Opinions on immutable distros

Footnote2669@lemmy.zip to Linux@lemmy.ml – 94 points –

Hey! I’m currently on Fedora Workstation and I’m getting bored. Nothing in particular. I’ve heard about immutable distros and I’m thinking about Fedora Kinoite. The idea is interesting but idk if it’s worth it. CPU and GPU are AMD. Mostly used for gaming.

125

You are viewing a single comment

I see many people here wondering, why they should consider an immutable system.
As someone, who thought the same a few months ago, and now chose Silverblue, here are reasons why:

  • Atomic updates: never worry about half applied installations anymore. Either your OS updates successfully, or it will just work like before.

  • Less bugs and better security: every install is the same, so devs can fix one bug or exploit, recreatable on every system.

  • Automatic updates (configurable): they get downloaded by the way, without you noticing. And if you reboot anyway, you boot into your updated OS. No waiting times. The system manages itself.

  • Way harder to break

  • Changes are easily undoable: if an update breaks anything, you can just select another image and reboot, without recovering anything.

  • No junk accumulation over time, the OS is kept clean

  • Clear distinction between "your" stuff and the OS

  • You can "swap out" the base OS cleanly and keep your stuff. Want KDE? No need to reinstall, just paste one command and delete everything Gnome-related, and you are now on Kinoite.

  • Flexibility: choose between dozens of different images, like one that replicates SteamOS or Ubuntu, has the MS Surface kernel build in, offers Hyprland, and so on...

  • And much more!

My #1 reason is, that everything is worry free.

Those advantages above don't apply to "normal" OSs, even, if I keep everything in Distrobox and Flatpaks.

Immutable OSs aren't called "The future of Linux" without reason. They usually shouldn't impair anyone, and make the whole Linux ecosystem better in any aspect.

I'm sorry but none of the above sound different from a regular distro. Maybe I haven't got the gist. You can have snapshots and atomic updates on a regular distro, you don't have to reinstall to switch from Gnome to KDE, I can install all kinds of stuff cleanly anyway thanks to package managers, I don't use root often so the system files are effectively read-only as far as I'm concerned, and so on.

As far as security is concerned I don't see the big deal, I mean I get why a read-only OS would in theory be harder to break into but it can still be modified for updates so I guess it's not really "immutable" after all.

What am I missing?

Edit: before anybody points it out, I do know about the rebase layers and I think it's an interesting approach, but ultimately still gets the same results as packages. It may be helpful for distro builders but doesn't make much difference as a user.

You're correct. But, and here's the big but, the whole immutability-thing isn't something the user should be worried about at all.

On Android for example, the system is read-only too, and pretty much nobody cares too, because it was always designed this way and it doesn't inhibit functionality.

It is mainly a big pro for developers in how I see it. See, every installation creates some package drift. One dependency here, one extra program there, no problem.

But in sum, there will accumulate hundreds of "bloat"-packages over the years, which add many unknown vulnerabilities and bugs that are completely individual to your setup.
And then it will begin: a program crashes here, there's your black screen, and every dev on the issue report says " closed, can't replicate". And after an OS-reinstall, it works again.

And if you want to install KDE on Pop!OS for example, it is highly individual and there are still some packages you didn't see, and it will be very buggy. Some buttons that are misalligned, misconfigured drivers, and so on.
I tried changing the DE on my normal Fedora one time and even though I thought I did everything correct, I had to reinstall due to screen tearing/ flickering, many misconfigurations, and so on.

On Silverblue, it's a process of 5 minutes max, and then my setup will be the same as the one from thousand other people.

Ah but on Android they have very rigid rules about partition size, and lots of specialized partitions.

Speaking of which, do you happen to know how immutability is achieved on these Linux distros? Do they mark the system partition read-only, or do they use cgroups, or is it an intrinsic property of the layers?

Package confusions like you describe are always the mark of a poorly designed package system. deb and rpm are positively ancient. deb distros are notorious for multi-repo hell because each repo only has its own limited dependency scope.

You should not have issues like you described on any sane distro. A package is either in a meta package or not. Dependencies should be clear and if something was not explicitly installed it should be cleared out when the thing that depended on it was uninstalled.

Yes you can do all this with regular distros but not as conveniently. Especially cleanly switching from gnome to kde and vice versa is a nightmare. And by switching I mean removing one completely(including dependencies) and installing the other.

Why a nightmare? It should be very easy on any distro with well organized packages. Remove gnome meta-package, install kde meta-package.

its an easy: sudo apt install task-kde-desktop; sudo apt purge task-gnome-desktop; sudo apt autopurge

In testing or unstable this can be a problem though.

I feel like, many people just don't understand exactly how a distro and package managers work. immutable os feels like it allows priotizing only on on a small core part of the distribution which is immutable and slapping everything else on via flatpak or snap.

i don't like it and i sometimes wonder if we are not going backwards with that approach.

I'm not one hundred percent on the train of immutable, however, i have undertakes nixos and don't user flatpak/snap. The nix configuration file is where i install everything.

But while.i agree its not super hard to switch DEs on something like ubuntu etc. But one cool thing on nix (which i think you can do on any distro with nix package manager installed) is that you can test the package without installing it at all. The roll bavk id also nice cuz ive had situations where apt gets "broken" ive always been able to fix it with a little searching but its always frightening. Knowing that nix can go back to an old config at anytime makes me a little more comfortable

Funnily enough, I like nix. The concept is way ahead of silverblue and the likes. With nix nothing is hidden behind a compatibility layer. I feel like if we really need immutability, nix is the way to go.

I always depencies left around from the DE that was removed. Maybe it is because my commands are not the right one but I follow what is recommended by the distro wikis. Like if I am using gnome and then download kde just to try it out(without removing gnome), don't feel like using kde and remove it, I have packages and dependencies leftover from kde when I uninstall it. Neofetch too show an increase in packages even though the only action done was installing kde and uninstalling it