Been running Aeon, the Gnome version of Kalpa, on my personal laptop for about six months now. I came from Tumbleweed so the learning curve wasn't steep. Overall the experience has been good!
The one major issue I had from the start was non-free Bluetooth codecs like AptX. That required me to taint the base image and add a non-official repo. It was messy but that was mostly down to it being a learning process, if I had to do it again I could probably do it with a single run of transactional-update shell.
The installer is super minimal and surprisingly user-friendly. One thing I remember is that there was zero partitioning choice: just use the full disk for encrypted btrfs and you get no swap (but zram swap is on by default). If you use OpenSUSE with secure boot enabled (as intended) then hibernate is prevented by kernel_lockdown anyway.
Snapper by default is nice, but you also get that with Tumbleweed. I ran into no applications that I couldn't get from Flatpaks or export from a distrobox, the latter being mostly for obscure stuff I need to compile myself. And my main toolbox hosts my Emacs environment that I spend most of my time in besides Firefox.
It's hard to recommend a MicroOS desktop over Tumbleweed, the latter being a great all-purpose distro as it is. But I'm hoping the benefits of forcing this "rootless" paradigm on myself will appear when it's time to move to a new machine. Just copy over my home directory and distroboxes and I'm golden, I could even switch to ARM without hesitation.
The distroboxes help with migrating because if I want to compile a newer version of that obscure program from earlier, I don't have to hunt down all the arcane requirements again. They're all still there waiting for me, in a Fedora/Ubuntu/Arch/whatever distrobox, depending on what works best for that program. At least that's the theory.
I did some manual partitioning when installing Kalpa: I added a Swap partition whose capacity I set equal to RAM + 2GB, which got hibernate working.
I think Hibernate is strictly better than Sleep: Why should a computer still use power when it isn't doing anything? And if you could get a desktop to recover its state before a full reboot without using Hibernate, then why would you need Sleep anyway?
Yeah I read further down in the comments that Aeon and Kalpa have actually diverged quite a bit, the installer might be one of those divergences. How are you liking Kalpa?
The main benefit of sleeping to RAM is of course the resume speed, which makes it more suitable for when you just left your computer inactive for 15 minutes. That goes double if you use encryption without TPM unlocking.
For leaving your computer overnight, hibernate wins on all fronts. I'm enthusiastic about sleep-then-hibernate schemes, but haven't gotten them to work on my devices yet.
I am not sure I fully understand the usability trade-offs when it comes to these "atomic" distros. One the one hand, security seems to improve markedly, since the root filesystem is largely immutable. On the other hand, it does seem that a lot of straightforward things become harder. I generally dislike flatpaks and favor a low-level, bare-metal approach to things and atomic distros seem to go against that. Maybe I should just run some experiments in a VM.
The idea is that the immutability of the operating system leads to greater stability. The partition should (in theory) be exactly as the distribution expects on every computer it’s installed to, which limits the potential for user changes breaking anything. The benefit to the user is that it’s a lot harder to shoot yourself in the foot by running the wrong script.
For me, the point is not security, but maintenance. Whenever system upgrades have gone wrong, it's almost always been a partial update, and that just no longer happens.
I've found doing work in containers made things straightforward enough, as a developer. Though I still somewhat think that that's just moving the problem - I'm not quite keeping those containers up-to-date. distrobox assemble helps a bit though.
> dislike flatpaks and favor a low-level, bare-metal approach
Flatpaks are sandboxed with bubblewrap[1]. I would still call that bare-metal. And flatpaks aren't particularly bloated either, there's no need for a flatpak to be any bigger than a regular binary if it only depends on the kde/gnome/freedesktop runtime.
I used to prefer installing apps via my distro directly, but I now prefer using flatpaks because of the way it sandboxes the applications. When I delete a flatpak I know for sure any configuration or cache files for that app are also gone (unless you opt to keep them).
If you want to play with atomic distro's, there's a bunch of different approaches out there. For instance GnomeOS is not package based at all. OpenSUSE works via btrfs snapshots, Fedora Atomic uses rpm-ostree currently.
If you manage enough diverse servers, then patching will break something critical fairly frequently. Back when I was a sysadmin, Windows updates would break some server every 2 months, and Redhat every 6 months.
Being able to just reboot the server back into a working state, and then fix it at a later time would have been nice.
It's also a big deal for desktops, especially when they're operated by people who ain't experts at troubleshooting software issues. Aeon's my go-to when setting up computers for non-technical folks specifically because I can have it auto-update fearlessly, knowing that the absolute worst case scenario is having to talk someone through booting into a known-good snapshot.
I've installed https://getaurora.dev/en/, another atomic Linux distro, for a non technical user and find it really good. I've read arguments that its architecture was better than kalpa, but I don't find it back and I have no sufficient knowledge or experience of both to have an opinion.
This web page doesn't do a good job of motivating the reader.
I understand what the Plasma Desktop Environment is. But what is "atomic and transactional Linux"? What are the advantages to the alternatives? What other projects are similar? What is the motivation for this project in particular? Most importantly, why should I want to use it?
It's a glorified Live CD, with added "persistence" for user data. Updates are done by replacing the system install (which is readonly during normal operation, just like a Live CD) and rebooting, with an A+B mechanism enabling seamless updates during operation, as well as rollback if the new install fails. It's the modern "cattle not pets" approach to system administration: every system is running a well-defined ("atomic") Live CD equivalent, not something bespoke that's the unpredictable result of partial updates and/or edits on the running system.
No, updates are done by creating a snapshot of the read only mounted root, and applying the packages via the usual package manager in there. The snapshot only becomes active at reboot, and if starting fails it'll revert automatically back to the last known working snapshot for the next boot.
Things like /etc are writeable, so you don't need to reboot for simple configuration changes.
You can run it just like always with all packages installed - it's just not recommended as the additional complexity on updates increases the risk that manual intervention is needed, and tooling is good enough that for a lot of stuff you don't really need it there. Like, toolbox or distrobox as podman based containers running in the host namespace (either as user or root), allowing persistent installation of debug tools, without having to reboot.
Linux distros that are updated with full system snapshots instead of package by package, similar to Android. The key difference is most of / is mounted read-only[0] and is only changed by distribution provided updates so you and the distro team always know exactly what's running.
> What are the advantages to the alternatives?
Greater control and stability since its essentially always running in a supported configuration. Easy roll-backs to a previous update if something goes wrong. You always know exactly what your system is running if you want to keep it in sync across machines (more useful in a server setting).
> What other projects are similar
Kalpa is a "sibling" project to AeonOS, which is atomic OpenSUSE but with Gnome (and other changes, which I'll get to). There's also the Fedora Atomic line of Fedora Kinoite and Silverblue (KDE and Gnome respectively), U-Blue, Bazzite, SteamOS, and more. I think most major distro lines have an Atomic variant at this point.
> What is the motivation for this project in particular?
For Kalpa specifically, it's to offer a KDE alternative to AeonOS. Originally there was just AeonOS, which was OpenSUSE MicroOS (an atomic version of OpenSUSE Tumbleweed) with GNOME installed. Aeon has diverged greatly from MicroOS though and I think it no longer uses it as an upstream. AeonOS also refused to support KDE[1], so Kalpa was created. Kalpa still uses MicroOS as its upstream and I'm not sure if there's any plans to change that.
> Most importantly, why should I want to use it?
I use it on my personal laptop because it lets me have all the benefits of a rolling distro (up to date packages) without the stability concerns. Updates apply automatically in the background and I know when I reboot I'll always have a working system available to me.
[0] /etc is mounted as an overlay FS so you can still make changes to it. /var, /usr/local, and /srv are also still user-writable. I think /mnt is too but I forget off hand.
[1] Aeon is generally anti-customization and does its best to only offer one way of doing things. This is to prevent configuration drift and reduce the maintenance burden per snapshot. GNOME also has a more regular release cadence, which makes it much easier to integrate than KDE (or so I've been told..)
Yes, all projects in this sphere should communicate better.
An atomic distro is one in which the updates are swapped atomically at reboots. They also go by the name of immutable distros. Only the "system" partition is immutable.
Most popular I would say is SteamOS followed by the Fedora variants (Silverblue, Kinoite) and derivatives (Bazzite).
They are still limiting in daily use, rough around some edges.
It's buried in the About page, but it uses different terminology. They definitely have to review their copy.
> Automatic Updates: Updates never touch your running system, only taking effect on reboot.
> Resilient: Due to the atomic nature of updates, if something goes wrong, the system will automatically roll back to the last known good working state
I daily drive kalpa and also installed it on my family computer. I landed on kalpa after a long time researching, so, let me dump an overview of this new distro tech.
# Terminology
1. Immutable: The core OS (/usr directory) is kept in "pristine" condition by disallowing modifications.
- Discourage installing packages or removing packages.
- well-tested (as most users are running the same OS with same package version)
- System upgrades are an entirely new immutable copy
2. Atomic/Transactional: Similar to atomicity in databases, where a bunch of operations are bundled into a transaction (atomic =indivisible unit), and it either succeeds completely or it fails completely. Just like that, a system upgrade succeeds or it doesn't. There's no partial package updates.
1. declarative-config: ALL your system configuration in a config file eg: package versions, network config, user accounts and so on. eg: NixOS, BlendOS
2. OSTree-based: You use cloud/container (OCI) technology (eg: docker files) to layer upon existing layers (eg: pre-baked system images). eg: fedora's atomic spins, vanillaOS, endlessOS. So, fedora coreOS is the base layer -> atomic spins like silverblue/kinoite layer desktop packages like gnome/kde etc.. -> the infamous gaming distro "bazzite" layers gaming packages like wine/steam/drivers etc. and so on.
3. Btrfs-snapshot-based: You take a btrfs snapshot of your root partition before upgrading, so that you can boot into it if the upgrade fails. eg: suse-microos family (kalpa belongs here), chimeraOS
4. systemd-mkosi based: You essentially "curate" an entire OS filesystem in a directory using mkosi and deploy it as an immutable disk image. eg: kdelinux
Most of these distros (except btrfs-based) simply use the A/B root system. They just maintain two root partitions/images, put any upgrade into the "other" partition, mark that as live and the current partition as backup. If the boot into the new partition fails, they just boot into the backup partition and just wait for next upgrade.
As they don't allow usage of system package manager, you are supposed do package management at user level. For gui apps, you resort to flatpak. For other utilities, you usually pick homebrew or language-specific tools like cargo, pip/npm etc..
# The magical tool called Distrobox
This runs containers in userspace and tries to integrate them into your system as much as possible.
A lot of software development requires system level services or shell access or install dependencies etc.. You obviously can't do that on host, as system package management is essentially forbidden and half the point of immutable distros is to keep the host "clean".
So, you create a container and do all your development in there. If it gets too dirty, you just delete it and create a new one.
Personally, I use an arch container for development, as it has all the bleeding edge packages and the convenient AUR too. vscode (from flatpak) supports connecting to containers using official remote extension. I also run a media server inside it. You can also install any system packages or cmdline utilities you want inside it (eg: codecs, ollama, etc..).
# Why kalpa over others?
- Great KDE polish that suse is known for
- btrfs tech is mature and was already used in suse for years, the atomic system is very simple to understand and you can just pick the snapshot you want at boot menu.
- Despite being immutable, customizing the system (eg: installing a driver, kernel modules, firewalls etc. ) is easy too.
- just enter a transactional update shell
- this creates a new mutable snapshot of the current system and chroots into it
- run all the commands you want inside the shell. eg: install/remove packages, enable services etc.
- exit shell. This will mark the transaction as success/complete and set the snapshot as live for next boot.
- Minimal by default.
- Updates are fast/tiny, as they are just routine rolling release updates from tumbleweed repos.
There are some problems too:
- single maintainer
- less popular, compared to alternatives like fedora-based atomic spins.
- It's based on tumbleweed, so, you get lots of tiny updates (almost daily). Fedora based, for example, have weekly/bi-weekly updates.
- still in alpha stage (but once you set it up, it's rock solid).
- Immutability is still a new concept, and flatpaks are rough around the edges. Expect bugs. Mutable/traditional distros are still easier to use, as that has been "the way" forever.
Kalpa is great and hits way above its alpha status; I've been running it on my laptop for months now with zero issues. It's been really nice to not have to worry about updates, just gotta reboot it every now and then and most things just work.
I wanted to try an Atomic Linux, I think I tried the Fedora flavor, nothing really worked for me for some reason, I gave in to Arch and tried it a la EndeavourOS. Have not looked back since.
I've been using Aeon for about 8 months now and while I appreciate the intent and feel its well engineered, in practice I run into all sorts of edge cases where I'm fighting the system to do what I want to do. I'm sticking with it because I do learn interesting things in the process, and sunk cost fallacy, but I find it hard to recommend. I probably am too opinionated on my system to be the best target user though
since flatpacks/snaps/appimages are containerized-ish, i see no point in these immutable distros any more. also, cosmic is where the focus of linux desktop should be, not kde or gnome.
109 comments
The one major issue I had from the start was non-free Bluetooth codecs like AptX. That required me to taint the base image and add a non-official repo. It was messy but that was mostly down to it being a learning process, if I had to do it again I could probably do it with a single run of
transactional-update shell.The installer is super minimal and surprisingly user-friendly. One thing I remember is that there was zero partitioning choice: just use the full disk for encrypted btrfs and you get no swap (but zram swap is on by default). If you use OpenSUSE with secure boot enabled (as intended) then hibernate is prevented by
kernel_lockdownanyway.Snapper by default is nice, but you also get that with Tumbleweed. I ran into no applications that I couldn't get from Flatpaks or export from a distrobox, the latter being mostly for obscure stuff I need to compile myself. And my main toolbox hosts my Emacs environment that I spend most of my time in besides Firefox.
It's hard to recommend a MicroOS desktop over Tumbleweed, the latter being a great all-purpose distro as it is. But I'm hoping the benefits of forcing this "rootless" paradigm on myself will appear when it's time to move to a new machine. Just copy over my home directory and distroboxes and I'm golden, I could even switch to ARM without hesitation.
The distroboxes help with migrating because if I want to compile a newer version of that obscure program from earlier, I don't have to hunt down all the arcane requirements again. They're all still there waiting for me, in a Fedora/Ubuntu/Arch/whatever distrobox, depending on what works best for that program. At least that's the theory.
Happy to answer questions.
I think Hibernate is strictly better than Sleep: Why should a computer still use power when it isn't doing anything? And if you could get a desktop to recover its state before a full reboot without using Hibernate, then why would you need Sleep anyway?
The main benefit of sleeping to RAM is of course the resume speed, which makes it more suitable for when you just left your computer inactive for 15 minutes. That goes double if you use encryption without TPM unlocking.
For leaving your computer overnight, hibernate wins on all fronts. I'm enthusiastic about sleep-then-hibernate schemes, but haven't gotten them to work on my devices yet.
I've found doing work in containers made things straightforward enough, as a developer. Though I still somewhat think that that's just moving the problem - I'm not quite keeping those containers up-to-date.
distrobox assemblehelps a bit though.> dislike flatpaks and favor a low-level, bare-metal approach
Flatpaks are sandboxed with bubblewrap[1]. I would still call that bare-metal. And flatpaks aren't particularly bloated either, there's no need for a flatpak to be any bigger than a regular binary if it only depends on the kde/gnome/freedesktop runtime.
I used to prefer installing apps via my distro directly, but I now prefer using flatpaks because of the way it sandboxes the applications. When I delete a flatpak I know for sure any configuration or cache files for that app are also gone (unless you opt to keep them).
If you want to play with atomic distro's, there's a bunch of different approaches out there. For instance GnomeOS is not package based at all. OpenSUSE works via btrfs snapshots, Fedora Atomic uses rpm-ostree currently.
[1]: https://github.com/containers/bubblewrap
If you manage enough diverse servers, then patching will break something critical fairly frequently. Back when I was a sysadmin, Windows updates would break some server every 2 months, and Redhat every 6 months.
Being able to just reboot the server back into a working state, and then fix it at a later time would have been nice.
I understand what the Plasma Desktop Environment is. But what is "atomic and transactional Linux"? What are the advantages to the alternatives? What other projects are similar? What is the motivation for this project in particular? Most importantly, why should I want to use it?
>But what is "atomic and transactional Linux"?
It's a glorified Live CD, with added "persistence" for user data. Updates are done by replacing the system install (which is readonly during normal operation, just like a Live CD) and rebooting, with an A+B mechanism enabling seamless updates during operation, as well as rollback if the new install fails. It's the modern "cattle not pets" approach to system administration: every system is running a well-defined ("atomic") Live CD equivalent, not something bespoke that's the unpredictable result of partial updates and/or edits on the running system.
Things like /etc are writeable, so you don't need to reboot for simple configuration changes.
You can run it just like always with all packages installed - it's just not recommended as the additional complexity on updates increases the risk that manual intervention is needed, and tooling is good enough that for a lot of stuff you don't really need it there. Like, toolbox or distrobox as podman based containers running in the host namespace (either as user or root), allowing persistent installation of debug tools, without having to reboot.
> what is "atomic and transactional Linux"?
Linux distros that are updated with full system snapshots instead of package by package, similar to Android. The key difference is most of / is mounted read-only[0] and is only changed by distribution provided updates so you and the distro team always know exactly what's running.
> What are the advantages to the alternatives?
Greater control and stability since its essentially always running in a supported configuration. Easy roll-backs to a previous update if something goes wrong. You always know exactly what your system is running if you want to keep it in sync across machines (more useful in a server setting).
> What other projects are similar
Kalpa is a "sibling" project to AeonOS, which is atomic OpenSUSE but with Gnome (and other changes, which I'll get to). There's also the Fedora Atomic line of Fedora Kinoite and Silverblue (KDE and Gnome respectively), U-Blue, Bazzite, SteamOS, and more. I think most major distro lines have an Atomic variant at this point.
> What is the motivation for this project in particular?
For Kalpa specifically, it's to offer a KDE alternative to AeonOS. Originally there was just AeonOS, which was OpenSUSE MicroOS (an atomic version of OpenSUSE Tumbleweed) with GNOME installed. Aeon has diverged greatly from MicroOS though and I think it no longer uses it as an upstream. AeonOS also refused to support KDE[1], so Kalpa was created. Kalpa still uses MicroOS as its upstream and I'm not sure if there's any plans to change that.
> Most importantly, why should I want to use it?
I use it on my personal laptop because it lets me have all the benefits of a rolling distro (up to date packages) without the stability concerns. Updates apply automatically in the background and I know when I reboot I'll always have a working system available to me.
[0] /etc is mounted as an overlay FS so you can still make changes to it. /var, /usr/local, and /srv are also still user-writable. I think /mnt is too but I forget off hand.
[1] Aeon is generally anti-customization and does its best to only offer one way of doing things. This is to prevent configuration drift and reduce the maintenance burden per snapshot. GNOME also has a more regular release cadence, which makes it much easier to integrate than KDE (or so I've been told..)
An atomic distro is one in which the updates are swapped atomically at reboots. They also go by the name of immutable distros. Only the "system" partition is immutable.
Most popular I would say is SteamOS followed by the Fedora variants (Silverblue, Kinoite) and derivatives (Bazzite).
They are still limiting in daily use, rough around some edges.
> Automatic Updates: Updates never touch your running system, only taking effect on reboot.
> Resilient: Due to the atomic nature of updates, if something goes wrong, the system will automatically roll back to the last known good working state
# Terminology
1. Immutable: The core OS (/usr directory) is kept in "pristine" condition by disallowing modifications.
2. Atomic/Transactional: Similar to atomicity in databases, where a bunch of operations are bundled into a transaction (atomic =indivisible unit), and it either succeeds completely or it fails completely. Just like that, a system upgrade succeeds or it doesn't. There's no partial package updates.NOTE: kalpa in particular, uses suse-microos tech called Transactional-Update https://documentation.suse.com/sles/15-SP7/html/SLES-all/cha...
# Atomic styles
4 mainstream models of immutable distros:
1. declarative-config: ALL your system configuration in a config file eg: package versions, network config, user accounts and so on. eg: NixOS, BlendOS
2. OSTree-based: You use cloud/container (OCI) technology (eg: docker files) to layer upon existing layers (eg: pre-baked system images). eg: fedora's atomic spins, vanillaOS, endlessOS. So, fedora coreOS is the base layer -> atomic spins like silverblue/kinoite layer desktop packages like gnome/kde etc.. -> the infamous gaming distro "bazzite" layers gaming packages like wine/steam/drivers etc. and so on.
3. Btrfs-snapshot-based: You take a btrfs snapshot of your root partition before upgrading, so that you can boot into it if the upgrade fails. eg: suse-microos family (kalpa belongs here), chimeraOS
4. systemd-mkosi based: You essentially "curate" an entire OS filesystem in a directory using mkosi and deploy it as an immutable disk image. eg: kdelinux
NOTE: systemd-mkosi is the vision of systemd maintainers as mentioned here: https://0pointer.net/blog/fitting-everything-together.html . There's a whole bunch of system features in development to achieve this ideal.
Most of these distros (except btrfs-based) simply use the A/B root system. They just maintain two root partitions/images, put any upgrade into the "other" partition, mark that as live and the current partition as backup. If the boot into the new partition fails, they just boot into the backup partition and just wait for next upgrade.
As they don't allow usage of system package manager, you are supposed do package management at user level. For gui apps, you resort to flatpak. For other utilities, you usually pick homebrew or language-specific tools like cargo, pip/npm etc..
# The magical tool called Distrobox
This runs containers in userspace and tries to integrate them into your system as much as possible.
A lot of software development requires system level services or shell access or install dependencies etc.. You obviously can't do that on host, as system package management is essentially forbidden and half the point of immutable distros is to keep the host "clean".
So, you create a container and do all your development in there. If it gets too dirty, you just delete it and create a new one.
Personally, I use an arch container for development, as it has all the bleeding edge packages and the convenient AUR too. vscode (from flatpak) supports connecting to containers using official remote extension. I also run a media server inside it. You can also install any system packages or cmdline utilities you want inside it (eg: codecs, ollama, etc..).
# Why kalpa over others?
- Great KDE polish that suse is known for
- btrfs tech is mature and was already used in suse for years, the atomic system is very simple to understand and you can just pick the snapshot you want at boot menu.
- Despite being immutable, customizing the system (eg: installing a driver, kernel modules, firewalls etc. ) is easy too.
- Minimal by default.- Updates are fast/tiny, as they are just routine rolling release updates from tumbleweed repos.
There are some problems too:
- single maintainer
- less popular, compared to alternatives like fedora-based atomic spins.
- It's based on tumbleweed, so, you get lots of tiny updates (almost daily). Fedora based, for example, have weekly/bi-weekly updates.
- still in alpha stage (but once you set it up, it's rock solid).
- Immutability is still a new concept, and flatpaks are rough around the edges. Expect bugs. Mutable/traditional distros are still easier to use, as that has been "the way" forever.
"note: These installation instructions will be changing, with the Beta release of Kalpa"
A bit rough around the edges - so probably unfair to publicise too prominently yet.
I admittedly only used it on a 13 year old gaming computer and couldn't get the GPU drivers because... you know containers.
This is something trivial with a regular install. (Especially with LLMs to assist)
I want to like Atomic, but it feels like an Apple-like regression in computing.