Immutability and Me

When an operating system is immutable, as HalogenOS is, installing software can be difficult. HalogenOS aims to eliminate some of this inconvenience by providing a few different ways to get software.

Flatpak

Since the root partition is writeable, as well as executable, users can install Flatpak sandboxed applications. This gives the user access to a huge library of useful, tested, and isolated applications without compromising security.

Distrobox

HalogenOS comes with Distrobox and the gvisor container runtime, which allows users to install isolated Linux distributions in a Docker-like environment, including mediated system calls for tighter security. Eventually, I aim to provide hardened container images, designed to make using applications in containers even more secure.

Overlays

Developers and power users can submit a public key to the operating system, which will be used to verify read-only "overlays": SquashFS images that are signed by the developer, stored on the encrypted root partition, and mounted read-only over the system partition. Through this, users can add additional binaries, configuration changes, libraries, and services to the system folder.

AppImages

HalogenOS will hopefully support AppImages, which are bundles of application files that can portably execute applications anywhere.