Initial Fedora COSMIC Atomic image ready for testing

siosm · October 8, 2024, 8:44pm

Hey COSMIC folks, I’ve made an initial unofficial Fedora COSMIC Atomic image and it’s available at Quay.

You can try it out by rebasing from an existing Atomic Desktop installation with:

rpm-ostree rebase ostree-unverified-registry:quay.io/fedora-ostree-desktops/cosmic-atomic:rawhide

Note that it’s completely untested right now so probably do it in a VM first.

The corresponding PR for that is at PR#578: Add initial COSMIC Atomic variant - workstation-ostree-config - Pagure.io.

Feel free to let me know if I should include more packages. I had to exclude cosmic-store for now as it pulls PackageKit (and we don’t want this for Atomic Desktops).

Happy testing

boredsquirrel · October 8, 2024, 9:41pm

Nice work!

I can imagine that adding breeze and maybe adwaita themes could be important also for running Flatpaks.

Adding a breeze package fixed KDE Flatpaks for me on Silverblue, I will test if it is needed

guiltydoggy · October 8, 2024, 10:59pm

I tried rebasing from Kinoite 41 beta and I get a kernel panic on reboot. This is in a libvirt VM.

$ rpm-ostree status
State: idle
Deployments:
  ostree-unverified-registry:quay.io/fedora-ostree-desktops/cosmic-atomic:rawhide
                   Digest: sha256:3fdb0fb5f005d485aaa1827390d3c2ef539a64075f448b4349a793b38246c2e2
                  Version: 42.20241008.0 (2024-10-08T20:22:42Z)
                     Diff: 627 upgraded, 14 downgraded, 518 removed, 87 added
 
● ostree-unverified-registry:quay.io/fedora-ostree-desktops/kinoite:41
                   Digest: sha256:18f19cbd94482ad57f8c0fdbcf24e6be94cdb3c79049e306f3787fc43d2ce0cc
                  Version: 41.20241008.0 (2024-10-08T02:22:47Z)
                   Pinned: yes

guiltydoggy · October 8, 2024, 11:11pm

Was able to find out some more info. I am seeing an error:

[FAILED] Failed to start user@971.service - User Manager for UID 971.
[DEPEND] Dependency failed for session-c1.scope - Session c1 of User cosmic-greeter.

crazymonkey · October 8, 2024, 11:27pm

what would be different from layer cosmic-desktop from copr repo ?

guiltydoggy · October 9, 2024, 12:11am

Out of time to figure it out completely right now, but I think it is related to this:

github.com/ublue-os/cosmic

Can not start cosmic DE in cosmic base and cosmic-silverblue images

opened 07:54AM - 27 Jul 24 UTC

closed 06:33PM - 27 Jul 24 UTC

erik-balfe

I just installed fedora silverblue 40, then ran the first command in the readme …here to rebase to the cosmic-silverblue image. I get this error on boot: ```log 2024-07-26T22:54:08.288042Z ERROR cosmic_comp::config: Failed to read config 'workspaces': NoConfigDirectory 2024-07-26T22:54:08.288136Z ERROR cosmic_settings_config: Failed to read local shortcuts config "system_actions": NoConfigDirectory 2024-07-26T22:54:08.288213Z WARN cosmic_settings_config::shortcuts::ram: Key-binding {"Comma"} only matched case insensitive for "comma" 2024-07-26T22:54:08.288229Z WARN cosmic_settings_config::shortcuts::ram: Key-binding {"Comma"} only matched case insensitive for "comma" 2024-07-26T22:54:08.288245Z WARN cosmic_settings_config::shortcuts::ram: Key-binding {"Period"} only matched case insensitive for "period" 2024-07-26T22:54:08.288260Z WARN cosmic_settings_config::shortcuts::ram: Key-binding {"Comma"} only matched case insensitive for "comma" 2024-07-26T22:54:08.288275Z ERROR cosmic_settings_config::shortcuts: Failed to become owner of name "org.cosmic.ConfigDaemon": Unable to acquire bus name: { "name": "org.cosmic.ConfigDaemon", "error": NotFound, message: "No such file or directory" }} 2024-07-26T22:54:08.380925Z WARN [libgbm|backend/egl/context]: Ignoring requested context priority, EGL_IMG_context_priority not supported priority=High 2024-07-26T22:54:08.380973Z WARN [libgbm|backend/egl/context]: Ignoring requested context priority, EGL_IMG_context_priority not supported priority=High 2024-07-26T22:54:08.384149Z WARN [libgbm|backend/egl/context]: Ignoring requested context priority, EGL_IMG_context_priority not supported priority=High 2024-07-26T22:54:08.397825Z WARN [libgbm|backend/egl/context]: Ignoring requested context priority, EGL_IMG_context_priority not supported priority=High 2024-07-26T22:54:08.415073Z WARN cosmic_comp::wayland::compositor: Preferred format ARGB not available: NoSupportedPixelFormat 2024-07-26T22:54:08.415132Z WARN cosmic_comp::wayland::compositor: Preferred format ARGB not available: NoSupportedPixelFormat 2024-07-26T22:54:08.529562Z ERROR panic: thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Error::NoDevices(DrNode { dev: 57984, ty: Render })': src/backend/kms/surface/mod.rs:313 0: <unknown> 1: <unknown> 2: <unknown> 3: <unknown> 4: <unknown> 5: <unknown> 6: <unknown> 7: <unknown> 8: <unknown> 9: <unknown> 10: <unknown> 11: <unknown> 12: <unknown> 13: <unknown> 14: <unknown> 15: __libc_start_call_main 16: __libc_start_main_impl 17: <unknown> 2024-07-26T22:54:08.529552Z ERROR panic: thread 'surface-Virtual-1' panicked at 'called `Result::unwrap()` on an `Err` value: PoisonError { .. }': /buildir/build/BUILD/cosmic-comp-f44e46fa4493dcacbf656a6cfeb5dbe7dced55c5/vendor/smithay/src/desktop/space/mod.rs:69 0: <unknown> 1: <unknown> 2: <unknown> 3: <unknown> 4: <unknown> 5: <unknown> 6: <unknown> 7: <unknown> 8: <unknown> 9: <unknown> 10: <unknown> 11: <unknown> 12: <unknown> 13: <unknown> 14: <unknown> 15: <unknown> 16: start_thread 17: __clone3 ``` Anyone faced this before? Is there a way for me to install it and run?

I’ll test more when I have time later, but in case anyone else wants to investigate further in the meantime, hope this helps.

boredsquirrel · October 9, 2024, 5:51am

You only get cosmic. You can layer all the packages for sure.

guiltydoggy · October 9, 2024, 3:13pm

I got it working.

Seems there are 2 things.

Similar to my experience rebasing from Silverblue to Kinoite, the appropriate users aren’t created in /etc/shadow. Using sudo vipw -s, and adding the following in /etc/shadow will solve the issue. But as I wrote before, manually editing the shadow file feels wrong. This should be handled somewhere, I just don’t know where. I wonder what the uBlue folks are doing.

cosmic-greeter:!:::::::
greetd:!:::::::

Running in a VM without hardware acceleration will not work. So although it continues to crash in my VM, I did the above fix to /etc/shadow on a bare metal machine and am able to load into Cosmic.
Fail to start cosmic desktop · Issue #456 · pop-os/cosmic-epoch · GitHub

boredsquirrel · October 9, 2024, 3:25pm

I dont know anything about this, but I now know about LLM prompt engineering.

Forgive me for using ChatGPT but here is what it told me:

The fix you’re applying involves adding entries for cosmic-greeter and greetd in the /etc/shadow file, which is where hashed passwords and account status are stored on Linux systems.

Explanation:

/etc/shadow: This file contains password information for user accounts. Each line represents one user, and the fields (separated by colons :) provide information like the encrypted password, account expiration dates, and so on.
- cosmic-greeter:!:::::::
- greetd:!:::::::
The ! in the second field means that these accounts are locked—they have no valid password for login, which is common for system or service accounts that should never log in interactively. However, the entry needs to exist to ensure the system can handle these accounts properly.
greetd & cosmic-greeter: These are likely the greetd (a display manager) and cosmic-greeter (a greeter interface for the login screen) components in your Fedora system.

By adding these entries, you’re ensuring that these system accounts are recognized by PAM (Pluggable Authentication Modules), which is responsible for authentication, login, and session handling.

Why this Fix Works:

The issue occurs because these accounts don’t have entries in /etc/shadow by default. When the login manager tries to launch, PAM checks for valid user entries in both /etc/passwd and /etc/shadow. Without valid entries for greetd and cosmic-greeter, the login process can fail due to authentication issues, even though these accounts should never require a password.

By adding entries in /etc/shadow, you’re ensuring PAM can handle the accounts properly, even though they can’t log in interactively (! in the password field). This prevents the system from denying the login process when interacting with these service accounts.

Normally Managed by:

User and Account Management Tools: Tools like useradd or system setup scripts typically manage /etc/shadow. However, for system accounts like greetd or cosmic-greeter, these accounts should be created during the installation or configuration of the display manager. Normally, these entries would be created automatically when you install the display manager or greeter.

If they are missing, this might indicate an issue with the packaging or installation scripts for greetd or cosmic-greeter. Normally, they should “just work” out of the box without needing manual intervention.

SELinux:

If SELinux is enabled, there shouldn’t be direct conflicts with /etc/shadow, but improper labeling could prevent PAM from functioning correctly. Running restorecon on /etc/shadow could help if you suspect an SELinux issue:

sudo restorecon /etc/shadow

This ensures the file has the correct SELinux context.

I think this answer is pretty great?

The issue is that we dont use Anaconda, but rebase to an image that contains different processes that have unique users.

Those users dont yet exist, so they need their entries added manually.

All that uBlue does is run those in the Containerfile

systemctl disable gdm || true && \
systemctl disable sddm || true && \
systemctl enable cosmic-greeter && \

I suppose cosmic-greeter adds these entries on its own because that is basically it and there is no mention of “greet” in the other files.

guiltydoggy · October 9, 2024, 3:47pm

Right. I’m assuming that when cosmic-desktop is installed/layered in the container, the correct users are populated in the /etc/shadow file in that container.

Then when a rebase occurs, that Cosmic container needs to “replace” the Silverblue (or other atomic) image that is currently running. Except stuff in /etc, where it’s mutable - you’d want to maintain user-modified stuff in there. So for /etc there must be some mechanism to merge the changes (new Cosmic + existing Silverblue). I’m assuming rpm-ostree would be handling that somehow, and I think that’s where it’s failing. I just don’t know where this process is supposed to be taking place in rpm-ostree during a rebase.

Edit: Or maybe it’s not handled in rpm-ostree at all, and it’s some post script?

boredsquirrel · October 9, 2024, 7:35pm

This could explain why logging in to KDE or GNOME on mixed “cosmic-silverblue” or “cosmic-kinoite” didnt work either.

joseph · October 10, 2024, 8:37pm

Unfortunately there can be issues when rebasing between desktop environments. It’s an old issue for Fedora Atomic as far as I know. The uBlue folks also see it and don’t have a fix for it because it seems to be a more complicated issue. They didn’t recommend rebasing between different DEs. I imagine the same is the case for Cosmic. I do think it’s a solvable problem though!

boredsquirrel · October 10, 2024, 10:04pm

I am not sure about the script support in rpm-ostree, this would be an option.

lainguica · October 11, 2024, 1:01pm

This is the beginning of something big. I’ve been using Cosmic from the copr repo until now, and at least for me, I feel Cosmic getting better every day.

I am very happy to think that we will soon have a stable atomic version (I’m a optimistic person)

siosm · October 11, 2024, 4:15pm

I pushed a Fedora 41 based build in the same repo: Quay

rpm-ostree rebase ostree-unverified-registry:quay.io/fedora-ostree-desktops/cosmic-atomic:41

Same warning, it’s completely untested so take your precautions.

guiltydoggy · October 11, 2024, 5:49pm

The Power Mode section of the settings app is complaining that there’s no backend. I’m assuming it’s not compatible with tuned. May have to revert to power-profiles-daemon for Cosmic. Interestingly though the menu item does seem to have modes available there. Unsure if they actually do anything though.

Let me know if there 's a better place I could be logging bug reports.

siosm · October 13, 2024, 12:09pm

Apparently there is neither power-profiles-daemon nor tuned-ppd in the image, so I’m adding the later.

siosm · October 13, 2024, 1:25pm

This should be included in the latest 41 build now.

guiltydoggy · October 13, 2024, 2:33pm

Attempting to rebase from Rawhide to 41 results in an error. The rpm-ostree rebase finished without issue, but the 41 boot option does not appear in GRUB at startup. This is what shows in rpm-ostree status after booting:

State: idle
Warning: failed to finalize previous deployment
         error: Bootloader write config: grub2-mkconfig: Child process exited with code 1
         check `journalctl -b -1 -u ostree-finalize-staged.service`
AutomaticUpdates: check; rpm-ostreed-automatic.timer: inactive
Deployments:
● ostree-unverified-registry:quay.io/fedora-ostree-desktops/cosmic-atomic:rawhide
                   Digest: sha256:13aaa47706cd02686abf51d6716ce69f0019b1c1a5c2e8bc66742efc74cd3c6a
                  Version: 42.20241009.0 (2024-10-09T01:15:50Z)

  fedora:fedora/40/x86_64/kinoite
                  Version: 40.20241009.0 (2024-10-09T00:50:12Z)
               BaseCommit: 3aeb719e447c1ac7cb9047fd59e2e3b07a5b324716c7d5279f545d51b0a93c84
             GPGSignature: Valid signature by 115DF9AEF857853EE8445D0A0727707EA15B79CC
      RemovedBasePackages: firefox firefox-langpacks 131.0-2.fc40
          LayeredPackages: bat cockpit cockpit-machines cockpit-ostree cockpit-podman doas exa intel-compute-runtime
                           qt-virt-manager tmux vim zsh
                   Pinned: yes

journalctl -b -1 -u ostree-finalize-staged.service

Oct 13 07:23:11 Yosuke-Thinkpad systemd[1]: Finished ostree-finalize-staged.service - OSTree Finalize Staged Deployment.
Oct 13 07:24:07 Yosuke-Thinkpad systemd[1]: Stopping ostree-finalize-staged.service - OSTree Finalize Staged Deployment...
Oct 13 07:24:07 Yosuke-Thinkpad ostree[4493]: Finalizing staged deployment
Oct 13 07:24:10 Yosuke-Thinkpad ostree[4493]: Copying /etc changes: 14 modified, 0 removed, 185 added
Oct 13 07:24:10 Yosuke-Thinkpad ostree[4493]: Copying /etc changes: 14 modified, 0 removed, 185 added
Oct 13 07:24:10 Yosuke-Thinkpad ostree[4493]: Refreshing SELinux policy
Oct 13 07:24:12 Yosuke-Thinkpad ostree[4493]: Refreshed SELinux policy in 1864 ms
Oct 13 07:24:12 Yosuke-Thinkpad ostree[4493]: Finalized deployment
Oct 13 07:24:12 Yosuke-Thinkpad ostree[4493]: bootfs is sufficient for calculated new size: 162.1 MB
Oct 13 07:24:15 Yosuke-Thinkpad ostree[4514]: /usr/sbin/grub2-probe: error: failed to get canonical path of `composefs'.
Oct 13 07:24:15 Yosuke-Thinkpad ostree[4493]: error: Bootloader write config: grub2-mkconfig: Child process exited with code 1
Oct 13 07:24:15 Yosuke-Thinkpad systemd[1]: ostree-finalize-staged.service: Control process exited, code=exited, status=1/FAILURE
Oct 13 07:24:15 Yosuke-Thinkpad systemd[1]: ostree-finalize-staged.service: Failed with result 'exit-code'.
Oct 13 07:24:15 Yosuke-Thinkpad systemd[1]: Stopped ostree-finalize-staged.service - OSTree Finalize Staged Deployment.
Oct 13 07:24:15 Yosuke-Thinkpad systemd[1]: ostree-finalize-staged.service: Consumed 5.767s CPU time, 594.6M memory peak.

I found this discussion, but I don’t think the same root cause is here, as the rawhide deployment has no overlays.

I’m going to rebase from 40 → 41, to see if this is isolated to just a rawhide → 41 downgrade.

guiltydoggy · October 13, 2024, 2:56pm

Upgrading from Kinoite 40 → Cosmic 41 was successful. However, Cosmic did not start automatically on boot; I was presented with TTY login. Did start-cosmic, and it started successfully.

Tuned is now installed (tuned-2.24.0-2.fc41.noarch), however the Power and Battery settings screen still shows the same error about not finding a backend.

rpm-ostree status

State: idle
AutomaticUpdates: check; rpm-ostreed-automatic.timer: inactive
Deployments:
● ostree-unverified-registry:quay.io/fedora-ostree-desktops/cosmic-atomic:41
                   Digest: sha256:3792281bfbb5a3b34ed171e822f225fad15a12160d852f4a6460b60118f6417a
                  Version: 41.20241013.0 (2024-10-13T12:56:21Z)

  fedora:fedora/40/x86_64/kinoite
                  Version: 40.20241009.0 (2024-10-09T00:50:12Z)
               BaseCommit: 3aeb719e447c1ac7cb9047fd59e2e3b07a5b324716c7d5279f545d51b0a93c84
             GPGSignature: Valid signature by 115DF9AEF857853EE8445D0A0727707EA15B79CC
      RemovedBasePackages: firefox firefox-langpacks 131.0-2.fc40
          LayeredPackages: bat cockpit cockpit-machines cockpit-ostree cockpit-podman doas exa intel-compute-runtime qt-virt-manager tmux vim zsh
                   Pinned: yes

Topic		Replies	Views
Does fedora have cosmic atomic images Ask Fedora	0	146	October 27, 2024
COSMIC desktop environment on Fedora Project Discussion silverblue-team , workstation-wg	38	16096	August 16, 2024
Any ETA for Cosmic available in Fedora Atomics (as rebase option)? The Water Cooler tech-talk	3	287	August 9, 2024
Help Wanted for Fedora COSMIC Project Discussion engineering , package-maintainers	9	8012	May 26, 2024
Sell me on Atomic, CoreOS, Flatpaks, and Containers Ask Fedora flatpak , docker , gnome , nvidia , f39 , coreos , immutable , server , container , atomic-desktops	42	1719	November 4, 2024

Initial Fedora COSMIC Atomic image ready for testing

Explanation:

Why this Fix Works:

Normally Managed by:

SELinux:

Related topics