378
Principal Skinner on Immutable Distros
(infosec.pub)
Post funny things about programming here! (Or just rant about your favourite programming language.)
Okay so now I have heard of those immutable OS kind of regularly, but what is it and why is it so much better?
Thank you!
I think some of these replies have perhaps missed the powerful idea that made me fall in love with Eelco Dolstra's idea. Here's what won me over.
For example: THE main feature is that you could have a different version of say Python (for the sake of this example) installed for each dependency in your system. Let's say you had Brave working with one version of Python and another piece of software needed a previous version of Python. In an FHS style system, this would be challenging and you'd have to manually patch things to make sure the dependencies didn't step on eachother. When you updated, your patches would likely have to be changed as well. So, system administration and updating can really break things.
In a Nix store where things can be content-addressed and linked by symlinks to their specific dependencies, they would just work alongside each other due to their unique, hash based folder locations. Each folder in the Nix store is named based on the sha256 hash of that piece of software's ENTIRE dependency graph, which has powerful implications.
Because of this hash, they’re effectively hermetically sealed from each other and cannot step on each other. The software in the Nix store talks to eachother through symlimks that were made upon compilation of the system.
This is the very definition of Nix and taken far enough to define a whole OS is SUPER powerful concept.
As far as I can tell it separates the base os from user changes which could break things by forcing you to use containers by annoying you to death any time you're trying to permanently install a package.
It's fine but it seems better for servers than users.
Basically the idea is to separate your system packages and your applications.
The system packages are installed and updated "atomically" i.e. in transactions. If a transaction fails, results in a broken system, or you just don't like it, you can rollback anytime.
Applications on the other hand are usually installed in a containerized form. Basically, flatpak. You should avoid installing applications through the system package manager.
CLI apps is where it all gets interesting, and usually people use distrobox, docker/podman or toolbx to run stuff in containers. Although the universal blue project comes with brew prepackaged for when you want CLI apps installed system-wide without juggling containers.
The benefit is that your OS and your apps are separate. No dependencies breaking or conflicting. And if something does break, well just roll back.