KDE Linux: Difference between revisions

From KDE Community Wiki
(Talk about NVIDIA)
m (Add instructions for starting libvirt daemon, virt-manager depends on it)
 
(27 intermediate revisions by 8 users not shown)
Line 1: Line 1:
“KDE Linux” is a work-in-progress name of a KDE-owned general-purpose Linux distribution proposed at Akademy 2024. Not to be confused with [https://neon.kde.org KDE Neon].
"KDE Linux" (codenamed "Project Banana") is a work-in-progress name of a KDE-owned general-purpose Linux® distribution proposed at Akademy 2024. Not to be confused with [https://neon.kde.org KDE neon].
 


{{ Warning | This page serves as a design document, thus information presented here should be considered a snapshot of the ongoing discussion, not final decisions. }}
{{ Warning | This page serves as a design document, thus information presented here should be considered a snapshot of the ongoing discussion, not final decisions. }}


TODO: background, motivation
This page has lots to talk about, please consult the table of contents on the left :)


== Goals ==
== Goals ==


Create a bulletproof OS showcasing the best of KDE that we can proudly recommend to users and OEMs, with a coherent "here's how you get it" story.
TL;DR: Create a bulletproof OS showcasing the best of KDE that we can proudly recommend to users and OEMs, with a coherent "here's how you get it" story.
 
It should never break, and if it does anyway, this should be detectable and roll-backable to the previous OS partition. Maybe even call home and inform about breakage so we can pull the update. Can do this with systemd-sysupdates.


== Target audience and use cases ==
Goals in detail:
* Be "The KDE operating system"
* User-friendly; high-quality UX
* Doesn't break, or at least easy to recover
* Keeping security in mind
* No packaging knowledge needed to develop for it
* Focus on modern technologies
* Attractive for our hardware partners
* Any edition can be used as the main system by our developers for internal dogfooding purposes
* Support switching between editions/release schedules at any time
* Exercise codepaths for containerized apps and immutable base systems, to improve KDE software deployed using these technologies in other environments


It should have multiple editions suitable for different kinds of users. Ideas:
=== Non-goals ===
* '''Developer edition''': built from git master and released daily, including debugging tools and KDE dev environment. Like Neon Developer.  
Does not have to support the runtime installation of kernel modules. This will prevent the out-of-the-box installation of, for example:
* '''Enthusiast edition''': ships released software, and releases to users on upstream KDE's schedule, like Neon User. Additionally, when there are any beta releases, ships the beta.
* Proprietary NVIDIA kernel driver (for graphics cards older than NVIDIA GTX 16xx). NVIDIA GPUs must either be new enough to use the open-source kernel modules that can be distributed in-tree, or else use Nouveau
* '''Stable edition''': ships only released software on a delayed schedule, based on TBD quality metrics.
* VirtualBox (requires out-of-tree modules; QEMU/KVM probably do a better job anyway)
* Vendor-specific VPNs that require custom out-of-tree kernel modules that cannot be redistributed with the kernel due to license incompatibility


== Requirements ==
Does not have to support the use case of developing low-level system components like the kernel, drivers, systemd, etc., as this can be troublesome with an immutable base OS.


Does not support the proprietary NVIDIA driver. NVIDIA GPUs must either be new enough to use the open-source kernel modules that can be distributed in-tree, or else use Nouveau.
== Target audience and use cases ==
 
TODO (UX, minimum hardware requirements, maintainability, independence, etc.)


It should have multiple editions using different release schedules, suitable for different kinds of users. Ideas:
* '''Testing edition''': built from git master and released daily. Like KDE neon Testing. ''For QA people, Plasma developers, and Patrick Silva.
* '''Enthusiast edition''': ships released software, and releases to users on upstream KDE's schedule, like KDE neon User. Additionally, when there are any beta releases, ships the beta. ''For KDE enthusiasts, power users, and influencers.''
* '''Stable edition''': ships only released software on a delayed schedule, based on TBD quality metrics. ''For everyone else.
''
== Architecture ==
== Architecture ==


Original architecture ideas for the project included the following:
Original architecture ideas for the project included the following:
* Reproducible builds, must-pass CI, automated UI testing
* Reproducible builds, must-pass CI, automated UI testing
* Base OS is Arch-based. OS updates are some degree of rolling; snapshot based releases with relatively recent libraries
* Base OS is Arch-based. OS updates are some degree of rolling; snapshot based releases with relatively recent libraries
* Systemd-boot as the bootloader
* Systemd-boot as the bootloader with nice boot theming
* Btrfs as the filesystem
* Btrfs as the filesystem
* Encryption of all mutable data (e.g. user homedir, and cache locations on /)
* Encryption of all mutable data (e.g. user homedir, and cache locations on /)
* Included recovery partition
* Included recovery partition
* Read-only base system, like SteamOS, Kinoite, and MicroOS
* Read-only base system, like SteamOS 3, Fedora Kinoite, and openSUSE Kalpa
* Atomic image-based A/B updates with rollback functionality
* Atomic image-based A/B updates with rollback functionality
* Manual package installation happens transparently using a per-user or systemwide overlay
* Instead of legacy packages we target modern deployment systems such as flatpak and systemd-sysext
* Apps are from Flatpak (and maybe also Snap if it's not too hard and the UX is okay)
* Apps are from Flatpak (and maybe also Snap if it's not too hard and the UX is okay)
* Has nice GRUB theming: https://blog.inadvisor.lt/bling-up-your-fedora-grub
* Wayland by default
* Wayland by default
* Automatic user data backup system using Btrfs snapshots, with a nice GUI around it like Apple's Time Machine
* Automatic user data backup system using Btrfs snapshots, with a nice GUI around it like Apple's Time Machine
Line 45: Line 56:
* "Troubleshooting hub" app
* "Troubleshooting hub" app


TODO (hardware support, file system, base disro, boot process, software separation, security model, deployment, updates and rollbacks, localization, OEM mode; proposed solution, alternatives, trade-offs for each section)
TODO: hardware support, software separation, security model, deployment, OEM mode; proposed solution, alternatives, trade-offs for each section
 
=== updates ===
 
=== systemd-sysext ===
 
systemd-sysext allows us to overlay developer content on top of /usr without impacting the base system.
 
=== Setup ===
 
{{Input|1=<nowiki>
# create directories
mkdir -p ~/kde/usr/lib/extension-release.d/
# create an extension-release file
cp /usr/lib/os-release ~/kde/usr/lib/extension-release.d/extension-release.kde
# make the ID ignored so updates don't break the extension
sed -i s%^ID=.*%ID=_any%g ~/kde/usr/lib/extension-release.d/extension-release.kde
# owned by root so it can't be removed
sudo chown root:root ~/kde/usr/lib/extension-release.d/extension-release.kde
# enable the extension
sudo mkdir /var/lib/extensions/
sudo ln -s $HOME/kde /var/lib/extensions/kde
sudo systemd-sysext merge
sudo systemd-sysext
</nowiki>}}
 
=== Use ===
 
Use DESTDIR=~/kde to install stuff and then restart systemd-sysext. Beware that when changing polkit/dbus stuff you also want to restart those services as they don't necessarily pick up changes.
 
{{Input|1=<nowiki>
DESTDIR=~/kde ninja install && sudo systemctl restart systemd-sysext.service
</nowiki>}}
 
== Prototype ==
 
The code is currently located [https://invent.kde.org/sitter/kde-linux here]. Note that it is '''not representative of the final product''' and exists as an experimental playground for now.
 
=== Installation ===
==== GUI ====
Use [https://apps.kde.org/isoimagewriter/ ISO Image Writer]
 
==== Terminal ====
* [https://files.kde.org/kde-linux/?C=M;O=D Download] the latest <code>.raw</code> file
* Attach a USB drive
* Use <code>lsblk</code> to find the right <code>/dev/node</code>. e.g. <code>/dev/sda</code>
* <code>sudo dd if=kdeos.raw of=/dev/sda bs=4M</code>
* <code>sudo sync</code>
* Reboot into the USB stick
* no password on SDDM
 
==== Install ====
Run "Install System" (Calamares) from the "Welcome Center" app by single clicking on the icon or from the KDE Plasma desktop by double clicking on the app or from the KDE Plasma start menu (Application Launcher) > System > Install System.
 
In the installer wizard, at the page 4 "Partitions", from the "Select storage device:" combo box, select the storage device which does not contain the currently running operating system. E.g. if installing inside a virt-manager VM select "/dev/vdb" and then select "Erase disk".
 
==== Updates ====
 
Until discover gets support the following needs running
 
{{Input|1=<nowiki>
git clone https://invent.kde.org/sitter/kde-linux
cd kde-linux
sudo ./update.sh update
</nowiki>}}
 
=== VM ===
 
==== virt-manager ====
 
* File > New Virtual Machine > Import existing disk image
* [Forward]
* In "Provide the existing storage path:" > Browse, select from disk the raw file that you have downloaded.
* In "Choose the operating system you are installing:" write "Arch Linux".
* [Forward]
* In "Choose Memory and CPU settings:" set resources.
* [Forward]
* Enable the check box "Customize configuration before install".
* [Finish]
* Config window opens
* Make sure at the bottom it says Firmware: UEFI
* On the bottom left, click the button "Add Hardware".
* Add a storage of some reasonable size. E.g. "Create a disk image for the virtual machine" 200 GB. Press the "Finish" button.
* Press the "Begin Installation" button. The VM will start.
 
If virt-manager shows "Unable to connect to libvirt qemu:///system" error, run:
{{Input|1=<nowiki>
sudo systemctl enable libvirt.service && sudo systemctl start libvirt.service
</nowiki>}}
 
If the VM fails to boot and shows the error "No bootable option or device found.". Press Enter, this will start the UEFI user interface. Disable Secure Boot from the UEFI user interface. Device Manager > Secure Boot Configuration > Attempt Secure Boot disable the check box by pressing the Space keyboard key. F10 to save, 'y' keyboard key. Press the "Escape" keyboard key twice, select "Reset".
 
Install the operating system to the second virtual disk. After installing the OS is done, shut down the VM.
 
"VirtIO Disk 1" contains the raw file that you have downloaded.
 
Edit the VM configuration, right click on "VirtIO Disk 1" > Remove Hardware (decide if you want to also delete the raw file that you have downloaded), Delete.
 
Now, "VirtIO Disk 1" is the only virtual storage of the VM and contains the BTRFS storage where you have installed the KDE Linux operating system. Start the VM.
 
=== Local Development ===
 
In order to speed up local builds, you can create a `mkosi.local.conf` file in the root of the repository with the following content:
 
{{Input|1=<nowiki>
[Content]
Environment=LOCALE_GEN="en_US.UTF-8 UTF-8" # replace with your locale`
Environment=MIRRORS_COUNTRY=us # replace with your country code`
Environment=PARALLEL_DOWNLOADS=50 # if your internet connection is fast
</nowiki>}}
 
You need to be using the BTRFS storage driver for docker, otherwise this won't really work.
 
If your host filesystem uses BTRFS (like KDE Linux), you can just add the following to /etc/docker/daemon.json
{{Input|1=<nowiki>
{
  "storage-driver": "btrfs"
}
</nowiki>}}
 
[https://docs.docker.com/engine/storage/drivers/btrfs-driver/#configure-docker-to-use-the-btrfs-storage-driver official docker documentation explaining this]
 
If you don't use BTRFS in your host machine, you can still create a BTRFS volume backed by a file like so:
{{Input|1=<nowiki>
systemctl stop docker.socket docker.service || true
fallocate -l 64G /store/docker.btrfs
mkfs.btrfs /store/docker.btrfs
[ -d /var/lib/docker ] || mkdir /var/lib/docker
mount /store/docker.btrfs /var/lib/docker
systemctl restart docker.socket docker.service
</nowiki>}}
 
Then you can run:
 
{{Input|1=<nowiki>
./build_docker.sh --incremental
</nowiki>}}


== Related projects ==
== Related projects ==


TODO (prior art; how are we different from Neon, from Kinoite, from other immutable distros)
=== Differences from other immutable distros ===
(e.g. Kinoite, Kalpa, SteamOS)
 
1. '''Distributed by KDE.''' This has several advantages:
* The chain of responsibility is never gated on a third party
* KDE and KDE e.V. can have a direct relationship with third parties using it, e.g. hardware OEMs
* KDE can explicitly recommend it without "picking favorites" from among other distro partners
 
2. '''Relies on systemd tooling.''' This means it benefits from the bulk of development done on Systemd outside of KDE. So for example, updates use systemd-sysupdate rather than something like RPM-OStree.
 
3. '''No packaging knowledge required to develop it.''' Packages are used to build the base OS, but not produced or altered.
 
4. '''Offers multiple release schedules.''' This lets every user choose their personal preference with respect to newness vs stability. Should that preference change, switching to a different schedule is safe and painless.
 
=== Prior art ===
KDE neon, KDE's first version of a self-made OS. KDE neon fulfills the "distributed by KDE" requirement, but fails on the reliability angle due to the Ubuntu LTS base that ironically becomes unstable because it needs to be tinkered with to get Plasma to build on it, breaking the LTS promise.


== Roadmap ==
== Roadmap ==
Line 55: Line 217:
TODO (milestones)
TODO (milestones)


== Long-term maintenance ==
== Long-term maintenance and EOL plan ==
OS images are served from https://files.kde.org/kde-linux.


TODO (team and infrastructure requirements for long-term sustainability after release; update cycles; testing infrastructure; architectural future-proofness)
The EOL contingency plan is to push a final update shipping an OS image that transforms the system into a completely different distro, to be chosen at the appropriate point in time (i.e. which distro team we have a good relationship with that could take on all the new users when the time comes).


== Governance ==
== Governance ==
Line 68: Line 231:


== Communication ==
== Communication ==
* [https://go.kde.org/matrix/#/#kde-linux:kde.org Matrix room]
* [https://invent.kde.org/kde-linux/kde-linux/-/issues Gitlab issues]


* [https://go.kde.org/matrix/#/#kdeos:kde.org Matrix room]
== Ideas ==
* [https://invent.kde.org/sitter/kde-linux/-/issues Gitlab issues]
See [[KDE_Linux/Obstsalat]]
 
== Prototype ==


The code is currently located [https://invent.kde.org/sitter/kde-linux here]. Note that it is '''not representative of the final product''' and exists solely as an experimental playground for now.
== External resources ==


== Resources ==
* Presentation by Harald Sitter at Akademy 2024 ([https://conf.kde.org/event/6/contributions/202/attachments/135/171/The%20Operating%20System.pdf slides], [http://www.youtube.com/live/gTxRaBEUe-I?t=25936 recording]).
* https://0pointer.net/blog/fitting-everything-together.html , https://0pointer.net/blog/testing-my-system-code-in-usr-without-modifying-usr.html


* Presentation by Harald Sitter at Akademy 2024 ([https://conf.kde.org/event/6/contributions/202/attachments/135/171/The%20Operating%20System.pdf slides], [http://www.youtube.com/live/gTxRaBEUe-I?t=25936 recording]).
== Linux® ==
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.

Latest revision as of 14:17, 19 November 2024

"KDE Linux" (codenamed "Project Banana") is a work-in-progress name of a KDE-owned general-purpose Linux® distribution proposed at Akademy 2024. Not to be confused with KDE neon.

Warning

This page serves as a design document, thus information presented here should be considered a snapshot of the ongoing discussion, not final decisions.


This page has lots to talk about, please consult the table of contents on the left :)

Goals

TL;DR: Create a bulletproof OS showcasing the best of KDE that we can proudly recommend to users and OEMs, with a coherent "here's how you get it" story.

Goals in detail:

  • Be "The KDE operating system"
  • User-friendly; high-quality UX
  • Doesn't break, or at least easy to recover
  • Keeping security in mind
  • No packaging knowledge needed to develop for it
  • Focus on modern technologies
  • Attractive for our hardware partners
  • Any edition can be used as the main system by our developers for internal dogfooding purposes
  • Support switching between editions/release schedules at any time
  • Exercise codepaths for containerized apps and immutable base systems, to improve KDE software deployed using these technologies in other environments

Non-goals

Does not have to support the runtime installation of kernel modules. This will prevent the out-of-the-box installation of, for example:

  • Proprietary NVIDIA kernel driver (for graphics cards older than NVIDIA GTX 16xx). NVIDIA GPUs must either be new enough to use the open-source kernel modules that can be distributed in-tree, or else use Nouveau
  • VirtualBox (requires out-of-tree modules; QEMU/KVM probably do a better job anyway)
  • Vendor-specific VPNs that require custom out-of-tree kernel modules that cannot be redistributed with the kernel due to license incompatibility

Does not have to support the use case of developing low-level system components like the kernel, drivers, systemd, etc., as this can be troublesome with an immutable base OS.

Target audience and use cases

It should have multiple editions using different release schedules, suitable for different kinds of users. Ideas:

  • Testing edition: built from git master and released daily. Like KDE neon Testing. For QA people, Plasma developers, and Patrick Silva.
  • Enthusiast edition: ships released software, and releases to users on upstream KDE's schedule, like KDE neon User. Additionally, when there are any beta releases, ships the beta. For KDE enthusiasts, power users, and influencers.
  • Stable edition: ships only released software on a delayed schedule, based on TBD quality metrics. For everyone else.

Architecture

Original architecture ideas for the project included the following:

  • Reproducible builds, must-pass CI, automated UI testing
  • Base OS is Arch-based. OS updates are some degree of rolling; snapshot based releases with relatively recent libraries
  • Systemd-boot as the bootloader with nice boot theming
  • Btrfs as the filesystem
  • Encryption of all mutable data (e.g. user homedir, and cache locations on /)
  • Included recovery partition
  • Read-only base system, like SteamOS 3, Fedora Kinoite, and openSUSE Kalpa
  • Atomic image-based A/B updates with rollback functionality
  • Instead of legacy packages we target modern deployment systems such as flatpak and systemd-sysext
  • Apps are from Flatpak (and maybe also Snap if it's not too hard and the UX is okay)
  • Wayland by default
  • Automatic user data backup system using Btrfs snapshots, with a nice GUI around it like Apple's Time Machine
  • DConf-like configuration management UI suitable for enterprise and managed environments leveraging KConfigXT for everything
  • Simple input method configuration for CJK and more
  • "Troubleshooting hub" app

TODO: hardware support, software separation, security model, deployment, OEM mode; proposed solution, alternatives, trade-offs for each section

updates

systemd-sysext

systemd-sysext allows us to overlay developer content on top of /usr without impacting the base system.

Setup

# create directories
mkdir -p ~/kde/usr/lib/extension-release.d/
# create an extension-release file
cp /usr/lib/os-release ~/kde/usr/lib/extension-release.d/extension-release.kde
# make the ID ignored so updates don't break the extension
sed -i s%^ID=.*%ID=_any%g ~/kde/usr/lib/extension-release.d/extension-release.kde
# owned by root so it can't be removed
sudo chown root:root ~/kde/usr/lib/extension-release.d/extension-release.kde
# enable the extension
sudo mkdir /var/lib/extensions/
sudo ln -s $HOME/kde /var/lib/extensions/kde
sudo systemd-sysext merge
sudo systemd-sysext

Use

Use DESTDIR=~/kde to install stuff and then restart systemd-sysext. Beware that when changing polkit/dbus stuff you also want to restart those services as they don't necessarily pick up changes.

DESTDIR=~/kde ninja install && sudo systemctl restart systemd-sysext.service

Prototype

The code is currently located here. Note that it is not representative of the final product and exists as an experimental playground for now.

Installation

GUI

Use ISO Image Writer

Terminal

  • Download the latest .raw file
  • Attach a USB drive
  • Use lsblk to find the right /dev/node. e.g. /dev/sda
  • sudo dd if=kdeos.raw of=/dev/sda bs=4M
  • sudo sync
  • Reboot into the USB stick
  • no password on SDDM

Install

Run "Install System" (Calamares) from the "Welcome Center" app by single clicking on the icon or from the KDE Plasma desktop by double clicking on the app or from the KDE Plasma start menu (Application Launcher) > System > Install System.

In the installer wizard, at the page 4 "Partitions", from the "Select storage device:" combo box, select the storage device which does not contain the currently running operating system. E.g. if installing inside a virt-manager VM select "/dev/vdb" and then select "Erase disk".

Updates

Until discover gets support the following needs running

git clone https://invent.kde.org/sitter/kde-linux
cd kde-linux
sudo ./update.sh update

VM

virt-manager

  • File > New Virtual Machine > Import existing disk image
  • [Forward]
  • In "Provide the existing storage path:" > Browse, select from disk the raw file that you have downloaded.
  • In "Choose the operating system you are installing:" write "Arch Linux".
  • [Forward]
  • In "Choose Memory and CPU settings:" set resources.
  • [Forward]
  • Enable the check box "Customize configuration before install".
  • [Finish]
  • Config window opens
  • Make sure at the bottom it says Firmware: UEFI
  • On the bottom left, click the button "Add Hardware".
  • Add a storage of some reasonable size. E.g. "Create a disk image for the virtual machine" 200 GB. Press the "Finish" button.
  • Press the "Begin Installation" button. The VM will start.

If virt-manager shows "Unable to connect to libvirt qemu:///system" error, run:

sudo systemctl enable libvirt.service && sudo systemctl start libvirt.service

If the VM fails to boot and shows the error "No bootable option or device found.". Press Enter, this will start the UEFI user interface. Disable Secure Boot from the UEFI user interface. Device Manager > Secure Boot Configuration > Attempt Secure Boot disable the check box by pressing the Space keyboard key. F10 to save, 'y' keyboard key. Press the "Escape" keyboard key twice, select "Reset".

Install the operating system to the second virtual disk. After installing the OS is done, shut down the VM.

"VirtIO Disk 1" contains the raw file that you have downloaded.

Edit the VM configuration, right click on "VirtIO Disk 1" > Remove Hardware (decide if you want to also delete the raw file that you have downloaded), Delete.

Now, "VirtIO Disk 1" is the only virtual storage of the VM and contains the BTRFS storage where you have installed the KDE Linux operating system. Start the VM.

Local Development

In order to speed up local builds, you can create a `mkosi.local.conf` file in the root of the repository with the following content:

[Content]
Environment=LOCALE_GEN="en_US.UTF-8 UTF-8" # replace with your locale`
Environment=MIRRORS_COUNTRY=us # replace with your country code`
Environment=PARALLEL_DOWNLOADS=50 # if your internet connection is fast

You need to be using the BTRFS storage driver for docker, otherwise this won't really work.

If your host filesystem uses BTRFS (like KDE Linux), you can just add the following to /etc/docker/daemon.json

{
  "storage-driver": "btrfs"
}

official docker documentation explaining this

If you don't use BTRFS in your host machine, you can still create a BTRFS volume backed by a file like so:

systemctl stop docker.socket docker.service || true
fallocate -l 64G /store/docker.btrfs
mkfs.btrfs /store/docker.btrfs
[ -d /var/lib/docker ] || mkdir /var/lib/docker
mount /store/docker.btrfs /var/lib/docker
systemctl restart docker.socket docker.service

Then you can run:

./build_docker.sh --incremental

Related projects

Differences from other immutable distros

(e.g. Kinoite, Kalpa, SteamOS)

1. Distributed by KDE. This has several advantages:

  • The chain of responsibility is never gated on a third party
  • KDE and KDE e.V. can have a direct relationship with third parties using it, e.g. hardware OEMs
  • KDE can explicitly recommend it without "picking favorites" from among other distro partners

2. Relies on systemd tooling. This means it benefits from the bulk of development done on Systemd outside of KDE. So for example, updates use systemd-sysupdate rather than something like RPM-OStree.

3. No packaging knowledge required to develop it. Packages are used to build the base OS, but not produced or altered.

4. Offers multiple release schedules. This lets every user choose their personal preference with respect to newness vs stability. Should that preference change, switching to a different schedule is safe and painless.

Prior art

KDE neon, KDE's first version of a self-made OS. KDE neon fulfills the "distributed by KDE" requirement, but fails on the reliability angle due to the Ubuntu LTS base that ironically becomes unstable because it needs to be tinkered with to get Plasma to build on it, breaking the LTS promise.

Roadmap

TODO (milestones)

Long-term maintenance and EOL plan

OS images are served from https://files.kde.org/kde-linux.

The EOL contingency plan is to push a final update shipping an OS image that transforms the system into a completely different distro, to be chosen at the appropriate point in time (i.e. which distro team we have a good relationship with that could take on all the new users when the time comes).

Governance

TODO

Promotion

TODO (name and branding, public image, effect on relations with other distros and hardware partners)

Communication

Ideas

See KDE_Linux/Obstsalat

External resources

Linux®

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.