lettuce@lemmy.ml
          link
          fedilink
          arrow-up
          31
          ·
          5 months ago

          Essentially yes, if you start using lots if older applications or mixing applications that use many different dependency versions, you will start to use lots of extra disk space because the different apps have to use their own separate dependency trees and so forth.

          This doesn’t mean it will be like 2x-3x the size as traditional packages, but from what I’ve seen, it could definitely be 10-20% larger on disk. Not a huge deal for most people, but if you have limited disk space for one reason or another, it could be a problem.

          • brachypelmasmithi@lemm.ee
            link
            fedilink
            arrow-up
            4
            ·
            5 months ago

            It CAN get pretty wild sometimes, though. For example, Flameshot (screenshotting utility) is only ~560KB as a system package, while its flatpak version is ~1.4GB (almost 2.5k times as big)

            • j0rge@lemmy.ml
              link
              fedilink
              arrow-up
              6
              ·
              5 months ago

              Flameshot is 3.6MB on disk according to flatpak info org.flameshot.Flameshot

              • brachypelmasmithi@lemm.ee
                link
                fedilink
                arrow-up
                3
                ·
                edit-2
                5 months ago

                Weird, the software manager (using LM 21.3) reports 1.1GB dl, 2.4GB installed (which is different from when i checked yesterday for some reason?). flatpak install reports around 2.1GB of dependencies and the package itself at just 1.3MB

                EDIT: nvm im stupid, the other reply explains the discrepancy

        • qaz@lemmy.world
          link
          fedilink
          arrow-up
          6
          ·
          5 months ago

          Most dependencies are bundled in the “runtime” images, and it uses file deduplication to reduce the size of the dependencies, but it’s still a little more than a normal package manager.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          5
          ·
          5 months ago

          Flatpak as a dependency system that allows use of specially packaged library type flatpaks. This significantly reduces the needed disk space.

        • Chronicon [they/them]@hexbear.net
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          5 months ago

          on a desktop it might not be significant but I tried using flatpak apps on a device with very limited root emmc storage (16 GB) and ran out of space really fast. Its really common to see a couple multi-hundred-megabyte library downloads for each new app IME.

          I like them for some stuff but there are glaring issues that I don’t like. I’ve posted about it before, poor integration of apps/not getting the right permissions is a big problem, the people packaging them don’t often do as good of a job as someone like a distro maintainer.

          But admittedly my experience using it probably isn’t representative (pop os through their shop and arch on a mobile device). Neither were amazing, but not having to compile shit myself or install with an untrusted shell script was nice for some apps. Without some significant improvements it’s not a good replacement for a distro’s package repos but it might be a good way to broaden the available applications without having to maintain 10x more packages.

        • MajinBlayze [any, he/him]@hexbear.net
          link
          fedilink
          English
          arrow-up
          3
          ·
          5 months ago

          It’s not quite that simple.

          Each package can choose one from a handful of runtimes to use, each of which include common dependencies (like gnome or qt libraries), and if multiple flatpaks use the same runtime, that runtime is only downloaded once.

          It is less space efficient than your typical package manager, but brings other benefits like sandboxing.

        • mrvictory1@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          5 months ago

          Not necessarily. GNOME and KDE dependencies and “base system” for flatpaks to run in are flatpaks themselves so apps that depend on them will not use duplicated dependencies. Storage usage may not be as efficient as using a traditional package manager but you don’t install a new OS per app either.

      • sir_pronoun@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        5 months ago

        What about those apps using out of date libraries? Wouldn’t that become a security issue - since containers usually aren’t that secure, right? And all app developers would have to update their container libraries separately, instead of just updating the system libraries?

        • Allero@lemmy.today
          link
          fedilink
          arrow-up
          5
          ·
          5 months ago

          As containers are isolated - it’s mostly a security issue for the container itself. It may become an issue, though, if the container is allowed to freely interact with filesystem, for example.

          Apps like Flatseal allow you to easily control such variables using a GUI instead of tinkering in the terminal.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 months ago

          So if a library is out of date you can just update it. As far as containers go they are fine for security as bubblewrap is pretty solid.

      • CaptainSpaceman@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        5 months ago

        Interesting breakdown, thank you.

        Do you happen to know if the containerization is similar to docker containers? Or more like android apps?

        • lightnegative@lemmy.world
          link
          fedilink
          arrow-up
          14
          ·
          edit-2
          5 months ago

          It’s more like android apps from early versions of Android before the permissions became user-managable.

          It won’t prompt you to give the application access to certain permissions, all the permissions are predefined in the manifest by whoever published the application to flathub. When you run the application you just hope it won’t cause too much havoc (you can of course verify the permissions before running it, but I guarantee most people won’t)

          Flatpak supports sandboxing but due to how most desktop applications want access to your home folder, network etc many apps simply disable it.

          Regardless of the level of sandboxing applied to the app, Flatpak is a great way for a developer to package once run anywhere. Prior to Flatpak, if you wanted to support multiple distros, you had to build a package for each distro or hope somebody working on that distro would do it for you.

          Inb4 AppImage was here first. And if you mention Snap then GTFO

          • Lettuce eat lettuce@lemmy.ml
            link
            fedilink
            arrow-up
            6
            ·
            5 months ago

            Appimage is probably the most similar to a naked .exe in Windows. They are useful for small apps or simple indie games, but I prefer Flatpaks for my everyday big applications.

            Agreed, Snaps are like Flatpaks but worse because locked down back end and Canonical’s sketchy nature. Imagine a really delicious pastry that anybody can make and sell, then imagine the same pastry but only one bakery in the world can make and sell it. Which would you prefer? Lol

          • Possibly linux@lemmy.zip
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            Keep in mind there are certain permissions that can lead to a sandbox escape. These permissions are banned on Flathub but can still be used by flatpaks files and custom repos.

        • Lettuce eat lettuce@lemmy.ml
          link
          fedilink
          arrow-up
          6
          ·
          edit-2
          5 months ago

          I’m not an expert, but from my understanding, more like android apps.

          They aren’t totally isolated like a docker or LXC container would be, but they are generally self-contained.

          The Linux Experiment has a really great vid that goes into detail on all common packaging formats in Linux including Flatpaks:

          Linux Packaging Formats Explained

      • JRaccoon@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        Well, just by looking at responses in this thread, the controversy most definitely still exists. Some seem to like it and others hate it fiercely.

    • shapis@lemmy.ml
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      5 months ago

      Most of the issue is that they’re unreliable. Sometimes the app will work. Sometimes it doesn’t. Sometimes you have to fiddle blindly with flatseal settings, which ones? Who knows? Guessing is part of the fun.

      It’d be a great thing if it just worked.

      • Pasta Dental@sh.itjust.works
        link
        fedilink
        arrow-up
        6
        ·
        5 months ago

        In over 3 years of daily flatpak use (of multiple apps) I’ve never had a single reliability issue with flatpak, the only ones being caused by me because I was trying out settings in flatseal that the app didn’t like. On the flip side I’ve found native packages to be broken more often than not, with .Deb files sometimes just not working and throwing an error or something. Package managers are better for sure but I’ve had dependency issues that I have never experienced with flatpak.

        • oldfart@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          5 months ago

          Good for you for not having any problems mate! I’m sure this invalidates the parent poster’s problems.

    • prunerye@slrpnk.net
      link
      fedilink
      arrow-up
      3
      ·
      5 months ago

      I don’t hate flatpaks, but flatpaks require more disk space than the same apps from traditional repositories, and they only support a handful of the most common default themes. Since I only ever use older and slower computers, my disk space is limited, and I like to rice my desktop, I personally avoid them. But your use-case may differ.

    • shekau@lemmy.today
      link
      fedilink
      arrow-up
      3
      ·
      5 months ago

      Flatpak is the best - thats all you need to know!!!

      But seriously, apart from obvious things other people have said, I would like to add that the HUGE advantage of flatpak is that each app is using its own dependencies, this way you can avoid dependency hell, which is mostly time-consuming and hard to fix.

    • Vilian@lemmy.ca
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      5 months ago

      yes it’s cross distro, it’s controversial becaune some people don’t want to install apps with their own libraries or dependecies, and some apps are not oficial so they break with the flatpak sandbox