#StandByUkraine

Russian Aggression Must Stop


Distro-hopping to Silverblue

2021/12/05

Tags: linux

For a good while I felt I was over the distro hopping thing. I've used Linux full-time since 2010 and most of the distro-hopping that I've done I did in the first few years, so around 2010-2015. I've run various flavours of Ubuntu on my system, I tried Debian and a few others. Probably the most exotic distro I tested for a while was Sabayon. Eventually I landed on Antergos and then over to EndeavourOS, which is a spritual successor of Antergos of sorts. EndeavourOS felt like a final stop due to its ease of installation but powerful configurability thanks to its Arch-base.

However, fairly recently I heard about Fedora Silverblue and how it uses an immutable root filesystem built on OSTree with an aim to create a rock-solid stable but modern Linux desktop system. Fedora Silverblue definitely falls into the more exotic category of distros along with things like NixOS where certain concepts of Linux system administration are radically changed to achieve certain goals.

I decided to do a quick test-run of it on a VM and found it a bit awkward to use, but certain aspects of it were appealing. At this point it's probably worth going over some of the specifics that make Silverblue not just yet-another-Linux-distro.

Fedora Silverblue is built around the idea that the root filesystem is essentially identical between all installs. Folders like /usr/bin are mounted as a read-only filesystem and thus normal package management tools cannot be used to manage software on the distro. Silverblue uses a helper tool called "rpm-ostree", which is used to upgrade the system. The root is kept read-only and the update it applied elsewhere and the system switches to the new version on next boot. The rpm-ostree tool can also be used to layer packages onto the read-only root, so you can technically use it as your package manager with the caveat that any package install will require a reboot.

Obviously this would make for a fairly miserable user experience, so Silverblue also uses two other methods for software management. The system heavily encourages the use of Flatpak as the software management solution for everyday applications. Secondly, Silverblue provides a tool called Toolbox which uses Podman to create and run containerized environments. By default Toolbox will install a regular Fedora environment where you can just install packages as normal with DNF. It also provides some comfort features like automatically passing your home directory to the container along with important socket files to allow the containerized environment to interact with the rest of your system. You can even install graphical applications into your toolboxes and run them as you would on any ordinary distro.

/img/silverblue/toolbox.png

Initially I dismissed Silverblue after a short trial. Toolbox I found very fascinating but the system administration seemed kind of complex and I found it a bit difficult to figure out how I would handle setting up my development environments and things like that. So, I shelved the idea and went on with my business on EndeavourOS.

However, that's when a couple of things happened. First of all, I was getting impatient with the speed at which Arch Linux was updating the GNOME shell. I was itching to try some stuff in GNOME 41, but it seemed like the update was moving down the Arch Linux pipelines really slowly. Fedora already had it shipped in the beta version of Fedora 35.

Another thing was that the infamous Linus Tech Tips video landed, where Linus Sebastian managed to completely nuke his graphical desktop environment live on video by trying to install a broken Steam package on Pop!_OS. My first reaction to that video was that it would be great if software like Steam was installed in a way that wouldn't affect important core components like your DE.

Both of those things combined made me think that I should take Silverblue for a real spin by installing it on my laptop. That way I could trial it in a more realistic environment than a VM, actually try getting some work (university stuff) done on it and then evaluate if it would be worth moving my desktop over to it.

Long story short, the laptop trial convinced me and I decided that I would upgrade my M.2 SSD from a SATA drive to a 1TB NVMe drive and install Silverblue on that. That way if everything went catastrophically wrong, I could just plop the previous SSD back in and be back to my previous setup within an hour.

/img/silverblue/desktop.png

I've now been using Silverblue on my desktop for a little less than a week. I have managed to get all of my main software installed and configured and the experience thus far has been mostly positive.

My experiences with the laptop indicated that the easiest way to handle things like development tools would be just to set up a big pet container. I could have done something more fancy like per-project containers or using a Docker plugin with Emacs to rapidly move between containers, but in the end it was just easier to set up one big container that now houses essentially all the bits and bops that I need. I've got my Emacs installed there along with a few utilities that I use most. Basically anything that I cannot reasonably install as a Flatpak I just install in the container.

The Toolbox experience with GUI apps has also been very positive. In addition to Emacs, I've tried running even some games of mine off of the toolbox and it has all worked flawlessly. Basically, Toolbox has made it so easy to manage that container that my workflow has basically not been affected at all.

The Flatpak side did take a bit of learning though. I've never had to really use Flatpak and in the past I was even somewhat against Flatpak and Snap as software management solutions. I felt the bundling would cause bloat and long download times and the sandboxing would be either inadequate or too inflexible. I think the bloat side has been fairly well addressed, but using certain Flatpaks is still a bit clumsy. For example, when I installed Steam as a Flatpak it couldn't access my games SSD due to strict sandboxing. I would highly recommend installing Flatseal to manage the permissions of your Flatpaks, particularly to give them access to various directories depending on your needs. However, after I cleared up some of the permission issues, the Flatpak experience has been good. GNOME Software does need some improving though, a particular issue I have is that it seems to want to reload pages somewhat randomly and takes a while in doing so.

The rest of the Fedora vision also lines up fairly well with that of my own. I've already been using Wayland and BTRFS on my EndeavourOS system, so I needed no convincing on either of them. I did tune some of the BTRFS mount options, but other than that I haven't had to make massive configuration changes. Fedora 35 also leverages Pipewire as the default audio server, which is also something that I've been doing for a while. However, the Pipewire configuration on Fedora seems a lot better done than my configs on EndeavourOS. I had some crackling issues on Endeavour with certain apps, but that has not been a thing for me on Fedora. I also didn't have to do anything to get JACK apps to work, so I was able to just install Guitarix off of Flathub and start jamming on my guitar without having to install any extra packages or make any configuration changes, apart from telling Guitarix to use the proper audio input and output.

/img/silverblue/guitarix.png

So far I am quite impressed with how well the system has been working. I still feel like a bit of a newbie with how to do certain things and I feel like there's plenty more to learn, but that's also a good thing. For a while I've kind of felt that every distro is kind of samey with most differences boiling down to what bling you get out of the box and what you call the package manager. In that sense Silverblue has been refreshing because its vision is boldly different but also well argued for.

I am not sure if Silverblue is a fit for everyone just yet. I think right now it can fairly well serve the people who have very basic needs and the very advanced users who aren't afraid to crack open a manual and get their hands dirty. The users that fall in-between might find the system more of a hindrance. However, I think Silverblue is a worthwhile experiment and there's probably a few lessons to be learned here for the wider desktop Linux ecosystem. I think its design provides a fair amount of protection against getting Linus Sebastian'd while also providing powerful tooling in a safe way that allows you to do test things and break stuff while limiting the scope of the damage. For example, I can try out Fedora's equivalent to PPAs, the COPR repositories, and if one of those COPR repos ends up breaking my packages, the damage would be limited to my Toolbox container which I can reroll very quickly. And should an officially sanctioned update go bad, Silverblue provides a method to rollback to the previous version. I can even upgrade from one version of Fedora to another and rollback if I want to, allowing me to try out a beta release with some confidence that I am not going to break things.

Considering how much Fedora's vision and mine align and how solid the experience has been so far, I think I'll keep on using Silverblue for the time being. I don't really miss anything from EndeavourOS and Silverblue has even addressed some annoyances I've had with Endeavour, like kernel updates causing SC Controller to not work until a reboot and the aforementioned Pipewire issues. Fedora also seems to be moving certain packages even faster than Arch and they provide a cohesive experience that requires less tinkering to keep up with new developments in the ecosystem. So, for now I am quite satisfied.

>> Home