Whonix Debian Packages
- 1 When is it safe to run sudo apt-get autoremove?
- 2 Non-Issues
- 3 Advanced Topics
- 4 See Also
- 5 Footnotes
When is it safe to run sudo apt-get autoremove?
sudo apt-get autoremove is safe to run, if one of the following packages is being kept. That means if one of the following packages is not in the list of to be autoremoved packages.
The following are expected and ok.
The following packages were automatically installed and are no longer required: whonix-workstation-default-applications-gui whonix-ws-desktop-shortcuts
The following packages were automatically installed and are no longer required: whonix-gw-desktop-shortcuts
Autoremoving those is safe.
Advanced users only!
What is the disadvantage of removing a meta package?
Then changes in package dependencies will not be automatically processed by your system when you upgrade your system.
For example the anon-workstation-packages-recommended meta package depends  on tb-updater. When you do not have the anon-workstation-packages-recommended package installed, you would not notice if we replace tb-updater with torbrowser-launcher. tb-updater might become unmaintained, broken or even have unfixed security issues. We'll try to keep you up to date should we deprecate (security relevant) packages. If we do that, you could simply sudo apt-get purge tb-updater and consider installing what our meta package recommends as replacement.
See also #Technical_Stuff.
Which meta packages are safe to remove?
Use apt-cache to see the package description.
package-namewith the package you actually want to install.
It will include either:
Safe to remove, if you know what you are doing., or
Do not remove.
Note the #Removal Instructions below! When you understood those, feel free to remove the following desktop specific meta packages.
Which packages do Whonix meta packages install?
Or use for example.
apt-cache show whonix-workstation-default-applications-gui
Which meta packages should never be removed?
Do not remove ...-dependencies packages, unless you really know what you are doing.
Why is package X installed?
Look up the package in question in developer documentation, packages documentation:
Upgrade your system.
When you installed and uninstalled some custom packages or dependencies changed in meanwhile, get rid of unneeded dependencies first.
sudo apt-get autoremove
Let's see how for example the uwt package could be uninstalled.
sudo apt-get purge uwt
You will see something like this.
Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: anon-banned-packages anon-iceweasel-warning gpl-sources-download knetattach-hide power-savings-disable-in-vms poweroff-passwordless rads scurl shared-folder-help swap-file-creator swappiness-lowest tor-ctrl Use 'apt-get autoremove' to remove them. The following packages will be REMOVED: anon-shared-packages-recommended* uwt* whonix-shared-packages-recommended* 0 upgraded, 0 newly installed, 3 to remove and 2 not upgraded. After this operation, 152 kB disk space will be freed. Do you want to continue [Y/n]?
Now, there is a small issue. Next time you were to run sudo apt-get autoremove, you would also uninstall all packages listed under "The following packages were automatically installed and are no longer required:". (Such as rads and others.) Since you most likely want to keep the other packages which were installed by the anon-shared-packages-recommended and the whonix-shared-packages-recommended meta packages, mark them as manually installed, so they do not get removed. You can conveniently do this using aptitude.  
sudo aptitude keep-all
Make sure you understood the #Disadvantage.
Alternatively, there might be a very crude workaround which can be seen and discussed here:
Technical explanations why stuff is as is. Users can skip this chapter.
The underlying technical issues with meta packages are not caused by Whonix, are general issues Whonix inherited from Debian. Those are also described here:
About meta packages:
Whonix's build script installs all packages using
apt-get --no-install-recommends.  The
--no-install-recommends option is being used to prevent installation of lots of packages we do not want to install. For example, anon-workstation-default-applications Depends: gwenview, which Recommends: kamera. Without using
--no-install-recommends, we would also install kamera, which would then pull its own Depends: as well. kamera [+ dependencies] would not be useful to have installed by default on Whonix-Workstation. Would cost unnecessary disk space. And there are more examples. We might even end up installing packages by default we do not recommend privacy reasons.
Since we do use the
--no-install-recommends option, meta packages such as anon-workstation-default-applications must use the Depends: field and cannot use the Recommends: field. (Since no packages would be installed then.)
Even if we could use and did use Recommends: field, new packages added to the Recommends: field would not be installed when the meta package that Recommends: them gets upgraded. This is because packages listed after the Recommends: field only get installed during their initial sudo apt-get install package-name installation.
You might notice that even though having said this, anon-meta-packages's debian/control file uses the Recommends: field anyway. This is not a contradiction. It may be useful for a later Whonix installation from Whonix repository use case.
issues with removal of specific packages by users / builders
- Whonix's APT Repository, how to enable/disable it?
- Building/upgrading Whonix's debian packages from source code
- Development Discussion - Installing Whonix from repository
- Whonix Packages for Debian Hosts
The following packages will be REMOVED: anon-shared-applications-kde anon-shared-desktop anon-shared-desktop-kde anon-shared-packages-dependencies anon-shared-packages-recommended anon-torchat anon-workstation-default-applications anon-workstation-packages-dependencies libcdio13 libdirectfb-1.2-9 libgles1-mesa libiso9660-8 libjsoncpp1 libvcdinfo0 libvlccore8 non-qubes-vm-enhancements non-qubes-whonix-workstation thunderbird whonix-shared-packages-dependencies whonix-shared-packages-recommended whonix-workstation-packages-dependencies whonix-workstation-packages-recommended xul-ext-torbirdy 0 upgraded, 0 newly installed, 23 to remove and 0 not upgraded. After this operation, 151 MB disk space will be freed. Do you want to continue? [Y/n]
sudo apt-get install enigmail Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: enigmail : Depends: thunderbird (>= 1:52.0) but it is not going to be installed or icedove (>= 1:52.0) E: Unable to correct problems, you have held broken packages.
- Depends: field in debian/control
Can we safely mix apt-get and aptitude? Yes, Raphaël Hertzog, dpkg and Debian Developer said already in 2011 that this is no problem anymore.
First I want to make it clear that you can use both and mix them without problems. It used to be annoying when apt-get did not track which packages were automatically installed while aptitude did, but now that both packages share this list, there’s no reason to avoid switching back and forth.
- Function pkg-install-maybe in https://github.com/Whonix/Whonix/blob/master/build-steps.d/1700_install-packages#L97.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.