Project Bluefin: A customized Fedora Silverblue desktop image
So-called "immutable" Linux distributions have been in development for some time, but (unless you count ChromeOS) haven't gained much traction. Project Bluefin, is a heavily customized set of Fedora Silverblue images coming from the Universal Blue community; they are designed to deliver a reliable Linux desktop that's as easy to use as a Chromebook but more customizable. Bluefin's mission is to change up the desktop experience and attract a new generation of open-source contributors with a "cloud-native" take on developing and delivering the operating system.
Fedora Silverblue
LWN readers are, no doubt, at least passingly familiar with Fedora but may not know about the Silverblue project. A variant of Fedora Workstation, Fedora Silverblue has the same stock GNOME desktop and base software, but delivered as an immutable image. It's built using OSTree and rpm-ostree, which are a set of tools that provide a Git-like way of working with OS images created from RPMs. OSTree deploys a bootable, read-only filesystem tree with writable content stored in /etc and /var; user home directories live under /var/home.
Rather than installing or updating Fedora package by package, Silverblue installs an image built from RPMs (with rpm-ostree) as a single transaction. When updates are applied, they're also applied as a single transaction, whether it includes an update to a single RPM or an upgrade to a new release of Fedora. For example, one can update from Fedora Silverblue 37 to 38 by rebasing on the Silverblue 38 image.
The OSTree project got its start with gnome-continuous, a research project aimed at making it easier to take GNOME's Git repositories, build them, and make them available quickly for testing. Later, OSTree and rpm-ostree were used as part of Project Atomic to develop immutable variants of Fedora, CentOS, and Red Hat Enterprise Linux to run Linux containers. The technology lives on in the CoreOS family and is also being used for Silverblue.
This model has at least three distinct benefits. First, systems deployed in this way are identical. That is, using the OSTree model, every system's install using the same image will have the same versions of software without any package variations. This can help prevent "drift", where some systems running package-based installs may have slightly different versions of software or missing packages, etc. Updates are staged in the background and take effect on reboot rather than updating packages on a running system.
A second major benefit is the ability to roll back updates if needed. Let's say one has taken their laptop on the road for an event and updated the system to the latest Fedora release, but the update has a bug that disables the laptop's WiFi. Reversing this using the standard RPM model could be challenging, to say the least. Under the OSTree/rpm-ostree model, one need only revert back to the prior, working, image and report the bug like a good community citizen.
The third advantage is the ability for adventurous users to easily switch between multiple branches of OSTree images, which is called "rebasing". By using "rpm-ostree rebase", one can pull a major operating system update and move from Fedora 37 to 38, or perhaps move between Fedora Silverblue and a custom image like Bluefin (and back again, as well).
Application management on immutable systems
The image-based approach has its clear positives, but also raises the question of how users can add software to their systems. This lack of flexibility was a feature for the Atomic Host and CoreOS use case — the host operating system was not meant to be customized, it was simply a vehicle for running Linux containers.
Systems built with rpm-ostree are "immutable" with an asterisk. Users can install software from RPMs by layering packages on top of the image with "rpm-ostree install packagename". This is usually done to add drivers, libraries, or system software, rather than for user-facing software. This creates a new image and it's generally recommended to reboot to apply the changes — though rpm-ostree does allow users to apply changes to a live environment with the apply-live option.
But that mechanism is meant to make changes and updates to the image and then roll it out to the fleet, rather than tending to systems individually, so each host offers only the needed software to boot the system and run application containers. Customizing individual hosts is generally considered an anti-pattern when running container workloads at scale.
However, a desktop operating system without the ability to install new applications would be of little interest to most users. Silverblue addresses this in several ways. Users are guided to using Flatpak for GUI desktop applications. If an application isn't included in the default selection, then one can turn to Flathub to it. The Flatpak format has its pros and cons, along with fans and detractors. Needless to say, users who do not like the format would be unlikely to find happiness with Silverblue or Bluefin.
Silverblue also offers a utility called Toolbox (sometimes stylized as Toolbx), which is a streamlined way of using privileged Linux containers to install command-line tools and utilities. Toolbox uses Open Container Image (OCI) images, but integrates them into the system so that they provide access to the host as if they were natively installed. Toolbox containers can access Wayland/X11, removable devices, the systemd journal, and other components. This is useful for troubleshooting, setting up a development environment, or otherwise installing software that might not be available as a Flatpak or well-suited to the Flatpak model.
Universal Blue and Project Bluefin
Bluefin is one of many images created by the Universal Blue project, which starts with Fedora Silverblue and then diverges from stock Fedora to create a number of customized images for various desktops and specific use cases. The images offer additional packages, custom udev rules, codecs that Fedora will not ship, as well as things like NVIDIA drivers and customizations for popular hardware. These images promise a better "out of the box" experience for those who have a target device and want to avoid fussing with driver installations and customizations. Conversely, this may be off-putting for users who wish to avoid any proprietary drivers or codecs.
The most recent addition to Universal Blue's family of images is Bluefin, currently described as "beta" with an eye toward a stable release in the Fedora 40 time frame. Bluefin is a take on Silverblue that aims to have an Ubuntu-like look and feel, with a dock (the Dash to Dock extension) and AppIndicators out of the box, plus the aforementioned codecs, defaulting to Flathub for Flatpaks, and other customizations. Flatseal is also installed by default, should users wish to view or modify the permissions granted to Flatpak applications. See the screen shot below to get a feel for Bluefin's default look.
![[Bluefin desktop]](https://static.lwn.net/images/2023/Bluefin-Desktop-sm.png "Bluefin desktop")
Bluefin also prefers Distrobox to Fedora's Toolbox for providing a mutable environment or environments. Distrobox aims to let users run any Linux distribution inside their terminal. Like Toolbox, Distrobox containers are privileged and integrate almost seamlessly with the user's desktop environment. Users can use "distrobox create debian", for instance, to create a containerized environment based on the default Debian Docker (OCI) image. This can be immensely useful for testing and experimentation using the user space for multiple Linux distributions without having to maintain multiple physical or virtual machines, or dual-booting.
The Bluefin Developer images are particularly interesting. In addition to the default customizations, the Developer images include tools like DevPod, Devbox, Fleek, and Incus. DevPod is similar to GitHub Codespaces, a tool to create and manage "run anywhere" developer environments. Likewise, Devbox uses Nix under the hood to create reproducible developer environments — but abstracts away some of the complexity of Nix. Fleek also gives users a way to use Nix under the hood to configure their working environment and even make it portable and reproducible. Incus is a recent fork of Canonical's LXD, and is designed to run virtual machines via QEMU, and/or system containers via LXC.
In short, Bluefin Developer comes heavily loaded with leading-edge developer tools that are popular (or aim to be) with developers in and around the "cloud-native" space. It wouldn't be a bad thing if a project like Bluefin were to lure some cloud-native developers away from macOS to (or back to) the Linux desktop. Note that work is also afoot to generate Bluefin images based on the Fedora Asahi Special Interest Group (SIG) to support Macs using Apple silicon.
The Bluefin experience
Installing Bluefin is much like installing Fedora, with a few extra steps. One can pick the Bluefin ISO image or rebase to a Bluefin image from Fedora Silverblue. The process takes a bit longer than a standard Fedora install — particularly since Bluefin installs several packages from Flathub post-install and rebasing to a new image after installation takes additional download time.
Note that, as of this writing, Bluefin does not support manual partitioning or dual-booting setups — so interested users will want to have a dedicated machine or test Bluefin in a virtual machine until that capability is available. For this article, Bluefin was installed on a Lenovo Thinkpad X280 with 16GB of RAM and 256GB of storage, as well as in a virtual machine with similar RAM and 4 vCPUs. Performance on the Thinkpad is similar to stock Fedora Workstation, perfectly acceptable for light work, battery use was about the same, waking from sleep worked without fail, and no hardware problems came to light.
The look and feel of the Bluefin Developer desktop differs from the stock Fedora Workstation by providing a dock out of the box, Alt-Tab cycles through open windows rather than applications, windows have the minimize and maximize buttons available by default, and other minor touches like adding the "Blur my Shell" GNOME extension that adds visual effects like "blurring" the dock or top panel with the desktop background so they appear to show through. Whether these are appealing or not is, of course, strictly a matter of taste. I found it necessary to crank down the huge default terminal font size, despite my aging eyes — but otherwise found the look and feel pleasing. Which is not to say that stock Fedora is unpleasing, just that Bluefin's overall look and feel is even more to my taste.
The focus on current developer tools and advanced-user productivity applications sets it apart from Fedora Workstation's more conservative set of default software. Distrobox neatly solves the problem of choosing a Linux distribution by making it relatively easy to set up a variety of distribution environments. With a few commands it was easy to run AlmaLinux 9, Debian 12, and Ubuntu 22.04 LTS environments.
Bluefin also provides just, which is a utility to run project-specific commands from justfiles (like makefiles, but with a simpler syntax). Bluefin ships with a full complement of pre-defined just tasks for everything from showing the changelog between the current system and pending updates, cleaning the system of old containers, or switching the default shell to zsh or fish. The "just update" task helps in keeping a Bluefin system up-to-date by automating updates for the OS image, installed Flatpaks, and likely one or more Distrobox environments. Those working with containers for development work have the option of using Podman or Docker. Running "just docker" will fire up the Docker service and add the user to the docker group, for example.
One minor complaint about the "rpm-ostree update" operation if run separately is that it does not offer status updates while working. It provides a report of how many layers are present and need to be downloaded, with an estimation of size and begins working without any indication of progress until it has downloaded its new data. Then it provides a report of changes and guides the user to perform a "systemctl reboot" to make them take effect. It's easy to wonder whether an operation has stalled or if it's just being extremely quiet. The answer is "quiet", apparently. Switching from a Fedora 38 base to Fedora 39, then back again, worked without hiccup.
Final thoughts
Though Bluefin is considered beta status, I had no problems using it as a daily driver. Overall, Bluefin seems like a fine choice for a desktop distribution even considering that status. That is not surprising, since it's building on a fairly mature base with Fedora Silverblue. It comes with something of a learning curve for those accustomed to Fedora Linux, but not so great that it's off-putting.
Bluefin is especially interesting because it leans heavily into the Fedora tenets of "features" and "first." Aside from its immutable model and additional polish for specific systems, it serves as a showcase for a lot of recent tools like Devbox, Distrobox, just, and many more. For users already familiar with these tools, it's handy to have them all in one basket. For others, trying out Bluefin and exploring the varied development tools and utilities may lead to some useful discoveries. Putting Bluefin through its paces is a great way to uncover newer open-source tools that aren't yet well-known.
For those interested in taking the plunge, ISOs are listed on GitHub and the Universal Blue documentation will help to get started.
| Index entries for this article | |
|---|---|
| GuestArticles | Brockmeier, Joe |
Posted Dec 12, 2023 20:29 UTC (Tue)
by wittenberg (subscriber, #4473)
[Link] (10 responses)
This is a major reason why Linux is on so few desktops. For readers of LWN, this is true-- what use is a computer you can't play with. But for the vast majority of the population, this is false. Most of the people I know who do not make their living playing with computers want a computer to act like an appliance: You buy it, pull it out of the box, and it works. Period. They don't want to update the system, they don't want it to change, they just want it to work.
It's important to remember that most users are users. They think the computer is a tool to make some jobs easier. They don't want to spend their time playing with it. Those of us who enjoy playing with computers are a tiny minority. You may remember the tag line "the computer for the rest of us".
This is especially important when things go wrong. I can tell my wife "look for the "file menu", it's in the upper left corner". Because she doesn't make changes to her stock computer, I can give her directions. If she has the ability to move the file menu, then we have to have a discussion about where to click.
--David
Posted Dec 12, 2023 20:51 UTC (Tue)
by Wol (subscriber, #4433)
[Link]
You're lucky! Microsoft keep moving things and confusing the hell out of my wife. Seeing as I don't use Windows much (and mine is stuck on 10), I can't tell her where to look because I don't know, and she can't tell me what's in front of her because she doesn't know what she's looking at. So I have to drop what I'm doing, go over to her, and sort her out.
I'd LOVE a computer that doesn't update until you tell it to ... (I've got gentoo, so that's true for mine :-)
Cheers,
Posted Dec 12, 2023 21:40 UTC (Tue)
by madscientist (subscriber, #16861)
[Link] (5 responses)
This is just not the case. I think you may be considering an ever-shrinking (and aging) population in your worldview. Or maybe you're over-weighting corporate users.
Yes, of course everyone wants their technology to work. But that doesn't mean they don't want it to change.
I don't know a single person anywhere, no matter how technologically disinclined, that has not downloaded a new app to their smartphone and still only uses just the applications that came with it when they took it out of the box. Ditto for Chromebooks or iPads. And ditto for laptops running Windows or MacOS (or Linux).
Everyone wants to play new games, use the latest music apps, the latest social media apps, the latest video or sound editing apps, or at least some non-empty subset of those things. And the younger you are the more effortlessly you can navigate these things and the more "new stuff" you want.
Posted Dec 13, 2023 1:59 UTC (Wed)
by pizza (subscriber, #46)
[Link]
Not quite. They actually want nothing to change. Except for the things they want to change.
Posted Dec 13, 2023 10:44 UTC (Wed)
by Wol (subscriber, #4433)
[Link]
I come close!!!
My wife's laptop effectively runs two apps that didn't come built in - MS Office, and Picasa. And 99% of the built-in stuff is never used.
My phone is similar. I can't wait to delete that damn Ipsos market research app I signed up to, and I have Kindle (which I rarely use). Again, pretty much all the built-in stuff is unused - I've even stopped using Google Maps because Google have broken it so badly ...
Cheers,
Posted Dec 13, 2023 16:02 UTC (Wed)
by wittenberg (subscriber, #4473)
[Link]
--David
Posted Dec 13, 2023 19:11 UTC (Wed)
by sramkrishna (guest, #72628)
[Link]
The other great thing is that for developers you now are you using a containerized developer flow. For my work as a community manager, I use fedora as my main system but then do a lot of work in a containerized Ubuntu 20.04 container to build software. I have another container to update my hugo blog and so on. So you don't install everything into your main OS, but modify all you like in containers.
Posted Dec 13, 2023 22:14 UTC (Wed)
by Wol (subscriber, #4433)
[Link]
Well, I'm clearly NOT "everyone". For me "the latest music app" is Clementine, which doesn't work on my system because I haven't got round to fixing the sound since I built the system and installed gentoo a couple of years back. Social media I was on - what was it called? - Google+? - which I hardly used and didn't notice it passing ... "the latest video or sound editors" - well if sound doesn't work, why on earth would I want those? So yes - I most definitely am EXTREMELY happy with the empty subset of those categories.
(Oh - and I don't play computer games. I may still be hooked on Age of Empires - the original one - and Solitaire - but that's about IT!)
And yes I am an older person and that's why I "can't effortlessly navigate these things". My wife is disabled and it's almost impossible for her to navigate these at all!, let alone effortlessly!
Cheers,
Posted Dec 13, 2023 1:24 UTC (Wed)
by Matt_G (subscriber, #112824)
[Link]
I don't disagree but the problem is no two users will perfectly align on what they need "out of the box" you either try to cover every possible permutation of use cases by including "everything and the kitchen sink" and you end up with a bloated system with a huge attack surface or you take the minimalist route and the user gets frustrated because seemingly everything they try to do requires yet another download + install.
Ideally the default installation (or system image or whatever) is a trade off balance between enough functionality to meet *most* users needs and not being overly bloated. You will never be able to please everyone. A personal example last time I installed Fedora the default installation did not include an Ebook reader. Is an Ebook reader something people should expect "out of the box" probably not but some people might answer yes. Where do you draw the line.
Then there is the third school of thought which seems to be run everything in a browser. I won't comment on this except to say this is not for me I'd abandon any distribution that tried to eschew native apps for browser based ones.
Posted Dec 13, 2023 15:34 UTC (Wed)
by masquerade (subscriber, #156667)
[Link]
I think you're right that very few people spend their time tinkering (and enjoy it), but I don't think that's relevant. The more important question is how many people never change anything, and I think the answer to that is "almost no one".
Apple are great at convincing their users, that Apple's products are exactly what they need. But even Apple has the app store where users can install a million apps that provide something for them that Apple didn't.
Posted Dec 22, 2023 7:28 UTC (Fri)
by eduperez (guest, #11232)
[Link]
The problem is that "it works" is different for each person, and not everybody needs the same applications. So, either you have an hyper-bloated distribution with all the applications that somebody could need, or you have something that will not "it works" for many people.
Is there anything similar to your idea on the market right now? An iPhone is the closest I can think of, and it comes with it's own application marketplace.
Posted Dec 13, 2023 22:12 UTC (Wed)
by Siosm (subscriber, #86882)
[Link] (1 responses)
With podman on Silverblue/Bluefin, both Toolbox & Distrobox use *unprivileged* containers by default. See https://github.com/89luca89/distrobox#security-implications.
Posted Dec 14, 2023 16:51 UTC (Thu)
by smcv (subscriber, #53363)
[Link]
However, they share a lot of state with your ordinary user account outside the container: they aren't providing a meaningful sandbox, like you would get from a Flatpak app with no special flags. Access to your home directory means that if you're running actively malicious code inside a Toolbx/Distrobox container, it can achieve arbitrary code execution outside the container by overwriting configuration in locations like ~/.config/, ~/.bashrc or similar. Similarly, unfiltered access to your real D-Bus session bus generally provides arbitrary code execution outside the container, by asking nicely via appropriate D-Bus messages.
If your ordinary user account outside the container is root-equivalent (can run things as root via sudo, pkexec or similar), then that combines with the lack of sandboxing at the container boundary to result in arbitrary root code execution.
I think that absence of a security boundary might be what the article author meant by "privileged", rather than the more specific jargon term. These containers are more powerful than something like a typical Flatpak app, which means more functionality for code that you're running in them intentionally (and that's a good thing), but also more functionality for the attacker if the code in the container is malicious or compromised (which obviously is not a good thing). Make your risk/benefit decisions accordingly.
Posted Dec 14, 2023 12:07 UTC (Thu)
by PastyAndroid (subscriber, #168019)
[Link]
I use Fedora Kinoite on my laptop. This particular laptop must work 100% of the time and be able to be updated after not being powered on for several months/weeks, without breakage. The reason for this is I use it as a work laptop, which mostly means it only gets pulled out when I have to go to a meeting, other than that it's switched off.
Installing other bits you need with "rpm-ostree" install really is no hassle at all and works just fine.
It's also very easy to switch between major Fedora versions (e.g 37->38->39.. etc). That's really useful!
The same applies for friends and relatives computers, where I "accidentally" convinced them to ditch a certain mainstream OS after I got tried of fixing it. Again, if anything goes wrong with their systems now that they're immutable it is painless to get them back to a working computer again with minimal fuss. (Excluding hardware issues, of course).
In cases like this immutable is a godsend solution that you can just put in place and forget it. I don't want to rush to fix my laptop just before a meeting, and I don't want to spend too long fixing a friend/relatives computer.
On the other hand, I don't see immutable as a "replace all" solution and I do not think it will be the only solution going forward. My main workstation/desktop still runs Gentoo and is very finely configured exactly as I like it and is solid as a rock. I still very much aim to continue running Gentoo. Yes, maintenance is a lot more involved, but for me it gives a level of control that immutable simply cannot provide at this time and I absolutely love going into the fine details and tweaking everything. Although, I admit I may not be the "typical" end user and I might be a bit of a nerd.
But that's the beauty of FOSS. There is no "one size fits all" solution, you can always go your own way. And that's a good thing. And no one says you can't have both!
Project Bluefin: A customized Fedora Silverblue desktop image
Project Bluefin: A customized Fedora Silverblue desktop image
Wol
Project Bluefin: A customized Fedora Silverblue desktop image
Project Bluefin: A customized Fedora Silverblue desktop image
Project Bluefin: A customized Fedora Silverblue desktop image
Wol
Project Bluefin: A customized Fedora Silverblue desktop image
Project Bluefin: A customized Fedora Silverblue desktop image
Project Bluefin: A customized Fedora Silverblue desktop image
Wol
Project Bluefin: A customized Fedora Silverblue desktop image
Project Bluefin: A customized Fedora Silverblue desktop image
Project Bluefin: A customized Fedora Silverblue desktop image
Project Bluefin: A customized Fedora Silverblue desktop image
> ...
> Like Toolbox, Distrobox containers are privileged ...
Project Bluefin: A customized Fedora Silverblue desktop image
Project Bluefin: A customized Fedora Silverblue desktop image