Re: [qubes-users] replacing fedora template with fedora minimal
the doc page at https://www.qubes-os.org/doc/templates/fedora-minimal/ says that in Q R4.0 sudo is not installed in the minimal fedora template, and tells you how to get into a root shell from dom0. That is not quite true - sudo is installed (and therefore dnf refuses to re-install it). but it needs to be configured so you will need to use the method in the doc page at least at first. In the fedora-26 template (NOT minimal) find the file /etc/sudoers.d/qubes and copy it across to the same location in the minimal template. Stop and start the minimal template. Go into the terminal as user, and sudo -i now puts you into root without a password. More detail I found the system would not immediately let me copy the file across, so I copied it to /home/user on the template, chown user:user; chmod 777 then I could move it using the GUI. Then in the minimal template, move the file from /user/QubesIncoming/fedora-26 to /etc/sudoers.d then a final chown root:root ; chmod 440 to restore the ownership & mode that sudo expects. I do not claim this to be the most elegant way to move a -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/402e3e93-3643-4a7f-8240-84e241a456c3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] replacing fedora template with fedora minimal
hi Chris > ... > With Debian already being rather minimal I'd suggest using that for most > VMs. I myself use Fedora only for sys-firewall (to handle dom0 updates), > to test software compatibility, and occasionally to build a template. I tried changing sys-net to use debian-9 as its template -- that seemed to prevent me using the terminal in that template so I quickly put it back. I do not have time at present to re-check exactly what I did -- hence my current strategy to use f-26 for all the sys-* machines. I figure if I am using it for anything then I might as well use it for all the sys-* domains. But if I understand you right, you think my sys-net should have worked with the Debian-9 template? If so I might find time to re-visit that -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f80b1ca-e6c4-4d73-b52b-6cf3efb044f1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] replacing fedora template with fedora minimal
On 04/18/2018 06:46 AM, river14ap...@gmail.com wrote: hi all, I am currently running a Qubes 4 system with all my AppVMs based on Debian. (btw thanks to the Qubes devs for providing this "out of the box" when I know you prefer Fedora: very democratic :) Fedora was chosen a long time ago because at the time it was more convenient. Since then, the developers have expressed a need to move away from it toward Debian or similarly stable & secure distro. There is even an issue logged for it. With Debian already being rather minimal I'd suggest using that for most VMs. I myself use Fedora only for sys-firewall (to handle dom0 updates), to test software compatibility, and occasionally to build a template. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f3b8b0b6-1a26-0c01-b036-9177afc7b2fe%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] replacing fedora template with fedora minimal
hi again Ivan Thanks for the advice. Same request as before: pls could you delete your side of this conversation (or re-post) as it picked up my email address. My mistake - this is why I need a machine to look after security for me :( River~~ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e12e2c95-85df-440b-86a5-d21bac154523%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] replacing fedora template with fedora minimal
On 04/18/2018 01:46 PM, river14ap...@gmail.com wrote: > hi all, > > I am currently running a Qubes 4 system with all my AppVMs based on Debian. > (btw thanks to the Qubes devs for providing this "out of the box" when I know > you prefer Fedora: very democratic :) > > Updating the Fedora 26 template takes forever and a lot of it is software I > will never use. I am tempted to try to replace this with the minimal > template, and wondered if there is a step by step Qubes-for-Dummies > description of how to do this? > > If so, please could somebody post a link? > > If not, what I have found so far is a page at > > https://www.qubes-os.org/doc/templates/fedora-minimal/ that's the right doc page. > > which helpfully lists how to install the template and which packages I need > to add to it before I try to use it with sys-net sys-firewall and sys-usb. > > So my current plan is > > 1. install the minimal template + once installed, I'd advise to leave the template as-is and customize a clone: qvm-clone fedora-26-minimal fedora-26-mini > 2. add the required packages for info those were the rpms I installed in my minimal templates (they include those listed in the doc + a few other ones I needed) qubes-core-agent-passwordless-root qubes-core-agent-networking qubes-core-agent-network-manager qubes-core-agent-dom0-updates qubes-usb-proxy network-manager-applet polkit less pciutils psmisc NetworkManager-wifi dejavu-sans-fonts dejavu-sans-mono-fonts tcpdump telnet wireless-tools iwl7260-firmware keepassxc pwgen sharutils qubes-gpg-split qubes-core-agent-nautilus bzip2 `dnf info packagename` will show you what package does what if you're wondering what a rpm is for. as a side note, my sys-usb VM is based on a "heavy" template because I often plug stuff like smartphones, soundcards, ... and Qubes's usb passthrough doesn't work too well with those. > 3. backup all qubes in case of finger trouble that shouldn't be needed because the only thing you do is change the qube VM's template. If something goes wrong, just revert to the original fedora-26 template > 4. from Qube Settings in each the sys- domains change the template or for a quicker alternative, in a dom0 terminal: qvm-prefs vmname template fedora-26-mini > 5. reboot either that, or shutdown all your sys-* VMs and restart them in the right order (sys-net then sys-firewall). Qubes 4.0 should automatically reconnect the other qube VMs to sys-firewall. > Is there anything important I have missed? I don't think so ! > > And finally, after I have got everything running off Fedora Minimal or > Debian, would I use qubes-remove or dnf to remove the redundant Fedora-26 > template? dnf, because using `qvm-remove` would remove rpm installed files which is usually not a good thing (I'm not sure what will happen when/if a new template rpm is pushed in the repos - maybe the template's file will get reinstalled). if you already removed a rpm-installed template with `qvm-remove`, IIRC dnf (or `rpm -e`) will complain because pre/post scripts fail; in that case you can remove the rpm with `rpm --noscripts` or something like that. > > Thanks for any advice - especially if I have missed something... > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/55b7e64a-38c0-c051-07e4-5a83fc3b1688%40maa.bz. For more options, visit https://groups.google.com/d/optout.
[qubes-users] replacing fedora template with fedora minimal
hi all, I am currently running a Qubes 4 system with all my AppVMs based on Debian. (btw thanks to the Qubes devs for providing this "out of the box" when I know you prefer Fedora: very democratic :) Updating the Fedora 26 template takes forever and a lot of it is software I will never use. I am tempted to try to replace this with the minimal template, and wondered if there is a step by step Qubes-for-Dummies description of how to do this? If so, please could somebody post a link? If not, what I have found so far is a page at https://www.qubes-os.org/doc/templates/fedora-minimal/ which helpfully lists how to install the template and which packages I need to add to it before I try to use it with sys-net sys-firewall and sys-usb. So my current plan is 1. install the minimal template 2. add the required packages 3. backup all qubes in case of finger trouble 4. from Qube Settings in each the sys- domains change the template 5. reboot Is there anything important I have missed? And finally, after I have got everything running off Fedora Minimal or Debian, would I use qubes-remove or dnf to remove the redundant Fedora-26 template? Thanks for any advice - especially if I have missed something... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9438b021-796d-425e-8c3a-6451dfb4a43f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
