Background-Story: I did a “flatpak update” on a remote client and every package wants the PW for downloading and for installing again. I had to enter the password like 30 times or more.

  • acockworkorange@mander.xyz
    link
    fedilink
    arrow-up
    27
    arrow-down
    1
    ·
    8 months ago

    Nah, it’s pretty popular. Flatpack for the things you can’t / won’t use your regular package manager is the most common behavior.

    • Kusimulkku@lemm.ee
      link
      fedilink
      arrow-up
      11
      ·
      8 months ago

      I dunno. A lot of stuff is switching over to flatpak these days. And it is the right direction. Regular repo stuff for the system and flatpak for apps is the way to go. You can have solid base separate from the applications.

        • Kusimulkku@lemm.ee
          link
          fedilink
          arrow-up
          4
          ·
          8 months ago

          It’s good that there’s options for everyone. I feel like flatpak is to desktop systems what docker is to servers.

          The situation right now is good in that both are maintained, but in the future it might be that distro repos get slimmer while flatpak becomes the norm. But we’ll see. I bet there’s people out there willing to maintain packages in the distro repos if nothing else then out of spite hah.

          • acockworkorange@mander.xyz
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago

            I think there are some quite difficult technical challenges to solve with flatpacks that prevent its wholesale adoption. I’m sure they’ll find a way, but it’ll take some time. In the meantime, I’ll rest on apt.

            • Kusimulkku@lemm.ee
              link
              fedilink
              arrow-up
              1
              ·
              8 months ago

              I don’t know, I think it’s really far already. I can’t think of any big issues I’ve had. Biggest technical issue is KeepassXC talking to Firefox, if both are in flatpaks. But that has a working workaround and the issue is being worked on right now (I had a ton of emails since I seem to be following the issue on github lol).

              • acockworkorange@mander.xyz
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                8 months ago

                That is a big one, inter process messaging securely.

                The other one is memory deduplication. Uncontainerized libraries get code stored in memory once. When two applications use the same library, only library variables are duplicated, executable code is stored once.

                When two flatpacks package the same library, they duplicate memory use. This is has to be addressed if we’re thinking of replacing regular packages altogether.

                Ok, suppose we got over that technical jump and can share code memory among different flatpacks. What happens when one of them is updated and packs a newer version of the library? Can we use the newer version for both? Are we breaking compartmentalization by doing so? Or by the very sharing of it?

                The concepts need to be worked out (a big hurdle), then implemented. At this point, are we departing too much for the concept that we’re essentially creating just another package format?

                I don’t have these answers, but I think there’s a good chance the answer to those will limit flatpack (and competitors) application as the end-all, be-all package format.

                • Kusimulkku@lemm.ee
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  8 months ago

                  Inter process messaging seems to be have quite some attention right now. I don’t think it’s very far now, if KeepassXC/Firefox issue I’m following is any indication.

                  When two flatpacks package the same library, they duplicate memory use.

                  Maybe I misunderstood you, but if they share the same library, the memory deduplication is already happening? I found this https://github.com/flatpak/flatpak/issues/4997

                  I’ve been running fairly low ram machines and I genuinely haven’t noticed any difference. Maybe I haven’t run enough of them at the same time and them having different (not shared) libraries. I wonder what the benchmarks are on this. I’ve only seen threads where people say it uses a bit more but no real comparison.

                  end-all, be-all package format.

                  I’m not sure if that’s the direction. I think flatpak is specifically targeting GUI apps, with the “system” packages being traditional packages. And I think that’s a good solution, that way you’d have a tighter system layer that could even be immutable and you’d have a separate application layer, so they don’t mess with each other. Good for preventing breakage of the system if there’s somehing fucky with some app.

                  • acockworkorange@mander.xyz
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    8 months ago

                    I think that deduplication ticket refers to library flatpacks. Like both flatpacks depend on a third one, and the contents of that third one will be loaded only once in memory.

                    I was taking about libraries packaged together with two apps. I don’t think the OS will know that two files located in different locations are actually the same and can be loaded only once in memory.

                    If that is solved, I’d be really glad to hear. Especially the decisions involved in handling multiple versions.

                    Whereas about how much of the system goes in flatpacks, once you’ve put your DE and apps on it, that’s like 80% of a typical desktop software load. There’s not much left and, like you said, the rest can be immutable. You may argue the DE is part of the base system, and I’d agree with you, but many people don’t.

                    Veering off topic for a bit… TBH it feels a little too much like Windows for my taste. When apps have a package maintainer, you can choose the level of stability you want and developers can focus on adding features / optimizing. When you remove that layer, the developers need to figure out how stable to keep their app to cater to most users, and if you are not comfortable with that, tough luck.

    • retrieval4558@mander.xyz
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      Noob question: lately I’ve been using flatpaks for most things because of the packaged dependencies. I am under the impression that as you add and remove programs over time, you’ll run into less issues with flatpak than with the distro package manager because the dependencies will come and go with the flatpaks and not sit in the host accumulating my mistakes. Am I wrong about this?

      • acockworkorange@mander.xyz
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        Any package manager worth its CPU cycles should take care of orphaned dependencies for you. Whether your package manager is decent or not is matter of heated debate, but the problem of orphaned dependencies has been largely solved.

        TLDR, you’re likely wrong about it. You’re also paying to have a neat filesystem by using more storage (which is cheap, spend away), memory (a bit or a big bit, depending), and performance (there are comparisons online, only you can decide if it’s significant for you).

        Now, my opinion is that you’re overtaxing yourself. The reason you mentioned for adopting flatpack is better addressed by familiarizing yourself with your main package manager. People that defend widespread use of flatpacks usually have other reasons (mostly newer versions, faster bug fixes and security fixes, etc.).

        The combination of which distribution and how to use side-loaded software isn’t a one size fits all. There are pros and cons to each approach, and they differ based on your needs, your distro, your threats…