Suggestion/Request: post-install debloating script for minimalist system directly from the standard iso
s0me0ne at disroot.org
s0me0ne at disroot.org
Sun Dec 6 17:08:53 UTC 2020
first of all thank you for making and keeping Xubuntu what it is - namely great!
Now I know Xubuntu wants to give an easy and comfortable experience out of the box, but the downside of that is quite some bloat. While there are also lots of people simply looking for a reliable and also minimalist system, I'm aware we are still not that many, so it makes sense to keep the focus on the average user.
-Issues with Xubuntu Core-
And I'm aware of Xubuntu Core, and it's quite an improvement, but has some issues in my opinion:
-While it's mentioned in the latest release notes for example, the iso still appears to be not officially supported, which I think makes it unfortunately not suitable for productive use (please correct me on that if that's not true)
-Canonical apparently doesn't want to further provide the netboot-MinimalCD, so without that, it seems there isn't an reliable way to even get it installed from 20.10 on (and simply release-upgrading the 20.04-ubuntu-MinimalCD-install to 20.10 lead to a broken system when I tried).
-And most importantly, even Xubuntu Core appears to be quite bloated:
When looking at the package list:
- it still contains for example Snapd(!), apport (bugreports should be strictly opt-in I think), Cups with all kinds of printer drivers (many not removeable without triggering the removal of the whole system core), bluez, all kinds of rare asian or arabic fonts (I get that one, but still), modemmanager, xubuntu-wallpapers *-docs *-artwork (I get that too, but still not strictly necessary), ppp, ftp, gparted ... and many more.
-Why even bother?-
Now the actual footprint of some of the packages might be small individually (though not snapd and cups as far as I'm aware), but it's still at least a security flaw to have countless unused/unnecessary packages (that may also listen on ports), as for example merely the package 'apport' could be used in an exploit some time ago to compromize the whole system. So I think it's absolutely crucial to keep the package count as small as possible while keeping the core functionality.
That's why I use a debloating script post install to turn a standard xubuntu install into something close to a xubuntu barebone, but I'm not a developer and there is most likely still a lot of potential.
So I will post at the end of this mail the list I use to reduce the package count while keeping the functionality, and would ask you if you have any suggestions for further improvement, to make it even more barebone.
The eventual improved list/script could be provided for example on the github page for advanced users. I think this is the least invasive way to provide an option for such a system in case you don't want to touch Xubuntu Core as it is now, and don't have time or interest for a modular installer.
The system use case is a standard laptop used for browsing and a somewhat advanced user at osi-layer 8 who will then take the barebone and simply install what he needs and wants manually (and without recommended packages), while not having any fringe usecases (e.g. package modemmanager, mobile-broadband-provider-info) and no need for printers, scanners, bluetooth or pretty much anything apart from the barebone system that won't also be installed automatically when setting up the preferred software. System settings are mostly applied via copying the backup-.config folder.
-Harder to remove-
What I have avoided to remove so far are a lot of packages that will trigger the whole removal of some system core - like the removal of the printer drivers does for example:
apt purge --autoremove printer-driver*
- triggers the removal of ca. 70 packages (on a standard-Xubuntu-iso install), many crucial.
While I know this can be overcome and am sure these are absolutely useless after removing cups, I still might not be aware of packages expecting them to exist. So this is something I can not reliable solve because I don't have the in-depth knowledge of the packagemanagement, and while I can look at dependencies, it only tells me so much.
-The debloating list so far-
So here is what I remove post install from a standart Xubuntu Iso. After the terminal commands I give it as an alphabetical list as well, for increased readability. I used mostly synaptic to look at the description and dependencies.
If I can present that in a more readable way for you please let me know.
#removing also software I want use to reinstall it without recommended packages
sudo apt-get purge --autoremove whoopsie apport popularity-contest cups snapd mate-calc gimp firefox ristretto engrampa thunderbird atril xfburn pidgin simple-scan gnome-mines gnome-sudoku sgt-puzzles libreoffice-core libreoffice-base-core unattended-upgrades "bluez*" fonts-kacst* fonts-lao fonts-takao-pgothic fonts-tlwg* fonts-nanum fonts-khmeros-core fonts-smc-* fonts-kacst fonts-kacst-one fonts-khmeros-core fonts-lklug-sinhala fonts-guru fonts-nanum fonts-noto-cjk fonts-takao-pgothic fonts-tibetan-machine fonts-guru-extra fonts-lao fonts-sil-padauk fonts-sil-abyssinica fonts-tlwg-* fonts-lohit-* fonts-beng fonts-beng-extra fonts-gargi fonts-gubbi fonts-gujr fonts-gujr-extra fonts-kalapi fonts-lohit-gujr fonts-samyak-* fonts-navilu fonts-nakula fonts-orya-extra fonts-pagul fonts-sahadeva fonts-sarai fonts-smc fonts-telu-extra fonts-wqy-microhei synaptic
#(re-)installation of software without recommended packages:
sudo apt-get install --no-install-recommends apparmor bleachbit firefox gimp ristretto catfish evince galculator parole engrampa libreoffice-writer libreoffice-gtk3 mousepad -y
#purging part 2, also because even the non-recommendation-installs have some unnecessary stuff like gimp-help-common gimp-help-en libreoffice-help-en-us liblibreoffice-java
#what would be necessary to keep/install for secure boot: secureboot-db shim mokutil
sudo apt-get purge --autoremove cups cups-common cups-browsed cups-core-drivers cups-daemon cups-server-common cups-browsed cups-bsd cups-client cups-common cups-core-drivers cups-daemon cups-filters cups-filters-core-drivers cups-ipp-utils cups-pk-helper cups-ppdc cups-server-common mobile-broadband-provider-info secureboot-db shim mokutil yelp xfce4-screensaver wamerican wbritish firefox-locale-en gnome-software java-common xfce4-dict xfce4-notes transmission-gtk xcursor-themes xfce4-cpugraph-plugin xfce4-dict xfce4-mailwatch-plugin xfce4-netload-plugin xfce4-notes xfce4-notes-plugin xfce4-places-plugin xfce4-systemload-plugin xfce4-verve-plugin xfce4-weather-plugin xfce4-xkb-plugin xfpanel-switch mugshot fonts-droid-fallback gucharmap fonts-symbola gnome-font-viewer gigolo rsync gnome-accessibility-themes at-spi2-core colord onboard usbmuxd thunar-media-tags-plugin speech-dispatcher pastebinit gimp-help-common gimp-help-en gnome-menus gnome-system-tools bolt system-config-printer gnome-themes-extra gnome-themes-extra-data ftp mlocate brltty xfce4-indicator-plugin software-properties-gtk xfce4-indicator-plugin software-properties-gtk gvfs-backends pptp-linux gdb aspell aspell-en avahi-daemon bash-completion xserver-xorg-video-qxl printer-driver-c2esp printer-driver-foo2zjs printer-driver-min12xxw printer-driver-pxljr printer-driver-sag-gdi printer-driver-ptouch printer-driver-foo2zjs-common printer-driver-brlaser ppp manpages info xserver-xorg-input-synaptics pavucontrol gstreamer1.0-plugins-bad sane-utils gnome-disk-utility xfce4-taskmanager pidgin-otr espeak appstream apt-config-icons gstreamer1.0-tools liblcms2-utils libreoffice-style-elementary usb-modeswitch xubuntu-community-wallpapers-* xubuntu-docs os-prober build-essential g++ g++-10 libreoffice-help-en-us liblibreoffice-java pocketsphinx-en-us foomatic-filters xfce4-panel-profiles modemmanager lightdm-gtk-greeter-settings efibootmgr install-info
The former purged packages in lines and alphabetical order:
(stripped of the packages simply purged to directly reinstall without recommendations)
-What else can be removed?-
Now going from a standard Xubuntu iso, what packages could further be removed?
(Or the other case, are there some of these that absolutely shouldn't be removed at all - from a security perspective?
Though I'm pretty sure these are safe to remove.)
I think the Xubuntu github page would be a great place for such a post-install debloating script or list, for users who want their system as minimal as possible and go from there, without having to rely on any particular (unofficial?) iso, but being able to simply use the standard one.
Of course there should ideally be a note or wiki-entry with a few explanations for users who still want to use it, but also want to print for example, and I would help with that.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the xubuntu-devel