• Pantherina@feddit.de
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    11 months ago

    TL:DR:

    Fedora Atomic Desktops is the umbrella term for Distros like

    • Silverblue
    • Kinoite
    • Sericea, Lazurite, …

    They have a different, image-based OS core, which is read-only when used. This is known as “immutable”, but you can actually

    • add any repos and apps
    • remove installed apps
    • apply kernel arguments

    The benefits are

    • reduced entropy in the core OS. “Feature X is broken for you? Well I can’t reproduce it”. The system is always the same, pretty much. You can reset it to upstream with rpm-ostree reset
    • updates are rock stable, as they are “atomic”. Either it works or it fails. Also they are done while the system runs and leaving your running system 100% unmodified. They use BTRFS for its copy-on-write features and also deduplicate files to save space (just like Flatpak does, additionally to shared runtimes!)
    • you can roll back an entire OS version, not only Kernel. This means if a driver fails or any other regression happens, you have a working system, always
    • viruses are a bit harder to install, but not really as /var/home is mounted executable and everything is writable by the user. It is a start though.

    Modifications can still be done

    • manual changes using rpm-ostree
    • changing the upstream image, with ublue having made an entire ecosystem allowing to easily create and automatically maintain your own version
    • /etc and /var are completely writable

    Apps are installed like this:

    • GUI: preferred Flatpak due to its sandboxing security advantages, isolation from the system, official maintenance (solving the 3rd party distribution issue) (this does not yet include Browsers, which should be installed from official repos)
    • small apps: can be layered using rpm-ostree install. Will be added to the system on every update and work just like on regular Fedora. Slow down updates, pull in often tons of dependencies and thus should be used sparsely
    • Distrobox/Toolbox: use this for big apps like RStudio or QGis, which have a ton of dependencies. I recommend Distrobox a lot, as it has easy GUI creation. In general its just [distrobox/toolbox] enter {name} -- {appname}, for example distrobox enter Fedora -- qgis. Distrobox automates the desktop entry creation, its simply cp /usr/share/applications/appname.desktop ~/.local/share/applications/ && sed -i 's/Exec=/Exec=toolbox enter {name} -- /g' ~/.local/share/applications/appname.desktop (and a bit more, just use Distrobox)

    There are also many more solutions. In theory you can make Snaps work, but just don’t.

    There are kata containers which are really fancy and in future will hopefully allow an isolated environment like on ChromeOS…

    or you can run normal VMs (You can run libvirt (qemu qemu-kvm) in a rootful Distrobox, virt-manager in a rootless Distrobox and connect over ssh. Or just layer the packages)

    You can use binaries like ffmpeg from the Flatpak runtimes.

    Also have a look at secureblue, an ecosystem of Fedora Variants with highly improved Security, while perfectly usable.


    And now read the post.