Qubes Notes, January 27, 2019
Whonix
* When upgrading Whonix, you need to uninstall all of whonix, including sys-whonix
Adding to a minimal template
My preferred Linux is currently Qubes-OS. One thing I do like is the minimal templates. You can create templates with just what you need in them and then create a Qube from them that doesn't have a lot of extra pieces that you do not need. However creating a usable template from the released templates takes extra steps, that I kind of fumble around doing, so I will layout my process here.
* There is no way to clone or duplicate a template VM from the Qubes Manager, you have to do it from the dom0 command line. Note you do not need sudo:
[user@dom0 ~]$ qvm-clone fedora-27-minimal fedora-27-firefox
* First, the minimal template does not contain the Qubes password-less sudo and the policy kit. You need to start a shell for the template as root. Again, there is no GUI way to do this, you need to do this from a dom0 command line:
[user@dom0 ~]$ qvm-run -u root fedora-27-firefox xterm
* Now I can follow the recommendations fromÂ
https://www.qubes-os.org/doc/templates/fedora-minimal/. In the fedora-27-firefox terminal we started from the command line:
bash-4.4# dnf install qubes-core-agent-passwordless-root polkit
* I check to make sure that the generalized qubes-core-agent is installed
bash-4.4# dnf install qubes-core-agent
* I install some of my preferred packages
bash-4.4# dnf install gnome-keyring less pciutils psmisc
bash-4.4# dnf install pulseaudio-qubes
bash-4.4# dnf install qubes-core-agent-networking
* Now I install the packages that I made the new template for
bash-4.4# dnf install firefox google-droid-*-fonts
* install Centos 7
dom0$ sudo qubes-dom0-update —enablerepo=qubes-templates*testing qubes-template-centos-7
* Apt update mechanism vulnerability:
https://www.qubes-os.org/news/2019/01/23/qsb-46/
Affected Qubes (Whonix Debian)
- anon-whonix whonix-ws-14 sys-whonix
- whonix-ws-14-dvm whonix-ws-14 sys-whonix
- sys-whonix whonix-gw-14 default(sys-firewall)
Affected Qubes (Debian-9)
- discord debian-9
- katoolin debian-9
- opera debian-9-opera
- aws debian-9-sshfs
* Fedora Minimal Template, packages you might need
https://www.qubes-os.org/doc/templates/fedora-minimal/
* Upgrading from one Fedora template to a newer version
https://www.qubes-os.org/doc/template/fedora/upgrade-27-to-28/