It is safe to run
sudo apt autoremove so long as the specific Whonix ™ machine
meta package is kept for the Non-Qubes-Whonix or Qubes platform. In other words, these packages should not be in the list of autoremoved packages.
Non-Qubes-Whonix ™ XFCE:
- Whonix-Gateway ™:
- Whonix-Workstation ™:
- Whonix-Gateway ™:
- Whonix-Workstation ™:
It is actually a good idea to safely run
sudo apt autoremove according to the following instructions on this wiki page to make sure extraneous packages which might no longer be recommended for default installation are removed.
Re-install Meta Packages and Safely Run Autoremove
1. Update the package lists.
2. Ensure a proper meta package is installed.
Non-Qubes-Whonix ™ XFCE:
- Whonix-Gateway ™: sudo apt install non-qubes-whonix-gateway-xfce
- Whonix-Workstation ™: sudo apt install non-qubes-whonix-workstation-xfce
- Whonix-Gateway ™: sudo apt install qubes-whonix-gateway
- Whonix-Workstation ™: sudo apt install qubes-whonix-workstation
3. Auto remove packages.
4. Reconfirm a proper meta package is still installed.
Repeat step two.
The procedure of safely running
sudo apt autoremove is complete.
Related: Whonix ™ Factory Reset
Changed Configuration Files
Be careful if a message like this appears.
Configuration file '/etc/apparmor.d/usr.bin.sdwdate' Configuration file '/etc/apparmor.d/whonix-firewall' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** whonix-firewall (Y/I/N/O/D/Z) [default=N] ?
For general advice, see: Changed Configuration Files.
Table: Meta-packages Frequently Asked Questionss
|What is the disadvantage of removing a meta package?||The disadvantage is any changes in package dependencies will not be automatically processed by the system when it is upgraded.
For example the
See also: Technical Information.
|Which meta packages are safe to remove?||Use apt-cache to see the package description.
It will include either:
|Which packages do Whonix ™ meta packages install?||Refer to the following files:
Or use for example.
apt-cache show whonix-workstation-packages-recommended-gui
|Which meta packages should never be removed?||Do not remove any packages which include the name |
|How to uninstall
sudo apt update sudo apt install dummy-dependency sudo apt purge qubes-core-agent-passwordless-root
These instructions allow for safe removal of a package (in this example the
uwt package). This results in meta package removal without breaking the whole system when next time running
sudo apt autoremove.
2. Clean up.
If custom packages were installed and uninstalled or dependencies changed in the meanwhile, remove unneeded dependencies first.
As an example, consider how the uwt package could be uninstalled.
A message will appear similar to this.
Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: faketime libfaketime Use 'sudo apt autoremove' to remove them. The following packages will be REMOVED: qubes-whonix-workstation* uwt* whonix-shared-packages-recommended-cli* whonix-workstation-shared-packages-shared-meta* 0 upgraded, 0 newly installed, 4 to remove and 1 not upgraded. After this operation, 302 kB disk space will be freed. Do you want to continue? [Y/n]
4. Keep packages installed by meta packages.
Now, there is a small issue:
- Next time the sudo apt autoremove command is run, all packages listed under "The following packages were automatically installed and are no longer required:" would also be uninstalled. (Such as rads and others.)
- In order to keep the other packages which were installed such as by the whonix-workstation-packages-recommended-gui and the whonix-shared-packages-recommended-cli meta packages, mark them as manually installed so they do not get removed. This can be conveniently achieved with aptitude.  
The procedure is complete. Be sure to understand the disadvantage of this approach.
Alternatively, there might be a very crude workaround which is discussed in the following forum topic: Issues with removal of specific packages by users / builders.
The underlying technical issues with meta packages are not caused by Whonix ™, but instead have been inherited from Debian. Those are also described here:
- The Metapackage Problem and apt autoremove
- Uninstalling a single component of a meta-package
- Debian bug report: Weak-Depends - something in the middle between 'Recommends:' and 'Depends:'
The Debian manual also provides further information about meta packages:
The Whonix ™ build script installs all packages using
apt --no-install-recommends.  The
--no-install-recommends option is being used to prevent installation of many additional packages that are unwanted. For example:
- Without using
kamerawould also be installed and then pull its own
kamera[+ dependencies] would not be useful to have installed by default on Whonix-Workstation ™ as it would cost unnecessary disk space. There are many more examples which could end up installing packages by default that are unrecommended for privacy reasons.
--no-install-recommends option is used, meta packages like
whonix-workstation-packages-recommended-gui must use the
Depends: field and cannot use the
Recommends: field. (Since no packages would be installed then.)
Even if Whonix ™ could and did use the
Recommends: field, new packages added to the
Recommends: field would not be installed when the meta package that
Recommends: them gets upgraded. This is because packages listed after the
Recommends: field only get installed during their initial
sudo apt install package-name installation.
Some readers might notice that despite this explanation,
debian/control file uses the
Recommends: field anyway. This is not a contradiction because it may be useful for a later Whonix ™ installation from Whonix ™ repository use case.
Issues with removal of specific packages by users / builders
- Configuration Drop-In Folders
- Reset Configuration Files to Vendor Default
- Whonix ™ Factory Reset
- Packages for Debian Hosts
- Whonix ™ APT Repository
- Building and Update Whonix ™ from Source Code
- Development Discussion - Installing Whonix ™ from Repository
It is possible to safely mix apt-get and aptitude. Raphaël Hertzog, dpkg and Debian Developer, stated in 2011 that this is not a problem anymore:
First I want to make it clear that you can use both and mix them without problems. It used to be annoying when APT did not track which packages were automatically installed while aptitude did, but now that both packages share this list, there’s no reason to avoid switching back and forth.