An introduction to Fedora Flatpaks

Fedora Linux 35 Background; Fedora logo; and Flatpak logo by Matthias Clasen, CC BY-SA 4.0, via Wikimedia Commons

Flatpak is a distribution agnostic universal package manager leveraging bubblewrap to separate applications from the system, and OSTree to manage applications. There are multiple Flatpak repositories (remotes in Flatpak terminology), such as Flathub (the de-facto standard), GNOME Nightly, KDE and finally Fedora Flatpaks, Fedora Project’s Flatpak remote.

This article explains the motivation behind Fedora Flatpaks, how to add the remote, how to use it and where to find resources.

What is Fedora Flatpaks?

Fedora Flatpaks is a Flatpak remote by the Fedora Project for Fedora Linux. However, thanks to the universality of Flatpak, most other distributions can utilize it without a problem. Fedora Flatpaks builds from existing Fedora packages to ensure that everything remains free and open source and complies with Fedora’s standards.

Technically speaking, Fedora Flatpaks reuses existing RPMs from the Fedora Linux repositories and converts them to Flatpak applications using several tools.

Adding the Fedora Flatpaks remote

On Fedora Linux, Fedora Flatpaks is already added and ready to go.

If you are using a distribution other than Fedora Linux, then you will have to manually add the desired remotes. At the moment, there are two different remotes: the stable remote for stable applications and the testing remote for testing applications. To add the stable remote, run the following command:

flatpak remote-add --if-not-exists fedora oci+https://registry.fedoraproject.org

To add the testing remote, run the following command:

flatpak remote-add --if-not-exists fedora-testing oci+https://registry.fedoraproject.org#testing

These commands may need elevated privileges, thus needing an administrator password. If you do not have access to root or an administrator password, then you can still add the remote by using the --user flag to add per-user. If you have used --user, then you will have to use it in the later examples too.

Using Fedora Flatpaks

Software center

Flatpak is built with the Linux desktop in mind. Application stores such as GNOME Software have the ability to install and remove Flatpak applications after you add a Flatpak remote, making it easy to manage applications.

On GNOME Software, visiting an application’s page and pressing on the Source button at the top right hand side opens the list of available of sources. By default, on Fedora Linux, GNOME Software selects Fedora Linux (RPM). Fedora Linux (Flatpak), provided by Fedora Flatpaks, is available as an available source, but is not used by default. Simply select it, and then press on the “Install” button.

For example, to install Firefox from Fedora Flatpaks, head over to the Firefox page on GNOME Software. Then, press on the Source button at the top right hand side. Once the menu pops up, press Fedora Linux (Flatpak). Lastly, press Install. Here is a visual example:

Firefox on GNOME Software, with Fedora Linux (RPM) as the default option and Fedora Linux (Flatpak) as the second option
Firefox on GNOME Software, with Fedora Linux (RPM) as the default option and Fedora Linux (Flatpak) as the second option
Fedora Linux (Flatpak) source ticked
Fedora Linux (Flatpak) source ticked

Afterwards, GNOME Software will install Firefox on your system. You can use the application launcher to launch Firefox, just like any application.

To remove the application, simply press on the trash button next to the blue Open button in GNOME Software.

Command-line interface

Flatpak uses standard package management terminologies when it comes to commands. Some examples include:

# Installing a package
flatpak install fedora $APPLICATION
# Removing a package
flatpak remove $APPLICATION
# Updating packages
flatpak update

Substitute $APPLICATIONS with the desired application. Firefox for example is org.mozilla.firefox, or firefox for short. For more information on the commands, refer to the Using Flatpak documentation.

Finding resources

Source code

For curious people, source codes of container and Flatpak manifests are available on the flatpaks namespace at src.fedoraproject.org/flatpaks.

Filing a bug

Experiencing a bug with an application? Consider filing an bug! The Fedora Project treats applications from Fedora Flatpaks the same as their RPM counterparts, therefore the process of filing bugs for specific apps is the same as filing a bug for any package on Fedora Linux. To file an bug, head over to docs.fedoraproject.org and carefully read the instructions.

Conclusion

In conclusion, Fedora Flatpaks is a remote by the Fedora Project wherein Fedora Linux packages are converted to Flatpak. The vast majority of applications are free and open source. They are tested and verified by the Fedora Project. On Fedora Linux, the Fedora Project includes Fedora Flatpaks for you. On other distributions, you can easily add the remote by simply running a command.

Fedora Project community

68 Comments

  1. Gerald

    I like flatpaks – but they are less secure than they could be.

    By default most flatpaks can access the whole home directory of the user. Ordinary apps can do this, too, of course. But flatpaks can easily be limited to the Downloads directory, for example. So why is this not set by default?

    If Fedora / Red Hat would push for this, it would probably succeed and could really help people. Especially with web browsers and other “dangerous” apps.

    • The issue here is that it’s difficult to balance convenience with security. Many users expect something to work out of the box and to not get in their way. Restricting apps from accessing, e.g. your home directory may worsen the experience overall and will likely make them try an alternative or use from another package manager.

      For example, I am an artist and would like to edit some audio, so I decide to use Audacity. Since the Audacity Flatpak comes with host access by default (https://src.fedoraproject.org/flatpaks/audacity/blob/stable/f/container.yaml#_17), it is very unlikely to get in my way. But if the developer decides to restrict it to ~/Music and ~/Downloads only, then I won’t be able to access other directories. Instead, I will have to research, learn about Flatpak permissions and use Flatseal or the terminal to change permissions; or I’ll just use another package manager. Many artists have their files located in obscure directories, including myself, so we simply can’t restrict it because it will make apps like Audacity unusable by default.

      Thanks to Flatpak, we have technologies called “portals” wherein apps can only access certain data when the user explicitly tells them to do so. GNOME apps generally use portals, so we are able to restrict every directory and still have the convenience of being able to access all files without compromising security. Qt recently started doing that too. Unfortunately, many apps don’t support portals and won’t anytime soon. However, it’s still a step in the right direction.

      TL;DR: we balance security with convenience.

      • Vaarlion

        I can only agree with convenience as i for my part run away from flatpaks because of issue like :
        – not accessing mounted share
        – not accessing printer
        – not supporting drag and drop

        I know some flatpack do it better than other, but because of a couple bad experience, i usually just don’t use them if rpm is available.

  2. Michael Gruber

    So, Fedora flatpaks package Fedora rpms as flatpaks. Why would I want to use them on a regular Fedora system (rather than rpms)? After all, flatpaks are not as flat as one might expect.

    There really seem to be two main reasons:
    – provide Fedora “packages” to users on other distributions (as indicated in the 2nd paragraph)
    – provide Fedora “packages” to users on “non-regular”, i.e. rpm-ostree based Fedora variants

    Is there any reason to use Fedora flatpaks on an rpm-based Fedora variant?

    • Stephen

      My understanding is the main reasons flatpaks became was due to dependency issues either from lacking or conflicting dependencies on the host system(s), so better control for dev’s over that. Also security for the host system, as the flatpak is sandboxed. Then there is the broader appeal for developers to gain a larger potential Linux user base without too much extra work. I don’t think the technology is any less applicable in use for a standard RPM based Fedora Linux Workstation, than it is for a hybrid model like Silverblue, it just fits well with Silverblue and other rpm-ostree based offerings.

    • Night Romantic

      I can provide two reasons for doing so.

      First is quite narrow / niche: using Flatpak, you can install other version of software, even for already installed on your Fedora system. And you don’t need to mess with stable’s rpms to do this. For example, you can try nightly builds for some gnome applications from their remote. Or try a stable one without upgrading your Fedora to the next release. You even can install flatpaks of two different versions of an application, if you want to do it for some reason — I’ve tested it, though more than a year ago.

      The second reason can be more appealing for a wider range of users. You can install KDE application flatpak without cluttering your system with hundreds of KDE libs’ rpms needed for just one small app. Same goes for 32 bit app (some game, maybe) on your 64 bit system. You won’t save on disk space, no, but you’ll definitely have less clutter in you package manager. It’s easier to remove all the KDE or 32 bit stuff if you decide you don’t the application / game after all: several flatpak runtimes versus judges hundreds of rpms.

      Flatpaks have their uses, I think. It’s good we have a choice. And it’s good they aren’t forced on you 🙂

    • Jonatas Esteves

      — Flatpaks can be updated independently of OS. Old runtimes can be kept around, so old unmaintained apps that you depend on can be kept in a working state indefinitely, giving you time to migrate on your own pace;
      — Easy rollback to any previous version of a single app in case of breakage;
      — Flatpaks are sandboxed. Yes, open-source apps from a trusted source also need to be sandboxed, you can’t control bugs and internet attacks. The sandbox helps reduce the impact of security vulnerabilities.

      I have been using Flatpak for all apps for a while (from Flathub in my case), and the value has been obvious. The rollback feature was a real lifesaver.

    • Extract Primer

      Fedora Silverblue uses an immutable atomic core and encourages the use of Flatpak’s. Having the Fedora RPM’s converter to Flatpak’s is a step in the direction of Silverblue, which is the future of Fedora.

      • Anon Ymous

        I was thinking the same, since you mentioned it I won’t bother making a post. One thing tho is the Silverblue methodology is a POSSIBLE future of Fedora- it is not the end all top level tech. I really like silverblue tho and am rooting for it to dominate.

    • trustgsmx

      Right directly to the point ,i agree 100%

  3. When the same app is installed from multiple sources at the same time (e.g. both RPM and Flatpak, or Fedora Flatpak and Flathub) is there a way to launch a specific version without opening the detail view in Gnome Software? Thanks!

    • hashrack456

      You can create separate launcher for those 2. I have OBS studio rpm version and flatpak package. Flatpak version got the higher priority. I made a separate launcher for OBS studio rpm using menulibre.

      If you use stable and nightly version of same app with flatpak, both version should be available from gnome overview.

  4. Craig Mouldey

    flatpak remote-add –if-not-exists fedora oci+https://registry.fedoraproject.org
    This command is ‘not found’.

  5. Captain 3d

    I love the idea of flatpaks shared apps that can be tested by all distros resulting in higher quality apps. Having a private repro defeats this idea and it basically just an rpm again.

  6. Michael

    Every time I use a Flatpak there’s a huge problem with its functionality and the recommendation is to not use Flatpaks. Thanks Feddy but I’m good on em

  7. Gianluca

    I hate flatpack, more program work at 60% …
    remove to app center…..

  8. sprintcowboy

    I am not sure how to ask this correctly but hope you can understand what I am trying to say
    Can you help me understand about runtime drivers for video and audio?
    Is there a disadvantage using the flatpak?
    Will the flatpak be a older runtime than the .rpm?
    For example Zoom, rpm vs flatpak

    • Unfortunately, I don’t know.

      I believe they will be on par. However, there is a chance that one might be behind. I don’t have any proof, though, so it is up to you to take my word for granted.

  9. Watynecc

    I love the choice option made for Software Center ! Keep the good work !

  10. Reon

    Wish rpm was the default over flatpak on gnome.

    • It is. It’s literally written in the article.

      • Vincent

        Has it always been the case that rpm is the default? I remember installing Evolution from the GNOME Software Centre on Fedora 32 or 33, and realising later on that it had been installed as a flatpak. I don’t think I had tweaked my system to favour flatpak over rpm.

        I’ve just checked on Fedora 35 though, and rpm does seem to be the default on this version.

  11. Darvond

    Mmm, delicious. More Gnome-Centric stuff.

    Sorry. It’s just that flatpack hasn’t really ever given a good argument over appimages and as someone who well, just doesn’t agree with what Gnome has been doing since at least April 6, 2011, just seeing it makes my inner old man yell at the clouds.

    • MikeN

      Flatpak is “GNOME’s preferred and recommended distribution framework” per Gnome developers site, but can be used by any distro and inside any DE.
      It’s a nice concept and, for example, can be a ‘life saver’ when the default package manager does not provide an application or a usable version of an application.
      The one thing that personally bothers me with Flatpaks is the amount of disk space (hundreds of megabytes per application) they may eat up even for very small applications.
      But if Flatpak can end the silliness with the multiple different package managers across distros and the need to have apps recompiled almost every time a dependency is upgraded, I will follow.

  12. Mark

    Is it possible to not use flatpaks? It seems certain things just got installed as flatpak when I installed fedora 35. When I do flatpak list – there are many programs that I have no idea what they are (one being gnome software itself) I prefer to only use fedora repositories as i did years ago.

    • You can run

      flatpak remove --delete-data *

      in the terminal, choose the number corresponding to “All of the above”. Once everything is done deleting, you can remove Flatpak. At least from my understanding.

      • Mark

        The problem is I do not know what some of the programs are…Also, one I do know, Gnome Software, I want. It is really frustrating that I chose Gnu/Linux back in 2017 because I wanted to make the choices…and it seems here I am back to square one. I log on and my computer is telling me about updates…rather than me telling it. Oh well….if I get ambitious, maybe BSD? (Joking, sorta).

        • I think you are confusing with the motivation of Fedora Linux as a whole and freedom. Fedora Linux is by design supposed easy to use for the end user, hence they support next-gen and/or more intuitive and/or superior technologies like Wayland, PipeWire, Flatpak, etc. And also prevent you from doing certain fatal mistakes like removing sudo.

          Many users don’t understand the importance of automatic updates, especially security updates. It’s really important to keep the system up to date because these updates are very likely to come with bugfixes and security patches. Fedora and GNOME try their best to ensure that everything is painlessly updated. However, everybody is different so this approach may not be suitable for every one. And that’s completely fine!

          Both projects are free and open source, so anyone is free to contribute. Of course, that doesn’t mean you should be dictating and yell at them what to do and not do, because these projects have their own goals too.

          But if you don’t like Fedora and/or GNOME, then that’s completely okay! You are free to choose other desktop environments like Cinnamon, Plasma, XFCE and more. Or you can switch to a window manager too. If you don’t like Fedora, then you can try another distribution like Arch Linux, Pop!_OS, etc. Because that’s what the Linux desktop is: you have the option to use something else.

  13. Doug Epling

    Is there redundancy between flatpak and snap? When would you prefer one over the other?

    • Snap runs really well in servers because it was designed for IoT and such. Canonical decided to adapt Snap to the desktop but it comes with many problems like slow startups, taking up a lot of spaces, using a proprietary backend, etc.

      For desktop applications, I suggest using Flatpak over Snap, simply because it was designed for that and efficiently manages them. Snap is better used for servers and has many problems in desktop space.

      I explain in-depth the downsides of Snap on the desktop on my website and compare it with Flatpak, see https://theevilskeleton.gitlab.io/2021/10/03/flatpak-vs-snap.html.

  14. Anon Ymous

    Question- could flatpak ever be made as a sort of replacement for a vm solution? For example, what if one could simply get a SilverBlue or Rocky flatpak, use it to check a banking account or credit card account or something? The goal/purpose would be to have an added layer of protection. Just wondering if FlatPak could ever offer more security or a better solution to traditional vm’s. Seems like in that way, FlatPak could one day could provide a better solution to vm’s such as Gnome Boxes?

    • Flatpak and VMs are two completely different technologies and solve different problems – so the answer is a no. VMs are meant to run different operating systems, virtualize hardware, etc. Flatpak is a container technology meant for applications, without using a lot of resources.

      VMs use a lot more resources than containers simply because they virtualize literally everything of an operating system.

      Flatpak is unlikely to provide better security than VMs, simply because it uses the host hardware and doesn’t virtualize anything, unlike VMs. All Flatpak does is prevent applications from accessing certain types of resources, for example some directories, APIs, etc.

      So it’s really up to you to decide. If you want to maximize security, then you’d want to use VMs and perhaps even Flatpak inside a VM (with other security practices), or use Flatpak which already balances security, convenience, resource usage and speed very well. However, none of them are better, because none of them are comparable, since they’re meant to fix different problems.

  15. A-team

    Flatpaks. Because why be like a centralised app store when you can be a centralised app store.

    I mean, I can sort of see what this is solving, but you know what would be even better? If the packaging system was more like Windows. And I know hundreds of Linux purists will hate me for this, but Windows and MacOS have great package management tools. The programs are supplied either with an executable installer or a binary that can just run, or an MSI package.

    If anyone’s wondering why Linux has such a low adoption rate in the desktop, there’s a huge piece of the puzzle. If I want to develop a program for Windows, I can just develop it and tell people “here you go, ready to run!” What do I need to do for this? Somehow get it on Flathub or make an entire repo just for this, and give people 50 steps to install or run a program.

    With a spot of luck, Silverblue or Kinoite can fix these with the stuff cooked into it (though I wish Kinoite wouldn’t include that akonadi crap).

    • What does Flatpak have to do with centralized app stores? FYI, Flatpak is not an app store and it’s anything but centralized.

      Also, I prefer not to go to random websites and download .exe’s and the likes. I prefer having an application that lists available apps and informs me when the applications are properly sandboxed and where these applications come from. Also, Microsoft pushes the Windows Store as much as they can, same with macOS with the App Store.

      • A-team

        You have to add repositories like Flathub or Fedora’s flatpak repo. Seems like a centralised app store curator to me. Is it possible to distribute an app without needing a repository?

        Let’s put it this way: if I, a developer, want to create an app and have the files accessible from my own site, so others can download it, here’s the workflow for the two systems.

        Windows:
        1. User goes to my website.
        2. User finds my way cool app and downloads the installer.
        3. User runs the installer and it installs the app.

        Linux (Flatpak)
        1. User goes to my website.
        2. User finds I make a way cool app, and is instructed to download using Flatpak via Flathub.
        2A. Flatpak site – user has to set up Flathub (unless already set up)
        3. User needs to confirm that it’s my app (with the domain name backwards org.waycoolapp because that’s the Flatpak way).
        4. User has to download 1GB worth of runtimes (that are already on the base OS) and then my app.
        5. User needs to run the app like “flatpak run org.waycoolapp/waycoolapp” or with menu shortcut.

        And the “random websites” argument is bogus. This website is a random website. The Linux kernel website is a random website. The apps you install are “random apps.” The distro you install is likely a “random distro.” What’s the difference between a “random app” from a central store, and a random app from a “random website?” You can still, if you like, have a centralised source of .exes if you really wanted. If you can’t trust the “random website” then how the hell can you trust the app, or the developer that makes the app?

        Also why should the package manager handle sandboxing? That should be an OS thing, not a package manager thing. If the package manager sets up sandboxing, it’s perhaps a different story.

        Another issue is support: what if a user wants some support, maybe some specific problem he’s having, and I need to give him an update or a patch that may fix it? I can’t just give him a new binary/installer and say “here try this” like I can with Windows. Funny enough, Linus Torvalds was talking about that with his program, Subsurface. He doesn’t produce any Linux binaries for this reason.
        Now if there was a way to do this with Flatpaks or even Linux binaries, that would save the day. If you can have “portable apps” on Linux, that would help also.

        There are pressing issues, that someone else has mentioned so I don’t see any point in repeating this: https://ludocode.com/blog/flatpak-is-not-the-future
        Hopefully some of it changes as Flatpak matures and it becomes a bit more mainstream.

        As for Microsoft pushing the store, yes I think it’s deplorable. But that’s not what I was talking about. I think they’re screwing the pooch, which is why I’m on Linux, and with a spot of luck, they screw it hard enough that it becomes easier to use Linux! I think KDE is much easier to use than Windows 10 or 11 already so that’s a start. Long-time Windows user since Windows 3.1.

        • No, you can’t distribute an app without needing a repository. However, you can use someone else’s remote, similar to how deb works. So, you can distribute the app and the dependencies are installed using another remote like Flathub.

          The example you provided is really picky. If Flathub was never set up, you can add the remote via the CLI, and then open GNOME Software and install the application. Afterwards, you can run the app from the menu. I’ve been doing that for a while and it’s been working fine. The CLI isn’t the only option.

          Also, the distributor can provide .flatpak files if they prefer to not use a remote. All you have to do is double click on the file, and then press install (assuming you have the runtime). Of course, in the CLI you run flatpak run […].flatpak to install.

          The difference between a “random app” from an app store and a “random app” from a website is that you don’t have to go through an installer and press on “next” for every step, and potentially get malware if you don’t read. App stores are generally much safer for the user because these apps are already checked by the maintainers of the repository. GNOME Software for example even tells you if the application has good permissions and warns you when something is bad.

          There is also convenience, where everything is available in once place and can be easily searched with categories, just like how Android and iOS do it.

          Why should the sandboxing be an OS thing? If anything that’s a terrible idea because distros use different mandatory access controls (MACs). Fedora uses SELinux, whereas Debian based distributions, openSUSE and many others use AppArmor, for example. Arch doesn’t come with any application sandbox whatsoever. Android uses SELinux only so using SELinux to sandbox makes sense on Android, but not in desktop distributions. Also, what we have right now is setting up the sandbox and not the package manager sandboxing. Everything is done using bubblewrap.

          Yes, you can literally give them the binary/installer. If maintainers want, they can just provide .flatpak files that you can use to install.

          In fact, support becomes much easier with Flatpak. Since Flathub wants apps to be reproducible, it’s much easier to reproduce problems and much quicker to come to conclusions because dependencies are the same across distros no matter what, without resorting to using virtual machines. Distro dependencies can be patched by the maintainers, or be an untested version by the maintainer of the app, etc. Flathub also provides testing builds that the user can install in one command to check if the change has resolved it or not.

          I read that article a while ago, and it’s FUD. The “Size” paragraph doesn’t take the ACTUAL size into account. Here’s a response that explains it in details: https://blogs.gnome.org/wjjt/2021/11/24/on-flatpak-disk-usage-and-deduplication/.

          Also, the author mentions that they’re using Fedora 34 when Fedora 35 was already out. The new Fedora comes with the new GNOME Software which already addressed some the author’s issues before they even wrote it.

          The ““It’s better than nothing!”” paragraph is also misleading. No matter what, Flatpak apps do not have access to /proc and that’s a great thing because apps can easily gain escalated privileges if they did. Apps that have many permissions may still not have access to certain system and session like screenshots or screen capturing related APIs, which is still much better than having a completely unsandboxed app.

        • Marc

          I don’t share your praise for the windows model “download, install, next, next, sideload malware, finish”, but the link you shared was a very interesting read. The only need for a fedora user for flatpaks would be a very outdated application that can’t or does not want to update their dependencies. If you are happy with the software available via the classic dnf/yum repos I don’t really see any advantage of using flatpaks of those apps. There are plenty of downsides that are described on that link. Maybe I am willing to accept them for a legacy enterprise app, but why would I prefer Gimp or Firefox as flatpak?

          • A-team

            “No you can’t distribute an app without needing a repository.” – This is what I’m talking about.

            “Also, the distributor can provide .flatpak files if they prefer to not use a remote.” – That may be a viable option.

            “If Flathub was never set up, you can add the remote via the CLI, and then open GNOME Software and install the application. ” – My example took exactly this into account, which is why I called it “Step 2A” to be fair.

            “The difference between a “random app” from an app store and a “random app” from a website is that you don’t have to go through an installer and press on “next” for every step, and potentially get malware if you don’t read.”
            If people are getting malware because they do not read then they should learn how to read.
            Just because something is on an app store doesn’t mean it’s not malicious, in fact this often gives a false sense of security. Do you really think Flathub et al will check all the applications on there for malware? Plus, what if there’s an app they don’t like because they find it “offensive”? Apple and Google are already canning apps because of this.

            “I read that article a while ago, and it’s FUD. The “Size” paragraph doesn’t take the ACTUAL size into account.”
            As a good example, try installing the Qt Creator flatpak, it wants to download over 6GB.
            In that article you mention, I note the author hasn’t refuted any evidence the “FUD” article provided – example kcalc (a simple calculator app).

            “No matter what, Flatpak apps do not have access to /proc and that’s a great thing because apps can easily gain escalated privileges if they did.”
            If you can get escalated privileges from being able to read /proc then there’s a huge flaw in that system anyway.

            “I don’t share your praise for the windows model “download, install, next, next, sideload malware, finish”, ”
            Why do people think that the malware thing is restricted to Windows only? Mac OS allows for this stuff also, it’s a tried and tested means of distributing software.
            Regardless, malware can exist in the Linux ecosystem too, and can definitely be distributed using flatpaks. No amount of sandboxing nor a central app store will stop that. I note a quote from the article I linked previously:

            “This is very far from the traditional Windows experience of just downloading an installer, clicking Next a few times, and having your app installed with complete desktop integration. This is true freedom. There are no requirements, no other steps, no hoops to jump through to install an app. This is why the Windows Store and to some extent even the macOS App Store are failing. They can’t compete with the freedom their own platforms provide.”

            • Marc

              Actually you started to bring up windows. And I know that this is not a windows-exclusive problem. But what for sure is true, that there are literally billions of users so well trained to click “OK” on this UAC thingy without even thinking, that the attack vector of getting your malware into their machine is so much more promising than smuggling it into an offical package source like fedora repos or – face it – the “official” flathub, which is a point for them.

              • A-team

                Maybe, but you mentioned malware. If people are just clicking on things without thinking, how is that Windows’ fault? I don’t see how this discredits that distribution model. In fact, ironically, this model is even more “free and open” than the centralised store/repository model.

                How does Flathub protect against trojan horses? Do they check every single package, go through all the sources, and compile them on their own so all you get are 100% guaranteed malware-free Flathub packages? Or is this yet another false sense of security? We are repeatedly being led to believe that app stores are 100% safe, which does away with the “be careful of downloading stuff” and similar safety practices.

                Flatpak’s default setup doesn’t even need sudo to run, yet every other package manager out there does. It’s very easy to change Windows so it gives you the UAC prompt every single time, but on Linux it’s a lot harder.

          • A-team

            I’m not the only one who agrees with what I say about application packaging either. Linus Torvalds has this to say: https://www.youtube.com/watch?v=Pzl1B7nB9Kc

            • condor

              How long has Linux Torvalds been mentioning Valve as potential gatekeeper? Oh never mind, I was just thinking, when I pick winners, people listen to my idle banter at holiday meals.

              My production machine is a Fedora 33 Workstation installation and dnf reports 170 transactions. I’m going to replace the installation with a Fedora 35 Workstation installation that I began working on shortly after release with 47 transactions already. I rollback transactions all the time now and rarely ever did when f33ws was released! I’ve got a video editor from flathub on the new installation that was convenient as blankity blank to install and nobody even asked me to scroll through a EULA! Do flatpak’s such as my video editor fall in with the Fedora Project’s mission statement?

              https://docs.fedoraproject.org/en-US/project/

            • Right, and I agree with him too. But if you did enough research, you would’ve realized that he actually has hope on Flatpak https://youtu.be/mysM-V5h9z8?t=241.

  16. Marc

    What I find rather confusing is that there my Fedora shows me lot of flatpaks available from flathub AND fedora. Which should I choose? Just to give you an example: firefox

    Version Branch Remotes
    95.0.2 stable flathub
    94.0 stable fedora

    the “official” flathub is even more recent in this case. So why does exist the fedora clone?

    • The Fedora one isn’t a clone. It just means that it’s provided by Fedora Flatpaks. Fedora’s Firefox comes with a couple of patches applied, see https://src.fedoraproject.org/rpms/firefox/tree/rawhide. However, as we can see with the versions, Firefox from Fedora Flatpaks may lag behind in versions.

      Firefox from Flathub provides a vanilla experience, wherein everything is provided without any modification. And it gets released as soon as the new version of Firefox is released.

      Now, it is up to you to choose whichever you prefer. Whether it is for political reasons, usability, trust, etc.

      • Marc

        Yes, I definitely get the “the user should have the choice” argument, but how should my grandma answer those questions, when even I (as a professional software developer for 20 years) am struggling to answer it? Political reasons? Hey, i’ve chosen Fedora, why do they even ask me to use the other one? usability? Why shuold there even be a difference? Trust? They don’t differ from their self description, how should I trust one more than the other? Overall, this flatpak thingy is safe, or? Why on earth should I not trust something I find there?

        If I am settling to a distribution, I’ll also expect the distro to make a sane default for me (with the extend to opt out for advanced users). This is the real reason why Linux on the desktop is not happening.

        • Chances are, your grandma won’t be putting any thought on which version should be installed when she installs an app. She’ll likely just choose whatever is default.

          However, I do agree that it leads to confusion and I cannot argue with that. This is why I decided to start this series because I want to make things clear for an average person and perhaps even help them take an informed decision.

  17. Clive

    One comment mentioned “Fedora Silverblue” which by all reports in the media is a move in the direct of MS Windows where you get what you are given. One argument for using flat packs was to remove the creation of RPM packages to save time.

  18. A-team

    Speaking of trust, here’s a gaping security problem: the ability to install SYSTEM-WIDE packages with Flatpak, without using sudo.

    This could be a PolicyKit thing but every other tool that alters the system state requires sudo. Why can Flatpaks be installed without it? That just undermines the Linux user security model of not running stuff as root.

    • Yes. It’s caused by PolicyKit. If the user is not part of the wheel group, then it will ask for the password. https://github.com/flatpak/flatpak/blob/master/system-helper/org.freedesktop.Flatpak.policy.in#L17-L22

      Please, just stop. You are spreading FUD and it’s pretty clear that you are doing very little research to understand how and what Flatpak works and does respectively. Furthermore, this article is about Fedora Flatpaks and not Flatpak as a whole. You are arguing about Flatpak the utility which is not what this post is about, since it’s specifically about Fedora Flatpaks. The source code of Flatpak is completely open, so if you want to learn more about Flatpak, then you can visit their GitHub repository and read the code yourself. You can also chat with the developers at #flatpak:matrix.org.

      • A-team

        I mentioned PolicyKit, I am aware that it’s a PolicyKit issue, but the config comes from Flatpak (as you point out).
        I’m not fundamentally against the idea of Flatpak (and I do like the idea behind Silverblue), but there are some valid criticisms for this that are being shot down as FUD. If I was doing “very little research” I wouldn’t have found the links I have found.

        Some of these criticisms can even be addressed by Fedora (eg. a package appearing in both Fedora Flatpaks and Flathub at the same time). Others is going to be a bit of a challenge.

  19. james

    Wow, some heated discussion. Nice article. I would really like to see a tutorial on how to make a simple flatpak. I have a game I want to package so that I can use it on silverblue.
    Btw, am loving silverblue and flatpak is really userful, but I have a server running silverblue and I have to offline it to update which is a bit of a downer.

  20. Matthew Phillips

    Please keep the Fedora Flatpaks up to date, they are behind. For example, I want my browser up to date, that is just something I want for security purposes. If Firefox releases an update it shouldn’t be more than a few days until the bits hit my my NIC.

    As of today the Fedora Flatpaks version of Firefox is still at 94.0, released November 2. In contrast both the Flathub AND the RPM version of FF in Fedora’s normal repo is at 95.0.2, released December 19. There were two minor and a major version between that were missed and of course the update is still not there.

    I want to use the Fedora Flatpaks for all the reasons given — freedom first and tested to work with Fedora. But until that is fixed I will be pulling my apps from Flathub.

    • I would suggest bringing this up in the flathub discourse general discussion room. That venue is more likely to receive flathub attention than a comment on a Fedora Magazine article.

      Thanks for participating.

      • It would be better to bring this up in the respective package in the Red Hat Bugzilla. This is a Fedora Flatpaks issue, not a Flathub issue.

        • Matthew Phillips

          Thanks TheEvilSkeleton, I will do that. I appreciate you reading and comprehending my post.

  21. laolux

    When will Gnome Software be made fully aware of flatpaks? Currently when using a flatpak app, I get a notification every once in a while that

    Additional Fonts Required

    . When I click on

    Find is Software

    , then Gnome Software opens and shows me that the

    langpacks-core-font-ko

    package is installed already, with source

    Fedora Linux (RPM)

    . It does not show anything about a flatpak version of that package, even though the missing fonts issue came from a flatpak app…
    Side remark: I cannot manually search for

    langpacks-core-font-ko

    in Gnome Software. Nothing shows up. Only when clicking on the

    Find in Software

    button Gnome Software seems to find that package.

  22. Jakub

    Flatpaks are so great. I hope they’ll push devs to provide theirs apps on linux.

  23. Brian

    Other than an other layer separating applications from the kernel, you offer a really poor description of what Flatpaks are for and why I would want to waste extra gigabytes of disk space to use them … so I can run ONE app from an earlier distribution, that is no longer being maintained ?

  24. condor

    I noticed Software supporting flatpaks a while back! I’d like it better if rpm/flatpak were selections available in the Explore panel while setting audacity as the query string. The article is about Fedora Flatpak and doing good research. So far this is my favorite introduction to the topic of building flatpaks:

    https://docs.flatpak.org/en/latest/getting-started.html

    Package management innovation is fairly often introduced, but even if I had a crystal ball I be slim chances at picking the future of a winner.

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions