Remove appmenus of uninstalled applications

[marmarek]

Follow up from #1397

As far I know, Qubes doesn't remove default whitelisted Qubes menu entries if those are removed in a newer template. If you want such a feature (could be difficult), please report a bug [or feature request?] against Qubes.

@adrelanos

[marmarek]

Doesn't look to be hard. It will not clean whitelisted-appmenus.list file, but will clean actual desktop files.

[marmarek]

Doesn't look to be hard. It will not clean whitelisted-appmenus.list file, but will clean actual desktop files.

[adrelanos]

Remove appmenus of uninstalled applications

Perhaps the title is wrong.

Remove appmenus of uninstalled applications

Dunno if this is implemented. But what I meant, if whitelisted-appmenus.list appmenus changed in a later version [of the template], these changes are not reflected.

I think this is because by default template packages in dom0 aren't upgraded. (This would undo any user changes.)

"Only" the "inner" of a template is upgraded by installing newer packages.

I think it would require quite some work to "not update template packages" + "yet update whitelisted-appmenus.list appmenus".

[adrelanos]

Remove appmenus of uninstalled applications

Perhaps the title is wrong.

Remove appmenus of uninstalled applications

Dunno if this is implemented. But what I meant, if whitelisted-appmenus.list appmenus changed in a later version [of the template], these changes are not reflected.

I think this is because by default template packages in dom0 aren't upgraded. (This would undo any user changes.)

"Only" the "inner" of a template is upgraded by installing newer packages.

I think it would require quite some work to "not update template packages" + "yet update whitelisted-appmenus.list appmenus".

[marmarek]

On Thu, Nov 12, 2015 at 11:02:13AM -0800, Patrick Schleizer wrote:

Remove appmenus of uninstalled applications

Dunno if this is implemented.

It is not, actually (so this ticket still stands).

But what I meant, if whitelisted-appmenus.list appmenus changed in a later version [of the template], these changes are not reflected.

I see, I misunderstood. And probably in-pace Whonix upgrade will not
remove any application (#1397), right? Maybe some apt-get autoremove
will do the trick?

I think this is because by default template packages in dom0 aren't upgraded. (This would undo any user changes.)

"Only" the "inner" of a template is upgraded by installing newer packages.

I think it would require quite some work to "not update template packages" + "yet update whitelisted-appmenus.list appmenus".

Yes, whitelisted-appmenus.list will not be updated. You're right -
this is difficult.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[marmarek]

On Thu, Nov 12, 2015 at 11:02:13AM -0800, Patrick Schleizer wrote:

Remove appmenus of uninstalled applications

Dunno if this is implemented.

It is not, actually (so this ticket still stands).

But what I meant, if whitelisted-appmenus.list appmenus changed in a later version [of the template], these changes are not reflected.

I see, I misunderstood. And probably in-pace Whonix upgrade will not
remove any application (#1397), right? Maybe some apt-get autoremove
will do the trick?

I think this is because by default template packages in dom0 aren't upgraded. (This would undo any user changes.)

"Only" the "inner" of a template is upgraded by installing newer packages.

I think it would require quite some work to "not update template packages" + "yet update whitelisted-appmenus.list appmenus".

Yes, whitelisted-appmenus.list will not be updated. You're right -
this is difficult.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[adrelanos]

Marek Marczykowski-Górecki:

On Thu, Nov 12, 2015 at 11:02:13AM -0800, Patrick Schleizer wrote:

Remove appmenus of uninstalled applications

Dunno if this is implemented.

It is not, actually (so this ticket still stands).

Ok.

But what I meant, if whitelisted-appmenus.list appmenus changed in a later version [of the template], these changes are not reflected.

I see, I misunderstood.

And probably in-pace Whonix upgrade will not
remove any application (#1397), right? Maybe some apt-get autoremove
will do the trick?

Answered here:
#1397 (comment)

I think this is because by default template packages in dom0 aren't upgraded. (This would undo any user changes.)

"Only" the "inner" of a template is upgraded by installing newer packages.

I think it would require quite some work to "not update template packages" + "yet update whitelisted-appmenus.list appmenus".

Yes, whitelisted-appmenus.list will not be updated. You're right -
this is difficult.

I dunno if you want a separate ticket for this. I hope not. :) Seems
like a lot work. You'd have to split the template packages then.

• qubes-template-x (depending on qubes-template-x-image and
  qubes-template-x-meta) (what gets installed by most users)
• qubes-template-x-image (the raw image) (blocked from updating as of now)
• qubes-template-x-meta (whitelisted appmenus and other similar small
  configuration files) (upgraded more often)

Not that bad an idea imho, but I wonder if things would get too complex
for this to be worth it. Maybe some day far in the future.

Another option might be to ship whitelisted-appmenus.list and alike
files within the raw image. Would be less secure?

[adrelanos]

Marek Marczykowski-Górecki:

On Thu, Nov 12, 2015 at 11:02:13AM -0800, Patrick Schleizer wrote:

Remove appmenus of uninstalled applications

Dunno if this is implemented.

It is not, actually (so this ticket still stands).

Ok.

But what I meant, if whitelisted-appmenus.list appmenus changed in a later version [of the template], these changes are not reflected.

I see, I misunderstood.

And probably in-pace Whonix upgrade will not
remove any application (#1397), right? Maybe some apt-get autoremove
will do the trick?

Answered here:
#1397 (comment)

I think this is because by default template packages in dom0 aren't upgraded. (This would undo any user changes.)

"Only" the "inner" of a template is upgraded by installing newer packages.

I think it would require quite some work to "not update template packages" + "yet update whitelisted-appmenus.list appmenus".

Yes, whitelisted-appmenus.list will not be updated. You're right -
this is difficult.

I dunno if you want a separate ticket for this. I hope not. :) Seems
like a lot work. You'd have to split the template packages then.

• qubes-template-x (depending on qubes-template-x-image and
  qubes-template-x-meta) (what gets installed by most users)
• qubes-template-x-image (the raw image) (blocked from updating as of now)
• qubes-template-x-meta (whitelisted appmenus and other similar small
  configuration files) (upgraded more often)

Not that bad an idea imho, but I wonder if things would get too complex
for this to be worth it. Maybe some day far in the future.

Another option might be to ship whitelisted-appmenus.list and alike
files within the raw image. Would be less secure?

[marmarek]

On Thu, Nov 12, 2015 at 11:32:45AM -0800, Patrick Schleizer wrote:

Another option might be to ship whitelisted-appmenus.list and alike
files within the raw image. Would be less secure?

Ideally we would ship templates as the (integrity protected) raw image
and nothing more, and treat it in dom0 as a black box. This is why we
don't ship pre-generated appmenus and start the template to retrieve
them during template installation (not mount it's root.img in dom0!).
Maybe similar approach can be used for default appmenus list (somewhere
in the future)? Anyway this still doesn't update
whitelisted-appmenus.list of already created TemplateBasedVMs - which
is still difficult because of user changes.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[marmarek]

On Thu, Nov 12, 2015 at 11:32:45AM -0800, Patrick Schleizer wrote:

Another option might be to ship whitelisted-appmenus.list and alike
files within the raw image. Would be less secure?

Ideally we would ship templates as the (integrity protected) raw image
and nothing more, and treat it in dom0 as a black box. This is why we
don't ship pre-generated appmenus and start the template to retrieve
them during template installation (not mount it's root.img in dom0!).
Maybe similar approach can be used for default appmenus list (somewhere
in the future)? Anyway this still doesn't update
whitelisted-appmenus.list of already created TemplateBasedVMs - which
is still difficult because of user changes.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?