Re: [qubes-users] Update templates in parallel

Mon, 03 Aug 2020 03:36:34 -0700 

On 8/3/20 4:11 AM, fiftyfourthparal...@gmail.com wrote:



On Sunday, 2 August 2020 22:42:31 UTC+8, Chris Laprise wrote:

    You can check out my github for some interesting stuff. The
    'Qubes-scripts' project has a (serial) template updater that lets you
    select by certain criteria. It could be parallelized pretty easily.

    [...]

    Finally, there is a VPN tool and one to enhance VM internal security.


    -- 
    Chris Laprise, tas...@posteo.net

    https://github.com/tasket
    https://twitter.com/ttaskett
    PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886



I tested your halt-vm-by-window and system-stats-xen and found them very 
useful. I also tried your qubes4-multi-update but ran into three issues: 
one is that it relies on curl, which my Fedora minimal wasn't happy 
about; another is that it [Y/n] prompts me for upgrades, which it 
shouldn't do, according to the script; the last is that it attempts to 
update mirage firewall standalones and when it fails, the whole process 
stops.



'curl' would only be used in a Whonix template. This is to signal Qubes' 
proxy to start the Tor-based updateVM as soon as possible. It should not 
try to run curl in a Fedora or regular Debian template.



To suppress interactive prompts, you need to run the script with '-u' or 
'--unattended'.





Your Qubes-VM-Hardening tool was one of the first things installed into 
my first Qubes, but I'm still not very familiar with how it works. I 
think vm-boot-protect might be blocking me from adding a .desktop file 
into ~/.config/autostart, as Steve suggested (Steve: does this need to 
be done in templates? If done in an appVM, wouldn't it get purged upon 
restart?).



Yes, vm-boot-protect does lock down that dir, along with other startup 
files and dirs in /home. The way it does this is with the 'immutable' 
flag. To change it (re)start the VM and do:


sudo chattr -i -R .config/autostart


Then change what you need to in that path and restart the VM. During the 
startup process the dir and its contents will be automatically made 
immutable again.






Anyways, your tools are very convnient and I think they should be more 
widely known, if not integrated into Qubes proper. Thank you



--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d52604db-0419-6ba0-5222-1f41e528ce74%40posteo.net.






















					Reply via email to