Hi,
Not sure what's been happening on this subject since September (maybe
discussion has moved?) but thought I'd make a contribution. Pretty new to
some of this so appreciate the feedback.
If we install the base qubes template for Debian-8, and then do:
dpkg-query -f '${binary:Package} ' -W >> ~/inst
(refer https://wiki.debian.org/ListInstalledPackages )
Then we end up with a file in the home directory that lists all installed
packages.
I can use "apt-mark auto" against all these items to clear out the list,
but before doing the autoremove, there's obviously some that have to
remain.
To not 'break' the template completely, I'm finding that qubes-gui-agent is
the only one that needs to be set to manual.
But for good measure I follow it up with the following apps which I know
I'll be leaving in the minimal template:
sudo apt-get install firefox-esr lxterminal leafpad xfe
Finally we do the autoremove step and end up saving about 100MB. Not alot,
but I'm more focused on simply reducing the attack surface.
Having done this, all seems to work fine but I imagine some features are
missing behind the scenes (particularly qubes features).
So I appreciate any further recommendations or suggestions as to why debian
minimal has to be any more complicated than what I've stated.
Regards
Ben
On Thursday, 24 September 2015 07:15:42 UTC+10, Jason M wrote:
>
> On 22 September 2015 at 21:19, Unman <un...@thirdeyesecurity.org
> <javascript:>> wrote:
>
>> On Tue, Sep 22, 2015 at 07:37:37PM +0000, Axon wrote:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA512
>> >
>> > V??t ??est??k:
>> > > I have created something like "minimal" Debian TemplateVM by
>> > > removing (almost) all needless things. I can share the list of
>> > > packages (e.g. output of apt-mark showmanual) if someone is
>> > > interested.
>> > >
>> > > The sparse root.img has just 1.2GiB. OK, I admit it is not as
>> > > minimal as Fedora.
>> > >
>> >
>> > To be fair, fedora-21-minimal is actually larger than that after doing
>> > a normal yum update (without installing any new packages), and of
>> > course it's almost always a good idea to update the software before
>> > using the template for anything important.
>> >
>> > > Regards, V??t ??est??k 'v6ak'
>> > >
>> > > On Thursday, August 27, 2015 at 7:19:36 AM UTC+2, cprise wrote:
>> > >>
>> > >> On 08/26/2015 08:38 PM, nrgaway wrote:
>> > >>> On 26 August 2015 at 16:04, Marek Marczykowski-G??recki
>> > >>> <marm...@invisiblethingslab.com <javascript:>
>> > >>> <mailto:marm...@invisiblethingslab.com <javascript:>>> wrote:
>> > >>>
>> > >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>> > >>>
>> > >>> On Wed, Aug 26, 2015 at 05:50:41PM +0000, Qubed One wrote:
>> > >>>> Hi, just curious if anyone has any plans for a
>> > >>>> Debian-minimal
>> > >>>>
>> > >>> template
>> > >>>> for Qubes R3 (ITL or community-maintained)?
>> > >>>
>> > >>> Jason, does the minimal template flavor (which exists in
>> > >> configuration)
>> > >>> is usable in the current state? Could you provide short
>> > >>> description
>> > >> what
>> > >>> functionality is there (like working as NetVM etc) and what
>> > >>> requires additional packages. Something like the same for
>> > >>> Fedora minimal:
>> > >>> http://www.qubes-os.org/doc/Templates/FedoraMinimal/
>> > >>>
>> > >>> Then I could simply build and upload the package.
>> > >>>
>> > >>>
>> > >>> I will document this for you. I do not use minimal template
>> > >>> since it's not that much smaller than the regular one so I
>> > >>> will need to test it all out again.
>> > >>>
>> > >>> --
>> > >>
>> > >> Then it would be good to make the Debian template selections
>> > >> similar to Fedora, with the supplied 'regular' Debian template
>> > >> having desktop features and apps. This would allow a user
>> > >> preferring Debian over Fedora to use their system as a desktop
>> > >> immediately instead of going through manual steps.
>> > >>
>> > >>
>> > >>
>> > >
>> >
>> > -----BEGIN PGP SIGNATURE-----
>> >
>> > iQIcBAEBCgAGBQJWAa3+AAoJEJh4Btx1RPV8OGMQAOb/QipOtiPaBLpccTZaZsr5
>> > yxfYrwjfFzpkLNhNU8ta0ClWl9MkoLp/tgUiAEfTC8c/DxA65UXGakKvmZrY4bfZ
>> > WiEuL1Y5lGcJraABrdC+ehTl7Fd/jRufnuyQE5d9UWleu5VBHfvGvBKMn6wwZmwN
>> > kXT1nfh5+SKHb3QaFMXz8l4pkLbQSy52TfscvgYPapDWuoM6JoQwOwQbtkdPOmxh
>> > m1sLgj7I8zq7yT6OEgS5+gJO1qrtbfFNafaEuyaYeWep1zoMRLYhgr2HSWWCeCEi
>> > 5bkKoWoIqvZVjMvhzM7vM2PMiPFHzQ4xvOtHY0v0+j2QZjhuhA9LvcjUZMDAH8rY
>> > i+ZONMjxqWGrd4VH3kQsqb8YESl1reQXIlMgro4KTr5y3Y2lvNbsPjdNiiyWLgpZ
>> > 1JM6aa4uCMLTviNiSFz++i2o40uPJXRwjOcB8hE8Kz/g17W+IpP6QEDbYUdJwG8U
>> > 1lyBnSF/ShARCthbJSzgoXvmZbZ0DuNE1j3MK/NSuE3QXIgnTrUqtJM8IfcfaPX+
>> > 4jF7cNdtDJcq4gn25rGVUR3jMTfFqX/n3dtNnjcIX4d/VG799rvj8n71ghxEamDQ
>> > iavGE3q3JaH1Hq+9P4koKJhoR/8wefMFkZnwTacg44ZpiVzxj7XvhTQg0kIVbkFy
>> > DudC0rAk6dy5lUdAoyWI
>> > =wiQV
>> > -----END PGP SIGNATURE-----
>> >
>> There's already a debian minimal spec which is easy to build.
>> I use it for most VMs - it is perfectly usable as is.
>> Jason - are you doing that write up or do you want me to pick it up?
>>
>
> I am currently finishing up on a salt management project which is due to
> be complete by end of month. If you have time to do that before then, that
> would be great, otherwise I will be able to complete it at that point :)
>
>
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f04436cf-7d55-42ef-bc9a-44b3d16ab7b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
