qubes-doc/customization/fedora-minimal-template-customization.md

295 lines
11 KiB
Markdown
Raw Normal View History

---
layout: doc
title: Fedora Minimal Template Customization
permalink: /doc/fedora-minimal-template-customization/
redirect_from: /en/doc/fedora-minimal-template-customization/
---
2015-10-16 05:49:08 -04:00
FEDORA Packages Recommendations
======================
(starting from a minimal template)
2015-10-16 05:49:08 -04:00
Template installation
------------------------------
> [dom0]#qubes-dom0-update qubes-template-fedora-26-minimal
*Note*: If you have doubts about a set of tools or package you want to install, start installing and testing it in an AppVM.
You can then reproduce it later in your TemplateVM if you are satisfied.
That is the template philosophy in QubesOS.
For more information on the uses of a minimal template read [this page][Minimal].
2015-10-16 05:49:08 -04:00
Standard tools installation
================
2015-10-16 05:49:08 -04:00
Administration (documented)
---------------------------------------------
> sudo pciutils vim-minimal less tcpdump telnet psmisc nmap nmap-ncat usbutils
*Notes*: nmap can be used to discover hosts on a network (nmap -sP [network]), especially if you are inside a Microsoft network, because your AppVM will be protected/NATted behind the Qubes firewall.
(Microsoft / home networks make heavy use of autodiscovery technologies which require clients to be in the same local network (no firewall/no NAT), eg: your printer.)
Some recommendations here: check your current network using the Network manager applet (eg: 192.168.1.65).
Then run nmap in your current AppVM/TemplateVM to search for the selected printer/equipment:
nmap -sP 192.168.1.-.
Don't forget to temporarily allow traffic via the Qubes Firewall if you are doing this in a TemplateVM.
2015-10-16 05:49:08 -04:00
Administration (undocumented)
-------------------------------------------------
> openssh keepassx openssl gnome-keyring man
Dependency note: keepassx rely on qt which takes ~30MB
2015-10-16 05:49:08 -04:00
Network VM (documented)
----------------------------------------
> NetworkManager NetworkManager-wifi network-manager-applet wireless-tools dbus-x11 tar tinyproxy iptables
2015-10-16 05:49:08 -04:00
Network VM (undocumented)
--------------------------------------------
> which dconf dconf-editor
2015-10-16 05:49:08 -04:00
*Notes*: which is required for autostart scripts
*Notes*: dconf is required to remember the VM settings that are changed (the gsetting backend will be in memory only if gconf is not installed).
2015-10-16 05:49:08 -04:00
Network VM (manual operations - documented)
------------------------------------------------------------------------
Search for wireless firmware matching your wireless card (to be launched in network VM)
> lspci; dnf search firmware
2015-10-16 05:49:08 -04:00
ProxyVM/NetworkVM for 3G Modems
--------------------------------------------
> ModemManager NetworkManager-wwan usb_modeswitch modem-manager-gui
Dependency note: modem-manager-gui relies on webkit-gtk and is optional (NetworkManager can handle the modem alone)
2015-10-16 05:49:08 -04:00
Source: [3GMODEM]
2015-10-16 05:49:08 -04:00
ProxyVM for VPNs
--------------------------------------------
2018-01-05 14:57:32 -05:00
Search for a VPN package for your particular vpn solution then [configure][VPNNM] NetworkManager
2015-10-16 05:49:08 -04:00
2018-01-05 14:57:32 -05:00
> dnf search NetworkManager [openvpn\|openconnect\|openswat\|...]
OR
2018-01-05 14:57:32 -05:00
Refer to [this guide][VPN] which includes instructions for failsafe anti-leak VPN configuration using CLI scripts. (An early discussion about OpenVPN configuration can be viewed [here][OPENVPNSETUP].) Required packages will be `iptables` in addition to VPN software such as `openvpn`.
2015-10-16 05:49:08 -04:00
Printer Setup
--------------------------------------------
> system-config-printer system-config-printer-applet cups
2016-01-10 18:41:30 -05:00
Dependency Note: depends on python3 + python3 additional libraries which takes more than 40 M once installed.
2015-10-16 05:49:08 -04:00
2016-01-10 18:41:30 -05:00
Dependency Note: cups depends on ghostscript and require installing additional printing fonts (not documented here), so it can takes several dozen of MB
2015-10-16 05:49:08 -04:00
Manual operations
---------------------------
- Don't forget to restart your TemplateVM or only the cups service when you installed cups (systemctl start cups)
2017-05-11 20:12:02 -04:00
- First you need to search for your printer. If you don't know its name or IP, search for it using nmap: check your current network using the Network manager applet (eg: 192.168.1.65). Then run nmap in your current AppVM/TemplateVM to search for the selected printer/equipement: nmap -sP 192.168.1.-. Don't forget to temporarily allow traffic via the Qubes Firewall if you are inside a TemplateVM.
2016-01-10 18:41:30 -05:00
- Once you identified your printer, run system-config-printer GUI to install your printer
- You may need to cancel the operation to install more adapted printer drivers (eg: if the driver cannot be found automatically). Use dnf search printername to find potential drivers (eg dnf search photosmart)
2015-10-16 05:49:08 -04:00
GUI recommendations
======================
2015-10-16 05:49:08 -04:00
Lightweight packages recommendations
---------------------------------------------------------------
> lxterminal dejavu-sans-mono-fonts dejavu-sans-fonts gnome-settings-daemon
*Note*: You need to install sans-mono fonts for the terminal or it will be unreadable (overlapping characters....), while the sans fonts are just to get nicer GUI menus.
*Scite* is a nice notepad that can also highlight scripts with very light dependencies
> scite
2016-01-10 18:41:30 -05:00
*Meld* allows easy comparison of two text files/ two configuration files.
2016-01-10 18:41:30 -05:00
> meld
*Thunar* is a light file manager usually used by xfce
> thunar thunar-volman ntfs-3g
Dependency Note: xfce4 dependencies (but still quite light ~1.4M downloads)
Miscellaneous packages
--------------------------
*pycairo* package is needed for file's contextual menu "Send to VM" to function (to actually popup dialog box and enter VM's name where the file will be sent to).
*pinentry-gtk* package is responsible for pop-up dialog window where you enter password for your password protected gpg key.
Install this package in the qube holding your password protected gpg keys.
If you do not use password protected gpg keys, there is no need to install this package.
2015-10-16 05:49:08 -04:00
GUI themes
-----------------
2017-05-11 20:12:02 -04:00
Managing GUI theme / appearance is often complex because when you do not want to depend on a specific desktop system.
2015-10-16 05:49:08 -04:00
For this reason, we need to customize themes for each GUI framework that our application depends on.
This often includes GTK2, GTK3 (which us a different configuration/themes than GTK2), Qt.
2017-05-11 20:12:02 -04:00
The appearance of Windows can only be changed in dom0, however, the appearance of all buttons, menus, icons, widgets are specific to each AppVM.
2015-10-16 05:49:08 -04:00
### Packages
2015-10-16 05:49:08 -04:00
Choose theme packages for each framework. I recommend the following documentation [THEMEPACKAGES]
> clearlooks-phenix-gtk2-theme clearlooks-phenix-gtk3-theme
You can search for other themes using dnf search theme gtk
You can check your currently installed theme packages (to eventually remove them) using rpm -qa | grep theme
2015-10-16 05:49:08 -04:00
### Tweaking theme and appearance
2017-05-11 20:12:02 -04:00
First you can get an insight of installed Gtk theme and see how it will appear using lxappearance.
2015-10-16 05:49:08 -04:00
I recommend not applying settings using lxappearance (do not click on apply) because it will create multiple configuration files.
2015-10-16 05:49:08 -04:00
To remove these files, follow cleanup notes.
#### Cleanup notes
~~~
rm ~/.gtkrc-2.0
rm ~/.icons/default/index.theme
rm ~/.config/gtk-3.0/settings.ini
rm ~/.config/Trolltech.conf
2015-10-16 05:49:08 -04:00
~~~
Cleaning the whole dconf settings is also possible by removing the following file. Please note that it will remove all preferences set for gnome application (not only the themes)
2015-10-16 05:49:08 -04:00
~~~
rm ~/.config/dconf/user
2015-10-16 05:49:08 -04:00
~~~
*Note*: lxappearance only has an effect on gtk3 themes so it won't work to change gtk2 themes (used by Firefox, Thunderbird ...).
2015-10-16 05:53:57 -04:00
However, it is very lightweight and can be used to identify the name and look of themes you are interested in.
Once you have the name, you can apply it using gsetting command line or gconf-editor.
2017-05-11 20:12:02 -04:00
*Note*: if you really want a GUI theme editor, you can install gnome-tweak-tools, but this tool has a lot
of gnome dependencies (~150MB of dependencies). You can install it and uninstall it as soon as you change your theme.
2015-10-16 05:49:08 -04:00
#### Testing notes
The following programs can be used to see if theme has been correctly applied:
2015-10-16 05:49:08 -04:00
* GTK2 program: scite, thunderbird, firefox
* GTK3 program: lxterminal
* Qt program: keepassx
2015-10-16 05:49:08 -04:00
2016-01-10 18:41:30 -05:00
*Note*: testing in a TemplateVM will not work as expected because gnome-settings-daemon is not started in TemplateVM.
2015-10-16 05:53:57 -04:00
so test your themes in an AppVM and then update the TemplateVM accordingly.
2015-10-16 05:49:08 -04:00
2015-10-16 05:53:57 -04:00
### Forcing theme change for all AppVM depending on a TemplateVM
This can be done for gtk themes by creating dconf global settings. I recommend reading these articles:
2015-10-16 05:49:08 -04:00
[DCONF1]
2015-10-16 05:53:57 -04:00
2015-10-16 05:49:08 -04:00
[DCONF2]
2015-10-16 05:53:57 -04:00
#### Creating global file
2015-10-16 05:49:08 -04:00
* Setup global config file:
> mkdir /etc/dconf/db/qubes.d
Edit/Create the following file: /etc/dconf/db/qubes.d/10-global-theme-settings:
~~~
[org/gnome/desktop/interface]
cursor-theme="Adwaita"
gtk-theme="Clearlooks-Phenix"
icon-theme="Adwaita"
font-name="Cantarell 11"
monospace-font-name="Monospace 11"
~~~
* Generate global config database
2015-10-16 05:49:08 -04:00
> dconf update
2015-10-16 05:49:08 -04:00
* Configure default user profile
2015-10-16 05:49:08 -04:00
Edit/Create the following file: /etc/dconf/profile/user:
2015-10-16 05:49:08 -04:00
~~~
user-db:user
system-db:qubes
~~~
2015-10-16 05:53:57 -04:00
#### Locking configuration
It should be noted that the user dconf settings stored in ~/.config/dconf/user always takes precedence over the global dconf settings.
User dconf settings can be browsed using dconf-editor GUI.
If you want to force specific settings to be applied for all user (so in our case for all AppVMs depending on the template), you need to create locks:
2015-10-16 05:49:08 -04:00
> mkdir /etc/dconf/db/qubes.d/locks
Edit/Create the following file: /etc/dconf/db/qubes.d/locks/theme.lock:
2015-10-16 05:49:08 -04:00
~~~
/org/gnome/desktop/interface/gtk-theme
2015-10-16 05:49:08 -04:00
~~~
Finally, regenerate the dconf database
2015-10-16 05:49:08 -04:00
> dconf update
### Uniform look for Qt & GTK
Getting an uniform look for Qt & GTK is not achieved yet. A good source is on the following link [UNIFORMTHEME]
Two case:
2015-10-16 05:49:08 -04:00
1. You installed packages of the theme you selected both for Qt, GTK2 and GTK3.
2017-05-11 20:12:02 -04:00
(eg: Adwaita which is the default theme. I have not found another cross framework theme on fedora default packages).
2015-10-16 05:49:08 -04:00
2. You want to use the GTK theme you selected for Qt but there is no qt package.
2016-01-10 18:41:30 -05:00
In this case QGtkStyle will take precedence and convert the style automatically.
2015-10-16 05:49:08 -04:00
You can verify if it is enabled by searching for "style=GTK+" in /etc/xdg/Trolltech.conf.
If style is changed to another name, it will be used instead of your GTK theme.
2016-01-10 18:41:30 -05:00
*Note*: check that ~/.config/Trolltech.conf in your AppVMs is not defining another "style=" because it will take precedence over your global Qt theme.
2015-10-16 05:49:08 -04:00
[3GMODEM]: https://www.codeenigma.com/community/blog/installing-3g-usb-modems-linux
2015-10-16 05:53:57 -04:00
[OPENVPNSETUP]: https://groups.google.com/forum/#!searchin/qubes-users/openvpn$20setup/qubes-users/UbY4-apKScE/lhB_ouTnAwAJ
2015-10-16 05:49:08 -04:00
[THEMEPACKAGES]: https://groups.google.com/forum/#!search/appvm$20theme/qubes-users/RyVeDiEZ6D0/YR4ITjgdYX0J
[DCONF1]: http://www.mattfischer.com/blog/?p=431
[DCONF2]: https://wiki.gnome.org/Projects/dconf/SystemAdministrators
2015-10-16 05:49:08 -04:00
[UNIFORMTHEME]: https://wiki.archlinux.org/index.php/Uniform_look_for_Qt_and_GTK_applications
[Minimal]: ../templates/fedora-minimal/
2018-01-05 14:57:32 -05:00
[VPNNM]: ../vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager
[VPN]: ../vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts