So I recently installed Cachyos and I am now met with this problem.
There are kind of 2 main contenders here and I’m split between them. What do you use?
There is pacman + aur and then there is flatpak. Pacman has deep system integration and is much more lightweight but it has deep system integration and requires sudo to install. flatpak has sandboxing and easy permission management but it’s bloated and possibly less performant?
Of course if the package isn’t available on flathub then I will have to use the aur but when both are available it’s hard to decide.
You must log in or # to comment.
I use native packages wherever possible, then flatpak’s after that, and then aur pretty much only for things that don’t run well in flatpaks. I really don’t want to have to look through 50 different pkgbuilds every time there’s an update and the downsides to flatpaks are, I believe, largely overstated
I just use pacman and yay. I avoid flatpaks as best I can, I don’t see the hype.
Yay
I only use flatpak for one Python program because it has a lot of runtime dependencies I don’t want to bother with. I generally wouldn’t use flatpak.
when both are available it’s hard to decide.
It’s easy to decide: AUR (only)
Personally, I use
pacmanfor as much as I can, then dip intoyayfor anything else.There is pacman + aur and then there is flatpak.
This is sort of like asking “which fruit juice do you use, an acme apple juicer or a blamco orange juicer.” If I need a flatpak, I use flatpak. Sometimes things only have flatpaks and aren’t on the AUR.
If it’s on both, nowadays I typically prefer the non-flatpak version, but that’s just sort of vibe based, I don’t really have a good reason. I think I ran into a few (very minor) problems with flatpaks (that were probably easy to fix) that I didn’t have with the non-flatpak version and that skewed me in that direction.
My reason for using arch linux is to have as little bloat as possible. So, pacman. Yay sometimes for AUR stuff, but my need for it is rare.
pacman / yay
I also like pacseek as it provides a simple tui for package search and getting info about packages.
I have both
yayandparuon the two Arch systems I manage, because pacman tends to break those occasionally through dependencies and that way I don’t have to do the wholemakepkgbit again and instead can update the one with the other. I still find it asinine that these aren’t in the repos or the functionality isn’t integrated in to pacman, but since Arch’s entire philosophy is based on simplicity, I guess the chosen solution to secure user packages is security by obscurity.(I only still use Arch on those systems because I haven’t gotten around to migrate them to Gentoo yet, after implementing a binpkg repo and custom profiles many years ago so compiling on the weaker machines is essentially unnecessary, btw.)
For command line apps, I use paru for AUR. For desktop apps, if they’re available as a flatpak, I prefer that for the increased security provided by the sandbox. Otherwise I use Arch packages or AUR. I even uninstall GNOME apps (calendar, weather) from pacman, and install their flatpaks.
Pacman plus the AUR is the move on Arch based distros. The AUR gives you access to basically everything, and paru or yay handles the build chain without pain. Flatpak has its place for apps that ship messy runtime dependencies, but for most things it adds an unnecessary isolation layer. Have you tried paru as your AUR helper yet?
I sometimes prefer Flatpak over AUR, because I do not trust everyone on the AUR to run scripts with root rights on my system. At least Flatpaks are a bit sandboxed (even if the sandbox is an illusion) and the programs don’t install and run with root rights. Sometimes the Flatpak is from the original developer and the script in AUR is not. Or the AUR script is not updated well and often enough, unlike day one Flatpak updates. But Flatpaks do not integrate well in your system and applications can look out of place too. There is a lot to consider, besides what you already mentioned.
I use both, prefer the AUR in optimal cases.
I use
yay, as it comes by default with EndeavourOS. It’s basically an AUR helper that usespacmanand works quite the same.Flatpak is a different package manager and has nothing to do with your system packages. They are not exclusive, I use both. So what you basically asking isn’t which package manager people use, but rather which package format.
Same here, I tried a number of arch derivatives and arch as well when I got a new desktop last year (after many years of mac work computers, iMac desktop for my kids, mostly Alpine images in the cloud/on k8s, and many many years of mostly Debian and fedora derivatives before I had kids and had time to putter around with *nix). Endeavor suited my needs (some local LLM stuff, personal browsing, a few OSS projects, and Steam) and yay has generally worked great to bridge the gap between pacman and aur.
I use paru
Paru, so Pacman & AUR…
With exactly one exception: Steam via flatpak because that’s the single package left that would need 32bit libraries from multilib-repo since Wine finally left those dependencies behind.
Your question is not Arch specific, it’s “should I use flatpaks?” And the answer in my opinion is probably no.
Flatpaks are a good idea to isolate certain applications and to provide a uniform way of installing packages. So there might be some apps that are not available in your native package manager, but do provide flatpaks. For those cases flatpaks are probably preferred. But Arch based distros have the AUR, so there are a lot of apps that aren’t packaged for Arch that you can still get as a native package. Sure, using the AUR is risky and if you’re not on actual Arch things might break sporadically because of mismatched dependencies (although I think CachyOS is full parity of packages with Arch, so that’s maybe more of a Manjaro warning).
But flatpaks are clunky, bloated, require annoying permissions to be set to do basic things, and require you to update two package managers to do a full system update. They are more appealing for systems where you don’t want to give users root access but still allow them to install programs, but for your own computer I have never seen the appeal.
I partially disagree. I have found that some flatpaks are better than otherwise for updating the app. When I use the air branch of discord on arch, discord does not update automatically and I need to complete a system upgrade and modify a Jason file. The flatpak version updates automatically with no problems.
What is the air branch? Discord has a package on pacman, so it should just get updated with your normal system update, there’s no config or anything that could prevent that, pacman doesn’t care. What JSON do you have to edit and why?
Build_info.json
I have only ever had this issue with discord on arch. Whenever discord has an update, it will not fetch the update, but it tells me that an update can be downloaded.
This is the situation with discord through aur. https://karx.xyz/blog/discord/
I do not know the air branch
Also, I am trying to convince my friends to switch to element instead of discord, but they have been stubborn.
I have only ever had this issue with discord on arch.
The issue you describe is not Arch specific and it’s not an issue. Using a package manager means using a program to manage your packages. Things can’t auto-upgrade, that breaks the point of a package manager.
Whenever discord has an update, it will not fetch the update, but it tells me that an update can be downloaded.
Of course, if you install discord through pacman, then pacman manages the update.
As for the JSON file that’s a very hacky approach, discord shouldn’t outright fail to launch if there is an update. And in fact the Arch wiki says it has a flag to skip the version check completely:
To disable the update check, add the line “SKIP_HOST_UPDATE”: true to ~/.config/discord/settings.json. If the file does not exist, create it and add the following:
~/.config/discord/settings.json
{ "SKIP_HOST_UPDATE": true }More info on https://wiki.archlinux.org/title/Discord
The flatpak version of discord is able to fetch for updates when launching the app without needing to system update. And for some reason it is specifically on a system update. Updating only discord does not update the version even after modifying the build_info.json. and I could disable updates, but that shouldn’t be necessary unless discord is pushing updates that are actively making the experience worse.
You’re completely missing the point. Discord is a chat app, not a package manager, therefore it should NOT update things EVER. You’re complaining that discord tries to do something it shouldn’t, fails and somehow you seem to think that’s pacman’s fault.
The “issue” doesn’t exist on flatpaks because discord probably checks if it’s installed via flatpak and runs an update using the flatpak command without your say so. The “solution” is to stop discord from trying to be “smart” and failing and let it be updated when pacman decides to.
The idea of a package manager is to let it manage your packages, if you want self-updating apps you don’t need a package manager, and good luck with dependencies and overlapping libraries.
I usually use the pacman repo and if it’s not in there decide for this specific app if I use the AUR or flatpak version
Yup, that sounds like a good approach. I could even see people doing Pacman -> Flatpaks -> AUR and it would make sense to me.
This is my approach. I use pacman where I can, flatpaks when something is unavailable, and AUR to get everything not available in the first two, or when a native package is preferred but isn’t in the Arch repos.
I guess you could put it that way. For most general applications, I prefer to use flatpak over pacman. Pacman and arch’s repos to me are still very confusing over other package managers (dnf, apt, etc)
What makes it confusing to you?
Yay.
And btw, that question is covered already.
You mean you have a package manager for your system without a password? Why would anyone want that?
Edit: For context. The part I was replying to was edited out.
(I can’t see the edited out part but if it was about yay…)
Yay builds in your local cache and then when it is ready to install it asks for sudo. The reason for this is because sudo can timeout during long builds, and more importantly if you compile with sudo you run the risk of arbitrary code execution. So it is safer to run with just
yayand then it will ask for sudo when it actually needed.You risk arbitrary code execution without needing sudo too.
No, that is not what it was about. I know, don’t run
sudo yay, but rather justyayand wait for password request. What it was is about a configuration to not ask password anymore, a passwordless package manger.
Convenience. It asks the kernel if you’re logged in and if you’re allowed to escalate. So, secure enough for a single-user system.
I don’t feel safe doing so. Would a script be able to run escalated rights without asking me a password? Is it somewhere displayed that such a process is started (notification in example or at least in the terminal a message?). And even for applications I am directly starting, I want it be explicit to require a password, that I am always aware its escalated root rights the app has now.
I can understand your view of convenience and I am “guilty” of some convenience stuff too. But this goes a bit too far for my taste.
Okok, i’ve removed the ssu config part.
Hey, I didn’t meant this to be removed or anything; was just sharing my personal opinion. Everyone can do whatever they want, as long as they are aware of consequences and get teached about it. I’m just a bit paranoid, that’s all.
