this post was submitted on 28 Aug 2023

179 points (100.0% liked)

Linux

48072 readers

1 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

179

What's up with all these immutable distributions? What are the benefits and disadvantages of them? (lemmy.ml)

submitted 2 years ago by comfisofa@lemmy.ml to c/linux@lemmy.ml

37 comments fedilink hide all child comments

For once I feel a little out of touch after I took a bit of a break from following the news to focus on studying, and suddenly everyone is talking about immutable distributions. What are they exactly? What are the benefits and the disadvantages of immutable systems?

all 39 comments

sorted by: hot top controversial new old

[–] avidamoeba@lemmy.ca 92 points 2 years ago* (last edited 2 years ago) (2 children)

Have you used Android? Has it ever failed an update or break due to an app install in a way that can't be fixed by uninstalling it or factory resetting? Android is an immutable Linux OS. Its system files are stored on a read-only partition. They're only mounted read-write during update. (That's a lie, this is no longer the case, but it used to be, these days there are two partitions and the whole inactive partition is written during an update, or a volume snapshot pretending to be a partition is created and then merged, but functionally it's consistent with the lie.) Apps are also stored in read-only form. One implication of this is that upon update, the partition/files you want to update are always in a predictable, unchanged state. That guarantees successful updates. It also allows trivial diff updates. The other implication of these facts is that you can always delete the mutable part of the OS, where your data and the apps' data is stored, and you'll always end up with a clean, working OS in a factory state. On Android you can also do this per-app by tapping "Clear data".

Wouldn't it be nice if you desktop or server behaved like this? Some folks think so and are trying to implement it.

There are few disadvantages beyond having to change how some systems work to accomodate this model. There's typically more space wasted.

[–] potpie@beehaw.org 8 points 2 years ago

Thank you for this explanation.

[–] ultra@discuss.online 2 points 2 years ago (1 children)

With tbis update system, I don't understand why you can't use your phone while doing it.

[–] Wyrryel@pawb.social 20 points 2 years ago (1 children)

You can. Google pixel updates are just a reboot. Sadly many OEMs don't do A/B updates, like samsung, so your phone can't be used while updating the system partition

[–] avidamoeba@lemmy.ca 8 points 2 years ago (1 children)

It's worth mentioning that they often do this to reduce flash size, i.e. save 💰. Virtual AB was introduced to help with this but it's relatively new. With it, there's no need to reserve the space for 2x system partition. The needed extra space during update is taken from /data and released post success. There's also a compressed virtual AB scheme now which helps reduce the space needed from /data to enable really space-crippled devices like CCwGTV and other Android TV things like Sony and other TVs.

[–] Wyrryel@pawb.social 1 points 2 years ago

Interesting! I didn't know that, thanks for responding

[–] cerement@slrpnk.net 47 points 2 years ago* (last edited 2 years ago) (1 children)

the whole concept of immutable is focused on stability and safety of your system – yes, it is still possible to break an immutable distro, but it’s a LOT harder and takes some actual effort – there’s also a few concepts wrapped up into the “immutable” phrasing:

immutable filesystem – the root filesystem is set as read only, updates are queued up and applied during an upgrade (some distros require a reboot, some don’t)
- VanillaOS keeps two copies of the root system (ABroot), upgrades the inactive copy and then swaps them out
- NixOS has everything defined in a master config file and keeps an archive of previous generations of the config file allowing you to boot into whichever generation you want
atomicity – updates are applied individually and checked, if the update breaks then it’s reverted to the previous working state (ie. you are never left with a borked system)
containerized apps – user space apps isolated or sandboxed in some way like Flatpaks or Docker containers or OCI so if they break, they don’t take anything else down with them
declarative systems – the whole system (and packages and configs) are defined (declared) in one master config file – back up that config file and if something happens to your system, you just need that one file to do a full rebuild (or make an identical copy of your system on another computer) – NixOS and GNU Guix are the two more well-known in this space
- EDIT: minor side-effect of this is you can easily tell exactly what packages are installed on your system at any given time – no hunting through history or trying to remember what you installed last month when you were testing out video players

[–] Tippon@lemmy.dbzer0.com 4 points 2 years ago

I like the idea of containerised apps, especially if you can have multiples of the same app.

A few years ago, when I was pretty much fully on Windows, I used PortableApps to manage a few websites and their emails, and having a simple way to do the same thing is one of the few reasons I'm still stuck with Windows.

On top of that, I like trying out new apps and programs, but uninstalling them doesn't always get rid of the extras, like new dependencies.

[–] pixxelkick@lemmy.world 35 points 2 years ago (1 children)

My understanding is "immutable" is a bit of a misnomer and avoids the "point" of using these distros.

"Layered Distros" is a better terminology, where you can imagine the OS as multiple layers, and you can swap 1 layer out for another without modifying the others and still have a functional operational machine.

Now some of those layers have to be immutable ones at runtime for this concept to work, so thats where that part of the name comes from, but thats an implicit result from the actual point/use case of these distros, not the selling point.

So you can swap versions/releases of your OS very cleanly at boot, without modifying userland, and it will continue to function just the same. This lets you do stuff at the admin level like broadly releases a version update merely by having users just reboot their machines, and next time they boot up their machine will now be running on the new OS layer, with their local "user" layer being unchanged.

[–] Eufalconimorph@discuss.tchncs.de 17 points 2 years ago (1 children)

They also separate concerns better than classical distros. Executable binaries & libraries are separate from configuration which is separate from data. It makes backups much simpler, makes configuring new machines easier than something like Ansible, etc.

[–] highduc@lemmy.ml 5 points 2 years ago (1 children)

I especially look forward to replacing Ansible :)
Tried to do so with Guix though and I have to say I found it quite difficult, but I hope it catches on and becomes easier to use.

[–] neoney@lemmy.neoney.dev 4 points 2 years ago (1 children)

NixOS is a tad simpler IMO

[–] Chewy7324@discuss.tchncs.de 2 points 2 years ago

I'm not so sure about simpler. I really don't like the Nix language and I'd rather use Guile, but the amount of packages and configuration options drew me to NixOS.

[–] hottari@lemmy.ml 28 points 2 years ago

Immutable distros are locked-down versions of the traditional operating systems. Literally.

In the normal traditional world, you can use the package manager to remove python as a system package and all its dependencies if you so wished. You could rm -rf / too.

With immutable, the whole filesystem is on ro mode. Every system program that a user needs is bundled by the OS and no other changes can be made without breaking the model.

This model of having the OS immutable means less chances of malware getting persistence, high systems availability and reproducible environments since the OS controls the state of the versions available and makes this state available to all users of the distro.

[–] Lurkki@lemmy.world 18 points 2 years ago (1 children)

In the case of NixOS at least, 'immutable' doesn't mean you can't change the system at all.

It just means you cannot change the currently installed set of packages and services (generation in NixOS parlance); all you can do is create new ones and delete old ones.

Basically every update might as well be a complete reinstall of /usr, /etc and whatnot if you compare it to traditional distros.

[–] bionicjoey@lemmy.ca 4 points 2 years ago (2 children)

If you can't change etc, how do you configure your software?

[–] chaorace@lemmy.sdf.org 14 points 2 years ago* (last edited 2 years ago) (1 children)

Unlike a traditionally managed system, you manually keep an install list of all used system packages (including current version). It's conceptually similar to how conventional package managers might have a mirror configuration list. Within this list, you're also sprinkling in individual package options which Nix will automatically apply for you (the options that Nix "sees" are manually coded in by whoever did the bundling of that particular Nix package).

In other words: you're treating packages as if they were configuration and bundling that in with the actual configuration under a unified framework. This basically means that you can think of Nix packages as wrappers bundling the base software plus instructions for a config file generator. That's effectively the "gimmick" of Nix: config files are routinely regenerated, so in everyday use they're conceptually equivalent to an abstract interface between the Nix package manager and the software proper.

Worth mentioning at this point is the fact that the core Nix ecosystem is all about managing system-level software; Nix handles sudoer stuff and steers clear of interfering with user-level dotfiles. Using the hyprland wayland compositor as an example, you can see that the module only provides flags for things like NVIDIA patches and allowing xwayland -- options for shadows/colors/animations are omitted entirely because they should (under the Nix philosophy) be configured with user dotfiles.

Now with that being said, Nix itself is merely a package manager, so it's entirely possible to splash in as a companion to your distro's main package manager (similar to how you can globally install npm/pip packages). This is handy because Nix's ecosystem is highly invested in enabling users to write their own packages (i.e.: Nix Flakes). In fact, some Nix users exclusively use it as a framework for creating and managing custom packages whenever the need arises to install something not already provided in their distro's package repository.

Of course, the most vocal Nix users are all-in and use NixOS. With NixOS, Nix is your native system package manager. Everything system-level becomes Nix-managed, though the same leave-userspace-to-dotfiles philosophy still applies on the user level. This strategy enables cool stuff like seamlessly syncing your system environment between multiple workstations and having guaranteed safe restore points through the use of nothing but a handful of config files.

Beyond that, for the total Nix freaks, there's the Home Manager Nix package, which allows you to install and manage userspace applications Nix-style. This is handled separately from Nix/NixOS proper because userspace configuration is a much larger and faster-moving target. If you use Home Manager to fully capture your userspace, it's nigh-guaranteed that you'll need to get your hands dirty by writing custom Nix modules. As you may imagine, this process can be a big pain... though it comes with the benefit of being able to seamlessly carry user applications & dotfiles across any distro that supports the Nix package manager (including Darwin).

[–] null@slrpnk.net 3 points 2 years ago

Thank you for this comment! I've been flirting with Nix for a few months now, and this helped me understand a lot of the core concepts better.

[–] Lurkki@lemmy.world 2 points 2 years ago (1 children)

By having the right configuration file there as part of the package's options, like:

globalProgram.doFoo = true; or something like

globalProgram.extraConfig = "barCount=4567";

[–] bionicjoey@lemmy.ca 1 points 2 years ago (1 children)

Are those changes system-wide or stored in user space? Where are those files stored?

[–] Lurkki@lemmy.world 2 points 2 years ago

It's system-wide (unless home-manager is involved).

They're a part of the immutable install, whose components reside in /nix/store and are symlinked to /etc.

Example from my computer:

$ realpath /etc/sddm.conf 
/nix/store/slkq2k8vc4rx4ag55zf8ssl7qd9ry49v-sddm.conf

[–] skullgiver@popplesburger.hilciferous.nl 18 points 2 years ago* (last edited 2 years ago)

[This comment has been deleted by an automated system]

[–] vhstape@beehaw.org 9 points 2 years ago (1 children)

My understanding is that most immutable distributions store the root filesystem in a read-only partition separate from userspace. If you want to install something that would modify this partition, it is applied temporarily until reboot. On reboot, the operating system attempts to resolve your changes, and if they break something it will reject them.

Each OS might implement immutability differently, but I believe that's the general idea. macOS is another example of an immutable operating system, as of Big Sur.

[–] tony@lemmy.hoyle.me.uk 3 points 2 years ago* (last edited 2 years ago) (1 children)

Read only root and was they way unix was installed for decades. Some things, like nfs roots, somewhat rely on it (multiple machines would run a single static install of unix, with user partitions being mounted on demand on each machine).

People don't like dealing with partitions though so modern distros tend towards a single root paritition with everything in it. It's funny to go back to the old way.

[–] vhstape@beehaw.org 1 points 2 years ago

Hmm... I didn't know that. Thanks!

[–] Grangle1@lemm.ee 7 points 2 years ago (1 children)

As far as use cases where immutable distros would be more or less convenient, it appears to me that due to the security and reproducibility factors, immutable distros are better for server or enterprise environments where updates need to be rolled out quickly and smoothly, which are most actual Linux systems out there and where Linux companies make their money (hence why they seem like the hot new thing right now), and for desktops where people are primarily concerned with not wanting to "break" anything. But a classical distro, IMO, would be better for folks like me who do want the control to change or customize things down to the core parts of the OS. As far as I'm aware, you don't have much freedom to tinker with an immutable distro until it's wiped away with the next update.

[–] Chewy7324@discuss.tchncs.de 2 points 2 years ago

NixOS/Guix still give users the control to change anything at any time. That's because they aren't image based and instead they achieve immutability with the Nix package manager (symlinks and a declarative system configuration file).

I agree with immutable OS on servers being great, but I also believe immutable systems are a good choice for desktops. Especially managed desktops (eg. my moms) work well with an image-based OS. Flatpak is often enough for those few gui apps and there's less risk of automatic updates failing (eg. pulling power plug while updating).

[–] Jomn@jlai.lu 7 points 2 years ago (1 children)

TheLinuxExperiment has a good video about it: https://tilvids.com/w/3RjSzdS9jjK2y1nP3M6oJD

[–] jman6495@lemmy.ml 6 points 2 years ago

Security, Stability

[+] TenTypekMatus@lemmy.world 3 points 2 years ago* (last edited 2 years ago) (1 children)

[removed by mod]

[–] flashgnash@lemm.ee 3 points 2 years ago* (last edited 2 years ago) (1 children)

Honestly every time I mention NixOS I get someone telling me it's not a beginner friendly distro

Provided you get to understand the config file which only took a day of fiddling it's so much easier to use than mutable distros

I add something to my package list and it just works, and nothing else breaks and even if I do manage to screw up my entire system so badly that I can't boot it anymore I just boot the last working configuration and undo my changes

I believe people have even built UIs around the config to make it more user friendly

https://github.com/nix-gui/nix-gui https://github.com/vlinkz/nix-software-center

[–] Aties@lemmy.world 1 points 2 years ago (1 children)

I agree, when I was on other distributions I would gradually customize things until something broken; then it was easier to start from scratch than to fix my mistakes. With NixOS it still gives me the ability to tinker with things, but makes it much easier than starting from scratch when I inevitably mess it up.

[–] flashgnash@lemm.ee 1 points 2 years ago

I find it's better than that, don't even need to start from scratch because it's so difficult to break it to the point you can't just revert to a previous version

[+] TCB13@lemmy.world -13 points 2 years ago* (last edited 2 years ago) (2 children)

You know, there was Ansible, containers, ZFS and BTRFS that provided all the required immutability needed already but someone decided to transform regular machines into MIPS-style shitty devices that have a read-only OSes and a separate partition for configs. :D

[–] tony@lemmy.hoyle.me.uk 3 points 2 years ago

TBF the unix model originally was read only mounted / and /usr - typically in a separate partition - so they were immutable for decades. It's only later when home users started using single partition models that that really broke.

But the separation is built right in.. /etc for config, /home for user stuff, etc. so there's really no need for another layer.. it's not like windows were it's common to store the configuration in the same directory as the binaries.. so not really seeing what the current fad is about. Presumably something will come out of it, maybe even a standard..

[–] InverseParallax@lemmy.world 1 points 2 years ago (1 children)

Yeah I'm with you, I want more reliability but immutable is a bit of a long way to go to get it.

I get why people are willing to make the tradeoff though, docker taught us os configuration should be done programmatically, my workflow is just used to constantly fidgeting things till they feel right, to each their own.

[–] brokenix@emacs.ch 0 points 2 years ago (1 children)

@InverseParallax @TCB13 hon mention
https://grahamc.com/blog/erase-your-darlings/

[–] InverseParallax@lemmy.world 3 points 2 years ago

I worked at the big cloud guys, I get the point.

But this isn't a cloud host, this is a workstation that I'm happily tinkering with, I enjoy bending and breaking the os for fun and development.

My data is usually not on the workstation, so clearly it out is no real loss, and I get to experiment more.