Gregory's ServerGNOME Software received a brand new systemd-sysupdate plugin. That was one of the last pieces needed to complete the migration of GNOME OS from OSTree to systemd-sysupdate.
https://adrienplazas.com/blog/2024/12/20/a-systemd-sysupdate-plugin-for-gnome-software.html
 9 comments
To make it very explicit as I got limited in size for the previous toot: - I'm really glad GNOME OS development is taking off. The success of any Image Based Linux system will be a success for all of the others (mindshare for Flatpak, etc.). Taking different approaches is also good as it may fit some use cases better. - I fully agree that support for UKI in ostree is not in a great state right now. We are working on it as part of the Bootable Containers work. @siosm Oh great to know! Given I use OSTree-based OSes with much pleasure since 2017, I'm glad to learn that! I'll likely update the article to fix that misinformation, thanks! 🙂  @siosm @KekunPlazas unless I'm mistaken, @EndlessOS has always supported secure boot (it’s required for our optional PAYG stuff), and is the original OSTree-based distro. 🤔 I don’t know the specifics but I’m sure @wjt could nerd out about it more than I can. @cassidy @siosm @EndlessOS @wjt Unless I'm mistaken Linux distros typically support SecureBoot… up to a certain point. We typically supported the first steps of the chain of trust, allowing to run on SecureBoot systems, but not the last ones. Frankly, I barely understand any of this as I never studied it in depth. 😅 I should have added "Confidence of a white guy who knows nothing about a topic but will nonetheless talk about it" as a content warning.  @KekunPlazas Once I can get gnome is to boot properly I might give it another try as a daily driver.   |
@KekunPlazas
> While OSTree ..., it has a significant drawback: it can’t support SecureBoot because it can’t support Unified Kernel Images, ...
That's not true. We demonstrated that in https://media.ccc.de/v/all-systems-go-2024-309-the-road-to-a-trusted-and-measured-boot-chain-in-bootable-containers.
You can say that it's not fully integrated, it's not ready or it's not what you want to do, but please don't say that it's not possible when we showed that it is.
I'm really glad that GNOME OS development is taking off so please don't justify technical decisions with misconceptions.
@KekunPlazas
> While OSTree ..., it has a significant drawback: it can’t support SecureBoot because it can’t support Unified Kernel Images, ...
That's not true. We demonstrated that in https://media.ccc.de/v/all-systems-go-2024-309-the-road-to-a-trusted-and-measured-boot-chain-in-bootable-containers.