Keeping out the `/dev/` tree is done when tarring things up so that
the `bootstrap.sh` script will have access to devices at run-time.
This approach also protects against removing devices that have been
mounted into the chroot, if any (e.g. devpts).
This marks all packages installed by `debootstrap` as automatic and
sets up policy for pruning purposes before purging unneeded ones.
The devuan-keyring is explicitly kept.
Removal of the package index files, aka lists, is something that needs
to be done explicitly. Doing so at `APT::Update::Post-Invoke` defeats
the purpose of running `apt-get update` in the first place.
This integrates a custom script into the APT configuration. That same
script is also run during the bootstrap. A second custom script takes
care of the integration and removes itself when done.
Complements 13f84159.
Olaf Meeuwissen