Suggestion/Request: post-install debloating script for minimalist system directly from the standard iso

[s0me0ne at disroot.org]

"I strongly urge that you consult the Xubuntu Strategy Document here: https://docs.xubuntu.org/contributors/xsd.html"

From there:

- "The target audience for Xubuntu consists of users who are interested in having an elegant, easy to use, polished and unified operating system."

- "Focus 2: Performance
The Xubuntu team should strive to make Xubuntu lightweight."

and

- "Users wanting the most lightweight system possible should be pointed at the minimal CD, more lightweight derivatives (such as Lubuntu) or other options."
I'm exactly asking for those -other options- here, as the ubuntu minimal CD is depreciated as described, and further provided a list of what I think is not strictly necessary for a minimalist system, that is to a large degree even on a system installed with such a "minimal"CD.

I don't suggest to change anything to the standard iso but ask for an honest and critical look at the list of packages and already tried what I can to reduce it, and proposed an easy viable idea of how all the other users also interested in a minimalist operating system could benefit from the result as well.
"This crosses many lines. Most of what you propose to do makes for fragile systems as well as ones that will break easily. Having looked at CVE-2020-8833 it frankly seems like you are fear-mongering about apport."
I wasn't referring to CVE-2020-8833 but CVE-2016-9949 (CVSS Score 9.3) and CVE-2016-9950 (CVSS Score 9.3 as well).

https://www.cvedetails.com/cve/CVE-2016-9949/

https://www.cvedetails.com/cve/CVE-2016-9950/
I probably should have included this, though I thought it was common knowledge that not having unnecessary software on your system protects you from such uneccessary packages having serious security flaws.
https://donncha.is/2016/12/compromising-ubuntu-desktop/
These aren't exactly from last week, but good, memorable and typical examples of the general problem with not strictly needed packages. So calling my concern with potential glaring holes in completely unnecessary packages "fear-mongering" seems honestly pretty uncalled for. (And while Ubuntu reacted pretty good in this case - after they were told about it (and the guy turned down an $10,000 offer from someone interested in those), it doesn't treat the actual problem -bloat-, but the symptom.)
"Bloat is often discerned differently. While change is always possible this proposal may need scaling back a bit."

Yes there is no 100% agreement what exactly is bloat, but the definition of "strictly necessary" isn't indefinitely stretchable either, and snapd for example is certainly not part of "strictly necessary" and very much in the category of "bloat" (snapd isn't even included in linux Mint, and that's a good example for a pretty bloated distro).
And I don't think a minimalist system is something that should be scaled back, and again I'm not suggesting to change anything on the standard install Xubuntu offers for the average user, but a look at my list for the type of user who doesn't want anything strictly necessary on the system for security reasons and performance and isn't interested in a rolling release like arch.

If you look at respective search terms you will find that there are quite a lot of people looking for such an improvement - and who then most of the time simply get unhelpful replies that they shouldn't touch anything whatsoever, as if the standard system were perfect and minimalist already. Not exactly the encouragement of learning about and improving the linux system that you would hope for.
"Most of what you propose to do makes for fragile systems as well as ones that will break easily."

So you are saying that the -most- of the following list of packages are strictly necessary to not have fragile system that breaks easily, and you are completely unable to live without them?

If you don't want to help on this - no problem and that's 100% your choice obviously.
But when making such claims I think it would be better to substantiate them, instead of brushing off the whole effort, because packages like apport, snapd, brltty, espeak, popularity-contest, speech-dispatcher, simple-scan, xubuntu-community-wallpapers, xubuntu-docs and yelp - among many others, certainly don't seem strictly necessary to me at all, and as already sustantiated, may actually improve the security of the system when removed.

I might be wrong, and I am aware of that, and that's why I want certainity and asked the developers for their opinion - but honestly didn't expect to brushed off like in the newbie corner on some random forum for asking advice on using a true minimalist and hardened system.
apport
appstream
apt-config-icons
aspell
aspell-en
at-spi2-core
avahi-daemon
bash-completion
bluez*
bolt
brltty
build-essential
colord
cups
cups-browsed
cups-bsd
cups-client
cups-common
cups-core-drivers
cups-daemon
cups-filters
cups-filters-core-drivers
cups-ipp-utils
cups-pk-helper
cups-ppdc
cups-server-common
efibootmgr
espeak
firefox-locale-en
fonts-beng
fonts-beng-extra
fonts-droid-fallback
fonts-gargi
fonts-gubbi
fonts-gujr
fonts-gujr-extra
fonts-guru
fonts-guru-extra
fonts-kacst
fonts-kacst*
fonts-kacst-one
fonts-kalapi
fonts-khmeros-core
fonts-lao
fonts-lklug-sinhala
fonts-lohit-*
fonts-lohit-gujr
fonts-nakula
fonts-nanum
fonts-navilu
fonts-noto-cjk
fonts-orya-extra
fonts-pagul
fonts-sahadeva
fonts-samyak-*
fonts-sarai
fonts-sil-abyssinica
fonts-sil-padauk
fonts-smc
fonts-smc-*
fonts-symbola
fonts-takao-pgothic
fonts-telu-extra
fonts-tibetan-machine
fonts-tlwg*
fonts-tlwg-*
fonts-wqy-microhei
foomatic-filters
ftp
g++
g++-10
gdb
gigolo
gimp-help-common
gimp-help-en
gnome-accessibility-themes
gnome-disk-utility
gnome-font-viewer
gnome-menus
gnome-mines
gnome-software
gnome-sudoku
gnome-system-tools
gnome-themes-extra
gnome-themes-extra-data
gstreamer1.0-plugins-bad
gstreamer1.0-tools
gucharmap
gvfs-backends
info
install-info
java-common
liblcms2-utils
liblibreoffice-java
libreoffice-help-en-us
libreoffice-style-elementary
lightdm-gtk-greeter-settings
manpages
mate-calc
mlocate
mobile-broadband-provider-info
modemmanager
mokutil
mugshot
onboard
os-prober
pastebinit
pavucontrol
pidgin
pidgin-otr
pocketsphinx-en-us
popularity-contest
ppp
pptp-linux
printer-driver-brlaser
printer-driver-c2esp
printer-driver-foo2zjs
printer-driver-foo2zjs-common
printer-driver-min12xxw
printer-driver-ptouch
printer-driver-pxljr
printer-driver-sag-gdi
rsync
sane-utils
secureboot-db
sgt-puzzles
shim
simple-scan
snapd
software-properties-gtk
speech-dispatcher
synaptic
system-config-printer
thunar-media-tags-plugin
thunderbird
transmission-gtk
unattended-upgrades
usb-modeswitch
usbmuxd
wamerican
wbritish
whoopsie
xcursor-themes
xfburn
xfce4-cpugraph-plugin
xfce4-dict
xfce4-indicator-plugin
xfce4-mailwatch-plugin
xfce4-netload-plugin
xfce4-notes
xfce4-notes-plugin
xfce4-panel-profiles
xfce4-places-plugin
xfce4-screensaver
xfce4-systemload-plugin
xfce4-taskmanager
xfce4-verve-plugin
xfce4-weather-plugin
xfce4-xkb-plugin
xfpanel-switch
xserver-xorg-input-synaptics
xserver-xorg-video-qxl
xubuntu-community-wallpapers-*
xubuntu-docs
yelp
Greetings

Michael
	 I strongly urge that you consult the Xubuntu Strategy Document here: https://docs.xubuntu.org/contributors/xsd.html (https://docs.xubuntu.org/contributors/xsd.html) This crosses many lines. Most of what you propose to do makes for fragile systems as well as ones that will break easily. Having looked at CVE-2020-8833 it frankly seems like you are fear-mongering about apport. Bloat is often discerned differently. While change is always possible this proposal may need scaling back a bit. Stephen Michael Kellat On Dec 6, 2020, at 12:10 PM, s0me0ne at disroot.org (https://lists.ubuntu.com/mailman/listinfo/xubuntu-devel) wrote:  Hi everyone, first of all thank you for making and keeping Xubuntu what it is - namely great! Now I know Xubuntu wants to give an easy and comfortable experience out of the box, but the downside of that is quite some bloat. While there are also lots of people simply looking for a reliable and also minimalist system, I'm aware we are still not that many, so it makes sense to keep the focus on the average user. -Issues with Xubuntu Core- And I'm aware of Xubuntu Core, and it's quite an improvement, but has some issues in my opinion: -While it's mentioned in the latest release notes for example, the iso still appears to be not officially supported, which I think makes it unfortunately not suitable for productive use (please correct me on that if that's not true) -Canonical apparently doesn't want to further provide the netboot-MinimalCD, so without that, it seems there isn't an reliable way to even get it installed from 20.10 on (and simply release-upgrading the 20.04-ubuntu-MinimalCD-install to 20.10 lead to a broken system when I tried). -And most importantly, even Xubuntu Core appears to be quite bloated: When looking at the package list: https://unit193.net/xubuntu/core/pending/xubuntu-20.10-core-amd64.iso.manifest (https://unit193.net/xubuntu/core/pending/xubuntu-20.10-core-amd64.iso.manifest) - it still contains for example Snapd(!), apport (bugreports should be strictly opt-in I think), Cups with all kinds of printer drivers (many not removeable without triggering the removal of the whole system core), bluez, all kinds of rare asian or arabic fonts (I get that one, but still), modemmanager, xubuntu-wallpapers *-docs *-artwork (I get that too, but still not strictly necessary), ppp, ftp, gparted ... and many more. -Why even bother?- Now the actual footprint of some of the packages might be small individually (though not snapd and cups as far as I'm aware), but it's still at least a security flaw to have countless unused/unnecessary packages (that may also listen on ports), as for example merely the package 'apport' could be used in an exploit some time ago to compromize the whole system. So I think it's absolutely crucial to keep the package count as small as possible while keeping the core functionality. -Debloating Script- That's why I use a debloating script post install to turn a standard xubuntu install into something close to a xubuntu barebone, but I'm not a developer and there is most likely still a lot of potential. So I will post at the end of this mail the list I use to reduce the package count while keeping the functionality, and would ask you if you have any suggestions for further improvement, to make it even more barebone. The eventual improved list/script could be provided for example on the github page for advanced users. I think this is the least invasive way to provide an option for such a system in case you don't want to touch Xubuntu Core as it is now, and don't have time or interest for a modular installer. -Use case- The system use case is a standard laptop used for browsing and a somewhat advanced user at osi-layer 8 who will then take the barebone and simply install what he needs and wants manually (and without recommended packages), while not having any fringe usecases (e.g. package modemmanager, mobile-broadband-provider-info) and no need for printers, scanners, bluetooth or pretty much anything apart from the barebone system that won't also be installed automatically when setting up the preferred software. System settings are mostly applied via copying the backup-.config folder. -Harder to remove- What I have avoided to remove so far are a lot of packages that will trigger the whole removal of some system core - like the removal of the printer drivers does for example: apt purge --autoremove printer-driver* - triggers the removal of ca. 70 packages (on a standard-Xubuntu-iso install), many crucial. While I know this can be overcome and am sure these are absolutely useless after removing cups, I still might not be aware of packages expecting them to exist. So this is something I can not reliable solve because I don't have the in-depth knowledge of the packagemanagement, and while I can look at dependencies, it only tells me so much. -The debloating list so far- So here is what I remove post install from a standart Xubuntu Iso. After the terminal commands I give it as an alphabetical list as well, for increased readability. I used mostly synaptic to look at the description and dependencies. If I can present that in a more readable way for you please let me know. #removing also software I want use to reinstall it without recommended packages sudo apt-get purge --autoremove whoopsie apport popularity-contest cups snapd mate-calc gimp firefox ristretto engrampa thunderbird atril xfburn pidgin simple-scan gnome-mines gnome-sudoku sgt-puzzles libreoffice-core libreoffice-base-core unattended-upgrades "bluez*" fonts-kacst* fonts-lao fonts-takao-pgothic fonts-tlwg* fonts-nanum fonts-khmeros-core fonts-smc-* fonts-kacst fonts-kacst-one fonts-khmeros-core fonts-lklug-sinhala fonts-guru fonts-nanum fonts-noto-cjk fonts-takao-pgothic fonts-tibetan-machine fonts-guru-extra fonts-lao fonts-sil-padauk fonts-sil-abyssinica fonts-tlwg-* fonts-lohit-* fonts-beng fonts-beng-extra fonts-gargi fonts-gubbi fonts-gujr fonts-gujr-extra fonts-kalapi fonts-lohit-gujr fonts-samyak-* fonts-navilu fonts-nakula fonts-orya-extra fonts-pagul fonts-sahadeva fonts-sarai fonts-smc fonts-telu-extra fonts-wqy-microhei synaptic #(re-)installation of software without recommended packages: sudo apt-get install --no-install-recommends apparmor bleachbit firefox gimp ristretto catfish evince galculator parole engrampa libreoffice-writer libreoffice-gtk3 mousepad -y #purging part 2, also because even the non-recommendation-installs have some unnecessary stuff like gimp-help-common gimp-help-en libreoffice-help-en-us liblibreoffice-java #what would be necessary to keep/install for secure boot: secureboot-db shim mokutil sudo apt-get purge --autoremove cups cups-common cups-browsed cups-core-drivers cups-daemon cups-server-common cups-browsed cups-bsd cups-client cups-common cups-core-drivers cups-daemon cups-filters cups-filters-core-drivers cups-ipp-utils cups-pk-helper cups-ppdc cups-server-common mobile-broadband-provider-info secureboot-db shim mokutil yelp xfce4-screensaver wamerican wbritish firefox-locale-en gnome-software java-common xfce4-dict xfce4-notes transmission-gtk xcursor-themes xfce4-cpugraph-plugin xfce4-dict xfce4-mailwatch-plugin xfce4-netload-plugin xfce4-notes xfce4-notes-plugin xfce4-places-plugin xfce4-systemload-plugin xfce4-verve-plugin xfce4-weather-plugin xfce4-xkb-plugin xfpanel-switch mugshot fonts-droid-fallback gucharmap fonts-symbola gnome-font-viewer gigolo rsync gnome-accessibility-themes at-spi2-core colord onboard usbmuxd thunar-media-tags-plugin speech-dispatcher pastebinit gimp-help-common gimp-help-en gnome-menus gnome-system-tools bolt system-config-printer gnome-themes-extra gnome-themes-extra-data ftp mlocate brltty xfce4-indicator-plugin software-properties-gtk xfce4-indicator-plugin software-properties-gtk gvfs-backends pptp-linux gdb aspell aspell-en avahi-daemon bash-completion xserver-xorg-video-qxl printer-driver-c2esp printer-driver-foo2zjs printer-driver-min12xxw printer-driver-pxljr printer-driver-sag-gdi printer-driver-ptouch printer-driver-foo2zjs-common printer-driver-brlaser ppp manpages info xserver-xorg-input-synaptics pavucontrol gstreamer1.0-plugins-bad sane-utils gnome-disk-utility xfce4-taskmanager pidgin-otr espeak appstream apt-config-icons gstreamer1.0-tools liblcms2-utils libreoffice-style-elementary usb-modeswitch xubuntu-community-wallpapers-* xubuntu-docs os-prober build-essential g++ g++-10 libreoffice-help-en-us liblibreoffice-java pocketsphinx-en-us foomatic-filters xfce4-panel-profiles modemmanager lightdm-gtk-greeter-settings efibootmgr install-info The former purged packages in lines and alphabetical order: (stripped of the packages simply purged to directly reinstall without recommendations) apport appstream apt-config-icons aspell aspell-en at-spi2-core avahi-daemon bash-completion bluez* bolt brltty build-essential colord cups cups-browsed cups-bsd cups-client cups-common cups-core-drivers cups-daemon cups-filters cups-filters-core-drivers cups-ipp-utils cups-pk-helper cups-ppdc cups-server-common efibootmgr espeak firefox-locale-en fonts-beng fonts-beng-extra fonts-droid-fallback fonts-gargi fonts-gubbi fonts-gujr fonts-gujr-extra fonts-guru fonts-guru-extra fonts-kacst fonts-kacst* fonts-kacst-one fonts-kalapi fonts-khmeros-core fonts-lao fonts-lklug-sinhala fonts-lohit-* fonts-lohit-gujr fonts-nakula fonts-nanum fonts-navilu fonts-noto-cjk fonts-orya-extra fonts-pagul fonts-sahadeva fonts-samyak-* fonts-sarai fonts-sil-abyssinica fonts-sil-padauk fonts-smc fonts-smc-* fonts-symbola fonts-takao-pgothic fonts-telu-extra fonts-tibetan-machine fonts-tlwg* fonts-tlwg-* fonts-wqy-microhei foomatic-filters ftp g++ g++-10 gdb gigolo gimp-help-common gimp-help-en gnome-accessibility-themes gnome-disk-utility gnome-font-viewer gnome-menus gnome-mines gnome-software gnome-sudoku gnome-system-tools gnome-themes-extra gnome-themes-extra-data gstreamer1.0-plugins-bad gstreamer1.0-tools gucharmap gvfs-backends info install-info java-common liblcms2-utils liblibreoffice-java libreoffice-help-en-us libreoffice-style-elementary lightdm-gtk-greeter-settings manpages mate-calc mlocate mobile-broadband-provider-info modemmanager mokutil mugshot onboard os-prober pastebinit pavucontrol pidgin pidgin-otr pocketsphinx-en-us popularity-contest ppp pptp-linux printer-driver-brlaser printer-driver-c2esp printer-driver-foo2zjs printer-driver-foo2zjs-common printer-driver-min12xxw printer-driver-ptouch printer-driver-pxljr printer-driver-sag-gdi rsync sane-utils secureboot-db sgt-puzzles shim simple-scan snapd software-properties-gtk speech-dispatcher synaptic system-config-printer thunar-media-tags-plugin thunderbird transmission-gtk unattended-upgrades usb-modeswitch usbmuxd wamerican wbritish whoopsie xcursor-themes xfburn xfce4-cpugraph-plugin xfce4-dict xfce4-indicator-plugin xfce4-mailwatch-plugin xfce4-netload-plugin xfce4-notes xfce4-notes-plugin xfce4-panel-profiles xfce4-places-plugin xfce4-screensaver xfce4-systemload-plugin xfce4-taskmanager xfce4-verve-plugin xfce4-weather-plugin xfce4-xkb-plugin xfpanel-switch xserver-xorg-input-synaptics xserver-xorg-video-qxl xubuntu-community-wallpapers-* xubuntu-docs yelp -What else can be removed?- Now going from a standard Xubuntu iso, what packages could further be removed? (Or the other case, are there some of these that absolutely shouldn't be removed at all - from a security perspective? Though I'm pretty sure these are safe to remove.) I think the Xubuntu github page would be a great place for such a post-install debloating script or list, for users who want their system as minimal as possible and go from there, without having to rely on any particular (unofficial?) iso, but being able to simply use the standard one. Of course there should ideally be a note or wiki-entry with a few explanations for users who still want to use it, but also want to print for example, and I would help with that. Greetings Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/xubuntu-devel/attachments/20201207/1134e6c0/attachment-0001.html>