51
Head to https://squarespace.com/thelinuxexperiment to save 10% off your first purchase of a website or domain using code thelinuxexperiment Grab a brand new laptop or desktop running Linux: https://www.tuxedocomputers.com/en# 👏 SUPPORT THE CHANNEL: Get access to a weekly podcast, vote on the next topics I cover, and get your name in the credits: YouTube: https://www.youtube.com/@thelinuxexp/join Patreon: https://www.patreon.com/thelinuxexperiment Liberapay: https://liberapay.com/TheLinuxExperiment/ Or, you can donate whatever you want: https://paypal.me/thelinuxexp 👕 GET TLE MERCH Support the channel AND get cool new gear: https://the-linux-experiment.creator-spring.com/ 🎙️ LINUX AND OPEN SOURCE NEWS PODCAST: Listen to the latest Linux and open source news, with more in depth coverage, and ad-free! https://podcast.thelinuxexp.com 🏆 FOLLOW ME ELSEWHERE: Website: https://thelinuxexp.com Mastodon: https://mastodon.social/web/@thelinuxEXP Pixelfed: https://pixelfed.social/TLENick PeerTube: https://tilvids.com/c/thelinuxexperiment_channel/videos Discord: https://discord.gg/XMuQrcYd #Linux #immutable #linuxdistro 00:00 Intro 00:33 Sponsor: 10% off your first website with Squarespace 01:26 What is an Immutable Distro? 03:30 Advantages 05:16 Installing software 07:44 Updating software 10:48 The Complexity problem 12:01 Are they the future? 13:26 Sponsor: Get a PC made to run Linux 14:29 Support the channel They are linux based operating systems that are designed to be read-only and not easily modifiable. Most of these immutable distros still let you install apps and packages on top of the system, through flatpaks, snaps or appimages, or with a specific layer of packages, that is kept when rebooting and updating. Some immutable distros give you easy access to containers so you can still use a full system with full write access. And there are a BUNCH of immutable distros: Fedora Silverblue, and Fedora Kinoite are basically Fedora Workstation, with GNOME or KDE, but with an immutable base. Vanilla OS is an Ubuntu based, soon to be debian based immutable distro that gives you access to any packaging format through containers. BLendOS does the same thing, but based on Arch. SteamOS, the linux distribution that powers the steam deck, and also my Linux gaming console / PC is also immutable. You could also say that NixOS is an immutable distribution, since you only install things and modify configurations through a declarative config file that is used to build the system. And there are a lot more, like microOS from openSUSE, endlessOS, and more! So in terms of advantages, immutable distros are just way more secure. Since you, the user can't modify the base system, and since the super user can't do it either, it also means any third party programs also can't modify that base system. Another advantage is reliability. Since you can't tinker with the system files, you also have a much smaller chance of actually destroying your system. And in terms of maintenance, since you only use an updated system after a reboot, there is no risk of breaking something by updating it while it's running. But how do I install anything if I can't write to the system? Most immutable distros work around that using universal packaging formats like flatpaks, snaps and appimages. But that's not the only way to install stuff to an immutable distro. A lot of them actually still let you install packages to the system, in a dedicated layer. That's called "layering". WHat this means is that you still have access to the distro's repos of packages, and you can still elect to install some, but you won't use the usual package manager, but another dedicated tool. Some immutable distributions also use containers, generally with something like distrobox. Another difference that can be considered a drawback is updating. Updates on immutable distros are never applied in place. When an update is available, they'll build another system image. So you end up with 2 systems; the one you're currently using, and the updated one, which is not currently active. And you only get the updates after you reboot onto that new system image. Another drawback is the complexity of these systems. Everything you try to do is different: installing a package doesn't use your usual package manager. Applying updates isn't the same command, or requires you to reboot to actually use the updated system. Immutable distros are a different sort of system, with different tools to interact with things you might already know how to do. Are they the future? Probably not. For servers, they make a lot of sense. For regular users, they do have a lot of advantages, but they also have a bunch of limitations that require the use of workarounds. And so I don't think immutable distros will replace regular distros. They'll grow, and occupy a space next to let's call them "mutable" systems, but they'll probably never be the default thing most people use.
The point is you don’t need to change stuff. You tell the resulting state of the system, the system will generate that state for you.
You don’t change some file somewhere, you change the pipewire settings in your configuration file and rebuild. You save your config to version control so you can recreate the exact copy of your system any time and on any computer by just letting it download the locked versions of all of the packages you have installed.
Well back when I didn’t know any better and would go through linux installations because I would break things but also because many of the “recommended linux distros” had problems (f*** you Canonical forcing buggy snaps onto us) I might’ve thought it was an awesome idea. But now that I know better (both how to not break stuff + fix things if they’re broken, and know when people are recommending glitchy trash) it just feels more restrictive. Kind of like a game console, android phone, or S mode. It’s not necessarily as restrictive as those things because you can turn it off and do what you want but the updates to the OS will almost never respect the changes you make, as I know from SteamOS.
Because I want to Install portmaster or create services to launch my own scripts on Boot without them being purged blindly by an update (just like How on Game consoles System updates will remove installed homebrew) I’m not into the idea of using immutable systems that lock you out of changes you might want to do that aren’t official.
Immutable systems do not “lock you out of changes you might want to do that aren’t official”, even if steamOS specifically does.
Microos and coreos both allow package layering client side. There is also features landing allowing “unlocking” the read-only filesystem.
More importantly, coreos now allows using Containerfile to customize the distro server side, and then all your computers can pull the same image (with all your hard work stored in the registry, and reapplied via the Containerfile and some cicd). It’s certainly a very different and new workflow and there is a lack of tools user facing tools, but that is always the case with new tech.
The workflow I would sell you on is this:
This is a simplification and in practice currently a lot of things are hard to accomplish this way (say bootloader changes). But that is the “goal”, and after running highly customized distros for a decade, I at least would love to be able to have all my changes in all my (present and future) computers without the hassle that brings currently
You can just describe the effect you want for your system. Most common cases are done for you in NixOS. Like configuration of packages, systemd services, etc. But you could write your own. I submitted a pull request for a service, and then made a half-assed fork of a GUI for the NUR.
Could I just used a different distro and just installed it? Sure, but now people use my package
I could have figured out how to set the iptables myself instead of using some software, but we’re sharing solutions here so the next person can just write the package name and just use it.
You’re creating your own ad-hoc solutions with different benefits and drawbacks.
Portmaster wants to download its own updates. They could just go the Firefox “managed by your organization” route if they wanted to