The Joy of Linux Theming in the Age of Bootable Containers
76 comments
·April 20, 2025nickjj
gbraad
No place like ${HOME} https://dotfiles.gbraad.nl ;-). I went further and generate images to easily spin up development environments, based on bootc vms or containers.
Never stop tweaking. No computer can be called home until it runs your own set of aliases/commands.
saagarjha
I have one of these too. In fact if you have a dotfiles repo and an install.sh GitHub Codespaces will run it for you when setting up the container: https://github.com/saagarjha/dotfiles/blob/master/install.sh
bagatelle
Just glancing through your dotfiles, I was wondering why you use VcXsrv. WSLg has always been fine for me, and I've never heard of anyone trying to use a different X server.
nickjj
Thanks a lot for the reminder.
I just pushed an update to remove VcXsrv at: https://github.com/nickjj/dotfiles/commit/fdc1ddd95c2defb791...
As for why I was using it:
I've been using WSL since nearly the beginning (2017 / 2018) and used VcXsrv back then to get bi-directional clipboard sharing before WSLg was available. For a brief time I even ran Sublime Text in WSL 1 way back in the day.
Then I used WSL 2.
Then I tried WSLg when it first came out and it was really bad. Clipboard sharing didn't work for me which was the only reason I wanted to use it. I set `guiApplications=false` and never looked back.
I just tried it again now by closing VcXsrv and removing any DISPLAY related settings I had in my zsh profile. Then I shutdown WSL and started up my instance.
Bingo, clipboard sharing "just works" and I also installed xcalc which ran flawlessly. This simplifies things so much.
bagatelle
Glad to hear this, I was worried I was missing something.
3abiton
What is the benefit of this compared to something like incus?
nickjj
I'm already using Docker for many other things. Launching an ephemeral versioned Debian, Ubuntu or Arch container that's officially supported is a 1 second operation.
I never used Incus before to know if it has other benefits but Docker solves my use case. Before Docker existed I used to do this with LXCs back when I ran my entire dev environment in a Linux VM.
kayson
I really like the idea of immutable Linux and bootable containers. My next project will probably be switching to bazzite. But I took a look at the Containerfile[1], and I have some big concerns about the fragility of their supply chain. It uses 20 different copr repos (granted, half are their own), and I didn't count how many packages. Best I can tell, none of the versions are pinned. They do dump a diff of all package versions in the release notes[2], but I wonder if anyone actually reviews it before release. All it takes is one vulnerability in one repo / package and you can enjoy your new cryptominer.
There's something nice about running Debian and having confidence in all the packages because they're built and maintained by the Debian team. Of course there are exceptions, but in my experience they're rare. The only non-standard repo I regularly use is fish shell, and the updates are so few and far between (and very public) I think the risk is low.
I suppose this isn't strictly a container-specific problem; you could add the repos and install / update all those packages yourself too. But being able to package everything up into a single file that you can then boot into as your OS means you're also packing all the supply chain risk.
Curious if anyone else shares my concern or if I should just put my tinfoil hat back on...
1. https://github.com/ublue-os/bazzite/blob/main/Containerfile 2. https://github.com/ublue-os/bazzite/releases/tag/42.20250417
jcastro
> It uses 20 different copr repos (granted, half are their own), and I didn't count how many packages. Best I can tell, none of the versions are pinned.
Contributor here, we've been working on this diligently over the past cycle (the rest of the org is mostly done, Bazzite is largest so we're only getting to it now). We're hoping to be done over the summer with published SBOMs and all that good stuff.
kayson
That's good to hear; I'm definitely a fan of SBOMs. But it doesn't fully address the risk introduced with automatic selection of the latest package version. If a package has no dependencies, for example, the SBOM wouldn't change if it were compromised with something that's compiled in to the package...
danieldk
Nothing holds you from using bootable containers in the same way you use Debian and only use packages from the official Fedora repositories, starting from Fedora's bootc base images.
kayson
Yeah I think that may be what I end up doing.
samhclark
I agree with your concerns—at least, last time I looked.
I looked over their code, saw some things (I believed) I would do differently, and it was very easy to make my own personal spin to use.
After doing that, maintaining it, and using it daily for the last year I went back on some of my original choices. I feel much less critical of the decisions Jorge Castro made and it's probably time to compare and contribute if I can. Like, Homebrew on Linux ended up being way better than I expected. But some things I liked better my way. Say, including the signing keys for Chrome's 3rd-party repo statically instead of fetching them over the network. (Writing this from my phone I don't exactly remember how they do/did it.)
Overall, I'd recommend trying it yourself! It's been a ton of fun.
jcastro
> Say, including the signing keys for Chrome's 3rd-party repo statically instead of fetching them over the network.
This is a fantastic idea, it sucks to have an upgrade blocked by a slow repo, if you wouldn't mind filing an issue or sending a PR I'd love to have this. Thanks for the feedback!
Kudos
I switched from official Fedora images when I got sick of dealing with nonfree stuff like codecs and nvidia drivers. They have much more lightly modified images that are better as a base to build on. I use https://github.com/ublue-os/main (and https://github.com/ublue-os/hwe for an nvidia system).
moondev
> Best I can tell, none of the versions are pinned.
From your link, everything is pinned? So a theoretical exploit in a future release of package is not going to exist in this immutable release https://github.com/ublue-os/bazzite/releases/tag/42.20250417
kayson
Right but everytime a new immutable release is created, it automatically pulls the latest version of every package. It's not a manual change of package versions.
XorNot
I mean that's the big lie isn't it? We all know no one is actually looking at these.
Every system which tells me how immutable it is then shows me it's automatic version bump script or something.
OsrsNeedsf2P
Sometimes I wonder why there isn't more enthusiasm around theming. Chicago95[0] is popular, but I also love how Garuda[0] themes KDE. There's some small websites for downloading themes on various DEs, but most of them are a bit jank and it seems built-in support beyond basic things like accents aren't there.
[0] https://github.com/grassmunk/Chicago95 [1] https://garudalinux.org/editions (screenshots don't do it justice)
WD-42
The Gnome/gtk folks have been systematically removing theming capabilities for the last decade+ in the pursuit of an Apple-like philosophy towards ui. This has really killed a lot of theming because so many apps use GTK.
cosmic_cheese
Even before that, GTK app theming was a bit hit or miss, likely because of the way GTK uses CSS for themes.
Personally I believe CSS to be quite ill-suited for the purpose. It’s ok if you’re writing a theme for a bespoke one-off app but breaks down in the system theme use case. In particular, CSS inheritance makes for a lot of unnecessary trouble for both third-party themes and accessibility affordances.
Last I knew there was something of a disinclination away from paramaterization in the GTK dev sphere too, which is another significant problem for third party themes and accessibility. Hardcoded fonts, colors, etc makes for pointless brittle rigidity.
ChocolateGod
GTKs CSS engine is great for app developers because it's powerful and easy. You can make something look slick with little work.
But its terrible for themers, it's like running a CSS override on every site that runs Bootstrap and expecting it to work properly. It won't.
I don't run any themes anymore so it doesn't bother me.
WD-42
Before css there were engines, which were like families of themes. One of them was the pixmap engine which was what it sounds like: it used images to make up elements of the theme. Some of the most ambitious themes used this engine. CSS didn’t come until much later.
gnomeluvscorpo
Perhaps with all these changes to GUI since initial Shell release their goal is to enter some niche mobile market and call job done. Because nothing else explains all this interface gutting out they did over 14 years.
Once they finish sucking donations and other forms of financial support they'll probably announce it's time to "sunset" Gnome/gtk because it sadly didn't met unspecified expectations of unspecified group of people.
Gnome team, what they did and what they still want to do, their attitude towards users - especially those who dare to criticize them is THE result of polluting FOSS with corporate style of software development.
Theming and customization of Linux is half-dead because of what happens at Gnome.
Mountain_Skies
Chasing after The Year of Linux on the Desktop is the community's great white whale. The thinking seems to be that if Linux can be made to look enough like the major mainstream OSes, the masses will flood into Linux and the people who lead them there will get to be the heroes of the day. Problem is the mainstream OSes make UI decisions for many reasons, and the end user often isn't the main concern. Linux could, and in the past did, make itself the OS of user empowerment and choice instead of being a watered down version of whatever is in fashion with the PMs at Microsoft, Apple, and Google.
aecsocket
This opinion of "Gnome is killing customization" is something I see quite a lot, but which I think people take the wrong way. It's absolutely true that Gnome is designed to be less themeable than other DEs like KDE, or individual WMs - and by extension, GTK apps and apps designed to be used on Gnome are harder to customize/break more when you do theme them. But I disagree that "customization of Linux [being] half-dead" is a bad thing; on the contrary, I support the lack of theming options, and I like that there's someone on the Linux desktop that pushes this hard for consistency.
To make my biases clear: I'm a software developer that uses Gnome daily, and is developing a GTK/Adwaita app. I used to rice a lot back in the i3 days, but I don't particularly care about that nowadays, and stick to the defaults when I can. For my purposes, GNOME and Adwaita is perfect since it's very opinionated by default, and you can make good looking apps with minimal effort. Since all Adwaita apps are supposed to look similar and follow the same HIG, most of my desktop apps have the same look - but more importantly, the developers of the apps can also be confident that their apps look correct on my desktop. This is something that developers in the GTK space generally want, and for good reason[0].
One argument is that you as a user of the desktop should be able to have the final say on how your apps look, which is a totally valid take! And there are DEs, WMs, and apps which give you this freedom like Hyprland. But this doesn't guarantee that those apps will look good, or look consistent with each other, or even act consistently across apps. On the other hand, I as an app developer want to guarantee that my app looks good on your desktop, and the easiest way to achieve that is to target a single desktop environment, rather than an infinite combination of possibly-similar-but-maybe-completely-different desktops. Every preference has a cost[1][2], and when you take this philosophy beyond just preferences and expand it to color schemes, padding, margin, iconography, typography, it becomes unmanageable.
This isn't to say that GNOME is perfect, and I disagree with the project on some fundamental technical things like not supporting xdg-layer-shell[3], and refusing to accommodate server-side decorations for apps which don't want to render decorations themselves. (On the cultural side I can't comment, since I have no experience with that.) But in my opinion, this is the project that can deliver a usable and consistent Linux desktop to the average person the most effectively.
[0]: https://stopthemingmy.app/
[1]: https://blogs.gnome.org/tbernard/2021/07/13/community-power-...
[2]: https://ometer.com/preferences.html
[3]: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/1141
Vilian
The upsude is a more stable applicationand less headaches for the developers
shmerl
KDE is more popular DE than Gnome these days and it's pretty flexible for theming.
WD-42
I highly doubt this. KDE users are far more vocal. Most people install Ubuntu (which is GNOME by default) use it and are happy with it and never comment about it on the internet.
It's near impossible to have a Linux GUI environment without GTK applications, while the opposite is not true for QT. I have a full desktop setup with GNOME and my machine doesn't even have the QT libraries installed.
zzo38computer
I think there are many problems with GNOME and GTK. Some programs require GTK, but other than that I avoid them when I can. The theming is not the only problem, but it is one of them.
robinsonb5
For me its biggest issue (apart from the imposition of hamburger menus) is the awful keyboard handling in the file dialog.
II2II
> Sometimes I wonder why there isn't more enthusiasm around theming.
My guess: because it is difficult to develop software that can be themed and it is difficult to create themes that look good. Not only is it high effort, but it has relatively low returns. Themes mostly affect how things look and, ideally, have very little impact on functionality. I say ideally since, when there is an impact on functionality it is usually a negative one (e.g. buggy behaviour). Contrast that to a window manager or compositor: while it won't affect the functionality of individual applications (ideally), it does have a fairly significant impact upon how one interacts with the desktop as a whole.
_fat_santa
> Sometimes I wonder why there isn't more enthusiasm around theming
I can speak to this personally. I used to always tinker with various Linux desktops, themes, etc but nowadays I just use vanilla Ubuntu with zero theming modifications. There are two reasons for this:
1. Like others have said, theming is easy but consistency is hard. I've found that anything besides Gnome just turns into a shitshow where half your apps just don't theme properly.
2. It's a massive time sink. While I could create a very consistent theme, it would involve a massive time sink into dealing with all the edge cases. When I was in college and just used Linux "recreationally", I could justify spending a ton of time tinkering with my system and getting everything perfect. But these days I use Linux professionally so it's less about having a beautiful desktop and more about something that just works and gets out of my way so I can get my actual work done.
I should note that I still play around with other DE's and themes though I now do it all in VM's. I'm slowly building up my own theme stack on a Debian VM and once I get everything buckled up I might actually deploy and it use it on my primary machine.
amarant
I used to really enjoy theming and Riceing, but then I realised it was pointless: my monitor always looks the same, with a full screen IDE window covering up all my fancy themes
keyringlight
I think that speaks to another aspect, individual apps taking full control over how they're presented instead of inheriting whatever framework the DE is providing or the cohabitation of various KDE/QT/GTK/X/other, or electron framework defaults. Over on windows even when uxtheme skinning was in full swing it was the start of applications doing it themselves (winamp and quicktime come to mind), but I have the impression developers doing so made sure the extra effort had a payoff.
robinsonb5
I remember back in the day the apps most likely to have completely custom UIs tended to be scanner drivers. I'm not sure why!
wlesieutre
Because it always works well for like two applications and everything else looks half assed
seba_dos1
That's how it works in GNOME, yes.
wlesieutre
That and half of all new software being "draw a pretty picture, stick it in a webview" with no attempt to use the themeable widgets.
Even on Mac OS there used to be solid theming support (thanks, Unsanity) because software all used the system UI widgets. Not nearly as common anymore.
AlienRobot
Until I can change the color and font of everything on Linux the way I can on Windows XP, I'll never take Linux theming seriously.
Seriously, just make GUIs. That is the solution to ALL of Linux problems. MAKE THE GUIs!!! I can't select the background color of panes from a color picker and instead I have to manually edit text config files and create folders inside dotfolders. Ridiculous. It's 2025.
pjmlp
Probably because it gets tiresome after a while, I used to be big into Winamp themes, back in the 90's there were plenty of Demoscene and gamedev sites with desktop of the day, and what not.
After a while it loses the appeal, we decide to just use whatever defaults get offered, finetune one or two options and that is it.
mfro
As the commentor that asked previously, "Is it really necessary to spin up an entirely new distro for an XFCE+GTK theme?", Blue95 makes much more sense in the context of bootc usage. I was completely unaware of bootable containers until reading this. Though I will admin I would still prefer something that can be installed easily over a base system. Perhaps see NsCDE[1] for an example. Great post!
trollied
This made me think, I used to love playing with Enlightenment back in the day. It was really trying to push what X11 could do.
Surprised it's still going https://www.enlightenment.org/
robinsonb5
The irony is that back in the day it was the heavyweight option - now it's super-lightweight compared to the dominant desktop environments.
sabslikesobs
Great, original article. I didn't notice at first that this blogger is the very same author behind Blue95: https://github.com/winblues/blue95
I used to love theming my desktop environment, but the joy faded when I realized the UI felt much more magical than anything I was using it for. Wonderful application of the tech, though.
pipes
Never seen blue95 before, that is really nice.
undeniablemess
Interesting. Didn’t know about bootable containers.
I guess the equivalent in the NixOS world would be its impermanence module, which erases root on every reboot to keep things as stateless as possible.
danieldk
I think most bootc-based systems keep /etc, /var and others. So, it is more like Nix without impermanence where you can atomically change/update/rollback your system, but keep some system state.
WesolyKubeczek
While this may be a nice exercise to learn bootc, shipping a whole OCI image, just because you wanted to put a couple files under /usr seems quite wasteful to me.
To put things into perspective, GTK themes, unless they bring lots and lots of bitmap images (which doesn't happen nowadays), rarely exceed a megabyte in size.
I guess one could spend less time learning how to package these as RPM packages and set up COPR to do just that, making OCI + bootc entirely optional (and yet you could build an OCI + bootc installing this package if you so wished!).
sohrob
For me, the bootc project is one of the most exciting things happening in Linux right now. It would be nice if projects like Debian adopt it as one possible delivery format for those who prefer the atomic containerized workflow way of doing things. There is so much to be gained from a stability standpoint vs how things are done now.
Side note: Judging by what I see on Reddit, the ability to theme a desktop is one of the top reasons someone develops a personal interest in Linux to begin with, so no need to justify that in my book.
qwerty456127
I am actually surprised how bad the actual state of the art is. I would expect modern OSes to be infinitely and easily themable and a thriving scene of OS theming to exist (and offer perfect retro revival themes alongside completely original and loosely inspired ones) but it apparently is not the case at all.
dicytea
bootc would be more attractive for this theming use-case, if there's a 1-line method to spin up a graphical VM straight from the docker file.
I looked into it, but it looks like that you need to manually build the image and fiddle around with qemu.
JCattheATM
Yeah, a VM or just filesystem snapshots make much more sense.
Containers are so easy so people just started using them for every use case, even when it doesn't necessarily make the most sense.
gigel82
Off topic, but this website burned my eyes and I could almost hear my OLED crying.
One of the rare examples where "Dark Reader" not only failed but actually made it more light; there must be some funky CSS shenanigans going on.
concerndc1tizen
That's more a you-problem (Dark Reader) than a website-problem?
Firehawke
Hard disagree. Accessibility matters, and some of us are photosensitive to large amounts of bright white. Design your CSS to not completely break with a forced dark theme and this won't be a problem.
concerndc1tizen
It matters to you. Why are you projecting your needs onto others?
Perhaps there's a nicer way to say it? "If the author so pleases, he may consider improving accessibility by making it compatible with Dark Reader."
Then it is phrased as a request, rather than a complaint or critique.
Regular containers also happen to work great for testing dotfiles.
Many years ago I added an install script to https://github.com/nickjj/dotfiles to get set up in basically 1 command because I wanted a quick way to bootstrap my own system. I used the official Debian and Ubuntu images to test things.
Over the last few days I refactored things further to support Arch Linux which has an official Docker image too.
This enables being able to do full end to end tests in about 5 minutes. The container spins up in 1 second, the rest is the script running its course. Since it's just a container you can also use volume mounts and leave the container running in case you want to incrementally test things without wiping the environment.
Additionally it lets folks test it out without modifying their system in 1 command. Docker has enabled so many good things over the last 10+ years.