Using Fedora Silverblue for Compositor Development
21 points by FedericoSchonborn
21 points by FedericoSchonborn
I'm a big fan of niri and have used it with Fedora quite a bit. It'd be awesomesauce if there was a Fedora Atomic spin of niri as well. Someday, perhaps. Really enjoyed this write-up. I feel like he really cares a lot about his user community.
I've been curious to try Niri since I'm new to Fedora and KDE Plasma. (Nobara, to be specific). I've also come across Karousel which I guess is the same idea but within Plasma? Honestly out of my depth here, any advice?
I currently use a Fedora Atomic distribution (Kinoite).
I object to the author calling it “immutable”, because it clearly is not immutable, as the author alludes to later. You can locally modify the root file system in any way you want without rebooting. So can an attacker if they get root. I wouldn't use the system if it was immutable, because this is a hacking machine, and I reserve the right to change the system to do anything I want.
I have noticed that the Fedora Project itself does not use the word "immutable" to describe Atomic Desktop. It is only bloggers who say this.
I do run an immutable OS on my phone: GrapheneOS. It is not possible for either me or an attacker to get root and modify the root file system. I'm okay with that because I just use the phone as an appliance. Otherwise I would run LineageOS on a rooted phone.
Immutable means you can't mutate the root file system. If you can mutate it, your OS is not immutable. So please say "atomic" instead of "immutable". Atomic means that when you install software on the base system, the updates are performed in an atomic transaction, that can later be rolled back, also atomically.
Bloggers also like to claim either that it is impossible to directly install packages on Fedora Atomic, or that you must not do it. Then they talk about toolbox and podman containers as an alternative method of software installation. As this author describes, there are both benefits and drawbacks to these two methods. But you can run distrobox on any Linux distro, and AFAIK the same benefits and drawbacks apply regardless of which distro you run, atomic or traditional. If anything, installing software on the base system is safer and more manageable on an atomic distro than on a traditional distro, because of atomic transactions, rollbacks, and an audit log of what was installed.
So please don't think that if you install Fedora Atomic, then you are forced to install all your software in containers. I think the origin of this meme is that the "container based workflow" that toolbx and distrobox enable was created by the same people who created Fedora Atomic and its predecessors, and so that's how atomic distros were originally advertised.
The word reboot appears 19 times in the post. Makes me wonder how often the author reboots. Regular reboots just to "fix" things would drive me nuts but perhaps it is acceptable for people with different computing habits.
If the change is sufficiently non-invasive, running sudo rpm-ostree apply-live lets you skip the reboot and have a newly installed program available right away.
In order for transactional atomic updates to work, you need to delimit transaction boundaries. Thus changes are only applied when you make an explicit gesture, either apply-live or reboot.
This is really interesting for how the author benefits from an immutable OS and works around the limitations of it.
I am newly back to Linux desktops and started with Bazzite, which is a customized Silverblue. I finally gave up on it because the immutability was bothering me. I'd rather just install most things on the host OS. I do a lot of tinkering. What's neat about this post is it talks about how to tinker with your host OS and work with the immutable core OS rather than fight against it. ostree admin unlock is particularly neat, I didn't know you could overlay a transient /usr.
You can just install most things on the host OS. It's safer and more manageable to install most things on the host OS using Fedora Atomic than it is on traditional distros. The Fedora Atomic documentation says this is fine. https://docs.fedoraproject.org/en-US/atomic-desktops/getting-started/.
The only thing stopping you are bloggers and tech influencers telling you it cannot or should not be done.
EDIT: Just checked the Bazzite documentation. It says installing software normally should only be done as a last resort. https://docs.bazzite.gg/Installing_and_Managing_Software/software-intro/. Citation needed. I'm pretty sure that installing packages into /usr from the Fedora repo is not more dangerous on Bazzite than on traditional distros.