Silverblue User Guide

Through the course of using Silverblue daily, it has become apparent that an orchestration of all three technologies is what occurs in fact. There are times when a Container will provide the flexibility required that a Flatpak cannot, Layering can sometimes be the only answer to a problem, and Flatpaks in general work fine as they are intended. This is very likely echoed elsewhere throughout any community of users of an OSTree type of OS, whether Silverblue or others that use libostree. To successfully navigate this terrain it’s good to be up on all things rpm-ostree, all things flatpak, and a whole lot of things container related.

Each of the technologies expose varying levels of access to the OS image, with the Layering approach being the most intrusive in the fact it causes a new image tree to be created. The Flatpak application is definitely the least intrusive being sandboxed, with limited indirect access and limited developer capabilities to program in access to system resources. Containers have more access to system processes and devices.

As stated on flatpak.org 'Flatpak is a next-generation technology for building and distributing desktop applications on Linux. Flatpak uses libostree to store application data, distinct from the host system management model.' In practice, what this means is that the flatpak deployment of an application does not normally have access to the host OS directly, or any other applications running on the host. The application is running on a runtime contained inside of the flatpak itself. If this sounds a lot like a flatpak is a container, it’s because it is a container essentially. An application in flatpak form is running inside of its own environment designed specifically to make it work as intended, irrespective of the host OS, and is quite effectively sandboxed. One of Flatpak’s main goals is to increase the security of desktop systems by isolating applications from one another. This is achieved using sandboxing and means that, by default, applications that are run with Flatpak have extremely limited access to the host environment. For day to day usage in roles that encompass the bulk of things users generally are doing at their PC Silverblue, with its immutable OS and flatpak’d applications proves to function quite well. The updates are rolling along regularly just like the Fedora Workstation I had become used to, and the majority of my applications that are flatpak’s work as they are intended to.

When you first run Silverblue after the initial installation steps, you will likely want to install some applications, and to do that no doubt you first try Gnome Software, only to find nothing. Gnome Software is still there, just not showing software to install since the flatpak repository (flathub) is not configured for the system yet. This is due entirely to the Fedora licensing scheme, since Flathub allows software with non-open source license schemes to be distributed, like for instance rpmfusion-nonfree repo does in the normal Workstation version of Fedora. The user has to configure the rpmfusion-nonfree repo in order to install anything from its repository. In Silverblue, when installing flatpak’d applications, you have to configure the repository for use first. You do this with the flatpak remote-add command. This command takes as its first argument, the name you want to give the remote, and the URL it is located at for the second argument. In the case of the flathub repository, I simply named mine flathub and its URL is https://dl.flathub.org/repo/. The command becomes flatpak remote-add flathub "https://dl.flathub.org/repo/" without the quotes. It is also acceptable, and easier to browse to Flathub.org and select the quick setup option for Fedora, which Installs the repo via Gnome Software. Whichever way you choose to do it, will result in you now having access to all of the flatpak’d applications and extensions available on the Flathub repo. These applications will be displayed as usual in Gnome Software with their origin being dl.flathub.org. There are more applications being offered as flatpak’s each day it seems, so check back often if your favourite isn’t listed yet. There is more you can do with the repo now that you have it installed. The flatpak command has numerous options that are useful for inspecting what is available at a configured repo. The command flatpak remotes will list the installed/configured repositories, and if you use the -d switch with the command like so flatpak remotes -d you will get a detailed listing of your configured remotes (repo’s).

Also, it is worth noting that there are other remotes available to be configured on your system if you would like to explore some more. If you want to have Firefox as a flatpak, instead of using the version shipped as part of the Ostree of Silverblue, you could configure the firefox nighly remote (https://dl.flathub.org/repo/) with the following command flatpak remote-add firefox-nightly https://dl.flathub.org/repo/ then install the FireFox nightly build with the command flatpak install firefox-nightly org.mozilla.FirefoxNightly and flatpak will install the Firefox nightly build for you. You may have already come to the conclusion that you could also install it from Gnome Software since you have configured the remote, and you would be correct but take note of the source listed on its install icon, it is the remote you just configured. As no doubt. some of the clever monkeys out there have likely noted when they did a remote-ls command on their configured flathub remote, there are more things listed than the app’s. There are runtimes, and sdk’s as well as app’s since Flathub.org is a place to distribute such things.

On Fedora Silverblue, there is an out of the box solution provided for a Pet Container, fedora-toolbox. If it isn’t already installed for you, you can do so with the following command ~[$ rpm-ostree install fedora-toolbox, once it is installed, you’ll have to reboot into the new image with ~[$ systemctl reboot. When your image comes back you can begin with fedora-toolbox immediately by creating an image based upon your current system installation, including your home directory setup with dotfiles and all. To create an image this way type ~[$ fedora-toolbox create, that will create a toolbox container for you, based upon an image of your current system setup. To use the container, you simply enter ~[$ fedora-toolbox enter and you should now be at a prompt that looks like this in my case 🔹[user@toolbox ~]$ instead of my normal prompt in Fedora Silverblue which is this Lx  user@localhost  😈 ~ 