Welcome to the FOSDEM 2026 edition of the Distributions DevRoom! Meet the organizers of this year's Distribution DevRoom, learn a little bit about the history of our DevRoom, and go over some ground rules for the day.
The systemd project and some others have been adopting the Varlink IPC system recently, in places traditionally reserved for D-Bus. In this talk I'd like to explain why Varlink matters, and is a major step forward from D-Bus for almost all areas of Linux OSes. I'll talk about patterns, lifecyles, tracing, parallelism, security, and a lot more.
For decades, building a Linux distribution has been considered a highly specialized craft. To participate, one had to master complex toolchains—building package files, navigating the intricacies of dependency resolution, and operating hard-to-grok build systems like OBS or Koji & Pungi & ImageBuilder. While extremely powerful, this entire stack presents a massive barrier to entry. The result is a demographic crisis: the average age of package maintainers is rising, and new contributors are not motivated to learn these legacy tools.
In this talk, we argue that the solution lies in the commoditization of the build process. By adopting docker and podman as a build tool and OCI (Open Container Initiative) images as the native artifact, we bridge the gap between "distro builders" and the millions of developers who already know how to write a Dockerfile.
We will explore current successes like Universal Blue and Fedora Atomic, but we will also go further. What if we built the individual packages themselves from Dockerfiles?
Join us to explore how OCI-based workflows don't just solve technical problems—they solve a growing social problem. By making the tools of creation accessible to a larger base, we can foster the next generation of contributors!
eBPF introduces new challenges for Linux distributions: programs depend on kernel, CO-RE relocations, pinning behavior, and version-aligned bpftool or libbpf tooling. This session looks at what it really takes to package eBPF programs as RPMs and explores specific, real world usecases in Fedora. We’ll explore issues such as pinned maps, privilege models, reproducible builds, SELinux implications, kernel-user ABI considerations, and managing kernel updates without breaking packaged eBPF assets. The talk presents practical solutions, best practices, and tooling ideas to make eBPF a first-class citizen in mainstream distributions.
How do you ensure code works across distributions before it reaches users? The Packaging and Testing Experience (PTE) project is an open-source approach to solving the upstream-to-downstream testing challenge.
The traditional model fragments testing: upstream tests their code, distribution maintainers test packages, and users discover the gaps. PTE bridges this by creating a continuous testing pipeline where upstream changes are automatically built, tested in realistic distribution environments, and validated before integration.
Our approach consists of three open-source components working together:
But this isn't just about specific tools - it's about the philosophy: making tests portable, infrastructure on-demand, and integration automated. tmt works with any distribution. Testing Farm's architecture could inform similar services. The integration patterns apply broadly.
In this talk, we'll share:
The software supply chain for Linux distributions is under growing pressure. Several distributions have recently suffered from infected packages caused by compromised or malicious upstream sources, including core libraries, leading to significant security implications.
These incidents prompted Arch Linux to reflect on the way we handle our package sources. With the objective of bringing greater transparency to our packaging process, we revisited historical decisions and established updated guidelines and best practices for selecting trustworthy sources for our packages, in order to prevent (or at least mitigate) such potential security threats in the future.
This talk will share an overview of the specifications and guidelines we established during this reflection.
TL;DR: Write a Containerfile, use image-builder to convert it to an ISO with a live environment.
bootc revolutionized how we build and consume image-based systems: just build an OCI container in your preferred git forge, publish it in a registry, and voilà, anyone can come and rebase their bootc-based system to it. A great example is Bazzite: one of the most popular gaming-oriented distributions today.
However, the first-day experience is still lacking: the installers don’t run in a live environment, and their building process is a nightmare and far from container-friendly.
The team behind the osbuild/image-builder project recently started experimenting with introducing a way to build an ISO with a live environment directly from an OCI container image. All techniques you know from building bootc systems can be applied here, so the build pipelines can be shared. Additionally, if you want such an ISO to be a bootc installer, the resulting artifact will be surprisingly small due to the high level of deduplication.
Come to this talk to learn how to build your own ISO using just a bunch of podman commands!
https://github.com/osbuild/image-builder-cli https://osbuild.org/docs/developer-guide/projects/image-builder/usage/#bootc
Over the last several years, the Kairos project has built image-based, immutable systems on top of multiple Linux distributions like Ubuntu, Debian, Alpine and others. This experience has revealed a recurring set of engineering constraints shared across traditional distros: assumptions about package managers, filesystem layout, dependency chains, downstream patches, boot tooling, or init system behavior that work well for classic installations, but create friction in image-based, cloud-native and edge-focused environments.
This talk presents the design principles that emerged from this work: minimal bases, upstream-first components, predictable boot paths, trusted boot chains, reproducibility, and clear separation between the immutable system image and extensible runtime layers. We will discuss both the technical challenges and the architectural conclusions that followed.
These lessons ultimately led us to build Hadron, a new minimal Linux distribution developed by the Kairos team: musl-based, systemd-powered, upstream-aligned, and designed specifically for image-based systems. Hadron is not intended to replace any existing distribution; rather, it is a small, focused reference implementation of what an OS optimized for this model can look like.
The goal of this talk is to share practical insights with the wider distribution community and contribute to the ongoing evolution of image-based Linux.
https://github.com/kairos-io/hadron https://github.com/kairos-io/kairos https://kairos.io/
You all used to know Gentoo Linux as a source-based Linux distribution, where compiling things on your own machine was both pleasure and pain, right? Well, some time ago we announced that we now also offer binary packages for download. And while of course a few purists protested, overall this initiative was a resounding success. Now you can mix and match between binary and source based installation, and find your own balance between convenience and tuning.
A lot of LEGO blocks had to come together (and occasionally be stepped on) to make this happen. From quality control and automated rebuilds on the source installation side, to a new package format and support for GPG signing, to package delivery and designated build hosts, extended support in the package manager, ... Let us tell you the story of an experiment that worked out great, and discuss further possible future improvements.
CentOS is the Community Enterprise Operating System, a Linux distribution built by the CentOS Project. For over two decades, CentOS has powered servers and workstations around the world. During this time it has accumulated its fair share of myths, tall tales, and urban legends. Many of these stem from the transition from the legacy CentOS Linux variant to the modern CentOS Stream variant.
In this session, we won't just tell the myths, we'll put them to the test. In the spirit of the TV show MythBusters, we'll use observable data, historical events, and project insights to rate each myth as BUSTED, PLAUSIBLE, or CONFIRMED. Attendees will gain a better understanding of the advantages of CentOS and the state of the CentOS Project, which they can use to make informed choices for their own deployments.
This talk gives an overview of how Rust libraries ("crates") and applications are packaged as RPMs for Fedora Linux, and how this distribution mechanism addresses multiple shortcomings of the limited functionality of the distribution mechanism built-in to cargo, the Rust package manager:
Packaging Rust crates as individual RPM packages also simplifies package maintainer responsibilities, despite increased up-front work:
Does your distribution need to care about attacks by quantum computers, and if yes, where? Which parts of Fedora already support post-quantum cryptography (PQC), and what still needs to be done? And what does the European Union have to do with any of this?
Answers for these questions, and more, will be provided in this talk. You'll leave with a rough idea whether the risk is relevant for you and why the risk is no longer the only thing driving a migration. Don't expect hyped statements, we'll stick to the technical details and facts. You may learn how to make your OpenPGP key quantum-safe.
Attend if: - you're vaguely aware of what PQC is, but want to learn what it means for your project - you've always wanted to ask that one question about post-quantum cryptography, but haven't found the right person to ask - you are running a distribution's package signing infrastructure, or maintain a package that implements a network protocol
openSUSE MicroOS is a snapshot-based, immutable operating system that features automatic updates and recovery.
health-checker is the system tool responsible for handling automatic recovery and rollbacks, and it comes installed by default. It was recently rewritten to support both systemd-boot and grub2-bls, utilizing systemd-bless-boot and Automatic Boot Assessment.
In this talk, we will provide a brief explanation of the Boot Loader Specification (BLS), which is supported by both systemd-boot and grub2-bls. Next, we will explain Automatic Boot Assessment, describe how it is used by health-checker, and show how it can be used to check the system status at boot and act accordingly.
How to successfully brew a Linux immutable image, with bells and whistles
Creating a (truly!) immutable distribution with a strong security posture and a chain of trust that starts in the hardware and ends in userspace is no longer a job that requires an entire team and starting from first principles. With the power of tooling and infrastructure provided by the systemd project, anyone can customize, build and deploy at scale and securely starting from your preferred traditional package-based distribution.
This talk will go over all the tooling and infrastructure available to achieve this, from systemd to mkosi, from UEFI Secure Boot and dm-verity to the Integrity Policy Enforcement LSM, from OBS to systemd-sysupdate, from systemd-repart to systemd-firstboot, and show a working example and how to reproduce and customize it.
Fedora Project is undergoing significant infrastructure changes that affect everyone from distribution users to individual contributors - that is migrating from Pagure to Forgejo as its primary Git forge for both source code and package sources. Our talk chronicles the journey from the early days of collective debating between GitLab and Forgejo with Fedora Council, through the ongoing migration of thousands of repositories with Fedora Infrastructure.
While the initiative began due to the need to move away from Pagure, it gradually evolved into one that also aimed at fixing the long-standing pain points faced with workflows. We got the opportunity to streamline the processes that made sense about a decade back and have since then, slowly started getting in the way of contribution. This also allowed us to contribute back to the Forgejo upstream with the features that would end up benefitting all.
Our findings serve as a blueprint for other distribution maintainers facing similar infrastructure decisions with maintaining their collaborative applications and services. They can take advantage of Fedora Project's learnings on building compatibility bridges, CI/CD workflow modernization, granular permission models, existing toolchain integration and comprehensive documentation - to ensure a sustainable approach to their significant infrastructure changes.
In August 2025, Debian turned 32 — or, for those who prefer other bases, 0b100000 in binary, or 0x20 in hexadecimal. An impressive age for a community-driven distribution that continues to power much of the Free Software world.
By the time of FOSDEM, I will have served nearly two years as Debian Project Leader. In this talk, I’ll share insights from that experience: how Debian works as a do-ocracy, what helps it thrive, and where collaboration sometimes meets friction.
I’ll reflect on what I set out to achieve, what we managed to accomplish, and the challenges of coordinating a large, globally distributed project run entirely by volunteers. The talk will also explore how Debian adapts to change — in technology, community dynamics, and expectations — while staying true to its core values.
https://www.debian.org