My reasons for getting behind Flatpak

By Adam Temple

TLDR; AppImage is great, but system integration makes it weak for practical use. Flatpak wins for me because it integrates much better.

One of the beautiful things about using Linux as a desktop or server is package management! The liberating power of 'apt-update' is real. Windows on the other hand didn't have anything like this, though inroads are being made with their Marketplace and tools like Chocolatey. However, we Linux users have ideals about openness and architecture that must be considered as this space evolves. I want to see an open philosophy as a defense against unchecked tech monopolies who desire control rather than progress. That's why we need to make the right decision about which package manager to adopt. Here's my research on just that.

In the Debian world we have mainly used apt as our package management tool for years. However there's a very real problem that everyone is trying to escape. It takes an enormous amount of work to maintain because different builds are necessary for each platform. It takes a diligent maintainer to keep up with the bare minimum. That means the Linux community has to spend a large amount of time in making software compatible rather than making it better. The developer of Mailspring sums it up:

"I know I could set up an apt-server and whatever else to send updates to the major linux distros, but we also ship on Mac and Windows and that's a lot of overhead." ref

And from the legend himself:

"[Making] binaries for Linux desktop applications is a major f*ing pain in the ass"

Another big issue is the blanket permissions you give an app upon installation. There's a security issue since apps can grab information your other apps running on X11.

What is the answer to these two issues? Sanboxed containers and bundled libraries. In other words, think more like Android for app permissions, a sandbox. Then, bundle the necessary libraries along with the app to increase portability with a single build. They make for much larger but more compatible binary. Multiple tools can do this right now.

Ubuntu came out with Snaps to answer the challenge. Like Flatpak and AppImage, which we will compare also, Snaps bring containerization and library bundling. It turns out all three of these options are step forward, but the details make all the difference.

The debate on which tool to use is heating up as shown by Linux Mint project dropping Snap. ref

Snap is the big dog with 5x the apps as Flatpack or AppImage, so it's appropriate to understand that first. Unfortunately, there are reasons not to love the Snap system, which is evidenced by Linux Mint dropping support altogether for it.

So the question I am asking is, which package system should I stand behind? To answer this I have collected differentiation factors that I find most useful for answering this question..

Snap:

  • Deal Killer - You can't rebuild an app to verify the binary you get publicly is built with the code you expect. This is because the Snap store and build tools are closed source. AppImage and Flatpack allow this. This is related to the reason Linux Mint dropped them, and might be fixed in the future.
  • Sandboxing is better than using Apt by default.
  • You can't run different versions of the app in parallel. AppImage/Flatpak allows this. This can kill your project if someone gives you a Blender file from 2.81 and you dare not try to render it in 2.83 because the deadline is close.
  • Disabling auto-updates is a pain.
  • Using a version of your choosing isn't possible. This is easy on Windows since they don't have a package manager. If the vendor provides older releases, you just download and install it.
  • Free and non-free software is mixed in without giving the user options
  • Experimental support for Parallel Install - ref

AppImage:

  • One app = one file philosophy. Just download, chmod u+x and run it on most distros.
  • Doesn't promise cross-distro compatibility. Snap and Flatpak handle this automatically.
  • Application isn't "installed" when it runs.
  • Dead easy to build.
  • Less emphasis on app management and distribution which makes for easy parallel version, using various versions, but not auto-updates per-se. Many apps just provide an AppImage download right from their site, like https://krita.org .
  • App images don't integrate into the desktop launcher, but you can use AppImageLauncher to remedy that. Nice but not perfect yet in my experience.

Flatpak

  • "Maintained platforms" allows devs to pick from collections of dependencies, which is an easy way to make sure all distros get covered.
  • The most secure sandboxing if used properly by developer.
  • Clear metadata that includes license information.
  • Builds are easily reproduced.
  • Flatpak apps integrate into the system launcher automatically.
  • There appears to be no issue running multiple versions in parallel. I will have to experiment and report back.

It would be wonderful if Ubuntu became completely open with their Snap platform, but why waste your emotional hope muscles on this? I remember waiting for Symbian to open source their code, or Adobe Flash, and many more. Nope.

Given that, we are left counting on open tools to match the new age of 2020 vision in all areas. For me, Flatpak is the leader here. The system integration and update management edges them ahead of AppImage for me. In PopOS! they fell just like system installed applications.

Not everyone is keen on Flatpak. Here's is valid criticism on it's sandbox defaults. The author shows how you don't know if the developer is using the sanbox correctly.  However, each Flatpak is easily controlled with the use of another app (also a Flatpak) called FlatSeal. Very handy if you want to install the sneaky Zoom Flatpak

My opinion will follow the flow of these tools and so, will certainly change. I haven't built an app for these platforms either, so take this research for what it's worth.

References

https://lwn.net/SubscriberLink/825005/6440c82feb745bbe/

https://linuxhint.com/snap_vs_flatpak_vs_appimage/

https://github.com/AppImage/AppImageKit/blob/master/README.md

https://appimage.org/

 

Home