Here is an inverse minimal install: everything not listed is what's installed (except for kernels--there's a libre-linux kernel installed, but it's updated manually, so all the kernels are on the blacklist). It is the blacklist file from a nameserver, thus, though you could run slackware without bind, bind's not on the blacklist because it's used for dns; few other networking packages that got slackpkg working; it's headless so all of the X11 sets are on the blacklist; it's stale: there's already new packages that slackpkg install-new would pickup, like the new wayland xorg files, but wouldn't be needed on the headless setup, and I need to add them before I update this nameserver.
Code:
# This is a blacklist file. Any packages listed here won't be |
When selecting the packages, you can skip, multilingual support if you are planning to use only English.
Games could be skipped. If you do not need TeX you can remove it as well If you are planning to use browser-based office apps, you can uninstall Calligra You can do without GUI however, if you need one, you can select xinitrc.twm tab window manager or xinitrc.wmaker (window maker), they are minimal as compared with KDE or XFce. If you do not use Emacs, you can remove it, you can also remove nano, pico, and rely on Vim You can remove wither pine/alpine or mutt You can do without mc, mcedit You can also remove links or lynx You can manage wireless without wicd, thought it would be a bit tricky it is still doable You can remove either xpdf or okular |
Quote:
|
Quote:
|
I just don't like using Network Manager, so I just use rc.inet1.conf and wpa_supplicant.conf for my wireless config.
|
I had some time this weekend to have a play with setting up a minimal Slackware install as I wanted to see if I could do it and how it would work etc. It was a fun and enjoyable project and I understand a bit more about the Slackware install process and what is required to get Slackware to run.
However, I have come to the conclusion (for me at least) that there is no benefit to me to run a minimal slackware install because even using the recommended files as listed by the OP (with a few of my own files), I found I had to do a lot of troubleshooting to get my Slackware system to boot, with no error messages and run the Internet so I could update Slackware. I encountered different errors as a result of either running elilo or running Slackware in a VM and I suspect because my Slackware install was too minimal. Even at the stage I am at now, the keyboard doesn't seem to remember that it's UK and I can see that other things are missing although the system boots, upgrades etc. Then on top of that, when I upgraded Slackware I got locked out of the system because of the recent need to install pam and dependencies including libtirpc (in the N series). Also if you are running Current, you are supposed to run slackpkg install-new to install any packages that may be required by packages that you have existing and that you upgraded running Slackpkg upgrade-all. So again it would require me having to wade through changelogs to see what I need to install and what can safely be ignored - which is one of the reasons why I got locked out, as I did not run slackpkg install-new. Having to constantly update the blacklist file to exclude files you don't need, makes it a bit like pushing back the tide I guess! Perhaps when I have more time, I could try the list that Slack in the box created as I can see that more packages are installed on that system than the list recommended by the OP. This might go a long way to resolving my remaining issues as I really wanted to see how minimal I could get a working system. However I just think that if I stick to running A, L and N (everything in that) and just the four packages in AP, this would work better for me as I won't have to worry about dependencies when I upgrade Slackware or not being able to do basic Linux commands or run any given Slackware program. I enjoyed working on this project and I actually would like to come back to this project one day when I have more time and interest again (as I have had enough of this project for the time being), just for pure interest just to see how minimal I can get the system. I probably had too minimal a system which has resulted in a high number of headaches. However, I wonder whether it's really worth the effort to run a minimal system as you are very likely to break your system when you upgrade. It won't make my system safer as I only load the services that I want running so security is not a problem and hard drive space these days are simply not an issue. I suspect for relative novices like me, it just makes more sense to disable the x, xap, t etc series that I don't use and leave it at that, instead of trying to tweak the a, l and n series which just breaks functionality in the OS. I am still missing things that I should be seeing! Oh well. Fun project, but I am not convinced that there is any benefit for me in terms of improving speed, security or anything that would make a difference. I just wanted to see if I could do it. Maybe I will succeed one day with the list that Slack in the box created! |
I decided to setup the system using the configuration recommended by Slac-in-the-box seeing as I had already done most of the troubleshooting yesterday just to see how this config works.
Using that configuration I was able to fix remaining error messages, my keyboard remembered it was UK and slackware was registering the entropy entries correctly on first install. I had no problems updating Slackware, connecting to the Internet. So I will try this configuration and see if it works for me as while it contains more files than the config provided by Bifferos or Deniro, it still gets rid of a lot of stuff I don't need. So it's a very good compromise in that I get rid of a lot of stuff I don't need without risking Slackware breaking. I have added the following files to my config that is not listed in Slack-in-the-box config. A Series efibootmgr (needed for Elilo) efivar (needed for Elilo) elilo (needed for Elilo) gpm (needed if you want to use mouse to copy/paste) ntfs-3g (needed if you want to mount usb drives formatted with NTFS) I did not install Openssl 1.0 as I think we should only be running openssl 1.1 now. Hopefully I won't have any issues with running only 1.1 version. AP Series Diffutils (when you run slackpkg upgrade slackpkg or slackpkg upgrade glibc-solibs) - it has an error because missing diffsutils L Series I removed Consolekit2 as I suspect it came out after this list was created and I don't see it as necessary and it creates an error message looking for polkit library. N series IpUtils (so ping etc worked) libmnl (I could not connect to Internet to update slackware running slackpkg without this - maybe this is new since these lists were created?) libtirpc (Now required for Slackware Current when you upgrade as Shadow now using PAM) There are a couple of other files I added/removed eg grub as I use Elilo and I didn't want a couple of apps installed, but these ones listed are the important ones. At this time, you have to install cracklib, libpwquality, nss-pam-ldapd, Pam and Pam-krb in slackpkg install-new as these files (including libtirpc) are now required when you upgrade Slackware - that is if you want to login again! So these files will need to be added to the list of mandatory files to be installed. |
Quote:
Quote:
I don't consider myself a guru or a master of anything enough to see the complete picture, and viewed all the full-install's extra packages not needed by the specific dedicated service, as potential vectors of attack. So I took the time to eliminate them, so I don't have to experience anxiety about whether the system can be compromised from some extra package I'm ignorant about, which is most all of them! I also created a minimal install for a reverse proxy server: the first one I tried was pound; but now I'm on nginx--and I've wised up to Google's ways, and switched to Linode. I'm not sure if it's the introduction to my network of the reverse-proxy service, the minimal installs, the switch to Linode, or some combination thereof; but thankfully I have not had any security issues since. Minimal installs are also helpful on ancient hardware, or on arm and arm64 architecture that are running on small microSD cards where space is an issue. On my x64 laptop, with the TB drive, I run full install; but on the arm64 pinebook pro with only 128GB, I skipped kde to conserve some space. Being able to have custom slackpkg blacklists for its variety of deployments makes slackware tight! |
Quote:
I mean it can easily be used for both, but there is another feature called templates which is designed specifically for deployment: Code:
slackpkg [OPTIONS] {generate-template|install-template|remove-template} |
Looking at the manpage of slackpkg I would presume that the template is only used for deploying machines when you are setting them up. In the case of running slackware install-new, I think the blacklist would be more appropriate.
|
When Slackware 15 is released, I might just run Slackware 15 stable instead of running current. This would negate the need to run install-new which I think would make running a minimal install much easier to maintain.
I am also in agreement with you in one way that removing packages that I don't need reduces my attack vector. However, someone else said unless the service is running, it can't be used as an attack vector. Simply installing the package doesn't create an attack vector. The service actually has to be running. So he does have a point there. On the other hand, if you are not installing loads of things you don't need, you are not installing libraries that could be "running" that could open up an attack vector. I also just feel it is silly to install things like mail servers, dhcp servers etc if I am not using those programs. |
There are two questions about definition of minimal:
1. Should network be considered as part of minimal? Is it enough to make it just bootable? 2. Minimal by number of packages or by real content? aaa_elflibs contains a lot of shared objects collected from other packages. Personally, I would not consider such configuration as a minimal. |
1 Attachment(s)
everybody has his own definition of minimal based on his use case: what is minimal for one could be too much for someone else or too little for others.
|
Minimal could in theory mean anything. The OP themselves said that minimal could mean a system that boots and runs init!
I think it would be pointless debating what minimal means. It would be more accurate to ask what people want to achieve by not running a full install. This would be a more relevant question to ask. In most cases what people want to achieve, I think would be broadly similar. We want Slackware to work out of the box without error message on boot or being unable to use basic Linux commands. We need it to access the Internet (as almost all user cases would require internet access), we want to be able to update Slakware without issues and last but not least install only the applications that we would actually use! So generally most users looking for a "minimal install" as described above, would be looking at a configuration similar to what Slack-in-the-box provided where you have a working functional install that can be used by almost everyone without running into dependencies issues and strange error messages etc and problems updating! Yes, you can get more minimal than this, but as my own research this weekend indicated there is a point where a minimal install becomes self defeating and more trouble than it's worth to update. I spent hours troubleshooting slackware using a very minimal install based on Bifferos and Deniro's suggestions and while Slackware booted, updated etc, there were things clearly wrong or missing with the system. Most people like myself would prefer a compromise "minimal install" where everything works, but you can still eliminate a surprising amount of stuff that is not needed. |
Yes, it's pointless. Even if this minimal system is not universal, but just for a particular machine, it's still possible to modify init scripts and throw away more packages. For example, disabling FS check on boot and removing e2fsprogs from the list (or xfsprogs etc.). Or removing hostname. Still bootable and working environment.
So, the most minimal system is absent system I guess. |
All times are GMT -5. The time now is 05:17 AM. |