-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, Nov 18, 2016 at 01:46:26PM +0100, [email protected] wrote: > Hi, > > I am planning to setup my templates with salt. I have done some preparation > some time ago but not with the Fedora 24 templates I thought it was time to > do it properly. > > One of the issues is that the minimal template can not use salt by default > afaik but needs the package "qubes-mgmt-salt" which needs to be installed > manually.
If you want to manage it from dom0, using qubesctl wrapper tool, you don't need salt installed in target template at all. See here: https://www.qubes-os.org/doc/salt/ > When I try to do this on the Fedora 24 minimal template I get a conflict > between the packages qubes-mgmt-salt-config and salt-minion. The conflicting > files are /etc/salt and /etc/salt/minion.d. Is this known or is there a > workaround for it besides forcing the installation? As noted above - you don't need qubes-mgmt-salt-config installed. Neither salt-minion. The only think you need, is qubes-mgmt-salt-vm-connector in your _default_ template. > In general it would be great if you would use salt to setup the templates, > at least optionally, because then it is more transparent what is in them, > you do not need more disk space on the dvd and users can easily customize > them. This would also allow users to not backup the templates which in my > case would save almost 10 GB. Part of it makes sense. Especially managing templates to save on backup space. This also makes it easier to migrate to new template, or recreate it for whatever reason. I think the only currently missing piece is more documentation on it. But it isn't possible to directly create new template using salt - you need something to boot in the VM first to run salt-minion there... Also it won't save much space on DVD, as we don't want to depend on internet access during installation. > The Fedora standard image has way to many packages and also has > gstreamer-plugins-bad installed which provides atm a known remotely > exploitable security hole, at least when Chromium is used. Standard templates are mostly default installation of given distribution - - in case of Fedora - it's Fedora Workstation. With actually some stuff excluded (like libreoffice, evolution) to make it smaller than the default... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYO5HxAAoJENuP0xzK19cs8EcH/190Rjv99S9PnX88PCyrV0k5 iKxyGuAXxLi/6uXsIgTRCcnVw2QpxIK6Ih5cl05yARqELsYGLbcUUNqObOoKqnbC DCIkpQtHZOFsIylmDIENDHKhievUTZpTLw2IV7OiBL/f5MXyasL8JPDXGGGjq4kQ osGjYEoFmwBUTFTbBWrcsW7/b4Wl0nHqOe1a+Vxcg9A+zhwxwbk7fKxcHLyx3327 Rq7h0Vl7sfkr9u8nWr7Ptwcf8jHR7Agsmlh2F5oR83CWHNe0viuv+gzo+U1YKn8N fEH4BxxVANtBS3dhnYL3nG43TZKxg4l05UHyt1m2+kUmhhNj21LVuydGXVc87gE= =G4Au -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161128020953.GZ1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
