BUG: Attempting to remove apg removes much of Zorin OS

APG:

Summary

Package: apg
Status: install ok installed
Priority: optional
Section: admin
Installed-Size: 134
Maintainer: Ubuntu Developers ubuntu-devel-discuss@lists.ubuntu.com
Architecture: amd64
Version: 2.2.3.dfsg.1-5
Depends: libc6 (>= 2.14)
Conffiles:
/etc/apg.conf 0ce80337a44589a92effbcde338f74e1
Description: Automated Password Generator - Standalone version
APG (Automated Password Generator) is the tool set for random
password generation. It generates some random words of required type
and prints them to standard output. This binary package contains only
the standalone version of apg.
Advantages:

  • Built-in ANSI X9.17 RNG (Random Number Generator)(CAST/SHA1)
  • Built-in password quality checking system (now it has support for Bloom
    filter for faster access)
  • Two Password Generation Algorithms:
    1. Pronounceable Password Generation Algorithm (according to NIST
      FIPS 181)
    2. Random Character Password Generation Algorithm with 35
      configurable modes of operation
  • Configurable password length parameters
  • Configurable amount of generated passwords
  • Ability to initialize RNG with user string
  • Support for /dev/random
  • Ability to crypt() generated passwords and print them as additional output.
  • Special parameters to use APG in script
  • Ability to log password generation requests for network version
  • Ability to control APG service access using tcpd
  • Ability to use password generation service from any type of box (Mac,
    WinXX, etc.) that connected to network
  • Ability to enforce remote users to use only allowed type of password
    generation
    The client/server version of apg has been deliberately omitted.
    .
    Please note that there are security flaws in pronounceable
    password generation schemes (see Ganesan / Davis "A New Attack on
    Random Pronounceable Password Generators", in "Proceedings of the 17th
    National Computer Security Conference (NCSC), Oct. 11-14, 1994
    (Volume 1)", Search | CSRC
    1994-17th-NCSC-proceedings-vol-1.pdf, pages 203-216)
    .
    Also note that the FIPS 181 standard from 1993 has been withdrawn by NIST in
    2015 with no superseding publication. This means that the document is
    considered by its publicher as obsolete and not been updated to reference
    current or revised voluntary industry standards, federal specifications, or
    federal data standards.
    .
    apg has not seen upstream attention since 2003, upstream is not
    answering e-mail, and the upstream web page does not look like it is
    in good working order. The Debian maintainer plans to discontinue apg
    maintenance as soon as an actually maintained software with a
    compariable feature set becomes available.
    Original-Maintainer: Marc Haber mh+debian-packages@zugschlus.de
    Homepage: http://www.adel.nursat.kz/apg/

sudo apt remove apg

Summary

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
cheese-common gnome-control-center-data gnome-control-center-faces gnome-online-accounts gstreamer1.0-clutter-3.0 libcheese-gtk25 libcheese8 libclutter-gst-3.0-0 libclutter-gtk-1.0-0
libcolord-gtk1 libgoa-backend-1.0-1 libhandy-1-0 libwhoopsie-preferences0 libwhoopsie0 mobile-broadband-provider-info network-manager-gnome python3-macaroonbakery python3-protobuf
python3-rfc3339 python3-tz whoopsie-preferences
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
apg gnome-control-center zorin-os-desktop
0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded.
After this operation, 5,630 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.

There are no dependencies upon apg which would warrant removal of all that stuff. Why is it trying to remove it? Some glitch when building the dependency tree?

You can check the dependencies using sudo apt depends apg. I'm looking into why apg would be so integrated into the system (my thoughts are security, but i want to confirm).

Same thing is happening with cheese-common:

Summary

Package: cheese-common
Status: install ok installed
Priority: optional
Section: gnome
Installed-Size: 868
Maintainer: Ubuntu Developers ubuntu-devel-discuss@lists.ubuntu.com
Architecture: all
Multi-Arch: foreign
Source: cheese
Version: 3.34.0-1ubuntu1
Depends: dconf-gsettings-backend | gsettings-backend
Description: Common files for the Cheese tool to take pictures and videos
A webcam application that supports image and video capture. Makes
it easy to take photos and videos of you, your friends, pets or whatever
you want. Allows you to apply fancy visual effects, fine-control image
settings and has features such as Multi-Burst mode, Countdown timer
for photos.
.
This package contains the common files and translations.
Original-Maintainer: Debian GNOME Maintainers pkg-gnome-maintainers@lists.alioth.debian.org
Homepage: Apps/Cheese - GNOME Wiki!

sudo apt remove cheese-common

Summary

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
apg gnome-control-center-data gnome-control-center-faces gnome-online-accounts gstreamer1.0-clutter-3.0 libclutter-gst-3.0-0 libclutter-gtk-1.0-0 libcolord-gtk1 libgoa-backend-1.0-1
libhandy-1-0 libwhoopsie-preferences0 libwhoopsie0 mobile-broadband-provider-info network-manager-gnome python3-macaroonbakery python3-protobuf python3-rfc3339 python3-tz whoopsie-preferences
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
cheese-common gnome-control-center libcheese-gtk25 libcheese8 zorin-os-desktop
0 upgraded, 0 newly installed, 5 to remove and 0 not upgraded.
After this operation, 6,616 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.

Cheese is already removed.

And the same for libcrack2:

Summary

Package: libcrack2
Status: install ok installed
Priority: optional
Section: libs
Installed-Size: 152
Maintainer: Ubuntu Developers ubuntu-devel-discuss@lists.ubuntu.com
Architecture: amd64
Multi-Arch: same
Source: cracklib2
Version: 2.9.6-3.2
Depends: libc6 (>= 2.14), zlib1g (>= 1:1.1.4)
Recommends: cracklib-runtime
Breaks: cracklib-runtime (<< 2.9.2-4)
Description: pro-active password checker library
Shared library for cracklib2 which contains a C function which may be
used in a passwd like program. The idea is simple: try to prevent
users from choosing passwords that could be guessed by crack by
filtering them out, at source. cracklib2 is NOT a replacement passwd
program. cracklib2 is a LIBRARY.
Original-Maintainer: Jan Dittberner jandd@debian.org
Homepage: GitHub - cracklib/cracklib: CrackLib Library and Dictionaries

sudo apt remove libcrack2

Summary

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
apg cheese-common gnome-control-center-data gnome-control-center-faces gnome-online-accounts gstreamer1.0-clutter-3.0 libcheese-gtk25 libcheese8 libclutter-gst-3.0-0 libclutter-gtk-1.0-0
libcolord-gtk1 libgoa-backend-1.0-1 libhandy-1-0 libpwquality-common libwhoopsie-preferences0 libwhoopsie0 mobile-broadband-provider-info network-manager-gnome python3-macaroonbakery
python3-protobuf python3-rfc3339 python3-tz whoopsie-preferences
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
gnome-control-center gnome-disk-utility libcrack2 libpwquality1 seahorse zorin-os-desktop
0 upgraded, 0 newly installed, 6 to remove and 0 not upgraded.
After this operation, 9,130 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.

Same thing is happening with bc... a calculator.

Summary

Package: bc
Status: install ok installed
Priority: standard
Section: math
Installed-Size: 226
Maintainer: Ubuntu Developers ubuntu-devel-discuss@lists.ubuntu.com
Architecture: amd64
Multi-Arch: foreign
Version: 1.07.1-2build1
Depends: libc6 (>= 2.14), libreadline8 (>= 6.0)
Description: GNU bc arbitrary precision calculator language
GNU bc is an interactive algebraic language with arbitrary precision which
follows the POSIX 1003.2 draft standard, with several extensions including
multi-character variable names, an `else' statement and full Boolean
expressions. GNU bc does not require the separate GNU dc program.
Original-Maintainer: Ryan Kavanagh rak@debian.org
Homepage: Index of /gnu/bc

sudo apt remove bc

Summary

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
cups-ipp-utils cups-server-common hplip-data libfontembed1 libgutenprint-common libgutenprint9 libimagequant0 liblouis-data liblouis20 liblouisutdml-bin liblouisutdml-data liblouisutdml9
libpoppler-cpp0v5 libqpdf26 libsane-hpaio python3-olefile python3-pil python3-renderpm python3-reportlab python3-reportlab-accel ssl-cert
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
foomatic-filters libpaps0 paps
The following packages will be REMOVED:
bc bluez-cups cups cups-browsed cups-core-drivers cups-daemon cups-filters cups-filters-core-drivers hplip printer-driver-gutenprint printer-driver-hpcups printer-driver-pxljr
printer-driver-splix zorin-os-desktop
The following NEW packages will be installed:
foomatic-filters libpaps0 paps
0 upgraded, 3 newly installed, 14 to remove and 0 not upgraded.
Need to get 109 kB of archives.
After this operation, 9,309 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.

Why would removing a calculator make apt want to remove zorin-os-desktop, and if removing it also makes apt want to remove massive portions of the Zorin OS, why isn't it marked essential?

I think the code has confused dependency and reverse-dependency, and is attempting to uninstall packages upon which apg, for example, depends, but which do not depend upon apg.

sudo apt install apt-rdepends

sudo apt-rdepends -r apg
Reading package lists... Done
Building dependency tree       
Reading state information... Done
apg
  Reverse Depends: cinnamon-control-center (4.4.0-2)
  Reverse Depends: gnome-control-center (1:3.36.5-0ubuntu4)
  Reverse Depends: pasaffe (0.56-0ubuntu1)
  Reverse Depends: unity-control-center (15.04.0+19.10.20190921-0ubuntu3)
cinnamon-control-center
  Reverse Depends: cinnamon (>= 4.4.8-4)
  Reverse Depends: cinnamon-control-center-goa (= 4.4.0-2)
  Reverse Depends: cinnamon-core (>= 4.5+really4.4.1)
cinnamon
  Reverse Depends: cinnamon-core (>= 4.5+really4.4.1)
cinnamon-core
  Reverse Depends: cinnamon-desktop-environment (>= 4.5+really4.4.1)
cinnamon-desktop-environment
cinnamon-control-center-goa
gnome-control-center
  Reverse Depends: budgie-desktop (10.5.1-6)
  Reverse Depends: gnome-core (>= 1:3.30+2)
  Reverse Depends: indicator-bluetooth (0.0.6+17.10.20170605-0ubuntu3)
  Reverse Depends: ubuntu-budgie-desktop (0.65)
  Reverse Depends: ubuntu-desktop (1.450)
  Reverse Depends: ubuntu-desktop-minimal (1.450)
  Reverse Depends: vanilla-gnome-desktop (0.87)
  Reverse Depends: zorin-os-desktop (1.5.14)
budgie-desktop
  Reverse Depends: budgie-desktop-environment (>= 0.13.7)
  Reverse Depends: gnome-remote-desktop (>= 0.1.9-5+zorin1)
budgie-desktop-environment
gnome-remote-desktop
gnome-core
  Reverse Depends: gnome (= 1:3.30+2)
gnome
indicator-bluetooth
  Reverse Depends: unity-control-center (15.04.0+19.10.20190921-0ubuntu3)
unity-control-center
  Reverse Depends: indicator-bluetooth (0.0.6+17.10.20170605-0ubuntu3)
  Reverse Depends: ubuntu-unity-desktop (0.2)
ubuntu-unity-desktop
ubuntu-budgie-desktop
ubuntu-desktop
  Reverse Depends: ubuntu-gnome-desktop (0.87)
ubuntu-gnome-desktop
ubuntu-desktop-minimal
  Reverse Depends: ubuntu-desktop (1.450.2)
vanilla-gnome-desktop
zorin-os-desktop
pasaffe
sudo apt-rdepends -r zorin-os-desktop
Reading package lists... Done
Building dependency tree       
Reading state information... Done
zorin-os-desktop

You'll note that zorin-os-desktop has no dependency upon apg.

[EDIT]
Ah... gnome-control-center is dependent upon apg, and zorin-os-desktop is dependent upon gnome-control-center. Now the question is: Why is gnome-control-center dependent upon apg? It's just a random password generator. Why is it buried so deeply in the OS, and how do we remove it?

You could remove it, then reinstall gnome-control-center and zorin-os-desktop. It may not depend on apg, but apg does depend on them. So you're command would be sudo apt remove apg && sudo apt install gnome-control-center zorin-os-desktop. That would remove what you don't want and keep what you do.

No, it gets reinstalled with gnome-control-center.

This entire hierarchical dependency setup is inherently flawed... the more one gets toward the base installation, the more one is dependent upon those who made those base installation files to have made good decisions as to what was and was not a dependency... and uninstalling something as innocuous as a calculator or random password generator which you never use suddenly blows up your entire installation. Or removing a font suddenly causes your BlueTooth to stop working.


It'd be great if the system notified you about what functionality will be lost with the deinstallation of any given package, but allowed you to uninstall it without ripping out huge chunks of the OS (the packages that rely upon the removed package would just lose the functionality that removed package provided)... some sort of control panel with the packages grouped by functionality... you'd slide a 5-position slider:

  1. Enable
  2. Disable
  3. Disable and deinstall
  4. Disable, deinstall and purge
  5. Disable, deinstall, purge and remove from list of packages (critical system files would have this option disabled, so no matter what, they can be reinstalled)

... for 2), 3), 4) and 5), it'd pop up a dialog "You'll lose x,y,z functionality in a,b,c packages with this action.", then it disables, disables and deinstalls, or disables and deinstalls and purges the package. Sliding the slider back to 'Enable' would install / enable the package with the usual dialog notifying of dependencies that need to be satisfied, supplemented with the functionality gained by doing the installation.

Of course, for essential system packages, it'd give stern warnings and offer alternative packages, and possibly prevent you rebooting (if that removed package will prevent a clean boot) until a suitable alternative package is installed.