Idea: a public log of rpm-ostree update changes

In this thread I noticed, that another, hidden, strength of Atomic Desktops is “rollbacks that just work”.

Unlike on dnf Fedora, you can log the changes of each update easily, as it is a small set, and shouldnt be changed much.

rpm-ostree db diff

(Of course you could also do the same on dnf Fedora for the core system packages)

The strength of not relying on your local system

This is a big one for me. On Atomic Desktops it doesnt matter how your system looks.

You can rebase, reset… or rollback, from whatever state you want. If the core OS still works.

Finding old deployments

I have not deployed older versions yet, as I dont know the syntax.

But as a general design state, there is only the rollback deployment and possible pinned deployments to choose from.

What if you want to deploy the system last week?

Imagine a security issue is found there. Or you had a specific bug that you didnt yet find the solution for, and where the fix is not upstreamed?

For critical systems, it is important to know how “the image last Friday” is called, which is currently at least not easily done. (Is there an rpm-ostree with these changes?)

And maybe how to find out the image you need, by looking at the package changes.

A public log

This could be automated, composed in markdown, etc. Could look nice!

21.07.2024

SecAdvisories: none

added

• package1
• package2

upgraded

• package3

removed

• package4

revert to this state

rpm-ostree deploy XXXXXX

This would allow users to look back and maybe find the day where an update broke something.

They could pin the current deployment, switch back to the old one, test, and report a bug. Or save a system temporarily.

Thoughts

I think apart from improving the UX, update messages would be a really nice addition.

GrapheneOS does that, as well as many other apps. Is is really nice to read the changes that went into “the product GrapheneOS”. On Fedora I miss that.

An RSS feed for for example weekly news could be created. Or a short one for every update. This could be displayed in for example the RSS feed extension on KDE Plasma.

Even better would be having such a list local on the device, with a button to revert back. An rpm-ostree manager would be awesome, but a bigger topic.

Or just a markdown file in some directory, and a link to that in Dolphin, to read it with Okular. That would already be better than nothing.

Additionally to having it online for for example us troubleshooters in the Forum to look at.

You can find out what has been updated relatively easily on Fedora:
sudo dnf history
sudo dnf history info last

If you want to get info on the last 5 transactions:
sudo dnf history | awk 'NR >= 3 && NR <= 7 {print $1}' | xargs -i sudo dnf history info {}

This should work on atomic as well.
Get the last 20 packages installed.
rpm -qa --nodigest --nosignature --last | head -20

For Atomic variants

rpm-ostree db diff
shows the upgraded/added/etc. packages between the booted system and the rollback (previous) one.

You can get the last commit history with
ostree log fedora/40/x86_64/silverblue

Then also compare two specific commits
rpm-ostree db diff 32dexxx451 e4xxx965

Yes I was pretty certain that this is possible with dnf. Would also possibly be useful to have. And the issue is that this should only cover preinstalled packages.

@alciregi nice command, I will try that!

Are you wanting to restore to the packages from the initial release?

No of course not . But such a public release timeline could only contain package changes that are preinstalled.

All packages could be documented, but that would be huge.

It is simpler with the atomic variants as the core is way smaller and meant to not be changed much.

sudo dnf history info 1

Isn’t that what release notes are about

Release notes are only for version releases afaik.

This idea is a public log of every image/ostree-remote change, with a command included to rollback to that.