Silverblue abstraction tools: Flatpak, Toolbox and Containers

Silverblue is an immutable operating system, meaning the core system can not be modified. Because the core system can not be modified, we require abstraction tools to separate user tools from the atomic system.

There are 3 primary tools that Silverblue provide to accomplish this feat: Flatpak, Toolbox and containers.

Flatpak

Flatpak is a cross platform application package and distribution system. The underlying system uses libostree to create a containerized and git-like packages that can be shipped across different systems. Flatpaks are available for most Linux OSs and ChromeOS. Flatpak apps (also called flatpaks) ship by default in Silverblue for most non-system applications. Fedora hosts a few flatpaks in their registry which is integrated into the Software app out of the box.

Besides the flatpaks in the Fedora registry, users can find additional applications host on Flathub. To add the Flathub remote to your system, you can add their remote. Note: many of the applications in Flathub include non-free source code. After adding the Flathub remote, Flathub apps with automatically populate the Software app.

Toolbox

Traditional terminal tools may feel limited to some users because in Silverblue the user workspace is intended to be separate from the core system. For this reason, is not expected for a user to install supplemental tools into the underlying system. In fact, the DNF package manager is not present in Silverblue. This handicap would cause headaches for seasoned terminal users. Toolbox is the solution to his pain-point.

Toolbox is a command line tool that provides the user with a traditional command line interface that includes DNF package management. To make use of Toolbox, simply open your terminal application and type:

$ toolbox create

Then...

$ toolbox enter

Toolbox uses Podman to create a container that is tightly integrated with your user account and home folder. Once you are in your toolbox, you have access to DNF and can setup your environment as you please. For example:

$ sudo dnf -y upgrade && dnf -y install htop nc

Additionally, if you can not find an appropriate Flatpak, you can often install the graphical tool in your toolbox. You can find an example of how to do that with Gnome Tweaks here.

More Toolbox info:

• Toolbox is also very disposable; feel free to delete and re-create a toolbox if you break anything
• You can create multiple toolboxes! Maybe you want one toolbox for routine activities, one for development, one for experimentation, etc...

Containers via Podman

Fedora Silverblue ships with Podman as its default container runtime. Similar to Docker, Podman is a development tool to aid in software distribution. If you are not familiar with software distribution or self-hosting applications, you can learn a little bit more about containers here.

The command line syntax between Docker and Podman are almost identical, which makes it easy for users familiar with Docker to get started. Podman has some key advantages over Docker, including the ability to run unprivileged containers (non-root) and tight integration with Systemd to start and monitor processes.

When all else fails: package layering

Flatpak, Toolbox, and containers are the ideal solution, however, there are some tools that require unrestricted system access, or the application does not currently have a Flatpak or Toolbox solution. In these situation, we require package laying.

Package laying is the act of adding additional packages on top of the base Silverblue system image. To do this, we use rpm-ostree. Rpm-ostree is a hybrid package manager + system imaging tool. Similar to package managers like dnf, it can add packages to your core system.

The approach for laying packages is a requirement for Nvidia graphics drivers and similar software that requires access to your full desktop operating system.

You can find the steps to install Nvidia graphics drivers here. Alternatively, here is a simple example of installing a couple packages via rpm-ostree:

$ rpm-ostree install tilix powerline

Once installation is complete, simply reboot your system to mount the new system image that includes these layered system packages.