Basically title.
I’m wondering if a package manager like flatpak comes with any drawback or negatives. Since it just works on basically any distro. Why isn’t this just the default? It seems very convenient.
Yes, I love it and don’t get me wrong but there are many downsides and they all result from poor planning and/or bad decisions around how flatpak was built. Here are a few:
- Poor integration with the system: sometimes works against you and completely bypasses your system instead of integrating with it / using its features better. To me it seems more like the higher levels are missing pieces to facilitate communication between applications (be it protocols, code or documentation) and sometimes it is as simple as configuration;
- Overhead, you’ll obviously end up with a bunch of copies of the same libraries and whatnot for different applications;
- No reasonable way to use it / install applications offline. This can become a serious pain point if you’re required to work in air gapped systems or you simply want to level of conservation for the future - it doesn’t seem reasonable at all to have to depend on some repository system that might gone at some point. Note that they don’t provide effective ways to mirror the entire repository / host it locally nor to download some kind of installable package for what you’re looking for;
- A community that is usually more interested in beating around the bush than actually fixing what’s wrong. Eg. a password manager (KeePassXC) and a browser (Firefox/Ungoogled) both installed via flatpak can’t communicate with each other because developers seem to be more interested in pointing fingers on GitHub than fixing the issue.
Flatpak acts as a restrictive sandbox experience that is mostly about “let’s block things and we don’t care about anything else”. I don’t think it’s reasonable to have situations like applications that aren’t picking the system theme / font without the user doing a bunch of links or installing more copies of whatever you already have. Flatpak in general was a good ideia, but the system integration execution is a shame.
The double-edged sword of isolation.
On the one hand, poor communication between apps and waste of storage.
On the other, relative safety from malicious applications, or from otherwise-safe applications built on top of a thousand libraries none of which have been audited by the dev.
I don’t know how it’s going to go down, but I suspect something will come along to address these issues and snatch the market away from Flatpak.
but I suspect something will come along to address these issues and snatch the market away from Flatpak.
I believe it could only be fixed by a team from GNOME or KDE, they’re the one in a position to develop something like Flatpak but deeply integrated with the system instead of trying to get around it.
For what’s worth Apple did a very good job when it came to the isolation and containerization of desktop applications, but again only possible because they control both sides.
Apple enforces a LOT of isolaton, they call it sandboxed apps and it is all based on capabilities, you may enjoy reading this. Applications get their isolated space at
~/Library/Containersand are not allowed to just write to any file system path they want.A sandboxed app may even think it is writing into a system folder for preference storage for example - but the system rewrites the path so that it ends up in the Container folder instead. For example under macOS apps typically write their data to
~/Library/Application Support. A sandboxed app cannot do that - and the data is instead written beneath the~/Library/Containers/app-idpath for that app.And here’s how good Apple is, any application, including 3rd party tools running inside Terminal will be restricted:
I bet most people weren’t expecting that a simple
lswould trigger the sandbox restrictions applied to the Terminal application. The best part is that instead of doing what Flatpak does (just blocking things and leaving the user unable to to anything) the system will prompt you for a decision.I believe this was the best way to go about things but it would require to get a DE team to make it in a cohesive and deeply integrated with the system. Canonical could do it… but we all know how Canonical is.
To the duplicate libraries
Do you know if flatpak leverages the memory side of this? With shared libs, you only keep one copy in memory, regardless of how many applications use it. Makes application launch faster, and memory usage lower.
For flatpak, it of course will load whatever it needs to load, but does it manage to avoid loading stuff across other flatpaks?
Thats a good question that came to my mind too, idk
IMO yes but it might not be an issue for you, flatpaks work like windows standalone executables where each app brings all their dependencies with them, the advantage is the insane stability that method provides, the downside is the huge size the app will ultimately take, flatpaks are compressed and they don’t really bring all their dependencies with them (because they can share runtimes) but the gist of it is a flatpak is usually much heavier than a system (.deb .rpm .PKG) package.
If you are ok with tweaking I recommend nix pkgs as they work on any distro and only take slightly more space than system packages. I have a terrible connection and low disk space, flatpaks aren’t something I can use on the long run.
Oh and if you’re wondering flatpak >>>> snap > appimages (IMO)
flatpaks work like windows standalone executables where each app brings all their dependencies
No thats appimage. Flatpaks run on shared libraries and even different runtimes containing the same packages share those using deduplication
https://gitlab.com/TheEvilSkeleton/flatpak-dedup-checker
A Flatpak is exactly as heavy as a system app, just that on the system you already have some libraries installed.
Initial download size is bigger, okay. And in general more downloads, I guess the deduplication happens on the disk.
Its like, shared runtimes but also not. Its a bad situation tbh.
- no OS level components
- duplicate libraries as some core apps (editor, filemanager, Desktop) cannot be flatpaks (yet?)
- old runtimes etc. dont force developers to keep them updated. Often thats because or 3rd party packagers though
- complicated packaging, I heard that the Flatpak builder is better for certain languages.
- theming issues I heard (on Fedora Kinoite Wayland it just works, and I can also force themes per app)
- bad permissions by default (best we have though)
- bad run commands (this could easily be fixed, and I have a script for it)
For OS components / packaging every part, Snaps may work, but for GUI apps they seem subpar and nobody really cares.
Nix may be way better for installing just anything compartimentalized, but there is no permission system (thats why packaging is easier).
But Flatpaks are really great overall, Bubblewrap, KDE Settings / Flatseal, Portals, official app support. Its really really important.
complicate packaging, XML sucks (are there good editors or something?), I heard that the Flatpak builder is better for certain languages.
What has XML got to do with it? Flatpak manifests are either JSON (not great but OK) or YAML, which is great.
Weird? One I saw was XML or maybe JSON
For me, the question is why I should add an extra layer of complexity. If the things I use already work well using apt, and if most things are bundled in the default distro install, then my life is already good.
This all depends on your software needs, if course. Some people are using a lot of new stuff, so the above setup leads to annoying situations.
Flatpak is a distro on its own, but with original dev support. Its like a Linux Distro replacing others.
So it adds complexity but with the potential to remove it from the OS. For example Libreoffice, Browsers, Thunderbird etc are huge and its a good approach to use official versions here.
I personally don’t really like it, since it sidesteps what is supposed to be the all-in-one package manager for the system, and integration can be poor.
It’s an alright idea, but I like the native package managers better. We’re not Windows, we don’t need so many different places to download our stuff.
Flathub is just one place. But it has verified apps, so you have no distro packaging issues, which is a Linux/BSD only problem.
There is some drawback. The main one : app can’t communicate with each other.
Example firefox and his extension keepass. As keepass can’t communicate with firefox, you have to open both apps and switch their windows.
You can use flatseal to manage communication between apps but that’s not an easy process and may prove a security issue if you don’t understand the technical jargon.
You only need flatseal on GNOME. KDE has it baked into the settings
Where in KDE are those settings? I see Flatpak permissions listed in Discover (bottom of right panel,) but you can’t change them there. Not sure where else to look. I’ve been using Flatseal but if it isn’t needed …
Under the apps section, or just search “flatpak”
There’s still a few edge cases that Flatpak is not great for. The Flatpak version of Kdenlive video editor can’t see Whisper, which it uses to generate subtitles. The Appimage and native builds work flawlessly.
I’m assuming these problems will be addressed eventually but it takes time.
I ran into an issue with flatpak version of Kdenlive that it would render only the topmost V track if it was a simple still image.
Preview worked fine.
Luckily, someone in Kdenlive’s Matrix suggested that I use an appimage. I used my distro’s version and the final render was fine.Other than that I had positive experience with flatpaks in general.
Have you reported that bug?
Appimages are pretty bad
IPC and the correct location may be able to fix that. Have you opened an issue?
