NixOS and the Changing Face of Linux Operating Systems • The Register
Analysis A new version of the NixOS Linux distribution has been released, just a day after a controversial blog post that asked “Will Nix overtake Docker?”
For DevOps developers, this was tantamount to a click trap: Nix and Docker are different tools for different jobs, and it’s possible to use Nix to build Docker images anyway.
The distro, which hit version 21.11 on the last day of November, was built around the purely functional Nix package manager.
Nix is one of many answers to the many complexities of packaging Linux software. Given the issues with dependencies, updates, and the many issues they can cause – which in some contexts becomes a joke – some of the more alternative Linux developers have thought that the best way to fix this would be to rethink the way operating systems are built and installed.
There are many such efforts, and functional package managers are at an extreme. Nix is the most mature tool of its kind, dating from 2003; the conceptually similar GNU Guix is ten years younger. Nix uses its own defining language, while the GNU Project uses the Guile dialect of Scheme.
Both profoundly alter the traditional hierarchy of Unix directories. Instead, they take a formal specification of a desired system state, written in declarative, functional language, and then resolve it automatically. The approach has a number of advantages: reliable and reproducible system constructions; consistency guaranteed; atomic upgrades with rollback; the possibility of having several versions of the same programs installed simultaneously without conflict; and more.
But the side effect of this is too hard for some technicians to swallow: the resulting file system layout is no longer easily readable by humans. The programs live in folders whose names are based on cryptographic hashes. There are other costs as well, such as slow build times, although there are binary caching tools to help you out.
You don’t have to use either distribution to reap the benefits of the packaging system – both can work on other distributions and even on operating systems, including macOS.
The other extreme on this scale is GoboLinux. About the same age as Nix, this experimental distro also completely rejects the traditional Unix file system layout, but this time it’s replaced with a Following Human readable directory tree with plain English names.
The traditional Unix directory layout combines unrelated files according to their type or the system roles for which they are required, into a semi-standardized file. [PDF] tree. The result is large, complex, and somewhat cryptic – although there are efforts to simplify it – but millions of Unix users know it.
Gobo reverses this arrangement. Each application, along with all of its components and dependencies, is kept in its own directory tree. Because directory names are versioned, different versions of the same application can coexist. Installation is as easy as copying a directory, and uninstalling simply means removing one. It sounds like the way macOS does it, but it’s more drastic, restructuring the entire operating system well below the GUI level.
Unfortunately, GoboLinux never really caught on, and functional package managers seem to be just a little too radical for most distribution maintainers – just as functional programming languages are for many programmers. While Nix or Guix definitely offer advantages, in order to use them, overworked system administrators have to learn a lot of complex new tools and methods. In contrast, tools like Docker are relatively easy to understand and use.
So instead of revamping the way distributions are built, vendors are reimplementing similar functionality using simpler tools inherited from the server world: containers, squashfs filesystems in single files, and, for distributions. who have it, provide a restore functionality.
All enterprise Linux vendors are working on it. The goal is to create operating systems that are as robust as mobile operating systems: periodically, the vendor delivers a fully tested and integrated image that end users cannot and do not need to modify. In normal use, the root filesystem is mounted read-only and there is no package manager.
Red Hat was working on an immutable operating system with transactional updates under the banner of “Project Atomic”, but later acquired CoreOS. This has resulted in considerable overlap and RHEL’s Atomic Host Edition is now “sunset” with no clear replacement. In the meantime, the Fedora project offers CoreOS for servers hosting containers, a variant of the Internet of Things, and desktop editions with GNOME or KDE.
Since Red Hat does not currently use a file system with snapshots, it had to invent a transactional installation system (think “Git for Binaries”) called OStree and overlay it on a conventional file system.
The openSUSE project has MicroOS, and SUSE recently launched its SLE Micro sibling. Both focus on servers running container workloads, but you can install a desktop on MicroOS if you want.
SUSE uses Btrfs and relies heavily on its snapshot and copy-on-write functionality, which means it can offer transactional updates and rollbacks, a root file system that under normal operation is mounted read-only, but also installs and updates the end-user package, without the need for OStree or anything like that.
Since Canonical rolled back its touchscreen UI and phone / tablet operating system, the company’s only immutable operating system is Ubuntu Core, its IoT distribution.
There isn’t a lot of streaming, but there is already a mature, immutable image-based desktop Linux based on OStree and Flatpaks: EndlessOS. Since there is no package manager, this is a bit questionable, but Endless is actually based on a Debian kernel. It has a read-only root filesystem, a slightly customized version of GNOME Shell to look a bit more like Windows, and all applications are managed as Flatpaks.
The design of Linux distributions is changing, and as with packaging systems, efficient and lightweight approaches seem poised to lose out to simpler but more pragmatic designs… but the evolutionary pressure of small, smart devices with very limited storage and bandwidth could change that again. ®