[News] Solid Q&A | deepin 25 Common Questions – The Immutable System Edition
Official Announcements 97 views · 0 replies ·
deepin小助手
Super Moderator
OM
6 hours ago
Author
With the release of the deepin 25 series, we've received numerous valuable discussions and suggestions from the community regarding the “Rock-Solid Immutable System” feature. In response to this enthusiasm, this Q&A focuses on explaining the core logic and use cases of this innovative design—from feature descriptions to usage tips and frequently asked questions—aiming to address users’ confusion and concerns.
Q1: Why introduce the Rock-Solid Immutable System?
Previous systems lacked protection mechanisms for core components (e.g., /usr), making them vulnerable to accidental deletion or malicious tampering—posing serious security risks. The old backup and rollback mechanisms were also inefficient and cumbersome to operate, increasing the risk of data loss during system failures.
Considering both system security and usability, deepin introduced the Rock-Solid Immutable System with features like read-only protection, atomic updates, snapshot management, and worry-free restoration.
Q2: What is an "atomic update"?
An atomic update follows an “all-or-nothing” principle: either the update is fully successful or the system rolls back to its previous state, eliminating risks of partial updates and ensuring system stability.
This is paired with a rollback mechanism: if the system fails to boot properly after an update, users can select a previous system image during startup to restore the system to a functional state.
Q3: What is "snapshot management"?
The system automatically creates a snapshot before each update to record the system’s current state. Users can also manually create snapshots or use backup tools. If a software installation fails or a configuration is misapplied, users can roll back to a previous snapshot with one click.
Currently, snapshot management covers /usr, /etc, /opt, /boot, and /var. It does not include personal user data.
Note: Snapshot management only applies to system files, configurations, and important files in parts of /var. User data remains unaffected when creating or restoring snapshots.
Q4: What is "Worry-Free Restoration"?
"Worry-Free Restoration”"allows the system to detect any changes made by users and lets them discard or partially discard them upon reboot.
Typical use cases include:
Device lending/shared use: After enabling this feature, any changes (e.g., installing apps or changing settings) will be discarded after reboot—ensuring privacy.
Developers testing risky operations: Helps avoid irreversible consequences from commands like sudo rm -rf / --no-preserve-root. After a reboot, the system will safely revert.
Q5: What is "Read-Only Protection"?
By default, the Rock-Solid Immutable System mounts key directories such as /usr, /bin, and /lib as read-only.
This prevents any modifications by malicious software or accidental actions, safeguarding system integrity.
Q6: As a developer, how can I disable "Read-Only Protection"?
When enabled, the system blocks all modification attempts—even with root permissions—returning a “read-only file system” error.
To disable read-only protection (effective after reboot):
For deepin 25 Alpha and later versions:
sudo deepin-immutable-writable enable -d /usr
Note: Disabling protection remounts /usr as writable. Be cautious—your changes may be reverted if protection is later re-enabled.
Q7: How do I re-enable "Read-Only Protection"?
To re-enable protection (effective after reboot):
For deepin 25 Alpha and later:
sudo deepin-immutable-writable disable
Q8: How should I update the Rock-Solid Immutable System?
The most recommended method is through the Control Center, which includes snapshot creation and fallback to previous versions if the update fails.
If you're on deepin 25 Preview, use:
deepin-immutable-ctl ota upgrade
If you're on deepin 25 Alpha, ota commands are deprecated. The system still follows the standard apt/dpkg package management logic, so you can upgrade the system by running: sudo apt dist-upgrade
Q9: Will the system block .deb packages or software installations?
For .deb packages, you can install directly—the system has adapted apt and dpkg to allow this without needing to disable protection.
For other package formats like .run or .bundle, you must disable protection first, since they require modifying read-only directories such as /usr.
Q10: What if backups take up too much disk space?
Each snapshot typically adds about 200MB. You can list existing snapshots using the -j flag and use scripts to delete old ones and manage disk space more effectively.
We hope this Q&A addresses common questions about the deepin 25 "Rock-Solid Immutable System." If you encounter issues not covered here, please leave a comment or post in the community forum—we welcome your feedback!
We've already received many insightful suggestions from the community, such as:
Transitioning to a seamless read/write experience, Providing clearer snapshot management, and adding warnings before risky operations.
These ideas have been incorporated into our product roadmap. Given hardware diversity and individual usage habits, some users may face unique challenges. If so, feel free to post in the forum—our developers and fellow users are happy to help!
中文 
Wrong locale with Cooperation app 
With the release of the deepin 25 series, we've received numerous valuable discussions and suggestions from the community regarding the “Rock-Solid Immutable System” feature. In response to this enthusiasm, this Q&A focuses on explaining the core logic and use cases of this innovative design—from feature descriptions to usage tips and frequently asked questions—aiming to address users’ confusion and concerns.
Q1: Why introduce the Rock-Solid Immutable System?
Previous systems lacked protection mechanisms for core components (e.g., /usr), making them vulnerable to accidental deletion or malicious tampering—posing serious security risks. The old backup and rollback mechanisms were also inefficient and cumbersome to operate, increasing the risk of data loss during system failures.
Considering both system security and usability, deepin introduced the Rock-Solid Immutable System with features like read-only protection, atomic updates, snapshot management, and worry-free restoration.
Q2: What is an "atomic update"?
An atomic update follows an “all-or-nothing” principle: either the update is fully successful or the system rolls back to its previous state, eliminating risks of partial updates and ensuring system stability.
This is paired with a rollback mechanism: if the system fails to boot properly after an update, users can select a previous system image during startup to restore the system to a functional state.
Q3: What is "snapshot management"?
The system automatically creates a snapshot before each update to record the system’s current state. Users can also manually create snapshots or use backup tools. If a software installation fails or a configuration is misapplied, users can roll back to a previous snapshot with one click.
Currently, snapshot management covers /usr, /etc, /opt, /boot, and /var. It does not include personal user data.
Note: Snapshot management only applies to system files, configurations, and important files in parts of /var. User data remains unaffected when creating or restoring snapshots.
Q4: What is "Worry-Free Restoration"?
"Worry-Free Restoration”"allows the system to detect any changes made by users and lets them discard or partially discard them upon reboot.
Typical use cases include:
Q5: What is "Read-Only Protection"?
By default, the Rock-Solid Immutable System mounts key directories such as /usr, /bin, and /lib as read-only.
This prevents any modifications by malicious software or accidental actions, safeguarding system integrity.
Q6: As a developer, how can I disable "Read-Only Protection"?
When enabled, the system blocks all modification attempts—even with root permissions—returning a “read-only file system” error.
To disable read-only protection (effective after reboot):
Note: Disabling protection remounts /usr as writable. Be cautious—your changes may be reverted if protection is later re-enabled.
Q7: How do I re-enable "Read-Only Protection"?
To re-enable protection (effective after reboot):
Q8: How should I update the Rock-Solid Immutable System?
The most recommended method is through the Control Center, which includes snapshot creation and fallback to previous versions if the update fails.
If you're on deepin 25 Preview, use:
If you're on deepin 25 Alpha, ota commands are deprecated. The system still follows the standard apt/dpkg package management logic, so you can upgrade the system by running: sudo apt dist-upgrade
Q9: Will the system block .deb packages or software installations?
For .deb packages, you can install directly—the system has adapted apt and dpkg to allow this without needing to disable protection.
For other package formats like .run or .bundle, you must disable protection first, since they require modifying read-only directories such as /usr.
Q10: What if backups take up too much disk space?
Each snapshot typically adds about 200MB. You can list existing snapshots using the -j flag and use scripts to delete old ones and manage disk space more effectively.
We hope this Q&A addresses common questions about the deepin 25 "Rock-Solid Immutable System." If you encounter issues not covered here, please leave a comment or post in the community forum—we welcome your feedback!
We've already received many insightful suggestions from the community, such as:
Transitioning to a seamless read/write experience, Providing clearer snapshot management, and adding warnings before risky operations.
These ideas have been incorporated into our product roadmap. Given hardware diversity and individual usage habits, some users may face unique challenges. If so, feel free to post in the forum—our developers and fellow users are happy to help!