Minifying debian-12-minimal and debian-13-minimal

parulin · March 5, 2024, 9:43am

(Not sure if wiki edits are tracked by email).

I put this line, after the qvm-prefs part:

In this case, qvm-run will need to be run with the --no-gui option.

I was trying to run qvm-run without success and just found about this. I didn’t test what command is producing this exactly, it’s just a suspicion.

qubist · March 5, 2024, 10:24am

Yes, I noticed that too. Somehow I have missed to mention it. Thanks for the addition.

Another thing is that without guivm, qvm-copy/move from the qube won’t work without an allow policy in dom0. There is always “Request refused”, probably because no dialog can be displayed.

(Not sure if wiki edits are tracked by email).

AFAICS, they are not.

miconzo · December 5, 2024, 4:27pm

How do I use qvm-console-dispvm please?

barto · December 5, 2024, 5:57pm

In a dom0 terminal, run:
qvm-console-dispvm --autostart [VM-or-Template-Name]

Then, when the dispvm is launced (can take 5-10s) type “root” at the login prompt.

miconzo · December 5, 2024, 6:04pm

Thanks! It worked

qubist · November 6, 2025, 3:38pm

Unfortunately, it seems debian-13-minimal is not as minimal as possible too.

The list of packages to remove is almost the same. The ones I have found so far are:

cpio
cron
cron-daemon-common
debconf-i18n
eatmydata
fdisk
gnupg
dhcpcd-base
ifupdown
iproute2
iputils-ping
less
libbpf1
libcap2-bin
libfdisk1:amd64
libjansson4
libmnl0
libnewt0.52
libtext-iconv-perl
libxtables12
logrotate
mawk
passwd
perl
tasksel
vim-common
vim-tiny
xterm

I will rectify it later if necessary. Still testing.

barto · November 7, 2025, 9:28am

I would not remove “vim-tiny” and “vim-common” … that’s my editor!
I’d gladly remove “nano” instead.

tanky0u · November 7, 2025, 9:43am

I would not remove “vim-tiny” and “vim-common” … that’s my editor!
I’d gladly remove “nano” instead.

Yo nano is my go-to minimalist editor! An Emacs person can make
himself at home with nano. In contrast, I would gladly remove any
vims

barto · November 7, 2025, 9:51am

My point, exactly. It’s a matter of personal choice. One editor per minimal template depending on the personal preference…

arkenoi · November 7, 2025, 11:18am

TWIMC, i made a wired-only network netvm for liteqube without the network-manager.

Could be done with wifi support also but probably does not worth the effort.

qubist · November 7, 2025, 7:10pm

@barto

It is not about preference but about what is minimal (attack surface). Starting from minimal, anyone can add whatever one likes.

Example: A production firewall qube does not need a text editor or a terminal emulator, or a guivm, or audiovm. If any text edits are required, they can be done in an editor qube then qvm-copy.

Churros · November 9, 2025, 1:18am

Or with The Stream Editor

barto · November 10, 2025, 9:52am

I applaud your boldness! and have some implementation doubts … will your firewall qube monitor the ~/QubesIncoming/dom0 directory and auto-apply new configurations as they appear?

arkenoi · November 10, 2025, 1:10pm

a production firewall qube does not need real Linux userland at all, and that’s why we have Mirage

qubist · November 10, 2025, 6:35pm

@barto

will your firewall qube monitor the ~/QubesIncoming/dom0 directory and auto-apply new configurations as they appear?

Well, that is a separate discussion, so as short as possible:

IMO, it’s better to do that in an editor domU (not dom0). Auto applying can be convenient but also vulnerable, so if the particular case requires it, it is surely possible.

dreamscomethrough · December 6, 2025, 9:42am

wow this is what I was looking for!

Can you please tell me how I can use the most minimal version so it would still support bluetooth(I currently use blueman, but I’m open to any good alternatives) with normal notifications as they currently are for the regular, non minimal template?

qubist · December 6, 2025, 3:14pm

@dreamscomethrough

The same way you create any task-oriented template: minify the system, then install the necessary packages.

I can’t tell you which ones though because I don’t use BT and it is also off-topic. Perhaps experiment with removing packages from the template you are currently using and note the removal of which results in no-BT functionality.

James369 · December 9, 2025, 6:12am

I am a bit hesitant to comment as errors may ensue, but look at fonts they take up some space and I was able to remove them, however without console management it can make problems.

qubist · February 19, 2026, 5:22pm

The list of packages that can be removed from debian-13-minimal:

apt-transport-https
apt-utils
cpio
cron
cron-daemon-common
debconf-i18n
dhcpcd-base
eatmydata
fdisk
gnupg
ifupdown
iproute2
iputils-ping
less
libcap2-bin
libeatmydata1
libfdisk1
libgcrypt20
libidn2-0
libjansson4
libk5crypto3
libkeyutils1
libkrb5support0
libmnl0
libnewt0.52
libp11-kit0
libsemanage-common
libsepol2
libslang2
libtext-iconv-perl
libtirpc-common
libxtables12
linux-sysctl-defaults
logrotate
nano
nftables
perl
tasksel
vim-common
vim-tiny
whiptail
xterm

parulin · February 19, 2026, 5:43pm

Thanks!

I don’t think you can edit the wiki with email so, I’ve updated the content.

See Minifying debian-12-minimal and debian-13-minimal to check the new version.