←back to thread

The Future of Flatpak

(lwn.net)
306 points dxs | 10 comments | 22 May 25 23:51 UTC | HN request time: 0.417s | source | bottom
1. conradev ◴[23 May 25 00:44 UTC] No.44068680[source]
The permissions issues are real.

It still isn't possible to package Tailscale or anything that creates a virtual interface as a Flatpak because there is no permission for that. macOS has an API to ask for permissions to add an interface/change routes.

replies(5): >>44068857 #>>44069176 #>>44069413 #>>44069472 #>>44071203 #
2. curt15 ◴[23 May 25 01:12 UTC] No.44068857[source]
Thanks to said API, Tailscale on MacOS is even distributed as a sandboxed app through the Mac App Store [1]. Flatpak's restrictions make certain classes of software difficult to use on "atomic" Linux distros like Silverblue or Bluefin that provide a read-only base system and expect users to get their software through Flatpak.

[1] https://tailscale.com/kb/1016/install-mac

replies(1): >>44069362 #
3. wmf ◴[23 May 25 02:04 UTC] No.44069176[source]
Maybe Tailscale should be a sysext not a Flatpak.
4. curious_ralts ◴[23 May 25 02:38 UTC] No.44069362[source]
I daily drive an immutable Fedora spin and if I wanted to install Tailscale I would most likely add it to the base image via `rpm-ostree` instead of trying to reach for Flatpak - not because i'm aware of the issues but because it makes more sense to me to add a more system-wide networking layer to the base image. That being said there are many apps that are not packaged as Flatpaks that I end up adding to the base layer out of necessity which I would have liked to use as Flatpaks.
5. WD-42 ◴[23 May 25 02:48 UTC] No.44069413[source]
I'm not sure I'd install tailscale as a flatpak even if it were possible. I've always seen flatpak as a way to install large, potentially crappy desktop applications without polluting your system. OBS studio is a perfect example - it's a great app but it's the only one I use that uses QT, thanks to flatpak I don't even have the QT libraries installed on my system.

Tailscale is more like a system service that I'd prefer a distro package for (Arch Linux repos contain Tailscale, btw).

replies(1): >>44071233 #
6. klabb3 ◴[23 May 25 03:02 UTC] No.44069472[source]
Im not really much of a flatpak user but to me it seems like permission system on top of Linux is an incredible undertaking. Solving both packaging and retrofitting permissions at the same time seems too big of a cookie to swallow. I don’t know whether the permission system is what killed the momentum and caused this seeming burnout. But it seems incredibly complex.

To me, Linux doesn’t have a granular modern permission system, and I don’t expect my package manager to solve it for me. I still run proprietary software on it, because I kind of have to. Is that an ideal situation? No. But I rather have a distribution system and vet vendors (which I’m doing anyway) than wait another decade for permissions to be perfect. Distribution, packaging and updates is the pressing need imo.

7. ChocolateGod ◴[23 May 25 09:04 UTC] No.44071203[source]
> It still isn't possible to package Tailscale or anything that creates a virtual interface as a Flatpak because there is no permission for that.

It's possible but not ideal. The application could use flatpak-spawn (to get out the sandbox) and then polkit-exec (to ask user for root perms for arbitrary use) to get root privileges on the host, but you're removing nearly all sandboxing.

8. vrighter ◴[23 May 25 09:09 UTC] No.44071233[source]
You don't have QT libraries installed on your system. You just have then in some archive somewhere along with a bunch of copies of stuff you do already have installed on your system.
replies(1): >>44072605 #
9. porridgeraisin ◴[23 May 25 13:15 UTC] No.44072605{3}[source]
Why does that matter? Copies of a few libraries is just not a problem.
replies(1): >>44081179 #
10. vrighter ◴[24 May 25 13:59 UTC] No.44081179{4}[source]
if it doesn't matter then why is them not being in an archive along with a bunch of other duplicate stuff a bad thing?