Flatpak Installer Size Incorrect, Lacks Suitable Warnings and Doesn't Ask for Permission

Coming from Windows I was very fond of Paint.NET for my irregular, simple image editing needs. Way more than just Paint, but a far cry from the monstrosity that is Photoshop. Moving to Linux I decided to try GIMP, the one everyone has heard of, but it’s way too over-engineered for my needs while also completely lacking really basic, common features like a box tool - there is literally no way to just “draw a box” in one or two clicks to pull attention to something in a screenshot. Ridiculous.

In my quest for a simple-but-capable image editor I came across Pinta and decided to try it out, using Manjaro’s Add / Remove Software GUI to install it. Two options show up when I search for Pinta, an “Official Repositories (community)” at 3.1MB for version 1.7.1-1 and a “Flatpak (flathub)” at 98.8MB for version 2.0.

This outrageous size discrepancy isn’t even what prompted me to complain start this thread. Nor was the fact that the “Transaction Summary” window when intending to install the Flatpak version doesn’t match either file size shown in the search results - I’m guessing one is download size, one is install size?

image600×684 21.7 KB

When I decided to install the Flatpak to get the latest version, despite the comparatively massive size, I was immediately prompted for my password to begin installation and that was it - no extra packages on the Transaction Summary window before my password, and no other pop-ups after entering my password.

Then I noticed that the installation was taking way too long, even with my fairly lacklustre Internet speed, and the reason seriously shocked me.

image1509×1036 52.2 KB

Look at the bottom. It was in the process of downloading over 230MB of “extra files” that it did not warn me about as required dependencies or ask for my consent to install, not to mention that makes the already outrageous 99MB (vs. 3MB for the “Official Repositories” version) a total lie - it’s actually a 330MB+ download / installation. With no warning, nevermind asking for consent.

For users on metered connections or working on purposefully small systems with limited storage, this is seriously problematic behaviour.

How and why is this possible? Can every Flatpak just present false size information to Manjaro’s package manager, and arbitrarily download and install unlisted “extra data” without user consent?

I’m tempted to swear off Flatpak just on principle from this. I’d mostly expect this from the Windows or Mac app stores, but not from a Linux package manager.

So, I am guessing this is your first introduction to flatpak?
If you are after smaller size and user control … flatpaks (and snaps) are probably to be avoided.

I personally don’t really need smaller sizes and crave absolute control. I just don’t get how this can show incorrect sizes and arbitrarily download extra software without even warning users first, never mind asking for permission. Surely this isn’t correct behaviour from the pamac GUI / Flatpak system?

Wouldnt really know … I dont use either for an assortment of related reasons.
But I would say my guess is - you are correct in thinking the different sizes are download (compressed) and installed (decompressed - installed) … then the extra you saw downloading was infrastructure; the updates and libraries and things flatpak needs (not a bunch of secret packages it skipped - it was a lot because you hadnt used flatpak before), then also I would say that actions like select > apply > password are probably ‘permission’ enough. Though it should be kept in mind that pamac is focused on being ‘easy’ … not about fine-grained control. And of course the old attitudes are still generally correct - you cant beat the terminal for speed, control, and verbosity.
If you care about the things above - you may wish to use pacman

I just tried with the “Official Repositories” version to see what the process is like, and it asks for my password then gives me a Transaction Summary window of all packages to be installed, not just the main Pinta package, with a total download size figure for the lot - which I can cancel or apply. Within the same GUI that lets Flatpak lie about what will be installed, and then install extra stuff without user permission.

I guess this means I’ll have to finally learn the terminal commands for managing packages… I learnt Linux slowly over the years by occasionally playing with Debian-based systems but now I’m running Arch / Manjaro and I just think or type pacman instead of pamac every damn time. Not to mention that I’m struggling to wrap my head around using -S to mean “install” new packages.

Does apt-get work on Manjaro Plasma?

Though I still assert that the Flatpak installation process through the pamac GUI is broken. Or Flatpaks are inherently broken, if there’s no way for pamac to actually know about extra dependencies and request user permission before installing them due to how the Flatpak infrastructure works?

No. apt is a package manager, pacman is a package manager. Each for different package formats.
You can technically install things like dpkg on Arch/Manjaro … but dont, unless you really know what you are doing.

But since you mentioned apt … maybe this would be helpful to you:
https://wiki.archlinux.org/title/Pacman/Rosetta

And of course … heres our wiki for general software management:
https://wiki.manjaro.org/index.php/Main_Page#Software_Management

I asked that as a joke, mostly. I know it won’t work but if it did, I’d swap pamac for apt in a heartbeat. I’ve come to love Manjaro over Debian-based distros, but pamac is far less intuitive than apt.

That Rosetta page does look seriously helpful, though, thank you.

Wait, what? I’ve just tried using the terminal to install Pinta but apparently pamac -S is now incorrect and it uses real, meaningful words like apt now?

Please pay closer attention.
pamac and pacman are two different things.

pamac is ‘user-friendly’ with both cli and gui … and ‘intuitive’ apt-like syntax. It can also handle flatpaks, snaps, and the AUR, beyond the regular repos.

pacman is the traditional standard package manager for Arch Linux. It is cli-only and only works with the repositories and local packages.

Oh my god, I seriously thought I was a little crazy and constantly misreading or imagining it as pacman and the real command was pamac… Now I feel stupid.

Oh dont feel that way! But, well I do hope that clears some things up then.

Alternatively, if you want a simple Paint like tool, you have Kolourpaint in the repositories.

On a side note, I’m not sure but the extra packages that went to install along the flatpak package, were probably the required package to have Flatpak work on your system. Also in Pamac when it tells you the size of a package, it doesn’t calculate the dependencies, it is only this specific package.

On a second side note, never use Snaps, or Flatpak, when the package is in the repositories that makes no sense to me. Especially for Snaps, because once you install only one, Snap services and all that crap is starting with the computer in the background, takes resources and slow down the computer. Also it takes huge amount of disk space compared to real package, and runs slower, with often issues with themes, fonts, things like that.

To me this should only be a last resort solution if for some specific unfixable issue you can not run the real repository package, and in this order of priority Repositories first then → AUR → Flatpak/AppImage → Snap last last resort because of all the crap it pulls, install and run all the time in background.