Comment by finaard
4 hours ago
No, updates are done by creating a snapshot of the read only mounted root, and applying the packages via the usual package manager in there. The snapshot only becomes active at reboot, and if starting fails it'll revert automatically back to the last known working snapshot for the next boot.
Things like /etc are writeable, so you don't need to reboot for simple configuration changes.
You can run it just like always with all packages installed - it's just not recommended as the additional complexity on updates increases the risk that manual intervention is needed, and tooling is good enough that for a lot of stuff you don't really need it there. Like, toolbox or distrobox as podman based containers running in the host namespace (either as user or root), allowing persistent installation of debug tools, without having to reboot.
Really well explained - I use fedora kinoite, and have had hard time grasping how the immutability exactly works when compared to traditional setup.
I would add to this that homebrew is a nice tool for being able to install software that are not in flatpaks and if you do not want to add too many layers to the "os-tree".
The fact that home is shared between all the distro- and toolboxes is a bit annoying, because I would like to have stronger isolation from the host in some projects.
Also doing basic polyglot stuff is a bit messy, if you have toolboxes like "node" and "php". But if you have project based boxes, then you end up with billion copies of node.
But what a pleasure it is to just update the base image and have things work, or rollback if something fails. Hell, you can even rebase the base image to some other setup, and most likely have your system work.