poki
By default, Fedora Atomic envisions the following in regards to installing packages/software:
- First, try the Flatpak.
- If that doesn’t work, use Toolbx(/Distrobox).
- If all else fails, resort to
rpm-ostree
.
This works pretty fine, but isn’t perfect:
- Flatpak has become pretty good for software with a GUI. However, while it can do CLI, it’s underutilized.
- Toolbx/Distrobox has its merits, but not everyone enjoys consuming CLI through containers.
- Besides the fact that installing all your CLI tools through
rpm-ostree
will negatively impact how fast you can update your system, it also requires you to (soft-)reboot before you can access the newly installed package (unless you enjoy living on the edge with--apply-live
). This can be pretty cumbersome, especially if you’re in flow.
Thus, the situation around CLI on Fedora Atomic became a sore to the eyes. Within the community, there were multiple attempts to tackle this problem:
- Nix; For some time, this was the perfect solution. Unfortunately, in its current iteration, installing Nix on Fedora Atomic requires SELinux’ enforcing mode to be turned off. As turning enforcing mode off is unacceptable for uBlue’s maintainers, this was eventually dismissed.
- Better tooling around Toolbx/Distrobox; There have been made some efforts in this regard, perhaps most notably Ptyxis. But, we’re not there yet. Though, some are hopeful of what podmansh will bring to the table.
- Homebrew; It behaves as any other package manager used for installing packages from the repository on any Linux distro out there. Except, in this case, it’s exclusively utilized for CLI. Currently, it’s simply the most straightforward in use. You just have to teach people to replace their
apt
/dnf
/pacman
withflatpak
(for GUI) andbrew
(for CLI). Furthermore, it comes with a big and healthy repository. Finally, it utilizes technologies related to the ones found on Fedora Atomic. systemd-sysext
; This has only very recently been added to systemd. I wouldn’t be surprised if this will play a prominent role going forward. Though, I’m unsure if CLI will benefit most of it.
ZSH through the excellent ZSH Quickstart Kit.
Thank you for your input! It has made me recognize that I should specify that I don’t want this to be system-wide; which was not clear from the post.
What you’re describe in your post is a user who is not confident enough to manage their own machine with the CLI, and is afraid of misplacing files.
I understand why I might have given off that impression. But no worries; I’m a (relatively) seasoned Linux user. I also have no qualms with CLI or whatsoever. It’s a specific set of files that I wish to ‘protect’.
It seems I wasn’t clear as most people misunderstood me.
But, to give a very precise example; say
- I had a folder called
~/some/folder
. - It was on an encrypted drive.
- And I had done additional work to encrypt the folder again.
- And say, I used
chattr
,chmod
orchown
or similar utilities that remove access as long as one doesn’t have elevated privileges. - And say, I had done whatever (additional thing) mentioned in your comment.
Then, what prevents whosoever, to copy that file through cloning the complete disk?
Even if they’re not able to get past the password, it will be found on the cloned disk. SO, basically, I ask for some method that prevents the file to even be copied through a disk clone. I don’t care that it has three passwords protecting it. What I want is for the disk clone (or whatever sophisticated copy/mv/cut or whatsoever utility exists) to somehow fail while trying to attempt the action on the protected files.
This seems interesting. However, if I’m correct. What you suggest is not capable (by itself) to prevent said files to be copied through a disk clone. Am I right? Even if they’re otherwise encrypted or inaccessible, then still they will come through the disk clone. Did I understood you correctly?
I already use FDE. However, unless I’m wrong, FDE does not protect disk clone from occurring. Therefore, if one has access to the password, then also they have access to all my files; including the ones I specifically want to protect. Am I wrong?
So, I’ll make it simple for ya, you don’t need to understand why; however, I seek for some method that prevents files from being copied through disk cloning. Them files being encrypted or whatsoever doesn’t do a thing if the password is known. Unless you propose a method by which the password used to decrypt/unlock the disk on device X doesn’t work when it’s cloned to another disk. If, somehow, one has to rely on another password to decrypt the disk on device Y, then that might make it work out.
I’ve failed tremendously in making my demands come across :P .
Uhmm…, what you propose with gpg
definitely solves one part of the puzzle.
But, if I understood correctly, it doesn’t help to prevent a disk clone from getting hold of the files.
Yes, the files are encrypted, but that’s not sufficient for my needs by itself. If the files would somehow destroy or corrupt themselves on a disk clone (or something to that effect), I would have acquired what I’m seeking.