this post was submitted on 22 Dec 2023
83 points (91.1% liked)

Linux

48652 readers
2205 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Appimage for me ticks all the boxes for cross distro package as its very portable, simple to run, what are devs trying to do when creating snaps and flatpack?

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 74 points 1 year ago* (last edited 1 year ago) (2 children)

Software deployment that tackles dependency hell in a secure fashion while providing repeatable, atomic updates and rollback.

AppImage doesn't even provide a proper update system.

[–] [email protected] 12 points 1 year ago (1 children)

Can you elaborate on update system? AppImage is just a format, right? Whereas flatpak is a format and an entire toolkit for downloading and running flatpaks.

[–] [email protected] 43 points 1 year ago* (last edited 1 year ago)

You already said it. Flatpak and Snap both include an entire system around updates and rollback which provide some pretty strong guarantees for update success. AppImage does not. It's got some libs available that an individual developer could use to implement their own update mechanism but isn't a built-in. And besides, without a system-level component that manages install/update/rollback, you can't have any guarantees about the update process. You're back to the Windows-world per-app update.exe paradigm (or update.sh in Linux).

[–] [email protected] 2 points 1 year ago

There's software for that. Honestly, i prefer that over the 'whole package or nothing' approach in Flatpack, which still has ~/.var for packages hardcoded btw.

[–] [email protected] 31 points 1 year ago

Appimages do not have repositories, unlike Flatpaks and Snaps. It's harder to install or update them since there isn't a package manager for the Appimages.

I don't know about Snaps, but Flatpaks are sandboxed, which basically means more security, since apps won't get access to your system without permission. It's kind of like Android where apps have to ask for permission to things like camera access, filesystem access, etc.


While I do use Appimages, they remind me of Windows and having to go to websites to download stuff.

Personally, I prefer just installing software with my distro's package manager and resort to Flatpaks or Appimages when it's not available in the repos.

[–] [email protected] 29 points 1 year ago (3 children)

Aah yes, appimage, flatpak, snaps, progressive web apps, electron apps... The cross-compatibility of the lazy 21st century developer, where a simple IRC-like chat client comes with an entire operating system or an entire browser (which itself is an entire operating system too nowadays), takes up half a gig of disk space, and starts up in over 10 seconds with a multi-gigahertz multicore CPU.

Just perfect...

load more comments (3 replies)
[–] [email protected] 29 points 1 year ago (1 children)

Distro packages and to some extent Flatpaks, use shared libraries which can be updated independently of your app.

So for example, if a vulnerability is discovered in say, curl, or imagemagick, ffmpeg or whatever library an app is using: for AppImages, this won't be fixed until you update all of your AppImages. In Flatpak, it usually can be updated as part of a dependency, or distributed as a rebuild and update of the Flatpak. With distro packages, you can usually update the library itself and be done with it already.

AppImages are convenient for the user in that you can easily store them, move them, keep old versions around forever easily. It still doesn't guarantee it'll still run in distros a couple years for now, it guarantees that a given version will forever be vulnerable if any of its dependencies are because they're bundled in, it makes packages that are much much bigger than they need to be, and you have to unpack/repack them if you need library shims.

Different kinds of tradeoffs and goals, essentially. Flatpak happens to be a compromise a lot of people agree on as it provides a set of distro-agnostic libraries while also not shifting the burden entirely onto the app developers. The AppImage developer is intentionally keeping Wayland broken on AppImage because he hates it and wants to fulfil his narrative that Wayland is a broken mess that won't ever work, while Flatpak developers work hard on sandboxing and security and granular permission systems.

[–] vikingtons 18 points 1 year ago* (last edited 1 year ago) (3 children)

I had no idea about Appimage's stance on Wayland. That's very unfortunate.

E: Here's what I've come across so far: https://linuxgamingcentral.com/posts/appimage-dev-rejects-wayland-support/

[–] [email protected] 14 points 1 year ago

It is very unfortunate. It's fine to point out problems, but then when you become part of the problem, that's not amazing.

He's had the same meltdown with fuse2 being deprecated in favor of fuse3 which, guess what, also broke AppImage and we had a huge rant for that too.

Flatpak has a better chance of being forward compatible for the foreseeable future. Linux generally isn't a very ABI/API compatible platform because for the most part you're expected to be able to patch and recompile whatever you might want.

[–] [email protected] 6 points 1 year ago

Lol that reads like a squabble between 12yr olds. "He said there's tearing in Intel but my friend told me that's not true."

[–] [email protected] 2 points 11 months ago

AppImages are a good idea, but its dev is a top tier moron.

[–] [email protected] 27 points 1 year ago (1 children)

Flatpaks have the concept of runtimes; instead of downloading the entire qt tooling for a qt app the app could just use the KDE runtime same goes for GTK with the Gnome runtime. Flatpaks also have dependencies which can be shared between multiple apps even when they are not part of their runtimes, they are called "baseapps". Flatpak apps still use double the space my normal apps take on a fresh install, so I assume using appimages to replace them will leave no space on my SSD.

Before deciding to settle on using Flatpak I tried to search for appimage permissions and how to set them, but it seems there is no such thing? If that's true then there's another advantage for Flatpaks and Snaps.

Also with all due respect: Flatpak and Snap tooling are not maintained by Probonodb.

[–] djtech 1 points 1 year ago* (last edited 1 year ago)

What do you mean by AppImage permissions? A sandboxing feature like "access only those directories, those /dev devices, ..."

EDIT: obviously this isn't just for AppImage, but I tested it with AppImage and it work well. Another tip: if you want a package manager for managing AppImage installations try zap (https://github.com/srevinsaju/zap)

In that case, take a look at bubblejail. (https://github.com/igo95862/bubblejail)

[–] [email protected] 18 points 1 year ago (1 children)

The best of them all, αcτµαlly pδrταblε εxεcµταblε.

Build once, run natively on literally any PC OS including Windows and MacOS!

[–] [email protected] 5 points 1 year ago

Interesting read, love stuff like this but it seems they'd be a lot of dev overhead to truly make something large and agnostic but still gotta commend it!

[–] [email protected] 16 points 1 year ago

openSUSE's Richard Brown has given multiple talks over the years comparing these three. I'd suggest anyone to look at those for a great rundown on how these universal package managers compare to one another. His most recent talk can be found here; in which he actually does some kind of recap as well.

[–] [email protected] 11 points 1 year ago
  • ruins single source of truth over installed state
  • thus kills validation and thus consistency and thus repeatability (the holy trifecta of release management)
  • promotes dependency hell
  • promotes redundant installs
  • 'hides' installs from enterprise management (eg snmp)
  • you will fail the audit

But other than being redundant and risky, totally cool.

[–] [email protected] 11 points 1 year ago

Flatpak works like a package manager but has program isolation as well.

[–] [email protected] 8 points 1 year ago

My problem with all three is that trust, security, quality comes from package to package. There is no standard, and packages are isolated from each other. If there is an issue between multiple apps, developers just start pointing at each other. With distro like opensuse I know everything is tested properly including security bug coverage and package interoperability. I can even check it myself at openqa.opensuse.org

With flatpaks I am at mercy of each developer not being lazy and well informed about all current issues.

[–] [email protected] 8 points 1 year ago (2 children)

I hate all three. Why do we need to the same dependencies in a thousand different places? There's gotta be something better between typical software repos and these stupid packed applications.

[–] [email protected] 13 points 1 year ago

Flatpaks work by using a shared runtime, you don't have the same dependencies in a thousand different places

[–] superbirra 3 points 1 year ago

debian repos are ok w/o using all this shit

[–] Static_Rocket 8 points 1 year ago (1 children)

This may be a little bias but this is my understanding:

Flatpaks were the solution for reducing the duplication in Appimages and providing an automated way to do security updates. Flatpak got a chance to learn from Snap.

Snaps are basically a proprietary approach to creating and distributing Appimages that were created prior to the current Appimage tooling. They got to learn from the first generation of Appimages and decided to deviate from them early on.

Appimages were a stupid simple approach to a complex issue. Initial tooling was rough though and a lot of people, while they liked the idea, hated the requirements. Basically setting up an Ubuntu 18.04 environment for packaging was the only way to guarantee a truly portable image.

It left room for improvement and so decisions were made to try and fill that room. They were never bad, and devs weren't really trying to do anything other than simplify the creation and distribution of existing Appimage functionality.

I still think flatpaks are the closest to the ideal solution but again, I'm biased.

[–] [email protected] 7 points 1 year ago

I suppose FlatHub is the primary repo for Flatpak and where the updates comes from?

And also the Steam Deck natively supports them, which is noce.

[–] [email protected] 8 points 1 year ago

Flatpak provides updates, management tools, an ecosystem of common components that don't need to be repackaged with every executable, dependency management, cleaning up unused dependencies, warnings when you are using obsolete packages, and so on

[–] [email protected] 7 points 1 year ago (1 children)

My problem with appimage is that they never work. Every time I tried one, best case scenario it crashed with a random error message. All attempts to fix them were damn near impossible to debug.

It honestly felt like they were not universal enough and still relied on certain libraries being available on OS. Hopefully I'm wrong because that would completely defeat their purpose. I stopped wasting time on them after Plex and VLC both failed to run reliably and switched to flatpak that "just works" 100% of the time.

To be honest most of the time I look for an rpm anyway. Flatpaks are always a last resort. I'm on OpenSuse Tumbleweed.

[–] [email protected] 3 points 1 year ago

This was my experience as well as a developer trying to package an application as an appimage. Creating an appimage that works on your machine is easy. Creating one that actually works on other distros can be damn near impossible unless everything is statically linked and self contained in the first place. In contrast, flatpak's developer experience is much easier and if it runs, you can be pretty sure it runs elsewhere as well.

[–] [email protected] 7 points 1 year ago (1 children)

what are devs trying to do when creating snaps and flatpack?

Appimages are great for what they do. They'd be even better if we had convenient means of distribution. It's easy for an intermediate-to-advanced user to go find the thing on some website, download it then chmod +x it.

A regular user, in contrast, finds comfort in centralized software repositories, where you only have to enter an app's name and click install. Gnome and KDE, with the help of Appstream, provide Flatpaks for your convenience through Software and Discover, respectively.

It's worth mentioning that Alexander Larsson (Flatpak) took some inspiration from Simon Peter's (Appimage) klik when he was developing the precursor to xdg-apps and Flatpak, glick... What a mouthful :) Cheers!

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

I still prefer to run everything built directly from reliable deb sources.

As an end user... sure, flatpaks and appimages and snaps are I guess neat if you are constantly distro hopping or something, at least in theory.

But uh, I have already found the ability to play games, develop games and other software, use basic daily software for everyday needs, and have a stable and predictable OS that doesnt crash or have insane misconfigurations caused by some esoteric conflict by just basing everything directly off of deb sources.

Every once in a while I will have to compile my own build, but this is rare and usually only occurs when trying out something experimental, or, also rare, something that doesnt have an actively and well maintained deb source. In that case its just a matter of doing a build from github when a new version comes out.

And I can do builds from github because I have saved a lot of storage space from not using bundled installers for all my software, allowing me to store the sources. This is also neat because it allows me to quickly /use/ one of those sources in a project, after I have already seen that it is stable via the software I use that is built on it.

Finally there is the security angle. Using a myriad of different containerized installers for everything is convenient in that you don't have to directly worry about source management... until you do, when a source lib is discovered to have a critical flaw.

When a serious flaw is found in a source library... what's gonna get updated faster? A containerized installer that you have to wait for the devs, who are busy managing tons of cross platform dependency issues and have to do a new safe stable build everytime any of their many dependencies for their many supported platforms? Or an app specifically built from source libs that either doesnt focus on cross platform, or has different teams specific to maintaining its different supported flavors?

In my experience, literally all of the time, the 'direct from source' software gets updated more quickly than the cross platform bundled installer.

Further, this whole approach here gives you experience with software that is built on source packages that, as you become more familiar with, and tinker with yourself, gives you insight into what source libs are well coded in terms of cpu/gpu/ram optimization, and which are resource hogs and should be avoided if youre interested in promoting and using software built off of efficient code. I enjoy learning from the good coding techniques of stable, lean and fast programs, and avoiding code that is comparatively unstable, boated, or slow.

[–] coolmojo 4 points 1 year ago

A bit of history. The first universal packaging format was snap by Canonical and used to be called Click apps and it was made for the Ubuntu mobile OS and later to the Ubuntu desktop. Red Hat in response to that created the FlatPak format. The AppImages are community effort. As you can see since both snap and FlatPak are developed and supported by a company they are more widely available and easier to search, install and update them. There are multiple tools for AppImages as well, which can search, install an update, however they are not pre installed or can be installed from the repo on most distro. There are dielstros which ship AppImage support by default with App Store for example Nitrux. You can use AppMan or bauh for managing AppImages. The AppMan has command line interface and bauh is a graphical application. Bauh can also manage snap and FlatPak.

[–] [email protected] 2 points 1 year ago

IMO Flatpak is the best of them all. I don't want to bother with repo packages that have complete and unnecessary access to my system. Flatpak neatly installs an app and isolates it, and if I no longer want it I can just easily click "Uninstall" on my Settings app without it leaving a mess or any trace behind, unlike repo packages that manage to screw something as simple as uninstalling itself.

[–] [email protected] 2 points 1 year ago (1 children)

But where to get the AppImages from? Who's maintaining? How to do Security Vulnerality Tracking for them?

[–] [email protected] 4 points 1 year ago

Usually projects on github. Personally I use Appimages for things like Mypaint a digital drawing application, krita and most other KDE applications as to avoid all the dependency's KDE has in its eco system or at least to put them somewhere easier to manage

[–] mcepl 2 points 1 year ago* (last edited 1 year ago)

https://youtu.be/4WuYGcs0t6I (Richard Brown (FOSDEM 2023): “I was wrong about Flatpak, AppImage, and Snap”)

[–] [email protected] 1 points 1 year ago

I use them all with no issues.

[–] [email protected] 1 points 1 year ago

Flatpaks are a lot easier than appimages though I still default to my distros native packages if available.

load more comments
view more: next ›