Red Hat’s Fedora project is to add a new variant called Kinoite, an immutable desktop operating system alongside the existing Silverblue, which runs GNOME desktop.
The idea behind an immutable operating system is that it is mounted read-only; also, conceptually, it is not patched but rather is replaced when it needs to be updated, in the same way as a container. This has obvious security advantages, as well as making features like rollback easier to implement.
Silverblue was introduced in early 2018 based in part on an earlier project called Atomic Host. The first full release of Silverblue was as part of Fedora 29 in October 2018. Fedora CoreOS, designed for hosting containers, is also designed as an immutable operating system. Both CoreOS and Silverblue are presented as “emerging Fedora editions” rather than mainstream, and Fedora itself is the leading-edge Linux distribution from Red Hat, unlike Red Hat Enterprise Linux, which emphasises stability for production.
Fedora Kinoite initially targets Fedora 35, which is likely to be released around October 2021. According to the description, it is based on the same technologies as Silverblue. This starts with rpm-ostree, which is the core packaging system for transactional, image-based operating system updates, and supports RPM Package Manager packages layered on top without impacting the files in the root operating system.
Next comes Flatpak, which is a system for packaging and installing applications in isolated containers, and Podman, which handles running containers. The name Kinoite, we are told, refers both to a blue mineral (Silverblue) and to the Japanese word for “there is a tree” – meaning ostree.
The arrival of Fedora Kinoite means that Fedora desktop users in search of immutability can opt for KDE Plasma rather then GNOME. There is already a KDE variant of Fedora, called Spin, and we were told that “Fedora Kinoite is to the Fedora KDE Spin what Fedora Silverblue is to Fedora Workstation.”
The downside to immutable Fedora is compatibility issues. The team said it is addressing issues with Discover, the KDE graphical software manager, which does not currently support rpm-ostree. There are issues compiling KDE applications as Flatpaks and Red Hat’s Timothée Ravier, working on Kinoite, reported: “I have not successfully created a Flatpak yet.”
It is also worth a look at the Silverblue troubleshooting notes to see some of the potential issues. Sometimes an application will not install because it has a dependency on a package in the OS that is out of date, and the main fix is to wait for an OS update.
Some applications, including Google Chrome, try to install into the /opt directory, which does not work; there is a workaround for Chrome but not for all such applications. Nvidia drivers, often a source of irritation for Linux users, have been a problem because they are not free and required a workaround.
For those who can live with a few issues, there are many advantages to an immutable OS. Updates are integrated and normally automatic by default, and faster than traditional patching since they just update an image to a known state rather than performing time-consuming searches for what to patch. Applications are better isolated from one another and can be installed and removed without the risk of breaking the operating system or introducing dependency issues.
It makes a PC operating system more like what we are used to with mobile devices and, in that sense, fits with what we are seeing from Apple, Google (with Android and Chrome OS), and even Microsoft, with the delayed Windows 10X. ®