Press "Enter" to skip to content

Why Nitrux Linux 2.6.0 Isn’t for Everybody and Doesn’t Try to Be

With the release of Nitrux Linux 2.6.0, the distribution moves further from the mainstream.

Nitrux 2.6.0 screenshot
Source: Nitrux

Developers announced on Monday the release of Nitrux 2.6.0, code named “ff.” To paraphrase something that the folks at a certain cigarette company used to say, this new Nitrux isn’t for everybody.

Nitrux is a Linux distribution based on Debian’s unstable branch, with additional packages from Ubuntu LTS repositories. Its default desktop environment is NX Desktop, which is basically KDE Plasma enhanced with what it calls “plasmoids” to fit with the developers sense of aesthetics and functionality, some of which is made necessary by the distro’s increasingly unorthodox approach to software management.

The distro is unusual in that for software it has traditionally focused on using the “containerized” AppImage format, although until now it has included support for traditional package managers such as apt out-of-the-box. With this release, however, support for dpkg, apt, and PackageKit has been removed, so from this point on Nitrux users will be confined to installing software as AppImages or Flatpaks.

“The ‘ff’ stands for ‘forbidden fruit,’ and it is the first time we use a codename to mark a distribution release,” the project said in its release announcement. “The peculiar choice of this codename is because, as is, this version of this distribution can be seen as the antithesis of the conventional Linux distribution, where a distribution is entirely devoted to its package manager, but this distribution is not. It works to drive the point home that in this distribution, AppImages are the preferred method of adding new applications, and where an AppImage is unavailable, having the option to use Flatpak.”

That’s a big change, and something that will certainly set this distro apart (for better or worse) going forward.

“Admittedly, before marching down with torches in anger, be mindful that users can still use a package manager; in fact, users can use any package manager to install new software, just not directly to the root directory anymore,” the project goes on to say. “To do so, users can use Distrobox to create a container of absolutely any distribution available in DockerHub and very effortlessly use a package manager.”

If I’m reading this right (and please correct me if I’m wrong), what they’re saying is that if you’re bound and determined to install your packages from a repository you can use Distrobox (software to make containerized software integrate like native apps), containerize the software, them run it in Nitrix. Although that seems like a lot of work to me just to install some software, it does have security advantages, since the installed software will operate without the need of root privileges.

I think that might be a hard sell that will push the distro deeper into niche territory.

As I said: Nitrux Linux, it’s not for everybody. But then, it doesn’t try to be.

Immutable Nitrux

The reason behind Nitrux’s push to replace traditional Linux package management with something of a Rube Goldberg methodology has to do with the project’s attempt to make its implementation of the Linux kernel immutable, or “read-only,” so that bad actors can’t hack into it.

Devs at other distros have also been playing around with immutable kernels. Fedora, Red Hat’s community distro (and the testing ground for Red Hat Enterprise Linux), now has two unofficial spins, Silverblue and Kinoite, that make the kernel read-only by use of rpm-ostree, which creates a flexible file system on top of the kernel, thereby allowing packages to continue to be managed and updated using Red Hat’s RPM package manager.

In addition, there are several server distros with immutable kernels taking various approaches. Flatcar Linux, for example, makes /usr read-only, but permits common runtime modifications like overriding systemd configurations and dynamically loading kernel modules. Amazon Web Services’ Bottlerocket makes its /root partition read-only, only allows modules that are signed with its image key, and disables SSH access by default (but allows it to run from inside a container). Talos Linux removes SSH and console access completely.

With this version of Nitrux, the developers are employing overlayroot — a tool for mounting an overlay filesystem over the root filesystem — which makes the root directory immutable and keeps changes in the underlying operating system from happening. While this is great for security, it also means that software can’t be installed natively using traditional methods.

Some users might be confused when they first boot the live version, however, because the package managers will still be there, but they will automagically disappear when the operating system is installed on a hard drive.

More Changes in Nitrux

If that’s not enough “different” for you, there’s more.

One example is that for the Linux part of the GNU/Linux distro, this Nitrux release is using liqurix Kernel 6.1, “a distro kernel replacement” that’s been optimized for gaming and multimedia. In the same vein, the distro has made improvements in the audio department, with PipeWire now the default and with the addition of the Pulseaudio Equalizer.

Another change has to do with the Plasma System Monitor.

“We’ve updated the look of the default ‘Overview’ of Plasma System Monitor to show the list of processes instead of applications, as the latter only works with systemd, and thus it does not work in Nitrux,” the project said.

Screenshot of Nitrux's implementation of the  Plasma System Monitor

This is definitely a major release for Nitrux, and very possibly reflects a new direction going forward. To check out all of the changes, and there are many, go to the release announcement on the distro’s website, or go to the download page to give it a test run.

One Comment

  1. Feng Lengshun Feng Lengshun January 12, 2023

    Sounds like a PITA to use. I want immutable, but I don’t really want all the hassle with finding a way for apps like my VPN and Resilio to work with those limitations.

Leave a Reply

Your email address will not be published.

Breaking News: