Try Proton VPN, my pick for a secure and private VPN: https://protonvpn.com/TheLinuxEXP
Grab a brand new laptop or desktop running Linux: https://www.tuxedocomputers.com/en#
SUPPORT THE CHANNEL: Get access to a weekly podcast, vote on the next topics I cover, and get your name in the credits:
YouTube: https://www.youtube.com/@thelinuxexp/join Patreon: https://www.patreon.com/thelinuxexperiment Liberapay: https://liberapay.com/TheLinuxExperiment/
Or, you can donate whatever you want: https://paypal.me/thelinuxexp
👕 GET TLE MERCH Support the channel AND get cool new gear: https://the-linux-experiment.creator-spring.com/
🎙️ LINUX AND OPEN SOURCE NEWS PODCAST: Listen to the latest Linux and open source news, with more in depth coverage, and ad-free! https://podcast.thelinuxexp.com
🏆 FOLLOW ME ELSEWHERE: Website: https://thelinuxexp.com Mastodon: https://mastodon.social/web/@thelinuxEXP Pixelfed: https://pixelfed.social/TLENick PeerTube: https://tilvids.com/c/thelinuxexperiment_channel/videos Discord: https://discord.gg/mdnHftjkja
#Linux #Flatpak #Snap #AppImage
00:00 Intro 00:47 Sponsor: Proton VPN 02:17 Quick summary of formats 05:52 Performance benchmarks 08:52 Sandboxing 11:41 Missing Features 15:24 Parting Thoughts 16:59 Sponsor: Get a PC made to run Linux 18:00 Support the channel
So, what we call “packages” are debs, for Debian and Ubuntu based distros, and RPMs for Red Hat and SUSE based distros. These packages can contain libraries, or apps, and all libraries are shared between applications.
We then have Flatpaks, which are distro-agnostic. Flatpaks are sandboxed, and while they share a lot of libraries through runtimes, they can use more space over time.
Snaps are basically the same concept as flatpaks, made by Ubuntu. There are a few technical differences with flatpaks, the big one being that Snaps are suitable for graphical apps, and for command line programs.
AppImages are a more portable format: the whole app is shipped inside a single file, with most, if not all of its libraries. This means you can copy/paste apps from a system to another, and they run on any distro that has access to FUSE2.
Now, let’s look at some performance comparison between different packaging formats. I ran all these tests on the same Ubuntu 23.04 VM, with 16 gigs of RAM, 4 cores of my 13th gen i7 13700h.
Judging from the results, we can see that all packaging formats take longer to start than basic deb packages. It’s especially visible with heavy apps that need to do some setup when they first open, like LibreOffice or GIMP. But we also notice that on subsequent openings of an app, all packaging formats are pretty close.
I ran the Speedometer test in all 4 versions of Firefox: the snap performs worse for jetstream, but much better for Speedometer, while flatpak performs on par for SPeedometer, but worse for jetstream. Deb packages perform well for jetstream, but worse for speedometer., and the Appimage is generally just a good performer.
A sandboxed application runs in its own environment, with very few ways to access things outside of that sandbox. This is similar to how web browsers run each tab in a separate process.
Regular packages aren’t sandboxed by default: basically it means that you should only install these packages from sources you trust: either your distro’s repos, or well vetted third party repos.
As per Flatpaks, they’re all sandboxed. The sandbox isn’t 100% bulletproof, nothing is, but it does limit what the app can access. This is all managed through app permissions, much like what you’d find in Android or iOS apps.
Snaps can be sandboxed, but the sandbox isn’t mandatory: developers can decide to not use it, although this triggers a manual review of the snap app when it’s uploaded to the Snap Store, to check if it does anything weird. As per AppImages, they don’t have a sandbox natively.
Now let’s see what’s missing in terms of features. Regular packages can access everything, so there are no missing features there.
Flatpaks and snaps have more restrictions. The main missing piece is native messaging support: this is what lets an app communicate with another, and one main use case is for password managers: currently, no web browser packaged as flatpak or snap can interact with a third party password manager reliably.
Support for the system theme is also not perfect for snaps and flatpaks, or for AppImages.
As per various problems with these packaging formats, you also have the size of packages: while Snaps and Flatpaks do share libraries between apps, they don’t share as much as regular packages, which means they can take up more space.
Snaps also have the added problem that they mount each app in its own virtual filesystem, that is decompressed on the fly: this can clutter your mount points, which can be annoying if you need to manage these regularly. The Snap Store backend is also proprietary, and it’s centralized.