Don't miss out on new posts! Sign up! Also, visit the VHT Forums!
Linux

Fedora Silverblue Linux: Install Immutable Desktop Operating System

When it comes to Linux desktop operating systems, there is one that is quite interesting, Fedora Silverblue. It provides many great features, including that it is an “immutable os.” It is a variant of the Fedora Linux distribution that protects the underlying operating system in a unique way and makes sure the operating system is in a pristine condition. 

What is Fedora Silverblue?

It is a distro developed by the Fedora project, sponsored by Red Hat that is unique among Linux distros in that it provides an immutable system image. It means unlike a regular distro every installation lays down a complete image, no matter if you run system updates or install new system apps.

System files are protected from unwanted changes with this immutability factor, which helps with security and stability of your workstation. System crashes or corrupted files are eliminated as if the system runs into a problem with an update, it reverts back to a previous version.

In my network admin background, I liken this to the way a lot of network switches operate. You have a primary and secondary firmware image location. When you install an updated firmware, the original firmware location is still intact.

Silverblue uses a hybrid image/package management system called rpm-ostree. Below, you can see my Silverblue VM after installing updates, you see the ostree:0 and ostree:1 references. You can also see the version differences in the boot entries when you upgrade. The 0 location has the newer image, and the 1 location is the older OS image. You have the ability to select between images and versions if you have an issue.

Selecting the os image with fedora silverblue
Selecting the os image with fedora silverblue

You can read the Fedora documentation covering Silverblue here: Fedora Documentation :: Fedora Docs (fedoraproject.org)  and the Fedora container docs here: Fedora Container & Tools Documentation :: Fedora Docs (fedoraproject.org).

No traditional package management system

One of the things you will notice about Silverblue and its cousin Fedora CoreOS is it does not have a built-in way to manage packages like DNF or YUM. Being as the host operating system with Silverblue is designed to be immutable with OSTree, it means you are really discouraged from installing software on the host. Instead, software should be run in containers and this is the recommendation.

You are able to update and manage system packages and perform a system update to install a new image for your Silverblue host

As an example, inside a Toolbox container, you can install Ansible, using the command:yum install ansible

Install apps – how?

There are really three ways that apps are installed with Silverblue. Note the following section of :

  • Fedora Silverblue primarily installs graphical user interface (GUI) applications through Flatpak apps from the Flathub. As of now, the number of apps is small, but growing for installation with Flatpak.
  • We learned about Toolbox above, but the Toolbox is mainly utilized for command-line interface (CLI) applications, including development and debugging tools, though it also supports graphical applications.
  • With package layering, the majority of Fedora packages can be added to the system. While the system typically runs in a pure image mode by default, package layering comes in handy for installing elements such as libvirt, drivers, and more.

Runs GNOME Desktop

GNOME Desktop is the default environment for Fedora Silverblue. It offers a modern designed interface that is user-friendly. It enables Silverblue users to have a really good user experience and it means you can use GNOME Software for easy installation and configuration of applications.

Gnome tour after silverblue installation
Gnome tour after silverblue installation

Fedora Silverblue Toolbox container

One of the many advantages of Fedora Silverblue is that it is a great platform for containerized applications. Through the use of rpm-ostree and toolbox containers, Silverblue enables a unique workflow for developers and power users alike. This approach allows for a bleeding edge experience without compromising the base OS, enabling users to test new software or development environments in isolation from the main system.

Below just running the toolbox command to show the parameters.

Running the toolbox command
Running the toolbox command

Creating a new toolbox container and entering the container. As you can see below, you have access to the YUM package manager in the toolbox container.

Running yum inside the toolbox container
Running yum inside the toolbox container

Developers love Silverblue

Developers like the capabilities of Fedora Silverblue and its immutable OS nature and strong support for containerized applications. It supports many tools like command line editor, GNOME Builder, and many other IDEs.

It provides a consistent and reliable platform. RPM packages can be layered atop the base system for additional flexibility, and Flatpak support ensures access to a vast array of desktop apps.

Fedora Workstation vs. Fedora Silverblue

FeatureFedora WorkstationFedora Silverblue
Base SystemMutable, traditional file systemImmutable, image-based file system
Update MechanismDNF package manager for updatesrpm-ostree for atomic updates and rollbacks
Installation of ApplicationsRPM packages directly, third-party repositories, and FlatpakPrimarily Flatpak and containers, RPM packages via layering
System CustomizationExtensive, through direct system modification and package installationLimited to user space, with system modifications managed through rpm-ostree
Target AudienceGeneral users, developers preferring a traditional Linux environmentDevelopers and users seeking a stable, secure environment with container focus
Desktop EnvironmentGNOME by default, but supports others like KDE, XFCEGNOME by default, with emphasis on containerized applications
System Stability and SecurityHigh, with traditional Linux stability mechanismsEnhanced, due to immutable file system and separation of system and user space
Rollback CapabilityManual snapshots and backup solutionsBuilt-in, allowing easy rollback to previous system states
Development FocusVersatile, supporting a wide range of development tools directly on the OSContainer-centric, encouraging development within containers for isolation

Fedora Workstation is designed for a broad audience, including developers, creatives, and general users, offering a flexible and traditional Linux experience. In contrast, Fedora Silverblue is tailored for users and developers who prioritize stability, security, and container-based workflows, providing an innovative approach to system management and application deployment.

Creating a Fedora Silverblue virtual machine

For the purposes of the blog post, I will be using VMware Workstation to run the Fedora Silverblue installation. In this guide, let’s see how to create and configure the Fedora Silverblue VM and the settings inside VMware Workstation. Note the following download source for downloading the Silverblue ISO: Fedora Silverblue | The Fedora Project.

After downloading the ISO, point your VMware Workstation VM to this file.

Mounting the iso image for fedora silverblue in vmware workstation
Mounting the iso image for fedora silverblue in vmware workstation

Choose Linux, Fedora 64-bit.

Choosing linux fedora 64 bit as the installation operating system
Choosing linux fedora 64 bit as the installation operating system

Name the virtual machine and set the location for the virtual machine files.

Naming and setting the location for fedora silverblue
Naming and setting the location for fedora silverblue

Configure your processor settings.

Configuring your fedora silverblue virtual machine processor settings
Configuring your fedora silverblue virtual machine processor settings

Configure the amount of RAM you want for the VM.

Configuring the assigned memory for silverblue
Configuring the assigned memory for silverblue

Connect your virtual machine to the desired network.

Set your networking in vmware workstation
Set your networking in vmware workstation

Accepting the defaults here.

Setting the controller type
Setting the controller type

I have NVMe-backed storage, so leaving the recommended here.

Select a disk type
Select a disk type

Create a new disk for the virtual machine.

Create a new disk in vmware workstation
Create a new disk in vmware workstation

Set the size and how you want the file to be allocated.

Specify the capacity and allocation
Specify the capacity and allocation

Setting the disk file.

Specify the disk file for fedora silverblue
Specify the disk file for fedora silverblue

Ready to complete the new virtual machine creation for Fedora Silverblue.

Ready to create the virtual machine
Ready to create the virtual machine

VMware Workstation begins allocating the disk.

Disk begins creating
Disk begins creating

We now have the information and everything we need to work on the Fedora Silverblue installation.

Install Fedora Silverblue

Booting up the ISO for Silverblue.

Install fedora silverblue 39
Install fedora silverblue 39

Files begin loading for the installation.

Loading files for fedora silverblue installation
Loading files for fedora silverblue installation

Choose the language and locale.

Choose the language for fedora silverblue
Choose the language for fedora silverblue

Click the Installation Destination option.

Configure installation destination for silveblue
Configure installation destination for silveblue

Confirm the disk layout.

Verify the disk layout and configuration
Verify the disk layout and configuration

Click the Begin installation button.

Ready to begin the installation
Ready to begin the installation

The install process begins.

Beginning the installation
Beginning the installation

The installation completes successfully. Click the Reboot System button.

Installation is complete ready to reboot
Installation is complete ready to reboot

Initial Setup Wizard

Fedora Silverblue will begin the Setup wizard.

Setup wizard of fedora silverblue begins
Setup wizard of fedora silverblue begins

Set privacy settings.

Privacy settings
Privacy settings

Select third-party repositories settings.

Third party repository settings for fedora silverblue
Third party repository settings for fedora silverblue

Connect to online accounts if you want.

Connect your online accounts
Connect your online accounts

Setup your name and username.

Set your name and username
Set your name and username

Set a password for your account.

Configure your password
Configure your password

Finished.

Setup wizard finished
Setup wizard finished

GNOME tour option.

Gnome tour after silverblue installation 1
Gnome tour after silverblue installation 1

Running updates

When you launch the updates utility, you can see that you can update your system apps installed as part of the image. Clicking the Restart and Update button will restart your Silverblue system and install the rolling release of the new system image.

Restart and update fedora silverblue
Restart and update fedora silverblue

We showed this image above. However, after you install the new system updates, you will have the abiility to

FAQs on Fedora Silverblue

How does Fedora Silverblue handle system updates differently?

Fedora Silverblue employs rpm-ostree, a hybrid model combining package management with atomic updates. This method stores updates as a new system image, allowing users to reboot into an updated version or rollback to a previous state without affecting user data. Traditional update tools don’t apply here, focusing instead on stability and predictability.

Can I use traditional RPM packages in Fedora Silverblue?

Yes, but with a twist. While Silverblue emphasizes Flatpaks and containerized applications for software deployment, it allows RPM packages via layering. This process integrates RPMs into the system image, catering to scenarios where Flatpaks or containers are not available. However, this method is reserved for essential packages to maintain system immutability.

Is Fedora Silverblue suitable for developers?

Absolutely. Fedora Silverblue works well for developers, especially for leveraging containers. The immutable nature of the OS means the development environment is consistent and isolated, reducing “works on my machine” issues. Tools like Toolbox provide a containerized space where developers can install and manage their development stacks without impacting the host system.

How does Fedora Silverblue enhance security compared to Fedora Workstation?

The immutable file system of Fedora Silverblue limits the surface area for attacks. Since system files are read-only, malicious changes are difficult to enact. This separation ensures that any breach in the application layer remains isolated from the core system, enhancing overall security posture.

What makes Fedora Silverblue unique among Linux distros?

Its approach to immutability and containerization sets Silverblue apart. Unlike other distros that rely on mutable systems and traditional package management, Silverblue provides a stable, secure foundation that doesn’t change beneath the user. This makes it a compelling choice for those prioritizing a consistent and secure desktop experience.

How do I install applications on Fedora Silverblue?

Applications are primarily installed via Flatpak, offering a wide range of software in isolated environments. Silverblue also supports toolbox containers for command-line tools and development environments, ensuring that the base operating system remains untouched by user-installed software.

What is the learning curve like for Fedora Silverblue?

For users accustomed to traditional Linux distributions, there’s an initial adjustment to Silverblue’s immutable nature and reliance on Flatpaks and containers. However, the documentation and community support provide a wealth of resources to ease this transition, making it accessible for users willing to adapt to its workflow.

How do Fedora Silverblue and Fedora CoreOS relate to each other?

While both focus on immutability and container-centric workflows, Fedora Silverblue is designed for desktop users, whereas Fedora CoreOS is tailored for cloud and server environments. Both share underlying technologies like rpm-ostree but serve different use cases in the Fedora ecosystem.

Wrapping up

I really like the concepts behind Fedora Silverblue. I think it is a great way to run a development or any other machine. Keeping the host layer pristine with an immutable image and then layering apps on top with technologies like Toolbox containerized applications and Flatpak make a lot of sense from a security and stability perspective. If you run into stability issues, you simply revert back to the previous “image” presented to you at boot. Aside from Fedora CoreOS, you can use Silverblue as well as a Fedora server of sorts running containers as I have seen some in the community doing this. 

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.