How does it stack up against traditional package management and others like AUR and Nix?
I still prefer traditional packages, but I get why devs of complicated graphical apps with lots of dependencies hate them. As for Flatpak specifically, I’m not super impressed. It’s just going to get more annoying over time having more old versions of all their libraries and more and more apps that aren’t updating to the latest version so they eat up a ton of drive space and give constant notices to harass the devs, but out of all the major distro agnostic options they suck the least and they’re getting better the fastest, which is why I think they’ve pretty much won at this point. I’m not currently using them, but it’s pretty much inevitable that I’ll have to at some point, and overall that’s probably more good than bad. I think AppImages could have been better if the lead dev wasn’t a walking, talking collection of weird hills to die on, but I’m afraid that ship has already sailed.
I mean if the apps are not maintained, they wouldnt work well as distro packages too, would they?
Not really. It’s actually pretty common for simpler, unmaintained apps to get small changes in each distro made by the distro maintainers to stay compatible with their current library versions. There’s nobody doing that on Flathub.
Probably, but I guess thats the lack of “it has to be updated”. Just as distro maintainers do, flatpak maintainers or contributors can do as well, as its often pretty easy.
How does it stack up against traditional package management and others like AUR and Nix?
I only used AUR for a few packages (<5 at a time). It’s to be avoided and only used if the other options are a massive pain (unless it’s an official package).
Then I left Arch and eventually landed on MX. During that time Nix with home-manager has slowly replaced flatpak, and I don’t even have it installed anymore. Nix is better in every way, except for ease of use.
Flatpak has great gui integration (for gui tools). You can click through everything, and the updates are unified. It usually works perfectly fine if you just need to install a few programs.
With nix, there’s a lot more setup, but there are many benefits. You end up with a list of packages, and that’s really useful because you can take a fresh install, install nix and home manager, and then run a single line to reinstall everything. You can rollback updates, pin specific versions, install packages from a repo (if it has a flake.nix with outputs), and also configure them. I’m using the unstable branch, and it’s giving me bleeding edge packages on Debian. And there’s no risk of outdated system libraries, like with flatpak, because it provides everything.
That all sounds great, thanks!
Do you have any tips for an “easy” start, where everything is already pre-configured?
Nope, and that’s the worst part of nix. I’m actually planning on writing a short startup guide, but I need to solve a few more issues first.
But, this should help you out until then:
- installation commands (per user installations, no sudo needed for using nix or home-manager)
- ~/.config/nix/nix.conf ( you might need to add this before installing home-manager, i’m not 100% sure)
- ~/.config/home-manager/flake.nix
- ~/.config/home-manager/home.nix
The home.nix should be automatically generated, and that’s where you put all of your packages. I left a few as an example.
NixGL is needed to use openGL (nixGL lutris
for example). It works in most cases, but I couldn’t get alacritty or kitty to work. There are some ways to have packages automatically use it, but I still haven’t tried them out.
Flake allows you to select the correct nix repo (stable/unstable), appropriate home-manager version, and add outside packages like nixgl. It’s technically not necessary, but I wouldn’t go without it. Here I’m using the unstable repository, check the relevant docs if you want to go with releases instead.
The equivalent of apt update && apt upgrade
is nix flake update && home-manager switch --impure
. I like cd-ing into the nix dotfile directory (all of the files are in there and symlinked to ~/.config/ locations), but you can also use command line arguments to point to the flake.
nix flake update
updates the package definitions to what’s in the repo
home-manager switch
install them, and also updates any configs it’s managing. The --impure is only needed if you’re using nixgl (bad build commands depend on system time).
nix-collect-garbage
to force a clean up of unused packages
https://search.nixos.org/packages makes searching for packages a lot easier
https://mynixos.com/search?q=home-manager+ same, but for finding options to configure packages through home-manager
Comment if you need help
update: removed nixGL from flake and home, installed it through nix-channel in order to not use --impure
during home-manager switch
Thanks! I saved the comment for later.
What advantage do you see in Nix compared to Distrobox?
I personally enjoy DB because of its simplicity.
I just open BoxBuddy, create a new container from the dropdown-list, and then just start using my Debian or Arch container on top of Fedora Atomic for example.
The two main benefits I see in Nix are the reproducibility and the big repo. But in case of the repository size, Debian and Arch (+ AUR) are extremely big aswell.
Are there any other big benefits, that I can’t get with Distrobox, but with Nix?
Just as a small side note, I’m no power user and tend to use my PC more like a casual guy.
Does anyone know how they handle spoofed malware? I can never figure out whether I can trust the packages from flathub. I always have to check the official website of the particular software first.
On the one hand I like the basic idea, on the other hand I think that some fundamental problems aren’t fully solved yet. There big use case are passkeys and direct password manager integration – neither mesh well with the idea of software that isn’t allowed to talk to most of the system.
I’m certain that this will be resolved at some point but for now I don’t think Flatpak and its brethren are quite there yet.
passkeys
Dont know, may already work? Keyword adaption
direct password manager integration
Not sure what that means, but probably native messaging, a biig missing portal.
Flatpak has an Inter-process-communication permission, so software could absolutely be opt-in allowed to talk, while keeping security for the rest. Apps cant see each others ~/.var/app/org.app.name/
storage though, never.
I personally think it is trash…
Just putting “personally” in front of an unfounded statement doesnt make it better
Why it is unfounded?? The sandbox is still a lie (flatseal is impractical security since it makes you become a security researcher overnight), apps are not properly filesystem-unveiled. But a new level of complexity.
Could you explain “filesystem-unveiled”?
Apps are not updated to support portals for “compatibility” or just lack of maintenance. Flatpak needs to follow their approach if they want to have many apps being supported.
Desktop Linux doesnt have the marketshare to dictate that all apps need to adopt portals. In the meantime, flathub.org has a rating system and verified checks, this is simply not well shown in KDE Discover and not sure about GNOME software.