outdoorac...@gmail.com:
I've just installed Qubes OS 4.0 on my old laptop to get the hang of it before I (hopefully) make my leap over from Windows! I wanted to install some new software in the personal and work domains so I went to the "Qubes Menu -> Template: fedora-26 -> fedora-26: Software" and clicked the Install button for an app however it only ever displayed pending. I opened up the Qubes Manager and noticed that no NetVM was assigned to any of the templates. I opened the settings and assigned it sys-firewall which then allowed me to install programs. On the https://www.qubes-os.org/doc/software-update-vm/ page under "Notes on trusting your TemplateVM(s)" heading it says: "Only install packages from trusted sources – e.g. from the pre-configured Fedora repositories. All those packages are signed by Fedora, and we expect that at least the package’s installation scripts are not malicious. This is enforced by default (at the firewall VM level), by not allowing any networking connectivity in the default template VM, except for access to the Fedora repos." This no longer seems the case in Qubes OS 4.0 - no NetVM is attached to the TemplateVMs and no default firewall rules. Okay, onto the questions: 1) Have these defaults been missed out from the Qubes OS 4.0 install? 2) Or is the documentation out of date and it's now recommended to do something else? 3) How should I go about installing/updating apps in the TemplateVMs? 3a) permanently attach sys-firewall and create firewall rules to only allow trusted repos as the docs currently suggest 3b) or only attach sys-firewall when updating/installing and disconnect afterwards?
The docs are right, but what they mean is that you can't use the "Software" application to install apps in templates. You should leave NetVM on (none) on the templates and instead use dnf on Fedora or apt on Debian.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a2ebe44a-2c41-3536-e2ca-0e57d09a22d5%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
