Para_lyzed @ Para_lyzed @lemmy.world

Posts

0

Comments

185

Joined

2 yr. ago

Great choice, I'm running Kinoite (Fedora Atomic KDE) myself! The atomic nature of the distros make them less prone to breakage, and much easier to recover from (since you can just roll back to the previous branch instead of restoring a BTRFS snapshot).

Are you able to manually mount the EFI partition while chrooted? Running an update won't fix the problem if you don't have the EFI partition mounted properly. To that end, are you able to manually mount the EFI partition at all? That would be a very big problem if not.

While chrooted, try the following before updating:

    
mount /dev/sda1 /efi

  

I'm a bit confused by the partitioning scheme, as I don't see a /boot mount, are the files usually stored in /boot stored in /efi here? Usually the EFI partition only contains EFI binaries. Unless perhaps your /dev/sda3 is a LUKS encrypted boot partition? Sorry, I'm not very familiar with Arch, it's strange to me to not see a /boot mountpoint in the /etc/fstab

It may be a good idea to just roll back the snapshot if none of this works, though that will only change the btrfs partition, so it won't fix any issues inside the EFI partition if there are any issues there. Here's an article about how to do that with btrfs.

Just to throw another option out there, partclone will only copy data that is being used in a partition, without all the empty space. I don't believe it helps for encrypted partitions, but you could always just image the unencrypted filesystem with partclone to a drive with full disk encryption to work around that (and still prevent storing data unencrypted). Saves a lot of space.

Also, in the context of backups, I often prefer to use btrfs send to create and update backups through snapshots quickly and efficiently instead of imaging (though of course that requires you to use btrfs). Full imaging is pretty inefficient for my needs, and takes a lot of time.

I used Manjaro for about 6 months, never used AUR or made any real modifications to my install (except for troubleshooting), and had to fully reinstall 2 times and fix config issues on files I've never touched a handful of times in that 6 months because a standard update broke everything. I then went on to use EndeavourOS for a year and never had a single issue the entire time I used it, so my problems were not related to Arch, it was Manjaro. Similar stories are constantly echoed about Manjaro, and I have a hard time believing that the entire Internet is astroturfing a Linux distro for no reason. I, as a quite experienced Linux user of over a decade, have never tried any distro that has been anywhere close to as bad as Manjaro. I've had an install brick itself once outside of Manjaro, and that was due to an obscure hardware bug that got through QA. I've never had to spend as much time fixing a distro as I did with Manjaro, and it was on a laptop that I only used for browsing and schoolwork. I didn't even bother to change the wallpaper because I only had it there to try out. So no, nothing that happened was related to the packages I installed, the (nonexistent) changes made to configs, or the use of the AUR. That was a perfectly normal Manjaro install breaking itself for absolutely no reason. You can feel free not to trust my anecdotal evidence, but almost everyone I've seen in this community who has said they've used Manjaro has echoed similar stories. This isn't a unique or rare experience.

EndeavourOS has great value to users new to Arch that don't want to set everything up from scratch. It is basically vanilla Arch without the setup hassle of vanilla Arch. I don't see why that wouldn't have value, and I don't really understand why you'd recommend Manjaro over it. The 2 week freeze that Manjaro does on packages doesn't actually help stability. It does nothing at best, and makes things worse in most other cases.

Did you check the MD5sum? If you did (and it actually matches), try using a different media creator. You can use something like Rufus or Fedora Media Writer (yes, you can install non-Fedora ISOs with it, the only extra feature it has is that it will automatically download Fedora ISOs you want). If other media creation tools don't work, try a different flash drive, as that's the next most likely issue.

Then it may be a Ventoy thing, or even just a bad flash drive

If you want easy Arch, recommend EndeavourOS. Manjaro is a pile of steaming garbage just waiting to break itself. EndeavourOS is easy for beginners, doesn't break itself constantly, and gets all the features of Arch from mainline Arch, not the Manjaro repos. I strongly suggest you revise your recommendation to EndeavourOS; there's very good reason behind why this community dislikes Manjaro.

Since they're running Fedora Atomic, the commands are through rpm-ostree, as dnf is disabled. I've provided the relevant instructions.

Since you're using Fedora Atomic, I'll give you instructions for rpm-ostree:

Run rpm-ostree status and find the deployment with the dot to the left of it. Example output:

    
State: idle
Deployments:
● fedora:fedora/40/x86_64/kinoite
                  Version: 40.20240509.0 (2024-05-09T00:47:51Z)
               BaseCommit: 2f8263a33190c4e1320233aebbdc8f337b0a6abcba371d4870ae43fba33aea62
             GPGSignature: Valid signature by 115DF9AEF857853EE8445D0A0727707EA15B79CC
          LayeredPackages: akmod-nvidia akmods asusctl asusctl-rog-gui libratbag-ratbagd mullvad-vpn rpmdevtools
                           supergfxctl virt-manager xorg-x11-drv-nvidia
            LocalPackages: rpmfusion-free-release-40-1.noarch rpmfusion-nonfree-release-40-1.noarch

  fedora:fedora/40/x86_64/kinoite
                  Version: 40.20240507.0 (2024-05-07T00:44:22Z)
               BaseCommit: c7fb680111ecf1736e473cf6f9169f69e5f2ec6b50814f7017bd6f9f3c1bdaf2
             GPGSignature: Valid signature by 115DF9AEF857853EE8445D0A0727707EA15B79CC
          LayeredPackages: akmod-nvidia akmods asusctl asusctl-rog-gui libratbag-ratbagd mullvad-vpn rpmdevtools
                           supergfxctl virt-manager xorg-x11-drv-nvidia
            LocalPackages: rpmfusion-free-release-40-1.noarch rpmfusion-nonfree-release-40-1.noarch

  

First one has a dot next to it, which means it's the active version. Copy the value after "BaseCommit:" (in my case it is 2f8263a33190c4e1320233aebbdc8f337b0a6abcba371d4870ae43fba33aea62)

Run rpm-ostree db list <paste commit hash here> | grep amd. Example output (my command was rpm-ostree db list 2f8263a33190c4e1320233aebbdc8f337b0a6abcba371d4870ae43fba33aea62 | grep amd):

    
amd-gpu-firmware-20240410-1.fc40.noarch
amd-ucode-firmware-20240410-1.fc40.noarch

  

In my case, running the most recent update on Fedora Atomic KDE, it looks like I'm running version 20240410-1 of amd-gpu-firmware. Yours may vary depending on what update you're on.

sudo is not a fairly simple program. Last I checked, it had ~177k lines of code. It provides functionality far beyond what is needed of an average user. doas is a simpler alternative (also using SUID) at ~3k lines of code. It comes from OpenBSD. There is absolutely a problem when it comes to SUID binaries. If you can find a way to exploit the permissions given at the start of the SUID binary before user authentication occurs (since the UID is set before the binary runs), you have yourself a full privilege escalation vulnerability. systemd is very well integrated with the distros that use it, being the first process to run after the kernel is initialized. There will never be a point at which systemd is not functioning, but the rest of your system is perfectly fine. It is an absolutely necessary part of the system (assuming your distro uses it), and if it goes down, you have to restart your system. As such, I don't see any validity to the statement "you want to always work, even (especially!) when other things get borked". What exactly do you see as being an issue with run0? What specific part of its implementation do you seem to have a problem with? It's just a symlink to systemd-run, which is already very well tested and has been around for a long time. It's also far simpler than sudo, and removes the attack surface of running an SUID binary of its size. What "points of failure" do you see here, exactly?

SUID stands for Set User ID. An SUID binary is a file that is always run with the UID of the owner user (almost always root). Note that this does not require that the user running them has root permissions, the UID is always changed. For instance, the ping command needs to set up network sockets, which requires root permissions, but is also often used by non-root users to check their network connections. Instead of having to sudo ping, any normal user is able to just run ping, as it uses SUID to run as the root user. sudo and doas also require functions that necessitate them running as root, and so if you can find out how to exploit these commands to run some arbitrary code without having to authenticate (since authentication happens after the binary has started running), there is a potential for vulnerabilities. Specifically, there is the privilege escalation, which is one of the most severe types of vulnerabilities.

run0 starts using systemd-run, which does not use SUID. Instead, it runs with the permissions of the current user, and then authenticates to the root user after the binary has already started to run. systemd-run contacts polkit for authentication, and if it succeeds, it creates a root PTY (pseudo-terminal/virtual terminal), and sends information between your session and the root PTY. So this means that in order to achieve privilege escalation with run0 as root, you have to actually authenticate first, removing the "before authentication" attack surface of sudo and doas.

TL;DR SUID binaries will always run as the owner (usually root), even before any form of authentication. run0 will start with the permissions of the current user, and then authenticate before running anything with root permissions.

From what I understand, zram only works on a small portion of the ram, and it used as essentially a buffer between ram and swap, as swap is very slow. It actually benefits systems with more ram, if anything. The transparent compression takes far less time than swapping data to disk

Well, since doas has a Linux implementation, stealing that name would cause lots of issues to users who already use it or want to use doas instead of run0. This will be a default part of systemd; not a new package. The reason it's called run0 is because it's just a symbolic link to systemd-run, and instead of executing as an SUID binary, like sudo or doas, it runs using the current user's UID.

From a quick search, it seems they're talking about the official OpenSUSE Matrix space.

It's fairly common for apps to save login information in Kwallet on your keyring, so anytime those credentials on your keyring need to be accessed (like automatically logging into Discord when it starts), you will need to unlock your keyring. It's generally easier to just log into your profile with a password, as Kwallet won't need to get you to unlock it separately.

Strange that the download limit was so slow, I've never had that happen. You can download ISOs from a browser to use in the utility, however, and Fedora has done a good job of simplifying it down to a fairly identical user experience as Etcher

I generally have 2 recommendations for beginners who don't want something specific, one of which is a community favorite, the other is my own favorite.

The community generally recommends Linux Mint for new users. It's based an Ubuntu, so it had a lot of great support, but it has the enshittification of Ubuntu (snaps, tracking, pro subscription ads, etc.) removed. It's a great, simple distro for beginners that generally works all around without tweaking. It's basically the #1 recommendation for new users, and I gladly support that recommendation.

My personal favorite recommendation is Fedora, through I understand why there may be frustrations for those with Nvidia graphics cards who need to install their drivers. The process to do it on Fedora isn't very complex, and can be looked up easily, but new users tend to feel intimidated by the command line, and I must admit that the installation of Nvidia drivers and media codec are more difficult than something like Linux Mint (for Fedora, this is a copyright issue, since their main sponsor is Red Hat, a private company). In every other area, I'd say Fedora is great for beginners, and provides a great way for users to get new features quickly without having to worry about any of the instabilities or quirks of something like Arch.

You couldn't go wrong with either, but you're certainly going to see more recommendations for Linux Mint in general (especially on Nvidia hardware).

Just stay away from Manjaro, Gentoo, and Void (there's a long list of complex distros, but it really isn't going to help to list them all). Gentoo and Void have their place, but are not a great place for a beginner to start. Manjaro simply has no place, just avoid it like the plague.

This makes the false assumption that a CEO would make every decision in the company, but I'll humor this anyway. If this were to happen, Fedora would lose Red Hat's sponsorship. There have been a number of community discussions detailing the friction that contributors have already had with Red Hat, some even left after they privatized the RHEL source code. Some are looking for any reason to stop because they dislike Red Hat. This simply would not fly, and you'd see contributors leaving en masse. Similar discussions have been echoed by contributors before, and I don't expect volunteers to stay around and work for a project that they couldn't trust to uphold the interest of the community anymore. Both Fedora and Red Hat would be immensely damaged, and Red Hat would have to spend far beyond the amount that they spend sponsoring Fedora to hire new contributors so that RHEL can be maintained, as Red Hat does not have the resources to maintain RHEL without the Fedora community. This would be career suicide for the CEO, and given how much Red Hat relies on Fedora, the threat would be empty in any case. It does not benefit Red Hat to destroy the project fueling their enterprise distro. RHEL already modifies Fedora substantially, as it does not share the same design principles, and Fedora does not actually reflect the direction of RHEL. Even if this were to happen, the answer to all of the "but what if?" questions is the same: you can switch distros. Things like this make waves in this community; it wouldn't go unnoticed, especially given how popular Fedora is. It's the same situation with any distro. "But what if they run out of money and development suddenly slows to an unreasonable pace?" Switch distros. Speculating about situations like this is not constructive. You can speculate unlikely situations for any distro you choose, and be caught in an endless loop of irrational "but what if?" questions. The answer, as with all things Linux, is the same: fork it, or find an alternative. Money isn't going to appear out of nowhere, so the reality is that the Fedora Project (or the fork of it following this) would have to rely solely on community donations, or perhaps try to secure a sponsorship from another company (like Amazon, which uses Fedora as a base for their distro iirc). Worst case scenario: Fedora dies and you install a different distro. I don't really see the point in asking these kinds of questions.

The only reason that the Fedora Project exists is for community development. There is simply nothing Red Hat could ever stand to gain from changing that model, as they'd lose the entirety of what they are paying for by sponsoring the project. In order to do anything, they'd first need to dissolve FESCo, which would make HUGE waves across the internet. You and anyone else in the community would see news and posts about it immediately. Once that happens, the project dies. Community members are not going to contribute to a project that betrays their trust, after all. So in trying to change anything, the only thing Red Hat would be doing is moving a project that they are paying a relatively small amount of money for (relative to the number of contributors) from community developed to Red Hat developed. That means that they have to personally invest money into maintaining and employing contributors themselves, completely defeating the point of Fedora existing in the first place. If they wanted to privately fund development, why wouldn't they instead do it in RHEL, or CentOS Stream?

Let's analyze Red Hat's current gains from Fedora one by one:

1. Fedora is a place for Red Hat to test new features before they move to RHEL.

This requires an active userbase, and by privatizing or taking over the project, that userbase would rapidly diminish. Red Hat cannot increase this benefit by any means, other than by leaving the project be as is.

2. Fedora is community developed, so Red Hat can benefit from commits made by the community (people they don't pay).

Privatizing or taking over the Fedora Project would immediately end that community development. There's nothing in this respect that Red Hat could possibly intend to gain from such an action.

3. Red Hat's image appears better by sponsoring a community developed project.

It should go without saying that their image would only be damaged if they tried to modify their current relationship.

These are the things that Red Hat is paying for by sponsoring the Fedora Project. A hostile takeover would have exactly zero potential gain and very high potential losses in each of these categories; thus it doesn't make sense in the slightest.

Now let's analyze some new potential gains that Red Hat could get by a hostile takeover:

1. Monetizing Fedora.

This is Linux we're talking about, attempting to sell a consumer Linux distro for money will not fly, and no one will buy it. After all, even when enterprises by RHEL licenses, they aren't paying for the software itself. What they're really paying for is the support package and direct hotline to Red Hat for any technical difficulties. Red Hat makes its money by offering support services, something that does not have any realistic market for the general populace, especially considering the userbase we're talking about are Linux users.

2. That's really it.

There's just nothing else Red Hat would even stand to gain from any hostile takeover. The only potential motive is money, and Fedora is not a product that will ever generate them revenue. Consumers don't want to purchase licenses, and enterprises don't want consumer desktop distros with 6 month release cycles.

Red Hat funds Fedora because it is of great benefit to them to keep it alive, and continue its development by the community. Changing their relationship with the Fedora Project would not only lose the exact benefits they are receiving, but also cost them money, as they will no longer have thousands of community members volunteering their work, and they would have to hire contributors to fill that gap. Additionally, why even bother speculating? It isn't difficult to move distros nowadays, so if anything ever were to change, you can jump ship on any day of the week to another distro. We seem to live in a world where logic is challenged by a thousand "but what if?" statements that have no basis in reality. It's quite a pointless endeavor, honestly. What if the distro you choose gets bought out by Google, or Microsoft? What if the distro you choose is secretly funding antisemitism with donation money? What if the distro you choose suddenly dies? These are all absurd questions to speculate on, all to no real end. They each have the very simple solution of "just install a different distro if that happens". But what if a company tries to exploit a distro for money? There's no point in even speculating that because there isn't even any money to be made from consumer desktop distros. The money to be made from Linux is not in the consumer desktop platform, it is in the realm of businesses (enterprise software, embedded systems). There are far too many free options out there owned by nonprofits to ever consider marketing a consumer Linux distro like that. Even with stuff like Ubuntu Pro, you aren't paying for a license to the distro; you're paying for extra support.

Why are we treating Red Hat like the most evil company in the world, anyway? As far as tech companies go, they're pretty damn ethically sound. They're not nearly as bad as Google, Microsoft, Amazon, Apple, IBM, or any number of other tech companies that release proprietary software with no access to source code, massively violate their users privacy, exploit consumers in harmful ad campaigns, etc. Google, one of the most unethical companies in the world owns Android, but we still have AOSP, which is the foundation for custom ROMs like GrapheneOS and LineageOS. If they believed that trying to shut down AOSP would make them money, they would have tried it years ago. Of course, doing so wouldn't even be legal, as it would be violating GPL.

I'm just not seeing what exactly you're imagining Red Hat could take away from Fedora for their own gain. Nothing they could do that would have a negative effect on users would result in a gain for Red Hat, as they'd be losing everything they gain from the Fedora Project. In order to make any changes to the development of Fedora, they either have to pay developers to make those changes, or convince community members to do it for them (which is not going to happen if these changes are negative), and that's assuming that they manage to dissolve FESCo to get these malicious changes approved.

You don't want to rely on a project that's funded by corporations? Where do you think the funding for the Linux Foundation comes from? Companies like Google, Microsoft, Amazon, and IBM fund the Linux Foundation, so any OS that uses the Linux kernel will be financially dependent on corporations. That's something you're never going to be able to avoid.

I don't understand why this has been blown so far out of proportion. What's the point in excluding a very good distro that suits your needs perfectly over a fear that some day, somehow, in the indeterminate future, that there would be some new financial incentive created out of thin air that would cause Red Hat to try to take over Fedora? What guarantees that same situation or one similar wouldn't happen to any other distro you could choose? And to that end, why would Red Hat take over Fedora instead of creating a new fork that they could sell so they can still get all those benefits of community development? I don't see how any financial incentive created by Fedora wouldn't be possible to gain downstream.

Yes, basically. uBlue doesn't maintain distros, really, it just repackages Fedora Atomic with some minor changes (including non-free drivers, for instance). That way if you need the software they repackaged into the image (like Nvidia drivers), you don't have to use overlays, and instead can use uBlue images. In fact, you can actually rebase Fedora Atomic to uBlue and vice versa with a single command. All it does is change where the base images are fetched from, and it's a potentially easy way to switch between images without having to perform a reinstall (do note that different packages in the base may modify config files that will persist between rebases, though). I haven't personally tried it, so I don't know if there's a likelihood to run into issues, but it's an interesting option nonetheless.