So I recently installed Cachyos and I am now met with this problem.
There are kind of 2 main contenders here and I’m split between them. What do you use?
There is pacman + aur and then there is flatpak. Pacman has deep system integration and is much more lightweight but it has deep system integration and requires sudo to install. flatpak has sandboxing and easy permission management but it’s bloated and possibly less performant?
Of course if the package isn’t available on flathub then I will have to use the aur but when both are available it’s hard to decide.
You must log in or # to comment.
I use native packages wherever possible, then flatpak’s after that, and then aur pretty much only for things that don’t run well in flatpaks. I really don’t want to have to look through 50 different pkgbuilds every time there’s an update and the downsides to flatpaks are, I believe, largely overstated
when both are available it’s hard to decide.
It’s easy to decide: AUR (only)
Personally, I use
pacmanfor as much as I can, then dip intoyayfor anything else.My reason for using arch linux is to have as little bloat as possible. So, pacman. Yay sometimes for AUR stuff, but my need for it is rare.
I just use pacman and yay. I avoid flatpaks as best I can, I don’t see the hype.
pacman / yay
I also like pacseek as it provides a simple tui for package search and getting info about packages.
Yay
I only use flatpak for one Python program because it has a lot of runtime dependencies I don’t want to bother with. I generally wouldn’t use flatpak.
Paru, so Pacman & AUR…
With exactly one exception: Steam via flatpak because that’s the single package left that would need 32bit libraries from multilib-repo since Wine finally left those dependencies behind.
That’s interesting I have steam installed through pacman and I haven’t had any issues.
I didn’t have any actual issues with the native install either.
But with [multilib] activated there were dozens and dozens of 32bit libraries pulled alongside their regular version that I didn’t actually need. And I use Wine a lot more than Steam anyway. So once Wine went fully 64bit I decided to get rid of all that legacy multilib 32bit stuff.
Steam via flatpak also works and will do until they, too, fully switch over to WoW64 implementation.
I use paru
I use an unholy blend of paru, Flatpak, Docker and AppImage apps (no Snap!) with Topgrade to update it all.
Topgrade seems really cool, I wonder how it compares to arch-update
Upvoted for Topgrade. It’s honestly so good on any system that employs more than one ‘updatable microcosm’,
It’s like magic too, because any new weird kind of package manager I add, it’s just picks it up and starts updating it. It can even update Windows apparently.
Yay.
And btw, that question is covered already.
You mean you have a package manager for your system without a password? Why would anyone want that?
Edit: For context. The part I was replying to was edited out.
(I can’t see the edited out part but if it was about yay…)
Yay builds in your local cache and then when it is ready to install it asks for sudo. The reason for this is because sudo can timeout during long builds, and more importantly if you compile with sudo you run the risk of arbitrary code execution. So it is safer to run with just
yayand then it will ask for sudo when it actually needed.You risk arbitrary code execution without needing sudo too.
No, that is not what it was about. I know, don’t run
sudo yay, but rather justyayand wait for password request. What it was is about a configuration to not ask password anymore, a passwordless package manger.
Convenience. It asks the kernel if you’re logged in and if you’re allowed to escalate. So, secure enough for a single-user system.
I don’t feel safe doing so. Would a script be able to run escalated rights without asking me a password? Is it somewhere displayed that such a process is started (notification in example or at least in the terminal a message?). And even for applications I am directly starting, I want it be explicit to require a password, that I am always aware its escalated root rights the app has now.
I can understand your view of convenience and I am “guilty” of some convenience stuff too. But this goes a bit too far for my taste.
Okok, i’ve removed the ssu config part.
Hey, I didn’t meant this to be removed or anything; was just sharing my personal opinion. Everyone can do whatever they want, as long as they are aware of consequences and get teached about it. I’m just a bit paranoid, that’s all.
I have both
yayandparuon the two Arch systems I manage, because pacman tends to break those occasionally through dependencies and that way I don’t have to do the wholemakepkgbit again and instead can update the one with the other. I still find it asinine that these aren’t in the repos or the functionality isn’t integrated in to pacman, but since Arch’s entire philosophy is based on simplicity, I guess the chosen solution to secure user packages is security by obscurity.(I only still use Arch on those systems because I haven’t gotten around to migrate them to Gentoo yet, after implementing a binpkg repo and custom profiles many years ago so compiling on the weaker machines is essentially unnecessary, btw.)
For command line apps, I use paru for AUR. For desktop apps, if they’re available as a flatpak, I prefer that for the increased security provided by the sandbox. Otherwise I use Arch packages or AUR. I even uninstall GNOME apps (calendar, weather) from pacman, and install their flatpaks.
There is pacman + aur and then there is flatpak.
This is sort of like asking “which fruit juice do you use, an acme apple juicer or a blamco orange juicer.” If I need a flatpak, I use flatpak. Sometimes things only have flatpaks and aren’t on the AUR.
If it’s on both, nowadays I typically prefer the non-flatpak version, but that’s just sort of vibe based, I don’t really have a good reason. I think I ran into a few (very minor) problems with flatpaks (that were probably easy to fix) that I didn’t have with the non-flatpak version and that skewed me in that direction.
pacman /w chaotic-aur.
I don’t need the AUR directly, a GUI, or other managers. Just what came with my system + chaotic works just fine.
edit: typo
pacman + yay + appman (in cases where appimage is more convenient)
If you need something from AUR, Chaotic AUR builds some of them.
Technically I also use managers for certain languages and environments, so sometimes cargo, pip, luarocks, … whatever.
I did try to use flatpak in the past, but I just found it annoying. If you do not explicitly need it’s capabilities for a certain app it is mostly makes accessing app’s config and data a major annoyance imo.
