Canonical reveals more details about Ubuntu Core Desktop
This new entrant in the immutable space is not a replacement for ordinary Ubuntu
Ubuntu Summit Next April a new LTS Ubuntu arrives, and alongside it will be an immutable desktop edition.
At this year's Ubuntu conference in Rīga, Latvia, Canonical revealed more details about its forthcoming immutable desktop distro. Product manager Oliver Smith and engineering manager Ken VanDine jointly gave a talk describing some of what is to come. The Reg previously looked at what to expect back in June, but more is becoming clear.
Core Desktop is not the next version of Ubuntu itself. Ordinary desktop and server Ubuntu aren't going anywhere, and the next release, numbered 24.04 and codenamed Noble Numbat as we mentioned last month, will be the default and come with all the usual editions and flavors.
Nor is this a whole new product: it is a graphical desktop edition of the existing Ubuntu Core distro, as we examined on its release in June last year, a couple of months after 22.04. Ubuntu Core is Canonical's Internet of Things (IoT) distro, intended to be embedded on edge devices, such as digital signs and smart displays. It is an immutable distro, meaning that the root filesystem is read-only and there's no conventional package manager.
Rather than being a basis for customization, like a conventional Linux, the idea is that immutable distros are rolled out and updated more like a phone or tablet OS: there's a single fixed and heavily tested OS image, and it's deployed onto the devices out in the field without modification. Updates are monolithic: a whole fresh image is pushed out, and all the OS components are upgraded in a single operation to the same combination.
That isn't unique. Most of the major Linux vendors have immutable offerings, and The Reg has looked at several over the years, including MicroOS, the basis of SUSE's next-gen enterprise OS ALP. As well as the well-known ChromeOS, another immutable desktop is the educational distro Endless OS.
The talk called out as benefits of Core Desktop some features shared with other distros:
System files cannot be altered by users or applications.
Atomic updates are applied all at once or not at all.
Confined system services prevent dependency conflicts.
And continued with…
Since each instance of the OS is identical, administrators do not have to deal with inconsistencies between different systems.
Atomic updates and rollbacks simplify the process of applying system updates and fixing issues.
So far, so good, but Canonical believes it has some unique new angles. Core Desktop is constructed as additional layers on top of the existing Ubuntu Core distro, and like Core, it's entirely built with a single packaging system: Ubuntu's Snap.
While Snap remains controversial, it does have some compelling advantages over both SUSE and Red Hat's tooling. SUSE's
transactional_update tool, while simpler than its rivals in implementation, requires a snapshot-capable filesystem, meaning that its immutable distros must use Btrfs. While it has many admirers, the number and the contents of the orange and red cells in the feature tables here in its own documentation reflect the FOSS desk's serious reservations about Btrfs.
Red Hat, of course, long ago banished Btrfs from RHEL. Lacking a snapshotting filesystem, the Big Purple Hat-sponsored transactional tools are considerably more complex, and divided into two separate types. We examined the hows and whys and some of various implementations in our Linux resilience articles earlier this year. Red Hat's immutable distros use OSTree for the underlying operating system, and Flatpak for graphical applications.
Canonical describes Ubuntu Core Desktop in terms of a seven-layered design, from kernel up to multiple Snap apps (click to enlarge)
Ubuntu Core Desktop offers a much simpler proposition: one packaging system from kernel to applications. Smith's slides showed applications sitting on top of five layers:
- Additional Bases (App specific bases to ensure compatibility across Ubuntu versions)
- Ubuntu Desktop Session (A Wayland session supporting the GNOME desktop environment)
- Boot Base (The minimal bootable root filesystem and display manager)
- Gadget (defines the boot loader, kernel arguments, encryption and security requirements) and Snapd (the core framework that integrates the system components)
- Kernel (Kernel and necessary drivers)
The stack is unified by something called a Model assertion, which is described as "the 'map' of the system, cryptographic chain of trust to ensure system integrity."
Although one of the objects of the exercise was to assure system administrators of a homogeneous OS that will be identical across all deployed machines, part of the plan is that its modularity allows layers to be individually replaced without disrupting the whole stack: for instance, "Kernel snaps can be replaced or track different channels e.g. a 'gaming optimized' kernel with newer Nvidia drivers." Similarly, the desktop-session layer can be replaced, even on a deployed system: "Desktop sessions can be changed to faster moving 'edge' channels or alternative desktop environments, whilst staying on a stable, LTS base."
Ubuntu's new TPM chip-backed Full Disk Encryption system, which appeared in the beta version of 23.10 Mantic Minotaur, is also a component, so the system's storage can be encrypted without the need to enter a passphrase to start the machine.
Core Desktop is intended to support more general-purpose roles than just edge devices – such as, in principle, gaming devices (click to enlarge)
Support for certain other system roles is a priority, including gaming on Intel, AMD, and Nvidia GPUs, and both native Linux games plus Windows titles via Proton. Former Canonical staffer Alan Pope demonstrated a Steam Deck running Ubuntu Core at the event, and his lengthy blog post about the experience contains some interesting details about how well the developer preview already works.
Under development are further features, including an LXD container, which will support software development on the OS, including bringing in various IDEs and the ability to install traditional
.deb packages. It will be supported by Ubuntu's Landscape fleet-management suite, including remote device management and reporting. Login to Microsoft's Active Directory is on the roadmap as well.
We suspect that Core Desktop might yet be the tool that validates Canonical's Snap format and helps to overcome some of the resistance it faces. Snap's single-file distribution format is simple and enables transactional installation – including, critically, rollback – without a fancy filesystem underneath, or elaborate distribution methods such as libostree. It doesn't even require the Snap Store – or any store at all, as we will return to describe in a future article.
- Trinity desktop's latest release snaps into action on Q4OS 5.3
- Linux will soon offer switchable x86-32 binary support
- Mozilla treats Debian devotees to the raw taste of Firefox Nightly
- Wayland heading for default status as Mint devs mix it into Cinnamon 6 bun
Snap packages are also already internally compressed. Compression of Flatpak apps is a key reason that Fedora now uses Btrfs, although it's worth noting that, as of yet, Snap doesn't include any form of deduplication between separate packages. However, experimental ZFS support returned in the 23.10 release and ZFS includes block-level deduplication, so this could appear in time as well.
Ubuntu Core Desktop is not ready yet, and probably won't be for around another five or six months; the final slide says that "release blockers" include:
- ISO creation and install experience
- Testing infrastructure
- Stable release tracks
- Supporting documentation
However, the tech looks impressive. In 2024, Ubuntu will have been around for 20 years. There's already considerable interest in immutable distributions, and Canonical's Ubuntu Core debuted in 2014. It's not a household name, but Ubuntu Core is already out there in the field, and if it ships on schedule, Core Desktop will appear a decade after Core itself. The potential is very considerable and we will track it with interest. ®