Mostly because @nurmagoz did not want to have it in the gateway. It would not be required in there.
Ok.
2 Likes
Thanks! Fixed. 
1 Like
Reduced delete between non-qubes-whonix-(gateway|workstation)-(kde|xfce), hopefully didn’t introduce bugs.
It looks like maybe hardened-packages-recommended-cli and
hardened-packages-dependencies-cli can be merged since they are always used in the same place. The same seems to be true for whonix-shared-packages-recommended-cli and whonix-shared-packages-dependencies-cli. Also all of those could be merged, except for hardened-debian-cli where it would add whonix specific packages. hardened-debian-kde is also currently missing kde specific stuff.
All package upgrades mentioned above tested. Working well. Merged into testers repository.
Changes below are not yet build and in the repository.
Done.
Done.
Yes, let’s not add Whonix specific packages to Hardened Debian.
Yes. hardened-debian-kde isn’t much used yet. Only one untested developers-only build. I guess it is dead on arrival.
And for a future hardened-debian-xfce (TODO) we must be careful not to add applications we don’t want to see on Whonix-Gateway.
It’s not clear to me what is remaining TODO. Please consider creating http://phabricator.whonix.org tickets so we can track, assign and implement them. (Same goes for CLI version.)
One task coming to mind which I don’t know how to implement:
remove browser starter in xfce task bar
https://phabricator.whonix.org/T876
Btw session saving glad it got disabled. Due to saved session saw this issue: kdesudo error popup window ( sdwdate-gui )
What is PromptOnLogout? What does it prompt for? Does it prompt to save session?
When set to false and you go to Applications → Log Out you will be logged out immediately instead of the default window appearing which asks for log out, reboot, shut down … So the default should be used which is “true”. Or just dont set it and Xfce will use true automatically.
1 Like
configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus)
https://phabricator.whonix.org/T883
Let’s consider to no longer depend on meta package xfce4. Instead, we could just depend on the individual packages we care about. Some packages that xfce4 depends on that we may not need or don’t want:
- Debian -- Details of package gtk2-engines-xfce in buster needed?
- Debian -- Details of package libxfce4ui-utils in buster needed?
- Debian -- Details of package thunar in buster keep for sure
- Debian -- Details of package xfce4-appfinder in buster probably keep
- Debian -- Details of package xfce4-panel in buster keep for sure
- Debian -- Details of package xfce4-pulseaudio-plugin in buster keep for sure (but perhaps workstation only, not a big deal)
- Debian -- Details of package xfce4-session in buster maybe we can avoid this one?
- Debian -- Details of package xfce4-settings in buster keep for sure
- Debian -- Details of package xfconf in buster keep for sure (but might be a dependency anyhow, so we might not need to add it as a dependency in Whonix anon-meta-packages)
- Debian -- Details of package xfwm4 in buster required
- Debian -- Details of package desktop-base in buster good if we could avoid it (since it contains Debian’s logo) but also not a big deal if we set our own background anyhow
- Debian -- Details of package tango-icon-theme in buster probably keep
- Debian -- Details of package thunar-volman in buster probably keep
-
Debian -- Details of package xorg in buster we depend on
xserver-xorganyhow, not sure we need to explicitly depend onxorgtoo - Debian -- Details of package gtk3-engines-xfce in buster probably required
-
Debian -- Details of package xfce4-goodies in buster probably keep (has some things we like such as
xfce4-datetime-pluginbut also some things we don’t need such asxfce4-weather-plugin) - Debian -- Details of package xfce4-power-manager in buster avoidable?
2 Likes
What’s the reasoning behind this? Will it be easier to move to alternative DEs in the future? Seems like a lot of deps to add manually instead of xfce4
1 Like
Unrelated since this only affects package hardened-desktop-environment-essential-xfce.
(Since we nowadays have non-qubes-whonix-gateway-cli and non-qubes-whonix-workstation-cli it is nowadays a lot easier to add support for other desktop environments compares to times where Whonix KDE was the only thing that existed.)
See reason for each individual package above. Overall reasons:
- don’t install things which are a potential source of bugs (such as session management, remember this bug where KDE session saving caused this: kdesudo error popup window ( sdwdate-gui ))
- avoid unnecessary things (such as power savings inside VM)
- less potential privacy issues (sessions savings)
- lower attack surface
- save disk space
- not have some unnecessary, potentially harmful package included when upgrading to the next major Debian version
1 Like
Great!
Agreed with your assessment of each. Pull the trigger 
Rich source of XFCE settings manipulation:
https://www.linuxsecrets.com/archlinux-wiki/wiki.archlinux.org/index.php/Xfce.html
Anything useful for us there?
1 Like
It’s not clear to me yet how folder /etc/xdg/xfce4/xfconf/xfce-perchannel-xml (or more generally folder /etc/xdg/xfce4/) works. It may be a superior solution to folder /etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml.
Progress on disable removable drives auto-mounting - XFCE only (⚓ T902 disable removable drives auto-mounting - XFCE only) was made.
1 Like
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml looks better in any case. Going to port to it.
1 Like
Debian /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-session" version="1.0">
<property name="general" type="empty">
<property name="FailsafeSessionName" type="string" value="Failsafe"/>
</property>
<property name="sessions" type="empty">
<property name="Failsafe" type="empty">
<property name="IsFailsafe" type="bool" value="true"/>
<property name="Count" type="int" value="5"/>
<property name="Client0_Command" type="array">
<value type="string" value="xfwm4"/>
</property>
<property name="Client0_PerScreen" type="bool" value="false"/>
<property name="Client1_Command" type="array">
<value type="string" value="xfsettingsd"/>
</property>
<property name="Client1_PerScreen" type="bool" value="false"/>
<property name="Client2_Command" type="array">
<value type="string" value="xfce4-panel"/>
</property>
<property name="Client2_PerScreen" type="bool" value="false"/>
<property name="Client3_Command" type="array">
<value type="string" value="Thunar"/>
<value type="string" value="--daemon"/>
</property>
<property name="Client3_PerScreen" type="bool" value="false"/>
<property name="Client4_Command" type="array">
<value type="string" value="xfdesktop"/>
</property>
<property name="Client4_PerScreen" type="bool" value="false"/>
</property>
</property>
<property name="splash" type="empty">
<property name="Engine" type="string" value=""/>
</property>
</channel>
Whonix:
Preparing to unpack .../whonix-xfce-desktop-config_1.4-1_all.deb ...
Unpacking whonix-xfce-desktop-config (3:1.4-1) ...
dpkg: error processing archive /mnt/initialdeb/pool/main/w/whonix-xfce-desktop-config/whonix-xfce-desktop-config_1.4-1_all.deb (--unpack):
trying to overwrite '\''/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml'\'', which is also in package xfce4-session 4.12.1-6
Errors were encountered while processing:
/mnt/initialdeb/pool/main/w/whonix-xfce-desktop-config/whonix-xfce-desktop-config_1.4-1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1) '
+ apt_get_exit_code=100