The Flatpak is already packaged and works well. It just needs to be maintained from a person that joins the Inkscape community.

This would allow further improvements like Portal support and making the app official on Flathub.

Update: One might have been found!

19 points
permalink
report
reply
8 points

Why is the flatpak not verified on flathub? Hmm

permalink
report
reply
45 points
*

From the conversation it seems to be a similar situation to the project I’m with is in. The flatpak is essentially community maintained rather than being directly supported by the team. To become verified it needs to be done so by a representative of the maintainers of the software. To be verified it doesn’t have to have a team member involved in it but this is a requirement Inkscape seem to have imposed.

For us we just aren’t in a position to want to support it officially just yet, we have some major upgrades coming to our underlying tech stack that will introduce a whole bunch of stuff that will allow various XDG portals etc. to work properly with the Flatpak sandboxing model. To support it now would involve tons of workarounds which would need to be removed later.

permalink
report
parent
reply
1 point

Thanks for the valuable insight.

permalink
report
parent
reply
1 point

Thank you for all your hard work and explanation 🙏👍

permalink
report
parent
reply
13 points

Why is the flatpak not verified on flathub? Hmm

Because it’s not by upstream Inkscape, apparently.

permalink
report
parent
reply
7 points

Wait till you learn that your flatpak client doesn’t verify anything it downloads

permalink
report
parent
reply
3 points
*

*'til

But the lack of verification and validation is a huge risk to flatpaks. As someone formerly involved with securing OSes, this kind of thing was scary back then and doubly scary since it entered its “don’t confirm; just get in, loser” phase.

permalink
report
parent
reply
0 points

😱 so I guess install via appimage?? Package manager? 🤷 🤯 brain malfunction. Im thinking don’t download or install until you verify the download with a hash and hopefully signature if they exist 🤷 use fedora? Which has better security? 🤷🤯

permalink
report
parent
reply
1 point

For checksums: https://github.com/flathub/flathub/issues/1498#issuecomment-649098123

Flatpak does verify the integrity of files as it is downloading/installing them. For ostree remotes this is done using GPG signatures (which are better than mere checksums). If you want to see the commit ID (which is like a checksum) for something on flathub use e.g. flatpak remote-info -c flathub org.gnome.Builder and for the local copy flatpak info -c org.gnome.Builder. For OCI remotes we at least check SHA256 sums and there might be more integrity verification mechanisms I’m unaware of.

But for signatures: https://github.com/flatpak/flatpak-builder/issues/435

permalink
report
parent
reply
1 point
*

Checksums are not for authenticity, and link me to the docs that indicates that ostree’s optional encryption is enforced in flatpak

permalink
report
parent
reply
3 points
*

!boinc@sopuli.xyz flatpak also needs a flatpak maintainer! Your work would help people contribute their spare computational power to scientific research. If you are passionate about fighting cancer, mapping the galaxy, etc this is an awesome way to contribute to that effort in a very force multiplying way.

permalink
report
reply
-10 points

Oficial repositories, unoficial repositories, flatpak, snap… What happened to just donwload the app from it’s own creator and install on your machine? Why do we need every app being touched by some rando before I can install it on my box?

permalink
report
reply
18 points

Your wanted option is not gone, you can still download the binaries if the author presents them; or you can compile it from source. This is just another, more convenient way to distribute the program.

If you are looking to get your programs Windows-style, to download a binary or “install wizard”, then you can look into appimages.

Like any form of distribution however: someone has to offer this, be it the author or “some rando”.

permalink
report
parent
reply
3 points

Appimages have no install wizard. And Windows executables have some weird signature verification which Appimages dont have at all.

permalink
report
parent
reply
3 points
*

And Windows executables have some weird signature verification which Appimages dont have at all.

EDIT:

Appimages have no install wizard.

Appimagelauncher, gearlever, AM, etc. Which is the same as a install wizard since it integrates the appimage into the system. AppImages do not need to be extracted into the system which is what windows install wizards do.

permalink
report
parent
reply
3 points

True. Still the most windows-like installation method.

permalink
report
parent
reply
11 points

What happened to just donwload the app from it’s own creator and install on your machine?

That’s the Windows shit I specifically wanted to get away from

permalink
report
parent
reply
7 points

What happened to just donwload the app from it’s own creator and install on your machine?

You have that option with the appimage, inkscape releases it themselves.

permalink
report
parent
reply
5 points

Thats how packaging works.

On Android I use Obtainium, as the package manager deals with signature verification. On Linux, Flatpak is the only equivalent to Android apps.

RustDesk is the only Flatpak not from Flathub I use, because they have messed up permissions.

permalink
report
parent
reply
5 points

There’s also Pied, which hasn’t gotten around to submitting to Flathub.

permalink
report
parent
reply
2 points

Wow, cool app!

permalink
report
parent
reply
1 point

Keep in mind the Rustdesk flatpak has full access to your machine and isn’t sandboxed

permalink
report
parent
reply
1 point

Yes true, thats why it is not published on Flathub.

I will add an override to it that makes sense.

permalink
report
parent
reply
3 points

Because it is better?

permalink
report
parent
reply
-29 points

Flatpak is not the future

permalink
report
reply
26 points

./configure && make && sudo make install is not the future

permalink
report
parent
reply
6 points

Well… of course only time will tell, but the fact that we’ve been doing that for sooo long… (me for ~20 years?) would imply that it might just be around for longer than snap/flatpak/etc

Of course, sometimes it’s disguised as yay -S

permalink
report
parent
reply
14 points

What is ?

permalink
report
parent
reply
25 points

I’d say flatpak isn’t the future because it’s already here and seems to be universally accepted as the cross-distro package manager.

I do like how the Nix package manager handles dependencies, but it’s not suitable for app developers packaging their own apps because of its complexity.

If a better flatpak comes around I’d use it too, but at least for graphical apps I don’t know what it’d have to do to be better. In my opinion, flatpak is a prime example of good enough, but not perfect and I’d be surprised if there was a different tool with the same momentum in 15 years (except snap, but they seem too Ubuntu specific).

permalink
report
parent
reply
3 points

(except snap, but they seem too Ubuntu specific).

For what it is worth you can install Snap on most distros. https://snapcraft.io/docs/installing-snapd

permalink
report
parent
reply
2 points

Snap is shit. I started using flatpak because apt didn’t support apps that I wanted and snap only supported ancient releases. .deb is annoying too and .appimage I don’t like to have the files hanging there

permalink
report
parent
reply
0 points

Apt or distro package manager of choice.

permalink
report
parent
reply
5 points

No, APT is the past 20 years.

permalink
report
parent
reply
2 points

They lack packages

permalink
report
parent
reply
1 point

Those need root and don’t isolate apps from the base system

permalink
report
parent
reply
-1 points

No idea

permalink
report
parent
reply
6 points

it sure seems like it though

i mean, they’ll never replace system package manager, but for desktop applications, flatpak is honestly quite good

permalink
report
parent
reply
4 points

(Not incredibly educated on Flatpaks, please educate me if I’m wrong) My main issue with Flatpak is the bundled dependancies. I really prefer packages to come bundled with the absolute bare minimum, as part of the main appeal of Linux for me is the shared system wide dependancies. Flatpak sort of seems to throw that ideology out the window.

Let me ask this (genuinely asking, I’m not a software developer and I’m curious why this isn’t a common practice), why aren’t “portable” builds of software more common? Ie, just a folder with the executable that you can run from anywhere? Would these in theory also need to come bundled with any needed dependancies? Or could they simply be told to seek out the ones already installed on the system? Or would this just depend on the software?

I ask this because in my mind, a portable build of a piece of software seems like the perfect middle ground between a native, distro specific build and a specialized universal packaging method like Flatpak.

permalink
report
parent
reply
3 points

well, the point of flatpak is to have bundled dependencies so they run predictably no matter the distro

if one of your software’s dependency gets updated, and your software isn’t, you may run into issues - like a function from the library you’re using getting removed, or its behaviour changing slightly. and some distros may also apply patches to some of their library that breaks stuff too!
often, with complex libraries, even when you check the version number, you may have behavioural differences between distros depending on the compile flags used (i.e. some features being disabled, etc.)
so, while in theory portable builds work, for them to be practical, they most often are statically linked (all the dependencies get built into the executable - no relying on system libraries). and that comes with a huge size penalty, even when compared to flatpaks, as those do have some shared dependencies between flatpaks! you can for example request to depend on a specific version of the freedesktop SDK, which will provide you with a bunch of standard linux tools, and that’ll only get installed once for every package you have that uses it

permalink
report
parent
reply
4 points
*

wrong answer sound

permalink
report
parent
reply

Linux

!linux@lemmy.ml

Create post

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

  • Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
  • No misinformation
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

Community stats

  • 8.5K

    Monthly active users

  • 6.3K

    Posts

  • 173K

    Comments