I’ve been using arch for a while now and I always used Flatpaks for proprietary software that might do some creepy shit because Flatpaks are supposed to be sandboxed (e.g. Steam). And Flatpaks always worked flawlessly OOTB for me. AUR for things I trust. I’ve read on the internet how people prefer AUR over Flatpaks. Why? And how do y’all cope with waiting for all the AUR installed packages to rebuild after every update? Alacritty takes ages to build for me. Which is why I only update the AUR installed and built applications every 2 weeks.
Users who don’t want redundant dependencies will probably prefer AUR packages. It can also be nice to manage all the packages with just the helper app. I try to install the binaries of apps from the AUR if they’re available to avoid the long build times.
on my arch-based systems, i use repos first, aur second. appimages third. i do also have a couple minor things (that are self-contained with no dependencies) that were just ‘unzipped’ into their own directories and links added to menus where appropriate. note that i don’t game on these systems. i don’t have a lot of aur packages installed, so updates and subsequent recompile time isn’t an issue.
i have yet to run into anything i want or need that isn’t available in those. so no flatpaks or snaps.
AUR for niche stuff, Flatpak for everything else.
I personally prefer Flatpak because:
- It’s simple
- It’s the recommended way of installation for most distros, especially image based ones, like Fedora Atomic for example
- It’s accessible for everyone more easily
- It works most of the time
I use the AUR in a Distrobox container for software I can’t find any other installation method. For me, it’s to cumbersome to hop into the terminal and proceed with the installation.
For Flatpaks, it’s just one click and it’s done.An AUR package has been done for Arch by (supposedly) someone who knows what they are doing and needs it on their Arch Machine
A Flatpak is something done by someone, to (supposedly) work everywhere, untested on Arch, that may or may not work. And crash (Ardour on Asahi). Or waste hours or you life to render files incorrectly (kdenlive on arch and asahi).
Native versions work perfectly.
I thought I was clever in using arch/aur for everything, but pull KDE or QT apps from Flatpak to keep my gnome install a bit more tidy… For this, you’d have to have those Flataks to work, and sometimes they don’t.
To be fair, there are a lot of Flatpacks published by the devs themselves (especially in the Gnome/GTK ecosystem).
The AUR is the best thing about Arch. yay -Syu and everything is updated. Painless.
I tend to use binary packages to avoid long compiles. If an update includes something that is going to take a while, I often exclude that package from the update. After everything else is updated, I can run it again to get the last package or two. They can just run in the background while I do other stuff. If it is a program I am going to use right away, I may put off the update of that package until I am done my session. This is pretty common with JetBrains updates for example.
I do not have a single Flatpak.
I am using both of them without any problem.
The main advantage of Flatpaks (and things like AppImage) is that you have a single “executable” with everything you need and sometime that is useful even if the software is Opensource but the building dependencies are a nightmare. Subsurface (a dive log software) is an example.
If the AUR package is a simple build (or a binary which is a converted package) then go for it. If you need to start building a lot of additional package from AUR to meet the dependencie then I would suggest, in order, to look for the Flatpak (or AppImage) package or to install an helper to build the packages
Nonfree software does not have the ability to be rebuilt on each update anyway, since it’s distributed as pre-built binaries. So they won’t build anyway.
I tend to use AUR packages where possible if the package is not in the official repos. Only if the AUR package is broken do I turn to flatpaks.
Right. So my priority should be like this:
Proprietary: Flatpak
Open Source: Official Repo then AUR
My priority is: Official repo, AUR then Flatpak.
No matter what license it is. Although, if I need microsoft stuff I usually go flatpak there, so it’s sealed off.
Alright, got it. Thanks.
This. Flatpak also provides additional privacy and security features to at least somewhat keep that proprietary garbage under control
I prefer Flatpaks, not only because I support the format, but also because of containerization and the ability to clean up an application completely.
I absolutely hate it when apps randomly place config files everywhere.
don’t forget that the “containerization” is weak and not reliable.
I use Silverblue and in general I like their philosophy. For other distros, it can be summed up as:
- Flatpaks for GUI applications
- Your choice of package manager for everything else
On Silverblue anything non-Flatpak is best installed inside a container. On a non-atomic distro I’d just install using the system’s default package manager.
I use flatpak steam and flatseal to remove user home permissions so games don’t see my files.
I’d prefer to use Nix derivations and firejail but I couldn’t get it working last time I tried.
My preference for nix expressions to flatpaks is for better reproducibility guarantees, easier introspection, easier debugging, and less duplication.
I usually do distro repos, followed by aur, then flatpak if the aur version is too cumbersome (e.g. obs, game emulators). Funnily enough I use steam native because when I was using the flatpak. I had trouble with mods and things of that nature. A lot of that stuff either needs to be moved to different locations, straight up doesn’t work, or requires a bit of permission fiddling and I just didn’t wanna go through that. On the other hand. I believe there was a glibc issue on Arch that broke all games on steam native for a couple of days which the flatpak didn’t suffer from. Just goes to show nothing is perfect either way.
It’s not like the AUR packages need recompiling after every update, so I’m using standard Arch repos + AUR and that’s it.
Everything will be using the same (bleeding edge) dependencies, so if something breaks, I can find what changed and fix it and / or roll-back and / or report it to the dev.
I’ve been down this whole scenario with Windows back in the day… DLL hell, InstallShield packaging, compiled zips, weird %PATH% sets for execution, the lot… and at the end, it’s always simpler to use common libraries and work with the devs to fix bugs - after all, they’re usually developing on a “normally” packaged system anyway.
I am on Fedora so the equivalent is COPR.
Flatpaks can be built pretty messy, use outdated runtimes or even entirely outdated dependencies.
It is pretty creepy, I digged down the pyramid of dependencies of OnionShare once and that thing is huge, some projects are archived, some had new releases but it still uses the old versions.
Native packages might not bundle all that in, which means more effort but especially more updated packages.
The sandbox is determined by the packagers, and a mix between “dont make it too loose” and “dont break use cases”. For example many big projects without portal support have
host
permission to access your theoretical SMB shares or external media.But yes, the bubblewrap sandbox is there, it prevents apps from manipulating the system, the syscalls are a bit restricted via a “badness enumerating” and pretty loose seccomp filter.
This prevents all apps from creating user namespaces, which are like chroots and create a small virtual filesystem for processes. They are used in FF and Chromium for sandboxing. But Firefox also uses seccomp-bpf which works within a flatpak.
If you want a Chromium browser, it should be native. Firefox arguably too, as it gets another layer of sandboxing. But Flatpaks are isolated from the system.
Have a look at bubblejail, which allows to sandbox programs from the OS with bubblewrap, but with a custom filter that can allow user namespaces.
Flatpak.
both is good