[Whonix-devel] disabling apt-timer, sudo systemctl mask apt-timer sane?

Mon Feb 6 20:09:00 CET 2017

bancfc at openmailbox.org:
> On 2017-02-06 14:20, Patrick Schleizer wrote:
>> Is it an okay idea to disable apt-timer? I.e. 'sudo systemctl mask
>> apt-timer'? Or is there some adverse effect?
> 
> Replying just to whonix-devel. It would be great to standardize
> overriding/disabling unsafe daemons that are shipped enabled so that
> these improvements can be applied on Debian hosts at some point and to
> simplify doing this in the future when new mal features come up.

Disabling daemons is quite convenient with systemd. Easy to do as a
distribution in a clean way.

Have some file.

/lib/systemd/system/systemd-unit-name.service.d/some-digit_some-useful-name.conf

Contents:

[Unit]
ConditionPathExists=!/path/to/some/file

i.e. if that file exists, the '!' results ConditionPathExists to be
false. That results in the daemon not being started.

For example we disable systemd-timesyncd. That unit file is where it
belongs, here:
/lib/systemd/system/systemd-timesyncd.service

To do this we are shipping the following systemd drop-in snippet, which
is just a text file:
/lib/systemd/system/systemd-timesyncd.service.d/40_sdwdate.conf

Contents:

[Unit]
ConditionPathExists=!/usr/lib/sdwdate

As long as /usr/lib/sdwdate exists, systemd-timesyncd won't start.

Even works for eventual legacy sysvinit scripts, I think.

Is this what you meant? What do you mean by standardize? systemd makes
disabling systemd unit files as simple and repetitive as it can get.

Also https://github.com/Whonix/pkg-manager-no-autoupdate is
'standardized'? I see no reason why it wouldn't work on any Debian host.
That package is so simple, I would really wonder if it did not work. One
could add Whonix repository to a Debian host and 'sudo apt-get install
pkg-manager-no-autoupdate', done. It's just not maintained. The
definition of maintainer in this context is this one:
https://www.whonix.org/wiki/Contribute#Maintainer