So I took the plunge and installed Fedora Silverblue because of all that immutable buzz. And it’s the most frustrating change I have made in almost 20 years of my distrohopping.
After installing Silverblue I configured it as usual. I installed necessary flatpaks, played with toolbox and distrobox, installed codecs, configured my bluetooth keyboard and other stuff in /etc and /var. Applied some useful tweaks I found on the web and… well… everything works. Nothing to do anymore. No issues. Nothing breaks, no dependency hell, everything runs smooth. I have nothing to tweak, tinker or configure anymore. So frustrating.
Every update is just… meh. Smooth, new, fresh system not affected by my stupid tweaking and breaking. Booooring.
I don’t have to distrohop anymore. If I want other distros I can just install them in distrobox. Other versions of apps? Something from AUR perhaps…? No problem. What’s the point of distrohopping now? Other DEs? I just rebase my system to other images with almost any DE or WM I want without losing data or messing everything up (damn you, UBlue!).
I don’t even have to reinstall the damn thing cause every time I update the system or rebase it to another image it’s like reinstalling it.
Silverblue killed distrohopping for me. Really frustrating.
What is silver blue, and how does it differ from vanilla Fedora?
It’s an immutable/atomic version of Fedora: https://fedoraproject.org/atomic-desktops/silverblue/
My understanding is that the core system is immutable (read-only) and major upgrades essentially just swap out that whole layer. Updates are atomic, meaning the entire thing either succeeds or fails and you can never end up with a broken half-updated system. UI apps all run using Flatpak.
I’ve never tried it though!
Ew Flatpak. Feels like an OS inside an OS. And it also feels bloated. Like almost one GB just to install an emulator.
you want your application to work everywhere, that’s why flatpak is needed, no one complains about nix, when they have the same principle, flatpak is just more distro-agnostic and with a more powerful sandbox
The quoted storage figures for Flatpaks are misleading. They don’t use that much. I have 50+ Flatpaks installed and they use barely more than 2.4GB.
And Flatpaks are great. There’s nothing to ew at.
deleted by creator
deleted by creator
deleted by creator
deleted by creator
It’s immutable (aka. atomic), which means the system files cannot be changed, even by root. System updates come as complete system snapshots of the core filesystem, and everything else exists in containers or filesystem overlays (user directory is still writeable). Containers and the user’s home directory are unaffected by the updates, so the update process is typically much safer overall.
If an update does break something, you can easily do
rpm-ostree rollback, and everything will be working again. On top of that, you can swap between versions with a simplerebasecommand (e.g. swap between Silverblue and Kinoite, Kinoite and Bazzite).It’s immutable (aka. atomic), which means the system files cannot be changed, even by root.
This is a definite “well um actually” moment, but technically immutability can be switched off at any time with
chattr, and “true” immutability will not be achieved until full image signing is commonplace. You can see the ideas laid out here: https://github.com/ostreedev/ostree/issues/2867It does let you do cool things though, like install nix: https://github.com/dnkmmr69420/nix-installer-scripts/blob/main/installer-scripts/silverblue-nix-installer.sh
don’t use that use this https://github.com/DeterminateSystems/nix-installer
up-to-date, full support silverblue, don’t need to unlock the filesystem, full support for selinux too, they create the /etc/nix forlder and mount it on /nix
Yeah, I was just linking the other one because its usage of temporarily disabling immutability is more apparent. That one also disables immutability temporarily to install nix.
It’s an “immutable” Fedora, that is, the system comes as a read only image, kind of like how android works. Anything you do is “layered” on top of that image. This means you have to actually try to break it, because you can undo anything you did to break it by simply not booting with the extra layer(s).
You’re encouraged to install in userspace flatpaks instead of system-wide rpms where possible, as system-wide rpms means adding a layer on top if the image as it is.
Oh I thought Fedora itself was immutable
the default fedora installation isn’t, but fedora atomic is
Oh man. I’m so sorry for your loss. May your system break at some vague point in the future in a way that is nigh impossible to diagnose and that no one else seems to have experienced. Godspeed, you unwillingly content penguin!
that the thing, if it breaks, the roolback is there or simply rebase without merging /etc, so basically a factory reset
I’ve had a similar experience with Guix.
Can you still install extensions in GNOME? I hate the defaults
Yes but only from Gnome directly with an app called extensions manager. You can’t install them from the Fedora repo.
Thank you!
You need to install a rootkit ASAP.
Agreed. Been super boring and stable on Aurora.
Is this a First Linux-World Problem? :D
To me, I like how clean and coherent GNOME looks like, but what I don’t like about it, is how hostile it is in regarding of themeing/coloring.
Have you tried Gradience?
Yeah I tried it, but sadly it didn’t really worked well in for example Geary.
I don’t support that some want to push their own theme. Just use the provided theme. You may create your own custom theme but that should be able to be used everywhere. App icons can be part of a theme.
Yeah I get the rational, and that DEs shouldn’t theme them apps but I want to have some sort of customization (not just an accent color).
Thank you. I feel like I’ve found a new way to respect developers that I hadn’t considered before.
Aren’t a lot of these issues due to gtk not being as theme friendly as Qt?
It is my understanding that a lot of thought and care is put into the design language and appearance of applications and frameworks. However the same level of consideration is not usually afforded to skins and themes, which are often released an never updated again. This can cause usability issues and sometimes even breakages. Of course, people are free to do as they please with their computers.
Screw that.
Yeah. My guess is that for every meticulously hand crafted ui, there’s 10 that just go with the default. If a user wants an icon pack where🤘means home, they’ll be perfectly fine with navigating your application.
Developers can always include an option to disable styling if that would severely break the ui. But personally, I’d rather use a application that looks roughly like every other one in the system, than one that’s so specifically designed that it doesn’t.
You got me so good. Been using fedora for a few years now and I’ve been hesitant to hop to silverblue but now, after reading your issues with it I might just have to stay away. I can’t imagine a world of painless updates and rebasing smoothly. If I don’t have things to troubleshoot what else am I gonna do on my PC!
And good resources on how to learn to use Toolbox properly?
TL;DR Don’t (unless your needs are really basic or you really don’t want to layer more packages)
Distrobox ftw, its website is pretty good to find all its features and it has a neat GUI BoxBuddy too! And also the generic Pods can be useful for more advanced needs.
Extra tip: if you have more time to spend on learning, I think Nix Home Manager will actually be the better solution in the long run, no need to worry about containers breaking in some way after system updates with scattered solutions that are hard to understand and remember, also you get to bring your configuration anywhere
Toolbox create Toolbox enterNow you have a standard Fedora command line system that shares your home folder but otherwise has its own filesystem.
There’s more options (like using other distro’s), but it’s really not complicated.To install CLI stuff that needs to access your host system’s root files, use rpm-ostree (but if you need a lot of that, use a non-immutable distro instead).
I actually use neither anymore. My stuff I actually want to work with is in home and I have no need to tinker on this system, cause it just works.
feels like this post was sponsored by Anne Hathaway
I rebase quite often, its the better distrohopping.
Have a look at Fedora Discuss, interesting things there.
What does rebasing mean in this context? I try to google it, but all I get is git rebase.
Any articles about it that are worth reading? Or if you can explain, that would be neat. Thanks!
Its the same :D
Rebasing refers to an OSTree remote which is like a git repo, but with binaries and producing bootable systems. There are some differences there.
The idea is: there is a remote that has the exact wanted configuration, your system mirrors it. All the package manager does is similar to
git pull.If you rebase, you switch the upstream remote, and your system gets the diffs, downloads them.
The cool thing is, that these updates are atomic, so you stay on the current system and the rebased one is only set as the system you boot in after a reboot. You can still
sudo ostree admin pin 0before rebasing, and your current system will be saved forever to switch back to.Note that /etc is writable so you might still accumulate duplicate or redundant configs.
Thanks!
It’s a command provided by the OS to distrotop between ublue distros. You can basically hop between silverblue, Kionite and Bazzite with a single command.
So, this is only available for Fedora users?
ostree based distros*, the default fedora don’t use ostree so you can’t rebase, bazzite is not fedora but they also use ostree, so you rebase there
I have so much to learn. Last time I was tracking distros and having fun with distro hopping was with Slackware 7, I think.
What is ostree? What is bazzite? Time to google stuff.
I’m still getting things set for Silverblue to be my baremetal hypervisor distro on my laptop. And by that, I mean giving up on Incus, setting up libvirt, and… everything is working like it should. I wasn’t expecting that. Now, I’ve got to find something else to do with my time.
What’d you dislike about Incus that libvirt does easier? I’m on a similar trajectory as you. I have Incus on Debian but I am transitioning to IoT for that machine. I kinda like Incus. I want to attach USB devices to a couple of my containers, it was a learning curve but eventually worked out alright.
For me, I think it’s just not ready for non-Debian distros yet. The docs and packages just aren’t up to parity. I like a lot about Incus and its general direction but libvirt and virt-manager are fully functional at the moment. Passing through devices with virt-manager is dead easy.
What an horror ! What are you gonna do ? Use your working system ? That’s sad…
Welcome to the very reason I’ll never ever try Silveblue 😄
Only thing I haven’t figured out, yet, is how to install the Private Internet Access client. It uses a
.runinstall script, and it fails when installing viarpm-ostree(tries to write to/etc) and doesn’t like being installed in a Distrobox (needs systemd).But yeah, I’m currently looking at some other options for my main system to drop Windows, and I’m always comparing to Fedora Atomics, now.
why not use fedora’s built-in openvpn client and just add the pia info? That should likely work. https://helpdesk.privateinternetaccess.com/guides/linux/linux-installing-openvpn-through-the-terminal
or built-in wireguard client? https://helpdesk.privateinternetaccess.com/guides/linux/alternative-setups-4/linux-manual-connection-scripts
I do use OVPN. PIA didn’t have a standalone WG config apart from their client when I last checked, so I’ll have to look at that second article and see if it’s workable, because the other issue is ease of use (I’m not the only one using it, you see).
Thanks for the info, though! Might solve my last hangup.
I don’t use PIA, but /opt and /etc are both r/w in Silverblue/Kionite
I’ll have to give that a try, then. Doesn’t work on Bazzite.
Any program with an install script makes assumptions about your system, if it doesn’t work it just isn’t compatible.
Either modify the script, package the software for your distro or find out if someone else has done it.
My first instinct would be to look if it’s in the AUR and install it inside an Arch Toolbox.Yeah, third-party Linux VPN clients are pretty screwed on silverblue, and probably always will be. Especially since when installed in a container, they require being ran in a rootful container with selinux labeling disabled to enable direct access to /dev/net/tun, and as you’ve quickly found out, most of those weird bash based installers haven’t adapted. It’s best to use generic VPN configs through your DE atm.
you can unlock your /usr with rpm-ostree usroverlay
Oh, hmm. I’ll have to look at that. I didn’t know you could unlock the overlay for specific folders
you can unlock the file system, don’t remember how tho
Wouldn’t help, because any changes I make would be wiped out on the next update (plus it kind of defeats the purpose of an immutable system). I don’t want to go down that road, primarily because the maintenance needs to be as easy as clicking a button (I’m not the only user, so ease of use is necessary).
The better option would be to have it live in the filesystem overlay, but I can’t seem to get that to work. It’s possible that it could be a flatpak, as ProtonVPN has their client as a flatpak, but PIA doesn’t seem all that interested in throwing any bones to Linux users.
