They are all installed with executable permissions in the root file
system so there is no need to have them on the scripts in that are
kept in the repository.
Keeping out the `/dev/` tree is done when tarring things up so that
the `bootstrap.sh` script will have access to devices at run-time.
This approach also protects against removing devices that have been
mounted into the chroot, if any (e.g. devpts).
This marks all packages installed by `debootstrap` as automatic and
sets up policy for pruning purposes before purging unneeded ones.
The devuan-keyring is explicitly kept.
Removal of the package index files, aka lists, is something that needs
to be done explicitly. Doing so at `APT::Update::Post-Invoke` defeats
the purpose of running `apt-get update` in the first place.
This integrates a custom script into the APT configuration. That same
script is also run during the bootstrap. A second custom script takes
care of the integration and removes itself when done.
Complements 13f84159.
Olaf Meeuwissen