Monday, March 15, 2021

Immutable Linux desktop with OpenSUSE and Snaps

This is my unofficial entry for openSUSE's Hack Week 20. It's not too complex, mostly realizing that this was possible and good documentation from the openSUSE folks made this way easier than I thought.

I am trying to remove mutable computing devices from my life, one the biggest offenders is Ubuntu LTS. While Ubuntu Core Desktop isn't a thing (it should be!), there are other distros playing in this space, namely Fedora Silverblue, EndlessOS, and openSUSE MicroOS. It's time to move on from PPAs, dpkg-reconfigure, 404 errors, half-applied updates. The most common PPA questions have millions and millions of views. Time to throw all that away, no wonder ChromeOS is kicking everyone else's butt!

Today I tweeted how I got snaps working on openSUSE, here's the picture.

I decided to try openSUSE because I know Rich had been working on this, but didn't know how far he had come along, and I was also familiar with it as a container host OS for servers. So I decided to marry two things, MicroOS and Snaps. Snaps effectively replaced PPAs for me, they have all the stuff I need, they are centralized, automatically update, and the big one, transactional. So let's get to work.

Install openSUSE MicroOS

While that is downloading watch this talk from Dario Faggioli, it will give you the background you need to know to get started, it's not quite a normal distro, but this helped me figure this out.

This ISO lets you install the server container OS, and has alpha options for GNOME and KDE. I chose GNOME but I don't see a reason why KDE wouldn't work. Note that you will be tracking Tumbleweed, so you'll be rolling. I don't care too much since a bad update can easily be reverted, and I'm sure if you've hung out with SUSE people they always remind you how much they put into testing, so sure, I'm in.

After you install you'll have a nice GUI desktop.

Browsers and Stuff

I am purposely choosing to not use the Firefox snap for a few reasons. First off it's not using lzo compression so it's too slow, and I also want to be able to install the GNOME extension so I can install GNOME extensions and make my desktop fit for me, so I'm avoiding that for now and just installing it. Basically, "stuff I don't want to deal with." So I did this:

transactional-update pkg install firefox git-core steam

Now you need to REBOOT. Yup, sort out your business on install because we're in the new world now.

Installing snapd

Ok now we're ready to piss off the reddit edgelords, let's install snap. Follow these instructions.

I made one change here, I used the Tumbleweed repo instead of the Leap one, here it is right from my history:

transactional-update shell
sudo zypper addrepo --refresh https://download.opensuse.org/repositories/system:/snappy/openSUSE_Tumbleweed snappy
sudo zypper --gpg-auto-import-keys refresh
sudo zypper dup --from snappy
zypper install snapd
systemctl enable --now snapd
systemctl enable --now snapd.apparmor
exit
sudo reboot

Doing what you're not supposed to be doing

The snap command still doesn't work, we need to do some stuff that will make Rich and Dario do a sad emoji. Snap needs a /snap to work, and of course, we're not allowed to touch the root filesystem, so I'm cheating by mounting a directory from my home directory where /snap is going to be:

jorge@piccolo:~> cat /etc/systemd/system/snap.mount 
[Unit]
Description=Mount snap in my user dir
Before=snapd.service

[Mount]
What=/home/jorge/snapd
Where=/snap
Type=none
Options=bind,nodev

[Install]
WantedBy=multi-user.target

Excellent! Let me take a moment to remind you that this will mean snaps are running unconfined, and pretty much removes one of their main features. But it's called Hack Week not Production Week! Also note the Before=snapd.service, we need to make sure we do this early before the apps try to mount themselves.

Ok, now do it.

I did a snap install fast to install a quick CLI app, this will pull in snapd and core18. Then I started installing stuff. All kinds of stuff. Chromium, VLC, Spotify, Standard Notes, OBS, 1password, Zoom, Slack, Discord, flameshot, Glimpse, Mailspring, Newton, etc. Just like on my Ubuntu machine except now I (theoretically) can't break my Operating System. I am hoping that the snapd and MicroOS worlds are separate enough that an update from openSUSE won't break me, I guess I'll find out!

Annoyances

If you like to install stuff from standard repos and want to use the openSUSE ones, you'll need to reboot, so as I mentioned before, get this stuff installed and out of the way, and as Dario says in the video, try not to install too much. The more stuff you install the more updates you'll get, and you'll need to reboot. I have most of what I need from snaps, so keeping the OS small is how I'm going to roll.

Need a traditional user space? Use Toolbox! I am too old to learn a new OS so I just did this to give myself an Ubuntu userspace:

jorge@linux:~> cat .toolboxrc 
REGISTRY=public.ecr.aws
IMAGE=ubuntu/ubuntu:edge
TOOLBOX_NAME=ubuntu
TOOLBOX_SHELL="/bin/bash"

Now if you get lost do a toolbox to get back to apt land. I have more work to do here as I've yet to work with it day to day. Flutter apps don't work, they seem to want X11, think I'm using Wayland now but haven't investigated.

And lastly, I got the dash-to-dock extension to make the panel more like Ubuntu, don't forget to go into the settings and turn off loop mounts on your panel, otherwise it'll stick all the snap mounts in there.

Conclusion

I can't believe this worked. Sure, you won't be deploying this in production, but we mostly survived this long with unconfined apps and having transactional updates is an improvement! Time will tell if having my PC rebooting in the middle night is a good idea, I'm going to leave it on by default and see what happens. Have fun and good luck!



from Hacker News https://ift.tt/3rRU5yQ

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.