Since I ran whonix_build next after debootstrap I did not have to uninstall apt-listchanges. I mention this since you may want to consider modifying your apt-get parameters to some of the ones I use that prevent the need to uninstall apt-listchanges:
DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ chroot apt-get ${APT_GET_OPTIONS} install ${files[@]}
Description
Description
Details
Details
- Impact
- Normal
Related Objects
Related Objects
Event Timeline
Comment Actions
Environment DEBIAN_FRONTEND="noninteractive" was already the case.
Added to environment:
DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes"
added environment variables DEBIAN_PRIORITY="critical" and DEBCONF_NOWARNINGS="yes" as suggested by @nrgaway - https://phabricator.whonix.org/T282:
https://github.com/Whonix/Whonix/commit/bf74cf3353e88a8a503b959dadd9ecb44d980288
What's inside the APT_GET_OPTIONS variable?
Are there any other missing parameters you recommend adding, @nrgaway?
Comment Actions
The options are fairly basic...
# ------------------------------------------------------------------------------
# apt-get configuration options
# ------------------------------------------------------------------------------
APT_GET_OPTIONS="-o Dpkg::Options::="--force-confnew" --force-yes --yes"
containsFlavor 'no-recommends' && {
APT_GET_OPTIONS+=" -o APT::Install-Recommends=0 -o APT::Install-Suggests=0"
} || trueComment Actions
Okay, so let's go through this one by one.
- Combination of --force-yes and --yes is insecure. Reported a bug: https://groups.google.com/forum/#!topic/qubes-devel/akv5B7TgRFQ (I know that you already know this, because you answered on the mailing list, but I am speaking so that any technical person can track this, and to keep a record for later.)
- --yes: using that already
- -o APT::Install-Recommends=0 using the equivalent --no-install-recommends already
- -o APT::Install-Suggests=0 that's the default anyhow [and very unlikely to change in Debian, I think), so it it is superfluous, not making a difference, not using it
- -o Dpkg::Options::="--force-confnew": This is TODO. Need to think about that one.
Comment Actions
-o Dpkg::Options::="--force-confnew": This is TODO. Need to think about that one.
You may not need that one. Qubes over-rides 2 configuration files so it is required for unattended installations of initially creating the templates.
The option does show an indication that it replaced a configuration file and also backs up the old one.
Comment Actions
Yes. I'd rather not add -o Dpkg::Options::="--force-confnew" if not needed, because also whonix-developer-meta-files/debug-steps/locally-upgrade-whonix-debian-packages uses help-steps/variables. Easier code and less to think through. We can still do it if needed one day.
I've succeeded with a build where apt-listchanges was installed by default. It went through without any interactive questions.
Just to make sure, added another environment variable.
add APT_LISTCHANGES_FRONTEND="text" to environment during build - https://phabricator.whonix.org/T282:
https://github.com/Whonix/Whonix/commit/38301f244d0c709fe5fe57c7b079d947ea61f14b
Everything done here? This one should be closeable?