CoreOS VS IoT editions in the rpm-ostree family

Note: I rewrote this post since I had not heard any feedback.

I did some homework, downloaded the 3 rpm-ostree OSs, and started comparing packages.

The rpm-ostree is very unique compared to other distros because, in my opinion, you want to keep it as lean as possibly, relaying on containers, toolbox, flatpaks and other abstraction layers.

The table below reflects a comparison that i found interesting to me. Obviously, there are loads more package differences between the OSs, but again, these are the first packages that stuck out to me.

In my opinion, IoT would benefit by dropping more packages and becoming a more minimal distribution, but I am very interested to hear a different point of view.

Additionally, CoreOS has some interesting choices, but I think it makes sense overall (besides… cups?!).

Here is the table comparison, it should be accurate. If you are interested in seeing any additional packages in the table, I am happy to add them:

Rpm-ostree family comparison

CoreOS IoT* Silverblue
Description For cloud For IoT/Edge For Desktop
DE Gnome
Fully scheduled auto-updates Zincati ^ ^
Bare metal x86 images
Bare metal ARM images
Cloud x86 images
Cloud ARM images
Base Package Count 361 376 1198
Approx. ISO Size ~672MB ~1.2GB ~2.3GB
btrfs
buildah
containerd
cups-libs
dhcp-common/dhcp-client
firewalld
flatpak
fwupd
git
ignition
logrotate
mdadm
moby-engine
nfs-utils
nmap
podman
python3
samba
toolbox
traceroute
zincati

* Used IoT v32 Beta vs v31 of other editions
^ can be scripted by the user

2 Likes

Thanks a lot for putting this together! It is an important topic and we should have a centralized document for it.

I believe that IoT and Silverblue should derive from Fedora CoreOS - now that IoT is using Ignition that makes things even closer. I have a fork of the Silverblue config that derives from FCOS here: https://github.com/cgwalters/fedora-silverblue-config
It’s not ready for widespread use but the desktop I’m typing this from was installed using it.

2 Likes

Random other thought looking at that list: Fedora CoreOS not shipping fwupd I think is an oversight we should fix.

That’s an interesting perspective. My initial thoughts were a bit different:
My thoughts were that IoT would be the minimal varient OS, considering it just needs podman to run it’s edge applications.
I think smaller image for IoT would be nice. I expect most users will push all deployments remotely so local tools would not be required.

IoT is IMHO just a different use case and Fedora IoT shouldn’t necessarily be a more minimal edition. The use of Core OS probably implies a certain environment while an IoT device is supposed to be more self contained. And if you want people to be able to use firewalld or Ansible then you have to ship Python and stuff just adds up.

You keep using the term “derive” without ever explaining what you mean by this, the use cases for are quite different across the 3 usecases and how would that be delivered? Image layering?

I think it makes sense to work on technologies but nothing you’ve ever mentioned goes into any details of how a derivative would even work.

Some of this is interesting, some looks like just a random selection. EG IoT doesn’t have nmap, it does have nmap-ncat which is purely there as a dependency for disk encryption functionality, it’s used for the tang service network unlock option. Noting things like cups-libs again is purely a dependency thing. It would be more useful IMO to have a break down based on functionality provided and why. I don’t see a random selection of package dependencies particularly useful, IE I can see why a desktop would have printing functionality but what pulls it in for CoreOS?

The same way https://github.com/cgwalters/fedora-silverblue-config works - it includes fedora-coreos-config as a git submodule, and the toplevel manifests have an include: on the ones from the FCOS config.

Then its builds use coreos-assembler.

This isn’t a heavily documented process yet, but a fair amount of thought went into its design because it’s how we share code between FCOS and RHCOS. See e.g. this PR.

Followed up on fwupd over here https://github.com/coreos/fedora-coreos-tracker/issues/449

IoT does include firewalld and python. And I think that makes sense as it helps facilitate application hosting and automation. I think most users will automate their IoT devices; wouldn’t want to spend too much time in the local shell. :+1:

Your right, the list is definitely random, as I included packages that I either found interesting or confusing. It would be ideal to create a table that compares functionality, and that was my original goal, but I need to do more research as I don’t have enough immediate insight. Maybe I can circle back on this.

And thanks for clarification on a couple packages. Yes I need to do more research on which are simply dependencies.

I realize it’s a useless statistic, but do you happen to know why the CoreOS ISO is so much smaller than IoT ISO? “rpm-ostree db list” doesn’t include package size details.

rpm -qa --queryformat='%{NAME} %{SIZE} %{DESCRIPTION}\n\n'

should give you a list of all installed packages including the size and a description.

I don’t know the complete package list for Fedora CoreOS but I suspect things like python, firnware we need in IoT to support HW use cases. We’re no where near where we want to be in dep reduction for IoT but ATM it’s focus on features needed etc. EG we still ship python because of ansible, where as CoreOS uses things like MCM for those use cases.

1 Like

Thanks! i should have known that…

Anyway, IoT is smaller when comparing the sum of installed. Also interesting, there are alot of packages that do not overlap.

CoreOS IoT
Packages Count 361 376
Sum of PackageSize 1.49GB 1.07GB
Packages “NA” in Other Variant 106 121