vm-recommended: relax dependency on qubes-pdf-converter #78
Conversation
3nprob
changed the title
3nprob
force-pushed
the
soft-recommend-pdf-converter
branch
from
f828c8e to
524bd6f
Compare
3nprob
changed the title
- pdf-converter depends on gvfs via nautilus
- pulls in a desktop dependencies that aren't relevant for non-gui
templates and enables file-system indexing agent
---
- arch: move qubes-pdf-converter to optdepends
- debian: move qubes-pdf-converter to recommends
- fedora: optionally require qubes-pdf-converter if nautilus is enabled
3nprob
force-pushed
the
soft-recommend-pdf-converter
branch
from
5cb088c to
adf421d
Compare
|
This is definitely not the right way to deal with the "issue". First of all, installing pdf converter only if nautilus is installed is simply wrong, it's an application that is useful beyond nautilus too. If you want to avoid pulling in nautilus, address that in the pdf converter package itself (probably by splitting nautilus integration into a sub-package that gets pulled in only when nautilus is installed). |
Sure, but considering its dependencies, is it useful enough to be installed in every qube and template by default, on the same level as core components like |
|
Hm, upon closer inspection, gvfs is not pulled in anymore - seems pruned from downstream dependencies. So not as bad anymore.
Maybe I could half-roleplay a user-story... I want to create a firewall template without gnome or xfce (assuming that #69 or something to same effect has been merged, bear with me in output below). Or maybe I want to fully use another DE in some template and don't mind missing out on the extra features in gnome/xfce integration. Attempt 1: Start with Debian standard image # apt remove python3-nautilus
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
debugedit deltarpm dnf dnf-data fakeroot fwupd-qubes-vm gir1.2-nautilus-4.0 jcat libarchive13 libcomps0 libdnf2 libdnf2-common libfakeroot libfsverity0 libimagequant0 libjcat1 libjs-sphinxdoc
libjs-underscore libmodulemd2 libnautilus-extension4 libraqm0 librepo0 librpm9 librpmbuild9 librpmio9 librpmsign9 libsolv1 libsolvext1 libunbound8 python-babel-localedata python3-aiohttp python3-aiosignal
python3-async-timeout python3-attr python3-autocommand python3-babel python3-certifi python3-chardet python3-charset-normalizer python3-cheroot python3-cherrypy3 python3-click python3-colorama
python3-croniter python3-distutils python3-dnf python3-frozenlist python3-gnupg python3-gpg python3-hawkey python3-idna python3-inflect python3-jaraco.classes python3-jaraco.collections
python3-jaraco.context python3-jaraco.functools python3-jaraco.text python3-jinja2 python3-jmespath python3-lib2to3 python3-libcomps python3-libdnf python3-looseversion python3-mako python3-markupsafe
python3-msgpack python3-multidict python3-numpy python3-olefile python3-openssl python3-packaging python3-pil python3-portend python3-psutil python3-py python3-pycryptodome python3-qubesimgconverter
python3-repoze.lru python3-requests python3-routes python3-rpm python3-setproctitle python3-simplejson python3-tempora python3-tornado python3-tqdm python3-tz python3-unbound python3-urllib3 python3-webob
python3-yaml python3-yarl python3-zc.lockfile python3-zmq qubes-core-agent-dom0-updates qubes-core-agent-passwordless-root qubes-gpg-split qubes-img-converter qubes-input-proxy-sender
qubes-mgmt-salt-vm-connector qubes-repo-templates qubes-usb-proxy rpm rpm-common rpm2cpio salt-common salt-ssh sqlite3 usbutils
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
python3-nautilus qubes-core-agent-nautilus qubes-pdf-converter qubes-vm-recommended
0 upgraded, 0 newly installed, 4 to remove and 0 not upgraded.
After this operation, 553 kB disk space will be freed.
Do you want to continue? [Y/n] nAttempt 2, on Fedora: # dnf remove nautilus-python
Dependencies resolved.
==============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
==============================================================================================================================================================================================================================================
Removing:
nautilus-python x86_64 4.0.1-1.fc40 @updates 62 k
Removing dependent packages:
qubes-vm-recommended noarch 4.2.14-1.fc40 @qubes-builder-vm-r4.2-current-testing 0
Removing unused dependencies:
c-ares x86_64 1.34.4-3.fc40 @updates 274 k
conntrack-tools x86_64 1.4.7-7.fc40 @fedora 684 k
exo x86_64 4.18.0-5.fc40 @fedora 2.1 M
fakeroot x86_64 1.37-1.fc40 @updates 163 k
fakeroot-libs x86_64 1.37-1.fc40 @updates 125 k
fwupd-qubes-vm noarch 1.8.14-5.fc40 @qubes-builder-vm-r4.2-current-testing 8.7 k
garcon x86_64 4.18.2-2.fc40 @fedora 1.1 M
gcab x86_64 1.6-5.fc40 @fedora 24 k
libXres x86_64 1.2.2-3.fc40 @fedora 21 k
libgcab1 x86_64 1.6-5.fc40 @fedora 216 k
libnetfilter_cthelper x86_64 1.0.0-27.fc40 @fedora 43 k
libnetfilter_cttimeout x86_64 1.0.0-25.fc40 @fedora 43 k
libnetfilter_queue x86_64 1.0.5-8.fc40 @fedora 57 k
libtomcrypt x86_64 1.18.2-19.fc40 @fedora 875 k
libtommath x86_64 1.2.1-3.fc40 @fedora 126 k
libwnck3 x86_64 43.1-1.fc40 @updates 2.1 M
libxfce4ui x86_64 4.18.6-1.fc40 @fedora 1.6 M
libxfce4util x86_64 4.18.2-1.fc40 @fedora 889 k
llhttp x86_64 9.2.1-1.fc40 @updates 73 k
nftables x86_64 1:1.0.9-3.fc40 @fedora 1.0 M
pciutils x86_64 3.13.0-1.fc40 @updates 245 k
pipewire-qubes x86_64 4.2.20-1.fc40 @qubes-vm-r4.2-current 72 k
python3-aiodns noarch 3.0.0-10.fc40 @fedora 31 k
python3-aiohttp x86_64 3.9.5-2.fc40 @updates 3.0 M
python3-aiohttp+speedups x86_64 3.9.5-2.fc40 @updates 8.0 k
python3-aiosignal noarch 1.3.2-1.fc40 @updates 18 k
python3-attrs noarch 23.2.0-4.fc40 @fedora 379 k
python3-autocommand noarch 2.2.2-5.fc40 @fedora 86 k
python3-brotli x86_64 1.1.0-3.fc40 @fedora 824 k
python3-cheroot noarch 10.0.0-5.fc40 @fedora 822 k
python3-cherrypy noarch 18.9.0-4.fc40 @fedora 1.3 M
python3-click noarch 8.1.7-4.fc40 @fedora 1.1 M
python3-cryptography x86_64 41.0.7-1.fc40 @fedora 4.6 M
python3-frozenlist x86_64 1.4.1-3.fc40 @fedora 152 k
python3-gnupg noarch 0.5.0-6.fc40 @fedora 164 k
python3-idna noarch 3.7-1.fc40 @updates 595 k
python3-importlib-metadata noarch 6.9.0-3.fc40 @fedora 197 k
python3-inflect noarch 2.1.0-19.fc40 @fedora 293 k
python3-jaraco noarch 9.3.0-4.fc40 @fedora 2.9 k
python3-jaraco-classes noarch 3.3.0-4.fc40 @fedora 30 k
python3-jaraco-collections noarch 3.0.0-17.fc40 @fedora 62 k
python3-jaraco-context noarch 5.3.0-1.fc40 @updates 34 k
python3-jaraco-functools noarch 4.0.0-3.fc40 @fedora 49 k
python3-jaraco-text noarch 3.12.0-3.fc40 @fedora 57 k
python3-jinja2 noarch 3.1.5-1.fc40 @updates 2.9 M
python3-jmespath noarch 1.0.1-6.fc40 @fedora 149 k
python3-looseversion noarch 1.3.0-4.fc40 @fedora 27 k
python3-markupsafe x86_64 2.1.3-4.fc40 @fedora 56 k
python3-more-itertools noarch 10.1.0-3.fc40 @fedora 448 k
python3-msgpack x86_64 1.0.7-3.fc40 @fedora 419 k
python3-multidict x86_64 6.0.5-1.fc40 @updates 162 k
python3-packaging noarch 23.2-4.fc40 @fedora 421 k
python3-portend noarch 3.2.0-4.fc40 @fedora 24 k
python3-psutil x86_64 5.9.8-1.fc40 @fedora 1.4 M
python3-pyOpenSSL noarch 23.2.0-3.fc40 @fedora 647 k
python3-pycares x86_64 4.3.0-6.fc40 @fedora 226 k
python3-pycryptodomex x86_64 3.21.0-1.fc40 @updates 3.9 M
python3-pysocks noarch 1.7.1-22.fc40 @fedora 101 k
python3-pytz noarch 2025.1-1.fc40 @updates 208 k
python3-pyyaml x86_64 6.0.1-14.fc40 @fedora 786 k
python3-pyzmq x86_64 25.1.2-1.fc40 @updates 1.6 M
python3-requests noarch 2.31.0-3.fc40 @fedora 462 k
python3-setproctitle x86_64 1.2.3-7.fc40 @fedora 35 k
python3-tempora noarch 5.5.0-5.fc40 @fedora 93 k
python3-timelib x86_64 0.3.0-4.fc40 @fedora 503 k
python3-tornado x86_64 6.3.3-3.fc40 @fedora 5.0 M
python3-tqdm noarch 4.67.1-4.fc40 @updates 568 k
python3-urllib3 noarch 1.26.20-1.fc40 @updates 999 k
python3-urllib3+socks noarch 1.26.20-1.fc40 @updates 50 k
python3-yarl x86_64 1.9.4-1.fc40 @updates 330 k
python3-zc-lockfile noarch 3.0.post1-5.fc40 @fedora 40 k
python3-zipp noarch 3.17.0-4.fc40 @updates 45 k
qubes-core-agent-dom0-updates noarch 4.2.41-1.fc40 @qubes-vm-r4.2-current 24 k
qubes-core-agent-nautilus x86_64 4.2.41-1.fc40 @qubes-vm-r4.2-current 11 k
qubes-core-agent-network-manager noarch 4.2.41-1.fc40 @qubes-vm-r4.2-current 3.1 k
qubes-core-agent-networking noarch 4.2.41-1.fc40 @qubes-vm-r4.2-current 37 k
qubes-core-agent-passwordless-root noarch 4.2.41-1.fc40 @qubes-vm-r4.2-current 1.0 k
qubes-gpg-split x86_64 2.0.75-1.fc40 @qubes-vm-r4.2-current 88 k
qubes-img-converter noarch 1.2.18-1.fc40 @qubes-builder-vm-r4.2-current-testing 4.8 k
qubes-input-proxy-sender x86_64 1.0.40-1.fc40 @qubes-vm-r4.2-current 28 k
qubes-mgmt-salt-vm-connector noarch 4.2.2-1.fc40 @qubes-builder-vm-r4.2-current-testing 6.3 k
qubes-pdf-converter noarch 2.1.23-1.fc40 @qubes-vm-r4.2-current 95 k
qubes-repo-templates noarch 4.2.2-1.fc40 @qubes-builder-vm-r4.2-current-testing 4.0 k
qubes-usb-proxy noarch 1.3.3-1.fc40 @qubes-vm-r4.2-current 13 k
salt noarch 3007.1-1.fc40 @qubes-vm-r4.2-current 52 M
salt-ssh noarch 3007.1-1.fc40 @qubes-vm-r4.2-current 4.0 k
startup-notification x86_64 0.12-29.fc40 @fedora 90 k
tinyproxy x86_64 1.11.2-1.fc40 @updates 139 k
xfce4-notifyd x86_64 0.8.2-3.fc40 @fedora 885 k
xfce4-panel x86_64 4.18.6-1.fc40 @fedora 5.6 M
xfconf x86_64 4.18.3-2.fc40 @fedora 825 k
Transaction Summary
==============================================================================================================================================================================================================================================
Remove 93 Packages
Freed space: 107 MEven It is daunting for non-expert users to figure out which packages are safe to remove and which to manually install of the above. By uninstalling Starting from a minimal template is I guess the recommended approach here but now we're getting into deeper territory and I would guess many get overwhelmed around here or again, probably end up cherry-picking everything else from the |
Neither nautilus nor gvfs is necessary for normal pdf converter operation. It is only necessary for installing nautilus extension to it. As said, the proper fix is to split that into sub-packages.
Yes. On similar level as split-gpg.
If you want to go this route...
... this is the recommended way. If that's too much for you, you can simply use normal template instead. The practical benefit from reduced number of installed package is not huge (not zero either) - a little less disk usage, and maybe a bit of memory usage due to less background services. But neither of those numbers are huge. Security benefit you mention is relevant only for applications you (or your files) interact with, but you can simply not use nautilus if you don't like - and generally, you don't interact with much stuff in firewall qube anyway. |
2 participants
Issue:
qubes-pdf-converterdepends on gvfs via nautilusqubes-vm-recommendedqubes-pdf-convertertooptdependsqubes-pdf-convertertoRecommendsnautilus-agentalready dependency so that would need to be dropped for removal to be meaningful and obv still relevant recommendation for workstation qubesqubes-pdf-converterifnautilusis enabled