Whonix Debian Packages

From Whonix

When is it safe to run sudo apt-get autoremove?[edit]

sudo apt-get autoremove is safe to run, if one of the following packages is being kept. That means if one of the following packages is not in the list of to be autoremoved packages.

Non-Qubes-Whonix ™ XFCE:

  • Whonix-Gateway ™: non-qubes-whonix-gateway-xfce
  • Whonix-Workstation ™: non-qubes-whonix-workstation-xfce

Qubes-Whonix ™:

  • Whonix-Gateway ™: qubes-whonix-gateway
  • Whonix-Workstation ™: qubes-whonix-workstation




The following are expected and ok.

The following packages were automatically installed and are no longer required:
  whonix-workstation-default-applications-gui whonix-ws-desktop-shortcuts
The following packages were automatically installed and are no longer required:

Autoremoving those is safe.

Advanced Topics[edit]

Whonix ™ first time users warning Warning:
Advanced users only!

What is the disadvantage of removing a meta package?[edit]

Then changes in package dependencies will not be automatically processed by your system when you upgrade your system.

For example the anon-workstation-packages-recommended meta package depends [3] on tb-updater [archive]. When you do not have the anon-workstation-packages-recommended package installed, you would not notice if we replace [archive] tb-updater with torbrowser-launcher [archive]. tb-updater might become unmaintained, broken or even have unfixed security issues. We'll try to keep you up to date should we deprecate (security relevant) packages. If we do that, you could simply sudo apt-get purge tb-updater and consider installing what our meta package recommends as replacement.

See also #Technical_Stuff.

Which meta packages are safe to remove?[edit]

Use apt-cache to see the package description.

  • Replace package-name with the package you actually want to install.

apt-cache package-name

It will include either:

  • Safe to remove, if you know what you are doing., or
  • Do not remove.

Note the #Removal Instructions below! When you understood those, feel free to remove the following desktop specific meta packages.

Which packages do Whonix ™ meta packages install?[edit]

See debian/control in Whonix ™ anon-meta-packages [archive] source code folder or on github [archive] (choose the correct branch!).

Or use for example.

apt-cache show whonix-workstation-default-applications-gui

Which meta packages should never be removed?[edit]

Do not remove ...-dependencies packages, unless you really know what you are doing.

TODO: document

Why is package X installed?[edit]

Look up the package in question in developer documentation, packages documentation:

Removal Instructions[edit]

1. Upgrade
Upgrade your system.

2. Cleanup
When you installed and uninstalled some custom packages or dependencies changed in meanwhile, get rid of unneeded dependencies first.

sudo apt-get autoremove

3. Uninstall
Let's see how for example the uwt [archive] package could be uninstalled.

sudo apt-get purge uwt

You will see something like this.

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  anon-banned-packages anon-iceweasel-warning gpl-sources-download knetattach-hide power-savings-disable-in-vms poweroff-passwordless rads scurl shared-folder-help swap-file-creator swappiness-lowest tor-ctrl
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
  anon-shared-packages-recommended* uwt* whonix-shared-packages-recommended*
0 upgraded, 0 newly installed, 3 to remove and 2 not upgraded.
After this operation, 152 kB disk space will be freed.
Do you want to continue [Y/n]? 

4. Keep
Now, there is a small issue. Next time you were to run sudo apt-get autoremove, you would also uninstall all packages listed under "The following packages were automatically installed and are no longer required:". (Such as rads [archive] and others.) Since you most likely want to keep the other packages which were installed by the anon-shared-packages-recommended and the whonix-shared-packages-recommended meta packages, mark them as manually installed, so they do not get removed. You can conveniently do this using aptitude. [4] [5]

sudo aptitude keep-all

5. Done
Make sure you understood the #Disadvantage.

Alternatively, there might be a very crude workaround which can be seen and discussed here: [archive]

Technical Stuff[edit]

Technical explanations why stuff is as is. Users can skip this chapter.

The underlying technical issues with meta packages are not caused by Whonix ™, are general issues Whonix ™ inherited from Debian. Those are also described here:

About meta packages:

Whonix ™ build script installs all packages using apt-get --no-install-recommends. [6] The --no-install-recommends option is being used to prevent installation of lots of packages we do not want to install. For example, anon-workstation-default-applications Depends: gwenview, which Recommends: kamera. Without using --no-install-recommends, we would also install kamera, which would then pull its own Depends: as well. kamera [+ dependencies] would not be useful to have installed by default on Whonix-Workstation ™. Would cost unnecessary disk space. And there are more examples. We might even end up installing packages by default we do not recommend privacy reasons.

Since we do use the --no-install-recommends option, meta packages such as anon-workstation-default-applications must use the Depends: field and cannot use the Recommends: field. (Since no packages would be installed then.)

Even if we could use and did use Recommends: field, new packages added to the Recommends: field would not be installed when the meta package that Recommends: them gets upgraded. This is because packages listed after the Recommends: field only get installed during their initial sudo apt-get install package-name installation.

You might notice that even though having said this, anon-meta-packages's debian/control file uses the Recommends: field anyway. This is not a contradiction. It may be useful for a later Whonix ™ installation from Whonix ™ repository use case.

Forum discussion:
issues with removal of specific packages by users / builders [archive]

See Also[edit]


  1. Ok:
    The following packages will be REMOVED:
      anon-shared-applications-kde anon-shared-desktop anon-shared-desktop-kde anon-shared-packages-dependencies anon-shared-packages-recommended anon-torchat anon-workstation-default-applications anon-workstation-packages-dependencies libcdio13 libdirectfb-1.2-9
      libgles1-mesa libiso9660-8 libjsoncpp1 libvcdinfo0 libvlccore8 non-qubes-vm-enhancements non-qubes-whonix-workstation thunderbird whonix-shared-packages-dependencies whonix-shared-packages-recommended whonix-workstation-packages-dependencies
      whonix-workstation-packages-recommended xul-ext-torbirdy
    0 upgraded, 0 newly installed, 23 to remove and 0 not upgraded.
    After this operation, 151 MB disk space will be freed.
    Do you want to continue? [Y/n]
  2. Temp:
    sudo apt-get install enigmail
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    Some packages could not be installed. This may mean that you have
    requested an impossible situation or if you are using the unstable
    distribution that some required packages have not yet been created
    or been moved out of Incoming.
    The following information may help to resolve the situation:
    The following packages have unmet dependencies:
     enigmail : Depends: thunderbird (>= 1:52.0) but it is not going to be installed or
                         icedove (>= 1:52.0)
    E: Unable to correct problems, you have held broken packages.
  3. Depends: field in debian/control
  4. [archive]
  5. Can we safely mix apt-get and aptitude? Yes, Raphaël Hertzog, dpkg and Debian Developer said already in 2011 that this is no problem anymore.

    First I want to make it clear that you can use both and mix them without problems. It used to be annoying when apt-get did not track which packages were automatically installed while aptitude did, but now that both packages share this list, there’s no reason to avoid switching back and forth.

    Source: apt-get, aptitude, … pick the right Debian package manager for you [archive]

  6. Function pkg-install-maybe in [archive].

Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

Bored? Want to chat with other Whonix users? Join us in IRC [archive] chat (Webchat [archive]) or Telegram Chat [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.