Hello there,
today I stumbled upon
https://tails.boum.org/todo/remember_installed_packages/ and decided I'd
like to try my hand at the problem.
So, according to the current todo page, there are proposed 2 approaches
to the persistent packages problem:
1. an applet asking about installation of cached apt packages upon
login, probably by looking at stored *.deb files.
2. writing down the autoinstall package list in a configuration file
alike to live-persistence.conf, or even in it itself, and install them
upon booting without user interaction.
I have to say that the 2nd idea appeals to me much more, since the goal
of server edition is to make the system bootable with as little
interaction as possible. To be honest, I can't think of many use cases
that would require disabling different packages you installed on your
persistent volume every boot.
As I see it, that's the only flexibility lost by 2nd solution compared
to the 1st one.
Also, there is this point: "The security implications of this whole idea
needs to be researched before diving in the code.". I am afraid I am
unable to research this to deeply... since the cached APT packages are
hand picked by the user, security will depend on these packages and
security of the persistent volume where the *.deb are going to be
stored. Am I missing something here?
As for the sources of packages (persistence cache / web mirrors) the
only sensible way is IMHO to use the cached versions, since we can't
assume internet connection. To make sure the packages are updated, a
mechanism to check for updates once internet connection is available
could be put in place. (something similar to the one launching the Tor
Browser Bundle only after WLAN connection is successful)
I was warned that I should ask for opinion before delving into code, so:
what do you think?
Cheers,
Lukasz Dobrogowski
