this post was submitted on 28 May 2024
59 points (90.4% liked)

Linux

48404 readers
794 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
59
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/[email protected]
 

I've been using arch for a while now and I always used Flatpaks for proprietary software that might do some creepy shit because Flatpaks are supposed to be sandboxed (e.g. Steam). And Flatpaks always worked flawlessly OOTB for me. AUR for things I trust. I've read on the internet how people prefer AUR over Flatpaks. Why? And how do y'all cope with waiting for all the AUR installed packages to rebuild after every update? Alacritty takes ages to build for me. Which is why I only update the AUR installed and built applications every 2 weeks.

all 43 comments
sorted by: hot top controversial new old
[–] [email protected] 26 points 6 months ago

Users who don't want redundant dependencies will probably prefer AUR packages. It can also be nice to manage all the packages with just the helper app. I try to install the binaries of apps from the AUR if they're available to avoid the long build times.

[–] [email protected] 14 points 6 months ago* (last edited 6 months ago)

on my arch-based systems, i use repos first, aur second. appimages third. i do also have a couple minor things (that are self-contained with no dependencies) that were just 'unzipped' into their own directories and links added to menus where appropriate. note that i don't game on these systems. i don't have a lot of aur packages installed, so updates and subsequent recompile time isn't an issue.

i have yet to run into anything i want or need that isn't available in those. so no flatpaks or snaps.

[–] [email protected] 12 points 6 months ago

AUR for niche stuff, Flatpak for everything else.

I personally prefer Flatpak because:

  • It's simple
  • It's the recommended way of installation for most distros, especially image based ones, like Fedora Atomic for example
  • It's accessible for everyone more easily
  • It works most of the time

I use the AUR in a Distrobox container for software I can't find any other installation method. For me, it's to cumbersome to hop into the terminal and proceed with the installation.
For Flatpaks, it's just one click and it's done.

[–] [email protected] 11 points 6 months ago (1 children)

An AUR package has been done for Arch by (supposedly) someone who knows what they are doing and needs it on their Arch Machine

A Flatpak is something done by someone, to (supposedly) work everywhere, untested on Arch, that may or may not work. And crash (Ardour on Asahi). Or waste hours or you life to render files incorrectly (kdenlive on arch and asahi).

Native versions work perfectly.

I thought I was clever in using arch/aur for everything, but pull KDE or QT apps from Flatpak to keep my gnome install a bit more tidy... For this, you'd have to have those Flataks to work, and sometimes they don't.

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago)

To be fair, there are a lot of Flatpacks published by the devs themselves (especially in the Gnome/GTK ecosystem).

[–] [email protected] 9 points 6 months ago

The AUR is the best thing about Arch. yay -Syu and everything is updated. Painless.

I tend to use binary packages to avoid long compiles. If an update includes something that is going to take a while, I often exclude that package from the update. After everything else is updated, I can run it again to get the last package or two. They can just run in the background while I do other stuff. If it is a program I am going to use right away, I may put off the update of that package until I am done my session. This is pretty common with JetBrains updates for example.

I do not have a single Flatpak.

[–] [email protected] 8 points 6 months ago

I am using both of them without any problem.

The main advantage of Flatpaks (and things like AppImage) is that you have a single "executable" with everything you need and sometime that is useful even if the software is Opensource but the building dependencies are a nightmare. Subsurface (a dive log software) is an example.

If the AUR package is a simple build (or a binary which is a converted package) then go for it. If you need to start building a lot of additional package from AUR to meet the dependencie then I would suggest, in order, to look for the Flatpak (or AppImage) package or to install an helper to build the packages

[–] [email protected] 6 points 6 months ago (1 children)

I prefer Flatpaks, not only because I support the format, but also because of containerization and the ability to clean up an application completely.

I absolutely hate it when apps randomly place config files everywhere.

[–] [email protected] 0 points 6 months ago

don't forget that the "containerization" is weak and not reliable.

[–] [email protected] 6 points 6 months ago (1 children)

Nonfree software does not have the ability to be rebuilt on each update anyway, since it's distributed as pre-built binaries. So they won't build anyway.

I tend to use AUR packages where possible if the package is not in the official repos. Only if the AUR package is broken do I turn to flatpaks.

[–] [email protected] 5 points 6 months ago* (last edited 6 months ago) (2 children)

Right. So my priority should be like this:

Proprietary: Flatpak

Open Source: Official Repo then AUR

[–] [email protected] 7 points 6 months ago (1 children)

My priority is: Official repo, AUR then Flatpak.

No matter what license it is. Although, if I need microsoft stuff I usually go flatpak there, so it's sealed off.

[–] [email protected] 1 points 6 months ago

Alright, got it. Thanks.

[–] [email protected] 5 points 6 months ago* (last edited 6 months ago)

This. Flatpak also provides additional privacy and security features to at least somewhat keep that proprietary garbage under control

[–] [email protected] 4 points 6 months ago* (last edited 6 months ago)

I use Silverblue and in general I like their philosophy. For other distros, it can be summed up as:

  • Flatpaks for GUI applications
  • Your choice of package manager for everything else

On Silverblue anything non-Flatpak is best installed inside a container. On a non-atomic distro I'd just install using the system's default package manager.

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago)

I use flatpak steam and flatseal to remove user home permissions so games don't see my files.

I'd prefer to use Nix derivations and firejail but I couldn't get it working last time I tried.

My preference for nix expressions to flatpaks is for better reproducibility guarantees, easier introspection, easier debugging, and less duplication.

[–] [email protected] 2 points 6 months ago

both is good

[–] [email protected] 2 points 6 months ago

I am on Fedora so the equivalent is COPR.

Flatpaks can be built pretty messy, use outdated runtimes or even entirely outdated dependencies.

It is pretty creepy, I digged down the pyramid of dependencies of OnionShare once and that thing is huge, some projects are archived, some had new releases but it still uses the old versions.

Native packages might not bundle all that in, which means more effort but especially more updated packages.

The sandbox is determined by the packagers, and a mix between "dont make it too loose" and "dont break use cases". For example many big projects without portal support have host permission to access your theoretical SMB shares or external media.

But yes, the bubblewrap sandbox is there, it prevents apps from manipulating the system, the syscalls are a bit restricted via a "badness enumerating" and pretty loose seccomp filter.

This prevents all apps from creating user namespaces, which are like chroots and create a small virtual filesystem for processes. They are used in FF and Chromium for sandboxing. But Firefox also uses seccomp-bpf which works within a flatpak.

If you want a Chromium browser, it should be native. Firefox arguably too, as it gets another layer of sandboxing. But Flatpaks are isolated from the system.

Have a look at bubblejail, which allows to sandbox programs from the OS with bubblewrap, but with a custom filter that can allow user namespaces.

[–] [email protected] 2 points 6 months ago
[–] [email protected] 2 points 6 months ago

I usually do distro repos, followed by aur, then flatpak if the aur version is too cumbersome (e.g. obs, game emulators). Funnily enough I use steam native because when I was using the flatpak. I had trouble with mods and things of that nature. A lot of that stuff either needs to be moved to different locations, straight up doesn't work, or requires a bit of permission fiddling and I just didn't wanna go through that. On the other hand. I believe there was a glibc issue on Arch that broke all games on steam native for a couple of days which the flatpak didn't suffer from. Just goes to show nothing is perfect either way.

[–] [email protected] 2 points 6 months ago

It's not like the AUR packages need recompiling after every update, so I'm using standard Arch repos + AUR and that's it.

Everything will be using the same (bleeding edge) dependencies, so if something breaks, I can find what changed and fix it and / or roll-back and / or report it to the dev.

I've been down this whole scenario with Windows back in the day... DLL hell, InstallShield packaging, compiled zips, weird %PATH% sets for execution, the lot... and at the end, it's always simpler to use common libraries and work with the devs to fix bugs - after all, they're usually developing on a "normally" packaged system anyway.

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago) (1 children)

Personally I tend to go AUR first, then Flatpak and then Appimage if there's no other choice. Snaps never lol

The reason being, I find that Flatpaks sometimes have issues with not being able to access certain things in the filesystem which can cause problems. That's presumably by design since they're sandboxed and you can fix it with Flatseal or whatever, but it's an extra level of fiddling that I can't always be bothered with. I do prefer Flatpaks for certain things that are messy with dependencies though (looking at you, Steam.) Appimages I don't really like because I hate having to go and check manually for updates for each one, it feels too much like Windows to me. But there are a couple of things that only have Appimage versions so I'll suck it up.

Snaps I just find to be a huge pain in the ass, and I've never found an app I need that doesn't already have a version on the AUR or as Flatpak or an Appimage, so I really have no need for them.

[–] [email protected] 2 points 6 months ago (1 children)

Appimages I don’t really like because I hate having to go and check manually for updates for each one, it feels too much like Windows to me. But there are a couple of things that only have Appimage versions so I’ll suck it up.

https://github.com/ivan-hc/AM

[–] [email protected] 2 points 6 months ago

Oh that's handy, thanks! I only have like 3 things as appimages but I already switched them over lol

[–] [email protected] 1 points 6 months ago

AUR just for the essentials , I just use AUR for my Epson Utility

[–] [email protected] 0 points 6 months ago

I always use Flatpak over AUR.

AUR is my last resort

[–] [email protected] 0 points 6 months ago

people prefer AUR over Flatpaks. Why?

Some stuff doesn't work as Flatpak, or I actually prefer for it to be compiled against what's actually on my system rather than a generic one-size-fits-all binary, or simply isn't in Flatpak.

Flathub is tiny (under 3k packages), AUR has over 85k – and yes I know that many of those are abandoned or maintained very loosely but even if you only count the packages updated in the last year that's still over 10x bigger than Flathub.

Examples: kernel modules, CLI tools, libraries, versions of apps compiled against old UI frameworks (like Claws-Mail with GTK2), obscure apps, drivers for obscure hardware, stuff with dubious legal standing like file sharing apps etc.

how do y'all cope with waiting for all the AUR installed packages to rebuild after every update?

I don't. I disabled AUR updates and only update AUR packages when they break. Sometimes if I'm bored I'll run a pamac checkupdates --aur and do a pamac build <package> on anything I see there that might be interesting to have a new version of. But most of the time like I said I wait for them to break, which happens surprisingly seldom.

Alacritty takes ages to build for me.

Yeah some apps are ridiculous. Pika Backup is another example, RPCS3, and so on. For some of those I actually resort to Flatpak.

The choice is not always so clear cut because Flatpak stuff will tend to have random features present or missing. For example a while ago the Flatpak Handbrake could do accelerated encoding on the GPU, now it can't. So I was forced to go back to native Handbrake.

[–] [email protected] -1 points 6 months ago* (last edited 6 months ago) (2 children)

AppImage !

  • Open format? Yes
  • Free format? Yes
  • Fully Contained Single Executable Support . Like an exe file for Windows systems Yes (the only one)
  • App Size** The lowest** !

https://en.wikipedia.org/wiki/AppImage

Matrix
https://www.fosslinux.com/42410/snap-vs-flatpak-vs-appimage-know-the-differences-which-is-better.htm
https://phoenixnap.com/kb/flatpak-vs-snap-vs-appimage \

[–] [email protected] 10 points 6 months ago

Why would the app size be the lowest? I could maybe see that for one single AppImage (though I don't expect a significant difference), but as soon as you have two or more apps, sharing dependencies would make Flatpaks smaller than AppImages.

[–] [email protected] 9 points 6 months ago

Aren't AppImages still limited to Xorg?

Also there's no centralised update mechanism or dependency deduplication, no?

[–] [email protected] -3 points 6 months ago (1 children)

Flatpaks don't securely download. Use your native package manager

[–] [email protected] 4 points 6 months ago (1 children)

In what way don't they "securely download" ?

[–] [email protected] 1 points 6 months ago (1 children)

No cryptographic signature verification, like most package managers have

[–] [email protected] 4 points 6 months ago* (last edited 6 months ago) (1 children)
[–] [email protected] 1 points 6 months ago (1 children)

The link you sent says that its an option that can be turned on or off. Also, that's for uploading. Doesn't say anytbify about verification of downloads.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

From the page:

It is recommended that OSTree repositories are verified using GPG whenever they are used. However, if you want to disable GPG verification, the --no-gpg-verify option can be used when a remote is added.

That is talking about downloading as well. Yes, you can turn it off, but so can you usually do it with native package managers, e.g. pacman: https://wiki.archlinux.org/title/Pacman/Package_signing

[–] [email protected] 1 points 6 months ago (1 children)

where does it say this applies to downloads too?

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

I'm confused why you think it would be anything else, and why you are so dead set on this. Repos include a signing key. There is an option to skip signature checking. And you think that signature checking is not used during downloads, despite this?

Ok, here are a few issues related to signatures being checked by default, when downloading: https://github.com/flatpak/flatpak/issues/4836 https://github.com/flatpak/flatpak/issues/5657 https://github.com/flatpak/flatpak/issues/3769 https://github.com/flatpak/flatpak/issues/5246 https://askubuntu.com/questions/1433512/flatpak-cant-check-signature-public-key-not-found https://stackoverflow.com/questions/70839691/flatpak-not-working-apparently-gpg-issue

Flatpak repos are signed and the signature is checked when downloading.

It's OK to be wrong. Dying on this hill seems pretty weird to me.

[–] [email protected] 1 points 6 months ago (1 children)

If its not documented, we shouldn't assume it has a security feature.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

You know what else we shouldn't assume? That that it doesn't have a security feature. And we additionally then shouldn't go around posting that incorrect assumption as if it were a fact. You know, like you did.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

Oh, we should absolutely assume that software does not have security features unless those features are clearly documented (and audited)...

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

Feel free to assume that, but don't claim an assumption as a fact.

You recommended using native package managers. How many of them have been audited?