Why and How?

Hi there,

I just started testing Aurora and either I don’t get the concept or I don’t know how to handle it.
Maybe you can help me. :pray:

I get that a read-only system enhances the reproducibility and thus lowers the risk for upgrade related errors.
With layering you can roll back to a previous state - that is nice too.

But the almighty internet states that rpm-ostree install should only be taken as the last option if not otherwise possible.
So, I should install my stuff in local containers.
But whats the benefit of cluttering you users-space containers over cluttering your system over the time?
Or in other words, when I do the same mess in user-space?

Additionally, how would you recommend doing this? As it comes with all kinds of other quirks (ampersands no working properly from the “outside”, PATHs overlay from the “inside”, …).
So far I have just one container with the necessary basics (ripgrep, pdf reader, etc.) I always want to use - i.e. everything not present as a flatpack.
Do I configure the shell to always automatically enter the container?

And is there something lighter than fedora-toolbox? I don’t need the whole system twice.

Questions over questions … Maybe there is a best-practice manual somewhere …

I think my ideal setup would be a system described as a config file (or config.d folder), where installing means adding something to the config so that I always have a coherent state.

Thanks a lot!

The main idea is your base system is up to date and reliable. Something you can depend on.
I thought of this analogy, an RV full of go karts. The RV always gets you where you want to go, and the go-karts can be used for different side quests.
If a go karts breaks down, it doesn’t stop you from traveling, and it can be fixed or replaced without affecting the others.

To better answer your question though, it would help to know what you want to do. Most things people need to do can be solved using flatpaks.
The one thing I have overlaid is 1Password, because it needs more system integration than, say, an office suite. It’s a set and forget though, system updates are still easy and atomic, and I don’t have to remove it to update.

Anyway, what would you like to do?

2 Likes

Personally for me the advantage comes from learning to create custom podman/docker images.

I consider fedora-toolbox to be just a quick-and-dirty way of landing into a mutable container where you can use traditional package installers and customize it to your heart’s content, without affecting the base system. But for me, this leads to losing the appeal and therefore I don’t use it.

Instead I define my own custom containers, which means I automate their creation. This is key because there is a Dockerfile or a compose specification that can be used to re-create the container from scratch, anywhere. I save these in a personal github repo.

For example, I now have 3 containers, each for some application that is special to me:

  • One with my broker’s trading software
  • One with Citrix Workspace for logging into my workplace
  • One with a custom Eclipse IDE distribution whose installation I automated with Ooomph (it runs as part of the Dockerfile)

The advantage is that my base system is clean and all my other applications are flatpaks or automated containers. I get a new laptop, I just need to:

  • install Bluefin
  • recreate my containers from my github repo
  • reinstall my flatpaks (wish there was a tool for this)

…and I’d be good to go software-wise. I just need to transfer my home directory files to the new machine and start working.

The only downside is that this consumes more disk space…

2 Likes

" * reinstall my flatpaks (wish there was a tool for this)"

You can use the Save Desktop flatpak app, it’s awesome.

6 Likes

Very big difference. There is no cluttering at all. System layer applications are separated from userland, so drastically move stable system.

Each user app is in its own container, so drastically more stable userland.

One single app will not break system or user land, because it is separated from each other and system.


Installing software hierarchy in Blufin and in other Universal Blue.

  1. Start with “flatpak”, if app not available as flatpak then
  2. ujust…

If you applications need access to host Blufin, then it is simpler to install software using distrobox:

1 Like

By the way, if you’re really into this, have a look at NixOS. It’s not a user-friendly language for specifying your setup, but it’s what you describe: “declarative” system definition.

The question is how much time you want to spend configuring your system and maintaining that configuration. Personally I prefer the atomic OS option of Bluefin, with a few containers I specified myself, that I update individually as needed.

2 Likes

NixOS is to time as boats are to money.

11 Likes

Being a non native English speaker: what does that mean?

Boats are known as being a money pit, that cost you a lot of money after you buy them. NixOS can cost you a lot of time.

1 Like

I can attest to that. I am a recovered NixOS user. It’s great technology, just not for me.

3 Likes

@akarypid
If it isn’t super secret would you mind referencing your GitHub and specifically the Citrix Workspace?

I have had trouble trying to create a flatpak and would like to try Podman container to better isolate it.
I am not the most tech savvy at this, but want to try and learn how to successfully create a container for this.
Thanks!!!

My citrix container is at:

I run sh build-distrobox.sh to create it, then when I login to my provider I open the downloaded file with the “Citrix Workspace” application. In fact I configured Chrome to “Always open files of this type” so that I don’t have to do it every time.

I’m no expert either, but this has worked for me so far without issues.

1 Like

I’m flattered - thank you so much for all the feedback!

Instead I define my own custom containers, which means I automate their creation. This is key because there is a Dockerfile or a compose specification that can be used to re-create the container from scratch, anywhere.

So, actually quite like Ansible, right? And what kind of compose specification do you use?

Very big difference. There is no cluttering at all.

Where is the difference w.r.t. cluttering, if I use sudo dnf install in a container or as root? Both accumulate packages over time.

One single app will not break system or user land, because it is separated from each other and system.

I’m not sure I’ve ever had a program break my system in the last 10 years.
I used Arch for the longest time, but the garbage just kept piling up.

Installing software hierarchy

Thank you! I thought Homebrew is just a Mac thing. From the first glance it looks like a userspace-package manager, like pip, right?
On Arch, it’s a discouraged option that should be avoided if possible as it causes all kinds of quirks in the long run.

if you’re really into this, have a look at NixOS

Yeah, I had it in the back of my head. Some guy from the institute once gave a talk about it. It sounded really interesting. But I also remembered about quite some effort to package up programs that where not present in the Nix repositories, and I think they eventually ran their own package repository server with quite some maintenance effort.

Anyway, what would you like to do?

I do a lot of command line work. Some random programs I use that come to my mind: vim / neovim, ripgrep, biber, zathura, mpv, iperf, ncdu, cmake, valgrind, gcc-c++, strace, texlive-scheme-full, …
Non of that is present as a flatpack.

Okay, I can maintain a script for setting up the containers with a manually curated list of packages to be installed. But I would have to do that manually or write a wrapper for dnf install that adds an item to the list. :grimacing:

But still, how to I deal with PATH conflicts?
Simple example: vim is installed on the base system.

> which vim
/usr/bin/vim
> distrobox create --image fedora-toolbox --name test
> distrobox enter test
> which vim
which: no vim in (/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin:/home/username/.local/bin:/home/username/bin:/usr/lib64/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)

I don’t want to put distrobox-host-exec in front of every command. And when I create symlinks, they wouldn’t work outside of a container.

And is there something lighter than fedora-toolbox? I don’t need to duplicate the OS.

Thanks a lot!

Use brew to install command line utilities.
It works really well.

ujust brew

To install brew, then e.g.

brew install neovim

I just tried it out and it wanted to re-install half of the operating system.

> brew deps mpv
alsa-lib
aom
aribb24
berkeley-db@5
binutils
brotli
bzip2
ca-certificates
cairo
certifi
cjson
dav1d
dbus
elfutils
expat
ffmpeg
fftw
flac
fontconfig
freeglut
freetype
frei0r
fribidi
gcc
giflib
glib
glslang
gmp
gnutls
graphite2
gzip
harfbuzz
highway
hwloc
icu4c@76
imath
isl
jpeg-turbo
jpeg-xl
krb5
ladspa-sdk
lame
leptonica
libarchive
libass
libb2
libbluray
libcap
libclc
libdeflate
libdrm
libedit
libepoxy
libevent
libffi
libfontenc
libice
libidn2
libmicrohttpd
libmpc
libnghttp2
libnsl
libogg
libpciaccess
libplacebo
libpng
librist
libsamplerate
libsm
libsndfile
libsodium
libsoxr
libssh
libtasn1
libtiff
libtirpc
libtool
libunibreak
libunistring
libva
libvdpau
libvidstab
libvmaf
libvorbis
libvpx
libx11
libxau
libxcb
libxcrypt
libxcursor
libxcvt
libxdmcp
libxext
libxfixes
libxfont2
libxi
libxinerama
libxkbcommon
libxkbfile
libxml2
libxmu
libxpresent
libxrandr
libxrender
libxscrnsaver
libxshmfence
libxt
libxv
libxxf86vm
little-cms2
llvm
lm-sensors
luajit
lz4
lzo
m4
mbedtls
mesa
mesa-glu
mpdecimal
mpfr
mpg123
mujs
ncurses
nettle
open-mpi
opencore-amr
openexr
openjpeg
openssl@3
opus
orc
p11-kit
pango
pcre2
pixman
pmix
pulseaudio
python-packaging
python@3.13
rav1e
readline
rubberband
sdl2
shaderc
snappy
speex
speexdsp
spirv-llvm-translator
spirv-tools
sqlite
srt
svt-av1
systemd
tesseract
theora
uchardet
unbound
unzip
util-linux
valgrind
vamp-plugin-sdk
vapoursynth
vulkan-headers
vulkan-loader
wayland
wayland-protocols
webp
x264
x265
xauth
xcb-util
xcb-util-image
xcb-util-keysyms
xcb-util-renderutil
xcb-util-wm
xinput
xkbcomp
xkeyboardconfig
xorg-server
xorgproto
xvid
xz
yt-dlp
z3
zeromq
zimg
zlib
zstd

xinput! gcc! systemd! Etc. What the hell?

Brew installs everything in an isolated environment, so that operating system updates, etc. won’t break the packages. It also handles packages that rely on specific versions of libraries, so that installing one utility won’t break another. If compatible, utilities can share installed libraries. It can also compile things from source if a binary is not available. Thanks to all of this, installing command line utilities is just brew install and removing them is just brew uninstall. Super easy, and not breaky.

mpv, being a media player, has a lot of library dependencies. You can see the 72 dependencies on the Arch Wiki. mpv is also available as a flatpak. Being a gui application, that would be my choice for installing it.

But, I’m not a brew salesperson, and you can certainly do as you please :slight_smile:

2 Likes

Yes, we need to define what cluttering is… I see clutter as all apps from different repositories installed on single host and problem just waits to happen. When application is installed inside container it is separated: better stability (does not affect system) and easier to manage (upgrade, delete container…). But on the other hand we define clutter by number of stuff installed on machine then containers can be seen as more cluttered, because each container replicates binary files.

It depends on number or repositories (and PPAs in Ubuntu) you add. At some point something will break. But if you are from Arch, I assume you can fix things or documentation/help to fix it.

Homebrew in Linux is for terminal applications (e.g install neovim) or servers (e.g. install postgresql database server). I think you can install some GUI apps from Homebrew, but first try to search for flatpak repository, to follow the Universal Blue installation order recommendation.

Universal Blue general recommendation:

  • use flatpak for GUI applications
  • use Homebrew for text based terminal applications (e.g. neovim)

If apps are not available then use Distrobox commands or BoxBuddy GUI for Distrobox. See sample of how I recommended to install one of the GUI app not available as flatpak in BoxBuddy.

1 Like