What workflows do developers using Silverblue use?

I have to say, I absolutely love Silverblue! However, I’m still kind of trying to figure out how exactly to develop projects.

For instance, let’s take JavaScript. Normally, if you’re avoiding modifying your system installations, you’d probably use the n Node version manager.

Given that Silverblue is focused on container-based workflows, I figured I should use Buildah, so I created a Node container named node. However:

 ryan@fedora  ~  buildah run -v /:/host node ls /host/home
/bin/ls: cannot access /host/home: Permission denied
ERRO[0000] exit status 2                                
 ✘ ryan@fedora  ~  

I figure this probably has something to do with namespacing or SELinux. That being said, I don’t feel like I’m approaching this correctly…

I know there’s also atomic run, but I’m having a bit of trouble trying to find any advantages over buildah run.

Of course, I could always just use the traditional systemless style of using a separate version manager.

All this leads me to ask: how do other developers here who have to work with similar projects approach things?

buildah run

I personally use sudo podman run. Also note that -v /:/host is not recommended. Rather, you can mount e.g. /srv:/srv to share things (see 1493267 – rpm-plugin-selinux causing failures in Docker container).

As for workflows… it’s a bit messy right now with everyone doing it their own way. E.g. I just use a single fat container for all my development. (Well, one for Fedora and another for CentOS). I have a little script to make that easier. (I type pet and it enters the container named pet, creating it first if it doesn’t already exist).

But you could also have multiple containers – one for each dev environment. I suspect this will get easier as more people gain experience and more opinionated projects pop up.


Ah, so podman is for using containers and buildah is for building them…that makes a lot more sense! Thanks!

I’m not on Silverblue yet but I’m planning to migrate my workstation from Arch Linux to Silverblue as soon as the Sliverblue 29 beta is released. My typical workflow involves Docker containers and Docker Compose plus a lot of native data science apps. The plan is to migrate as much as possible to pet container web apps, so I have a consistent user interface and can deploy to the cloud.

I am mostly developing python either small scripts or websites, but I think I would do the same for others (like go, rust, etc).

I do take 2 terminals, set them side by side. 1 side if for editing (vim), the other is for running. For the 2nd, I simply start a container, with:

podman run -v $PWD:/srv --rm -ti fedora:28 bash

And then do all the pip install as root and dnf installation needed for my needs. And when I am finished, I can commit, and exit the container who is erased thanks to --rm.

While that’s annoying to configure again everything, starting from 0 permit to make sure that I have a incentive to automate and properly record what I need.

There’s also podman build which basically uses buildah under the covers (I think?)

And there is also buildah run and atomic. I couldn’t find a clear guide that explains when to use podman or buildah or atomic.

Maybe we need to add atomic buildah and atomic podman :stuck_out_tongue:

I spent a good portion of the day searching for current documentation on buildah and podman. It’s out there, but it’s scattered on places like the Project Atomic blog and opensource.com. It absolutely needs to be collected under the Silverblue and Fedora CoreOS documentation sites, but I don’t know that much new writing needs to be done - it’s mostly editing at this point IMHO.

This YouTube is a good place to start: Using buildah + podman + skopeo in a container workflow - YouTube

P.S.: I realized this afternoon I still have my ancient Asus laptop. So I loaded Silverblue 28 on it and am in the process of porting my workflows. So far, the only really annoying absent packages are git and docker-compose.

Git is already installed on silverblue, no ?

git isn’t, git-core is. So, basic things work, but e.g. git add -i doesn’t.

So we do inherit that from Fedora Atomic:


I guess that since the reason for using git-core are likely to avoid dependencies, and that’s dependencies we already have anyway, it would be IMHO worthwhile to add git by default.

Yes. It was discussed on irc recently :slight_smile:

So after playing around for a bit, I created my own container manager on top of podman: bluecap. The idea is that you can use polkit to have some containers that you trust runnable without root access, as well as all containers being throwaways, automatic bind mounts + persistence, and such.

Now I can get around to actually developing my other projects. :wink:



I initially was hoping to use an IDE in a Flatpak with required libraries only residing in the flatpak’ed container. In the end, since I was having difficulty getting everything working nicely together as a flatpak of IntelliJ IDEA with Oracles JDK’s along with the openJDK, I turned to making a Pet Container using the fedora-toolbox tool. This way, I was able to load up the development container as I pleased with DNF and pretty much as if it was my desktop. I am in the process of working with this container, to explore what, if any, limitations it may have. Later on, it will be interesting to see how well communication ports are handled when I actually go to download something onto a device.

1 Like

After some trial and error at my own flatpak of InteliJ’s IDEA CE, I found that there was one started on flathub. So I tried it and was faced with the same issues I was having with my own hand rolled one. Basically, not being able to setup the JDK’s in the IDE to get access to the libraries. Sort of a show stopper. I was in the process of looking into runtime extensions to solve the issues I had with my attempt, and decided to pursue it with this project on flathub GitHub - flathub/com.jetbrains.IntelliJ-IDEA-Community . I forked, cloned it locally then modified the manifest file to have the gnome rt and sdk, plus added the freedesktop java extensions for 9 10 and 11. I built it locally, and it ran successfully. I was able to create a simple java project and build and run it in the IDE with either openjdk 10 or 11, but 9 would not work which seems extension related. The project could also build an artifact (executable jar file) that I could run on my pet container (which has openjdk 11 installed on it). The integration of Git and a version control is next for me to test, since I know it works on the edition jetbrains publishes on their website.
In the end, I found the appeal of Flatpak’s is too much to resist not trying to use and IDE on Silverblue that way. Also, the pet container using fedora-toolbox, or buildah+podman+skopeo to roll your own is a must on occasion for things you cannot layer onto the ostree or find a flatpak for.
[Edit]: I removed the link since it was not going to go ahead anyway. The IDEA CE ide flatpak is already setup to use extensions of flatpak runtimes and SDK’s. In this case I needed the openjdk extensions and everything (for jdk 10 and 11) worked fine after.

Sorry for resurrecting such a relatively old thread. :slight_smile:

I am now running Fedora Silverblue-only in all my machines. I have two development workflows:

  • For Flatpak’ed apps I use GNOME Builder, since it can create flatpaks with a click of button and it is smart about caching the build.
  • For system components I am using fedora-toolbox. I actually have a Terminal profile that enters the toolbox automatically for me. This one is a pet container and I constantly break my installation in it, but I can conveniently just flush it and start over again.