Fedora Silverblue Linux: Install Immutable Desktop Operating System
Highlights
- ” It is a variant of the Fedora Linux distribution that protects the underlying operating system in a unique way and makes sure the operating system is in a pristine condition.
- It is a distro developed by the Fedora project, sponsored by Red Hat that is unique among Linux distros in that it provides an immutable system image.
- System crashes or corrupted files are eliminated as if the system runs into a problem with an update, it reverts back to a previous version.
When it comes to Linux desktop operating systems, there is one that is quite interesting, Fedora Silverblue. It provides many great features, including that it is an “immutable os.” It is a variant of the Fedora Linux distribution that protects the underlying operating system in a unique way and makes sure the operating system is in a pristine condition.Â
Table of contents
- What is Fedora Silverblue?
- No traditional package management system
- Install apps – how?
- Runs GNOME Desktop
- Fedora Silverblue Toolbox container
- Developers love Silverblue
- Fedora Workstation vs. Fedora Silverblue
- Creating a Fedora Silverblue virtual machine
- Install Fedora Silverblue
- Initial Setup Wizard
- Running updates
- FAQs on Fedora Silverblue
What is Fedora Silverblue?
It is a distro developed by the Fedora project, sponsored by Red Hat that is unique among Linux distros in that it provides an immutable system image. It means unlike a regular distro every installation lays down a complete image, no matter if you run system updates or install new system apps.
System files are protected from unwanted changes with this immutability factor, which helps with security and stability of your workstation. System crashes or corrupted files are eliminated as if the system runs into a problem with an update, it reverts back to a previous version.
In my network admin background, I liken this to the way a lot of network switches operate. You have a primary and secondary firmware image location. When you install an updated firmware, the original firmware location is still intact.
Silverblue uses a hybrid image/package management system called rpm-ostree. Below, you can see my Silverblue VM after installing updates, you see the ostree:0 and ostree:1 references. You can also see the version differences in the boot entries when you upgrade. The 0 location has the newer image, and the 1 location is the older OS image. You have the ability to select between images and versions if you have an issue.
You can read the Fedora documentation covering Silverblue here: Fedora Documentation :: Fedora Docs (fedoraproject.org) and the Fedora container docs here: Fedora Container & Tools Documentation :: Fedora Docs (fedoraproject.org).
No traditional package management system
One of the things you will notice about Silverblue and its cousin Fedora CoreOS is it does not have a built-in way to manage packages like DNF or YUM. Being as the host operating system with Silverblue is designed to be immutable with OSTree, it means you are really discouraged from installing software on the host. Instead, software should be run in containers and this is the recommendation.
You are able to update and manage system packages and perform a system update to install a new image for your Silverblue host
As an example, inside a Toolbox container, you can install Ansible, using the command:yum install ansible
Install apps – how?
There are really three ways that apps are installed with Silverblue. Note the following section of :
- Fedora Silverblue primarily installs graphical user interface (GUI) applications through Flatpak apps from the Flathub. As of now, the number of apps is small, but growing for installation with Flatpak.
- We learned about Toolbox above, but the Toolbox is mainly utilized for command-line interface (CLI) applications, including development and debugging tools, though it also supports graphical applications.
- With package layering, the majority of Fedora packages can be added to the system. While the system typically runs in a pure image mode by default, package layering comes in handy for installing elements such as libvirt, drivers, and more.
Runs GNOME Desktop
GNOME Desktop is the default environment for Fedora Silverblue. It offers a modern designed interface that is user-friendly. It enables Silverblue users to have a really good user experience and it means you can use GNOME Software for easy installation and configuration of applications.
Fedora Silverblue Toolbox container
One of the many advantages of Fedora Silverblue is that it is a great platform for containerized applications. Through the use of rpm-ostree and toolbox containers, Silverblue enables a unique workflow for developers and power users alike. This approach allows for a bleeding edge experience without compromising the base OS, enabling users to test new software or development environments in isolation from the main system.
Below just running the toolbox command to show the parameters.
Creating a new toolbox container and entering the container. As you can see below, you have access to the YUM package manager in the toolbox container.
Developers love Silverblue
Developers like the capabilities of Fedora Silverblue and its immutable OS nature and strong support for containerized applications. It supports many tools like command line editor, GNOME Builder, and many other IDEs.
It provides a consistent and reliable platform. RPM packages can be layered atop the base system for additional flexibility, and Flatpak support ensures access to a vast array of desktop apps.
Fedora Workstation vs. Fedora Silverblue
| Feature | Fedora Workstation | Fedora Silverblue |
|---|---|---|
| Base System | Mutable, traditional file system | Immutable, image-based file system |
| Update Mechanism | DNF package manager for updates | rpm-ostree for atomic updates and rollbacks |
| Installation of Applications | RPM packages directly, third-party repositories, and Flatpak | Primarily Flatpak and containers, RPM packages via layering |
| System Customization | Extensive, through direct system modification and package installation | Limited to user space, with system modifications managed through rpm-ostree |
| Target Audience | General users, developers preferring a traditional Linux environment | Developers and users seeking a stable, secure environment with container focus |
| Desktop Environment | GNOME by default, but supports others like KDE, XFCE | GNOME by default, with emphasis on containerized applications |
| System Stability and Security | High, with traditional Linux stability mechanisms | Enhanced, due to immutable file system and separation of system and user space |
| Rollback Capability | Manual snapshots and backup solutions | Built-in, allowing easy rollback to previous system states |
| Development Focus | Versatile, supporting a wide range of development tools directly on the OS | Container-centric, encouraging development within containers for isolation |
Fedora Workstation is designed for a broad audience, including developers, creatives, and general users, offering a flexible and traditional Linux experience. In contrast, Fedora Silverblue is tailored for users and developers who prioritize stability, security, and container-based workflows, providing an innovative approach to system management and application deployment.
Creating a Fedora Silverblue virtual machine
For the purposes of the blog post, I will be using VMware Workstation to run the Fedora Silverblue installation. In this guide, let’s see how to create and configure the Fedora Silverblue VM and the settings inside VMware Workstation. Note the following download source for downloading the Silverblue ISO: Fedora Silverblue | The Fedora Project.
After downloading the ISO, point your VMware Workstation VM to this file.
Choose Linux, Fedora 64-bit.
Name the virtual machine and set the location for the virtual machine files.
Configure your processor settings.
Configure the amount of RAM you want for the VM.
Connect your virtual machine to the desired network.
Accepting the defaults here.
I have NVMe-backed storage, so leaving the recommended here.
Create a new disk for the virtual machine.
Set the size and how you want the file to be allocated.
Setting the disk file.
Ready to complete the new virtual machine creation for Fedora Silverblue.
VMware Workstation begins allocating the disk.
We now have the information and everything we need to work on the Fedora Silverblue installation.
Install Fedora Silverblue
Booting up the ISO for Silverblue.
Files begin loading for the installation.
Choose the language and locale.
Click the Installation Destination option.
Confirm the disk layout.
Click the Begin installation button.
The install process begins.
The installation completes successfully. Click the Reboot System button.
Initial Setup Wizard
Fedora Silverblue will begin the Setup wizard.
Set privacy settings.
Select third-party repositories settings.
Connect to online accounts if you want.
Setup your name and username.
Set a password for your account.
Finished.
GNOME tour option.
Running updates
When you launch the updates utility, you can see that you can update your system apps installed as part of the image. Clicking the Restart and Update button will restart your Silverblue system and install the rolling release of the new system image.
We showed this image above. However, after you install the new system updates, you will have the abiility to
FAQs on Fedora Silverblue
Fedora Silverblue employs rpm-ostree, a hybrid model combining package management with atomic updates. This method stores updates as a new system image, allowing users to reboot into an updated version or rollback to a previous state without affecting user data. Traditional update tools don’t apply here, focusing instead on stability and predictability.
Yes, but with a twist. While Silverblue emphasizes Flatpaks and containerized applications for software deployment, it allows RPM packages via layering. This process integrates RPMs into the system image, catering to scenarios where Flatpaks or containers are not available. However, this method is reserved for essential packages to maintain system immutability.
Absolutely. Fedora Silverblue works well for developers, especially for leveraging containers. The immutable nature of the OS means the development environment is consistent and isolated, reducing “works on my machine” issues. Tools like Toolbox provide a containerized space where developers can install and manage their development stacks without impacting the host system.
The immutable file system of Fedora Silverblue limits the surface area for attacks. Since system files are read-only, malicious changes are difficult to enact. This separation ensures that any breach in the application layer remains isolated from the core system, enhancing overall security posture.
Its approach to immutability and containerization sets Silverblue apart. Unlike other distros that rely on mutable systems and traditional package management, Silverblue provides a stable, secure foundation that doesn’t change beneath the user. This makes it a compelling choice for those prioritizing a consistent and secure desktop experience.
Applications are primarily installed via Flatpak, offering a wide range of software in isolated environments. Silverblue also supports toolbox containers for command-line tools and development environments, ensuring that the base operating system remains untouched by user-installed software.
For users accustomed to traditional Linux distributions, there’s an initial adjustment to Silverblue’s immutable nature and reliance on Flatpaks and containers. However, the documentation and community support provide a wealth of resources to ease this transition, making it accessible for users willing to adapt to its workflow.
While both focus on immutability and container-centric workflows, Fedora Silverblue is designed for desktop users, whereas Fedora CoreOS is tailored for cloud and server environments. Both share underlying technologies like rpm-ostree but serve different use cases in the Fedora ecosystem.
Wrapping up
I really like the concepts behind Fedora Silverblue. I think it is a great way to run a development or any other machine. Keeping the host layer pristine with an immutable image and then layering apps on top with technologies like Toolbox containerized applications and Flatpak make a lot of sense from a security and stability perspective. If you run into stability issues, you simply revert back to the previous “image” presented to you at boot. Aside from Fedora CoreOS, you can use Silverblue as well as a Fedora server of sorts running containers as I have seen some in the community doing this.
