I really like the idea of immutable Linux and bootable containers. My next project will probably be switching to bazzite. But I took a look at the Containerfile[1], and I have some big concerns about the fragility of their supply chain. It uses 20 different copr repos (granted, half are their own), and I didn't count how many packages. Best I can tell, none of the versions are pinned. They do dump a diff of all package versions in the release notes[2], but I wonder if anyone actually reviews it before release. All it takes is one vulnerability in one repo / package and you can enjoy your new cryptominer.
There's something nice about running Debian and having confidence in all the packages because they're built and maintained by the Debian team. Of course there are exceptions, but in my experience they're rare. The only non-standard repo I regularly use is fish shell, and the updates are so few and far between (and very public) I think the risk is low.
I suppose this isn't strictly a container-specific problem; you could add the repos and install / update all those packages yourself too. But being able to package everything up into a single file that you can then boot into as your OS means you're also packing all the supply chain risk.
Curious if anyone else shares my concern or if I should just put my tinfoil hat back on...
1. https://github.com/ublue-os/bazzite/blob/main/Containerfile 2. https://github.com/ublue-os/bazzite/releases/tag/42.20250417
Sometimes I wonder why there isn't more enthusiasm around theming. Chicago95[0] is popular, but I also love how Garuda[0] themes KDE. There's some small websites for downloading themes on various DEs, but most of them are a bit jank and it seems built-in support beyond basic things like accents aren't there.
[0] https://github.com/grassmunk/Chicago95 [1] https://garudalinux.org/editions (screenshots don't do it justice)
As the commentor that asked previously, "Is it really necessary to spin up an entirely new distro for an XFCE+GTK theme?", Blue95 makes much more sense in the context of bootc usage. I was completely unaware of bootable containers until reading this. Though I will admin I would still prefer something that can be installed easily over a base system. Perhaps see NsCDE[1] for an example. Great post!
This made me think, I used to love playing with Enlightenment back in the day. It was really trying to push what X11 could do.
Surprised it's still going https://www.enlightenment.org/
Great, original article. I didn't notice at first that this blogger is the very same author behind Blue95: https://github.com/winblues/blue95
I used to love theming my desktop environment, but the joy faded when I realized the UI felt much more magical than anything I was using it for. Wonderful application of the tech, though.
Interesting. Didn’t know about bootable containers.
I guess the equivalent in the NixOS world would be its impermanence module, which erases root on every reboot to keep things as stateless as possible.
While this may be a nice exercise to learn bootc, shipping a whole OCI image, just because you wanted to put a couple files under /usr seems quite wasteful to me.
To put things into perspective, GTK themes, unless they bring lots and lots of bitmap images (which doesn't happen nowadays), rarely exceed a megabyte in size.
I guess one could spend less time learning how to package these as RPM packages and set up COPR to do just that, making OCI + bootc entirely optional (and yet you could build an OCI + bootc installing this package if you so wished!).
For me, the bootc project is one of the most exciting things happening in Linux right now. It would be nice if projects like Debian adopt it as one possible delivery format for those who prefer the atomic containerized workflow way of doing things. There is so much to be gained from a stability standpoint vs how things are done now.
Side note: Judging by what I see on Reddit, the ability to theme a desktop is one of the top reasons someone develops a personal interest in Linux to begin with, so no need to justify that in my book.
I am actually surprised how bad the actual state of the art is. I would expect modern OSes to be infinitely and easily themable and a thriving scene of OS theming to exist (and offer perfect retro revival themes alongside completely original and loosely inspired ones) but it apparently is not the case at all.
bootc would be more attractive for this theming use-case, if there's a 1-line method to spin up a graphical VM straight from the docker file.
I looked into it, but it looks like that you need to manually build the image and fiddle around with qemu.
Off topic, but this website burned my eyes and I could almost hear my OLED crying.
One of the rare examples where "Dark Reader" not only failed but actually made it more light; there must be some funky CSS shenanigans going on.
I find LXC a bit more intuitive as testing platform than docker. Much of a sameness I suppose.
Also discovered that for me it’s less the OS or paradigm or theme/look and more that the windows manager is tiling type.
I think ZFS snapshots, or whatever the brtfs equivalent is, makes a lot more sense than using containers just to experiment with theming.
I also don't think the distinction between distro and container is murky at all.
whatever is happening in the thumbnail image embodies my entire state of being.
Regular containers also happen to work great for testing dotfiles.
Many years ago I added an install script to https://github.com/nickjj/dotfiles to get set up in basically 1 command because I wanted a quick way to bootstrap my own system. I used the official Debian and Ubuntu images to test things.
Over the last few days I refactored things further to support Arch Linux which has an official Docker image too.
This enables being able to do full end to end tests in about 5 minutes. The container spins up in 1 second, the rest is the script running its course. Since it's just a container you can also use volume mounts and leave the container running in case you want to incrementally test things without wiping the environment.
Additionally it lets folks test it out without modifying their system in 1 command. Docker has enabled so many good things over the last 10+ years.