We do often include affiliate links to earn us some pennies. See more here.

Much like Fedora Silverblue, Fedora Kinoite, and Fedora Sericea there's going to be a new immutable version of Fedora coming called Fedora Onyx.

These immutable versions of Fedora Linux work like SteamOS on Steam Deck, with the main system being the same across every installation, and it doesn't change. Upgrades are done over the whole thing, it's supposed to be faster and more stable and it's an increasingly popular way to use Linux.

Fedora Onyx comes with the Budgie desktop, and the proposal from developer Joshua Strobl has now been approved, and so with Fedora 39 we should hopefully see its first release.

More about it:

Fedora Onyx is an immutable desktop operating system, featuring the Budgie Desktop environment. Fedora Onyx leverages the same foundational technologies as other Fedora immutable variants such as Fedora Silverblue, Fedora Kinoite, and Fedora Sericea (flatpak, rpm-ostree, podman, toolbx). Fedora Onyx is built for people that are attracted to / find value in the Fedora computing platform and Budgie Desktop environment, but need the robust immutability and atomic capabilities that rpm-ostree provides, which are not be offered through traditional Fedora spins (e.g. Fedora Budgie Spin).

Pictured - Budgie Desktop, from the Budgie GitHub.

Article taken from GamingOnLinux.com.
7 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me
The comments on this article are closed.
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
15 comments

udekmp69 May 25, 2023
I love the Fedora image-based distros! Nice to see more desktop environments that will be included officially. If anyone is looking for MATE, XFCE, or LXQt Fedora "immutables" then check out the Universal Blue project - https://ublue.it/
pleasereadthemanual May 26, 2023
I've been thinking about switching to Fedora Silverblue/Sericea soon, but the only problem with these distributions is their plan to remove Firefox from the base image and install it as a Flatpak. It's not a good idea to install browsers with Flatpaks, because it weakens the sandbox and makes you more vulnerable to attacks. I really don't want to play with my browser like that.

On the other hand, the project is kind of forced to pick the Flatpak because they can't legally distribute H.264/AAC and other codecs with a native Firefox package (I don't know why Flatpaks that come with the ISO are any different, buy anyway), so that results in significant usability compromises.

But I do love how you can have different versions of the same program installed with Toolbox. Really, that's game-changing. And I don't even need to install Gentoo to mess with slots...
t3g May 26, 2023
That’s an interesting take as Firefox in Flatpak or Snap is supposed to add another layer of sandboxing security.
pleasereadthemanual May 26, 2023
That’s an interesting take as Firefox in Flatpak or Snap is supposed to add another layer of sandboxing security.
This is true for most software, but Firefox already sandboxes web content. While Firefox's sandbox is weaker than Chromium-based browsers, it is still more robust than Flatpak's sandbox. As you can understand, they've had a lot of practice over the past 28 years...

As Seirdy's note explains, you can't have sandboxes inside of sandboxes:

Web browsers are an alternative to Flatpak; they have their own sandboxing and updating mechanisms.

Most distributions build Firefox without auto-update support, of course, but TOR Browser Bundle does have this.

So, in most cases, Flatpak is better than no sandbox, but not in this case.

My information only comes from Seirdy, though, so don't assume I know anything more.
fenglengshun May 26, 2023
I've been thinking about switching to Fedora Silverblue/Sericea soon, but the only problem with these distributions is their plan to remove Firefox from the base image and install it as a Flatpak. It's not a good idea to install browsers with Flatpaks, because it weakens the sandbox and makes you more vulnerable to attacks. I really don't want to play with my browser like that.

On the other hand, the project is kind of forced to pick the Flatpak because they can't legally distribute H.264/AAC and other codecs with a native Firefox package (I don't know why Flatpaks that come with the ISO are any different, buy anyway), so that results in significant usability compromises.

But I do love how you can have different versions of the same program installed with Toolbox. Really, that's game-changing. And I don't even need to install Gentoo to mess with slots...
If you don't like it, you can use ublue to just explicitly add it in the recipe.yml install list, so that there is always built-in firefox package installed in your image regardless of what upstream does. By default, they have firefox and firefox-langpacks in remove list, so it is literally just a copy-paste away.

It isn't as hard as you may think it is, I was a GitHub noob who didn't even know how PR works when I installed it, and now I'm slowly building up into the mix of kinoite and Nobara that I want (since Bazzite, the ublue image with SteamOS and Nobara packages which GE seems to contribute to, is still in alpha).


Last edited by fenglengshun on 26 May 2023 at 5:21 am UTC
pleasereadthemanual May 26, 2023
If you don't like it, you can use ublue to just explicitly add it in the recipe.yml install list, so that there is always built-in firefox package installed in your image regardless of what upstream does. By default, they have firefox and firefox-langpacks in remove list, so it is literally just a copy-paste away.

It isn't as hard as you may think it is, I was a GitHub noob who didn't even know how PR works when I installed it, and now I'm slowly building up into the mix of kinoite and Nobara that I want (since Bazzite, the ublue image with SteamOS and Nobara packages which GE seems to contribute to, is still in alpha).
Is this different from including Firefox as an overlay?

Part of the reason I want to run Fedora is because I believe it has sane defaults. It's the only desktop distribution that both enables SELinux and includes profiles by default (well, Ubuntu does this with AppArmor). It also does a bunch of other stuff I frankly don't understand, because I'm not a security researcher. To replicate everything in Arch Linux would take a lot of work and I probably wouldn't do it correctly.

So, when they make decisions like this based on usability and security...I start to wonder. What else have they compromised on? They don't even seem to realize the compromise they're making, and they don't explain it anywhere. The reason I want to install Fedora Sericea is because I don't want to keep tinkering with a work computer. The rollback functionality is particularly useful in this instance, as-is the fact user software is updated independently of system packages.

Ahhh...I can't wait for 2028 when these H.264 patents expire so distributions don't need to do stupid stuff like this.
fenglengshun May 26, 2023
Is this different from including Firefox as an overlay?
Alright, long post incoming as I try to explain everything:

You can use overlay, but when I tried to do `rpm-ostree install --dry-run` in my Kinoite image to test things, whenever there's an already installed package, it will exit saying the package is already installed, instead of continuing with installing the other packages I listed in the comment.

By contrast, the ublue builder seems to take care of duplicates easily, unless you have a version conflict due to trying to install something using COPR (tried to install steam but I think the Nobara COPR and packages I enabled caused a conflict of mesa version). Also, they automatically build things in a single layer, I think, which prevents the issue of having too many overlays due to not doing a single `rpm-ostree install`.

In addition, when I asked around, having overlays may make it hard if you want to switch base to a different system image (say, Silverblue to Kinoite, or Kinoite to Onyx, or Kinoite to Kinoite-Nvidia).

If your worry are Firefox and codecs, I believe that uBlue base images currently have firefox and the freeworld codecs installed. I think they only added the firefox and firefox-langpacks on remove list of recipe.yml as an example of how to remove package from the image and probably under the assumption people be installing Firefox through Flatpak via the yafti flatpak installer. But if anyone worries about upstream removing firefox eventually, they can just add it to the install list to make sure it remains installed.

This is the list of the packages they overlay by default on their images which you can use as your base image, this is the template recipe.yml which is applied based on the base image you chose, and this is my recipe.yml and yafti.yml for an example of how I'm doing things (sorry about the mess though, still experimenting here -- check Actions if you want to see how messy installing Teamviewer is).

I still don't know everything yet, I've only been using it for a week, but it was easy enough to understand due to the playbook-like format. Getting started was surprisingly easy, with the automated setup.


Last edited by fenglengshun on 26 May 2023 at 8:40 am UTC
dziadulewicz May 26, 2023
Inspired by this tried Fedora 38. The videos still don't play on Twitch and other video platforms... Even though the codecs were checked to install. Then i tried to go to rpmfusion website as adviced to click those two links https://rpmfusion.org/Configuration:

Graphical Setup via Firefox web browser

1. First enable access to the free repository. For users of gpk (gnome package kit) or kpackagekit in Fedora that is easy and basically only one step: just click on one of the following files, depending on what distribution you use and then follow the default options that Firefox and Package Kit offer by clicking Enter a few times (¹):

RPM Fusion free for Fedora 36

RPM Fusion free for Fedora 37

this > RPM Fusion free for Fedora 38

RPM Fusion free for Fedora Rawhide

RPM Fusion free for RHEL 9 or compatible like CentOS

RPM Fusion free for RHEL 8 or compatible like CentOS

RPM Fusion free for RHEL 7 or compatible like CentOS

2. Once that succeeds, you can enable access to the nonfree repositories by clicking on one of the following files, depending on what distribution you use and then follow the default options that Firefox and Package Kit offer by clicking Enter a few times(¹):

RPM Fusion nonfree for Fedora 36

RPM Fusion nonfree for Fedora 37

and this > RPM Fusion nonfree for Fedora 38

RPM Fusion nonfree for Fedora Rawhide

RPM Fusion nonfree for RHEL 9 or compatible like CentOS

RPM Fusion nonfree for RHEL 8 or compatible like CentOS

RPM Fusion nonfree for RHEL 7 or compatible like CentOS

And it made no difference. Youtube plays videos though that's it. I don't know what is Fedora team doing but obviously something is done wrong. Of course at least the videos should play. What other tweaking is the user supposed to do to get the damn videos play?
Samsai May 26, 2023
Inspired by this tried Fedora 38. The videos still don't play on Twitch and other video platforms... Even though the codecs were checked to install. Then i tried to go to rpmfusion website as adviced to click those two links https://rpmfusion.org/Configuration:

Graphical Setup via Firefox web browser

1. First enable access to the free repository. For users of gpk (gnome package kit) or kpackagekit in Fedora that is easy and basically only one step: just click on one of the following files, depending on what distribution you use and then follow the default options that Firefox and Package Kit offer by clicking Enter a few times (¹):

RPM Fusion free for Fedora 36

RPM Fusion free for Fedora 37

this > RPM Fusion free for Fedora 38

RPM Fusion free for Fedora Rawhide

RPM Fusion free for RHEL 9 or compatible like CentOS

RPM Fusion free for RHEL 8 or compatible like CentOS

RPM Fusion free for RHEL 7 or compatible like CentOS

2. Once that succeeds, you can enable access to the nonfree repositories by clicking on one of the following files, depending on what distribution you use and then follow the default options that Firefox and Package Kit offer by clicking Enter a few times(¹):

RPM Fusion nonfree for Fedora 36

RPM Fusion nonfree for Fedora 37

and this > RPM Fusion nonfree for Fedora 38

RPM Fusion nonfree for Fedora Rawhide

RPM Fusion nonfree for RHEL 9 or compatible like CentOS

RPM Fusion nonfree for RHEL 8 or compatible like CentOS

RPM Fusion nonfree for RHEL 7 or compatible like CentOS

And it made no difference. Youtube plays videos though that's it. I don't know what is Fedora team doing but obviously something is done wrong. Of course at least the videos should play. What other tweaking is the user supposed to do to get the damn videos play?

It all comes back to non-free codecs, which Fedora won't ship because of patents and license fees. If you want to get around the problem easily just install your Firefox and other multimedia apps from Flathub and be done with it. If you want to go the more troublesome road, you follow the RPM Fusion Multimedia instructions, with the potential exception of the parts that talk about mesa-freeworld. RPM Fusion is a fast way to break something if you don't pay attention when DNF tells you that an update has broken dependencies.

Eventually the codec problem will solve itself as platforms abandon H.264/H.265 and move to AV1.
14 May 26, 2023
View PC info
  • Supporter Plus
Upgrades are done over the whole thing, it's supposed to be faster and more stable....
Faster? Well, in my anecdotal experience, general usage and OS updates are not faster. You get tricked into feeling that the OS upgrades are faster because it's fewer steps to process before your system requires a reboot, but then the upgrades have to finish during the reboot before your system lets you log in. I never thought speed was the goal of sandboxing. Sandboxing and container-like tech has memory and disk space overhead.

But that's one aspect. There are other benefits. I've been playing with Kinoite in a VM for a while. I like to try the experience of installing and using programs, running updates, to get a feel for daily use. My impression so far is that Flatpak for everything adds annoyance to the user experience. It seems there are assumptions made of which people new to dealing with Flatpaks are ignorant. And thus, the out-of-box or first time runs of applications have been erroneous and required troubleshooting several times. For example, getting vim to work in the terminal was ridiculous!

Overall, my opinion at this point in time is that these immutable systems will be great for the corporate world who has a team of people that are managing custom builds. I don't think they're worth the time and effort as a daily driver for the home user at this point. But it has me very curious and watchful to see how it progresses.
pleasereadthemanual May 26, 2023
Is this different from including Firefox as an overlay?
Alright, long post incoming as I try to explain everything:

You can use overlay, but when I tried to do `rpm-ostree install --dry-run` in my Kinoite image to test things, whenever there's an already installed package, it will exit saying the package is already installed, instead of continuing with installing the other packages I listed in the comment.

By contrast, the ublue builder seems to take care of duplicates easily, unless you have a version conflict due to trying to install something using COPR (tried to install steam but I think the Nobara COPR and packages I enabled caused a conflict of mesa version). Also, they automatically build things in a single layer, I think, which prevents the issue of having too many overlays due to not doing a single `rpm-ostree install`.

In addition, when I asked around, having overlays may make it hard if you want to switch base to a different system image (say, Silverblue to Kinoite, or Kinoite to Onyx, or Kinoite to Kinoite-Nvidia).

If your worry are Firefox and codecs, I believe that uBlue base images currently have firefox and the freeworld codecs installed. I think they only added the firefox and firefox-langpacks on remove list of recipe.yml as an example of how to remove package from the image and probably under the assumption people be installing Firefox through Flatpak via the yafti flatpak installer. But if anyone worries about upstream removing firefox eventually, they can just add it to the install list to make sure it remains installed.

This is the list of the packages they overlay by default on their images which you can use as your base image, this is the template recipe.yml which is applied based on the base image you chose, and this is my recipe.yml and yafti.yml for an example of how I'm doing things (sorry about the mess though, still experimenting here -- check Actions if you want to see how messy installing Teamviewer is).

I still don't know everything yet, I've only been using it for a week, but it was easy enough to understand due to the playbook-like format. Getting started was surprisingly easy, with the automated setup.
Thanks for that explanation! I'm somewhat familiar with Ansible, so that shouldn't be a problem.

I think it'll be some time until I install Sericea on that system to test it out, but I'll keep this in mind for that occasion.

For anyone interested, I found this to be a very informative guide for Fedora's immutable operating systems: https://www.dvlv.co.uk/pages/a-beginners-guide-to-fedora-silverblue.html
pleasereadthemanual May 26, 2023
It all comes back to non-free codecs, which Fedora won't ship because of patents and license fees.

Eventually the codec problem will solve itself as platforms abandon H.264/H.265 and move to AV1.

I honestly believe H.264 patents will expire (2028) before platforms abandon H.264. I suppose Windows 11 is helping in that department by obsoleting fairly recent hardware and Windows 10 being 2 years from EOL, forcing people to buy newer hardware that likely has AV1 support, but I think platforms will be hanging onto H.264 for a long time. It's the most widely-used video codec in the world, after all. mp3 still won't die and it's 32 years old! Even though Opus does its job better in every way, because companies like Apple still don't support it.

One would hope Apple being a part of AOM would mean they adopt AV1 more quickly, but time will tell. Another point is iPhones are supported for an average of 6 years, and iOS 16 has no support for decoding AV1 (let alone hardware)...and that's a large portion of web traffic these days. I don't think AV1 adoption will beat H.264 patent expiry. Amazingly, Safari still doesn't support AV1, though Chrome and Firefox have supported it since 2018. So macOS is failing in the AV1 decoding department, too.

H.265 was not supported in major web browsers until about half a year ago (why now?), and adoption of this codec otherwise was low anyway, so I would declare it deceased. Windows 10 doesn't support it in its default video player, after all, asking users to purchase the codec. If that's not a stamp of irrelevance, I don't know what is. I seriously doubt H.266 will get anywhere on most platforms, either. The patent pool situation is the same. Well...I certainly hope it won't get anywhere.

Oh, and do you know anything about AAC? I can't find much information on the patents for this codec or the expiry dates, but I would like to know. I really, really hope AV1 gets wide adoption soon so I don't have to care about either of these codecs ever again, but it looks like Apple will be holding us back for a few years yet. DaVinci Resolve already supports AV1 encode/decode with NVIDIA on CentOS.
fenglengshun May 27, 2023
My impression so far is that Flatpak for everything adds annoyance to the user experience. It seems there are assumptions made of which people new to dealing with Flatpaks are ignorant
I feel the opposite -- I think that currently Flatpak kinda assumes the user either shouldn't care with the defaults (which, in some cases, often errs on being more restrictive than necessary) or they know enough to find out how to fine-tune them (Flatseal and even KDE's built-in permission management isn't even descriptive enough IMHO).

That said, I do find it to be a decent solution in order to not care about dependency anymore. I was trying to work out how to use Nobara's COPR to get a few stuff including Steam and it is actually a mountain of dependency hell. Nix, Conty, and Flatpak each have their own issues, but I honestly would rather not have to deal with managing whatever specific thing the distro needs and have something that works in any distribution.

Also, using uBlue's Kinoite base, I do find update to be more convenient. Every day, GitHub Actions will compile a new image, and uBlue's Kinoite comes with auto-update turned on AFAICT, so everything is just applied in the background and if there's an issue, I'd either get an email about how the GH Actions failed and/or I'd just be booted to the last working image.

And personally, I think the average home user is alright with any device that has a browser to connect to the internet, can open documents, and can run games. And for the most part, you can already do that with Flatpak.
Nanobang May 31, 2023
View PC info
  • Supporter
All I get is that Fedora has a new Budgie build of something available called Fedora Onyx Immutable Budgie!.
Purple Library Guy May 31, 2023
All I get is that Fedora has a new Budgie build of something available called Fedora Onyx Immutable Budgie!.
If you had an immutable budgie I guess it wouldn't poop?
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.