I would play with Firejail for sandboxing applications ad-hoc.
1 Like
Hello together,
I want to systematize what I install on my Librem 5.
I am a fan of minimalism and installing only applications that one really needs. My idea behind it is that less code means less attack surface, it is easier to keep track on what changes with these applications and if a new vulnerability has been found and the less processes are running, the better the performance and the longer the battery will hold.
So now I am trying to select which applications I want on my Librem 5.
What is the problem?
I am just lost in the possible package managers and means to install applications.
We have apt, we have aptitude, we have flathub, we have snap, we have appimage, we have Waydroid. It is a pure mess. I even tried Pi-Apps.
- Ok obviously we need apt or aptitude as a must have.
- Then we need Waydroid for Android apps as a must have if one wants to run some proprietary Android apps.
But then it becomes tricky. Do I really need snap, flathub, appimage, and Pi-Apps at the same time? Do they mess around with other stuff? I heard that snap can mess up stuff installed via apt. Do they all introduce additional processes/daemons eating away the CPU and RAM of the Librem 5 and making it discharge faster?
It really sounds like a stupid question, but I have not used any of these “app stores” before and it is extremely confusing and messy and I am sure that other people have the same pain and I am curious what is the best practice and how do you proceed yourself.
2 Likes
Only if the thing that you actually need is only packaged that way.
If the out-of-the-box Librem 5 + whatever is in the repo accessed by apt does everything you need then you will not need any of these additional technologies.
I run Ubuntu on my desktop and hence also use snap. I haven’t seen any problems in apt on account of using snap.
It’s likely that snaps will consume additional RAM and disk space.
2 Likes
Others mentioned GNU Guix, but let me reiterate, this is an amazing solution which offers isolated environments. It’s based on the most logically beautiful of all the computer languages, Scheme (in depth knowledge not required if you are only interested in creating containers, environmets from the existing packages). Containers are not blobs of black magic, they can, if you want, be compiled on your machine, bit by bit reproducibly. Bits and pieces can be reused in other environments on your machine, you can spin them on the fly, one-off, permanent, whatever you need. You can pin versions, software, you can go forth and back in time, so ond and so on. I have extensive experience with them in a production environment. Love it, what can I say, a fanboy here 
. You can also build docker and singularity containers based on Guix packages, as well as many others.
Why do you think docker future is not certain? It’s the basis of kubernetes … and lots of present day compute infrastructure. So why?
3 Likes
I just found this video on YouTube where in performance tests, flatpak and appimage perform better than installing using apt.
Flatseal??
How would you compare it to Podman?
I have never heard of podman until you mentioned it, but, after reading the overview … seems like podman is Redhat’s alternative to Kubernetes. In addition, you have rootless continers etc.
GNU Guix:
- Is a GNU project.
- Is a (functional/transactional) package manager.
- Is also an operating system with Linux, or Hurd.
- When used as operating system it is NOT based on systemd. It uses GNU Shepherd. Podman
integrates with systemd AFAIK. - It can deploy (as I said earlier) reproducible docker images, singulariy images, it can package tarballs of dependencies + binary, based on package declarations.
- Creates one-off “containers” (isolated environments [isolated to a customisable degree from your main environment]) based on a list of packages needed, or a custom declaration.
- Both services and packages are written in a language based on Scheme.
These are just a few characteristics which were important for me. So, it is not exactly a container manager. It compares most fully to a container manager when used as an operative system (because it manages services).
If you need more information: guix.gnu.org
3 Likes
Has anyone already tried the GNU Guix as a package manager on Librem 5?
Does it also use the same PureOS repositories as apt?
3 Likes
Sure: apt list guix
Please check as well: apt info guix
P.S. I’m not sure if having time to install guix package today, but after installing it: man guix and/or guix −−help should provide further information on how to use it.
1 Like
I am not sure if my question was clear.
My question was not if I can install guix using apt.
But if guix as a package manager itself uses the same repositories for installing other software.
Because aptitude and nala would use the same repos like apt.
But as guix has its concept with channels I am not 100% sure.
2 Likes
Yes, I do know how aptitude works and while unfamiliar with guix itself was thinking just about on where to start: sudo apt install guix. Another info guix is here: https://packages.debian.org/bullseye/guix.
EDIT:
@Hristo, while I’m not there yet by myself (actually I’m just looking forward on what to expect and not to provide shortest answer like: “no, it doesn’t”), how about currently installed or rather available apt list gedit -a (just for example selected package here) on your Librem 5 vs https://guix.gnu.org/en/packages/gedit-40.1/? Or comparing currently installed one with the available one: https://guix.gnu.org/en/packages/gnome-41.0/?
Official info on how-to is here: “Once you’ve installed a set of packages, you will want to periodically upgrade them to the latest and greatest version. To do that, you will first pull the latest revision of Guix and its package collection:”
guix pull
Hi Hristo, no, Guix does not use the same repositories. It’s nothing like apt, or any of the mainstream package managers.
With Guix, there is one “official” “repository” (actually, just the prebuilt binaries of the official packages) many unofficial ones (it’s easy to create your own channel).
If you are installing Guix as a package manager, not as a distro, it will coexist with whatever you got already there.
In fact, this is really a good way to experience Guix, because, as a GNU software, it avoids support for hardware with closed drivers. So, if you’ve got eg Ubuntu, or anything which will run on most moder machines as a base distro and then Guix on a side, I think it’s a decent setup.
3 Likes
From my side this whole topic started in regard of Librem 5.
So we are talking about Guix as a package manager on the Debian based Pure OS on ARM 64-Bit architecture.
And here are my worries. That if it doesn’t use the PureOS repositories there might be problems as the software in the Pure OS repos is selected with Librem 5 in mind while the Guix repos care less about the Librem 5 and ARM 64 Bit.
True. Guix does not care about, for example, adaptivity more than any other distro. However, it shouldn’t be difficult to package pureos librem5 native apps for Guix as they are all Free software. Once I finally get my Librem 5, I might do that myself 
.
4 Likes