The officially official Devuan Forum!

You are not logged in.

#1 2023-01-28 12:53:33

d1thy
Member
Registered: 2017-11-15
Posts: 3  

Tinfoil Tuxery - Packages_of_interest

My first - and foremost - reason to use devuan is "privacy".
Privacy in the sense that "Having nothing to hide, doesn't entitle anybody else to know anything".
I view "Freedom to choose" as an absolute.
Hence when obscurity is forced, in the name of 'whatever', and removing previous options, my spidey senses goes beserk.
So, going non-systemd was a no-brainer for me.

A few weeks ago, i installed redshift, in order to change colortemp on my screen.
But.. It wanted to install 'geoclue-2.0' and 'iio-sensor-proxy' too.
As it is redshift works fine, for me, without them, but i don't want any privacyleaking 'utilities' forced upon me.

Now...
Having read https://dev1galaxy.org/viewtopic.php?id=5406, it is also mentioned that GTK4 has hard dependencies to similar packages.

I did not know that, but luckily pungentweasel did, and chose to share the info.

So.....

I thought that i would make this thread, just in case any of you would like to make an "honorable mention" of 'whatever package' you see as doing unnessecary datacollection, or having unnessecary dependencies on some tracking/mining/leaking package.

Offline

#2 2023-01-28 14:34:18

Altoid
Member
Registered: 2017-05-07
Posts: 1,581  

Re: Tinfoil Tuxery - Packages_of_interest

Hello:

Good idea, but I think (like in the case of your example) that it may be more a dependency thing.

eg: my box runs Devuan Beowulf with a backported kernel.

~$ uname -a
Linux devuan 5.10.0-0.deb10.16-amd64 #1 SMP Debian 5.10.127-2~bpo10+1 (2022-07-28) x86_64 GNU/Linux
~$ 

I don't have zeitgeist installed.

~$ apt list | grep installed | grep -i zeitgeist
--- snip ---
~$ uname -a

But if I ask aptitude about zeitgeist, I get this information:

~$ aptitude why zeitgeist
i   desktop-base           Suggests gnome | kde-standard | xfce4 | wmaker
p   gnome                  Depends  totem-plugins                        
p   totem-plugins          Suggests totem-plugin-zeitgeist               
p   totem-plugin-zeitgeist Depends  libzeitgeist-2.0-0 (>= 0.3.2)        
p   libzeitgeist-2.0-0     Suggests zeitgeist-core | zeitgeist           
~$ 

I wonder if there's a way to scan the whole Debian/Devuan package information database to filter the packages that list zeitgeist (or its libraries) as a suggests or depends.

It would be really interesting to see what comes up.

Any ideas?
Maybe contacting the database maintainer/s?

Best,

A.

Offline

#3 2023-01-28 14:58:48

boughtonp
Member
From: UK
Registered: 2023-01-19
Posts: 212  
Website

Re: Tinfoil Tuxery - Packages_of_interest

d1thy wrote:

I thought that i would make this thread, just in case any of you would like to make an "honorable mention" of 'whatever package' you see as doing unnessecary datacollection, or having unnessecary dependencies on some tracking/mining/leaking package.

Several KDE apps on Debian have been compiled with a dependency on kuserfeedback, which continues to collect data even when the relevant setting is supposedly turned off.

KDE have claimed that it's ok to generate the data because it's not uploaded.

I've tried compiling my own version of the relevant library with all data collection functionality actually removed, but the compilation process is a massively over-convoluted mess, and I've not yet been able to get a shared object with a compatible interface.


3.1415P265E589T932E846R64338

Offline

#4 2023-01-28 17:10:00

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,486  

Re: Tinfoil Tuxery - Packages_of_interest

Altoid wrote:

I wonder if there's a way to scan the whole Debian/Devuan package information database to filter the packages that list zeitgeist (or its libraries) as a suggests or depends.
.

apt rdepends zeitgeist

will show packages that depend on zeitgeist. I don't know an easy way to get Recommends or Suggests.

Maybe some good tips here: https://dev1galaxy.org/viewtopic.php?id=511

Offline

#5 2023-01-28 18:55:57

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Tinfoil Tuxery - Packages_of_interest

d1thy wrote:

A few weeks ago, i installed redshift, in order to change colortemp on my screen.
But.. It wanted to install 'geoclue-2.0' and 'iio-sensor-proxy' too.

Just use equivs to generate "fake" packages to satisfy those dependencies without providing the functionality.

To do this create a file called geoclue-2.0.ctl with this content:

Package: geoclue-2.0-dummy
Provides: geoclue-2.0
Conflicts: geoclue-2.0
Description: geoclue-2.0 dummy package

Then run

equivs-build geoclue-2.0.ctl
dpkg -i geoclue-2.0-dummy*.deb # as root

Use the same technique with any other "fakes" that may be required.

Last edited by Head_on_a_Stick (2023-01-28 19:36:35)


Brianna Ghey — Rest In Power

Offline

#6 2023-01-29 08:27:40

d1thy
Member
Registered: 2017-11-15
Posts: 3  

Re: Tinfoil Tuxery - Packages_of_interest

Head_on_a_Stick wrote:

Just use equivs to generate "fake" packages to satisfy those dependencies without providing the functionality.

Appreciate that !
Learning something new :-)

Offline

#7 2023-01-29 08:51:40

d1thy
Member
Registered: 2017-11-15
Posts: 3  

Re: Tinfoil Tuxery - Packages_of_interest

boughtonp wrote:
d1thy wrote:

I thought that i would make this thread, just in case any of you would like to make an "honorable mention" of 'whatever package' you see as doing unnessecary datacollection, or having unnessecary dependencies on some tracking/mining/leaking package.

Several KDE apps on Debian have been compiled with a dependency on kuserfeedback, which continues to collect data even when the relevant setting is supposedly turned off.

$ apt rdepends kuserfeedback-bin
kuserfeedback-bin
Reverse Depends:
$ apt search kuserfeedback-bin
Sorting... Done
Full Text Search... Done
kuserfeedback-bin/stable 1.0.0-3 amd64
  user feedback for applications - executables
$ 

Hmm. On chimera nothing ..
Maybe i'm holding it wrong ?

KDE have claimed that it's ok to generate the data because it's not uploaded.

Just like digitally logging your conversations is not recording, nor is it surveillance because noone is listening in real time...But i digress..

Offline

#8 2023-01-29 10:19:45

Altoid
Member
Registered: 2017-05-07
Posts: 1,581  

Re: Tinfoil Tuxery - Packages_of_interest

Hello fsr:

fsmithred wrote:

apt rdepends zeitgeist will show packages that depend on zeitgeist.

Yes, but that will only tell me if any package installed in a system has zeitgeist as a dependancy.

I was referring to a scan of the whole Devuan package database which has that information.
Just have to weed it out but I don't have a clue.

I have never (ever) been able to make any sense of regex but I'm sure there's a way.

Adding a reverse dependency search box to do that would be a great addition to the database page, very useful in instances like this one.
Which I fear will become the norm.

fsmithred wrote:

Maybe some good tips here: https://dev1galaxy.org/viewtopic.php?id=511

I'll have a look.

Thanks for your input.

Best,

A.

Offline

#9 2023-01-29 10:42:21

delgado
Member
Registered: 2022-07-14
Posts: 212  

Re: Tinfoil Tuxery - Packages_of_interest

fsmithred wrote:
apt rdepends zeitgeist

will show packages that depend on zeitgeist. I don't know an easy way to get Recommends or Suggests.

The list is quite enlarged when using addional wildcards (incl Suggests, Reverse Depends, etc). Just typed it, becasue the original list was to small.

apt rdepends *zeitgeist*

Edit: Typo (hm .. no spell checker when using this computer. There might be more)

Last edited by delgado (2023-01-29 10:46:15)

Offline

#10 2023-01-29 13:38:54

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,486  

Re: Tinfoil Tuxery - Packages_of_interest

Another helpful tip - you can avoid installing Recommends with:

apt --no-install-recommends install <package>

Redshift will install without geoclue this way. (Edit: and without avahi-daemon.)

Offline

#11 2023-01-29 14:32:45

boughtonp
Member
From: UK
Registered: 2023-01-19
Posts: 212  
Website

Re: Tinfoil Tuxery - Packages_of_interest

d1thy wrote:

Hmm. On chimera nothing ..
Maybe i'm holding it wrong ?

No, I just forgot the package name, it's libkuserfeedbackcore1.


3.1415P265E589T932E846R64338

Offline

Board footer