These modules in https://github.com/Whonix/whonix-libvirt/blob/master/etc/calamares/settings.conf… Full quote:
- exec:
- partition
- mount
- unpackfs
- sources-media
- machineid
- fstab
- locale
- keyboard
- localecfg
- networkcfg
- hwclock
- services-systemd
- bootloader-config
- grubcfg
- bootloader
- packages
- luksbootkeyfile
- plymouthcfg
- initramfscfg
- initramfs
- sources-media-unmount
- sources-final
- umount
We need to understand these modules at least on a high level.
sources-media
/usr/lib/calamares/modules/sources-media/module.desc executes /usr/sbin/sources-media. Was looking at it. Dunno what it is needed for. Something with sources list. Likely not needed because this is already done in Whonix host raw image / package anon-apt-sources-list.
Generally, we need to know what the installer does so it doesn’t do anything we don’t want it to do.
Therefore this module is a candidate for disabling.
machineid
We want shared machineid by anon-base-files. We don’t want random machineid. (Discussed in forums / documented in anon-base-files.)
calamares/src/modules/machineid/machineid.conf at calamares · calamares/calamares · GitHub
“Whether to create an entropy file” sounds interesting but calamares upstream defaults are entropy: false and entropy-copy: false and package calamares-settings-debian /etc/calamares/modules/machineid.conf isn’t using that either so perhaps better not using module machineid for now.
locale
About timezone. We have package timezone-utc. Hence, this module is probably better disabled.
localecfg
locale should already be correctly set during build process. Hence, this module is probably better disabled.
networkcfg
Not sure. Might be better set by GitHub - Kicksecure/kicksecure-network-conf / Kicksecure Network Configuration
hwclock
Dunno yet if needed.
services-systemd
not needed as per calamares/src/modules/services-systemd/services-systemd.conf at calamares · calamares/calamares · GitHub since does nothing by default and because such things would be configured through Whonix packages.
Generally, I am much more eager to have Whonix packages configure anything. That way it is easier to understand and later on easier to change through upgrades.
bootloader-config
A calamares-settings-debian thing, not calamares upstream thing.
/usr/lib/calamares/modules/bootloader-config/module.desc calls /usr/sbin/bootloader-config
Looks useful.
if [ -d /sys/firmware/efi/efivars ]; then
echo " * Installing grub-efi (uefi)..."
DEBIAN_FRONTEND=noninteractive chroot $CHROOT apt-get -y install grub-efi-amd64 cryptsetup keyutils
else
echo " * install grub... (bios)"
DEBIAN_FRONTEND=noninteractive chroot $CHROOT apt-get -y install grub-pc cryptsetup keyutils
fi
Though, I wonder if that requires networking. Otherwise we could perhaps cache these packages + dependencies somehow so it would work without internet connection too?
grubcfg
Probably required since it modifies /etc/default/grub depending on configuration (using full disk encryption or not).
bootloader
Probably required.
- /etc/calamares/modules/bootloader.conf
- calamares/src/modules/bootloader/bootloader.conf at calamares · calamares/calamares · GitHub
luksbootkeyfile
Dunno yet.
plymouthcfg
We probably don’t want plymouth. Extra complexity. Experienced some bugs in past. Using it on none of my systems. Whnix VMs also don’t have plymouth.
initramfscfg
Probably required.
initramfs
Probably required.
sources-media-unmount
Similar to sources-media.
sources-final
Similar to sources-media.