diff --git a/Makefile b/Makefile index 25e3173..e1fd207 100644 --- a/Makefile +++ b/Makefile @@ -303,6 +303,7 @@ install-deb: install-common install-systemd install-systemd-dropins sed -e "s/@DIST@/`lsb_release -cs`/" misc/qubes-r3.list.in > $(DESTDIR)/etc/apt/sources.list.d/qubes-r3.list install -D -m 644 misc/qubes-archive-keyring.gpg $(DESTDIR)/etc/apt/trusted.gpg.d/qubes-archive-keyring.gpg install -D -m 644 network/00notify-hook $(DESTDIR)/etc/apt/apt.conf.d/00notify-hook + install -D -m 0644 misc/apt-conf-70no-unattended $(DESTDIR)/etc/apt/apt.conf.d/70no-unattended install -d $(DESTDIR)/etc/sysctl.d install -m 644 network/80-qubes.conf $(DESTDIR)/etc/sysctl.d/ install -D -m 644 misc/profile.d_qt_x11_no_mitshm.sh $(DESTDIR)/etc/profile.d/qt_x11_no_mitshm.sh diff --git a/misc/apt-conf-70no-unattended b/misc/apt-conf-70no-unattended new file mode 100644 index 0000000..7130413 --- /dev/null +++ b/misc/apt-conf-70no-unattended @@ -0,0 +1,26 @@ +## Based on pkg-manager-no-autoupdate by Patrick Schleizer +## https://github.com/Whonix/pkg-manager-no-autoupdate + +## Disable automatic update check APT::Periodic::Update-Package-Lists +## which is the Debian default in /etc/apt/apt.conf.d/10periodic. +## +## The execution time would be too predictable, thus make us fingerprintable. +## +## 20noperiodic comes after 10periodic in alphabet so it takes precedence. +## +## Quoted from the Debian Handbook +## http://debian-handbook.info/browse/wheezy/sect.apt-get.html +## +## "[...] Each directory represents a configuration file which is split over multiple +## files. In this sense, all of the files in /etc/apt/apt.conf.d/ are instructions +## for the configuration of APT. APT includes them in alphabetical order, so that the +## last ones can modify a configuration element defined in one of the first ones. [...] +## +## That changes take effect can be verified using: +## apt-config dump + +APT::Periodic::Update-Package-Lists "0"; +APT::Periodic::Download-Upgradeable-Packages "0"; +APT::Periodic::AutocleanInterval "0"; +APT::Periodic::Unattended-Upgrade "0"; +APT::Periodic::Enable "0";