PosrtmarketOS, the Linux ‘distribution’ for mobile devices, now also has an immutable variant, called Duranium.
Duranium is an immutable variant of postmarketOS, built around the idea that your device should just work, and keep working. You shouldn’t need to know what a terminal is to keep your device running.
“Immutable” means the core operating system is read-only and can’t be modified while it’s running. System updates are applied as complete, verified images rather than individual packages. Either the new image works, or the system falls back to the previous one automatically. No partially-applied state. No debugging audio when you need to make a phone call and no fussing with a broken web browser when you just want to doomscroll cat photos. It also means developers can reproduce the exact state of a user’s device, making it much easier to track down and fix issues.
↫ Clayton Craft on the postmarketOS blog
Duranium is built around the various functionalities and tooling provided by systemd, meaning the project didn’t have to reinvent the wheel. It works similarly to other immutable distributions, in that images for the base are downloaded and installed as a whole, with the preferred application installation method being Flatpak. Security-wise, Duranium uses dm-verity to protect /usr, cryptographically verifying data as it’s read. The image simply won’t boot if anything’s been tampered with. LUKS2 is used to encrypt mutable user and operating system data and configuration on the root file system.
Duranium is still under heavy development, but it makes sense to implement something like this now, since in the world of mobile devices, this has become the norm. I’m glad postmarketOS is taking these steps, and I sincerely hope I’ll eventually be able to use a postmarketOS device with KDE’s Plasma mobile shell at some point in the near future in my day-to-day life. This requires both postmarketOS to improve as well as for the regulatory landscape to break the duopoly on banking and government applications held by Android and iOS, and with the state of the US government as it is, this might actually be something Europe’s interested in achieving.
This is one of those times where systemd shows its versatility and utility, despite the continuing debates surrounding it as a whole. The OSes I use daily (Void Linux, OpenBSD, FreeBSD, Haiku) don’t have systemd, but that’s not why I use them; it’s just happenstance that they are the ones I “jive” best with — and in the case of Haiku, have a nostalgic connection to. I feel like systemd has reached a point where it makes sense for most Linux distros without caveats, though I’m still not a fan of the developers’ attitudes towards end users. Suffice to say, when it’s good it’s really good, but it still has a ton of room for improvement.
As for Duranium, I’m eager to check it out and see if it might eventually be a good fit for my hybrid tablet. PostmarketOS boots on it but is nearly unusable, so it may have a long way to go yet. I’ve always been intrigued by immutable OSes that aren’t iOS and Android, and for a phone running Linux it only makes sense to use that paradigm. Security and usability and privacy in a phone, without giving up rights and personal info to the big corporations? Sign me up!