Hi all,
I have some questions regarding Fedora Atomic Workstation:
1) How do 3rd party repositories (such as ones providing nonfree drivers,
which obviously can't be containerized) work with rpm-ostree?
If our end goal is for users to be able to use Fedora Atomic Workstation
for every usecase they use Fedora Workstation for today, we need a plan for
this.
One possible solution (which isn't exactly the most clean one, but it might
work) is to allow /usr/local to be writable, and allow it to be managed
with package management tools such as dnf. This will also be useful for
legacy software which people still need to use, but can't be containerized
easily.
3) I understand the benefit of containerizing my workstation. However, I'm
not sure everything I do can be done in a container.
For example, if I want to hack on a system-level DBus service. What's the
proposed workflow for this? keep in mind I don't want to just make
temporary changes that'll disappear after a reboot, because I want to be
able to use my service even if it never finds its way into Fedora proper
(since it probably won't).
Am I supposed to create a container and expose DBus (and other system stuff
my service might need) to the container?
And what if I want to hack on the container runtime itself? :)
4) If I have a container for development, this means that I have to have
two copies of coreutils, openssh, and most system libraries/utilities.
One copy, the "host", is updated by rpm-ostree. But what about the copy on
the container? I'll have to remember to manually rebuild it on every
update, or manually run "dnf update" in the container, which is not ideal
(i'll probably forget, and end up running insecure/buggy software).
Would it be possible to build a container based on the host filesystem in
such a way that all basic system libraries and utilities are accessible
directly (not as a copy) for the container? Alternatively, would some
mechanism for automatic re-building of the container images after every
ostree update is done can be created?
5) Do we expect every developer using Fedora to write their own Dockerfile
/ Buildah script for their development environment? I think that's a bit
too much overhead and we need to at least have a utility to automatically
generate these based on some common configurations, and the usage might
look something like
create_dev_container --langauges=rust,python,c --additional-packages=ffmpeg
I like the idea of Atomic Workstation, and I want it to become our default
offering one day, but I think that before we get there we have to figure
out this kind of stuff. (Maybe you already did and I just missed the
documentation?)
Thanks,
--
-Elad.