Getting debian-minimal on par with debian netinst

I have been using minimal templates for some months now. I have set up all the sys-* qubes to use their debian-minimal equivalents, by consulting the guide in the docs. The resulting sys-* qubes are good, they work, and they use minimal amount of debain packages along with minimal amount of RAM.

Now, I find it difficult to employ same absolute barebones of minimal-templates for my daily work (along the lines of reading rss feeds, reading pdfs, journaling on the command line, managing the calcurse/taskwarrior, reading manpages, writing some scripts, etc.) extreme. I need a more “complete” debian setup than the debian-minimal one.

On the other hand, I also find the fully-fledged debian to be bloated. It is full of packages that my “study” focused qube won’t need, such as firefox, or multimedia players (these will have their own isolated qubes).

So, I have come to realise that I would be more content with having the debian setup which is analogous to its netinst install with only “standard system utilities” packages installed:

image800×600 4.29 KB

Such a lean-debian would be a better bedrock for other derivative qubes for specific job domains (such as web browsing, or watching videos/music on mpv, or reading pdfs and journaling, or writing scripts, or writing blog posts under anonymous identities).

So the discussion for this thread is, how to get the debian-minimal to such a “debian-lean” state with regards to the packages and programs installed. I would like to hear your opinions about which packages to install in order to get that. Meanwhile, I will be setting up a debian netinst install on a standalone qube and documenting the packages it is going to have installed with “standard system utilities.” I plan to replicate the resulting list of packs to be installed debian-minimal in order to convert it to “debian-lean.”

However, I have some question marks about this plan: for example, there might be packages that the standard system utilities provide that are unnecessary or even dysfunctional within the qubes os virtualization framework. If this indeed is, how would I discern such packages from the other useful ones.

Lastly, here is a usfeul stack exchange question that might be helpful for other people with similar goals: What packages are installed by default in Debian? Is there a term for that set? Why some of those packages are `automatically installed` and some not? - Unix & Linux Stack Exchange

Here are the packages unique to a minimal and to a stock debian
standard.
The standard utils brings in firmware, kernel and grub facilities.
The minimal template brings in X and Qubes tools.

(Attachment unique_minimal is missing)

(Attachment unique_standard is missing)

Well, I am surprised to see that debian-11-minimal contains more packages than debian-11-netinst. Here’s the result of the diff for apt list --installed for both distros (left hand side column is debian-11-minimal and the right hand side column is debian-11-netinst):

Listing...							Listing...
adduser								adduser
apt-transport-https				  | apparmor
apt-utils							apt-utils
apt								    apt
aptitude-common				      <
aptitude						  <
base-files							base-files
base-passwd							base-passwd
							      >	bash-completion
bash								bash
bsdutils							bsdutils
							      >	busybox
ca-certificates						ca-certificates
							      >	console-setup-linux
							      >	console-setup
coreutils							coreutils
cpio								cpio
cpp-10						      <
cpp							      <
cron								cron
dash								dash
dbus-x11					      <
dbus								dbus
dconf-cli					      <
dconf-gsettings-backend			  <
dconf-service				      <
debconf-i18n						debconf-i18n
debconf								debconf
debian-archive-keyring				debian-archive-keyring
debianutils							debianutils
diffutils							diffutils
dirmngr						      |	discover-data
							      >	discover
							      >	distro-info-data
dmidecode							dmidecode
dmsetup								dmsetup
dpkg								dpkg
e2fsprogs							e2fsprogs
							      >	eject
fdisk								fdisk
							      >	file
findutils							findutils
fontconfig-config			      |	firmware-linux-free
fontconfig					      <
fonts-dejavu-core				  <
gawk						      <
gcc-10-base							gcc-10-base
gcc-9-base							gcc-9-base
gir1.2-glib-2.0				      |	gettext-base
gnupg-l10n					      <
gnupg-utils					      <
gnupg						      <
gpg-agent					      <
gpg-wks-client				      <
gpg-wks-server				      <
gpg							      <
gpgconf						      <
gpgsm						      <
gpgv								gpgv
grep								grep
							      >	grub-common
							      >	grub-pc-bin
							      >	grub-pc
							      >	grub2-common
gzip								gzip
haveged						      <
hicolor-icon-theme				  <
hostname							hostname
ifupdown							ifupdown
imagemagick-6-common		      <
imagemagick-6.q16			      <
imagemagick					      <
init-system-helpers					init-system-helpers
init								init
							      >	initramfs-tools-core
							      >	initramfs-tools
							      >	installation-report
iproute2							iproute2
iputils-ping						iputils-ping
isc-dhcp-client						isc-dhcp-client
isc-dhcp-common						isc-dhcp-common
							      >	kbd
keyboard-configuration				keyboard-configuration
							      >	klibc-utils
kmod								kmod
							      >	laptop-detect
less								less
libacl1								libacl1
libaom0						      <
libapparmor1						libapparmor1
libapt-pkg6.0						libapt-pkg6.0
libargon2-1							libargon2-1
libassuan0					      <
libattr1							libattr1
libaudit-common						libaudit-common
libaudit1							libaudit1
libblkid1							libblkid1
libboost-iostreams1.74.0		  <
libbpf0								libbpf0
libbrotli1							libbrotli1
libbsd0								libbsd0
libbz2-1.0							libbz2-1.0
libc-bin							libc-bin
libc-l10n							libc-l10n
libc6								libc6
libcairo-gobject2			      <
libcairo2					      <
libcap-ng0							libcap-ng0
libcap2-bin							libcap2-bin
libcap2								libcap2
							      >	libcbor0
libcom-err2							libcom-err2
libcrypt1							libcrypt1
libcryptsetup12						libcryptsetup12
libcwidget4					      |	libcurl3-gnutls
libdatrie1					      <
libdav1d4					      <
libdb5.3							libdb5.3
libdbus-1-3							libdbus-1-3
libdconf1					      <
libde265-0					      <
libdebconfclient0					libdebconfclient0
libdeflate0					      <
libdevmapper1.02.1					libdevmapper1.02.1
							      >	libdiscover2
libdns-export1110					libdns-export1110
libdrm-amdgpu1				      <
libdrm-common				      <
libdrm-intel1				      <
libdrm-nouveau2				      <
libdrm-radeon1				      <
libdrm2						      <
libedit2							libedit2
libegl-mesa0				      |	libefiboot1
libegl1						      |	libefivar1
libelf1								libelf1
libencode-locale-perl		      <
libepoxy0					      <
libestr0							libestr0
libexpat1							libexpat1
libext2fs2							libext2fs2
libfastjson4						libfastjson4
libfdisk1							libfdisk1
libffi7								libffi7
libfftw3-double3			      |	libfido2-1
libfile-basedir-perl		      <
libfile-desktopentry-perl	      <
libfile-mimeinfo-perl		      <
libfontconfig1				      <
libfontenc1					      <
libfreetype6						libfreetype6
libfribidi0					      |	libfuse2
libgbm1						      <
libgcc-s1							libgcc-s1
libgcrypt20							libgcrypt20
libgdbm-compat4				      <
libgdbm6					      <
libgdk-pixbuf-2.0-0			      <
libgdk-pixbuf2.0-common		      <
libgirepository-1.0-1		      <
libgl1-mesa-dri				      <
libgl1						      <
libglapi-mesa				      <
libglib2.0-0				      <
libglib2.0-bin				      <
libglib2.0-data				      <
libglvnd0					      <
libglx-mesa0				      <
libglx0						      <
libgmp10							libgmp10
libgnutls30							libgnutls30
libgomp1					      <
libgpg-error0						libgpg-error0
libgraphite2-3				      <
libgssapi-krb5-2					libgssapi-krb5-2
libharfbuzz0b				      <
libhavege2					      <
libheif1					      <
libhogweed6							libhogweed6
libice6						      <
libicu67					      <
libidn2-0							libidn2-0
libip4tc2							libip4tc2
libipc-system-simple-perl	      <
libisc-export1105					libisc-export1105
libisl23					      <
libiw30						      <
libjansson4							libjansson4
libjbig0					      <
libjpeg62-turbo				      <
libjson-c5							libjson-c5
libk5crypto3						libk5crypto3
libkeyutils1						libkeyutils1
							      >	libklibc
libkmod2							libkmod2
libkrb5-3							libkrb5-3
libkrb5support0						libkrb5support0
libksba8					      <
liblcms2-2					      <
libldap-2.4-2						libldap-2.4-2
libllvm11					      <
liblocale-gettext-perl				liblocale-gettext-perl
							      >	liblockfile-bin
liblognorm5							liblognorm5
liblqr-1-0					      <
libltdl7					      <
liblz4-1							liblz4-1
liblzma5							liblzma5
libmagickcore-6.q16-6		      |	libmagic-mgc
libmagickwand-6.q16-6		      |	libmagic1
libmd0								libmd0
libmnl0								libmnl0
libmount1							libmount1
libmpc3						      <
libmpdec3							libmpdec3
libmpfr6					      <
libncurses6							libncurses6
libncursesw6						libncursesw6
libnettle8							libnettle8
libnewt0.52							libnewt0.52
libnftables1						libnftables1
libnftnl11							libnftnl11
libnl-3-200					      |	libnghttp2-14
libnl-genl-3-200			      <
libnl-route-3-200			      <
libnpth0					      <
libnsl2								libnsl2
libnuma1					      |	libnss-systemd
libopenjp2-7				      <
libp11-kit0							libp11-kit0
libpam-modules-bin					libpam-modules-bin
libpam-modules						libpam-modules
libpam-runtime						libpam-runtime
							      >	libpam-systemd
libpam0g							libpam0g
libpango-1.0-0				      |	libpci3
libpangocairo-1.0-0			      <
libpangoft2-1.0-0			      <
libparted2					      <
libpciaccess0				      <
libpcre2-8-0						libpcre2-8-0
libpcre3							libpcre3
libpcsclite1				      <
libperl5.32					      <
libpixman-1-0				      <
libpng16-16							libpng16-16
libpopt0							libpopt0
libprocps8							libprocps8
							      >	libpsl5
libpython3-stdlib					libpython3-stdlib
libpython3.9-minimal				libpython3.9-minimal
libpython3.9-stdlib					libpython3.9-stdlib
libqrexec-utils2			      <
libqubes-rpc-filecopy2		      <
libqubesdb					      <
libreadline8						libreadline8
librsvg2-2					      |	librtmp1
librsvg2-bin				      <
libsasl2-2							libsasl2-2
libsasl2-modules-db					libsasl2-modules-db
libseccomp2							libseccomp2
libselinux1							libselinux1
libsemanage-common					libsemanage-common
libsemanage1						libsemanage1
libsensors-config			      <
libsensors5					      <
libsepol1							libsepol1
libsigc++-2.0-0v5			      <
libsigsegv2					      <
libslang2							libslang2
libsm6						      <
libsmartcols1						libsmartcols1
libsqlite3-0						libsqlite3-0
libss2								libss2
							      >	libssh2-1
libssl1.1							libssl1.1
libstdc++6							libstdc++6
libsystemd0							libsystemd0
libtasn1-6							libtasn1-6
libtext-charwidth-perl				libtext-charwidth-perl
libtext-iconv-perl					libtext-iconv-perl
libtext-wrapi18n-perl				libtext-wrapi18n-perl
libthai-data				      <
libthai0					      <
libtiff5					      <
libtinfo6							libtinfo6
libtirpc-common						libtirpc-common
libtirpc3							libtirpc3
libudev1							libudev1
libunistring2						libunistring2
libunwind8					      |	libusb-0.1-4
liburi-perl					      |	libusb-1.0-0
libutempter0				      <
libuuid1							libuuid1
libvchan-xen				      <
libvulkan1					      <
libwayland-client0			      <
libwayland-server0			      <
libwebp6					      <
libwebpdemux2				      <
libwebpmux3					      <
libx11-6							libx11-6
libx11-data							libx11-data
libx11-xcb1					      <
libx265-192					      <
libxapian30					      <
libxau6								libxau6
libxaw7						      <
libxcb-dri2-0				      <
libxcb-dri3-0				      <
libxcb-glx0					      <
libxcb-present0				      <
libxcb-render0				      <
libxcb-shm0					      <
libxcb-sync1				      <
libxcb-xfixes0				      <
libxcb1								libxcb1
libxcomposite1				      <
libxcursor1					      <
libxdamage1					      <
libxdmcp6							libxdmcp6
libxencall1					      <
libxendevicemodel1			      <
libxenevtchn1				      <
libxenforeignmemory1		      <
libxengnttab1				      <
libxenhypfs1				      <
libxenmisc4.14				      <
libxenstore3.0				      <
libxentoolcore1				      <
libxentoollog1				      <
libxext6							libxext6
libxfixes3					      <
libxfont2					      <
libxft2						      <
libxi6						      <
libxinerama1				      <
libxkbfile1					      <
libxml2						      <
libxmu6						      <
libxmuu1							libxmuu1
libxpm4						      <
libxrandr2					      <
libxrender1					      <
libxshmfence1				      <
libxt6						      <
libxtables12						libxtables12
libxxf86vm1					      <
libxxhash0							libxxhash0
libyajl2					      <
libz3-4						      <
libzstd1							libzstd1
							      >	linux-base
							      >	linux-image-5.10.0-18-amd64
							      >	linux-image-amd64
locales								locales
login								login
logrotate							logrotate
logsave								logsave
lsb-base							lsb-base
ltrace						      |	manpages
mawk								mawk
media-types							media-types
mount								mount
nano								nano
ncurses-base						ncurses-base
ncurses-bin							ncurses-bin
ncurses-term						ncurses-term
netbase								netbase
nftables							nftables
							      >	openssh-client
openssl								openssl
parted						      |	os-prober
passwd								passwd
							      >	pci.ids
							      >	pciutils
perl-base							perl-base
perl-modules-5.32			      <
perl						      <
pinentry-curses				      <
procps								procps
psmisc						      |	python-apt-common
python3-cffi-backend		      |	python3-apt
python3-daemon				      |	python3-certifi
python3-dbus				      |	python3-chardet
python3-gi					      |	python3-debian
python3-lockfile			      |	python3-debianbts
							      >	python3-httplib2
							      >	python3-idna
python3-minimal						python3-minimal
python3-pkg-resources				python3-pkg-resources
python3-qubesdb				      |	python3-pycurl
							      >	python3-pysimplesoap
							      >	python3-reportbug
							      >	python3-requests
python3-six							python3-six
python3-xcffib				      |	python3-urllib3
python3-xdg					      <
python3.9-minimal					python3.9-minimal
python3.9							python3.9
python3								python3
qubes-core-agent			      <
qubes-core-qrexec			      <
qubes-gui-agent				      <
qubes-utils					      <
qubes-vm-dependencies		      <
qubesdb-vm					      <
qubesdb						      <
readline-common						readline-common
							      >	reportbug
rsyslog								rsyslog
sed						      		sed
sensible-utils						sensible-utils
shared-mime-info			      <
strace						      <
sudo						      <
systemd-sysv						systemd-sysv
systemd-timesyncd					systemd-timesyncd
systemd								systemd
sysvinit-utils						sysvinit-utils
tar								    tar
tasksel-data						tasksel-data
tasksel								tasksel
tzdata								tzdata
ucf								    ucf
udev								udev
							      >	usbutils
util-linux							util-linux
vim-common							vim-common
vim-tiny							vim-tiny
whiptail							whiptail
wireless-tools				      <
wpasupplicant				      <
x11-common					      <
x11-xkb-utils				      <
x11-xserver-utils			      <
xauth								xauth
xbitmaps					      <
xdg-user-dirs				      <
xdg-utils					      <
xen-utils-4.14				      <
xen-utils-common			      <
xen-utils-guest				      <
xenstore-utils				      <
xinit						      <
xkb-data							xkb-data
xserver-common				      <
xserver-xorg-core			      <
xserver-xorg-input-qubes	      <
xserver-xorg-qubes-common	      <
xserver-xorg-video-dummyqbs	      <
xterm						      <
xxd								    xxd
zlib1g								zlib1g

For the record, here are the number of packages present:
debian-11-minimal: 417
debian-11-netinst: 268

unman, I am missing your attachments. Can you insert them on via the forum software?

If you remove the xserver it’s probably going to be a lot more difficult to use the qubes based on the template.

I’ve been notified that my attachments were blocked.
try these

unique_minimal.log (3.41 KB)

unique_minimal.log (3.41 KB)

These seem to be the same files. Where is the other one, for the “stock debian standard”?

I’m not having a good day.

unique_standard.log (1.57 KB)

OK. Thanks everyone. I think my presupposition that “netinst is more well-rounded than minimal” was wrong. I will look further into my workflow as to why I was thinking that way. And will keep building on debian-minimal, then.

To keep my names short, any template I base on debian-minimal is named deb11m; e.g., deb11m-sys-net. But deb11m is basically a clone of debian-minimal, so anything with that “stem” in the name is debian-minimal plus the bare minimum to make it functional for whatever it is it’s supposed to do.

But then, I take off my Linux geek hat and put on my “I want to use an app” hat. I will want more things (like a text editor that isn’t vi, GUI based file managers, and the like)…so I created deb11a…which is debian-minimal plus some user conveniences (a is for “app”). [Incidentally I’ve noted that vi on dom0 tolerates arrow keys a lot better than vi on deb11m based qubes.] Basically deb11a is everything I’d want to have in common between a, say LibreOffice qube and a GIMP qube; which is still a LOT more than I’d want in sys-net!

So basically I have two “basic” templates, one for “low level” stuff, and one that has a few things a user (as opposed to an administrator) might want, before installing, say, LibreOffice or Gimp, or media players on it. Each is minimal in that I don’t install extraneous software on it, but they are different, because they’ll have different roles.

I guess what I’m driving at is that I don’t see one “minimal” template satisfying everyone; heck I can’t get along with one just by myself.

I know there’s also a “core” out there that’s supposed to be more stripped down than deb11m–I mean debian-minimal–but I haven’t played with it much; it may be a suitable substitute for deb11m.

I am fine with the debian minimal approach (so far). Currently, I am building a minimal script which should be very modular, easy to extend and provides some help within the install routine.

The downside, the lines of code are growing and this makes the quick code audit more difficult. Please give me a few more weeks. I would really appreciate some feedback.

If you are interested in its curent status I can share some screenshot (direct message me).

Back to the topic, if you go for one (main) application per AppVM, minimal template is a perfect approach imo. It is getting more difficult if you have new / not so common application. For this I have started a Wiki to better share the right set of packages. Unfortunately, the deb-mini community was not active here.

Which packs do you install on top of deb11m stem, in order to get the deb11a?

Sixteen items, apparently:

qubes-usb-proxy
pulseaudio-qubes
zenity
qubes-menus
dubes-desktop-linux-common
qubes-pdf-converter
qubes-img-converter
xfce4-terminal (if you like that one best)
gedit (again, if you like that one best)
thunar (another personal preference)
qubes-core-agent-thunar
xfce4-settings
man
libgtkmm-3.0-1v5 (So I can work with gtkmm instead of gtk)
and an editor I wrote, myself

that’s 15, the last thing I do is force a full upgrade of everything.