Mastering Application Installation on Ubuntu: A Practical Engineer’s Workflow
Reliable software installation underpins every stable Ubuntu system—whether you’re deploying a CI runner or setting up a desktop for media production. Inefficient installation methods lead to unnecessary disk usage, configuration drift, and—in edge environments—potential attack surfaces.
Installation Methods in Ubuntu: What Actually Matters
Too many install options? Yes, Ubuntu supports multiple formats, each with distinct trade-offs in integration, security, and update cadence. Here’s the toolbox:
| Method | Isolation | Update Model | Disk Usage | Typical Use Case |
|---|---|---|---|---|
| APT | Low | System-wide | Low | Core system packages, dev tools |
| Snap | Medium | Auto (atomic) | High | Desktop/GUI apps, sandboxed tools |
| Flatpak | Medium | User/atomic | High | Desktop, newer app versions |
| AppImage | High | Manual | Varies | Portable/experimental binaries |
| Source build | N/A | Manual | Custom | Bleeding-edge, unmaintained apps |
Installing via APT: Still the Baseline
APT—specifically, apt (front-end for dpkg/aptd)—remains the de facto for systems management, automation, and minimal images.
Typical sequence with best practice:
# Always refresh the package index
sudo apt update
# To search, use more precise queries for maintainability:
apt search '^vlc$'
Install, e.g., VLC (tested on Ubuntu 22.04 LTS):
sudo apt install vlc
Uninstall and cleanup:
sudo apt remove vlc
sudo apt autoremove --purge
Tip: If you see dependency errors (E: Unable to correct problems, you have held broken packages.), inspect with apt-mark showhold or review /etc/apt/preferences.d/ pinning.
For automated installs (e.g., CI/CD pipelines), use the -y flag. But beware: blind -y can mask failed prompts.
Snap: Sandboxing and Friction
Canonical-backed Snap introduces strict confinement and useful atomic updates, but at a cost—disk usage and startup speed can suffer, especially for desktop apps. Examine real differences:
sudo snap install vlc
Snaps update automatically and don’t always respect your system theming. Also, snap apps may have paths like /snap/bin/vlc: not always in $PATH on minimal installs.
Known issue: Snaps can interfere with strict AppArmor policies in security-sensitive environments; audit with sudo aa-status.
Flatpak: Community-Driven Universal Packages
Not installed on Ubuntu by default (still—2024):
sudo apt install flatpak
sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak install flathub org.videolan.VLC
flatpak run org.videolan.VLC
Flatpak isolates user data (see .var/app/<ID> in home). Critically, Flatpak can run as non-root, useful for locked-down systems.
Non-obvious tip: Many upstream Flatpaks lag behind official upstream releases—a version check is advisable before production rollout.
AppImage: Frictionless and Messy
No install, no uninstall, no package management: AppImage is an executable blob. Use for ad hoc needs or test environments.
wget https://download.kde.org/stable/kdenlive/23.04/linux/kdenlive-23.04.2-x86_64.AppImage
chmod +x kdenlive-23.04.2-x86_64.AppImage
./kdenlive-23.04.2-x86_64.AppImage
Gotcha: AppImages won’t appear in application menus by default. Integrate manually or use optional AppImageLauncher.
Also, dependencies inside an AppImage can be outdated—don’t use for security-critical apps.
Source Builds: Only When You Must
For software not packaged elsewhere (or with Ubuntu LTS lagging years behind), source builds remain unavoidable:
sudo apt install build-essential libfoobar-dev
git clone https://github.com/sample/sample
cd sample
./configure --prefix=/opt/sample
make -j$(nproc)
sudo make install
Side note: Trace manually built packages with checkinstall, or at minimum, document --prefix installs to prevent filesystem entropy.
Common error:
configure: error: C compiler cannot create executables
This typically indicates missing dependencies, or incorrect CC/CFLAGS.
Pragmatic Installation Strategy
- APT first: lowest friction, system-consistent, easily auditable.
- Snap/Flatpak: sandbox required or latest release needed. Note, resource usage spikes and theme quirks.
- AppImage: zero-impact, for experimental use or non-critical tools.
- Source: Only as last resort, always document build/configure flags.
Always audit sources. Third-party PPAs remain an attack vector; prefer Snap/Flatpak from verified sources where possible.
Automation Boundaries:
In IaC or golden-image pipelines, pin version numbers and hash sources for deterministic builds.
Example Scenario: Installing Visual Studio Code
Choosing between Microsoft’s repository (APT), Snap, or Flatpak:
APT (Microsoft repo):
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /usr/share/keyrings/ms.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/ms.gpg] https://packages.microsoft.com/repos/code stable main" | sudo tee /etc/apt/sources.list.d/vscode.list
sudo apt update
sudo apt install code
Snap:
sudo snap install --classic code
Note: The Snap-edition isolates extensions and settings—expect small behavioral differences.
Final Thoughts
Get your method right—stick to APT for core workloads, adopt Snap/Flatpak for newer or isolated tools, leverage AppImage for one-offs, and reserve from-source builds for the unavoidable edge cases. Always balance system hygiene against convenience.
For detailed troubleshooting, logs are your ally: check /var/log/apt/, journalctl -xe (for snap/flatpak), and always verify signatures when bringing in external binaries.
Questions or obscure install scenarios? Half the time it’s permissions, the other half is the repo’s metadata. Proceed accordingly.