Whonix Debian Packages
It is safe to run
sudo apt-get autoremove so long as the specific Whonix ™ machine
meta package is kept for the Non-Qubes-Whonix or Qubes-Whonix platform. In other words, these packages should not be in the list of autoremoved packages.
Non-Qubes-Whonix ™ XFCE:
- Whonix-Gateway ™:
- Whonix-Workstation ™:
- Whonix-Gateway ™:
- Whonix-Workstation ™:
Re-install Meta Packages and Safely Run Autoremove
Changed Configuration Files
Be careful if a message like this appears.
Configuration file '/etc/apparmor.d/usr.bin.sdwdate' Configuration file '/etc/apparmor.d/whonix-firewall' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** whonix-firewall (Y/I/N/O/D/Z) [default=N] ?
As per the previous link, always install configuration file changes for the following Whonix ™ files which are not an exception:
Table: Meta-packages Frequently Asked Questionss
|What is the disadvantage of removing a meta package?||The disadvantage is any changes in package dependencies will not be automatically processed by the system when it is upgraded.
For example the
See also: Technical Information.
|Which meta packages are safe to remove?||Use apt-cache to see the package description.
It will include either:
|Which packages do Whonix ™ meta packages install?||See files
Or use for example.
apt-cache show whonix-workstation-packages-recommended-gui
|Which meta packages should never be removed?||Do not remove any packages which include the name |
|How to uninstall
||Install [archive] |
sudo apt update sudo apt install dummy-dependency sudo apt purge qubes-core-agent-passwordless-root
These instructions allow for safe removal of a package (in this example the
uwt package). This results in meta package removal without breaking the whole system when next time running
sudo apt-get autoremove.
Alternatively, there might be a very crude workaround which is discussed in the following forum topic: Issues with removal of specific packages by users / builders [archive].
The underlying technical issues with meta packages are not caused by Whonix ™, but instead have been inherited from Debian. Those are also described here:
- The Metapackage Problem and apt-get autoremove [archive]
- Uninstalling a single component of a meta-package [archive]
- Debian bug report: Weak-Depends - something in the middle between 'Recommends:' and 'Depends:' [archive]
The Debian manual also provides further information about meta packages:
The Whonix ™ build script installs all packages using
apt-get --no-install-recommends.  The
--no-install-recommends option is being used to prevent installation of many additional packages that are unwanted. For example:
- Without using
kamerawould also be installed and then pull its own
kamera[+ dependencies] would not be useful to have installed by default on Whonix-Workstation ™ as it would cost unnecessary disk space. There are many more examples which could end up installing packages by default that are unrecommended for privacy reasons.
--no-install-recommends option is used, meta packages like
whonix-workstation-packages-recommended-gui must use the
Depends: field and cannot use the
Recommends: field. (Since no packages would be installed then.)
Even if Whonix ™ could and did use the
Recommends: field, new packages added to the
Recommends: field would not be installed when the meta package that
Recommends: them gets upgraded. This is because packages listed after the
Recommends: field only get installed during their initial
sudo apt-get install package-name installation.
Some readers might notice that despite this explanation,
debian/control file uses the
Recommends: field anyway. This is not a contradiction because it may be useful for a later Whonix ™ installation from Whonix ™ repository use case.
Issues with removal of specific packages by users / builders [archive]
- Configuration Drop-In Folders
- Reset Configuration Files to Vendor Default
- Whonix ™ Factory Reset
- Whonix Packages for Debian Hosts
- Whonix ™ APT Repository
- Building and Update Whonix ™ from Source Code
- Development Discussion - Installing Whonix ™ from Repository
- Otherwise settings affecting anonymity, privacy and security might be lost.
- https://unix.stackexchange.com/questions/166590/what-is-the-apt-get-equvalent-of-aptitude-keep-all [archive]
It is possible to safely mix apt-get and aptitude. Raphaël Hertzog, dpkg and Debian Developer, stated in 2011 that this is not a problem anymore:
First I want to make it clear that you can use both and mix them without problems. It used to be annoying when apt-get did not track which packages were automatically installed while aptitude did, but now that both packages share this list, there’s no reason to avoid switching back and forth.
pkg-install-maybein https://github.com/Whonix/Whonix/blob/master/build-steps.d/1700_install-packages#L97 [archive].