For once I feel a little out of touch after I took a bit of a break from following the news to focus on studying, and suddenly everyone is talking about immutable distributions. What are they exactly? What are the benefits and the disadvantages of immutable systems?
Have you used Android? Has it ever failed an update or break due to an app install in a way that can’t be fixed by uninstalling it or factory resetting? Android is an immutable Linux OS. Its system files are stored on a read-only partition. They’re only mounted read-write during update. (That’s a lie, this is no longer the case, but it used to be, these days there are two partitions and the whole inactive partition is written during an update, or a volume snapshot pretending to be a partition is created and then merged, but functionally it’s consistent with the lie.) Apps are also stored in read-only form. One implication of this is that upon update, the partition/files you want to update are always in a predictable, unchanged state. That guarantees successful updates. It also allows trivial diff updates. The other implication of these facts is that you can always delete the mutable part of the OS, where your data and the apps’ data is stored, and you’ll always end up with a clean, working OS in a factory state. On Android you can also do this per-app by tapping “Clear data”.
Wouldn’t it be nice if you desktop or server behaved like this? Some folks think so and are trying to implement it.
There are few disadvantages beyond having to change how some systems work to accomodate this model. There’s typically more space wasted.
Thank you for this explanation.
My understanding is “immutable” is a bit of a misnomer and avoids the “point” of using these distros.
“Layered Distros” is a better terminology, where you can imagine the OS as multiple layers, and you can swap 1 layer out for another without modifying the others and still have a functional operational machine.
Now some of those layers have to be immutable ones at runtime for this concept to work, so thats where that part of the name comes from, but thats an implicit result from the actual point/use case of these distros, not the selling point.
So you can swap versions/releases of your OS very cleanly at boot, without modifying userland, and it will continue to function just the same. This lets you do stuff at the admin level like broadly releases a version update merely by having users just reboot their machines, and next time they boot up their machine will now be running on the new OS layer, with their local “user” layer being unchanged.
They also separate concerns better than classical distros. Executable binaries & libraries are separate from configuration which is separate from data. It makes backups much simpler, makes configuring new machines easier than something like Ansible, etc.
I especially look forward to replacing Ansible :)
Tried to do so with Guix though and I have to say I found it quite difficult, but I hope it catches on and becomes easier to use.
deleted by creator
####For an in the wild example, Steam Deck.
Steam Deck runs Steam OS, which is a heavily customized version of Arch Linux by Valve. But unlike normal Arch installs, Valve has locked the System partition(/) to read-only.
The reasons they’ve done this is two fold. First, there’s actually two copies of the system partition. The reason for this is that when an update is downloaded it’s actually written to the other partition, not the one you’re currently using. This way the update happens in the background, and then you just need to reboot for it to switch partitions and do some house cleaning. What this means though, is that any changes you might’ve normally made to the system partition, disappear, as they are now on the other partition you aren’t using. So if any changes you make won’t matter, not much point in letting people make them in the first place. Using Flatpaks, any applications users install would instead be stored in the user partition, and never touch the OS itself.
The second major reason for doing this, is consistency. If people are discouraged or blocked from modifying the system partition, then any bugs or issues that crop up are, 99% of the time, Valve’s fault. And because of that, Valve can more easily diagnose and try to reproduce any reported issues, because theoretically, the user’s Steam Deck should be configured exactly the same as one at Valve HQ. All that’s needed is for a user to report what they were doing when they encountered the issue, and Valve can follow those same steps and hopefully encounter the same issue, get detailed logs, and hopefully quickly push out a patch as needed.
And that’s one version of Immutability. Valve doesn’t go the full nine-yards here, just enough for their use case. In other Immutable Distros, versioning is taken even further, where you can control multiple versions and reset the OS state on the fly as needed, keeping any changes to a minimum and in controlled sand boxes. There’s a ton of use cases for these, but the most obvious benefits are for enterprise and mass-market solutions, where a single configuration is multiplied across a large amount of servers, or end-user devices, allowing for easier diagnoses of issues and pushing of patches. For end-user clients especially, if they aren’t expected to be customizing the OS to begin with, it makes support much easier for IT.
For your average Linux user, the benefits aren’t as large, as you’ll often want to be able to tweak things to your liking. But your Average Joe that just wants a computer that can surf the web and install some apps that can be found as Flatpaks, an immutable OS that they can’t easily screw up is a plus.
In the case of NixOS at least, ‘immutable’ doesn’t mean you can’t change the system at all.
It just means you cannot change the currently installed set of packages and services (generation in NixOS parlance); all you can do is create new ones and delete old ones.
Basically every update might as well be a complete reinstall of
/usr,/etcand whatnot if you compare it to traditional distros.If you can’t change etc, how do you configure your software?
Using NixOS options
By having the right configuration file there as part of the package’s options, like:
globalProgram.doFoo = true;or something likeglobalProgram.extraConfig = "barCount=4567";Are those changes system-wide or stored in user space? Where are those files stored?
It’s system-wide (unless home-manager is involved).
They’re a part of the immutable install, whose components reside in
/nix/storeand are symlinked to/etc.Example from my computer:
$ realpath /etc/sddm.conf /nix/store/slkq2k8vc4rx4ag55zf8ssl7qd9ry49v-sddm.conf
I love Universal Blue.
It’s OCI cloud image based Fedora Silverblue/Kinoite/Serica with extra steps/batteries included.
“The reliability of a Chromebook, but with the flexibility and power of a traditional Linux desktop.”
But also probably an easier way for
Nvidia Fedorausers to game on Linux:Easily roll back deployments or 📌 one and rebase to something else easy peasy. (So many different choices) Test betas with no fear!
I’ve actually been gaming on Bazzite for two weeks now:
Jorge’s Blog:
Media:
- High-Tech Lo-Life on YouTube:
- “As Seen on TechSpot”
- “As Seen on GamingOnLinux”
- “As Seen on tom’sHARDWARE”
If you wanna simply make your own image to share with friends/family:
Universal Blue isn’t a distro. It’s more of a reimplementation/enhancement of
ImmutableOCI Cloud Based Images of Fedora.uBlue is great. After using Fedora Silverblue for more than a year I used it to have the same OS on my laptop and desktop. It’s works great and is quite simple if your already familiar with building containers. But the constant reboots and rebuilding an image taking minutes made me switch to NixOS.
The advantage of uBlue over NixOS is imo that the former is configured like any other Linux by placing files in the traditional file system hierarchy (e.g. binaries in /usr/local/bin). NixOS throws most of that over board and makes use of it’s own configuration language and package manager. Getting started with uBlue is definitely easier, while NixOS is a time-consuming rabbit hole (not that uBlue isn’t…). For a tiling wm setup I definitely think NixOS is the better choice, since changing core system components is quicker.
My understanding is that most immutable distributions store the root filesystem in a read-only partition separate from userspace. If you want to install something that would modify this partition, it is applied temporarily until reboot. On reboot, the operating system attempts to resolve your changes, and if they break something it will reject them.
Each OS might implement immutability differently, but I believe that’s the general idea. macOS is another example of an immutable operating system, as of Big Sur.
Security, Stability
As far as use cases where immutable distros would be more or less convenient, it appears to me that due to the security and reproducibility factors, immutable distros are better for server or enterprise environments where updates need to be rolled out quickly and smoothly, which are most actual Linux systems out there and where Linux companies make their money (hence why they seem like the hot new thing right now), and for desktops where people are primarily concerned with not wanting to “break” anything. But a classical distro, IMO, would be better for folks like me who do want the control to change or customize things down to the core parts of the OS. As far as I’m aware, you don’t have much freedom to tinker with an immutable distro until it’s wiped away with the next update.
NixOS/Guix still give users the control to change anything at any time. That’s because they aren’t image based and instead they achieve immutability with the Nix package manager (symlinks and a declarative system configuration file).
I agree with immutable OS on servers being great, but I also believe immutable systems are a good choice for desktops. Especially managed desktops (eg. my moms) work well with an image-based OS. Flatpak is often enough for those few gui apps and there’s less risk of automatic updates failing (eg. pulling power plug while updating).
Removed by mod
Honestly every time I mention NixOS I get someone telling me it’s not a beginner friendly distro
Provided you get to understand the config file which only took a day of fiddling it’s so much easier to use than mutable distros
I add something to my package list and it just works, and nothing else breaks and even if I do manage to screw up my entire system so badly that I can’t boot it anymore I just boot the last working configuration and undo my changes
I believe people have even built UIs around the config to make it more user friendly
https://github.com/nix-gui/nix-gui https://github.com/vlinkz/nix-software-center
I agree, when I was on other distributions I would gradually customize things until something broken; then it was easier to start from scratch than to fix my mistakes. With NixOS it still gives me the ability to tinker with things, but makes it much easier than starting from scratch when I inevitably mess it up.
I find it’s better than that, don’t even need to start from scratch because it’s so difficult to break it to the point you can’t just revert to a previous version
You know, there was Ansible, containers, ZFS and BTRFS that provided all the required immutability needed already but someone decided to transform regular machines into MIPS-style shitty devices that have a read-only OSes and a separate partition for configs. :D
Yeah I’m with you, I want more reliability but immutable is a bit of a long way to go to get it.
I get why people are willing to make the tradeoff though, docker taught us os configuration should be done programmatically, my workflow is just used to constantly fidgeting things till they feel right, to each their own.
