I recently switched my regular Fedora 31 workstation over to the 31 Silverblue release. I’ve played with Project Atomic before and have been meaning to try it out more seriously for a while, but never had the time. Silverblue provided the catalyst to do that.
What this brings to the table is quite amazing and seriously impressive. The base OS is immutable and everyone’s install is identical. This means quality can be improved as there are less combinations and it’s easier to test. Upgrades to the next major version of Fedora are fast and secure. Instead of updating thousands of RPMs in-place, the new image is downloaded and the system reboots into it. As the underlying images don’t change, it also offers full rollback support.
This is similar to how platforms like Chrome OS and Android work, but thanks to ostree it’s now available for Linux desktops! That is pretty neat.
It doesn’t come with a standard package manager like dnf. Instead, any packages or changes you need to perform on the base OS are done using rpm-ostree command, which actually layers them on top.
And while technically you can install anything using rpm-ostree, ideally this should be avoided as much as possible (some low level apps like shells and libvirt may require it, though). Flatpak apps and containers are the standard way to consume packages. As these are kept separate from the base OS, it also helps improve stability and reliability.
Installing Silverblue
I copied the Silverblue installer to a USB stick and booted it to do the install. As my Dell XPS has an NVIDIA card, I modified the installer’s kernel args and disabled the nouveau driver with the usual nouveau.modeset=0 to get the install GUI to show up.
I’m also running in UEFI mode and due to a bug you have to use a separate, dedicated /boot/efi partition for Silverblue (personally, I think that’s a good thing to do anyway). Otherwise, the install looks pretty much the same as regular Fedora and went smoothly.
Once installed, I blacklisted the nouveau driver and rebooted. To make these kernel arguments permanent, we don’t use grub2, we set kernel args with rpm-ostree.
rpm-ostree kargs --append=modprobe.blacklist=nouveau --append=rd.driver.blacklist=nouveau
The NVIDIA drivers from RPMFusion are supported, so following this I had to add the repositories and drivers as RPMs on the base image.
rpm-ostree install \
https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-31.noarch.rpm \
https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-31.noarch.rpm
systemctl reboot
Once rebooted I then installed the necessary packages and rebooted again to activate them.
rpm-ostree install akmod-nvidia xorg-x11-drv-nvidia-cuda libva-utils libva-vdpau-driver gstreamer1-libav
rpm-ostree kargs --append=nvidia-drm.modeset=1
systemctl reboot
That was the base setup complete, which all went pretty smoothly. What you’re left with is the base OS with GNOME and a few core apps.
Working with Silverblue
Using Silverblue is a different way of working than I have been used to. As mentioned above, there is no dnf command and packages are layered on top of the base OS with the rpm-ostree command. Because this is a layer, installing a new RPM requires a reboot to activate it, which is quite painful when you’re in the middle of some work and realise you need a program.
The answer though, is to use more containers instead of RPMs as I’m used to.
Containers
As I wrote about in an earlier blog post, toolbox is wrapper for setting up containers and compliments Silverblue wonderfully. If you need to install any terminal apps, give this a shot. Creating and running a container is as simple as this.
toolbox create
toolbox enter
Once inside your container use it like a normal Fedora machine (dnf is available!).
As rpm-ostree has no search function, using a container is the expected way to do this. Having created the container above, you can now use it (without entering it first) to perform package searches.
toolbox run dnf search vim
Apps
Graphical apps are managed with Flatpak, the new way to deliver secure, isolated programs on Linux. Silverblue is configured to use Fedora apps out of the box, and you can also add Flathub as a third party repo.
I experienced some small glitches with the Software GUI program when applying updates, but I don’t normally use it so I’m not sure if it’s just beta issues or not. As the default install is more sparse than usual, you’ll find yourself needing to install the apps you use. I really like this approach, it keeps the base system smaller and cleaner.
While Fedora provides their own Firefox package in Flatpak format (which is great) Mozilla also just recently started publishing their official package to Flathub. So, to install that, we simply add the Flathub as a repository and install away!
flatpak remote-add flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak update
flatpak install org.mozilla.firefox
After install, Firefox should appears as a regular app inside GNOME.
If you need to revert to an earlier version of a Flatpak (which I did when I was testing out Firefox beta), you can fetch the remote log for the app, then update to a specific commit.
flatpak remote-info --log flathub-beta org.mozilla.firefox//beta
flatpak update \
--commit 908489d0a77aaa8f03ca8699b489975b4b75d4470ce9bac92e56c7d089a4a869 \
org.mozilla.firefox//beta
Replacing system packages
If you have installed a Flatpak, like Firefox, and no-longer want to use the RPM version included in the base OS, you can use rpm-ostree to override it.
rpm-ostree override remove firefox
After a reboot, you will only see your Flatpak version.
Upgrades
I upgraded from 31 to the 32 beta, which was very fast by comparison to regular Fedora (because it just needs to download the new base image) and pretty seamless.
The only hiccup I had was needing to remove RPMFusion 31 release RPMs first, upgrade the base to 32, then install the RPMFusion 32 release RPMs. After that, I did an update for good measure.
rpm-ostree uninstall rpmfusion-nonfree-release rpmfusion-free-release
rpm-ostree rebase fedora:fedora/32/x86_64/silverblue
rpm-ostree install \
https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-32.noarch.rpm \
https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-32.noarch.rpm
systemctl reboot
Then post reboot, I did a manual update of the system.
rpm-ostree upgrade
You can see the current status of your system with the rpm-ostree command.
rpm-ostree status
On my system you can see the ostree I’m using, the commit as well as both layered and local packages.
State: idle
AutomaticUpdates: disabled
Deployments:
● ostree://fedora:fedora/32/x86_64/silverblue
Version: 32.20200410.n.0 (2020-04-10T08:35:30Z)
BaseCommit: d809af7c4f170a2175ffa1374827dd55e923209aec4a7fb4dfc7b87cd6c110c9
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
LayeredPackages: akmod-nvidia git gstreamer1-libav ipmitool libva-utils libva-vdpau-driver libvirt
pass powertop screen tcpdump tmux vim virt-manager xorg-x11-drv-nvidia-cuda
LocalPackages: rpmfusion-free-release-32-0.3.noarch rpmfusion-nonfree-release-32-0.4.noarch
ostree://fedora:fedora/32/x86_64/silverblue
Version: 32.20200410.n.0 (2020-04-10T08:35:30Z)
BaseCommit: d809af7c4f170a2175ffa1374827dd55e923209aec4a7fb4dfc7b87cd6c110c9
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
LayeredPackages: akmod-nvidia git gstreamer1-libav ipmitool libva-utils libva-vdpau-driver libvirt
pass powertop screen tcpdump tmux vim virt-manager xorg-x11-drv-nvidia-cuda
LocalPackages: rpmfusion-free-release-32-0.3.noarch rpmfusion-nonfree-release-32-0.4.noarch
To revert to the previous version temporarily, simply select it from the grub boot menu and you’ll go back in time. If you want to make this permanent, you can rollback to the previous state instead and then just reboot.
rpm-ostree rollback
Silverblue is really impressive and works well. I will continue to use it as my daily driver and see how it goes over time.
Tips
I have run into a couple of issues, mostly around using the Software GUI (which I don’t normally use). Mostly these were things like it listing updates for Flatpaks which were not actually there fore update, and when you tied to update it didn’t do anything.
If you hit issues, you can try clearing out the Software data and loading the program again.
pkill gnome-software
rm -rf ~/.cache/gnome-software
If you need to, you can also clean out and refresh the rpm-ostree cache and do an update.
rpm-ostree cleanup -m
rpm-ostree update
To repair and update Flatpaks, if you need to.
flatpak repair
flatpak update
Also see
Making dnf on the host terminal a little easier with aliases.
Accessing USB serial devices on the host and in a toolbox container.
8 thoughts on “Fedora Silverblue is an amazing immutable desktop”
Nice post. i wonder if hp-plugin (proprietary plugin required for HP laser printers) will install in Silverblue. I tried using openSUSE’s transactional-server role as a desktop, but couldn’t get the HP plugin installed and had to switch back to regular TW. I suspect hp-plugin is trying to write to the root filesystem and can’t. I wonder what other peripherals might not work with Silverblue and openSUSE immutable OSes.
I haven’t looked, but I expect there are some proprietary devices that do strange things that won’t be able to any more (like writing to random parts of the root file system).
Two questions:
1) I noted on your rpm-ostree status that you had tmux installed via rpm-ostree. Is this a default or did you install it?
2) Do you think gaming would work on a system that uses Silverblue? Either via Steam or some of the native Linux games that many indie devs provide?
Hey Eric, I installed tmux, which is why it shows as a LayeredPackage. For gaming, if the games are provided as Flatpaks then sure, but if you end up installing lots of custom RPMs then it would be a pain as you need to reboot each time.
Hi, is it possible to install cli app on container anda accessed itu by gui installed from flatpak such as hamachi with haguichi?
I’m not sure how those apps work, but both the containers and flatpaks share the same home directory (you can see your home dir inside containers). Flatpaks normally have restrictions about what they can connect to though, so I think you’d have to test it..
Look as some of us are slowly getting to grips with some Ubuntu flavored distros and now Fedora goes it’s own way and provides a whole different way of doing things , I love Linux I am refusing to install Windows 11 enough is enough ……BUT i’m being put off by trying Fedora Silverblue which i hear so much about due to the seemingly command line Gymnastics involved to get it up and running – it’s gonna put other users off too this age old problem of different Distros , some sort of “One For All” alliance of distro developers should be formed with the goal of producing something that can rival Windows simplicity and ease of use I like Ubunta cased distros as the install is straightforward usually and installing Apps / Flatpaks while some command line is used it;s not too bad and theres help online – please everyone get together SOMEHOW as i have no time for Microsoft coercing me to do this and that and upgrade my perfectly capable hardware – keep it simple as possible folks – thank you
Quite helpful article. It’s a pity so little has been written on Silverblue outside official channels, so this was a pleasant surprise.
Silverblue mystified me and I went back to Fedora Workstation. The issues were mainly due my lack of understanding how immutable images differ from Workstation.
A week ago, I decided to give Silverblue another try and I’m staying, because I think it is the future in computing.
I did notice you tag podman but don’t reference any commands in your article.