qdistro v0.1: first public test

What qdistro is

qdistro is a single-tenant Linux distribution inspired by Qubes OS, but built on commodity hardware and commodity software. Instead of Xen and a custom UI, it runs on a standard Tumbleweed install with a libweston compositor, a Python/Qt/QML userspace, and a layered isolation model that lets you choose how much containment each app gets.

The goal isn’t maximum security — it’s the best isolation you can get without giving up your laptop. Everything is designed to be LLM-modifiable: the shell, the admin approval flow, the send-to plugins, the password vault. If you can describe the change you want, an LLM can write the QML or Python to make it happen.

There is no ISO image. Instead, there’s a single bootstrap script that takes a fresh Tumbleweed install to a fully configured qdistro system in 10–20 minutes.

What works in v0.1

Here is what you can actually do right now:

• Tier 1 — native SELinux silo. Every app launches in its own SELinux context. Open qterminator and run id — you’ll see a confined context. The terminal, the text editor, the calculator: all isolated from each other by default.

• Tier 3 — container. Heavier workloads run in LXC containers spawned on demand. The admin app lets you create a container silo, install packages inside it, and launch apps that render through the compositor.

• Tier 4 — VM with waypipe. Full virtual machines with seamless window integration. Chrome runs in a VM but its windows appear on your desktop alongside native apps.

• Admin approval broker + audit log. Cross-silo actions (clipboard sharing, file transfer, device access) go through an approval queue. The tray-icon admin app shows pending requests and full audit history.

• Screen locker + fingerprint. The qdlocker screen locker supports fingerprint authentication on laptops that have a reader (fprintd).

• Browser bridge. Chrome and Firefox extensions can authenticate against the qdistro identity via HMAC-bound native messaging.

• Password vault. The pwd app stores credentials in per-vault encrypted databases and integrates with the system secret portal.

• qdshell desktop. The Noctalia QML desktop shell with panels, launcher, and system tray runs on top of the qdwin compositor.

• qdgreeter boot. greetd on tty3 presents the qdgreeter login screen at boot.

What doesn’t yet

We’re being honest about the gaps so you know what you’re getting into:

• Tier 5b — per-app VM-windowed. This is planned for v1.1. Right now the highest isolation tier is the tier-4 full VM, which gives you a whole desktop inside the VM, not individual seamless windows.

• Phone / Tailscale pairing. The phone integration infrastructure exists (Tailscale + ntfy) but hasn’t been scripted for first-time setup.

• GUI installer. There is no graphical installer. You install Tumbleweed manually, then run the bootstrap script.

• No ISO image. There is no installable qdistro ISO. The bootstrap script is the installation mechanism.

• Limited hardware testing. This has been tested on a handful of laptops. Your hardware may behave differently, especially around graphics drivers and fingerprint readers.

• Multi-monitor. Not tested. The compositor is single-output for now.

How to try it

The full step-by-step is in the “Try qdistro” section of the README. In short: install Tumbleweed, clone three repos, run the bootstrap script as root, reboot, and you’re in. The whole thing takes about 30 minutes including the Tumbleweed install.

What we want feedback on

We need real humans running this on real hardware. Specifically:

1. Installation friction. Was the bootstrap script clear? Did any package fail to install? Was the reboot-to-qdgreeter step smooth?

2. First-boot experience. Does the qdgreeter login screen make sense? Is it clear how to launch apps and switch between them?

3. Tier 3 and tier 4 usability. Can you actually run a useful workload in a container or VM silo? Is the admin approval flow for cross-silo actions intuitive or annoying?

4. Missing features. What would make this your daily driver? What’s the one thing you need that isn’t here yet?

File one issue per thing you find at codeberg.org/qdistro/qdistro/issues. The most valuable feedback looks like: “I followed step X and step Y was unclear / broken.”

This is v0.1. Things will break. That’s the point of a public test release — so we can fix them before v1.0.