Background: what to expect from Fedora Silverblue

We analyze the features of an immutable OS.

/ photo Clem Onojeghuo Unsplash

How did Silverblue come about?

Fedora Silverblue is an immutable desktop operating system. In it, all applications run in isolated containers, and updates are installed atomically.

Previously, the project was called Fedora Atomic Workstation. It was later renamed Silverblue. According to the developers, they considered more than 150 names. Silverblue was chosen simply because there was such a free domain and social media accounts.

Updated system changed Fedora Workstation as priority build for desktops in Fedora 30. The authors say that in the future Silverblue can completely replace Fedora workstation.

One of the residents of Hacker News suggestedthat the concept of Silverblue has become the development of the project Stateless LinuxIt was promoted in Fedora about ten years ago. Stateless Linux was intended to simplify the administration of thin and thick clients. It also opened all system configuration files in read-only mode.

What gives "immutability"

The term "immutable operating system" means that the root and user directories are mounted in read-only mode. All mutable data is placed in the /var directory. Developers use the same method ChromeOS и macOS Catalina. This approach increases the security of the OS and prevents the deletion of system files (for example, by mistake).

One of the residents of Hacker News in the topic thread рассказал, that I once accidentally deleted a number of system files while modifying the theme Ubuntu Yaru. He didn't have any backups due to a regex error. He says an immutable OS would have helped avoid the problem.

The installation of updates is also simplified - for this, it is enough to reboot the system from a new image. Additionally, it becomes possible to quickly switch between several branches (Fedora releases). For example, between the currently developed version of Fedora Rawhide and repository updates-testing with upcoming updates.

What are the differences from the classic Fedora

OSTree technology is used to install the base environment (/ and /usr). We can say that this is a "versioning" system RPM-packages. RPM packages are translated into the OSTree repository using rpm-ostree. By installing the package, she forms restore point to which you can rollback in case of failure.

OSTree also Allows install applications from dnf/yum repositories and repositories not supported by Fedora. To do this, instead of the dnf install command, you need to use rpm-ostree install. The system will generate a new base image of the operating system and replace the installed one with it.

Used as a mechanism for updating applications flat pack. It runs them in containers. The Flatpack package only includes application-specific dependencies. All core libraries (like the GNOME and KDE libraries) remain pluggable runtime environments. This approach allows you to reduce the size of packages - to exclude repeating components from them.

/ photo Jonathan Larson Unsplash

To install applications that are not packaged in Flatpack, you can use Toolbox. It allows you to create a container with a classic Fedora installer.

Similar Solutions

There are other distributions that do similar things to Silverblue. An example would be microOS from openSUSE. This is not a standalone distribution, but part of the openSUSE Kubic platform for deploying CaaS (Container as a Service).

The system works with Docker containers. Their images are distributed as RPM packages. This simplifies installation of command line based applications that are not available in Flatpack format. The host system for running containers is formed on the basis of the official repository openSUSE Tumbleweed.

MicroOS was designed to be deployed in large-scale environments (such as data centers), but is also capable of running on single machines.

An example of another similar development is Nix OSThis is a distribution. Linux, based on the Nix package manager. Its key feature is declarative configuration descriptions. The administrator doesn't need to install the system and configure it manually. The state is specified in a special file, which specifies all packages and authentication settings. The package manager then automatically configures the OS to the specified state.

This system is actively use cloud providers, universities and IT companies.

In any case, Silverblue has a chance to find its niche in the market. Whether it succeeds remains to be seen in the future.

Materials from the First Enterprise IaaS Blog:

• What is a service defined firewall and how does it work
• What can hinder the development of quantum computers
• What new computing systems may appear in the data center

Additional reading on Habré:

• What incidents with the Border Gateway Protocol can be identified over the past few years
• ICANN has removed the price threshold for the .org domain - why the IT community is against it, and what will happen next

Source: habr.com