torsdag den 19. marts 2020 kl. 17.26.29 UTC+1 skrev Sven Semmler: > > On Thu, Mar 19, 2020 at 02:18:55AM -0700, 'M' via qubes-users wrote: > > Ok, I'll try to make a Fedora multimedia template and see how that > works... > > > > According to the following webpage, the advice is to clone a > preinstalled > > template: https://www.qubes-os.org/doc/multimedia/ > > > > 1) Can I just clone the fedora-30 template and set networking in the > new > > template to the sys-firewall, or would that compromise the security of > > Qubes OS ? > > TemplateVMs do not require networking to install software. Qubes > implements an UpdateProxy in your sys-firewall and all TemplateVMs know > how to connect to it to retrieve updates without having an explicit > network interface. > > The idea is to NEVER give a TemplateVM network access to prevent > accidential contamination. Only legit update/install traffic will go > over the dedicated UpdateProxy. > > > If the last is true: How shall I instead make a new Fedora > template, > > and install the applications I want in it ? > > Just try: > > - qvm-clone fedora-30 fedora-30-multimedia > - qvm-run -a fedora-30-multimedia xterm > - in Xterm: sudo dnf update > > It'll work without network interface. > > > 2) Shall networking in all templates be set to none as default, and is > it > > necessary to change this when installing new plugins for multimedia > manager > > applications which the user would like stayed installed after the VM is > > restarted ? > > The other basic idea of Qubes is to install but never run any > applications in the TemplateVM. So after you cloned the TemplateVM and > installed software via 'sudo dnf install' shut it down and create an > AppVM based on the template: > > qvm-create --template fedora-30-multimedia --label red multimedia > qvm-run -a multimedia xterm > > ... then in XTerm launch your applications and try them. > > /Sven > > -- > public key: https://www.svensemmler.org/0x8F541FB6.asc > fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 > >
Thank you for the answers, which is very nice to know. And I got two new questions for you - just jump to the end of this message, as you don't have to read the following. *Info only to those who would read this thread in order to setup a multimedia VM in Qubes OS 4.0.3 them self:* When trying to install the applications in a Fedora 30 template, I ran into the same problems as with the Debian 10 template: All the versions of the applications are several years old. And as the Musique player package is a .deb-file, it only seems to work with Debian. I have therefore gone back to Debian. To install the 3.4.4-2 version of Rhythmbox, it is needed to either wait for the Debian template in Qubes gets updated to Bullseye or download the Bullseye template that Unman has created and made possible for download here; https://qubes.3isec.org/Templates_4.0/ , or create it yourself following this guide: https://www.qubes-os.org/doc/building-non-fedora-template/ *How to install a .deb file in the multimedia template VM ?* If there isn't any other more secure way to get a .deb file downloaded from a web-page/server and get it into a template VM, here is a way to do it: 1) Copy the trusted download-link for the .deb-file from the Firefox browser in another AppVM. 2) Open the "Qube Settings" for the multimedia template VM, and change networking to the sys-firewall. Click on "Apply" and "Ok". 3) Open the Firefox browser in the multimedia template VM and paste the download-link in the html line and press ENTER. Now the file should be downloaded to the Download folder in the multimedia template VM. For security reasons, do not use the browser to other things. 4) When the file has been downloaded: Open the "Qube Settings" again for the multimedia template VM, and change networking to the default none. 5) Open the terminal in the multimedia template VM, and execute these commands: a) cd Downloads b) sudo dpkg -i filename.deb c) In case you get any dependency errors: sudo apt-get install -f d) In case you would like to remove the package again: sudo dpkg -r teamviewer To also remove the configuration files, write "--purge" instead of "-r". *New questions* 1) Is there a more secure way to get a .deb file downloaded from a web-page/server and get it into a template VM than the method I have described above under "How to install a .deb file in the multimedia template VM ?", and if so how ? 2) When installing new applications or replacing an application in a template, is it then necessary to delete the VM's that is based on this template to get the changes implemented in the AppVM's, or can they be implemented in a smarter way ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ce02cf0-d154-44c0-b87b-f85fc41ff0a4%40googlegroups.com.
