creating plain Debian images using Whonix build script / Non-Qubes-Whonix CLI only without desktop envirionment

--gui kde is the default and works but --gui none is broken and unmaintained for a while now. The implementation of that was more like an after thought and broken by design. (--gui none added packages to a skip list and was not a mandatory switch. The new design will be more declarative, i.e. --some-switch will be mandatory and opt-in things rather than disabling stuff. Just now finished cleaning up that code.

./whonix_build supports currently

  • --flavor whonix-gateway
  • --flavor whonix-workstation
  • --flavor whonix-custom-workstation

I am considering new switches.

  • --flavor whonix-gateway-kde (installs non-qubes-whonix-gateway package)
  • --flavor whonix-workstation-kde (installs non-qubes-whonix-workstation package)
  • --flavor whonix-gateway-cli (installs non-qubes-whonix-gateway-cli package, yet to be added to anon-meta-packages, same as above package without dependency on anon-shared-desktop as well without dependency on anon-shared-desktop-kde package)
  • --flavor whonix-workstation-cli (similar to above)
  • --flavor whonix-custom-workstation

Rather I am wondering if the following makes sense:

  • --flavor whonix-gateway-custom (where the to be installed meta package[s] must be manually given using an environment or build config variable)
  • --flavor whonix-workstation-custom (similar to above)

For Whonix development purposes it sometimes would be helpful to have plain Debian images available for download.

  • --flavor whonix-plain-debian-kde-minimal (just Debian without any Whonix packages installed)
  • --flavor whonix-plain-debian-kde-whonix (coming with whonix-repository, guest additions, grub config packages for apparmor, screen resolution and verbosity installed)

It’s rather hard finding some sensible naming scheme for these command line switches. Any suggestions? Perhaps no switches for the non-default configurations and having the user enter the meta packages desired to be installed?

I also worry that deploying a plain Debian image through would be easily confused having to do anything with anonymity. Is there a way to prevent that?