On 3/4/19 7:03 AM, brendan.h...@gmail.com wrote:
My recommendations, incorporating some other previous recommendations.
0) After install, clone the baseline templates, then re-point all the
non-standalone VMs to the clones. Update the clones regularly. This avoids the
catch-22 of having your network broken on all your templates. If a clone
breaks, you can easily remove it, reclone the baseline, and update the new
clone to where you need it sans the breaking package(s).*
I have not seen many (if any) cases of people ruining all their working
templates. So I would only follow this advice if I intended to use only
one template on my systems.
Otherwise, it may be better to simply use the Qubes-installed templates
normally, and make a temporary clone when experimenting.
The reasons are that most users have more than one template anyway,
Qubes can often revert template changes (i.e. remove the bad update),
keeping non-updated templates can be a security liability, updating the
extra templates is a burden, and they eventually eat disk space. Also,
if worse comes to worse somehow, then a template rpm can be taken from
the Qubes install media, etc. and that can be used to download a
_current_ version of your preferred template(s).
-
Its also worth noting that if you really want to keep template clones
around, there are a couple ways to do it that don't populate VM menus
and lists: One way is to snapshot the template -root volume, and another
is to simply backup the template VM.
4) Keep a list of all modifications you have made to each template, any
standalone VMs or to dom0 in your vault or in online storage: e.g. all
rpms/debs added to baseline template, kernal version or option changes,
pulled/built packages, configuration changes, etc. This will reduce your
annoyance level when you decided to/are forced to rebuild the system from
installation media and new templates and keep finding gaps when you are
attempting to work.
IMO this should be #1, because consistency matters a great deal esp.
when modifications have some impact on security. Re-doing customizations
based on memory is for the birds, and its not hard to remember to write
something down when changing a template or dom0.
6) Update dom0 sparingly, only after making backups, only as needed. There are
no templates to save you.
You can also take this a step further and make a snapshot of the dom0
root volume before updating. With the default Qubes config this is a
quick process and means using 'lvcreate --snapshot' on the
qubes_dom0/root volume. For completeness, a copy of /boot and boot
sector should also be made just before the snapshot.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/31b9043b-248d-59f6-b5ad-63acf5dc9ccd%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
