Whonix XFCE Development

configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus)

Let’s consider to no longer depend on meta package xfce4. Instead, we could just depend on the individual packages we care about. Some packages that xfce4 depends on that we may not need or don’t want:


What’s the reasoning behind this? Will it be easier to move to alternative DEs in the future? Seems like a lot of deps to add manually instead of xfce4

1 Like

Unrelated since this only affects package hardened-desktop-environment-essential-xfce.

(Since we nowadays have non-qubes-whonix-gateway-cli and non-qubes-whonix-workstation-cli it is nowadays a lot easier to add support for other desktop environments compares to times where Whonix KDE was the only thing that existed.)

See reason for each individual package above. Overall reasons:

  • don’t install things which are a potential source of bugs (such as session management, remember this bug where KDE session saving caused this: kdesudo error popup window ( sdwdate-gui ))
  • avoid unnecessary things (such as power savings inside VM)
  • less potential privacy issues (sessions savings)
  • lower attack surface
  • save disk space
  • not have some unnecessary, potentially harmful package included when upgrading to the next major Debian version
1 Like


Agreed with your assessment of each. Pull the trigger :slight_smile:

Rich source of XFCE settings manipulation:


Anything useful for us there?

1 Like

It’s not clear to me yet how folder /etc/xdg/xfce4/xfconf/xfce-perchannel-xml (or more generally folder /etc/xdg/xfce4/) works. It may be a superior solution to folder /etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml.

Progress on disable removable drives auto-mounting - XFCE only (https://phabricator.whonix.org/T902) was made.

1 Like

/etc/xdg/xfce4/xfconf/xfce-perchannel-xml looks better in any case. Going to port to it.

1 Like

Debian /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml

<?xml version="1.0" encoding="UTF-8"?>

<channel name="xfce4-session" version="1.0">
  <property name="general" type="empty">
    <property name="FailsafeSessionName" type="string" value="Failsafe"/>
  <property name="sessions" type="empty">
    <property name="Failsafe" type="empty">
      <property name="IsFailsafe" type="bool" value="true"/>
      <property name="Count" type="int" value="5"/>
      <property name="Client0_Command" type="array">
        <value type="string" value="xfwm4"/>
      <property name="Client0_PerScreen" type="bool" value="false"/>
      <property name="Client1_Command" type="array">
        <value type="string" value="xfsettingsd"/>
      <property name="Client1_PerScreen" type="bool" value="false"/>
      <property name="Client2_Command" type="array">
        <value type="string" value="xfce4-panel"/>
      <property name="Client2_PerScreen" type="bool" value="false"/>
      <property name="Client3_Command" type="array">
        <value type="string" value="Thunar"/>
        <value type="string" value="--daemon"/>
      <property name="Client3_PerScreen" type="bool" value="false"/>
      <property name="Client4_Command" type="array">
        <value type="string" value="xfdesktop"/>
      <property name="Client4_PerScreen" type="bool" value="false"/>
  <property name="splash" type="empty">
    <property name="Engine" type="string" value=""/>


Preparing to unpack .../whonix-xfce-desktop-config_1.4-1_all.deb ...
Unpacking whonix-xfce-desktop-config (3:1.4-1) ...
dpkg: error processing archive /mnt/initialdeb/pool/main/w/whonix-xfce-desktop-config/whonix-xfce-desktop-config_1.4-1_all.deb (--unpack):
 trying to overwrite '\''/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml'\'', which is also in package xfce4-session 4.12.1-6
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)       '
+ apt_get_exit_code=100

After removing the xfce4 meta package:

The following packages were automatically installed and are no longer required:
gtk2-engines-xfce libkeybinder-3.0-0 libwnck-common libwnck22
libxfce4ui-utils xfce4-appfinder xfce4-panel xfce4-pulseaudio-plugin
xfce4-session xfce4-settings xfdesktop4 xfdesktop4-data xfwm4

The following packages were not installed by default anyhow:

  • tango-icon-theme
  • gtk3-engines-xfce
  • xfce4-power-manager
  • xfce4-goodies

System would work well without the following packages:

  • gtk2-engines-xfce

List of packages we depend on from other packages anyhow:

  • thunar

List of packages we would keep for sure (manually add Depends:):

  • thunar-volman
  • xfce4-appfinder
  • xfce4-pulseaudio-plugin
  • xfconf
  • xfce4-settings
  • xfconf
  • xfce4-panel
  • xfwm4
  • xfdesktop4
  • xfce4-session

In conclusion, dependencies by https://packages.debian.org/buster/xfce4 by look very good. At most package https://packages.debian.org/buster/gtk2-engines-xfce and https://packages.debian.org/buster/libxfce4ui-utils would be avoidable. Really not worth the effort. Keeping meta package xfce4.

Any suggestions for the background image? Any background image available from any packages sourced from packages.debian.org?

The only two backgrounds images installed currently (non-removable [as long as we want to use XFCE] dependency package xfdesktop4-data)

  • /usr/share/backgrounds/xfce/xfce-blue.jpg
  • /usr/share/backgrounds/xfce/xfce-teal.jpg

Could be changed here:

Why not simply replace the background image by a color, or a set of colors?


  • no fighting over the best background image :slight_smile:

  • avoiding additional paranoia “are you 100% sure that this particular image is virus/malware-free?” (saw this argument on a similar thread here a few years ago)

  • one less file!

1 Like

Yes, I am open to that too.

However, independently from your reasoning below.
(Which I think which might be invalid but that is a rather minor point.)

Just the default xfce logo is somewhat inappropriate. While XFCE is amazing, the main point of Whonix isn’t a fashion nice looking distribution focusing on that. However, that’s also not a very big importance.

Not sure.


If it’s sourced from packages.debian.org, it’s trusted anyhow.
Even if not.
That’s already violated by using arc-theme which ships lots of artwork.
And even without arc-theme, in theory any image / icon by any could include a backdoor already.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]