Fedora Atomic Desktops is the umbrella term for Distros like
Silverblue
Kinoite
Sericea, Lazurite, …
They have a different, image-based OS core, which is read-only when used. This is known as “immutable”, but you can actually
add any repos and apps
remove installed apps
apply kernel arguments
…
The benefits are
reduced entropy in the core OS. “Feature X is broken for you? Well I can’t reproduce it”. The system is always the same, pretty much. You can reset it to upstream with rpm-ostree reset
updates are rock stable, as they are “atomic”. Either it works or it fails. Also they are done while the system runs and leaving your running system 100% unmodified. They use BTRFS for its copy-on-write features and also deduplicate files to save space (just like Flatpak does, additionally to shared runtimes!)
you can roll back an entire OS version, not only Kernel. This means if a driver fails or any other regression happens, you have a working system, always
viruses are a bit harder to install, but not really as /var/home is mounted executable and everything is writable by the user. It is a start though.
Modifications can still be done
manual changes using rpm-ostree
changing the upstream image, with ublue having made an entire ecosystem allowing to easily create and automatically maintain your own version
/etc and /var are completely writable
Apps are installed like this:
GUI: preferred Flatpak due to its sandboxing security advantages, isolation from the system, official maintenance (solving the 3rd party distribution issue) (this does not yet include Browsers, which should be installed from official repos)
small apps: can be layered using rpm-ostree install. Will be added to the system on every update and work just like on regular Fedora. Slow down updates, pull in often tons of dependencies and thus should be used sparsely
Distrobox/Toolbox: use this for big apps like RStudio or QGis, which have a ton of dependencies. I recommend Distrobox a lot, as it has easy GUI creation. In general its just [distrobox/toolbox] enter {name} -- {appname}, for example distrobox enter Fedora -- qgis. Distrobox automates the desktop entry creation, its simply cp /usr/share/applications/appname.desktop ~/.local/share/applications/&& sed -i 's/Exec=/Exec=toolbox enter {name} --/g' ~/.local/share/applications/appname.desktop (and a bit more, just use Distrobox)
There are also many more solutions. In theory you can make Snaps work, but just don’t.
There are kata containers which are really fancy and in future will hopefully allow an isolated environment like on ChromeOS…
or you can run normal VMs (You can run libvirt (qemu qemu-kvm) in a rootful Distrobox, virt-manager in a rootless Distrobox and connect over ssh. Or just layer the packages)
You can use binaries like ffmpeg from the Flatpak runtimes.
Also have a look at secureblue, an ecosystem of Fedora Variants with highly improved Security, while perfectly usable.
TL:DR:
Fedora Atomic Desktops is the umbrella term for Distros like
They have a different, image-based OS core, which is read-only when used. This is known as “immutable”, but you can actually
The benefits are
rpm-ostree reset
/var/home
is mounted executable and everything is writable by the user. It is a start though.Modifications can still be done
rpm-ostree
/etc
and/var
are completely writableApps are installed like this:
rpm-ostree install
. Will be added to the system on every update and work just like on regular Fedora. Slow down updates, pull in often tons of dependencies and thus should be used sparsely[distrobox/toolbox] enter {name} -- {appname}
, for exampledistrobox enter Fedora -- qgis
. Distrobox automates the desktop entry creation, its simplycp /usr/share/applications/appname.desktop ~/.local/share/applications/ && sed -i 's/Exec=/Exec=toolbox enter {name} -- /g' ~/.local/share/applications/appname.desktop
(and a bit more, just use Distrobox)There are also many more solutions. In theory you can make Snaps work, but just don’t.
There are kata containers which are really fancy and in future will hopefully allow an isolated environment like on ChromeOS…
or you can run normal VMs (You can run libvirt (
qemu qemu-kvm
) in a rootful Distrobox,virt-manager
in a rootless Distrobox and connect over ssh. Or just layer the packages)You can use binaries like
ffmpeg
from the Flatpak runtimes.Also have a look at secureblue, an ecosystem of Fedora Variants with highly improved Security, while perfectly usable.
And now read the post.