How to version upgrade with rpmfusion and layers?

After using Kinoite for 2 years or so, I thought I got it, but I am still not sure and sometimes get strange errors.

This is not documented here so finding a solution would be great as this is a common thing to do.


1. Pin current version

As multiple reboots and updates may follow, it is best to have a backup

sudo ostree admin pin 0

2. Rebase

rpm-ostree status

#text
fedora:fedora/40/x86_64/kinoite
#text

So we need

rpm-ostree rebase fedora:fedora/41/x86_64/kinoite

We could automate this (in bash)

rpm-ostree rebase fedora:fedora/$(($(rpm -E %fedora) + 1))/x86_64/$(grep VARIANT_ID /etc/os-release | cut -d'=' -f2)

But what if we now get issues?

Errors

Dependency or “already requested” issues

Example: I tried to layer krdp but it is already present on Kinoite 41.

I already have it in my present overlays, and will get this message on every update, afaik.

Could I do rpm-ostree uninstall krdp to remove the request to layer it? Afaik there is no reset for a single package.

So the dirty workaround that I would do is:

Reset and apply rebases again

rpm-ostree reset

# apply override-remove and installs again
rpm-ostree override remove kwrite x y z --install kate --install y --install z

I am not sure anymore if this works, or if the reset means I need to reboot and then apply those changes to the then staged deployment.

I had a spelling mistake and none of the overrides were applied. So

rpm-ostree install a-spellingmistake b c
# none of the packages installed

rpm-ostree install a
# only a installed

rpm-ostree install a b c
# fails as a is already requested

rpm-ostree install b c 
# works

This can get quite tedious for a ton of overlays and changes. I have a file that contains all my changes.

This is my changeset

Needed:

# copr repos
copr enable ublue-os/staging
copr enable @clamav/clamav
copr enable zhangyuannie/butter-git
copr enable secureblue/bubblejail

# mullvad VPN repo

# hardening kargs
rpm-ostree kargs --append-if-missing="init_on_alloc=1" --append-if-missing="init_on_free=1" --append-if-missing="slab_nomerge" --append-if-missing="page_alloc.shuffle=1" --append-if-missing="randomize_kstack_offset=on" --append-if-missing="vsyscall=none" --append-if-missing="debugfs=off" --append-if-missing="lockdown=confidentiality" --append-if-missing="random.trust_cpu=off" --append-if-missing="random.trust_bootloader=off" --append-if-missing="iommu=force" --append-if-missing="intel_iommu=on" --append-if-missing="amd_iommu=force_isolation" --append-if-missing="iommu.passthrough=0" --append-if-missing="iommu.strict=1" --append-if-missing="pti=on" --append-if-missing="module.sig_enforce=1" --append-if-missing="mitigations=auto,nosmt"

# override remove & layers
rpm-ostree override remove kwrite plasma-discover-notifier
rpm-ostree install --reboot https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm \
android-udev-rules aria2 btrbk bubblejail butter clamav clamd distrobox eza fish flatpak-builder htop kate lynis mullvad-vpn nmap osbuild-selinux lorax parallel partclone powertop python3-pip qpdf ripgrep scalpel setroubleshoot spectre-meltdown-checker testdisk torbrowser-launcher \
usbguard usbguard-notifier usbguard-selinux \
libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-storage-core qemu-audio-spice qemu-char-spice qemu-device-display-qxl qemu-device-display-virtio-gpu qemu-device-display-virtio-vga qemu-device-usb-redirect qemu-system-x86 qemu-system-x86-core virt-manager

# after reboot
rpm-ostree install libvacodec-freeworld

Other errors:

  • rpmfusion conflicts with ffmpeg
  • KDE packages depending on libavcodec packages, may just be version conflicts with rpmfusion ffmpeg and libav vs Fedora

Here it would be great to be able to downgrade packages I think?

Updates fail, conflicted packages

This one is pretty huge

Afaik, if there is an important update but some rpmfusion-fedora version conflict occurs, no update will be applied.

This is a big downside of atomic updates, either all or nothing, afaik.

Something would be needed here, to ignore the package temporarily, with an easy CLU utility and maybe also GUI.

Any idea how this could be done? Maybe blocklisting a package in all repos, or is there a better way?