Chapter 7. GUI System

7.1. GUI desktop environment

There are several choices for the full featured GUI desktop environment on the Debian system.

Table 7.1. List of desktop environment

task package	popcon	size	description
`task-gnome-desktop`	I:181	9	GNOME desktop environment
`task-xfce-desktop`	I:102	9	Xfce desktop environment
`task-kde-desktop`	I:66	6	KDE Plasma desktop environment
`task-mate-desktop`	I:48	9	MATE desktop environment
`task-cinnamon-desktop`	I:37	9	Cinnamon desktop environment
`task-lxde-desktop`	I:33	9	LXDE desktop environment
`task-lxqt-desktop`	I:15	9	LXQt desktop environment
`task-gnome-flashback-desktop`	I:7	6	GNOME Flashback desktop environment

Tip

Dependency packages selected by a task metapackage may be out of sync with the latest package transition state under the Debian unstable/testing environment. For task-gnome-desktop, you may need to adjust package selections as follows:

Start aptitude(8) as sudo aptitude -u.
Move cursor to "Tasks" and press "Enter".
Move cursor to "End-user" press "Enter".
Move cursor to "GNOME" press "Enter".
Move cursor to task-gnome-desktop and press "Enter".
Move cursor to "Depends" and press "m" (manually selected).
Move cursor to "Recommends" and press "m" (manually selected).
Move cursor to "task-gnome-desktop and press "-". (drop)
Adjust selected packages while dropping problematic ones causing package conflicts.
Press "g" to start install.

This chapter will focus mostly on the default desktop environment of Debian: task-gnome-desktop offering GNOME on wayland.

7.2. GUI communication protocol

GUI communication protocol used on the GNOME desktop can be:

Wayland (display server protocol) (native)
X Window System core protocol (via xwayland)

Please check freedesktop.org site for how Wayland architecture is different from X Window architecture.

From user's perspective, differences can be colloquially summarized as:

Wayland is a same-host GUI communication protocol: new, simpler, faster, no setuid root binary
X Window is a network-capable GUI communication protocol: traditional, complex, slower, setuid root binary

For applications using Wayland protocol, the access to their display contents from a remote host is supported by the VNC or RDP. See Section 7.7, “Remote desktop”

Modern X servers have the MIT Shared Memory Extension and communicate with their local X clients using the local shared memory. This bypasses the network transparent Xlib interprocess communication channel and gains performance. This situation was the background of creating Wayland as a local-only GUI communication protocol.

Using the xeyes program started from the GNOME terminal, you can check GUI communication protocol used by each GUI application.

 $ xeyes

If the mouse cursor is on an application such as "GNOME terminal" which uses Wayland display server protocol, eyes don't move with the mouse cursor.
If the mouse cursor is on an application such as "xterm" which uses X Window System core protocol, eyes move with the mouse cursor exposing not-so-isolated nature of X Window architecture.

As of April 2021, many popular GUI applications such as GNOME and LibreOffice (LO) applications have been migrated to the Wayland display server protocol. I see xterm, gitk, chromium, firefox, gimp, dia, and KDE applications still use X Window System core protocol.

	Note
	For both the xwayland on Wayland or the native X Window System, the old X server configuration file "`/etc/X11/xorg.conf`" shouldn't exist on the system. The graphics and input devices are now configured by the kernel with DRM, KMS, and udev. The native X server has been rewritten to use them. See "modedb default video mode support" in the Linux kernel documentation.

7.3. GUI infrastructure

Here are notable GUI infrastructure packages for the GNOME on Wayland environment.

Table 7.2. List of notable GUI infrastructure packages

package	popcon	package size	description
`mutter`	V:4, I:140	216	GNOME's mutter window manager [auto]
`xwayland`	V:152, I:246	2313	An X server running on top of wayland [auto]
`gnome-remote-desktop`	V:55, I:108	540	Remote desktop daemon for GNOME using PipeWire [auto]
`gnome-tweaks`	V:18, I:197	1277	Advanced configuration settings for GNOME

Here, "[auto]" means that these packages are automatically installed when task-gnome-desktop is installed.

	Tip
	`gnome-tweaks` is the indispensable configuration utility. For example: You can force "Over-Amplification" of sound volume from "General". You can force "Caps" to become "Esc" from "Keyboard & Mouse" -> "Keyboard" -> "Additional Layout Option".

7.4. GUI applications

Many useful GUI applications are available on Debian now. Installing software packages such as scribus (KDE) on GNOME desktop environment are quite acceptable since corresponding functionality is not available under GNOME desktop environment. But installing too many packages with duplicated functionalities may clutter your system.

Here is a list of GUI applications which caught my eyes.

Table 7.3. List of notable GUI applications

package	popcon	package size	type	description
`evolution`	V:31, I:236	493	GNOME	Personal information Management (groupware and email)
`thunderbird`	V:50, I:130	202238	GTK	Email client (Mozilla Thunderbird)
`kontact`	V:1, I:14	2203	KDE	Personal information Management (groupware and email)
`libreoffice-writer`	V:153, I:433	37611	LO	word processor
`abiword`	V:1, I:11	5133	GNOME	word processor
`calligrawords`	V:0, I:7	5893	KDE	word processor
`scribus`	V:2, I:22	30523	KDE	desktop publishing editor to edit PDF files
`glabels`	V:0, I:4	1327	GNOME	label editor
`libreoffice-calc`	V:148, I:430	30127	LO	spreadsheet
`gnumeric`	V:5, I:19	10084	GNOME	spreadsheet
`calligrasheets`	V:0, I:5	11326	KDE	spreadsheet
`libreoffice-impress`	V:118, I:426	9248	LO	presentation
`calligrastage`	V:0, I:5	5198	KDE	presentation
`libreoffice-base`	V:78, I:219	6047	LO	database management
`kexi`	V:0, I:2	7118	KDE	database management
`libreoffice-draw`	V:119, I:427	13442	LO	vector graphics editor (draw)
`inkscape`	V:35, I:167	87324	GNOME	vector graphics editor (draw)
`karbon`	V:0, I:6	3593	KDE	vector graphics editor (draw)
`dia`	V:3, I:28	3620	GTK	flowchart and diagram editor
`gimp`	V:61, I:300	19827	GTK	bitmap graphics editor (paint)
`shotwell`	V:17, I:237	6402	GTK	digital photo organizer
`digikam`	V:2, I:12	2921	KDE	digital photo organizer
`darktable`	V:5, I:16	26575	GTK	lighttable and darkroom for photographers
`planner`	V:0, I:4	1146	GNOME	project management
`calligraplan`	V:0, I:1	18517	KDE	project management
`gnucash`	V:3, I:10	32394	GNOME	personal accounting
`homebank`	V:0, I:2	1114	GTK	personal accounting
`lilypond`	V:1, I:8	7363	-	music typesetter
`kmymoney`	V:0, I:2	12850	KDE	personal accounting
`librecad`	V:2, I:16	8309	Qt-app	computer-aided design (CAD) system (2D)
`freecad`	I:18	59	Qt-app	computer-aided design (CAD) system (3D)
`kicad`	V:2, I:14	193841	GTK	electronic schematic and PCB design software
`xsane`	V:16, I:161	2346	GTK	scanner frontend
`libreoffice-math`	V:104, I:430	2298	LO	mathematical equation/formula editor
`calibre`	V:9, I:33	57919	KDE	e-book converter and library management
`fbreader`	V:1, I:13	2631	GTK	e-book reader
`evince`	V:107, I:323	978	GNOME	document(pdf) viewer
`okular`	V:42, I:114	15376	KDE	document(pdf) viewer
`x11-apps`	V:29, I:461	2437	pure X-app	`xeyes`(1), etc.
`x11-utils`	V:169, I:581	712	pure X-app	`xev`(1), `xwininfo`(1)etc.

7.5. Fonts

Many useful scalable fonts are available for users on Debian. User's concern is how to avoid redundancy and how to configure parts of installed fonts to be disabled. Otherwise, useless font choices may clutter your GUI application menus.

Debian system uses FreeType 2.0 library to rasterise many scalable font formats for screen and print:

Type 1 (PostScript) fonts which use cubic Bézier curves (almost obsolete format)
TrueType fonts which use quadratic Bézier curves (good choice format)
OpenType fonts which use cubic Bézier curves (best choice format)

7.5.1. Basic fonts

The following table is compiled in the hope to help users to chose appropriate scalable fonts with clear understanding of the metric compatibility and the glyph coverage. Most fonts cover all Latin fonts, Greek, and Cyril character glyphs. The final choice of activated fonts can also be affected by your aesthetics. These fonts can be used for the screen display or for the paper printing.

Table 7.4. List of notable TrueType and OpenType fonts

package	popcon	size	sans	serif	mono	note on font
fonts-cantarell	V:103, I:296	572	59	-	-	Cantarell (GNOME 3, display)
fonts-noto	I:134	35	61	63	40	Noto fonts (Google, multi-lingual with CJK)
fonts-dejavu	I:449	39	58	68	40	DejaVu (GNOME 2, MCM:Verdana, extended Bitstream Vera)
fonts-liberation2	V:107, I:371	4290	56	60	40	Liberation fonts for LibreOffice (Red Hat, MCMATC)
fonts-croscore	V:17, I:46	5278	56	60	40	Chrome OS: Arimo, Tinos and Cousine (Google, MCMATC)
fonts-crosextra-carlito	V:24, I:214	2732	57	-	-	Chrome OS: Carlito (Google, MCM:Calibri )
fonts-crosextra-caladea	I:212	258	-	55	-	Chrome OS: Caladea (Google, MCM:Cambria ) (Latin only )
fonts-freefont-ttf	V:63, I:247	6656	57	59	40	GNU FreeFont (extended URW Nimbus)
fonts-quicksand	I:390	392	56	-	-	Debian task-desktop, Quicksand (display, Latin only)
fonts-hack	V:17, I:94	2508	-	-	40 P	A typeface designed for source code Hack (Facebook)
fonts-sil-gentiumplus	I:37	13568	-	54	-	Gentium SIL
fonts-sil-charis	V:3, I:22	6406	-	59	-	Charis SIL
fonts-urw-base35	V:112, I:295	11095	56	60	40	URW Nimbus (Sans, Roman No. 9 L, Mono L, MCAHTC)
fonts-ubuntu	V:2, I:5	4339	58	-	33 P	Ubuntu fonts (display)
fonts-terminus	V:0, I:2	452	-	-	33	Cool retro terminal fonts
ttf-mscorefonts-installer	V:1, I:59	92	56?	60	40	Downloader of Microsoft non-free fonts (see below)

Here:

"MCM" stands for "metric compatible with fonts provided by Microsoft"
"MCMATC" stands for "metric compatible with fonts provided by Microsoft: Arial, Times New Roman, Courier New"
"MCAHTC" stands for "metric compatible with fonts provided by Adobe: Helvetica, Times, Courier"
Numbers in font type columns stands for the rough relative "M" width for the same point size font.
"P" in mono font type columns stands for its usability for programming having clearly distinguishable "0"/"O" and "1"/"I"/"l".
The ttf-mscorefonts-installer package downloads Microsoft's "Core fonts for the Web" and installs Arial, Times New Roman, Courier New, Verdana, ... . These installed font data are non-free data.

Many free Latin fonts have their lineage traced to URW Nimbus family or Bitstream Vera.

	Tip
	If your locale needs fonts not covered well by the above fonts, please use aptitude to check under task packages listed under "Tasks" -> "Localization". The font packages listed as "Depends:" or "Recommends:" in the localization task packages are the primary candidates.

7.5.2. Font rasterization

Debian uses FreeType to rasterize fonts. Its font choice infrastructure is provided by the Fontconfig font configuration library.

Table 7.5. List of notable font environment and related packages

package	popcon	size	description
`libfreetype6`	V:476, I:996	882	FreeType font rasterization library
`libfontconfig1`	V:479, I:861	535	Fontconfig font configuration library
`fontconfig`	V:376, I:747	623	`fc-*`: CLI commands for Fontconfig
`font-manager`	V:2, I:9	1066	Font Manager: GUI command for Fontconfig
`nautilus-font-manager`	V:0, I:0	61	Nautilus extension for Font Manager

Tip

Some font packages such as fonts-noto* install too many fonts. You may also want to keep some font packages installed but disabled under the normal use situation. The multiple glyphs are expected for some Unicode code points due to Han unification and unwanted gliphs may be chosen by the unconfigured Fontconfig library. One of the most annoying case is "U+3001 IDEOGRAPHIC COMMA" and "U+3002 IDEOGRAPHIC FULL STOP" among CJK countries. You can avoid this problematic situation easily by configuring font availability using Font Manager GUI (font-manager).

You can list font configuration state from the command line, too.

"fc-match(1)" for fontconfig font default
"fc-list(1)" for available fontconfig fonts

You can configure font configuration state from the text editor but this is non-trivial. See fonts.conf(5).

7.6. Sandbox

Many mostly GUI applications on Linux are available in binary formats from non-Debian sources.

	Warning
	Binaries from these sites may include proprietary non-free software packages.

There is some raison d'être for these binary format distributions for Free Software aficionados using Debian since these can accommodate clean set of libraries used for each application by the respective upstream developer independent of the ones provided by Debian.

The inherent risk of running external binaries can be reduced by using the sandbox environment which leverages modern Linux security features (see Section 4.7.4, “Linux security features”).

For binaries from AppImage and some upstream sites, run them in firejail with manual configuration.
For binaries from FLATHUB, run them in Flatpak . (No manual configuration required.)
For binaries from snapcraft, run them in Snap . (No manual configuration required. Compatible with daemon programs.)

The xdg-desktop-portal package provides a standardized API to common desktop features. See xdg-desktop-portal (flatpak) and xdg-desktop-portal (snap)

Table 7.6. List of notable sandbox environment and related packages

package	popcon	size	description
`flatpak`	V:36, I:40	6764	Flatpak application deployment framework for desktop apps
`gnome-software-plugin-flatpak`	V:9, I:16	203	Flatpak support for GNOME Software
`snapd`	V:55, I:63	54883	Daemon and tooling that enable snap packages
`gnome-software-plugin-snap`	V:1, I:2	106	Snap support for GNOME Software
`xdg-desktop-portal`	V:191, I:294	1503	desktop integration portal for Flatpak and Snap
`xdg-desktop-portal-gtk`	V:138, I:292	682	xdg-desktop-portal backend for gtk (GNOME)
`xdg-desktop-portal-kde`	V:3, I:5	949	xdg-desktop-portal backend for Qt (KDE)
`xdg-desktop-portal-wlr`	V:0, I:1	107	xdg-desktop-portal backend for wlroots (Wayland)
`firejail`	V:1, I:5	1634	a SUID security sandbox program firejail for use with AppImage

This sandbox environment technology is very much like apps on smart phone OS where apps are executed under controlled resource accesses.

Some large GUI applications such as web browsers on Debian also use sandbox environment technology internally to make them more secure.

7.7. Remote desktop

Table 7.7. List of notable remote access server

Access to the desktop and applications which use Wayland protocol and run on the remote host is supported by the GNOME Remote Desktop on the remote host through VNC or RDP to the local client.

Access to the desktop capabilities of all QEMU virtual machines is supported by the SPICE (the Simple Protocol for Independent Computing Environments) protocol.

package	popcon	size	protocols	description
`gnome-remote-desktop`	V:55, I:108	540	RDP, RFB (VNC)	GNOME Remote Desktop server
`vinagre`	V:6, I:154	4249	RDP, RFB (VNC), SPICE, SSH	Vinagre: GNOME remote desktop client
`remmina`	V:13, I:60	897	RDP, RFB (VNC), SPICE, SSH, ...	Remmina: GTK remote desktop client
`krdc`	V:2, I:19	3591	RDP, RFB (VNC)	KRDC: KDE remote desktop client
`guacd`	V:0, I:0	83	RDP, RFB (VNC), SSH / HTML5	Apache Guacamole: clientless remote desktop gateway (HTML5)
`virt-viewer`	V:4, I:51	1554	RFB (VNC), SPICE	Virtual Machine Manager's GUI display client of guest OS

7.8. X server connection

There are several ways to connect from an application on a remote host to the X server including xwayland on the local host.

Table 7.8. List of connection methods to the X server

package	popcon	size	command	description
`openssh-server`	V:709, I:832	1806	`sshd` with option `X11-forwarding`	SSH server (secure)
`openssh-client`	V:828, I:997	5650	`ssh -X`	SSH client (secure)
`xauth`	V:159, I:951	86	`xauth`	X authority file utility
`x11-xserver-utils`	V:295, I:524	570	`xhost`	server access control for X

7.8.1. X server local connection

Access to the local X server by the local applications which use X core protocol can be locally connected through a local UNIX domain socket. This can be authorized by the authority file holding access cookie. The authority file location is identified by the "$XAUTHORITY" environment variable and X display is identified by the "$DISPLAY" environment variable. Since these are normally set automatically, no special action is needed, e.g. "gitk" as the following.

username $ gitk

	Note
	For `xwayland`, `XAUTHORITY` holds value like "`/run/user/1000/.mutter-Xwaylandauth.YVSU30`".

7.8.2. X server remote connection

Access to the local X server display from the remote applications which use X core protocol is supported by using the X11 forwarding feature.

Open an gnome-terminal on the local host.

Run ssh(1) with -X option to establish a connection with the remote site as the following.

localname @ localhost $ ssh -q -X [email protected] Password:
Run an X application command, e.g. "gitk", on the remote site as the following.
```
loginname @ remotehost $ gitk
```

This method can display the output from a remote X client as if it were locally connected through a local UNIX domain socket.

See Section 6.3, “The remote access server and utilities (SSH)” for SSH/SSHD.

	Warning
	A remote TCP/IP to the X server is disabled by default on the Debian system for security reasons. Don't enable them by simply setting "`xhost +`" nor by enabling XDMCP connection, if you can avoid it.

7.8.3. X server chroot connection

Access to the X server by the applications which use X core protocol and run on the same host but in an environment such as chroot where the authority file is not accessible, can be authorized securely with xhost by using the User-based access, e.g. "gitk" as the following.

username $ xhost + si:localuser:root ; sudo chroot /path/to
# cd /src
# gitk
# exit
username $ xhost -

7.9. Clipboard

For clipping text to clipboard, see Section 1.4.4, “Mouse operations”.

For clipping graphics to clipboard, see Section 11.6, “Graphic data tools”.

Some CLI commands can manipulate character clipboard (PRIMARY and CLIPBOARD), too.

Table 7.9. List of programs related to manipulating character clipboard

package	popcon	package size	target	description
`xsel`	V:9, I:42	59	X	command line interface to X selections (clipboard)
`xclip`	V:11, I:51	64	X	command line interface to X selections (clipboard)
`wl-clipboard`	V:0, I:2	129	Wayland	`wl-copy` `wl-paste`: command line interface to Wayland clipboard
`gpm`	V:11, I:15	548	Linux console	a daemon that captures mouse events on Linux console