#646 Infographics for marketing: Fedora Silverblue
Opened a year ago by x3mboy. Modified a month ago

phenomenon

In the Marketing team, we want to launch a series of infographics, as we stated in design#614. The first one is great, and we want to continue with the idea.

reason

Explained above

recommendation

This is the idea:

Fedora Silverblue

Fedora Silverblue is an immutable desktop operating system. It aims to be extremely stable and reliable. It also aims to be an excellent platform for developers and for those using container-focused workflows.

About the project

Is it Team Silverblue, Silverblue, or Fedora Silverblue?

We chose the name Team Silverblue to refer to the overall project. Fedora Silverblue will be used for the OS that we are producing, but calling it Silverblue in its short version is fine as well.

Why does the Silverblue logo look like a leaf?

Our favorite choice for a project name was Silverleaf, but that sadly did not work out. We just couldn’t quite let go of the leaf. You could also say that Silverblue is a new new leaf on Fedora’s OSTree.

Is Silverbue another GNOME OS?

GNOME OS was a codename that was used by the upstream GNOME project for a while to refer to the idea of designing the entire deskotp user experience. By contrast, Silverblue is an effort inside the Fedora project, and will be built with existing Fedora technologies. However, the two efforts do share a desire to deliver a user experience that is polished and coherent.

What is Silverblue’s relationship with Project Atomic?

Fedora Silverblue uses the same core technology as Fedora Atomic Host (as well as its successor, Fedora CoreOS). However, Silverblue is specifically focused on workstation/desktop use cases.

Getting Started

Silverblue is designed to be easy and straightforward to use, and specialist knowledge should generally not be required. However, Silverblue is built differently from other operating systems, and there are therefore some things that it is useful to know.

Silverblue has different options for installing software, compared with a standard Fedora Workstation (or other package-based Linux distributions). These include:

  • Flatpak apps: this is the primary way that (GUI) apps get installed on Silverblue.
  • Toolbox: Used primarily for CLI apps; development, debugging tools etc.
  • Package layering: The rpm-ostree tool used for host updates is a full hybrid image/package system. By default the system operates in pure image mode, but package layering is useful for things like libvirt, drivers, etc.

Flatpak

Flatpak is the primary way that apps can be installed on Silverblue. (For information, see flatpak.org.) Flatpak works out of the box in Fedora Silverblue, and Fedora provides a small (but growing) collection of apps that can be installed.

The other main source of Flatpak apps is Flathub, which provides a large repository of Flatpak apps that can be installed.

Technical FAQ

How can I install Eclipse on Silverblue?

An experimental nightly build of Eclipse is available to download.

How do I create a VPN connection?

/etc is not part of the immutable OS image, so you can just copy files into /etc/NetworkManager/system-connections (or let NetworkManager store them there when you recreate your connections). Certificates in /etc/pki need to be handled similarly.

How can I play more videos in Firefox, like YouTube?

Firefox is included in the OS image for now. Until that changes, getting it to play videos works the same way as it does for the regular Fedora Workstation: find a package with the needed codecs, and install it. The one difference is that you use rpm-ostree install instead of dnf install. An alternative solution is to install the nightly Firefox, which is available as a Flatpak.

Credits to Silverblue Team


Thanks for starting this - an infographic for Silverblue is a great idea!

In terms of content, I can think of two ideas that could be really cool:

  1. A diagram of the OS architecture. This would illustrate how the different parts fit together, including the OS image, Flatpaks, containers, toolboxes and package layering.
  2. An overview of the common commands needed on Silverblue, including:
    - Updating with rpm-ostree
    - Package layering with rpm-ostree
    - Creating and entering toolboxes
    - Some basic flatpak commands - search, list, install, remove

Information on these topics can be found in the Silverblue docs.

I was navigating through the docs and I didn't find anything like a diagram. One would be super cool to have. About the commands, the idea is to have it in part 2 ;-)

Sketch of a basic architecture diagram:

Screenshot_from_2019-06-06_10-15-14.png

A bigger version could include details about each section.

Hello all. I'm taking this ticket, however, the explanatory content is quite big already, so I would suggest to have 2 infographics for this one instead of one (or a single one with 2 pages). One for the general explanation of Silverblue, and a more detailed one with the setup and diagrams.

How does this sound?

Well, more inforgraphics will be better for the campaign, so +1 from me

The explanations for flatpaks, toolboxes, and layered packages are really confusing and don't really explain what they are and how they work. I know what a flatpak is and use them all the time - never heard of toolboxes, and still don't get what they are. I would revisit how these are explained in the copy.

Metadata Update from @duffy:
- Issue assigned to tatica
- Issue tagged with: triaged

a year ago

I'm not sure that the topics in the existing copy are particularly interesting, to be honest.

The following could be useful to focus on:

  • What makes Silverblue different from a package-based system?
  • How does an immutable, image-based, OS work? What are the advantages?
  • How do you install software?
  • What are the key technologies involved? (ostree, rpm-ostree, buildah, podman, toolbox, flatpak, etc)
  • What are the commands that you need to know?
  • Who should use it? Why?

@aday I will appreciate some help with the text. I just put the info that is in the docs.

Marking this blocked on content.

Metadata Update from @duffy:
- Issue tagged with: blocked

a year ago

Hi all, this issue has been sitting in a blocked state for a month. Is there someone responsible for Silverblue marketing content that we could tap to help us finesse the content here and get things moving again?

Let me ask in their discourse instance, because IRC is invite-only and they don't use ML. I'll let you know ASAP

Let me ask in their discourse instance, because IRC is invite-only and they don't use ML. I'll let you know ASAP

Your user just needs to be registered in freenode (for spam-blocking purposes). Anyone is welcome to join #silverblue

@aday do we have an advance on this?

Eclipse is available through the Flathub repo in it's stable release version in two forms,

Eclipse IDE for Eclipse Committers                           org.eclipse.Committers                                          4.13                         stable
Eclipse IDE for Java Developers org.eclipse.Java 4.13 stable

For rpm-ostree info https://rpm-ostree.readthedocs.io/en/latest/ is a good resource for info as to why use it "One major feature rpm-ostree has over traditional package management is atomic upgrade/rollback." This is the promise of not being left with a broken system after doing an update, even if it fails, you can always choose the previous working commit.
The OS (Silverblue), much like CoreOS, is designed for container based workflows being used. This includes Flatpaks, which have much in common with containers, but are essentially monoliths WRT their supporting libraries. Containers in comparison, have more flexibility in how they are exploited, can have multiple apps installed in them, and can be used in Pods via Podman. The ToolBox is a container specifically tweaked to support using the user session ID and home directory access along with the users environment variables (ie shell choice, $PATH, etc...) essentially appearing as a terminal in a standard Fedora Workstation, with all of the wonderful familiar tools such as DNF to name one.
At the heart of Silverblue are the ideas of an immutable OS with layering capabilities (rpm-ostree), applications delivered as a stack with minimal requirements from the base OS and delivering consistent user experience across OS's (Flatpaks), and support for container based workflows on a local system (Podman/Buildah) plus a container geared towards developers (Toolbox). In that Silverblue is potentially the replacement for the current Fedora Workstation, it has been equipped to be heavily customized by the user, and many things I would tweak on Fedora WS I tweak on Silverblue too. Anyway, I think two parts is a good idea since there is a lot of info to digest at first if you are diving in like I did.

I will read this and come up with a draft. Hopefully I can have something for tonight.

I think eclipse is not the scope of this. The idea is to present Silverblue to the people, the eclipse part is there because in the official docs is there. But we can just put something else that can help people to understand the philosophy behind Silverblue or somethinig about flatpak.

Hello @x3mboy ,
How is this going? I take it not so fast. What can I do to help move it forward? Assuming I can do anything to of course.

Okay, so this is what I got. I hope it is helpful to move this forward. I have pasted it here, but I have the doc on my system if needed, just advise.
Silverblue Infographic - some answers

  • What makes Silverblue different from a package-based system?
  • How does an immutable, image-based, OS work? What are the advantages?
  • How do you install software?
  • What are the key technologies involved? (ostree, rpm-ostree, buildah, podman, toolbox, flatpak, etc)
  • What are the commands that you need to know?
  • Who should use it? Why?

What makes Silverblue different from a package-based system?

Well, Silverblue is sort of a packaged based system. It has at it's core an immutable image called a commit. An Ostree git like immutable image, onto which rpm-ostree using libdnf, allows package layering by the user. Silverblue is updated by the Fedora Silverblue team on a regular basis (following along with Fedora Workstation release/update cadance). The layering is tracked locally, and the new image is combined with the local layering/override information into a new commit image stored locally, to be booted on the next reboot. The need to reboot is something that seems to irritate some users, but it is far outwieghed by the added security of being able to roll back your OS to a known functioning state in the event the update introduces a bug or the image is somehow unbootable.

How does an immutable, image-based, OS work? What are the advantages?

Silverblue is an immutable, image based OS, based on libostree. From the libostree docs ...

The core OSTree model is like git in that it checksums individual files and has a content-addressed-object store. It's unlike git in that it "checks out" the files via hardlinks, and they thus need to be immutable to prevent corruption. Therefore, another way to think of OSTree is that it's just a more polished version of Linux VServer hardlinks.

What libostree brings for features

  • Transactional upgrades and rollback for the system
  • Replicating content incrementally over HTTP via GPG signatures and "pinned TLS" support
  • Support for parallel installing more than just 2 bootable roots
  • Binary history on the server side (and client)
  • Introspectable shared library API for build and deployment systems
  • Flexible support for multiple branches and repositories, supporting
    projects like flatpak which use libostree for applications, rather than hosts.

So that's how an image based system works using libostree, but Silverblue is an rpm-ostree based system which from rpm-ostree doc's is ...

rpm-ostree is a hybrid image/package system. It uses libOSTree as a base image format, and accepts RPM on both the client and server side, sharing
code with the dnf project; specifically libdnf.

What libdnf brings for features

Well, the features being brought forward by libdnf are of course package management through layering rpm-ostree performs locally on the client, to the server side commit image.

This combination results in core OS image flexibility normally not associated with image based systems, and still maintaining the security of known working state rollback of the OS if there is a failure of deploying the new image. The resulting system is very stable in use. The different approach to OS that it is, does require a subtle paradigm shift by the user around what constitutes a functioning workstation.

How do you install software?

Gnome software still works like normal. Fedora's flatpak repository is growing in content and is enabled by default. The user can enable flathub or other 3rd party repos to install flatpaks from different sources. You can of course install flatpaks via the command line interface by opening an interactive terminal session, and using the flatpak install command.

That was flatpaks, now onto packages. To install packages on Silverblue, the rpm-ostree install command is used. It is worth noting that rpm-ostree does not have robust package querying capabilities built in, so the user should know what the package is actually called by dnf to install it. If the user has more than one package to layer, they can list them in a space separated list. So the command would be rpm-ostree install package1-name package2-name packageN-name and afterwards the local image is built, then the user is prompted to reboot.

What are the key technologies involved? (ostree, rpm-ostree, buildah, podman, toolbox, flatpak, etc)

Silverblue is an image/package based OS which employs rpm-ostree for it's <u>image/packaging system</u>. The technologies behind those abilities in rpm-ostree are libostree and libdnf. Silverblue, like Fedora CoreOS is a container based workflow system, while Fedora CoreOS is more server focused, SIlverblue is meant to be used as a workstation. When containers are mentioned Docker is still the defacto container management/build/deploy system that comes to mind for many. Docker is inherintly insecure for users to run directly due to needing a daemon running, which means root privelages. On Silverblue Docker is replaced with Podman, Buildah, and Skopeo. None of which require a daemon to be running, so rootless containers. Podman, manages containers (and Pods - think Kubernettes), Buildah builds OCI container images, Skopeo inspects and can manipulate (such as copy/delete) those container images.The rootless containers allows the user to create and manage their own container and images as they need/desire, without the security related issues of containers running as root. Podman, Buildah and Skopeo are using the crun container runtime as it uses cgroups v2. They exploit the UID GID range capability to create rootless containers based on the users UID and GID ranges. Referring to this First Look: Rootless Containers and cgroup v2 on Fedora 31 | podman.io. It also might be good to highlight the fact Docker is not using cgroups V2 as of yet. Flatpaks are a technology for delivering applications as a monolithic app with dependencies in their deployment tree. As noted in the libostree doc's,

they are a container based technology that employs the file features such as the "git-like hardlink dedup". For example, flatpak supports a per-user OSTree repository.

As a project that uses libostree, it makes for a good fit in Silverblue to deliver user GUI apps via Flatpak.

There is also a need in container based workflows, especially for developers, but not exclusively for them, to have containers setup for specific uses, toolbox was created to help provide this Pet container. It is a ready made Pet Container to be used and abused as desired without fear of system failure due to it's limited host system access. Based on a Fedora container image that is release specific, it can be used to create and run containers that come ready to be setup as the user wishes, using the familiar dnf package management tool. The container is deployed as a subuid of the user and when they enter the container they are subsequently seen as root from the containers POV. The toolbox container shares the user home directory, and the user can read/write files in their home directory from within the container. Toolbox presents an opportunity to the user for more flexibility in their workflow as another tool in their kit for their daily tasks.

What are the commands that you need to know?

Silverblue is predominently a DE based GUI-centric OS. A great number of users will undoubtalby never open a terminal to access a command line. Also, many users won't ever modify their startup files (think /etc/profile, /etc/bashrc, ~/.bash_profile, ~/.bash_login, ~bash_logout, ~/.bashrc) or write custom scripts for repetative daily usage tasks. But they can, and Silverblue will usually behave the same way as the standard Fedora Workstation does with similar modifications to those files. So customizing your prompt, or using your personally tweaked ~/.vimrc file is all still available.

From the command line some of the most useful commands are ...

  • flatpak remotes - will list all configured remotes (software repos)

  • flatpak remote-add - is used for adding a remote to install software from

  • flatpak remote-ls - is used to querry the contents of a remote (what apps are there)

  • flatpak install - to install the application desired

  • flatpak repair - sometimes if you are experiencing issues around flatpak behaviour this command will clean the trees and prune as needed

  • rpm-ostree status - to check on your rpm-ostree commit's currently active on the system (current and rollbask typically)

  • rpm-ostree cleanup -m - will clean up the metadata for rpm-ostree.

  • rpm-ostree rollback - will reset the default boot commit to the previous commit before the current one in use. Useful for recovering from a botched system update

  • rpm-ostree upgrade - will perform a system upgrade.

  • rpm-ostree install <somepackage> - will install the desired package as a layered package onto the base commit image. Generally this can be any package you would have normally installed on a Fedora Workstation using dnf.

  • systemctl reboot - something you will need to switch to the newly created commit on your system after using rpm-ostree to modify the system.

Obviously there is more I can add here on commonly used commands, but these are some of the first ones you will need to know and use on Silverblue.

Who should use it? Why?

Silverblue should be easily used by anyone looking for a stable Fedora Workstation who would like to exploit container based workflows. But not just them, it is for anyone who wants an added layer of system integrety combined with fast recovery if things go sideways. The immutable OS with the core base image having been tested and built as a known working release is a well liked feature from the community of users, as well as developers. Flatpaks are an ever expanding universe of software applications for Linux, and for developers are a way of controlling the dependencies better. The Toolbox pet container is a great place to test things out, and if you mess up, just delete it and make another and start over. I have a good friend who is visually impaired that I switched to SIlverblue from Fedora Workstation. He is very happy with the switch, and quite frankly found little or no difference in use, except his system is incredibly stable in his words.

Ok, I think we have the updated info. @tatica can you create something using the info provided by @jakfrost

Login to comment on this ticket.

Metadata
Attachments 1