jamesbunagna

Thank you for chiming in and providing your thoughts!

While we're at it, I absolutely appreciate your work. Wonderful stuff! Thank you from the bottom of my heart!

UKI is something we very much want to do in the future, but it’s a long-term goal

That's lovely to hear!

As far as replacing the init system, I think even in traditional Fedora that would be extremely challenging, but it could probably be done as a custom image.

Aight. I'll change the list then. Thank you for enlightening me on this. The feasibility as a custom image is really encouraging; perhaps I'll give it a go 😜.

Bazzite seemed much closer to being truely immutable

If you meant that it's even harder to tinker/change/configure etc compared to SteamOS, then I'd like to inform you that this is false. Fedora Atomic, and thus Bazzite, facilitates quite a lot actually. Of course, it's not as moldable as say Arch or Gentoo. To illustrate this, I won't bother you with all the things it can do. Because that would take a while. Instead, I'll only focus on the things it actually can not do. On the top of my head, the following comes to mind:

• ~~Rip systemd out and replace it with another init, but I'm unaware if traditional Fedora even facilitates this to begin with.~~ Bazzite's founder came by and corrected me on this. Even this is probably possible as a custom image.
• UKI
• Setup systemd-boot (or any other bootloader) instead of GRUB
• Kmods can be hit or miss; what's found here is accessible. What remains can be very finicky.
• 3rd party repositories can be hit or miss; for example, both Terra and Tailscale work, but e.g. ProtonVPN may not.

Thanks for the nice chitchat! Have a nice day!

Intially looked at Bazzite, which seemed great other than I wasn’t a fan of it immutability, I’ve had to remove the read-only property from my steam deck a few times.

Fwiw, Bazzite handles its 'immutability' vastly different.

Since you seem to know a lot about it let me ask you a couple of things:

😅. I'll try my best 😜.

Bazzite is immutable, right? I’m sure I saw that somewhere and Fedora Atomic is also immutable IIRC

It is correct that the contents of / is immutable at runtime aside from /var and /etc. However, note that a lot of folders like /home and /opt are actually found in /var in response. This is later 'fixed' with symlinks and whatnot. In effect, only the contents of /usr (aside from /usr/share) is off-limits (or 'actual'^[1]^ immutable).

How does the config changes not get overwritten?

I believe my previous paragraph already answers this. But, to be even more elaborate, Fedora Atomic makes use of libostree (read: git for your OS). With this, only the pristine images are 'swapped' in-between updates (or rebases^[2]^). Your changes to the system are found in /var, /etc and in so-called 'layers' only and are not swapped out. Some of these changes are kept track of^[3]^, but most of them reside in /var and will not be touched by libostree.

The whole point of an immutable distro is to prevent changes to files to ensure things keep working

Kinda. The important part is that changes are prevented for the sake of a functioning system. But the entire system doesn't have to be locked down in order to achieve this. This does mean that it's actually not that hard to break your system. Just rm -rf /etc and your system will probably fail to boot into the very next deployment. But, as Fedora Atomic keeps at least two deployments, you will still be able to access the previous deployment in which you tried to delete /etc. So you're protected from accidental mishaps as long as you've got at least one working deployment. Thankfully, you can even pin working deployments with the ostree admin pin command. And..., just like that, the distro has basically become dummy-proof. I'm sure it's still possible to break the system, but you'd actually have to try 😉.

So, in short, Fedora Atomic definitely intends to be a more robust system and succeeds. But, it does so while giving the user agency (and some responsibility).

How are packages installed?

I think everything of importance is mentioned in the docs. What is it exactly you want to know?

The docs you sent recommend flatpak, which while very good in theory still has a small fleet of apps available.

But that's just the first of seven "package formats" listed in the docs 😜. The other six will assure that your remaining needs are fulfilled.

Also they suggest using distrobox among other things, that’s definitely not beginner friendly, although an interesting concept for an advanced user to have your main machine be an immutable host to any system you want.

This is obviously anecdotal, but Fedora Silverblue was the first distro that I used. I was a complete Linux newb. My coding background was also just a Python-course on Uni. But, somehow, in the very newbie-hostile environment back then (read: April 2022), I managed with Toolbx. So..., yeah..., I can't relate. Sorry*. You might be absolutely correct. But, as I said, I don't recognize this from my own experience. I wish I had a video-tutorial back then, though. Honestly, with the amount of hand-holding Bazzite and its docs provide, I believe a newbie should be absolutely fine.

1. It is even possible to overwrite this. Both in containerfile (requires creating own image) and on device (very hacky, not recommended).

2. Rebasing is the process by which a different image is selected to boot and run your system from. For example, with this, one can switch from Silverblue (GNOME) to Kinoite (KDE) without reinstallation. This can even be used to switch from a Fedora image to a Aurora/Bazzite/Bluefin/secureblue image.

3. These include the software you've installed through rpm-ostree (or soon dnf). We call these layered packages, based on the analogy that the packages aren't part of the image but are magically tacked on without you noticing anything finicky. It's quite magical. Besides that, any and all changes made to /etc are also kept track of. The former you can see by invoking rpm-ostree status, the latter by invoking ostree admin config-diff.

Isn’t Bazzite an immutable OS with very limited package availability outside of gaming?

Nope. It's basically Fedora Atomic with a lot of special sauce to make onboarding as pleasant as possible. Especially if you want to use it for gaming; be it as a HTPC/console or on desktop. Thus, like Fedora Atomic, you've got access to many different package managers to get your needs covered. Heck, Bazzite and its uBlue siblings actually improve upon Fedora Atomic in this regard (at least by default). Refer to this entry in its documentation for the finer details.

but I’m not sure it would be a good experience for someone just getting into Linux, since most of the help he will get online

We've all been faulty of this (read: searching on the internet), but we should instead consolidate Bazzite's documentation first. Only after it isn't found there, should one consider going to their discussion platforms; be it their own forums or their Discord server. Searching on the internet is IMO a no-go, especially if one isn't well-versed yet.

will direct him to edit config files which would get overwritten on update.

This doesn't apply to Fedora Atomic. Perhaps you're conflating this with SteamOS.

Aight, got it.

For now, I'm exclusively on Wayland. Though, hopefully Openbox (or something inspired by it) will make the jump so that I can see for myself what all this goodness is about.

Anyhow, it was a lovely conversation. I enjoyed it to bits. I wish ya tha best. Cya, out there. Bye!

Do you have a link for these instructions?

In addition to the template linked by dustyData, there's also BlueBuild if you prefer YAML over containerfiles.

Very enlightening! Thank you so much!

mouse-centric

This is actually unfortunate for me. I seem to be prone to RSI related aches. Keyboard is fine~ish. But mouse can be pretty troublesome. Do you happen to know if it plays nice with trackballs and/or trackpads?

enabling a lot of the privacy features like resist fingerprinting often breaks login flows

True. Though, in this case, it's only enabled on hardened. So, the default config doesn't enable it.

and breaks dark mode detection on site

Yeah, that's really unfortunate. I suppose there's Dark Reader. But, I believe Arkenfox' maintainers held the opinion that a bandaid solution as such did more harm then worth it. At least for those that enable RFP for the sake of fingerprint protection.

Thanks for sharing.

Thanks for the appreciation!

Our goal is to continue the legacy of Mull by providing a free and open source, privacy and security-oriented web browser for daily use.

Do you work on IronFox?

Do you think I could run secure blue from a USB drive?

I'm not sure if it's exactly the same, but Jorge Castro (one of uBlue's maintainers) showed how some uBlue projects (perhaps this also applies to secureblue) can be installed on an external drive. Perhaps it's worth a look: https://www.youtube.com/watch?v=5DRaYQ6hKU0