Re: [qubes-users] howto add untrusted repository to appVM (without using seperate template)
On 08/07/2016 07:22 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Aug 06, 2016 at 06:36:10PM -0700, Andrew David Wong wrote: On 2016-08-06 18:05, emilcronja...@gmail.com wrote: Hi there, How do I add an outside/untrusted repository to an app-vm based on the standard template, *without* changing the whole template? And/or how do I, after succeding, install a program from the outside source in the appVM and make the program survive reboot? I guess this is a general question, although my problem is concerned with the VoIP-program Jtisi: they are not included in neither Fedora or Debian repos, and I would not like to add their "untrusted" repo only to the appVM wich would actually run the program. (I know I could create a standalone VM, but I prefer not to use 3 GB of space to run just one program :)). SO: How to solve this? (Without jepoardizing my template-VM) Best regards, E PS: Why oh why is there no voip-client with zrtp-support in the fedora/debian repos?! You could do this by installing the program to some place in the AppVM that survives reboot (e.g., the AppVM's home/ directory). Besides that, I can't think of any way to satisfy all of your desiderata simultaneously. (You could clone the TemplateVM, but you said you didn't want to create a StandaloneVM because it would take up too much disk space, and a cloned TemplateVM would take up roughly the same amount.) I have similar problem with spotify - I don't want to include it in any of my standard template, but on the other hand, I don't want to waste disk space just for one VM. So I ended up with installing it at each VM startup. Using this script: #!/bin/sh # 1. Add the Spotify repository signing key to be able to verify # downloaded packages sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886 # 2. Add the Spotify repository echo deb http://repository.spotify.com stable non-free | sudo tee /etc/apt/sources.list.d/spotify.list # 3. Update list of available packages sudo apt-get update # 4. Install Spotify sudo apt-get -y install spotify-client xdg-utils libxss1 zenity Since I don't restart this VM that often, I call this script manually, just before starting spotify client itself (shell command history is useful ;) ). But is should be enough to put it into /rw/config/rc.local. Downsides: - it downloads the packages each time; not a big problem for me, but can be for others - there is no spotify entry in the menu (needs to be started from terminal) First issue could be fixed by downloading deb files (apt-get -d) and then installing them from a local directory (dpkg -i /rw/debs/*.deb). But it will not automatically download new version. The second issue can be fixed by creating the entry manually. - -- I just wanted to point out a qualitative difference between Jitsi and Spotify: The former is used as a trusted component to protect the users' privacy and probably security. Although that depends on how you're going to use Jitsi, the question is posed in a way that suggests the app would be used to maintain privacy. So the relevant questions are: 1) Is the Jitsi repo signed, and if so... 2) How much do you trust the developers? If you trust them to keep your communications private, you might also trust them enough to add their repo to one or more templates. You could also look for a "portable" version of the app; Such versions don't require standard installation procedures and usually run from whatever folder you place them in. Although Tor Browser is a portable app from the start, for example, there are many examples of apps that have been converted to portable, including Jitsi (for Windows): https://sourceforge.net/projects/jitsiportable/ I wish Ring.cx had a portable version, too, as that app shows a lot of promise... https://ring.cx BTW, you can also just create a standalone appvm and add the Jitsi repo to that. PS: Why oh why is there no voip-client with zrtp-support in the fedora/debian repos?! I have wondered the same thing, myself. The best answer I can come up with is that there is a wide gulf between the wave of privacy-minded users and the curators of those distros. There are a growing number of privacy-enhancing apps that are being ignored by the old guard. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/49930d91-2a73-d318-ddd3-2184ccca60c5%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] howto add untrusted repository to appVM (without using seperate template)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Aug 06, 2016 at 06:36:10PM -0700, Andrew David Wong wrote: > On 2016-08-06 18:05, emilcronja...@gmail.com wrote: > > Hi there, > > > > How do I add an outside/untrusted repository to an app-vm based on the > > standard template, *without* changing the whole template? And/or how do I, > > after succeding, install a program from the outside source in the appVM > > and make the program survive reboot? > > > > I guess this is a general question, although my problem is concerned with > > the VoIP-program Jtisi: they are not included in neither Fedora or Debian > > repos, and I would not like to add their "untrusted" repo only to the appVM > > wich would actually run the program. (I know I could create a standalone > > VM, but I prefer not to use 3 GB of space to run just one program :)). > > > > SO: How to solve this? (Without jepoardizing my template-VM) > > > > Best regards, E > > > > PS: Why oh why is there no voip-client with zrtp-support in the > > fedora/debian repos?! > > > > You could do this by installing the program to some place in the AppVM that > survives reboot (e.g., the AppVM's home/ directory). Besides that, I can't > think of any way to satisfy all of your desiderata simultaneously. (You could > clone the TemplateVM, but you said you didn't want to create a StandaloneVM > because it would take up too much disk space, and a cloned TemplateVM would > take up roughly the same amount.) I have similar problem with spotify - I don't want to include it in any of my standard template, but on the other hand, I don't want to waste disk space just for one VM. So I ended up with installing it at each VM startup. Using this script: #!/bin/sh # 1. Add the Spotify repository signing key to be able to verify # downloaded packages sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886 # 2. Add the Spotify repository echo deb http://repository.spotify.com stable non-free | sudo tee /etc/apt/sources.list.d/spotify.list # 3. Update list of available packages sudo apt-get update # 4. Install Spotify sudo apt-get -y install spotify-client xdg-utils libxss1 zenity Since I don't restart this VM that often, I call this script manually, just before starting spotify client itself (shell command history is useful ;) ). But is should be enough to put it into /rw/config/rc.local. Downsides: - it downloads the packages each time; not a big problem for me, but can be for others - there is no spotify entry in the menu (needs to be started from terminal) First issue could be fixed by downloading deb files (apt-get -d) and then installing them from a local directory (dpkg -i /rw/debs/*.deb). But it will not automatically download new version. The second issue can be fixed by creating the entry manually. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXpxnjAAoJENuP0xzK19csR+gH/jWJNCWvt65vP1Dw+CI6MV/D BNx45JmUvIjcF14zxe3Fmnw9fZ/tWCTQEMACi49zMkfZQZdUWlKo3iy7jshStxMN dux+nIM6c0XXgKNzzWunAi/1XZkx4AXEF/PkFJgqqRVdMmq5hzButHXXQZ1RwTWu I+Sh7zVIFexqSM89mI6IGMoFW2rtMgH8z7kYC6BMXLBpiG7yDAHzGIzbQ4SIvtf4 xKGgzFaZOQU2PrA7zTiwVRMravO0RmRsfxceLwW/8wU48myQUB6RUpZW+Apmjs+u zgvSg8Vde7uy19P5uFdoex8BiIEbqz7ZH1ufa9bOczDZDv9deMf/Mu+oObxoghE= =Z+nH -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160807112210.GA32095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] howto add untrusted repository to appVM (without using seperate template)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-06 18:05, emilcronja...@gmail.com wrote: > Hi there, > > How do I add an outside/untrusted repository to an app-vm based on the > standard template, *without* changing the whole template? And/or how do I, > after succeding, install a program from the outside source in the appVM > and make the program survive reboot? > > I guess this is a general question, although my problem is concerned with > the VoIP-program Jtisi: they are not included in neither Fedora or Debian > repos, and I would not like to add their "untrusted" repo only to the appVM > wich would actually run the program. (I know I could create a standalone > VM, but I prefer not to use 3 GB of space to run just one program :)). > > SO: How to solve this? (Without jepoardizing my template-VM) > > Best regards, E > > PS: Why oh why is there no voip-client with zrtp-support in the > fedora/debian repos?! > You could do this by installing the program to some place in the AppVM that survives reboot (e.g., the AppVM's home/ directory). Besides that, I can't think of any way to satisfy all of your desiderata simultaneously. (You could clone the TemplateVM, but you said you didn't want to create a StandaloneVM because it would take up too much disk space, and a cloned TemplateVM would take up roughly the same amount.) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXppCLAAoJENtN07w5UDAwNbwQALclKJQwipRfeP/fPsNtRwiz R/ujnQmz+rEulQFw0t+tjcIONCGVzxGfSkM3A7Ud1N6oWm8s51mV/kLjn/AD/NIe 69ZPb/gCXVKmyoGpaFmvYxVasUlTXBibVntz1M4pptmUe/34WW8zvF29etByjWhf o8nKfzacchKQRpsbzh1hZp1EjWmIc7x58KFF4UBNX4yU1jH4zls6q+FzxaVeNfQi t2HYndN83/9U0UqJxFqmTStz8phHv8EqqqvUmAX8UXyuQfBtdSWTqLX/bzTx57RR wopdgj1p3Q4wzkLnjMkIaj5Z7ElJMz1g37dmg+W4Ixd89jkTicnXbvlnccgsc5d1 IPaYUvH547OqOXYFSrif+iNAD2z0dyWHZX81lqA2uPlJJLrPn+5XRA7RNCNVzP2D KGE4ljUrqApxbfYMRzeNQH2ryQ/6uaxGy0Fv0y++/aQ0tSfhuXLv6IhnAZO204h5 fY4Y+lMBjYG8sNeUm4NRGLvnl72ZCuS4GRhru6oAEq/DWBUPtxXY9qIhAS3fUric 8Nk9vxhkqCYqfXd2IQCBoQ5teKAjJnPdtS+hCBQzWGuLsa1vleH9+L+vw84PO7u+ CFpuIGlri86aZyupAomnnDjFrL6yUvZdcNz/X1D+ni0s9zzW6jN5EjT7ndBQ528s 6nlh5jWh4zeZYtyeG5Je =wXOr -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f58e9c48-8c2d-4a08-b1f1-95e3f94afea0%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] howto add untrusted repository to appVM (without using seperate template)
Hi there, How do I add an outside/untrusted repository to an app-vm based on the standard template, *without* changing the whole template? And/or how do I, after succeding, install a program from the outside source in the appVM and make the program survive reboot? I guess this is a general question, although my problem is concerned with the VoIP-program Jtisi: they are not included in neither Fedora or Debian repos, and I would not like to add their "untrusted" repo only to the appVM wich would actually run the program. (I know I could create a standalone VM, but I prefer not to use 3 GB of space to run just one program :)). SO: How to solve this? (Without jepoardizing my template-VM) Best regards, E PS: Why oh why is there no voip-client with zrtp-support in the fedora/debian repos?! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3b093ed9-480a-49e0-8964-639fb9c95a4b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
