Tris-bian - Trisquel with a Debian base
I did something different today - I installed Debian 12, added all the Trisquel repositories and the Trisquel keyring, did a full update/upgrade, and still ended up with a working system, despite Debian now using 372 of Trisquel's packages (see attached list).
Has anyone ever done this? It seems to indicate that a Debian-based Trisquel might be possible if the Trisquel devs ever had too many problems with Ubuntu.
This is kind of funny - DISTRIB_ID=Trisquel and VERSION_CODENAME=bookworm and ID=debian:
$ cat /etc/*-release
DISTRIB_ID=Trisquel
DISTRIB_RELEASE=11.0.1
DISTRIB_CODENAME=aramo
DISTRIB_DESCRIPTION="Trisquel GNU/Linux 11.0.1, Aramo"
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
IMAGE_ID=live
BUILD_ID=20241109T101058Z
Attachment | Size |
---|---|
12-9-24 Tris-bian list of installed Trisquel packages.txt | 27.18 KB |
Got to have an apt-pinning file in /etc/apt/preferences.d/ for it to work. I pinned Trisquel repos at a higher apt-pinning value than the Debian repos, so that apt would prefer to install the Trisquel packages where possible. I also blacklisted Firefox-ESR and Thunderbird so that the system wouldn't give me a problem with installing Abrowser and Icedove (see attached).
I blacklisted chromium because it's not libre.
When I went to install the Trisquel backported version of LibreOffice, apt threw up an error about a missing python package. So I went into Synaptic and installed the different components of Trisquel's backported LibreOffice (Calc, Draw, Math, Base, Write ...), and Synaptic brought in enough packages to make it work.
Before installing, I un-squashed the Debian live ISO and purged all the non-free firmware and re-squashed it again (I should write up this procedure - rather complex). Once installed, I purged the Debian versions of Firefox-ESR and LibreOffice prior to trying to install Abrowser and Trisquel's backported LibreOffice.
I'm writing this from Abrowser in Tris-bian.
Attachment | Size |
---|---|
12-9-24 Tris-bian apt-pinning.txt | 1019 bytes |
12-9-24 Tris-bian repositories.txt | 1.15 KB |
> I blacklisted chromium because it's not libre
Thank you so much for blacklisting it, but there are also other problematic packages in Debian main, for example the obnoxious and weirdly-worded Artistic License 1.0 (not to be confused with other Artistic Licenses considered free by the FSF) is considered "free" by Debian despite the fact that it's considered non-free by the Free Software Foundation, so there are other packages in Debian other than Chromium which would be considered non-free. If I remember correctly, PureOS (FSDG-compliant distro based on Debian) blacklisted a game/simulator about trains because it was under Artistic License 1.0 only, considered non-free. If I remember correctly Trisquel also had to blacklist some packages of the distro so-called Ubuntu for being non-free under Artistic License 1.0 only
https://directory.fsf.org/wiki/License:Artistic_v1.0
This LibrePlanet article lists packages under non-free "Artistic License 1.0 only", though I'm not sure if it managed to list them all. https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines
>"Artistic License 1.0 (not to be confused with other Artistic Licenses considered free by the FSF) is considered "free" by Debian despite the fact that it's considered non-free by the Free Software Foundation, so there are other packages in Debian other than Chromium which would be considered non-free"
That would be easy to add to the blacklist if anyone had a listing of those packages with the inappropriate license.
I edited my reply to link to a LibrePlanet article showing some packages under "Artistic License 1.0 only", but I'm not sure if it's a complete list
Might be a good starting point.
Here's my first effort at blacklisting any of the offending Debian packages listed in that LibrePlanet article (see attached apt pinning text file). This file would be saved as /etc/apt/preferences.d/trisbian on your Tris-bian system.
I did not need to blacklist every package in the LibrePlanet article, as Debian has already upgraded and fixed many of the packages to be compliant. However, Debian does leave a group of the 'Artistic License' files, so this blacklist generally tries to deal with those and a few other issues. I'll be updating this blacklist in the future as I find more licensing issues to try to fix.
If I've blacklisted packages where the freedom issues have already been fixed in Debian, leave me a comment and I'll update this file.
Attachment | Size |
---|---|
12-24-24 Tris-bian apt-pinning.txt | 1.9 KB |
Even with these changes, it doesn't result in a distro that would pass the GNU FSDG.
No, it certainly doesn't. It's just Debian minus a few freedom issues.
Oh by the way, I installed Linux-libre and am now banishing the Debian kernels, which seems to work great so far.
> Debian user wants to make Debian setup atleast a bit closer to FSDG-compliance
> Debian user sees LibrePlanet article
> Notices entry at https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#apt
> Blacklists apt
> sudo apt purge apt
> apt says:
> > [...]E: Removing essential system-critical packages is not permitted. This might break the system.[...]
> Debian user: :(
> Debian user gives up. just kidding, Debian user installs FSDG-compliant version of apt from Trisquel's repositories to replace Debian's version
> FrankenDebian instituted, computer explodes
> Debian user: ;-; (uninstalls Debian and moves to Trisquel)
This thing you've written is humorous, as long as we are in agreement I am not "Debian user". I've never used it before this experiment at all.
I have used GNUinOS, but that's quite a bit different from Debian.
I am a Trisquel user.
When I used the term "Debian user" I wasn't referring to you
NOTE - reminder to myself that I had to purge the 'fonts-khmer' package prior to first update/upgrade or apt would fail with dependency errors.
Can't seem to install much of anything from the KDE collection of packages without a lot of apt errors. I tried Okular and Falkon, but no dice. So there are significant issues with trying to run your entire system this way. But of course, this is just for experimentation and research and fun, so we continue...
Something that could explain the breakage: the version of "Ubuntu" Trisquel 11 is based on was released in early 2022 ("Ubuntu" LTS releases are released on April and on even years), meanwhile Debian Bookworm is a 2023 release, so mixing the two is potentially mixing incompatible versions of software, with Bookworm likely to have different releases of software due to being released in a newer year, creating what is called by Debian's documentation a FrankenDebian, which is a version of Debian that is a broken mix of incompatible releases. Debian's documentation states that "Ubuntu" and Debian repositories are not compatible with eachother, so even though you managed to get Tris-bian working, it is very likely to break.
"Ubuntu" LTSs release on even years, Debian LTSs generally release on odd years.
>"Something that could explain the breakage ..."
I should have noted that I didn't really expect most KDE packages to work well. I've got a lot of experience with trying to install mis-matched versions of KDE packages on systems with older or newer KDE libraries, and it almost always fails badly. So, not a big deal. I could always use the Guix package manager to install those packages if I wanted them badly enough.
UPDATE: I was able to install Okular from KDE and its 100+ KDE dependencies last night, so I'm beginning to make some progress on the KDE front.
I then tried to install plasma-desktop, but that first attempt was met with dramatic failure involving libelf1 and libdw1 - I've got more problems to solve before Tris-bian will be able to run Plasma.
I've now got it running 580 Trisquel installed packages out of a total of 1,853 installed packages.
Debian fans: "Trisquel will never have drip"
Meanwhile Tris-bian logo:
Debian fans: (spits cereal)
(note: based on the https://www.debian.org/logos/ , same license as original, https://www.gnu.org/copyleft/lgpl.html version 3 or any later version or https://directory.fsf.org/wiki/License:CC-BY-SA-3.0 )
Attachment | Size |
---|---|
tris-bian.xcf_.gz | 729.24 KB |
Holy Cow, that's beautiful!! Hmmm.... maybe Tris-Bian should be a real thing now that it's got a cool logo...
andyprough, in case you are interested.
I have had a look at parrotsec.org. The main reason is I want
a computer where the installed system itself and all programs on the system
can only connect to the internet over tor. My understanding
is that parrotos provides such a system. Parrotos is a non free software
system, which I do not want to install. Parrotos provides a script
which will turn a debian computer into a parrotos computer.
gitlab.com/parrotsec/project/debian-conversion-script
Can you turn a trisquel computer into a parrotos computer? Can you
do it such that the system stays a free
software system? Thank you.
>"Can you turn a trisquel computer into a parrotos computer? Can you
do it such that the system stays a free
software system?"
I took a copy of Tris-bian and ran the ParrotOS installer script for Debian on it, and it seemed to work. The system-wide Tor seems to work, by using Parrots' AnonSurf package to start and monitor the Tor network. I checked on the website deviceinfo.me, which said that I was using the Tor network, and the location of my IP address kept changing to countries like Poland and Hungary and back to the US, like a rotating Tor setup will do. I don't know much about how to check Tor, but it looks like it's working like I think it should.
I removed rar, unrar, and chromium which the Parrot install script had installed, as they have non-free elements. I replaced firefox and thunderbird with Abrowser and Icedove.
I replaced the Parrot kernels with Linux-libre, and it still seems to be working ok. I'm not sure how much of Parrot's security comes from their kernel, but I'll bet that their kernel probably has non-free blobs. It looks like Parrot sets up different AppArmor profiles, and I don't know if those all work correctly without using the Parrot kernel - I really know very little about that sort of thing. But the system was generally working OK with the Linux-libre kernel.
I also got rid of all the non-free and contrib repos from Parrot, and added all the 'main' repos from Trisquel and Debian. And then I did apt pinning to make the Trisquel packages be first in priority for installing and updating packages, and to blacklist firefox, thunderbird, chromium, rar, and unrar. Surprisingly after all that craziness the system does work - I'm writing this from Abrowser over the Tor network on this Tris-bian-Parrot thing.
If you want, I'll write up the list of steps and commands I took to get to this point. It's quite a long list, might take me a bit of time, but I'm happy to share. I don't think I could create an ISO for you, all I could do would be to give you ideas on how you might do it yourself, and there may be better ways than I've been using. I was thinking that maybe you could just take the AnonSurf deb files from Parrot and use them on a Trisquel installation and get the Tor network that way, but I kind of doubt it would be that easy.
I did not try running the script on a trisquel computer. Because I assumed
a lot of error messages occurring and not knowing how to deal with them.
Have you tested the script on a trisquel computer?
community.parrotsec.org Unfortunately the forum has not been working
for a while. Which makes it difficult to ask parrotos people about
what can be done in order to get a free software parrotos option?
I have contemplated some variants. Probably asking parrotos to provide
a free software iso of parrotos is asking for to much. Preparing an iso
takes a lot of work?
Another option would be making a trisquel conversion script. Maybe in
cooperation with parrotos people.
There is an extrepo deb package.
https://manpages.debian.org/bookworm/extrepo/extrepo.1p.en.html
The deb package is available in the debian 12 repository. Is
extrepo available in trisquel? If not will trisquel add extrepo to
trisquel? If parrotos repositories have been made or can be
made available for extrepo then maybe a guide on how to turn trisquel
into a free software version of parrotos using
extrepo could be made?
Regarding getting a system wide forced tor internet connection option on trisquel, maybe nothing more than installing anonsurf is
required? Anonsurf is not in the debian 12 repository. I
assume anonsurf is not in the trisquel
repository either? Will trisquel add anonsurf to
its repository? Are tor expert bundle and tor browser in the trisquel
repository?
https://gitlab.com/parrotsec/packages/anonsurf
It appears you can compile and install anonsurf on your computer.
>"Have you tested the script on a trisquel computer?"
That script would just turn Trisquel into a non-free system if it worked at all, so I'm not going to mess with Parrot any further.
> turn Trisquel into a non-free system
which we cannot have. You took a debian system and used trisquel in an attempt to turn debian into a free software system. Regarding parrotos the
task is to use trisquel to turn parrotos into a free software system. It appears there are two approaches.
Run the debian conversion to parrotos script on a trisquel computer. If that can be done, then identify non free parrotos software on trisquel and remove it. And making sure no non free parrotos software can get on the trisquel computer. Another approach would be editing the debian to parrotos conversion script such that no non free parrotos software gets on the trisquel computer in the first place.
>"Another approach would be editing the debian to parrotos conversion script such that no non free parrotos software gets on the trisquel computer in the first place.."
ParrotOS uses all of its own repos, including non-free and contrib, and removes access to the source distro repos. So you would have to somehow trick that conversion script into not using ParrotOS repos to overwrite the existing libre software, and only to add the few bits that are needed to get your Tor and security stuff running. That's beyond what I'm able to figure out.
The below is an apt pinning How-to I'm writing for myself. Feel free to correct me on anything I've stated incorrectly:
=================================================
When apt pinning, we have a simple statement of the package we want to pin, and its pin priority, like this:
Package: abrowser
Pin: release a=aramo-updates
Pin-Priority: 700
In this instance, the package 'abrowser' from the Trisquel 'aramo-updates' repo should be a high priority for installation ("700").
Our 'release' can be described many ways. One way to say "blacklist this package name, no matter what repository it shows up in" is like this:
Package: chromium
Pin: origin *
Pin-Priority: -1
The package 'chromium' from any repository ("origin *") should be given the lowest priority ("-1"). This will blacklist a package, so that apt is unable to install it.
There are other ways to describe the 'release', or the source of the package. We can find these out with the 'apt policy' command:
$ apt policy
Package files:
100 /var/lib/dpkg/status
release a=now
100 mirror://linux-libre.fsfla.org/pub/linux-libre/freesh/mirrors.txt freesh/main amd64 Packages
release o=jxself,a=stable,n=freesh,l=Trisquel,c=main,b=amd64
origin linux-libre.fsfla.org
700 http://archive.trisquel.org/trisquel aramo-backports/main amd64 Packages
release v=11.0,o=Trisquel,a=aramo-backports,n=aramo-backports,l=Trisquel,c=main,b=amd64
origin archive.trisquel.org
700 http://archive.trisquel.org/trisquel aramo-security/main amd64 Packages
release v=11.0,o=Trisquel,a=aramo-security,n=aramo-security,l=Trisquel,c=main,b=amd64
origin archive.trisquel.org
700 http://archive.trisquel.org/trisquel aramo-updates/main amd64 Packages
release v=11.0,o=Trisquel,a=aramo-updates,n=aramo-updates,l=Trisquel,c=main,b=amd64
origin archive.trisquel.org
700 http://archive.trisquel.org/trisquel aramo/main amd64 Packages
release v=11.0,o=Trisquel,a=aramo,n=aramo,l=Trisquel,c=main,b=amd64
origin archive.trisquel.org
500 http://security.debian.org/debian-security bookworm-security/main amd64 Packages
release v=12,o=Debian,a=stable-security,n=bookworm-security,l=Debian-Security,c=main,b=amd64
origin security.debian.org
500 http://deb.debian.org/debian bookworm-updates/main amd64 Packages
release v=12-updates,o=Debian,a=stable-updates,n=bookworm-updates,l=Debian,c=main,b=amd64
origin deb.debian.org
500 http://deb.debian.org/debian bookworm/main amd64 Packages
release v=12.8,o=Debian,a=stable,n=bookworm,l=Debian,c=main,b=amd64
origin deb.debian.org
This gives us a lot of attributes by which we can describe the source, or "release" of the package. For example, for linux-libre kernels, we have the following release attributes:
o=jxself
a=stable
n=freesh
l=Trisquel
c=main
b=amd64
We can use any of these release attributes to describe our source of our package for apt pinning.
The attributes for the main Trisquel repository are:
v=11.0
o=Trisquel
a=aramo
n=aramo
l=Trisquel
c=main
b=amd64
One problem I was having was how to only allow linux-libre kernels on Tris-bian. This is not easy with apt pinning if you want to pin the packages by name, because all kernels start with "linux-image...". For example, "linux-image-5.15.0-102-generic" is a Trisquel kernel, and "linux-image-6.1.0-12-amd64" is a Debian kernel. If I want to tell the system to only choose kernels from linux-libre, I can use the release attributes for jxself's repository, Trisquel's repository, and Debian's repository as follows:
Package: *linux-image*
Pin: release o=Debian
Pin-Priority: -1
Package: *linux-image*
Pin: release o=Trisquel
Pin-Priority: -1
Package: *linux-image*
Pin: release o=jxself
Pin-Priority: 700
I've told apt that any kernel from release with attribute "o=Debian" should be disregarded, any kernel from release with attribute "o=Trisquel" should be disregarded, and only kernels from release with attribute "o=jxself" should be installed. Now I have a system that will only try to install kernels from jxself's linux-libre repository and its mirrors.
Here's my current apt pinning file for Tris-bian (attached text file).
I'm now up to 446 Trisquel packages that are being used on Tris-bian (attached text file) and using the latest version of the linux-libre kernel (6.12.6-gnu), and it's still perfectly stable.
Attachment | Size |
---|---|
12-25-24 Tris-bian apt-pinning.txt | 2.09 KB |
12-24-24 Tris-bian list of installed Trisquel packages.txt | 32.49 KB |