On Fri, Mar 22, 2019 at 06:07:38AM -0700, 22...@tutamail.com wrote: > Steven, > I am going to assume you have created an AppVM i.e. a Qube based on a > Template (vs a Stand alone VM). In this scenario you would install any > software into the template. > > Instructions: > 1) I would suggest you clone your Fedora-29 template so you have a clean > template. This is key as installing any 3rd party software is a > security/privacy risk, if you screw up you can delete the clone and make a > new one from the original trusted/clean template. You do this via a GUI by > going to Qubes icon on the top left -> System tools -> Qubes Manager -> > Highlight Template in Qubes Manager -> Right click on template -> Clone Qube > > 2) You will need to temporarily allow access to this template to the net. In > Qubes Manager highlight cloned template -> right click -> Qubes Settings -> > Basic tab -> Networking drop down -> Allow access to your Firewall Qube (Make > very sure to return it to "None" when you have finished installing your > software > > 3) Install your software into the clone. Qubes icon on the top left -> Go to > your cloned template -> Terminal -> enter the install terminal commands, the > commands to install libreoffice are: > > sudo dnf install libreoffice > > 4) Shutdown template, change network setting back to "None" on the template, > then create your AppVM. You should now see your new software. > > Debian and whonix have slightly different commands in the terminal but the > logic is the same. > > Some additional best practices include: > * Never install anything into Dom0 > * Check the keys to make sure your software is verified > * Minimize the software you install, make multiple cloned templates and > install only the essential software you need. i.e. I have some templates that > include libreoffice, Nano, VPN stuff and 1 template that has all > * Not sure but I don't think your software will update in the template, you > might have to periodically re-create the template/software. > > Totally open to feedback and criticism if this direction is wrong or needs > clarification... > > Good luck and welocme to Qubes. >
The suggestion in (2) is wrong. There are very few situations where you will need to enable networking in a template , and you should resist this as much as you can. haaber has already pointed you to the documentation. Templates use qubes-rpc to connect to a proxy instead of using networking. This means that you can use standard package management like dnf and apt without linking the template to the network. I'm not a fedora person, but in Debian the advice is generally that you should use packages, rather than compiling software yourself. If the software you want isn't packaged, then generally you should download the source , verify it by whatever means are available, and then qvm-copy it to the template where you can compile and install. The advice re cloning the template is sensible: some users don't like multiple templates. If you do use them then I recommend using a caching proxy instead of the standard Qubes proxy. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190323020938.vgteqgiugcvhizj3%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
