apt-ostree/.notes/research/atomic-filesystems.md

Understanding filesystem nuances in rpm-ostree and Fedora Atomic Desktops Fedora Atomic Desktops, including spins like Silverblue, Kinoite (KDE Plasma), Bazzite, and Bluefin, leverage rpm-ostree to provide a unique approach to operating system management built around an immutable core filesystem. This differs significantly from traditional Linux distributions and introduces some nuances in how the filesystem is structured and interact with applications. Here's a breakdown of the key aspects:

1. The immutable root filesystem

   Read-Only Core: The core operating system (located at / and everything under /usr) is mounted as read-only. This enhances stability and security by preventing accidental or malicious modifications to the base system. Version Control: rpm-ostree functions like "Git for operating system binaries", allowing for atomic updates and rollbacks to previous versions of the entire OS image. This means updates are applied as a whole, transactional unit, rather than piecemeal package installations. Transactional Updates: When you perform an OS update on a Fedora Atomic Desktop, rpm-ostree downloads and prepares the new version in the background, creating a new, combined image. You then reboot into the new image, with the previous version still available for rollback if needed.

2. Writable directories and user data

   Separate Writable Areas: While the core OS is immutable, directories like /etc and /var remain writable to store configurations and runtime state. User Data Preservation: User data is stored separately (typically in /var/home, symlinked to /home), ensuring that rollbacks or system re-installations don't impact personal files or settings. Symlinks for Compatibility: To maintain compatibility with traditional Linux software expectations, Fedora Atomic Desktops utilize symlinks to redirect some expected writable locations into /var. For instance, /opt becomes /var/opt and /usr/local becomes /var/usrlocal.

3. Application management and layering

   Containerized Applications (Flatpaks): A core philosophy of Fedora Atomic Desktops is to leverage containerized applications, particularly Flatpaks, for most software installations. Flatpaks run in isolated environments and are not part of the base filesystem, offering improved security and stability. Package Layering (rpm-ostree): For software not readily available as a Flatpak, or when deep system integration is required (like custom shells or PAM modules), rpm-ostree allows "layering" additional RPM packages on top of the base OS image. However, this is generally recommended only when absolutely necessary, as it can potentially complicate updates and rollbacks compared to using Flatpaks. Development Environments (Toolbox/Devcontainers): For developers, Fedora Atomic Desktops encourage using containerized development environments like Toolbox or devcontainers. This keeps development tools and dependencies isolated from the host system, avoiding conflicts and ensuring a clean environment.

4. Distro-specific nuances

   Fedora Silverblue: The foundational Fedora Atomic Desktop, providing a general-purpose, immutable desktop experience with GNOME. Fedora Kinoite: Similar to Silverblue but with KDE Plasma as the default desktop environment, according to DebugPoint NEWS. Bazzite: A gaming-focused spin of Fedora Atomic Desktop, built on the Universal Blue project's OCI images and including gaming-specific software and drivers out of the box, says How-To Geek. It aims to provide a seamless gaming experience similar to SteamOS but on a wider range of hardware. Bluefin: A developer-focused spin based on Fedora Silverblue, emphasizing containerized application development and aiming to simplify the experience for developers. It makes use of bootc's OCI container features to compose and build the OS image.

5. Filesystem choices While the immutable nature is central to Fedora Atomic Desktops, the underlying filesystem used for / and /var/home can vary.

   Btrfs: Fedora Workstation and its spins have adopted Btrfs as the default filesystem, offering features like transparent compression and snapshots. Btrfs subvolumes are also utilized to separate the root and home directories. Other options: Manual partitioning on Fedora Atomic Desktops also supports LVM, standard partitions, or even XFS for specific use cases.

In conclusion, Fedora Atomic Desktops and their derivatives offer a robust and reliable computing experience built around an immutable core. The filesystem structure and the way applications are handled are distinct from traditional Linux distributions, with a strong emphasis on containerization and a clear separation between the base operating system and user data. While this approach may require some adjustment for users accustomed to traditional package management, the benefits in terms of stability, security, and reproducibility are substantial.

Made by Google Gemini AI AI responses may include mistakes. Learn more

OSTree Atomic Filesystem Best Practices (Debian/Ubuntu Focus)

• Root and /usr are always read-only; only /etc and /var are writable.
• Use symlinks/bind mounts for: /home, /opt, /srv, /root, /usr/local, /mnt, /tmp (see above for mapping).
• /var is shared across deployments; initial content is copied on first boot, not overwritten on upgrade.
• /etc is merged on upgrade; defaults should be in /usr/etc.
• Package layering creates new deployments; all changes are atomic and require reboot.
• Static users/groups: use nss-altfiles or systemd-sysusers.
• Btrfs is recommended for root and /var/home.
• Testing: Validate all writable locations, package flows, /etc merges, user/group persistence, and container support.

Tasks for Implementation and Testing

• Validate all symlinks/bind mounts at boot and after upgrade.
• Test package install/remove/upgrade for packages writing to /var, /opt, /usr/local.
• Test /etc merge behavior.
• Test user/group management.
• Document any Debian/Ubuntu-specific quirks.

Based on upstream OSTree documentation and best practices, adapted for apt-ostree.