Background: what to expect from Fedora Silverblue

We analyze the features of an immutable OS.

/ photo Clem Onojeghuo Unsplash

How did Silverblue come about?

Fedora Silverblue is an immutable desktop operating system. In it, all applications are launched in isolated containers, and updates are installed atomically.

Previously, the project was called Fedora Atomic Workstation . It was later renamed Silverblue. According to the developers, they considered more than 150 variants of names. Silverblue was chosen simply because there was such a free domain and accounts on social networks.

The updated system replaced Fedora Workstation as the priority build for desktops in Fedora 30. The authors say that in the future Silverblue could completely supplant Fedora Workstation.

One resident of Hacker News suggestedthat the Silverblue concept has become a development of the Stateless Linux project . He was promoted to Fedora about ten years ago. Stateless Linux was supposed to simplify the administration of thin and thick clients. In it, too, all system configuration files were opened in read-only mode.

What gives "immutability"

The term "immutable operating system" means that the root and user directories are mounted in read-only mode. All mutable data is located in the / var directory. A similar method is used by ChromeOS and macOS Catalina developers . This approach increases OS security and prevents system files from being deleted (for example, by mistake).

One of the residents of Hacker News in a thematic thread said that he somehow accidentally deleted a number of system files, modifying the Ubuntu Yaru theme. At the same time, he did not have backups due to an error in regex. According to him, an immutable OS would help to avoid problems.

Installing updates is also simplified - just reboot the system from a new image. Additionally, you can quickly switch between several branches (Fedora releases). For example, between the currently developed version of Fedora Rawhide and the updates-testing repository with upcoming updates.

What are the differences from classic Fedora

To install the basic environment (/ and / usr), OSTree technology is used. We can say that this is a system of "versioning" of RPM packages. RPM packages are translated to the OSTree repository using rpm-ostree. By installing the package, it forms a recovery point, which can be rolled back in the event of a failure.

OSTree also allows you to install applications from dnf / yum repositories and repositories not supported by Fedora. To do this, instead of the dnf install command, use rpm-ostree install. The system will form a new base image of the operating system and replace it with the installed one. Flatpack is

used as a mechanism for updating applications .. He launches them in containers. A flatpack package includes only application-specific dependencies. All core libraries (such as the GNOME and KDE libraries) remain pluggable runtime environments. This approach allows you to reduce the size of packages - to eliminate duplicate components from them.


/ photo Jonathan Larson Unsplash

You can use the Toolbox to install applications that are not packaged in Flatpack . It allows you to create a container with the classic Fedora installer.

Similar solutions

There are other distributions whose tasks are similar to Silverblue. An example would be openOSUSE's MicroOS . This is not a standalone distribution, but part of the openSUSE Kubic platform for deploying CaaS (Container as a Service).

The system works with Docker containers. Their images are distributed in the form of RPM packages. This makes it easy to install command-line applications that are not available in the Flatpack format. The host system for launching containers is based on the official openSUSE Tumbleweed repository .

MicroOS was developed for deployment in large-scale environments (for example, in data centers), but it is also capable of working on single machines.

An example of another similar development is NixOS.. This is a Linux distribution based on the Nix package manager. Its main feature is a declarative description of configurations. The administrator does not need to install the system and configure it manually. The state is registered in a special file: all packets and authentication settings are indicated there. Further, the package manager automatically brings the OS to the specified state.

This system is actively used by cloud providers, universities and IT companies.

In any case, Silverblue has a chance to occupy its niche in the market. Will it succeed - to be seen in the future.

---

Resources from the First Corporate IaaS Blog:

• What is a service-defined firewall and how does it work
• What could hinder the development of quantum computers
• What new computing systems may appear in the data center

Additional reading on Habré:

• What Border Gateway Protocol incidents can be highlighted over the past few years
• ICANN removes price threshold for .org domain - why the IT community is against and what will happen next