My 30 days with Fedora 29 Silverblue

My Ubuntu 16.04 LTS was getting a bit rusty (and it refuses to upgrade to a new release), so I was looking for a new distro for some time. I had already used Debian and Fedora in the past and was considering giving OpenSUSE a try. When I was asking for opinions on OpenSUSE, several friends came up with different suggestions and one of them said that if I wanted something "out there", I should try Fedora Silverblue.

Silverblue?

Silverblue is a Fedora variant that uses OStree and Flatpak instead of dnf. So basically you've got an immutable (read-only) system image built with OStree. Because it is immutable, the Silverblue team get to maintain the same base image for everyone, and when updates are issued, they are distributed as a kind of image "diff". Effectively you get version control for your system image.

For any additional RPMs you want to install, the rpm-ostree tool will create a new image layered on top of the base image. This way you can install RPMs with rpm-ostree the same way you would do with dnf. Layered RPMs are supposed to be used as a tool of last resort. For most applications, Silverblue encourages the use of Flatpak.

Note: because of this setup, the usual directories where software lives are mounted read-only (otherwise how else would you get updates as "diffs" on top of your system?). Effectively almost everything is mounted read-only, directories that have to hold mutable data (/home, /etc and so on) are symlinks to paths in /var. This will be important later in this post.

Installation and First Impressions

The Silverblue website gives you an ISO image that you can download and use the Fedora Media Writer tool to copy it onto a USB stick. Although the website suggests you have to use this tool, you can also just burn the ISO onto a DVD or copy it directly onto a stick with dd or a similar tool.

After booting I was greeted with the familiar Anaconda installer. The installation process is identical with that of regular Fedora and after completing it I booted into a pretty standard-looking GNOME environment.

The Quest for vim

I wanted to install some packages and here's where things get interesting. Of course, dnf is gone, so I naively tried the commands I knew from dnf with rpm-ostree. I tried to run an update and was surprised by:

$ sudo rpm-ostree upgrade
error: System transaction in progress

I did some googling but did not find anything useful. I never found out what my system was busy with, but when I tried again a few minutes later, the error was gone. One annoyance is that after upgrading any RPM, you have to reboot with the new image. This can be avoided if you mostly use Flatpak apps, which is what you are supposed to be doing anyway (and that's what I did for vim).

Vim was really the first thing I installed on the system, as I wanted to write down my first impressions as soon as possible. I looked on Flathub if it was packaged as a flatpak there and it was - great. I had to manually add the Flathub repo as it's not pre-installed in Fedora (why? Licensing requirements).

After that I was able to use vim mostly flawlessly, except for the fact that it had to be launched with:

$ flatpak run --command=vim org.vim.Vim

But I got around it by adding

alias vim="flatpak run --command=vim org.vim.Vim"

to my ~/.bashrc.

Soon after, I discovered that Flatpak vim is not able to access some parts of the filesystem. It was explainted to me that when vim opens, say, a file in /etc, it is actually opening an empty file in the container's, filesystem. Why the vim flatpak maps the home directory onto the container correctly, but not the rest of the filesystem, I never found out. In the end, I ditched vim-as-a-flatpak, and installed vim as a layered package.

Virtualization

I use VMs a lot. On almost all of my personal systems, I've used VirtualBox for this, so naturally not long into my Silverblue journey, I tried to install it. Of course, I had to run into problems sooner or later, so no surprise here that I ended up ditching VirtualBox in favor of QEMU/KVM/libvirt.

Installing VirtualBox involves adding a separate Oracle RPM repository, so the first step was to figure out how to do that with rpm-ostree. I expected loads of difficulties, but it turns out you can just add a yum configuration file to /etc/yum.repos.d and rpm-ostree will use that. So you do the same thing you would do on a regular Fedora distro. This is nice, because it means all your third-party repos should just work without any fuss.

Unfortunately the VirtualBox package didn't play nice with my read-only filesystem. During the post-install it runs some scripts that try do something that requires modifying it. Not happy about that since having virtualization is a deal-breaker for me but folks in the #silverblue IRC channel on Freenode suggested that I use QEMU/KVM with the virt-manager/libvirt front-end. I didn't like libvirt in the past (I thought it was difficult to use), but I gave it a try and it seems okay for now.

Some time after this, Adam Jones told me that GNOME Boxes is packaged as a flatpak. GNOME Boxes is another graphical front-end to libvirt, a replacement to virt-manager. Motivated by wanting to run as many things as flatpaks, I gave it a try, and I'm liking it better that virt-manager. The user interface is really slick and easy to use. But I'm not going to write about that here.

Browsing the Web Like a Human Being

If you like Firefox, you've got a bit more luck, but I use Chrome (neither of those is packaged as a Flatpak though, sadly). You can get Chromium from the standard Fedora repo, but if you're like me, you'll want all the proprietary codecs and other stuff that allows you to just browse the web without things breaking on every corner (sorry, free software hippies), and for that you need the full-fat, colorful, Google-blessed Chrome.

If you've used Chrome on Linux, the way you do that is by installing an RPM from Google's website that in turn sets up a yum/dnf repository, and from then, and up-to-date copy of Google Chrome lives in your /opt. This approach is philosophically at odds with Fedora Silverblue, which considers /opt to be "end-user territory", that is, mounted as read-write (see earlier in this post) and will refuse to install any layered packages in there.

What I did instead was install non-free elements for Chromium from rpmfusion. Adding the rpmfusion repository itself was really easy - if you go to their website they have separate instructions for Silverblue that you can copy and paste. And then it's just a matter of

sudo rpm-ostree install chromium-libs-media-freeworld

And now, my Chromium scores 528 out of 555 in html5test, more than my Debian Stretch running on only free codecs.

EDIT: refi64 has pointed me to his chrome-flatpak that appears as a flatpak but actually runs Chrome on the host. This is what I'm using currently.

Conclusion

In spite of what some people told me, the experience was smooth and nice. I had to make a few sacrifices, but I didn't experience any problems that would make me want to quit Silverblue. I'm going to stay with it for now and see what happens. Kudos to everyone in Team Silverblue and those involved in OSTree and Flatpak - good job!