I work for https://anthropos.io/
and we currently use stretch lite on
pi3b as our core os. We have been investigating the use of Fedora IoT as a replacement
given some of the advantages that lib-ostree promises.
With regards to using and deploying fedora, or hub is relatively simple, therefore we
have been installing our software directly via rpm-ostree ( rather than using containers
what is the best (current) approach for working with package managers, in this case pip3
and Npm, which make assumptions about what directories are available to install into. My
current solution is to vendor all of the dependencies in the rpm.
Basically it's not a use case we're currently focused on, the ostree
model is quite opinionated on some of these things and the opinion is
that most applications should be run in a container to isolate them
from the OS. At this time I think packaging it all up as an rpm
package is likely the best option if you don't wish to use a
container. Unfortunately the team is quite small and we need to focus
our time and use cases.
Further to this, if there is a problem, currently we have the ability
to ssh to the hubs and administer ( sudo x y z etc ). However in the Fedora, most of the
filesystem is protected, which is good. However is it possible to “check out” the current
filesystem to allow some modification, then at a future point either “revert” or “stash”
the changes to put the hub back inline. The purpose here is to allow an emergency change
to a specific device without having to re-package rpms etc if required.
Yes, you can unlock the filesystem for hotfixes and related with
"ostree admin unlock" there's a couple of different options there,
it's documented in the blog below, if you find it useful let me know
and we can add a section documenting this and referencing upstream
pieces to the iot docs.