疑难解答

Fedora Silverblue is a new way of deploying and managing your desktop operating system, so you may occasionally run into problems while going through your day to day. Below are some of the more common problems reported and any workarounds for those problems.

软件包替换被禁止

层叠软件包依赖于基本系统映像中的包时,有可能就会发生这种情况。层叠软件包需要更高版本的依赖软件包,基本系统映像中却无法提供。

大部分情况下,耐心等候新版本的 OSTree 构建就可以了,新的构建届时会提供正确版本的软件包,大多数情况下能解决问题。

如果你在更新到新版依然遇到相同的问题,你可以尝试使用 rpm-ostree cleanup -m 清理元数据信息然后重新 rpm-ostree install

你也可以在 cleanup 操作后尝试变基到任意 updates 分支,例如 fedora/30/updates/x86_64

For more information, see rpm-ostree#415.

安装软件包到 /opt/usr/local

/opt 安装软件包这个问题由一些尝试在 Silverblue 上安装 Google Chrome 的用户发起。尽管目前已经有了层叠 Google Chrome 的 临时解决方案,然而在 /opt 写入可变数据依然是个大难题。

This issue is tracked in rpm-ostree#233.

Using NVIDIA drivers

You can install the official NVIDIA binary drivers from the RPM Fusion repositories.

The NVIDIA binary drivers are not maintained by the Fedora Project and may sometimes not be available for the kernel version included in Fedora Silverblue.
The Universal Blue project creates operating system images for Fedora Silverblue with the NVIDIA drivers included. The Universal Blue images are based on the official Fedora images with additional changes at their discretion. The Universal Blue images are not officially endorsed by the Fedora Project. Use them at your own discretion.

  1. First, ensure that your system is fully updated by running sudo rpm-ostree upgrade and rebooting.

  2. Then setup the RPM Fusion repositories following the documentation, including the two reboots.

  3. Finally, install the drivers:

    # rpm-ostree install kmod-nvidia xorg-x11-drv-nvidia
# rpm-ostree kargs --append=rd.driver.blacklist=nouveau --append=modprobe.blacklist=nouveau --append=nvidia-drm.modeset=1
When using Secure Boot, the locally installed NVIDIA drivers have to be signed with a local key that is enrolled using mokutil. See the fedora-silverblue#499 issue for more details.

You may also encounter the following issues during installation: #286, #331

Thanks to Alex Larsson who made the required changes to the akmods and kmodtools packages. You can read more about the work that Alex did on his blog.

Out of tree kernel modules and drivers using DKMS

Fedora Silverblue currently does not have support for DKMS. See the upstream issue rpm-ostree#1091.

Instead, we recommend that you make kmods packages for out of tree kernel modules and submit them to the RPM Fusion repos. The kmods packages will then be used by akmods which is supported on Fedora Silverblue.

Adding external package repositories

This section discusses third-party software sources not officially affiliated with or endorsed by the Fedora Project. Use them at your own discretion.
If you want to use RPM Fusion repositories, please follow the Enabling RPM Fusion repos section.

Some sofware may only be available from a third-party repository. You can add an external repository manually on Fedora Silverblue by placing the .repo file into /etc/yum.repos.d/ and the GPG key into /etc/pki/rpm-gpg/. The following is a full example for setting up the Taiscale repo:

  1. Fetch and install the repo config:

    $ curl -O https://pkgs.tailscale.com/stable/fedora/tailscale.repo
[tailscale-stable]
name=Tailscale stable
baseurl=https://pkgs.tailscale.com/stable/fedora/$basearch
enabled=1
type=rpm
repo_gpgcheck=1
gpgcheck=0
gpgkey=https://pkgs.tailscale.com/stable/fedora/repo.gpg
$ sudo install -o 0 -g 0 -m644 tailscale.repo /etc/yum.repos.d/tailscale.repo

  2. Fetch and install the GPG keys:

    $ curl -O https://pkgs.tailscale.com/stable/fedora/repo.gpg
$ sudo install -o 0 -g 0 -m644 repo.gpg /etc/pki/rpm-gpg/tailscale.gpg

  3. Replace the gpgkey= URL in the repo config by the path the GPG keys:

    $ sudo $EDITOR /etc/yum.repos.d/tailscale.repo
$ cat /etc/yum.repos.d/tailscale.repo
[tailscale-stable]
name=Tailscale stable
baseurl=https://pkgs.tailscale.com/stable/fedora/$basearch
enabled=1
type=rpm
repo_gpgcheck=1
gpgcheck=0
# Update this line
gpgkey=file:///etc/pki/rpm-gpg/tailscale.gpg
#      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  4. Install the new packages with:

    $ rpm-ostree install tailscale

Better support in rpm-ostree for this use case is tracked in rpm-ostree#4014.

SELinux 相关问题

有些 Fedora Silverblue 用户可能希望临时修改默认的 SELinux 策略,以解决与 SELinux 相关的问题。如果在修改后又希望恢复到默认的 SELinux 策略,则可以尝试下面的操作。

  1. 查看当前的 SELinux 策略

    $ sudo ostree admin config-diff | grep policy
M    selinux/targeted/active/policy.linked
M    selinux/targeted/active/policy.kern
M    selinux/targeted/policy/policy.31
A    selinux/targeted/policy/policy.30

    如果执行这个命令有任何输出,那就意味着 SELinux 策略有被改动过。

  2. 复制 OSTree 构建提供的 SELinux 默认策略

    $ sudo cp -al /etc/selinux{,.bak}
$ sudo rsync -rlv /usr/etc/selinux/ /etc/selinux/

    此时执行 ostree admin config-diff | grep policy 应该不会再有输出,也就意味着 SELinux 策略恢复成功。

    如果恢复没有成功,还可以尝试下面的方法。

  3. 移除已有 SELinux 策略;添加默认策略

    $ sudo rm -rf /etc/selinux
$ sudo cp -aT /usr/etc/selinux /etc/selinux

    此时执行 ostree admin config-diff | grep policy 应该不会再有输出。

无法将用户添加到用户组

Due to how rpm-ostree handles user + group entries, it may not be possible to use usermod -a -G to add a user to a group successfully. Until rpm-ostree moves to using systemd sysusers, users will have to populate the /etc/group file from the /usr/lib/group file before they can add themselves to the group.

For example, if you wanted to add a user to the libvirt group:

$ grep -E '^libvirt:' /usr/lib/group | sudo tee -a /etc/group
$ sudo usermod -aG libvirt $USER
你需要注销并重新登录来应用这些更改。

This issue is tracked in rpm-ostree#29 and rpm-ostree#49.

ostree fsck 提示文件受损

当磁盘上有一个或多个文件损坏或丢失时, ostree fsck 就会报告错误。https://github.com/ostreedev/ostree/pull/345#issuecomment-262263824[解决方法] 则是将有关的 OSTree 提交标记为部分检索,然后重新拉取提交。

/boot/efi 只读导致所有更新被阻断

在苹果设备上 Fedora Silverblue 很有可能会出现这样的问题。苹果设备上的 /boot/efi 分区的文件系统是 HFS+,这一文件系统不一定能很好地处理各种电源事件。

Fedora Silverblue 映像中已经默认提供了 hfsplus-tools 软件包,所以处理起此类问题应该还是很容易的。

# umount /boot/efi
# fsck.hfsplus /dev/sda1
# mount -o rw /boot/efi

See the rpm-ostree#1380 GitHub issue for additional details.

无法在 EFI 系统安装 Fedora Silverblue

当你的设备曾经安装过其它操作系统,在安装 Fedora Silverblue 的时候可能会得到下面的报错:

ostree ['admin', '--sysroot=/mnt/sysimage', 'deploy', '--os=fedora-workstation', 'fedora-workstation:fedora/28/x86_64/workstation'] exited with code -6`

解决方案有下面几个:

  • During the install process, select "Custom Partitioning" and create an additional EFI partition. Assign the newly created EFI partition to /boot/efi. You will then be able to boot the previous OS(s) alongside Fedora Silverblue. If this workaround is not successful follow the below step.

  • 安装的时候选择手动分区,挂载 /boot/efi 分区的时候勾选格式化选项以格式化 EFI 分区。

格式化 /boot/efi 可能会使以前安装的操作系统无法被引导。在使用此解决方法之前,请确认你已经备份一切重要数据。

This issue is tracked in Bugzilla #1575957.

toolbox: failed to list images with com.redhat.component=fedora-toolbox

如果 podman 版本大于或等于 1.4.0,下面的解决措施可能不是必要的。 在尝试下面的方案前请通过 rpm-ostree upgrade 确认 podman 是最新的。

如果你的 podman 版本大于或等于 1.2.0,在执行 toolbox list 时可能会得到下面的报错:

toolbox: failed to list images with com.redhat.component=fedora-toolbox
下面的解决措施可能也适用于其它因 1.2.0 或更高版本的 toolbox 导致的 toolbox 报错。 详见 Toolbox Github 仓库

作为一个解决措施,执行下面的命令替换 podman 软件包:

$ rpm-ostree override --remove=podman-manpages replace https://kojipkgs.fedoraproject.org//packages/podman/1.2.0/2.git3bd528e.fc30/x86_64/podman-1.2.0-2.git3bd528e.fc30.x86_64.rpm

重启系统使改动生效。

当然你可以遵循下面的步骤完成软件包的替换:

  1. Koji 下载 podman-1.2.0-2.git3bd528e.fc30.x86_64.rpm

  2. 移除 podman-manpagesrpm-ostree override remove podman-manpages

  3. 使用第一步下载的包替换当前已安装的 podmanrpm-ostree override replace podman-1.2.0-2.git3bd528e.fc30.x86_64.rpm

现在重启系统使改动生效。

要撤销上面的改动,执行:

$ rpm-ostree override reset podman; rpm-ostree override reset podman-manpages

因权限原因无法进入 Toolbox 容器

在某些版本的 podman 下,尝试进入 Toolbox 容器时可能会报错。你可以使用下面的命令修正权限问题。

$ sudo chown -R $USER ~/.local/share/containers/storage/overlay-containers

这会重置容器的权限设定以允许你重新进入容器。

See the upstream podman issue: podman#3187.

执行 restorecon

你不应该在 Fedora Silverblue 执行 restorecon。请查看相关问题报告了解详情 - https://bugzilla.redhat.com/show_bug.cgi?id=1259018

不过即使你不小心执行了这个,也是可以挽救的。

  1. 引导系统时使用 enforcing=0 参数

  2. 在本地创建一个新的修复好的提交

  3. 部署这个提交

  4. 执行 restorecon

  5. 重启系统

  6. 执行清理工作

$ rpm-ostree status -b | grep BaseCommit
                BaseCommit: 696991d589980aeaef5eda352dd7ad3d33c444c789c209f793a84bc6e7269aee
$ sudo ostree checkout -H 696991d589980aeaef5eda352dd7ad3d33c444c789c209f793a84bc6e7269aee /ostree/repo/tmp/selinux-fix
$ sudo ostree fsck --delete
$ sudo ostree commit --consume --link-checkout-speedup --orphan --selinux-policy=/ /ostree/repo/tmp/selinux-fix
$ sudo restorecon -Rv /var
$ sudo restorecon -Rv /etc
$ sudo ostree admin deploy fedora:fedora/39/x86_64/silverblue
$ sudo reboot

请注意在操作完成后,所有层叠的软件包会被删除;在恢复完成之后,你需要重新层叠它们。

See this upstream comment for additional details: ostree#1265.

Resetting passwords in Rescue Mode

In the case where you are unable to remember your user password or root password, you can reset the password using the following steps.

  1. While the system is booting, interrupt the boot sequence at the GRUB2 menu by using the Esc key.

  2. Select the boot entry that you wish to edit using the arrow keys.

  3. Edit the selected entry with the e key.

  4. Use the arrow keys to select the line beginning with linux, linux16, or linuxefi.

  5. Go to the end of that line and append init=/bin/bash to the end of the line.

  6. Press Ctrl-x or F10 to boot the entry.

  7. At the resulting bash prompt, run the following commands:

# mount -t selinuxfs selinuxfs /sys/fs/selinux
# /sbin/load_policy
# passwd
# sync
# /sbin/reboot -ff

If you want to change the password for a user account, replace the passwd command with passwd <username>.

After the system finishes rebooting, you should be able to login with the username and new password.

Want to help? Learn how to contribute to Fedora Docs