• TheDemonBuer@lemmy.world
    link
    fedilink
    arrow-up
    36
    ·
    4 months ago

    Flatpaks aren’t perfect, but I think it’s a good solution to the fragmentation problem that is inherent to Linux.

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      17
      ·
      4 months ago

      Precisely. Flatpaks solve an important problem. Perfect should not be the enemy of good.

      Binary compatibility is a sad story on Linux, and we cannot expect developers — many of whom work for free — to package, test, debug, and maintain releases for multiple distributions. If we want to sustainable ecosystem with diverse distributions, we must answer the compatibility question. This is a working option that solves the problem, and it comes with minor security benefits because it isolates applications not just from the system but from each other.

      • nexussapphire@lemm.ee
        link
        fedilink
        English
        arrow-up
        8
        ·
        4 months ago

        Also companies are lazy and if we don’t want to be stuck on Ubuntu for proprietary app stability. We should probably embrace something like flatpak. Also when companies neglect their apps, it’ll have a better chance of working down the road thanks to support for multiple dependency versions on the same install.

        • henfredemars@infosec.pub
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          Great point! At the end of the day, the apps I want to use will decide which distro I main. Many FOSS fanatics are quick to critique Ubuntu, So they should support solutions that allow our distro to be diverse and use all the killer apps.

  • NaibofTabr@infosec.pub
    link
    fedilink
    English
    arrow-up
    27
    arrow-down
    7
    ·
    4 months ago

    If you’re separating your application from the core system package manager and shared libraries, there had better be a good and specific reason for it (e.g. the app needs to be containerized for stability/security/weird dependency). If an app can’t be centrally managed I don’t want it on my system, with grudging exceptions.

    Chocolatey has even made this possible in Windows, and lately for my Windows environments if I can’t install an application through chocolatey then I’ll try to find an alternative that I can. Package managers are absolutely superior to independent application installs.

    • AnyOldName3@lemmy.world
      link
      fedilink
      arrow-up
      21
      ·
      4 months ago

      Typically Windows applications bundle all their dependencies, so Chocolatey, WinGet and Scoop are all more like installing a Flatpak or AppImage than a package from a distro’s system package manager. They’re all listed in one place, yes, but so’s everything on FlatHub.

    • Pennomi@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      4 months ago

      I think containerization for security is a damn good reason for virtually all software.

      • gaylord_fartmaster@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        4 months ago

        Definitely. I’d rather have a “good and specific reason” why your application needs to use my shared libraries or have acess to my entire filesystem by default.

    • Kusimulkku@lemm.ee
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      4 months ago

      I think stability is a pretty good reason

      If an app can’t be centrally managed

      Open Discover, Gnome Software etc -> Click update?

        • Kusimulkku@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          I’m now confused if they’re saying that flatpak is centrally managed or not. To me it seems centrally managed, both the flatpak ecosystem but your whole machine (repo packages, firmware, flatpak) if you use those app stores. I might’ve misunderstood what they said.

    • Norgur@fedia.io
      link
      fedilink
      arrow-up
      12
      arrow-down
      2
      ·
      4 months ago

      glibc 2.36 is all you’ll ever need, okay? Go away with those goddamn backports!

  • BeigeAgenda@lemmy.ca
    link
    fedilink
    arrow-up
    18
    arrow-down
    2
    ·
    4 months ago

    If I can choose between flatpack and distro package, distro wins hands down.

    If the choice then is flatpack vs compile your own, I think I’ll generally compile it, but it depends on the circumstances.

      • BeigeAgenda@lemmy.ca
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        4 months ago

        Because it’s easier to use the version that’s in the distro, and why do I need an extra set of libraries filling up my disk.

        I see flatpack as a last resort, where I trade disk space for convenience, because you end up with a whole OS worth of flatpack dependencies (10+ GB) on your disk after a few upgrade cycles.

        • F04118F@feddit.nl
          link
          fedilink
          arrow-up
          5
          ·
          4 months ago

          Is compiling it yourself with the time and effort that it costs worth more than a few GB of disk space?

          Then your disk is very expensive and your labor very cheap.

          • cley_faye@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            4 months ago

            For a lot of project “compiling yourself”, while obviously more involved than running some magic install command, is really not that tedious. Good projects have decent documentation in that regard and usually streamline everything down to a few things to configure and be done with it.

            What’s aggravating is projects that explicitly go out of their way to make building them difficult, removing existing documentation and helper tools and replacing them with “use whatever we decided to use”. I hate these.

          • BeigeAgenda@lemmy.ca
            link
            fedilink
            arrow-up
            2
            ·
            4 months ago

            I should have noted that I’ll compile myself when we are talking about something that should run as a service on a server.

            • Batbro@sh.itjust.works
              link
              fedilink
              arrow-up
              3
              ·
              4 months ago

              2 comments up they said

              If the choice then is flatpack vs compile your own, I think I’ll generally compile it, but it depends on the circumstances.

        • TimeSquirrel@kbin.melroy.org
          link
          fedilink
          arrow-up
          2
          ·
          4 months ago

          I mean it’s 2024. I regularly download archives that are hundreds of GB and then completely forget they’re sitting on my drive, because I don’t notice it when the drive is 4TB.

      • BeigeAgenda@lemmy.ca
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        Because it’s easier to use the version that’s in the distro, and why do I need an extra set of libraries filling up my disk.

        I see flatpack as a last resort, where I trade disk space for convenience, because you end up with a whole OS worth of flatpack dependencies (10+ GB) on your disk after a few upgrade cycles.

  • macniel@feddit.org
    link
    fedilink
    arrow-up
    18
    arrow-down
    2
    ·
    4 months ago

    Flatpak is nice but I really would like to see a way to run flatpakked application transparently e.g. don’t have to

        flatpak run org.gnome.Lollypop
    

    and can just run the app via

        Lollypop
    
    • grue@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      2
      ·
      4 months ago

      You could make aliases for each program, but I agree, there should be a way to set it up so they resolve automatically.

    • Ananace@lemmy.ananace.dev
      link
      fedilink
      arrow-up
      8
      ·
      4 months ago

      Well, Flatpak installs aliases, so as long as your distribution - or yourself - add the $INSTALLATION/exports/bin path to $PATH, then you’ll be able to use the application IDs to launch them.

      And if you want to have the Flatpak available under a different name than it’s ID, you can always symlink the exported bin to whatever name you’d personally prefer.
      I’ve got Blender set up that way myself, with the org.blender.Blender bin symlinked to /usr/local/bin/blender, so that some older applications that expect to be able to simply interop with it are able to.

    • d_k_bo@feddit.org
      link
      fedilink
      arrow-up
      5
      ·
      4 months ago

      You can symlink /var/lib/flatpak/exports/bin/org.gnome.Lollypop (if you are using a system installation) or ~/.local/share/flatpak/exports/bin/org.gnome.Lollypop (if you are using a uset installation) to ~/.local/bin/lollypop and run it as lollypop.

    • Qkall@lemmy.ml
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      4 months ago

      I just run them raw, like just

      org.gnome.Lollypop

      Not ideal, but it’s what I do

    • Norgur@fedia.io
      link
      fedilink
      arrow-up
      22
      ·
      4 months ago

      Back in the day, when I installed my very first Linux OS, I had a wireless stick from Netgear. Wireless Drivers back then were abysmal, so I had to compile them from source (literally 15 mins after seeing a TTY for the first time). After I had found out how build-dependencies and such worked somehow and ./configure completed successfully for the first time, the script ended with the epic line:

      configure done. Now type 'make' and pray

      • Ananace@lemmy.ananace.dev
        link
        fedilink
        arrow-up
        7
        ·
        4 months ago

        Ah, I had one of those wireless sticks from Netgear as well, probably a different model but still a royal pain to get it working.
        Luckily ndiswrapper has become a thing of the past nowadays.

    • Zacryon@lemmy.wtf
      link
      fedilink
      arrow-up
      6
      ·
      4 months ago

      Because it’s always so easy to compile everything you need from source! Just make sure to download, compile and install the dependencies first as well. Oh, and the dependencies’ dependencies. And the ones from them. And so on. Unless you’re lucky enough that there are already packaged dependencies available for you. Don’t know how to compile? No problem, just read the documentation. You can be absolutely 1000000% dead serious sure that everything you need to know is documented and extremely super duper easy to understand if you don’t know the source code or barely know how to code at all. And if not, maybe you can find the bits of information on the respective Discord server. It will probably be also very intuitive to know which build options you have to set in which way and which ones even exist. And that without causing conflicts with other packages you need to compile. Still got got problems with compiling? EZ, just open a bunch of issues on the respective GitHub pages. (If present. Otherwise, try to find another way to contact devs and get support, Discord for example.) Maybe, about six months later you’re lucky to get a response. And if not, don’t worry. Some will tell you, you should RTFM or are an idiot. Some will just close the issue because your platform isn’t supported anyway. Then you know, what you did wrong. Also don’t mind if your issue gets ignored.
      If you finally managed to compile everything from source, congratulations! Now run the program and test if everything is working. If it’s not or if it is crashing, don’t worry! In developed and civilised countries you can just buy a shotgun and blast your own head away to end this suffering.

      EZ! Just compile from source!

      • Programmer Belch@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        I just complie from source some lightweight programs that are too niche for repositories. I am in no way advocating for full source compilation of every program in your system, that’s a security and usage nightmare. Flatpack does have its use for sandboxing an environment. I personally use it for windows applications in bottles.

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      This doesn’t scale. If I have a bug and my package has about two dozen dependencies which can all be different versions, and the developer can’t reproduce my bug, I’m just screwed. Developers don’t have the time and resources to chase down a bug that depends on build time variables.

      Ask me how I know this happens.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      4 months ago

      I like the ports tree that only compiles from source, yes it’s slow, but you know the binaries you make are pure.

      • Programmer Belch@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        Yes, it would depend on your flatpack usage. For me I only have like 5 programs compiled from source and one flatpack (bottles) because of the sandboxing

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          That’s not good. It breaks the system as there isn’t any change control with that unless your using something like Gentoo. Get your packages from the package manager.

  • Ephera@lemmy.ml
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    4 months ago

    I just distribute it as a self-contained executable/archive. ¯\_(ツ)_/¯

      • Ephera@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        4 months ago

        Yeah, that’s the fun part. Hooking into some auto-update mechanism would be useful to me.

        But my stuff is mostly in the scratching-my-own-itch stage, so setting up a FlatHub account, Flatpak metadata, sandbox rules, probably an icon and screenshots and whatnot, and automating the build+releases, just to get auto-updates, yeah… no.

        I could code a whole nother project in the time that would take.

        • Ananace@lemmy.ananace.dev
          link
          fedilink
          arrow-up
          2
          ·
          4 months ago

          Well, if you have any form of build script, makefile, or CI, then you can easily shove that into a flatpak-builder manifest and push the build repo anywhere you want. The default OSTree repository format can be served from any old webserver or S3 bucket after all.

          I’ve done this for personal projects many times, since it’s a ridiculously easy way to get scalable distribution and automatic updates in place.

          • Ephera@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            4 months ago

            Hmm, okay, that doesn’t sound too bad.
            Does the sandboxing get into the way much? Can a user tell it to poke a hole into the sandbox, to use some specific folder, for example?

            I think, my real problem is that I don’t actually use Flatpak for any software I have installed. 😅
            I’m not opposed to using Flatpak, but I disabled Flathub pretty quickly on my distro’s software store thingamabob, when I accidentally installed some proprietary software from it. Fuck that shit, no matter how much sandboxing I get.

            • Ananace@lemmy.ananace.dev
              link
              fedilink
              arrow-up
              2
              ·
              4 months ago

              In regards to sandboxing, it only gets as far in the way as you ask it to. For applications that you’re not planning on putting on FlatHub anyway you can be just as open as you want to be, i.e. just adding / - or host as it’s called - as read-write to the app. (OpenMW still does that as we had some issues with the data extraction for original Morrowind install media)

              If you do want to sandbox though, users are able to poke just as many holes as they want - or add their own restrictions atop whatever sandboxing you set up for the application. Flatpak itself has the flatpak override tool for this, or there’s graphical UIs like flatseal and the KDE control center module…

      • Ephera@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        So, like, dumb question. People here assumed that I mean AppImages, whereas I actually meant just a statically linked binary. Is that really the only reason why AppImage exists? So, that dynamically linked applications can be distributed like statically linked ones?

        • Ananace@lemmy.ananace.dev
          link
          fedilink
          arrow-up
          3
          ·
          4 months ago

          The majority of AppImages I’ve seen have been dynamically linked, yes. But it’s also used for packaging assets.

          • Ephera@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            4 months ago

            Yeah, alright, packaging assets makes sense. I’ve always been fine with just a .tar.gz, but having it be a singular file without compression is cool.

            I guess, since AppImage emulates a filesystem, you can also have your application logic load the assets from the same path as if the assets were installed on the OS, so that’s also cool.

        • ryannathans@aussie.zone
          link
          fedilink
          arrow-up
          2
          ·
          4 months ago

          You cannot statically link everything. Take graphics libraries and APIs for example, do you statically link against nvidia’s or mesa’s opengl?

        • ryannathans@aussie.zone
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          You cannot statically link everything. Take graphics libraries and APIs for example, do you statically link against nvidia’s or mesa’s opengl?

          • Ephera@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            4 months ago

            Sure, but presumably AppImage/Flatpak/Docker cannot help with that either…?

  • e8d79@discuss.tchncs.de
    link
    fedilink
    arrow-up
    4
    ·
    4 months ago

    Haters aren’t worth listening to. Doesn’t matter if it is flatpak, systemd, wayland, or whatever else. These people have no interest in a discussion about merits and drawbacks of a given solution. They just want to be angry about something.

    • someacnt_@lemmy.world
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      4 months ago

      Wayland gets the hate because compositors are authoritative so you cannot e.g. install your own window manager, taskbar, etc. It would be good if there were specifications governing these, but there isn’t.

  • 2xsaiko@discuss.tchncs.de
    link
    fedilink
    arrow-up
    4
    ·
    4 months ago

    Are those flatpak haters that say that in the room with us right now? The main difference with distro repos is that packages in it are packaged by the distro packagers and everyone who has an opinion on flatpak should know that this is how it works.

  • Wofls@feddit.org
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    4 months ago

    I don’t wanna be that guy, but someone has to say it: Nix Flakes

  • jj4211@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    4 months ago

    You don’t need the distro to package your sodtware through their package management systems though. Apt and dnf repositories are extensible, anyone can publish. If you go to copr or ppa you can have a little extra help too, without distro maintainers.

    The headache comes up when multiple third party repositories start conflicting with each other when you add enough of them, despite they’re best efforts. This scenario starts needing flatpack, which can, for example concurrently provide multiple distinct library versions installed that traditionally would conflict with each other. This doesn’t mean application has to bundle the dependency, that dependency can still be external to the package and independently updated, it just means conflicts can be gracefully handled.

    • breakingcups@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      The headache comes up when multiple third party repositories start conflicting with each other

      Which is traditionally why you needed the distro to package your software…