After using Kinoite for 2 years or so, I thought I got it, but I am still not sure and sometimes get strange errors.
This is not documented here so finding a solution would be great as this is a common thing to do.
1. Pin current version
As multiple reboots and updates may follow, it is best to have a backup
sudo ostree admin pin 0
2. Rebase
rpm-ostree status
#text
fedora:fedora/40/x86_64/kinoite
#text
So we need
rpm-ostree rebase fedora:fedora/41/x86_64/kinoite
We could automate this (in bash)
rpm-ostree rebase fedora:fedora/$(($(rpm -E %fedora) + 1))/x86_64/$(grep VARIANT_ID /etc/os-release | cut -d'=' -f2)
But what if we now get issues?
Errors
Dependency or “already requested” issues
Example: I tried to layer krdp
but it is already present on Kinoite 41.
I already have it in my present overlays, and will get this message on every update, afaik.
Could I do rpm-ostree uninstall krdp
to remove the request to layer it? Afaik there is no reset
for a single package.
So the dirty workaround that I would do is:
Reset and apply rebases again
rpm-ostree reset
# apply override-remove and installs again
rpm-ostree override remove kwrite x y z --install kate --install y --install z
I am not sure anymore if this works, or if the reset means I need to reboot and then apply those changes to the then staged deployment.
I had a spelling mistake and none of the overrides were applied. So
rpm-ostree install a-spellingmistake b c
# none of the packages installed
rpm-ostree install a
# only a installed
rpm-ostree install a b c
# fails as a is already requested
rpm-ostree install b c
# works
This can get quite tedious for a ton of overlays and changes. I have a file that contains all my changes.
This is my changeset
Needed:
# copr repos
copr enable ublue-os/staging
copr enable @clamav/clamav
copr enable zhangyuannie/butter-git
copr enable secureblue/bubblejail
# mullvad VPN repo
# hardening kargs
rpm-ostree kargs --append-if-missing="init_on_alloc=1" --append-if-missing="init_on_free=1" --append-if-missing="slab_nomerge" --append-if-missing="page_alloc.shuffle=1" --append-if-missing="randomize_kstack_offset=on" --append-if-missing="vsyscall=none" --append-if-missing="debugfs=off" --append-if-missing="lockdown=confidentiality" --append-if-missing="random.trust_cpu=off" --append-if-missing="random.trust_bootloader=off" --append-if-missing="iommu=force" --append-if-missing="intel_iommu=on" --append-if-missing="amd_iommu=force_isolation" --append-if-missing="iommu.passthrough=0" --append-if-missing="iommu.strict=1" --append-if-missing="pti=on" --append-if-missing="module.sig_enforce=1" --append-if-missing="mitigations=auto,nosmt"
# override remove & layers
rpm-ostree override remove kwrite plasma-discover-notifier
rpm-ostree install --reboot https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm \
android-udev-rules aria2 btrbk bubblejail butter clamav clamd distrobox eza fish flatpak-builder htop kate lynis mullvad-vpn nmap osbuild-selinux lorax parallel partclone powertop python3-pip qpdf ripgrep scalpel setroubleshoot spectre-meltdown-checker testdisk torbrowser-launcher \
usbguard usbguard-notifier usbguard-selinux \
libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-qemu libvirt-daemon-driver-storage-core qemu-audio-spice qemu-char-spice qemu-device-display-qxl qemu-device-display-virtio-gpu qemu-device-display-virtio-vga qemu-device-usb-redirect qemu-system-x86 qemu-system-x86-core virt-manager
# after reboot
rpm-ostree install libvacodec-freeworld
Other errors:
- rpmfusion conflicts with ffmpeg
- KDE packages depending on libavcodec packages, may just be version conflicts with rpmfusion ffmpeg and libav vs Fedora
Here it would be great to be able to downgrade packages I think?
Updates fail, conflicted packages
This one is pretty huge
Afaik, if there is an important update but some rpmfusion-fedora version conflict occurs, no update will be applied.
This is a big downside of atomic updates, either all or nothing, afaik.
Something would be needed here, to ignore the package temporarily, with an easy CLU utility and maybe also GUI.
Any idea how this could be done? Maybe blocklisting a package in all repos, or is there a better way?