Minimizing Minimal Temlpates

I’d like to start off by saying that I am appreciative of Qubes devs and the effort they put into the project. While I do have my criticisms, please understand that they are intended as constructive feedback/requests, not a complaint.

With that said, I’ve been using minimal templates for a while now, and I wish they were lighter. When I hear “minimal template,” I think of a template that has the bare minimum to 1) turn on, 2) interact with salt (i.e. salt minion setup), and 3) run a shell via Xen console. Currently, the minimal templates have a whole GUI setup and extraneous packages (like cups, for example). I’d assume that there’s a reason for this, but what is it/are they? Is something that would be considered as a change?

The minimal templates are not a custom OS, it’s Debian and Fedora based templates.

1 Like

It’s not what you’re asking for but are you aware of this awesome guide by @qubist?

I think I see what is being said. My assumption is that minimal templates would be what unman is referring to as micro templates.

As for @unman’s argument:
I think I understand what he means by the arbitrary nature of “essential/vital,” but the essential point is that a minimal template means, at least in my mind, that if you want it you have to install it. The only things that should be included should be the things you can’t reasonably install, and the only things that come to my mind are salt, the package manager, and the proxy.

That is very useful, thank you. I am currently trying to understand if there is a meaningful reason stopping this from being an upstream change, and advocating it if it isn’t. The way I see it is that if you have anything you want preinstalled, then use the regular template, but minimal templates should be as barren as possible. I just want to ask before I start pushing changes in case there’s a good reason it is this way. This does serve as a good temporary fix.

The templates are minimal templates of the parent distribution, how is what you are suggesting Debian or Fedora?

If someone downloads the minimal Debian template, they obviously expect to install something that is recognisable as Debian, and the same goes for minimal Fedora.

You are suggesting something completely different, and something that only would be useful to a small group of users, I remember reading a dev saying that it wouldn’t be worth the amount of support it would require to make an official release of this type of template.

1 Like
I'm responding to only Debian for convenience, not as a statement.

I’m cherry-picking Debian here because I think it’s a lot easier to talk about in this context than Fedora. I’ve heard that Debian gets picked on for this more, so I want to clarify that I want both minimized, but Debian has much more documentation behind it and is therefore easier to talk about.

So far (almost) everything I’ve heard about why the existing templates shouldn’t be further minimized falls under “use the default template” or “I want <my favorite package> in the minimal template,” (except for the part about support*).

Examples

If you have the package manager and repos then that is Debian. You can create whatever version of vanilla Debian you want with one command: # apt install <relevant-packages>. If you want to have those default packages, then install them or use the default templates, and let’s have minimal templates that make no choices for you.

It, by definition, is useful to more people because there are only two changes: flexibility and having to use the Xen console instead of GUI/XTerm (et al). Having a few more uninstalled packages follows the current theme of, you guessed it, install it if you want it. But those users who do want a micro template then don’t have the headache of decoding which packages they can remove.

  1. “But it should have vim/nano/tasksel/etc”

For text editors, I can say definitively that there is nothing stopping a user from installing it himself. For others, maybe there is a legitimate reason why it wouldn’t work right if it weren’t included. But I suspect that the number for which this is true is significantly lower than proponents think. If you can install it first thing, and then use it, then there is no reason for it to be included.

There is nothing preventing you from installing this yourself.

  1. “‘Vital/essential’ is ambiguous’”

While not exactly on theme, this is nonetheless relevant to it, being a red herring. ‘Essential’ means what it always has, and Debian has it’s own packages accordingly labeled: just run # aptitude search '?essential'. While I have greap respect for unman, and his contributions to the project, his argument comparing vitality to human organs was poor for one outstanding reason: you can’t install organs. If you could, his argument is still somewhat poor because talking about removing and putting body parts back is a bit gruesome. (This last sentence is intended as humor.)

Since Qubes adds complexity, there are extra packages that become necessary, but since I’m not a Xen or Qubes architecture expert, I can only speculate for example’s sake. Packages like systemd, qubes core agent, qrexec, qubesdb, and Xen stuff are likely essential, whereas the qubes-gui-agent metapackage isn’t. I hope this is clear and my lack of deeper Qubes packages understanding isn’t muddying the waters. I doubt there is any ambiguity. I simply just don’t know what the purposes of all the packages are.

The reason this is a red herring is because the question at hand is should minimal templates be minimized, not how.

Note on italics: it's not sarcasm.

I keep having to repeat this one theme in response to all the rebuttals, so I’m hoping that I’ll either get agreement or a reasoning that I can’t answer with this.

Apologies for so long a list. If I had more time I’d write something shorter.

The reason this argument stands is because minimal templates exist for those who don’t want defaults so they can install what they want. As far as I can tell, this encompasses all the reasons people use the minimal templates (ex.: reducing attack surface = “let me choose my own tradeoffs”). So it stands that the crux of a minimal template is “If there is no significant difference between having it preinstalled and installing it yourself, then there is no reason for it to be included.”

*

The support thing I can understand, but people will always try to use things they don’t understand and then complain when they don’t understand it. This can even be a good thing because at least people are learning. The solution is to just point people to the minimal templates documentation when they ask, like it is currently done.


I don’t want this to turn into a useless or counterproductive back-and-forth, so I’m leaving this to stand as my response to all future arguments that revolve around a problem that can be solved by users installing relevant packages.