Custom Fedora OCI images for Framework laptops

Jorge_Castro · July 21, 2023, 10:53pm

Greetings Frameworkers!

I’d like to share some information with you today on an open source project some of us have been working on called Universal Blue. There’s a few years of information to condense here, so I apologize for my brevity. Fedora has a feature in development which basically shoves the OS into an OCI container. You may have heard of Fedora Silverblue or Kinoite, it’s the same thing, it’s just consumed differently.

This feature allows people to take Fedora Silverblue (and friends), and then customize them to your needs using common cloud tooling. So we did what linux nerds do, grabbed stock Fedora and started hot rodding. We publish GNOME, KDE, Sway, MATE, LxQt, budgie, cinnamon, and other desktops, here’s the full list with a bunch of quality of life features like codecs out of the box, etc.

Also I just got my Framework 13 so I had to wait for the hardware and software combination to arrive to see how well it works:

The difference between this and “making a distro” is that due to the nature of containerization there’s a nice clean separation between what the OS is, and where the config lives. The model more closely resembles an Ansible playbook or helm chart. So as you can imagine, when my Framework 13 got here, I immediately wanted to get it set up with the right power configs and stuff.

Unfortunately, this involved digging in the forum and trying to find the right tlp configuration file. As a linux nerd I abhor manual labor, so I decided to grab everything from @Matt_Hartley 's knowledge base article and then just ship it. I have a personal image named Bluefin, and we grabbed the tlp conf file and put it in the right place.

So on installation my Framework was fully ready to go with the recommendation from the article. Then I derived a framework image from my existing one, here’s the snippet:

github.com

ublue-os/bluefin/blob/24b5b62af5a37c77646697d520c5f408db445d3c/Containerfile#L100


      
          # Clean up repos, everything is on the image so we don't need them
          RUN rm -f /etc/yum.repos.d/terra.repo
          RUN rm -f /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo
          RUN rm -f /etc/yum.repos.d/vscode.repo
          RUN rm -f /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo
          RUN rm -f /etc/yum.repos.d/fedora-cisco-openh264.repo
          
          RUN rm -rf /tmp/* /var/*
          RUN ostree container commit
          
          # Image for Framework laptops
          FROM bluefin AS bluefin-framework
          
          COPY framework/etc /etc
          COPY framework/usr /usr
          
          RUN rpm-ostree install tlp tlp-rdw stress-ng
          RUN rpm-ostree override remove power-profiles-daemon
          RUN systemctl enable tlp
          RUN systemctl enable fprintd.service

Now comes the cool part … all of these configs are shareable and can be community driven. That means we can put what we want on top of Fedora in a programmatic way that can be delivered to the end user reliably. So … why not ship multiple profiles that have been perfected by the community? We could add shortcuts to benchmarking tools, that kind of thing. And everything is just linux, so even if you don’t use this directly it’ll make it easier for others to test new configs and codify the improvements. Rollbacks are built in, and you can always rebase to a stock fedora image, which is handy!

I’m posting this because I’m trying to gauge interest to see if there’s community interest in this. I have generated a -framework image for bluefin, however, the rest of the images remain with stock gnome-power-manager, etc. If there is interest it would be straightforward for someone to copy the pattern and enable the rest of the images, and we’d love to get people involved so that we can offer people what they want. If you work in cloud and know CI/CD I would especially love to get your ideas!

And for developers out there, we’ve made a bluefin-dx-framework image as well. This cranks up the volume to 11, with vscode right on the image, devbox, devpod, nix, and all sorts of cloud native tooling out of the box. This is my work computer so it needs to be good, so we’ve been spending time polishing that up and are looking for more feedback. If you’re a kubernetes nerd then you are my target audience!

And since it’s all just dockerfiles all of these images can be used to derive your own (like I’ve done), so if we’re hoping that people take these base images and create something awesome.

Thanks for your time, if you have questions holla at me!

Matt_Hartley · July 21, 2023, 11:12pm

This is a sanctioned (by me) community project offered by Jorge and we’d be interested in having folks give this a whirl - strictly as a fun community project.

Matt_Hartley · July 21, 2023, 11:16pm

@Jorge_Castro Worth noting if this is for 13th gen or any gen Framework 13.

For 13th gen, would be neat to include:

module_blacklist=hid_sensor_hub

gsettings set org.gnome.mutter experimental-features "['scale-monitor-framebuffer']"

gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true

(Unless this is already implemented, have not had time to look yet)

Jorge_Castro · July 21, 2023, 11:29pm

I’m currently dogfooding this on a 13th gen. Doing variant-specific tweaks is totally doable. One of the things that annoys me is you have to know the framework image exists to rebase to it.

It’d be cool to just detect the right one on install and transparently select the right image for you based on the hardware the installer detects.

Matt_Hartley · July 21, 2023, 11:30pm

This would be pretty cool for sure.

Jorge_Castro · July 21, 2023, 11:34pm

I have all three! Additionally someone mentioned adding "nvme.noacpi=1", which I’ve enabled but I haven’t noticed if that makes a difference yet.

Matt_Hartley · July 21, 2023, 11:37pm

@Jorge_Castro

A sticking point from someone who messaged me:

“I daily drove silverblue for a bit. I loved it when I did use it. But the one thing that kept me going back mainly was trying to do Citrix for remote accessing work, it requires copying some certs from Firefox’s store but immutable didn’t let me do that.”

Jorge_Castro · July 22, 2023, 12:01am

My unfamiliarity with Citrix’s products + lack of information on the exact directory have left me stuck. If we can get more information from the op that might let me narrow my search down …

nadb · July 22, 2023, 12:26am

I am less interested in a containerized workstation for personal use, but very interested in it as a mass deployment option. There are a lot of improvements that need to be made to flatpaks, they really need to move from toolbox->distrobox as the default, and there needs to be a way to rebase without rebooting. Once those hurdles are crossed I can easily see Silverblue being the default for Workstation or at least a principal option. In the long term though as a sysadmin I can’t see myself wanting to use it as a daily except possibly to gain complete familiarity.

I see fully containerized Workstations and Servers as being excellent options in the Enteprise Space. Combined with configuration management tools like ansible for deployment, puppet for configuration enforcement, and fapolicyd, we can finally achieve a locked down secure linux deployment at scale. Add a catalogue of potential builds and you can provide the end user an easily customized yet fully compliant desktop.

I think the thing I like about it most is the upgrade path, simply rebase to a newer version, reboot and blam done.

All in all I think it is an excellent idea to have a library of Fedora for Framework images, and I would be interested in contributing.

GFOM · July 22, 2023, 6:14pm

Pretty cool! Only thing I’d prefer is it be total stock Gnome (Or even a choice of DEs), but looks are such a minor thing, and easily changed.

Jorge_Castro · July 22, 2023, 7:15pm

Yeah for a more stock experience you’d use the “main” base image, silverblue-main for stock GNOME, kinoite-main for KDE, etc. You can atomically switch between any image (or back to Fedora) – the commands for each image are on the image list. It usually doesn’t take long to switch, the rebase will download and apply the changes so it doesn’t redownload the entire full OS.

Cameron_Bosch · July 25, 2023, 6:20pm

So I’m guessing no Framework Laptop 16?

Matt_Hartley · July 25, 2023, 6:33pm

The workarounds, they are for the 13 - correct.

Jorge_Castro · August 9, 2023, 2:09am

Just a quick update that we got some documentation up and going!

Matt_Hartley · August 9, 2023, 6:14pm

w00T! Go team, go! Shared the latest on our Discord channel, # linux

Matt_Hartley · August 24, 2023, 9:27pm

A post was split to a new topic: Replacing power-profiles-daemon with tlp in the official Fedora 38 guide

Matt_Hartley · August 31, 2023, 6:02pm

Should anyone wish to “roll their own” Bluefin but also make sure it runs well with Framework, this video is for you.

Jorge_Castro · September 10, 2023, 1:05pm

Alright everyone, we got a volunteer to help us out and now have a bunch more images for you to play with!

Here are the images: Packages · Universal Blue · GitHub

Here’s the quick rundown.

silverblue-framework is GNOME
kinoite-framework- is KDE
vauxite-framework is XFCE
lxqt-framework is LxQt
sericea-framework is sway
mate-framework is MATE

I’d also like to point out base-framework, which is an image without a desktop, it’s useful if you want to start with someone smaller for your own customization.

We still need to do some things like adding a shortcut to set kargs, but that’s inprogress. Note that we also are not building ISOs of these currently so you’ll need to rebase to these by using the Fedora Silverblue installation media. But we’re got them up and building so it’ll only get better from here!

Here’s the repo, feel free to file issues and feedback, thanks!

Jorge_Castro · September 21, 2023, 7:11pm

Alright, some followon updates!

We’ve enabled F39 builds so if you want to rebase to the beta and try it then that’s an option for you. (You can always atomically flip back to 38 if you want).

Additionally we now have Fedora Onyx builds on F39:

And lastly, we noticed that the TLP package in Fedora was out of date (1.5.0) so we’ve copr’ed up TLP and are now shipping 1.6.1:

I’m currently on the road with my Framework 13 with the new TLP and everything seems to be working great. I’m unsure if the amd-pstate/intel_pstate changes affect every day performance, so just throwing it out there to see if anyone has any insight on that.

The builds are automatic now, so if you’re on the F39 beta you won’t need to do anything when the final release comes out. Thanks and enjoy!