Basically, nix (and guix, which is based on it) is the only package manager that actually solves the dependency hell problem properly.
It makes builds reproducible, and basically a package will depend on it’s inputs’ hashes. So you can not only install multiple versions of the same package that is solved by some package managers although in hacky ways, you can install multiple ones that only differ in eg which libc version they link to.
In this way, I do think that it is truly revolutionary - but it is a package manager (and NixOS makes basically the OS a big package). Flatpak and snap try to do this as well, in an objectively worse way, but they also provide different features, so they are not in competition. I would rather like to see flatpak and snap employ nix for solving the package management problem and build on top of it. That would actually make the linux solution better than what we have on other OSs.
Nix doesn’t guarantee binary reproducibility. It does help with reproducing build inputs and the build process, as do the tools used to create Flatpak applications and runtimes—flatpak-builder and BuildStream. Nix can build packages in a sandbox, but the same is true of flatpak-builder and BuildStream.
The Freedesktop SDK has a CI pipeline (run on schedule, not on every change, because it is expensive) that tests reproducibility, similar to r13y.com. Currently everything is reproducible except a few components.
There are also many respects in which Flatpak is objectively better than Nix (other than sandboxing, which is an important one). For example, Flatpak guarantees atomic updates with restarting merely the updated application. NixOS only guarantees atomic updates with a reboot (`nixos-rebuild boot`); `nixos-rebuild switch` can still break your running system, though the Nix store is safe and problems will not persist after a reboot, which is still a huge improvement over traditional package management. Still, using containers allows giving stronger guarantees.
Another example is that flatpak-builder and BuildStream are substantially faster than Nix. Evaluating Nix expressions is quite inefficient, even if they are convenient to write. Worse is the cascading rebuilds that come with the Nix approach when dependencies like compilers and glibc are patched or updated. Rebuilding after significant updates to gcc and glibc has advantages, such as benefitting from newer compiler features, but it is very desirable to have the option not to do that.
Also, Nix’s languages lacks domain abstractions for building packages, which makes tools to generate and update derivations have to rely on assumptions about their format or be unnecessarily complex. In comparison, flatpak-builder and BuildStream use JSON and YAML. The result is less expressive but more convenient, consistent, efficient, and simple to manipulate.
Similar to nixpkgs-update, Freedesktop SDK uses a simple auto-updater[1] for BuildStream and Flathub apps can use the Flatpak External Data Checker[2] for a bot to open merge requests or pull requests to update dependencies in the runtime and in application manifests.
OSTree uses a content-addressable store for all files, giving Flatpak deduplication for free. Nix gets deduplication only with an expensive process (`nix store optimise`) that involves scanning the Nix store and replacing duplicated files by hard links.
Yet another advantage of Flatpak is that due to dependencies being “flat”—that is, apps can depend on runtimes and have extensions, but there are no complex dependency trees—there is no need for dependency resolution. This also reduces the amount of metadata that needs to be downloaded. This makes installing and updating software with Flatpak very fast, which is unfortunately not at all true with Nix.
So, there are tradeoffs, and overall Flatpak has the better of them. Employing Nix to manage dependencies or to build apps would cause Flatpak to lose many of its advantages.
Thank you for the detailed and informative answer. Sorry for my cocky style, I am by no means knowledgeable on flatpak and I passed judgement prematurely.
Nonetheless, I have some questions, comments:
> Nix doesn’t guarantee binary reproducibility
Yeah, it’s true, but no general build tool can, since language build tools themselves are usually non-deterministic.
> For example, Flatpak guarantees atomic updates with restarting merely the updated application. NixOS only guarantees atomic updates with a reboot
That latter is only true of NixOS; for an ordinary package you can just start up actually both the old and updated version at the same time without any trouble. And in the OS config case, it is more of a linux deficiency - it does restart services when possible, but that is orthogonal to this discussion as I believe flatpak doesn’t do anything similar.
> Evaluating Nix expressions is quite inefficient
You are right, but the results can be cached. With the experimental flakes it is quite fast.
> Worse is the cascading rebuilds that come with the Nix approach
Well, it is sort of a tradeoff of reproducibility. Also, there is work in progress to minimize rebuilds to only truly necessary changes.
> Also, Nix’s languages lacks domain abstractions for building packages
The language lacks them. The repo has a great deal of abstractions for many use cases, and so a trivial to build package will look almost the same as a JSON. And as you note, it is a tradeoff, but there are plenty of hard to package apps that benefit greatly from the more expressive language. Also, there is plenty of auto-updaters that can automatically create PRs for eg new python packages, since it is more often then not just a version and hash change away, so package description manipulation is possible this way as well.
> OSTree uses a content-addressable store for all files, giving Flatpak deduplication for free
Correct me if I’m wrong, but it is necessary because flatpak uses the docker-like model, in that the same shared dependency is “theoretically” copied in each package, even if it is the same version. So in a way they solve a self-created problem. nix on the other hand simply links the same shared library, no duplicated data.
You can optionally deduplicate when you install multiple versions of eg. libc. Nix can’t really prove whether the two “versions” are the same, and sometimes they may be identical, or identical in part (eg the man pages are the same, but the exe is not), in which case imo really elegantly, it can hard-link one to the other.
But the base state with only one version of a nix channel installed, you simply have no need for deduplication as opposed to the flatpak model, because you only get every package once.
One last point, a nix package may have less overhead, although it is I believe negligible in most cases since vms are quite light nowadays.
So I agree with you on the tradeoffs part, and I again apologize for dismissing the project - I really dislike the same uninformed attitude towards for example systemd or wayland. But I still believe that nix is the one doing something revolutionary.
There is some overlap and there are a lot of differences. One point of overlap is that Nix makes it easy to install packages that are newer than your os. For example, you could run NixOS 20.09 or Ubuntu 16.04 and have the latest Handbrake or youtube-dl.
A large difference it that Flatpak also attempts to sandbox applications, which Nix doesn't (it only sandboxes builds). Though it might be easier to sandbox applications using Nix than traditional package managers, since all dependencies are made explicit.
