I’ve been using arch for a while now and I always used Flatpaks for proprietary software that might do some creepy shit because Flatpaks are supposed to be sandboxed (e.g. Steam). And Flatpaks always worked flawlessly OOTB for me. AUR for things I trust. I’ve read on the internet how people prefer AUR over Flatpaks. Why? And how do y’all cope with waiting for all the AUR installed packages to rebuild after every update? Alacritty takes ages to build for me. Which is why I only update the AUR installed and built applications every 2 weeks.
I usually do distro repos, followed by aur, then flatpak if the aur version is too cumbersome (e.g. obs, game emulators). Funnily enough I use steam native because when I was using the flatpak. I had trouble with mods and things of that nature. A lot of that stuff either needs to be moved to different locations, straight up doesn’t work, or requires a bit of permission fiddling and I just didn’t wanna go through that. On the other hand. I believe there was a glibc issue on Arch that broke all games on steam native for a couple of days which the flatpak didn’t suffer from. Just goes to show nothing is perfect either way.
Flatpaks don’t securely download. Use your native package manager
In what way don’t they “securely download” ?
No cryptographic signature verification, like most package managers have
That doesn’t seem to be true? https://flatpak-testing.readthedocs.io/en/latest/distributing-applications.html#gpg-signatures
The link you sent says that its an option that can be turned on or off. Also, that’s for uploading. Doesn’t say anytbify about verification of downloads.
From the page:
It is recommended that OSTree repositories are verified using GPG whenever they are used. However, if you want to disable GPG verification, the --no-gpg-verify option can be used when a remote is added.
That is talking about downloading as well. Yes, you can turn it off, but so can you usually do it with native package managers, e.g. pacman: https://wiki.archlinux.org/title/Pacman/Package_signing
where does it say this applies to downloads too?
I’m confused why you think it would be anything else, and why you are so dead set on this. Repos include a signing key. There is an option to skip signature checking. And you think that signature checking is not used during downloads, despite this?
Ok, here are a few issues related to signatures being checked by default, when downloading: https://github.com/flatpak/flatpak/issues/4836 https://github.com/flatpak/flatpak/issues/5657 https://github.com/flatpak/flatpak/issues/3769 https://github.com/flatpak/flatpak/issues/5246 https://askubuntu.com/questions/1433512/flatpak-cant-check-signature-public-key-not-found https://stackoverflow.com/questions/70839691/flatpak-not-working-apparently-gpg-issue
Flatpak repos are signed and the signature is checked when downloading.
It’s OK to be wrong. Dying on this hill seems pretty weird to me.
The AUR is the best thing about Arch. yay -Syu and everything is updated. Painless.
I tend to use binary packages to avoid long compiles. If an update includes something that is going to take a while, I often exclude that package from the update. After everything else is updated, I can run it again to get the last package or two. They can just run in the background while I do other stuff. If it is a program I am going to use right away, I may put off the update of that package until I am done my session. This is pretty common with JetBrains updates for example.
I do not have a single Flatpak.
Personally I tend to go AUR first, then Flatpak and then Appimage if there’s no other choice. Snaps never lol
The reason being, I find that Flatpaks sometimes have issues with not being able to access certain things in the filesystem which can cause problems. That’s presumably by design since they’re sandboxed and you can fix it with Flatseal or whatever, but it’s an extra level of fiddling that I can’t always be bothered with. I do prefer Flatpaks for certain things that are messy with dependencies though (looking at you, Steam.) Appimages I don’t really like because I hate having to go and check manually for updates for each one, it feels too much like Windows to me. But there are a couple of things that only have Appimage versions so I’ll suck it up.
Snaps I just find to be a huge pain in the ass, and I’ve never found an app I need that doesn’t already have a version on the AUR or as Flatpak or an Appimage, so I really have no need for them.
Appimages I don’t really like because I hate having to go and check manually for updates for each one, it feels too much like Windows to me. But there are a couple of things that only have Appimage versions so I’ll suck it up.
Oh that’s handy, thanks! I only have like 3 things as appimages but I already switched them over lol
people prefer AUR over Flatpaks. Why?
Some stuff doesn’t work as Flatpak, or I actually prefer for it to be compiled against what’s actually on my system rather than a generic one-size-fits-all binary, or simply isn’t in Flatpak.
Flathub is tiny (under 3k packages), AUR has over 85k – and yes I know that many of those are abandoned or maintained very loosely but even if you only count the packages updated in the last year that’s still over 10x bigger than Flathub.
Examples: kernel modules, CLI tools, libraries, versions of apps compiled against old UI frameworks (like Claws-Mail with GTK2), obscure apps, drivers for obscure hardware, stuff with dubious legal standing like file sharing apps etc.
how do y’all cope with waiting for all the AUR installed packages to rebuild after every update?
I don’t. I disabled AUR updates and only update AUR packages when they break. Sometimes if I’m bored I’ll run a
pamac checkupdates --aur
and do apamac build <package>
on anything I see there that might be interesting to have a new version of. But most of the time like I said I wait for them to break, which happens surprisingly seldom.Alacritty takes ages to build for me.
Yeah some apps are ridiculous. Pika Backup is another example, RPCS3, and so on. For some of those I actually resort to Flatpak.
The choice is not always so clear cut because Flatpak stuff will tend to have random features present or missing. For example a while ago the Flatpak Handbrake could do accelerated encoding on the GPU, now it can’t. So I was forced to go back to native Handbrake.
I prefer Flatpaks, not only because I support the format, but also because of containerization and the ability to clean up an application completely.
I absolutely hate it when apps randomly place config files everywhere.
An AUR package has been done for Arch by (supposedly) someone who knows what they are doing and needs it on their Arch Machine
A Flatpak is something done by someone, to (supposedly) work everywhere, untested on Arch, that may or may not work. And crash (Ardour on Asahi). Or waste hours or you life to render files incorrectly (kdenlive on arch and asahi).
Native versions work perfectly.
I thought I was clever in using arch/aur for everything, but pull KDE or QT apps from Flatpak to keep my gnome install a bit more tidy… For this, you’d have to have those Flataks to work, and sometimes they don’t.
To be fair, there are a lot of Flatpacks published by the devs themselves (especially in the Gnome/GTK ecosystem).
AppImage !
- Open format? Yes
- Free format? Yes
- Fully Contained Single Executable Support . Like an exe file for Windows systems Yes (the only one)
- App Size** The lowest** !
https://en.wikipedia.org/wiki/AppImage
Matrix
https://www.fosslinux.com/42410/snap-vs-flatpak-vs-appimage-know-the-differences-which-is-better.htm
https://phoenixnap.com/kb/flatpak-vs-snap-vs-appimage \Why would the app size be the lowest? I could maybe see that for one single AppImage (though I don’t expect a significant difference), but as soon as you have two or more apps, sharing dependencies would make Flatpaks smaller than AppImages.
Aren’t AppImages still limited to Xorg?
Also there’s no centralised update mechanism or dependency deduplication, no?
both is good
$ makepkg --syncdeps
$ makepkg --install
Btw