60

I know I can check the currently installed non-free software with the following command (assuming aptitude is FOSS):

aptitude search '?installed (?section(restricted) | ?section(multiverse))'

And I can remove the "restricted" and "multiverse" sources (and not add any PPA's) to keep that list empty. I'm assuming from this point, whenever I apt install something, that something is either in the allowed sources or it is not found.

Is this enough? Does this make sure all software I'm running (in Ubuntu) is open-source?

Fabby
  • 34,259
Public Void
  • 711

2 Answers2

112

vrms (Virtual Richard M. Stallman) to the rescue:
Virtual Richard M. Stallman 

sudo apt install vrms
vrms

and you'll get something like:

      Non-free packages installed on computer-name

app-shortname1                    Application long name 1
app-shortname2                    Application long name 2
app-shortname3                    Application long name 3

       Contrib packages installed on computer-name

app-contrib1                      Application Contrib Name 1

  3 non-free packages, 0.4% of 2381 installed packages.
  1 contrib packages, 0.1% of 2381 installed packages.

that will ensure you do / do not have any proprietary software installed.

Note: CPU firmware patches are non-free but absolutely needed to protect you from some processor flaws and their ilks, so don't go overboard! ;-)

Fabby
  • 34,259
  • Thanks and (currently non-public) +1 to both answers. -Why- aren't there free alternatives to such firmware patches? – Public Void Nov 17 '18 at 18:56
  • 14
    Intel's Intellectual property: CPUs are still closed source except RISC-V. @PublicVoid and as you're a new user: If one of the answers solved your problem, don't forget to click the grey at the left of its text, which means Yes, this answer is the most useful of all! ;-) – Fabby Nov 17 '18 at 19:01
  • Yeah, sorry I was reading about RISC-V. Don't want to make another question into this but it would be very nice if you could explain a bit more, like can RISC-V be used with Intel CPU's, Ubuntu/Linux and will it be resistant to currently known attacks? – Public Void Nov 17 '18 at 19:09
  • 7
    No, you'd have to buy an entire new computer with another CPU and supporting chipsets: it would not be an Intel system any more. Give it a few more years until someone in Taiwan starts building Risc-V processors for a rock bottom price @PublicVoid – Fabby Nov 17 '18 at 19:16
  • 1
    @PublicVoid Microcode patches don't contain the full microcode. They just contain enough code to fix a few bugs, the rest of the microcode will still be running the version that is hardwired in the CPU. As far as I know CPUs don't even have enough space for dynamically updated microcode to contain the full microcode. – kasperd Nov 17 '18 at 23:06
  • 3
    Hi! Could you explain what *contrib" means? Is a contrib package not open source? – Matt Ellen Nov 18 '18 at 01:11
  • 2
    CPU firmware patches do not protect you from Spectre. They might protect you from Meltdown, but so can/does PTI which the kernel will enable if the CPU firmware is not patched. – R.. GitHub STOP HELPING ICE Nov 18 '18 at 03:22
  • 1
    @MattEllen That might be something you want to either do a web search on or ask on this very site! (Short version: 'contrib' is generally software which is itself free but is intended to be used along with non-free/proprietary software or software which otherwise cannot/will not be packaged in Ubuntu.) – fluffy Nov 18 '18 at 04:22
  • @R.. Thanks for the comment. Amended. (I couldn't remember which it protected from and was too lazy to look it up at the time. ;-) ) Made it more generic to be future-proof. – Fabby Nov 18 '18 at 08:44
  • 3
    @Fabby: Not just future. Skylake has had at least 1 correctness problem before Meltdown/Spectre that required a microcode update to fix. (Disabling the use of the IDQ as a 64-entry loop buffer (LSD = Loop Stream Detector) because of rare corner cases with inserting (or failing to insert) merging uops for partial registers. Erratum SKL150. See https://hothardware.com/news/critical-flaw-in-intel-skylake-and-kaby-lake-hyperthreading-discovered-requiring-bios-microcode-fix. See also some low-level microbenchmarks / perf-counter results before the fix – Peter Cordes Nov 18 '18 at 13:06
  • @PeterCordes :D Yes, I was wrong. (Reference to your avatar) ;-) – Fabby Nov 18 '18 at 13:13
  • @Fabby Did you say “intellectual property”? It’s a seductive mirage. – Wildcard Nov 18 '18 at 15:30
  • What's Reason: modifications problematic in vrms output? – cat Nov 18 '18 at 15:34
  • @cat That would be a new question – Fabby Nov 18 '18 at 15:46
  • 9
    I ran vrms and it failed to report Chrome, among others. So, it's not entirely reliable. – Paddy Landau Nov 20 '18 at 09:37
  • Does V.R.M.S report non-free snap packages, Flatpaks, or AppImages in addition to non-free dpkgs/debs and rpms? – P Varga May 15 '22 at 02:17
50

If you're keen on having only Free Software (although you used the term Open Source) on your computer, you may want to consider installing Ubuntu with the "Free Software Only" option. You can find out more over at this question.

Free software only option

popey
  • 23,667