Layering packages

See the Fedora docs for Adding Layered Packages.

Warning

On a Fedora Atomic host, you should only layer packages as a last resort. You should prefer running apps from a container (toolbox) instead. Layering packages should be reserved only for those applications that need to interact with the system in a way that using containers would be inconvenient or impossible.

Layer packages with rpm-ostree

To create efficient layers, and to lessen the burden of several reboots, you should try to install everything in one go, using as few layers as possible. Here is a list of packages you might want to add all together as one layer:

[bash]: Run this on your workstation:
sudo rpm-ostree install wdisplays qemu-kvm libvirt virt-manager \
     virt-viewer virt-install libvirt-daemon-config-network \
     libvirt-daemon-kvm libguestfs-tools python3-libguestfs virt-top \
     net-tools gvfs-smb gvfs-archive gvfs-nfs gvfs-fuse gvfs-mtp \
     distrobox file-roller thunar-volman pamu2fcfg pam-u2f fido2-tools
Info

Many of the subsequent chapters rely on these dependencies, so you should definitely install them if you are following this book completely.

Tip

Fedora Atomic Sway edition (Sericea) already includes a lot of packages layered on top of the core Fedora Atomic. So before you install new things, check what comes preinstalled.

System reboot is required to load new packages

Everytime you install packages with rpm-ostree, you must reboot your system to load them:

[bash]: Run this on your workstation:
sudo systemctl reboot

Examples of applications you might want to layer

  • File explorer (thunar) plugins for archives and removeable drives.
  • Virtual filesystem plugins (gvfs).
  • Container tools (Distrobox).
  • Virtual Machine tools (Qemu and libvirt).
  • Basic network tools (net-tools arp)

Web browsers are fickle. Although they mostly work inside toolbx containers just fine, Sericea includes Firefox in its base layer as a native app, and that seems to work great. However, I have also tested Chromium inside of a toolbx container without issue. For use cases where Chromium needs to have native USB access, you might not want to run it in a container.

Check the list of layers:

[bash]: Run this on your workstation:
sudo rpm-ostree status

The top layer should list the LayeredPackages in your new layer.

Reboot.

Reset all layers back to stock

Warning

This will reset all the layered packages back to the stock image. This may be useful if you are trying to clean up from lots of testing.

All package layers will be destroyed!

Your user home directories (/var/home/) and system configuration (/etc/) are not affected.

[bash]: Run this on your workstation:
sudo rpm-ostree reset
sudo rpm-ostree cleanup -r
sudo systemctl reboot