Whonix Debian Packages
- 1 When is it safe to run sudo apt-get autoremove?
- 2 Changed Configuration Files
- 3 Non-Issues
- 4 Advanced Topics
- 5 See Also
- 6 Footnotes
When is it safe to run sudo apt-get autoremove?
sudo apt-get autoremove is safe to run, if one of the following packages is being kept. That means if one of the following packages is not in the list of to be autoremoved packages.
Non-Qubes-Whonix ™ XFCE:
- Whonix-Gateway ™:
- Whonix-Workstation ™:
- Whonix-Gateway ™:
- Whonix-Workstation ™:
Changed Configuration Files
Configuration file '/etc/apparmor.d/usr.bin.sdwdate' Configuration file '/etc/apparmor.d/whonix-firewall' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** whonix-firewall (Y/I/N/O/D/Z) [default=N] ?
Generally, see Changed Configuration Files.
Specifically for the following files:
I. These files are not an an exception. These are following the general rule. Same as above link.
The following are expected and ok.
The following packages were automatically installed and are no longer required: whonix-workstation-default-applications-gui whonix-ws-desktop-shortcuts
The following packages were automatically installed and are no longer required: whonix-gw-desktop-shortcuts
Autoremoving those is safe.
What is the disadvantage of removing a meta package?
Then changes in package dependencies will not be automatically processed by your system when you upgrade your system.
For example the anon-workstation-packages-recommended meta package depends  on tb-updater [archive]. When you do not have the anon-workstation-packages-recommended package installed, you would not notice if we replace [archive] tb-updater with torbrowser-launcher [archive]. tb-updater might become unmaintained, broken or even have unfixed security issues. We'll try to keep you up to date should we deprecate (security relevant) packages. If we do that, you could simply sudo apt-get purge tb-updater and consider installing what our meta package recommends as replacement.
See also #Technical_Stuff.
Which meta packages are safe to remove?
Use apt-cache to see the package description.
package-namewith the package you actually want to install.
It will include either:
Safe to remove, if you know what you are doing., or
Do not remove.
Note the #Removal Instructions below! When you understood those, feel free to remove the following desktop specific meta packages.
Which packages do Whonix ™ meta packages install?
Or use for example.
apt-cache show whonix-workstation-default-applications-gui
Which meta packages should never be removed?
Do not remove ...-dependencies packages, unless you really know what you are doing.
Why is package X installed?
Look up the package in question in developer documentation, packages documentation:
- https://github.com/Whonix/whonix-developer-meta-files/blob/master/package_documentation/Whonix-Shared_packages [archive]
- https://github.com/Whonix/whonix-developer-meta-files/blob/master/package_documentation/Whonix-Gateway_packages [archive]
- https://github.com/Whonix/whonix-developer-meta-files/blob/master/package_documentation/Whonix-Workstation_packages [archive]
Alternatively, there might be a very crude workaround which can be seen and discussed here:
Technical explanations why stuff is as is. Users can skip this chapter.
The underlying technical issues with meta packages are not caused by Whonix ™, are general issues Whonix ™ inherited from Debian. Those are also described here:
- http://administratosphere.wordpress.com/2011/11/29/the-metapackage-problem-and-apt-get-autoremove/ [archive]
- http://tanguy.ortolo.eu/blog/article8/uninstall-meta-package [archive]
About meta packages:
- https://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.html#bpp-meta [archive]
Whonix ™ build script installs all packages using
apt-get --no-install-recommends.  The
--no-install-recommends option is being used to prevent installation of lots of packages we do not want to install. For example, anon-workstation-default-applications Depends: gwenview, which Recommends: kamera. Without using
--no-install-recommends, we would also install kamera, which would then pull its own Depends: as well. kamera [+ dependencies] would not be useful to have installed by default on Whonix-Workstation ™. Would cost unnecessary disk space. And there are more examples. We might even end up installing packages by default we do not recommend privacy reasons.
Since we do use the
--no-install-recommends option, meta packages such as anon-workstation-default-applications must use the Depends: field and cannot use the Recommends: field. (Since no packages would be installed then.)
Even if we could use and did use Recommends: field, new packages added to the Recommends: field would not be installed when the meta package that Recommends: them gets upgraded. This is because packages listed after the Recommends: field only get installed during their initial sudo apt-get install package-name installation.
You might notice that even though having said this, anon-meta-packages's debian/control file uses the Recommends: field anyway. This is not a contradiction. It may be useful for a later Whonix ™ installation from Whonix ™ repository use case.
issues with removal of specific packages by users / builders [archive]
- Whonix Packages for Debian Hosts
- Whonix ™ APT Repository, how to enable/disable it?
- Building/upgrading Whonix ™ debian packages from source code
- Development Discussion - Installing Whonix ™ from repository
The following packages will be REMOVED: anon-shared-applications-kde anon-shared-desktop anon-shared-desktop-kde anon-shared-packages-dependencies anon-shared-packages-recommended anon-torchat anon-workstation-default-applications anon-workstation-packages-dependencies libcdio13 libdirectfb-1.2-9 libgles1-mesa libiso9660-8 libjsoncpp1 libvcdinfo0 libvlccore8 non-qubes-vm-enhancements non-qubes-whonix-workstation thunderbird whonix-shared-packages-dependencies whonix-shared-packages-recommended whonix-workstation-packages-dependencies whonix-workstation-packages-recommended xul-ext-torbirdy 0 upgraded, 0 newly installed, 23 to remove and 0 not upgraded. After this operation, 151 MB disk space will be freed. Do you want to continue? [Y/n]
sudo apt-get install enigmail Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: enigmail : Depends: thunderbird (>= 1:52.0) but it is not going to be installed or icedove (>= 1:52.0) E: Unable to correct problems, you have held broken packages.
- Depends: field in debian/control
- https://unix.stackexchange.com/questions/166590/what-is-the-apt-get-equvalent-of-aptitude-keep-all [archive]
Can we safely mix apt-get and aptitude? Yes, Raphaël Hertzog, dpkg and Debian Developer said already in 2011 that this is no problem anymore.
First I want to make it clear that you can use both and mix them without problems. It used to be annoying when apt-get did not track which packages were automatically installed while aptitude did, but now that both packages share this list, there’s no reason to avoid switching back and forth.
- Function pkg-install-maybe in https://github.com/Whonix/Whonix/blob/master/build-steps.d/1700_install-packages#L97 [archive].
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)