On Monday, April 8, 2019 at 2:20:28 AM UTC+1, haaber wrote: > > On Sunday, April 7, 2019 at 6:06:13 AM UTC+1, haaber wrote: > >> Hey Thomas, > >> > >> I are right, it that was definitely better to put the FAQ on the site > >> (and this list). I did set up a standalone debian-10 to build, and the > >> process went through smoothly. Thank you. The 'but' comes now: BUT, in > >> the end the checksum fails! > > > > Did you use Docker to build it in your standalone qube? It should match if > > so. If not, it's unlikely to match because you're probably building against > > different library versions. > > OK that is a convincing argument for docker. So: I did it, actually > three times, more and more frustrated. First in my "failed" template, > then after having wiped old build remainders, then, to be sure, in a > brand new debian-10. I did (and only did(!), since it was a brand new > template) > > sudo apt-get install docker docker.io > git clone https://github.com/mirage/qubes-mirage-firewall.git > cd qubes-mirage-firewall > su > bash -x ./build-with-docker.sh > > > This fails, reproducibly over two days and several templates. Here is > the output (sorry, a few lines) [...] > fatal: Unable to look up github.com (port 9418) (Temporary failure in > name resolution)
I believe that the Qubes sys-firewall by default prevents template VMs from connecting to anything except their package repositories. It's OK to install Docker in a template VM if you want, but everything else should be done in an AppVM. I've added more details at https://github.com/mirage/qubes-mirage-firewall/pull/51/files I tested this with Debian 9, but I assume it would work the same on Debian 10. By the way, while testing it I found one case where the hash can change even with Docker, and proposed a fix for that at https://github.com/mirage/qubes-mirage-firewall/pull/52 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f7d1494e-aea5-4ba1-883c-6fc805f71af0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
