mckinley.cc Home Blog Notes Twtxt

First Impressions of SpiralLinux

October 29th, 2023

Debian is a fantastic distribution of GNU/Linux. With excellent stability and vast package repositories, it looks on paper like a good option for newcomers or those without the urge to tinker who just want a working desktop. In practice, however, I don't find that to be the case. Stock Debian requires some assembly, but SpiralLinux offers a thoughtfully pre-configured Debian desktop with the batteries included.

While the Debian installer lets you choose from a wide range of desktop environments, it only gets you halfway there. It's a strong base on which to build a desktop system, but it would take roughly the same amount of work as Arch Linux to install Debian to my own standards for desktop GNU/Linux. That is, if you did everything yourself.

SpiralLinux describes itself as a "spin" of Debian rather than a full-fledged distribution of its own. It's an alternative Debian installer that leaves you with a system designed to be simple, reliable, and dependent only on offical Debian infrastructure. Unlike many Debian derivatives, you are left with, for all intents and purposes, a pure Debian desktop.

There is clearly a lot of thought put into the system. Things like Avahi, Plymouth, earlyoom, and (optionally) swap in zram are all set up out of the box. The default file system is Btrfs, optionally with disk encryption[1]. Snapper, grub-btrfs, and snapper-rollback are set up out of the box to take automatic Btrfs snapshots, boot from them in GRUB if necessary, and easily roll back the system to an earlier date.

In testing, I installed SpiralLinux from an old ISO based on Debian 11, upgraded to Debian 12, then used snapper-rollback to go back to Debian 11. I played around in there for a while and then rolled back (forward?) again to my last snapshot in Debian 12. Everything worked exactly how it should.

Some other GNU/Linux distributions have similar systems, but if you're coming from one that doesn't or Windows, this is, seriously, like magic. The best part is that these are just Btrfs snapshots under the hood. If it's time to restore and the fancy tools fail for whatever reason, you can always boot from something else and restore a snapshot yourself using good old btrfs-progs[2].

A noted goal of SpiralLinux is to allow administration without the use of the terminal. I tried the KDE Plasma flavor, and I'd say this goal was met. It of course has the excellent KDE system settings program, and several modules are included for managing system components through there including the cron daemon, systemd, and Plymouth. There's GNOME Disks for disk management and KSystemLog for watching the system journal.

It even includes Grub Customizer, a GUI tool for tweaking GRUB, which I haven't seen before. I used it to hide the menu and it made the necessary changes in /etc/default/grub without destroying the existing rules and regenerated the config.

For installing software, you have the wonderful Synaptic package manager.[3] There is also KDE Discover which can install software from either the Debian repositories or Flathub. Flatpaks are key for onboarding those who still need to use proprietary software, and it's nice to see it as an option by default.

SpiralLinux also includes plenty of useful software out of the box, notably including Firefox ESR, the LibreOffice suite, Pidgin, Transmission, Thunderbird, and VLC media player. Pipewire is the sound system and printing and scanning are also available. Printers are managed in the KDE system settings and Skanlite is included for scanning.

All in all, I would say SpiralLinux is very well done. The choices made seem very sound, and even though it's maintained mostly by a single person[4], it's designed in such a way that does not require longevity from the project. I prefer a rolling-release distribution for my own use, but this is something I would feel confident installing on someone else's computer.

  1. ^ The encryption setup is LUKS1 on a partition unlocked in GRUB. Testing was done on a virtual machine with UEFI firmware. The unencrypted EFI System Partition contains only the bootloader. The kernels, the initramfs images, and even the main GRUB config are locked in the encrypted Btrfs volume.

    An attack mirroring de-LUKS (not to be confused with cryptsetup-deluks) would not be feasible as the initramfs image is in the encrypted volume. An attacker could get access to your encrypted disk using one of two straightforward ways that I can see.

    1. He could make a copy of the keyfile on the encrypted Btrfs partition used to unlock the LUKS device again while booting. This would require read access to the keyfile or initramfs images as root while the computer is running.
    2. He could also compromise the GRUB executable in the unencrypted ESP, which could be mitigated with proper use of Secure Boot.

    Enabling Secure Boot on Spiral Linux may be very simple. I didn't have the ability to test it, but shim-signed came preinstalled and was configured to run before GRUB. I have never used Secure Boot on GNU/Linux, but support for it in Debian seems fairly solid.

  2. ^ snapper-rollback moves the subvolume mounted at the root (/@) to a new location before making a snapshot of a snapshot in its place, which means it would be easy to recover if something were to go terribly wrong. In other words, nothing is lost when rolling back.
  3. ^ Synaptic should be the standard that other graphical package managers strive to emulate. It gets flak because it doesn't look very nice and people are scared of UIs with more than 4 elements. Other graphical package managers try to be "app stores" and hide what they're doing. Synaptic is not an "app store", it's a package manager. There's a difference.
  4. ^ The maintainer of SpiralLinux also maintains GeckoLinux, which is a very similar project based on openSUSE.