Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
conradev 21 hours ago

The permissions issues are real.

It still isn't possible to package Tailscale or anything that creates a virtual interface as a Flatpak because there is no permission for that. macOS has an API to ask for permissions to add an interface/change routes.

curt15 21 hours ago | parent | next [-]

Thanks to said API, Tailscale on MacOS is even distributed as a sandboxed app through the Mac App Store [1]. Flatpak's restrictions make certain classes of software difficult to use on "atomic" Linux distros like Silverblue or Bluefin that provide a read-only base system and expect users to get their software through Flatpak.

[1] https://tailscale.com/kb/1016/install-mac

curious_ralts 19 hours ago | parent [-]

I daily drive an immutable Fedora spin and if I wanted to install Tailscale I would most likely add it to the base image via `rpm-ostree` instead of trying to reach for Flatpak - not because i'm aware of the issues but because it makes more sense to me to add a more system-wide networking layer to the base image. That being said there are many apps that are not packaged as Flatpaks that I end up adding to the base layer out of necessity which I would have liked to use as Flatpaks.

WD-42 19 hours ago | parent | prev | next [-]

I'm not sure I'd install tailscale as a flatpak even if it were possible. I've always seen flatpak as a way to install large, potentially crappy desktop applications without polluting your system. OBS studio is a perfect example - it's a great app but it's the only one I use that uses QT, thanks to flatpak I don't even have the QT libraries installed on my system.

Tailscale is more like a system service that I'd prefer a distro package for (Arch Linux repos contain Tailscale, btw).

vrighter 13 hours ago | parent [-]

You don't have QT libraries installed on your system. You just have then in some archive somewhere along with a bunch of copies of stuff you do already have installed on your system.

porridgeraisin 9 hours ago | parent [-]

Why does that matter? Copies of a few libraries is just not a problem.

ChocolateGod 13 hours ago | parent | prev | next [-]

> It still isn't possible to package Tailscale or anything that creates a virtual interface as a Flatpak because there is no permission for that.

It's possible but not ideal. The application could use flatpak-spawn (to get out the sandbox) and then polkit-exec (to ask user for root perms for arbitrary use) to get root privileges on the host, but you're removing nearly all sandboxing.

klabb3 19 hours ago | parent | prev | next [-]

Im not really much of a flatpak user but to me it seems like permission system on top of Linux is an incredible undertaking. Solving both packaging and retrofitting permissions at the same time seems too big of a cookie to swallow. I don’t know whether the permission system is what killed the momentum and caused this seeming burnout. But it seems incredibly complex.

To me, Linux doesn’t have a granular modern permission system, and I don’t expect my package manager to solve it for me. I still run proprietary software on it, because I kind of have to. Is that an ideal situation? No. But I rather have a distribution system and vet vendors (which I’m doing anyway) than wait another decade for permissions to be perfect. Distribution, packaging and updates is the pressing need imo.

wmf 20 hours ago | parent | prev [-]

Maybe Tailscale should be a sysext not a Flatpak.