Hello, I am following the Install Kicksecure inside Debian documenation and had a few questions. I am aiming to install the Kicksecure CLI package on a Debian-12-minimal template for reference.
Which installation method would be considered generally safer, Using extrepo or Manually?
Why is --no-install-recommends not used when installing extrepo? It also is not used when installing apt-transport-tor when using the manual method. Why is this the case?
Are these following steps necessary when installing on Qubes? If so, why?
5. Create group console.
/usr/sbin/addgroup --system console
6. Add your Linux account user name to group console.
Note: Replace user user with your actual user name.
/usr/sbin/adduser user console
What is the difference between /usr/sbin/adduser user sudo and installing qubes-core-agent-passwordless-root? Do they achieve the exact same result?
I did not check if qubes-core-agent-passwordless-root results in effectively running /usr/sbin/adduser user sudo. In theory, the command might be superfluous at worst and the user is typing 1 command without making any difference.
The distribution morphing documentation isn’t specifically targeted only at Qubes users. As long as there is no Kicksecure Qubes Template this isn’t the “perfect installation method” for Qubes users.
Kicksecure distribution morphing a highly portable installation method supporting many kinds of Debian based distribution, VMs and many hardware architectures.
I tried to remove a saved network in sys-net (requires higher privileges) and it failed when I did not have password-less root or did not have the user in the sudo group. It worked fine when I had either one of those though, so they both serve the same purpose from the looks of it. (Not an extensive test but this is what I tried.)
Yes, I am aware it is optional, although there are some instances in the documentation where it is used and others where it is not. I was wondering if the reason it is not suggested when installing extrepo is that breakage will occur if it used. Please confirm if that is the case.
qubes-core-agent-passwordless-root does quite a lot more. What’s that? If you want to dig deep, read the source code. Not developed by Kicksecure. Therefore this is the wrong place to ask about qubes-core-agent-passwordless-root technical details.