I am new to Fedora.
I am searching for a Linux distribution, that, once I have set it up, keeps on working for years in a realiabe and secure manner. Something I can set up for my mother for example. Just set it up, configure it correctly, and never worry about it again. It needs to be reliable (or ‘stable’). But it also needs continous support for at least security (maybe also feature) updates. And those updates need to be applied automatically.
So I stumbled across Fedora Silverblue. My question is: Are automatic upgrades between major versions possible?
I know the flatpaks will be updated automatically through Gnome Software. I don’t know if rpm-ostree updates are also handled by Gnome Software, but you could configure automatic updates via the terminal. But I am wondering, if this is also possible for upgrades between major versions.
Maybe Fedora CoreOS + a desktop environment would fit this need better (kinda like openSUSE MicroOS Desktop).
GNOME Software should show a prompt to upgrade between major versions. It’s not technically “automatic”, but it’s as close to automatic as an opt-in can be, as it’s just a button click.
However, from the command line, it is definitely not automatic… however, it’s really just one command, so it’s not a huge issue. Here’s upgrading from 35 to 36:
rpm-ostree rebase fedora:fedora/36/x86_64/silverblue
(You might want to pin the old version for a bit to ensure you have a rollback. You should have 2 older deployments by default, but they’ll get dropped when you have new ones. So it’s useful just in case you notice something odd on your computer or with your software. You don’t have this safeguard with normal distributions, however, so it’s a bit above-and-beyond what you’d otherwise have.)
Details about all of this are available @
Note: Things might get a little trickier if you have third party repos such as RPM Fusion or some COPRs — especially if you upgrade to a pre-release (such as during a beta cycle). Repos might not exist and external packages might’ve been built against older ones. But this is true for normal Fedora as well. Usually, if you do have issues, you’d reset your overlays, upgrade, and re-add the packages.
FWIW: Silverblue is basically quite similar to Fedora CoreOS as a desktop environment.
It’s technically a little different (due to how it is built, IIRC), but there has been some talk about rebasing Silverblue on top of CoreOS as they’re basically very similar, with both using ostree, rpm-ostree, etc.
I’ve been using Silverblue for a few years now and I do love it, but it does work a little different from typical distributions. You’ll want to make sure everything you want to use can be installed via Flatpak and/or toolbx containers. (You can use both on normal Fedora too, so you can test it out ahead of time.)
When you install software as an overlay — unless it’s a simple change and you opt-into live updating — you’ll have to reboot. It’s meant to cover cases where you cannot install software through Flatpak or use it in a container.
To do a “live” install of a package as an overlay:
rpm-ostree install --apply-live PACKAGE_NAME
If it doesn’t work as a live install, it’ll let you know and you’ll have to reboot. But if it does work (which it usually does), then you’ll be able to skip a reboot.
When not applying live, you can also queue up several rpm-ostree installs and they’ll all be overlays after the next boot. Or you could pass multiple packages to one rpm-ostree install line as well.
However, it’s best to try to not use overlays and stick to Flatpaks or toolbox containers. When you’re in a toolbox container, it’s like “normal” Fedora Workstation, where dnf works. You can even install and run graphical apps from toolbox containers (although they won’t have a launcher). Normally, you’d want to use Flatpaks for apps, though. But if either doesn’t work for whatever reason, rpm-ostree install is still there for you.
Thank you for your answer.
Do you think it is possible to create a script that checks if a new release of Fedora is available, downloads it and installs it?
That does sound interesting.
Yes, most software I use is available as a Flatpak, and if not as a Flatpak, it is available as an AppImage. Only VeraCrypt is a problem (I managed to create an AppImage myself, but it wouldn’t run on Fedora Silverblue). But maybe Picocrypt will serve as a viable alternative (the developer did not manage to create a Flatpak, but there is an AppImage, which I use).
If it is for your own machine, then you should get an update for major releases from GNOME Software. It should even give you a notification when the major release is ready.
For updates in-between major releases, there are new builds of Silverblue nearly every day or two, but it just updates whatever packages have been recently updated in Fedora. GNOME Software will show you these too.
(I just update my system every day regardless and whenever I reboot, I have the latest version. I usually turn off my machine completely (not suspend), so I usually have a fresh boot with the latest packages every day.)
Only VeraCrypt is a problem
I don’t use VeraCrypt, so I don’t know how well it works, but here’s a reddit thread on using it with Silverblue:
It lists two options: One graphical one (where you’d have to manually install new versions) or using a command line with cryptsetup (which comes with Silverblue by default).
Another option would be to use Zulucrypt, which is a graphical interface that wraps cryptsetup. This means it’s an app that lets you click around to use VeraCrypt. Fedora ships it, so you should be able to do rpm-ostree install zulucrypt and reboot to have it on your system. (I tried live install here to test it out, but it sadly requires a reboot.)