hello, i’m David Vales, IT engineer, director of TI in Instituto Tabasco College, and CEO Vales Corp. so. i have an idea for the school that I work, I need a Educational OS for my computer’s lab. I want to made a Fedora Spin based in education, with all the tools integrated or easy installable.
I’m a experimented Linux user, but, I want to know how to deploy my custom fedora os, for my students.
ty so much
It looks like something like that existed at one time. Maybe you can revive it?
Education is such a big and diverse area, with each institution and class requiring something different.
I would start by deciding which packages you need. For example is you need graphic design then get Inkscape and Krita.
To deploy, there are many ways. You could either clone your hard drives from a master. Or you could write a script to bring in the packages you need all at once. You could set up a local mirror so you don’t have to download from a remote sercer (to save bandwidth).
So many options, to get real help I think you will have to write a lot more about what your needs are.
Developing a new ‘spin’ is probably a longer term project with a lot of commitment, in an environment where many people think there are already too many spins and choices.
yes, but it’s stuck in fedora 12. It’s too old
I agree with your opinion, but, i worked in schools for many years, and I analyzed the requirements for the 90% of schools in my country “México”, so, i want to focus on his problems.
However I want to deploy this as school solution O.S. that’s my main idea.
Many schools in my country has his own linux distros for their pc labs, but I want take that to the entire schools world.
Sounds like a good idea then.
Note that I am not a professional in this area and do not know the correct channels to go through to produce your idea. Hopefully someone will chime in here with the protocols.
I would however suggest to lay out or define your requirements clearly in a document so others can contribute or ‘get on board’ with the idea.
I suspect that what will work for 90% of Mexico will work for 85% of the world. Education really does need more options that Apple and Microsoft, so I would really like to see an ‘out of the box’ solution for schools to deploy.
Suggestion: rather than a ‘spin’ which are various desktops, I would suggest a ‘lab’ Fedora Labs | The Fedora Project
I don’t know the protocols, but it probably starts with putting together a SIG. Maybe you could try sending an email to the existing mail list and see if anyone responds? Someone might be able to transfer access to the old resources (mail lists, wiki pages, repos, etc.) to you.
https://lists.fedoraproject.org/admin/lists/education@lists.fedoraproject.org/
Edit: FWIW: Creating a Fedora SIG - Fedora Project Wiki
It looks like they are routing people to the Join SIG for things like this. It looks like there is a join-sig tag on this forum. You might try adding that to the original post to get their attention.
Added education
So could you be more specific?
I am dealing with this situation too. For me, I would never deploy Fedora on many semi-managed PCs, without major tweaks.
These in part also apply to Fedora with dnf
I manage a fleet of 12 Thinkpads with Ubuntu LTS on them, and without automation that OS is horrible to manage.
sudo (or on other distros like Fedora the wheel) groupI am a user of Fedora Kinoite since a long time. This combines a lot of cool things:
ostree. At least for the managed areas, where all the default configs and packages are, you guarantee 1:1 copies of the upstream system on all machinesApps are installed either by layering or with Flatpaks. Some may be installed in a distrobox, but this may not be great for schools.
I came across heliumos which uses the same concept, but based on AlmaLinux.
I think this would be way better for a school laptop, as it doesnt change at all, is very stable and reliable in that way.
As my personal system, it is not perfect. But tbh, with CentOS Stream 10, EPEL 10 and KDE Plasma 6, I can imagine switching to it.
On a personal system, testing stuff is nice, but not if you only have a couple of minutes per device like every week.
HeliumOS is still in kinda early stages. You can read the bug reports here.
I already use it and it works. There are issues, but those can be fixed by rebasing/ bootc-switching to a different image, or just waiting a bit.
Building a custom image is also not needed that much, as the updates are so slow, layering packages locally is not that big of a deal.
It runs like a charm on my Chromebook, simply using GNOME 40 is a pain. This will change with CentOS Stream 10, and the maintainer also plans on switching to KDE Plasma.
On a school laptop you dont want kids to…
On my school Windows PCs, we had “Dr Kaiser”, a separate SOC or something that flashed the OS regions with an image.
Afaik on Linux you can just delete the homedir on shutdown, on first startup it should be filled with default things. But I need to try that first, don’t do this right now!
Especially Desktops are not protected against users doing whatever they want to do with it.
Linux systems have a pretty old hierarchy. Users do user stuff, admins install programs. Users can do whatever they want, user programs can read/write all user files, the only protection (with how SElinux and unix permissions are currently implemented) is outside of /home, for webservers and system files.
This is a big issue, if you want to guarantee a working desktop.
By default, the flatpak repo “flathub” are added systemwide, allowing systemwide installation of apps.
This is good because you need elevated privileges to install or remove flatpaks. So if users are not in the wheel group, they cannot remove or install apps.
It currently also prevents updating, which I want to change soon, need to do a change proposal.
user flatpaks can always be installed. Adding the user flatpak remote requires no privileges. This is an issue, which could be prevented by chown-ing the needed directories in /home to root.
This could be automated too, if you delete everything on shutdown and add it back when booting.
These can also be added without privileges, so the tools should be removed from the image
rpm-ostree override remove packagename
Otherwise the kids can run whatever they want.
On desktop Linux ou can run code from anywhere.
This is a huge problem it you want to prevent kids from running what they want.
You could remove the exec capability of the entire homedir recursively, which may solve this. Afaik this would prevent installation of distroboxes/toolboxes and user flatpaks too.
I am excited what you find! I dont think Fedora is perfect for this job, and especially not traditional dnf Fedora.
Using Fedora Silverblue or Kinoite sounds fine, you might want the extra stability and build an image off of CentOS Stream bootc, or AlmaLinux bootc, or use HeliumOS.
I was surprised how well HeliumOS already works.
You can add a policy that preinstalls extensions or blocks the installationof extensions.
This can be especially important if you always delete the user homedir.
This is standard on enterprise systems.
Managed machines are very different than a semi-tinkerers Workstation.
I dont say “Fedora is free beta testing for RHEL”, but it doesnt fullfill these main points that I think make live way easier:
Fedora Atomic Desktops tick a lot of these boxes, but not all.
This also applies for restricted company PCs etc.