Is it a good idea to replace the default firefox with the flatpak one?

What do you mean by that? If you’re talking about proprietary software, then Flatpak/Flathub already has a workaround for that called extra-data, which was designed to include proprietary software without redistributing. This video explains what extra-data does in practice.

2 Likes

Did you also uninstalled the default firefox?

No. I still have it on my system but I don’t use it at all.

I’m still using Firefox from Fedora official repository. I usually search on Flatpak when it’s not in the official repositories.

Personally, I would be glad to see Firefox removed from the OS image.

I’ve been using Firefox from Flathub since it first came out – must’ve been at least a year by now. Works completely fine for me with Wayland, WebRender, 120 Hz, and hardware accelerated video.

It might come down to your trust on the maintainers. If you would rather use a flatpak built by fedora maintainers you can add the fedora flatpak repo. Firefox in the fedora flatpak repo seems to be tracking the latest version. Some packages in the fedora flatpak repo may not be the latest but I trust the review process the in there more than the flathub ones.

That’s completely fair. However, the Firefox flatpak is entirely managed by Mozilla and built on Mozilla’s infra, so it’s essentially independent from Flathub. They only use Flathub for publishing.

I’m thinking about switching to Firefox flatpak and I’d like to use the one on fedora. Does is still miss video codecs? In that case I’ll go with the flathub one.
Thanks for the info

It truly would boil down to either organizations approach to third party software wouldn’t it? That is the only reason to select the Fedora Flatpak repo over Flathub’s, as an example, aside from release build cycles I mean. That is why various media codec’s were forever relegated to the rpm-fusion repos, licensing. That is why the FF flatpak from Flathub works with prety much all media codecs ootb. So then the only question becomes, what is your individual licensing preference and how diligently do you apply it.

FWIW, I think that if your goal is to sandbox the browser for security,
Flatpak is not a great option. Its sandbox is too permissive.

I’ve been collecting some “recipes” for sandboxing some popular programs
with bubblewrap and seccomp-bpf filters; Firefox is one of them.

Here’s how I currently sandbox Firefox:
https://paste.sr.ht/~seirdy/66ecdd14369773f6046e7b40e2ca991fbd6cc6e1

The first file is a C program. Compiling it and running the resulting
binary will generate a seccomp-bpf filter file.

The second file is a shell script that runs Firefox with bubblewrap; the
seccomp-bpf filter file is passed in to bubblewrap to filter syscalls.

I deliberately left out support for Pulseaudio and Pipewire; if you want
to use them, add this to the shell script:

--ro-bind /run/user/"$(id -u)"/pulse /run/user/"$(id -u)"/pulse \
--ro-bind "/run/user/$(id -u)/pipewire-0" "/run/user/$(id -u)/pipewire-0"

If you want, you can ro-bind a fake machine-id or a disposable Downloads
folder as well.

1 Like

120Hz? What kind of hardware do you have? A discrete graphics card with proprietary drivers?

I have an AMD Radeon RX 550, which Firefox is running with. Regular open source drivers that are installed by default. A high refresh rate doesn’t seem especially demanding when it’s just for web browsing. (I also have an AMD Radeon 5700 XT, but that’s just being used for gaming in a Windows VM.)

I’ve verified using about:support that WebRender, hardware video acceleration, and 120 Hz are all functioning, and it’s easy to see that 120 Hz is working by doing an online frame rate test or just by seeing how smooth everything is in normal usage.