From 1248eec2c22c3175dfd2a6b4bac54cd12461948e Mon Sep 17 00:00:00 2001 From: phrabe Date: Tue, 9 May 2017 22:30:23 +0200 Subject: [PATCH 01/17] multimedia This howto describes how to use Spotify, Netflix and Amazon Prime under Qubes OS --- configuration/multimedia | 47 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 configuration/multimedia diff --git a/configuration/multimedia b/configuration/multimedia new file mode 100644 index 00000000..7b28ac17 --- /dev/null +++ b/configuration/multimedia @@ -0,0 +1,47 @@ +This short howto will explain how you can use Spotify, Netflix or Amazon Prime under Qubes OS. +This steps have been tested by providing an own "multimedia" App VM which is based on the Qubes OS Debian 8 Template VM. + +Listen to Spotify + +Install-Howto: https://www.spotify.com/de/download/linux/ + +Detailed steps: + +1) sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886 +2) echo deb http://repository.spotify.com stable non-free | sudo tee /etc/apt/sources.list.d/spotify.list +3) sudo apt-get update +4) sudo apt-get install spotify-client + +I could then start the native spotify client .. easy. + + +Play Netflix +The built in Firefox (from the Debian Template VM) was Firefox ESR 45.3.0 +According to the "supported browser" list Mozilla Firefox >= 47.x is needed. +I've thereoff installed Firefox v53.0.2 according to this manual: +http://libre-software.net/how-to-install-firefox-on-ubuntu-linux-mint/ + +1) download firefox from https://www.mozilla.org/en-US/firefox/new/?scene=2 +direct download link: +https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0.2/linux-x86_64/en-US/firefox-53.0.2.tar.bz2 + +2) unpack the downloaded file +tar -xjf firefox-53.0.2.tar.bz2 + +3) move the unpacked folder: +sudo mv firefox /opt/firefox53 + +4) Create a symlink to the new firefox version: +if you want to use the new installed firefox as "standard firefox", rename the original link in case you want to go back to the previous version +sudo mv /usr/bin/firefox /usr/bin/firefox-old +Create a link to the new firefox version +sudo ln -s /opt/firefox53/firefox /usr/bin/firefox + +5) Launch firefox and open Preferences, Content and enable "Play DRM content" +That's it, login into Netflix and enjoy. + + +How to use Amazon Prime +If you have setup everything to watch netflix (see above), Amazon Prime should also work. +Enjoy" + From 5ff6ad4f362e531d481ff08dfd7fe5d78a1e10c4 Mon Sep 17 00:00:00 2001 From: phrabe Date: Tue, 9 May 2017 22:44:49 +0200 Subject: [PATCH 02/17] Added Description to play DVDs / added Markdown formatting --- configuration/multimedia | 52 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/configuration/multimedia b/configuration/multimedia index 7b28ac17..913f9591 100644 --- a/configuration/multimedia +++ b/configuration/multimedia @@ -2,7 +2,7 @@ This short howto will explain how you can use Spotify, Netflix or Amazon Prime u This steps have been tested by providing an own "multimedia" App VM which is based on the Qubes OS Debian 8 Template VM. Listen to Spotify - +================= Install-Howto: https://www.spotify.com/de/download/linux/ Detailed steps: @@ -16,6 +16,7 @@ I could then start the native spotify client .. easy. Play Netflix +============ The built in Firefox (from the Debian Template VM) was Firefox ESR 45.3.0 According to the "supported browser" list Mozilla Firefox >= 47.x is needed. I've thereoff installed Firefox v53.0.2 according to this manual: @@ -42,6 +43,55 @@ That's it, login into Netflix and enjoy. How to use Amazon Prime +======================= If you have setup everything to watch netflix (see above), Amazon Prime should also work. Enjoy" + +Play DVDs +========= + +To play DVDs within Qubes I have used my new multimedia App VM (which can also play Spotify and Netflix, see post from yesterday). +The multimedia App-VM is based on the Debian 8 Template in Qubes 3.2 + +Some suggested to install the whole desktop within the Debian Image, I don't want to install everything but only the stuff, that is really needed. +As such I have looked at the Debian documentation + +1) Launch Debian 8 Template VM and install the Qubes Proxy Tools, so that you can pass your (external?) DVD-Drive via sys-usb to the multimedia App-VM. Strangely the qubes-usb-proxy seems to be installed within the fedora template but not in the debian template. + In Debian Template VM: + sudo apt-get install qubes-usb-proxy + +2) Install libdbdread4 from the default repositories: + In Debian Template VM: + apt-get install libdvdread4 + +3) Install libdvdcss for the decryption of CSS protected-DVDs. + Because of license restrictions in various countries this can't be done from the Debian repositories but needs to be installed manually. + (not that hard :-)). + Download the packaged .deb from: http://www.deb-multimedia.org/dists/stable/main/binary-amd64/package/libdvdcss2 + In Debian Template VM: + wget http://www.deb-multimedia.org/pool/main/libd/libdvdcss/libdvdcss2_1.3.0-dmo1_amd64.deb + sudo dpkg -i libdvdcss2_1.3.0-dmo1_amd64.deb + +4) I like to use VLC to playback Video/DVDs - you might want to use another player, but VLC works fine. + As this is not installed in the default Debian Template: + In Debian Template VM: + sudo apt-get install vlc + This will also install some dependencies. + +5) Shutdown the Debian Template VM and launch your multimedia App VM + +6) Plugin your external USB DVD-Drive (if you don't have an internal drive) and pass it to the multimedia App VM + In dom0: + qvm-usb -a multimedia sys-usb:3-6 + +7) Launch VLC + qvm-run multimedia vlc + Warning: a window will open in the background which will ask for collecting metadata information. + I haven't seen the window as it was covered by the VLC main window, so that I couldn't launch any commands in this window. + +8) Open DVD within VLC: + Media > Open Disk + You can leave the defaults (/dev/sr0) and just hit play + +Enjoy your DVD From 62516b0a11d908d6bb31f3da2d51b06b19c92d55 Mon Sep 17 00:00:00 2001 From: phrabe Date: Thu, 11 May 2017 23:28:00 +0200 Subject: [PATCH 03/17] Added information how to install Google Chrome with Google chrome it is possible to view contect from Netflix and Amazon Prime, while Firefox which has been suggested for watching Netflix before will not work with Amazon Prime. --- configuration/multimedia | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/configuration/multimedia b/configuration/multimedia index 913f9591..61079e01 100644 --- a/configuration/multimedia +++ b/configuration/multimedia @@ -17,6 +17,12 @@ I could then start the native spotify client .. easy. Play Netflix ============ +You can play Netflix by installing a more recent version of firefox or by installing Google Chroome. +As Google Chrome will play video from Netflx and (!) Amazon, the suggestion is to install Google Chrome. +If you don't use Amazon Prime, Firefox will work. + +Install Firefox +--------------- The built in Firefox (from the Debian Template VM) was Firefox ESR 45.3.0 According to the "supported browser" list Mozilla Firefox >= 47.x is needed. I've thereoff installed Firefox v53.0.2 according to this manual: @@ -44,8 +50,26 @@ That's it, login into Netflix and enjoy. How to use Amazon Prime ======================= -If you have setup everything to watch netflix (see above), Amazon Prime should also work. -Enjoy" +Playing Video thorugh Amazon Prime via Firefox didn't work, with Google Chrome it works. +Warning: You need to install Google Chrome, not Chromium. + +Install Google Chrome +--------------------- +Launch you Debian 8 Template VM + +1) Download latest .deb-package of Google Chrome + wget -c wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb + +2) Install the package + sudo dpkg -i google-chrome-*.deb + +3) Install missing dependencies + sudo apt-get install -f + +4) Shutdown Template VM + +5) Add Google Chrome Shortcut to your multimedia App VM + Play DVDs From 0415ea9f652f42c939145cb0f09515d7a8ce67c4 Mon Sep 17 00:00:00 2001 From: phrabe Date: Thu, 11 May 2017 23:42:16 +0200 Subject: [PATCH 04/17] Added Header for formatting --- configuration/multimedia | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configuration/multimedia b/configuration/multimedia index 61079e01..8d08ba98 100644 --- a/configuration/multimedia +++ b/configuration/multimedia @@ -1,3 +1,9 @@ +--- +layout: doc +title: How to play multimedia content +permalink: /doc/config/multimedia/ +--- + This short howto will explain how you can use Spotify, Netflix or Amazon Prime under Qubes OS. This steps have been tested by providing an own "multimedia" App VM which is based on the Qubes OS Debian 8 Template VM. From e090bf58267dba9b3678fdc267b5ca3cbb2ae718 Mon Sep 17 00:00:00 2001 From: phrabe Date: Sat, 8 Jul 2017 22:49:27 +0200 Subject: [PATCH 05/17] Update multimedia Added improved documentation how to install Spotify Client --- configuration/multimedia | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/configuration/multimedia b/configuration/multimedia index 8d08ba98..e2c676cd 100644 --- a/configuration/multimedia +++ b/configuration/multimedia @@ -11,14 +11,23 @@ Listen to Spotify ================= Install-Howto: https://www.spotify.com/de/download/linux/ -Detailed steps: +Detailed steps which must be run in the Debian 8 template VM. +A good idea might be to clone the existing Debian 8 template and create an own debian-8-multimedia template from whoch you can then create an App-VM. +You need to make sure that you allow networking to the internet during installation, as you need to download some data which are not from the default repositories. -1) sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886 -2) echo deb http://repository.spotify.com stable non-free | sudo tee /etc/apt/sources.list.d/spotify.list -3) sudo apt-get update -4) sudo apt-get install spotify-client +# Become root +su - +# Download the Key which is used for signing the Spotify package repository +apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886 +#Public-Key: http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xD2C19886&fingerprint=on +#Fingerprint: BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886 +# Add the package repository to your list of package sources +echo deb http://repository.spotify.com stable non-free | tee /etc/apt/sources.list.d/spotify.list +# Make the new repository known to your system +apt-get update +# Install the Spotify Client +apt-get install -y spotify-client -I could then start the native spotify client .. easy. Play Netflix From 9e36bdf0eb80b1f930daef1cd630e2bc1ff5c2c5 Mon Sep 17 00:00:00 2001 From: praschdorff Date: Sun, 18 Feb 2018 23:28:51 +0100 Subject: [PATCH 06/17] Upated multimedia A step-by-step howto to create a debian based Multimedia AppVM to play Netflix, Amazon Prime, Spotify content and playback DVDs. --- configuration/multimedia | 222 ++++++++++++++++++++++----------------- 1 file changed, 123 insertions(+), 99 deletions(-) diff --git a/configuration/multimedia b/configuration/multimedia index e2c676cd..12c5dbde 100644 --- a/configuration/multimedia +++ b/configuration/multimedia @@ -1,136 +1,160 @@ --- layout: doc -title: How to play multimedia content -permalink: /doc/config/multimedia/ +title: Multimedia +permalink: /doc/multimedia/ +redirect_from: +- /en/doc/multimedia/ +- /doc/Multimedia/ +- /wiki/Multimedia/ --- -This short howto will explain how you can use Spotify, Netflix or Amazon Prime under Qubes OS. -This steps have been tested by providing an own "multimedia" App VM which is based on the Qubes OS Debian 8 Template VM. +Multimedia +========== -Listen to Spotify -================= -Install-Howto: https://www.spotify.com/de/download/linux/ +In order to choose Qubes OS as your primary OS it must be able to do all tasks, including playing multimedia content. +This howto explains how to create a multimedia temmplate which can be used to play multimedia content. +This includes: -Detailed steps which must be run in the Debian 8 template VM. -A good idea might be to clone the existing Debian 8 template and create an own debian-8-multimedia template from whoch you can then create an App-VM. -You need to make sure that you allow networking to the internet during installation, as you need to download some data which are not from the default repositories. +- Spotify +- Amazon Prime +- Netflix +- DVDs -# Become root -su - -# Download the Key which is used for signing the Spotify package repository -apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886 -#Public-Key: http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xD2C19886&fingerprint=on -#Fingerprint: BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886 -# Add the package repository to your list of package sources -echo deb http://repository.spotify.com stable non-free | tee /etc/apt/sources.list.d/spotify.list -# Make the new repository known to your system -apt-get update -# Install the Spotify Client -apt-get install -y spotify-client +Hint: This first draft of this howto was written under Qubes OS 3.2 but it should also work for Qubes 4rc4. +Installation +------------ -Play Netflix -============ -You can play Netflix by installing a more recent version of firefox or by installing Google Chroome. -As Google Chrome will play video from Netflx and (!) Amazon, the suggestion is to install Google Chrome. -If you don't use Amazon Prime, Firefox will work. +Start by cloning the default debian template in dom0. +Hint: +t-multimedia is just the template VM where we will install all packages. +In the last step we will create an AppVM from this template. -Install Firefox ---------------- -The built in Firefox (from the Debian Template VM) was Firefox ESR 45.3.0 -According to the "supported browser" list Mozilla Firefox >= 47.x is needed. -I've thereoff installed Firefox v53.0.2 according to this manual: -http://libre-software.net/how-to-install-firefox-on-ubuntu-linux-mint/ +`qvm-clone debian-9 t-multimedia` -1) download firefox from https://www.mozilla.org/en-US/firefox/new/?scene=2 -direct download link: -https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0.2/linux-x86_64/en-US/firefox-53.0.2.tar.bz2 +As we need to install some package outside of the regular repositories you need to enable networking for the Template VM. -2) unpack the downloaded file -tar -xjf firefox-53.0.2.tar.bz2 +`qvm-prefs --set t-multimedia netvm sys-firewall` -3) move the unpacked folder: -sudo mv firefox /opt/firefox53 +Launch a Terminal in the new template VM: -4) Create a symlink to the new firefox version: -if you want to use the new installed firefox as "standard firefox", rename the original link in case you want to go back to the previous version -sudo mv /usr/bin/firefox /usr/bin/firefox-old -Create a link to the new firefox version -sudo ln -s /opt/firefox53/firefox /usr/bin/firefox +`qvm-run --auto t-multimedia gnome-terminal` -5) Launch firefox and open Preferences, Content and enable "Play DRM content" -That's it, login into Netflix and enjoy. +Important: +Enter all the following commands in the terminal of the template VM + +Become the root user to run all follwoing command without the need to use sudo + +`sudo -i` + +Installation of Spotify +----------------------- + +Import GPG-Key for spotify + +`apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0DF731E45CE24F27EEEB1450EFDC8610341D9410` + +> http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&search=0xEFDC8610341D9410&fingerprint=on +> UUID: Spotify Public Repository Signing Key +> Key-ID: 0x341D9410 +> Fingerprint=0DF7 31E4 5CE2 4F27 EEEB 1450 EFDC 8610 341D 9410 + +Add Spotify repository to package list + +`echo deb http://repository.spotify.com stable non-free | tee /etc/apt/sources.list.d/spotify.list` + +Update package list + +`apt-get update` + +Install Spotify from the repositories + +`apt-get install -y spotify-client` + +Create a spotify desktop-entry + +`cp -p /usr/share/spotify/spotify.desktop /usr/share/applications/` +`cp /usr/share/spotify/icons/spotify-linux-16.png /usr/share/icons/hicolor/16x16/apps/spotify.png` -How to use Amazon Prime -======================= -Playing Video thorugh Amazon Prime via Firefox didn't work, with Google Chrome it works. -Warning: You need to install Google Chrome, not Chromium. +Installation of VLC +------------------- -Install Google Chrome ---------------------- -Launch you Debian 8 Template VM +To play DVDs you can install VLC with the needed Codecs -1) Download latest .deb-package of Google Chrome - wget -c wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb +Add Repository for libdvdcss +(See also: http://www.videolan.org/developers/libdvdcss.html) -2) Install the package - sudo dpkg -i google-chrome-*.deb +Add GPG-Key +`apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8F0845FE77B16294429A79346BCA5E4DB84288D9` -3) Install missing dependencies - sudo apt-get install -f +> Public-Key: http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xB84288D9&fingerprint=on +> Fingerprint: 8F08 45FE 77B1 6294 429A 7934 6BCA 5E4D B842 88D9 -4) Shutdown Template VM +Add repositories to install VLC and libdvdcss +`echo "deb http://download.videolan.org/pub/debian/stable/ /" >> /etc/apt/sources.list` +`echo "deb-src http://download.videolan.org/pub/debian/stable/ /" >> /etc/apt/sources.list` -5) Add Google Chrome Shortcut to your multimedia App VM +Update package repositories +`apt-get update` + +Install libdvdcss and VLC +`apt-get install -y libdvdcss2 vlc` + +Installation Google Chrome +-------------------------- -Play DVDs -========= +To play Videos with Netflix, Amazon Prime & Co using Chrome is a good option as it has all needed codecs included. +Hint: Using Chromium will not work for some reasons. -To play DVDs within Qubes I have used my new multimedia App VM (which can also play Spotify and Netflix, see post from yesterday). -The multimedia App-VM is based on the Debian 8 Template in Qubes 3.2 -Some suggested to install the whole desktop within the Debian Image, I don't want to install everything but only the stuff, that is really needed. -As such I have looked at the Debian documentation +Download Google Chrome package from the Google Debian repository -1) Launch Debian 8 Template VM and install the Qubes Proxy Tools, so that you can pass your (external?) DVD-Drive via sys-usb to the multimedia App-VM. Strangely the qubes-usb-proxy seems to be installed within the fedora template but not in the debian template. - In Debian Template VM: - sudo apt-get install qubes-usb-proxy +`wget -c https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb` -2) Install libdbdread4 from the default repositories: - In Debian Template VM: - apt-get install libdvdread4 - -3) Install libdvdcss for the decryption of CSS protected-DVDs. - Because of license restrictions in various countries this can't be done from the Debian repositories but needs to be installed manually. - (not that hard :-)). - Download the packaged .deb from: http://www.deb-multimedia.org/dists/stable/main/binary-amd64/package/libdvdcss2 - In Debian Template VM: - wget http://www.deb-multimedia.org/pool/main/libd/libdvdcss/libdvdcss2_1.3.0-dmo1_amd64.deb - sudo dpkg -i libdvdcss2_1.3.0-dmo1_amd64.deb +FIXME: Howto verify the debian package or better adding a Google Debian package repository? +Link: https://www.google.com/linuxrepositories/ -4) I like to use VLC to playback Video/DVDs - you might want to use another player, but VLC works fine. - As this is not installed in the default Debian Template: - In Debian Template VM: - sudo apt-get install vlc - This will also install some dependencies. +1st attempt to install the downloaded package -5) Shutdown the Debian Template VM and launch your multimedia App VM +`dpkg -i google-chrome-stable_current_amd64.deb` -6) Plugin your external USB DVD-Drive (if you don't have an internal drive) and pass it to the multimedia App VM - In dom0: - qvm-usb -a multimedia sys-usb:3-6 +Installer will quit with an error message as not all dependencies are met (yet): -7) Launch VLC - qvm-run multimedia vlc - Warning: a window will open in the background which will ask for collecting metadata information. - I haven't seen the window as it was covered by the VLC main window, so that I couldn't launch any commands in this window. +> dpkg: dependency problems prevent configuration of google-chrome-stable: +> google-chrome-stable depends on fonts-liberation; however: +> Package fonts-liberation is not installed. +> google-chrome-stable depends on libappindicator1; however: +> Package libappindicator1 is not installed. +> dpkg: error processing package google-chrome-stable (--install): +> dependency problems - leaving unconfigured +> (...) +> Errors were encountered while processing: +> google-chrome-stable -8) Open DVD within VLC: - Media > Open Disk - You can leave the defaults (/dev/sr0) and just hit play +Install the missing dependencies for Google Chrome -Enjoy your DVD +`apt-get -f upgrade` + +(This will install: fonts-liberation libappindicator1 libdbusmenu-glib4 libdbusmenu-gtk4 libindicator7 libxss1) + +After the dependencies are installed rerun package installation of Chrome + +`dpkg -i google-chrome-stable_current_amd64.deb` + +Clean up the mess and shutdown your multimedia template VM + +`rm google-chrome-stable_current_amd64.deb && shutdown -h now` + + +Create a Multimedia AppVM +------------------------- + +After you have created the multimedia AppVM template you can create an AppVM for daily use based on it + +`qvm-create --template=t-multimedia --label=orange multimedia` + +Add Google Chrome, VLC and Spotify to the AppVM Menu via "add/remove app shortcuts" From 86e48c5ad60c41bae7ac5a0581359c6a46af4450 Mon Sep 17 00:00:00 2001 From: praschdorff Date: Wed, 21 Feb 2018 07:15:02 +0100 Subject: [PATCH 07/17] Renamed to multimedia.md --- configuration/{multimedia => multimedia.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename configuration/{multimedia => multimedia.md} (100%) diff --git a/configuration/multimedia b/configuration/multimedia.md similarity index 100% rename from configuration/multimedia rename to configuration/multimedia.md From 656b88eff181b9fe9f766b009f1118ae566f414f Mon Sep 17 00:00:00 2001 From: praschdorff Date: Wed, 21 Feb 2018 07:30:52 +0100 Subject: [PATCH 08/17] edited introduction --- configuration/multimedia.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/configuration/multimedia.md b/configuration/multimedia.md index 12c5dbde..48110b9c 100644 --- a/configuration/multimedia.md +++ b/configuration/multimedia.md @@ -10,9 +10,9 @@ redirect_from: Multimedia ========== +Note: This Howto has been written and was tested under Qubes 4rc4 -In order to choose Qubes OS as your primary OS it must be able to do all tasks, including playing multimedia content. -This howto explains how to create a multimedia temmplate which can be used to play multimedia content. +You can consolidate most of your media streaming tasks into one "multimedia" App-VM. This howto explains how to create a multimedia temmplate which can be used to play multimedia content. This includes: - Spotify @@ -20,9 +20,6 @@ This includes: - Netflix - DVDs -Hint: This first draft of this howto was written under Qubes OS 3.2 but it should also work for Qubes 4rc4. - - Installation ------------ From fef1f808235e8b5dc53d6a5a27c3a6b1423260c3 Mon Sep 17 00:00:00 2001 From: praschdorff Date: Wed, 21 Feb 2018 19:20:00 +0100 Subject: [PATCH 09/17] started explanation how to work without giving internet access to the template VM --- configuration/multimedia.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/configuration/multimedia.md b/configuration/multimedia.md index 48110b9c..e0a87ed1 100644 --- a/configuration/multimedia.md +++ b/configuration/multimedia.md @@ -41,14 +41,26 @@ Launch a Terminal in the new template VM: Important: Enter all the following commands in the terminal of the template VM -Become the root user to run all follwoing command without the need to use sudo +Become the root user to run all following command without the need to use sudo in the multimedia template VM `sudo -i` + Installation of Spotify ----------------------- Import GPG-Key for spotify +As the template VM can't connect to internet you need to get the public key file from another AppVM and copy it to the template VM. The easiest way is to use the Qubes Clipboard to copy the keys from the AppVM where you get the key to the Template VM. + +In an AppVM which has Internet access: +- Open http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xEFDC8610341D9410 +- Copy content of page to the Qubes Clipboard (Strg+C and then Shift+Strg+C) + +Switch to the gnome terminal in the Multimedia Template VM + + .... CONTINUE HERE +nano spotify.pubkey +- Paste the content from the Qubes Clipboard into nano (Shift+Strg+V and then Paste) `apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0DF731E45CE24F27EEEB1450EFDC8610341D9410` From b2281bb1147108d2baf8e105b3d902a80db5fbba Mon Sep 17 00:00:00 2001 From: praschdorff Date: Wed, 21 Feb 2018 21:08:25 +0100 Subject: [PATCH 10/17] Rewritten Added information how to download the repository signing keys in another AppVM and add them to the template VM. The Template VM only needs the default connection to the repositories. In the former version, the template VM had to have full network access as packges had to be downloaded manually --- configuration/multimedia.md | 121 +++++++++++++++++------------------- 1 file changed, 56 insertions(+), 65 deletions(-) diff --git a/configuration/multimedia.md b/configuration/multimedia.md index e0a87ed1..ccef8b8b 100644 --- a/configuration/multimedia.md +++ b/configuration/multimedia.md @@ -54,31 +54,30 @@ As the template VM can't connect to internet you need to get the public key file In an AppVM which has Internet access: - Open http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xEFDC8610341D9410 -- Copy content of page to the Qubes Clipboard (Strg+C and then Shift+Strg+C) +- Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) Switch to the gnome terminal in the Multimedia Template VM - .... CONTINUE HERE -nano spotify.pubkey -- Paste the content from the Qubes Clipboard into nano (Shift+Strg+V and then Paste) +`nano spotify.pubkey` -`apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0DF731E45CE24F27EEEB1450EFDC8610341D9410` +Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) +Save the file (Ctrl+O Ctrl+X) -> http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&search=0xEFDC8610341D9410&fingerprint=on -> UUID: Spotify Public Repository Signing Key -> Key-ID: 0x341D9410 -> Fingerprint=0DF7 31E4 5CE2 4F27 EEEB 1450 EFDC 8610 341D 9410 +Add the public key to the repository keyring +`apt-key add spotify.pubkey` -Add Spotify repository to package list +Verify Fingerprint with +`apt-key finger spotify` +You can (and should) lookup the fingerprint on the keyserver: +http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&search=0xEFDC8610341D9410&fingerprint=on -`echo deb http://repository.spotify.com stable non-free | tee /etc/apt/sources.list.d/spotify.list` - -Update package list +Add the Spotify repository to your list of package sources: +`echo deb http://repository.spotify.com stable non-free > /etc/apt/sources.list.d/spotify.list` +Update the list of all known packages `apt-get update` -Install Spotify from the repositories - +Install Spotify `apt-get install -y spotify-client` Create a spotify desktop-entry @@ -86,33 +85,41 @@ Create a spotify desktop-entry `cp -p /usr/share/spotify/spotify.desktop /usr/share/applications/` `cp /usr/share/spotify/icons/spotify-linux-16.png /usr/share/icons/hicolor/16x16/apps/spotify.png` - Installation of VLC ------------------- To play DVDs you can install VLC with the needed Codecs -Add Repository for libdvdcss -(See also: http://www.videolan.org/developers/libdvdcss.html) +Download the public key which signs the VLC package repositories +In an AppVM which has Internet access: +- Open http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6BCA5E4DB84288D9 +- Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) -Add GPG-Key -`apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8F0845FE77B16294429A79346BCA5E4DB84288D9` +Switch to the gnome terminal in the Multimedia Template VM -> Public-Key: http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xB84288D9&fingerprint=on -> Fingerprint: 8F08 45FE 77B1 6294 429A 7934 6BCA 5E4D B842 88D9 +`nano vlc.pubkey` -Add repositories to install VLC and libdvdcss -`echo "deb http://download.videolan.org/pub/debian/stable/ /" >> /etc/apt/sources.list` -`echo "deb-src http://download.videolan.org/pub/debian/stable/ /" >> /etc/apt/sources.list` +Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) +Save the file (Ctrl+O Ctrl+X) + +Add the public key to the repository keyring +`apt-key add vlc.pubkey` + +Verify Fingerprint with +`apt-key finger VideoLAN` +You can (and should) lookup the fingerprint on the keyserver: +http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xB84288D9&fingerprint=on + +Add the new VLC package repositories to your list of sources +`echo "deb http://download.videolan.org/pub/debian/stable/ /" > /etc/apt/sources.list.d/vlc.list` +`echo "deb-src http://download.videolan.org/pub/debian/stable/ /" >> /etc/apt/sources.list.d/vlc.list` Update package repositories `apt-get update` Install libdvdcss and VLC -`apt-get install -y libdvdcss2 vlc` +`apt-get install -y libdvdcss2 vlc` - - Installation Google Chrome -------------------------- @@ -120,50 +127,34 @@ To play Videos with Netflix, Amazon Prime & Co using Chrome is a good option as Hint: Using Chromium will not work for some reasons. -Download Google Chrome package from the Google Debian repository +Download the public key which signs the Google package repositories +In an AppVM which has Internet access: +- Open http://keys.gnupg.net/pks/lookup?op=get&search=0x7721F63BD38B4796 +- Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) -`wget -c https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb` +Switch to the gnome terminal in the Multimedia Template VM -FIXME: Howto verify the debian package or better adding a Google Debian package repository? -Link: https://www.google.com/linuxrepositories/ +`nano google.pubkey` -1st attempt to install the downloaded package +Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) +Save the file (Ctrl+O Ctrl+X) -`dpkg -i google-chrome-stable_current_amd64.deb` +Add the public key to the repository keyring +`apt-key add google.pubkey` -Installer will quit with an error message as not all dependencies are met (yet): +Verify Fingerprint with +`apt-key finger Google` +You can (and should) lookup the fingerprint on the keyserver: +http://keys.gnupg.net/pks/lookup?search=0x7721F63BD38B4796&fingerprint=on +or https://www.google.com/linuxrepositories/ -> dpkg: dependency problems prevent configuration of google-chrome-stable: -> google-chrome-stable depends on fonts-liberation; however: -> Package fonts-liberation is not installed. -> google-chrome-stable depends on libappindicator1; however: -> Package libappindicator1 is not installed. -> dpkg: error processing package google-chrome-stable (--install): -> dependency problems - leaving unconfigured -> (...) -> Errors were encountered while processing: -> google-chrome-stable +Add the Google package repositories to your list of sources +echo "deb http://dl.google.com/linux/chrome/deb/ stable main"> /etc/apt/sources.list.d/google.list -Install the missing dependencies for Google Chrome +Update package repositories +`apt-get update` -`apt-get -f upgrade` - -(This will install: fonts-liberation libappindicator1 libdbusmenu-glib4 libdbusmenu-gtk4 libindicator7 libxss1) - -After the dependencies are installed rerun package installation of Chrome - -`dpkg -i google-chrome-stable_current_amd64.deb` - -Clean up the mess and shutdown your multimedia template VM - -`rm google-chrome-stable_current_amd64.deb && shutdown -h now` +Install Chrome +`apt-get install google-chrome-stable` -Create a Multimedia AppVM -------------------------- - -After you have created the multimedia AppVM template you can create an AppVM for daily use based on it - -`qvm-create --template=t-multimedia --label=orange multimedia` - -Add Google Chrome, VLC and Spotify to the AppVM Menu via "add/remove app shortcuts" From 8c7b1d719ec6dbb9d3bdcc4425968e5aa2ddbace Mon Sep 17 00:00:00 2001 From: praschdorff Date: Wed, 21 Feb 2018 21:11:55 +0100 Subject: [PATCH 11/17] removed old information Removed information that the template VM need full internet access. --- configuration/multimedia.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/configuration/multimedia.md b/configuration/multimedia.md index ccef8b8b..75070dc5 100644 --- a/configuration/multimedia.md +++ b/configuration/multimedia.md @@ -30,17 +30,12 @@ In the last step we will create an AppVM from this template. `qvm-clone debian-9 t-multimedia` -As we need to install some package outside of the regular repositories you need to enable networking for the Template VM. - -`qvm-prefs --set t-multimedia netvm sys-firewall` - Launch a Terminal in the new template VM: `qvm-run --auto t-multimedia gnome-terminal` Important: Enter all the following commands in the terminal of the template VM - Become the root user to run all following command without the need to use sudo in the multimedia template VM `sudo -i` From 5fd16752bc841ef8b5e120c2935b42d4a1d8713e Mon Sep 17 00:00:00 2001 From: praschdorff Date: Wed, 21 Feb 2018 21:42:35 +0100 Subject: [PATCH 12/17] fixed formatting Run through the whole howto from scratch and verified each step including the launch of the application in the AppVM based on this template. --- configuration/multimedia.md | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/configuration/multimedia.md b/configuration/multimedia.md index 75070dc5..ca29f07a 100644 --- a/configuration/multimedia.md +++ b/configuration/multimedia.md @@ -62,14 +62,18 @@ Add the public key to the repository keyring `apt-key add spotify.pubkey` Verify Fingerprint with + `apt-key finger spotify` + You can (and should) lookup the fingerprint on the keyserver: http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&search=0xEFDC8610341D9410&fingerprint=on Add the Spotify repository to your list of package sources: + `echo deb http://repository.spotify.com stable non-free > /etc/apt/sources.list.d/spotify.list` Update the list of all known packages + `apt-get update` Install Spotify @@ -78,6 +82,7 @@ Install Spotify Create a spotify desktop-entry `cp -p /usr/share/spotify/spotify.desktop /usr/share/applications/` + `cp /usr/share/spotify/icons/spotify-linux-16.png /usr/share/icons/hicolor/16x16/apps/spotify.png` Installation of VLC @@ -101,18 +106,24 @@ Add the public key to the repository keyring `apt-key add vlc.pubkey` Verify Fingerprint with + `apt-key finger VideoLAN` + You can (and should) lookup the fingerprint on the keyserver: http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xB84288D9&fingerprint=on Add the new VLC package repositories to your list of sources + `echo "deb http://download.videolan.org/pub/debian/stable/ /" > /etc/apt/sources.list.d/vlc.list` + `echo "deb-src http://download.videolan.org/pub/debian/stable/ /" >> /etc/apt/sources.list.d/vlc.list` Update package repositories + `apt-get update` Install libdvdcss and VLC + `apt-get install -y libdvdcss2 vlc` Installation Google Chrome @@ -121,10 +132,9 @@ Installation Google Chrome To play Videos with Netflix, Amazon Prime & Co using Chrome is a good option as it has all needed codecs included. Hint: Using Chromium will not work for some reasons. - Download the public key which signs the Google package repositories In an AppVM which has Internet access: -- Open http://keys.gnupg.net/pks/lookup?op=get&search=0x7721F63BD38B4796 +- Open http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x7721F63BD38B4796 - Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) Switch to the gnome terminal in the Multimedia Template VM @@ -135,21 +145,31 @@ Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Past Save the file (Ctrl+O Ctrl+X) Add the public key to the repository keyring + `apt-key add google.pubkey` Verify Fingerprint with + `apt-key finger Google` + You can (and should) lookup the fingerprint on the keyserver: -http://keys.gnupg.net/pks/lookup?search=0x7721F63BD38B4796&fingerprint=on +http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x7721F63BD38B4796&fingerprint=on or https://www.google.com/linuxrepositories/ Add the Google package repositories to your list of sources echo "deb http://dl.google.com/linux/chrome/deb/ stable main"> /etc/apt/sources.list.d/google.list Update package repositories + `apt-get update` Install Chrome + `apt-get install google-chrome-stable` +Create a Multimedia AppVM +------------------------- +. +The last step is to create a multimedia AppVM (named "my-multimedia" here) based on the new multimedia template. +`qvm-create --template t-multimedia --label-orange my-multimedia` From 00e76d21fc7db8fe6bc6736aa5c0251c00c76537 Mon Sep 17 00:00:00 2001 From: praschdorff Date: Wed, 21 Feb 2018 23:41:41 +0100 Subject: [PATCH 13/17] updated info: all links to keyservers are https / provided fingerprints for repository signing keys implemented all the feedback from "marmarek " --- configuration/multimedia.md | 124 ++++++++++++++++++++++++------------ 1 file changed, 82 insertions(+), 42 deletions(-) diff --git a/configuration/multimedia.md b/configuration/multimedia.md index ca29f07a..f6cfaf33 100644 --- a/configuration/multimedia.md +++ b/configuration/multimedia.md @@ -40,6 +40,14 @@ Become the root user to run all following command without the need to use sudo i `sudo -i` +This howto assumes that you have xclip available in the AppVM where you download the Repository Signing keys. +xclip will be used to paste the content of the clipboard to a file. +You can install xclip via: + +`apt-get install xclip` on Debian +`dnf install xclip` on Fedora + +You can of course install xclip just into the AppVM where you download the signing keys to have it available for this howto and it will be deleted if you reboot the AppVM. To have xclip available also after a reboot you need to install it in the Template VM on which your Internet AppVM is based (make sure to reboot the AppVM after you've installed any package in its template) Installation of Spotify ----------------------- @@ -48,26 +56,35 @@ Import GPG-Key for spotify As the template VM can't connect to internet you need to get the public key file from another AppVM and copy it to the template VM. The easiest way is to use the Qubes Clipboard to copy the keys from the AppVM where you get the key to the Template VM. In an AppVM which has Internet access: -- Open http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xEFDC8610341D9410 -- Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) +- Open https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xEFDC8610341D9410 +- Copy content of page to the Clipboard (Ctrl+A and Ctrl+C) +- open a Terminal in this AppVM and copy the content of the clipboard to a file + `xclip -o > spotify.pubkey` -Switch to the gnome terminal in the Multimedia Template VM +Check the signature of the signing key (still in the AppVM where you downloaded the key) -`nano spotify.pubkey` +`gpg --with-fingerprint spotify.pubkey` -Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) -Save the file (Ctrl+O Ctrl+X) +This should look like: +> [user@my-untrusted ~]$ `gpg --with-fingerprint spotify.pubkey` +> pub 4096R/341D9410 2017-07-25 Spotify Public Repository Signing Key +> Key fingerprint = 0DF7 31E4 5CE2 4F27 EEEB 1450 EFDC 8610 341D 9410 + +You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated. +https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xefdc8610341d9410&fingerprint=on + +Copy the public signing key which you have just verified over to the multimedia template VM +- copy the file via `qvm-copy-to-vm t-multimedia spotify.pubkey` +- or create a new file on the Template VM and copy the content of the clipboard (the public key) + Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) + Switch to the gnome terminal in the Multimedia Template VM + `nano spotify.pubkey` + Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) + Save the file (Ctrl+O Ctrl+X) Add the public key to the repository keyring `apt-key add spotify.pubkey` -Verify Fingerprint with - -`apt-key finger spotify` - -You can (and should) lookup the fingerprint on the keyserver: -http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&search=0xEFDC8610341D9410&fingerprint=on - Add the Spotify repository to your list of package sources: `echo deb http://repository.spotify.com stable non-free > /etc/apt/sources.list.d/spotify.list` @@ -85,6 +102,7 @@ Create a spotify desktop-entry `cp /usr/share/spotify/icons/spotify-linux-16.png /usr/share/icons/hicolor/16x16/apps/spotify.png` + Installation of VLC ------------------- @@ -92,25 +110,34 @@ To play DVDs you can install VLC with the needed Codecs Download the public key which signs the VLC package repositories In an AppVM which has Internet access: -- Open http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6BCA5E4DB84288D9 -- Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) +- Open https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6BCA5E4DB84288D9 +- Repeat all steps to save the public signing key on the AppVM (see above / Spotify example) + `xclip -o > videolan.pubkey` + +Check the signature of the signing key (still in the AppVM where you downloaded the key) -Switch to the gnome terminal in the Multimedia Template VM +`gpg --with-fingerprint videolan.pubkey` -`nano vlc.pubkey` +This should look like: +> [user@my-untrusted ~]$ `gpg --with-fingerprint videolan.pubkey` +> pub 2048R/B84288D9 2013-08-27 VideoLAN APT Signing Key +> Key fingerprint = 8F08 45FE 77B1 6294 429A 7934 6BCA 5E4D B842 88D9 +> sub 2048R/288D4A2C 2013-08-27 -Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) -Save the file (Ctrl+O Ctrl+X) +You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated. +https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x6BCA5E4DB84288D9&fingerprint=on + +Copy the public signing key which you have just verified over to the multimedia template VM +- copy the file via `qvm-copy-to-vm t-multimedia videolan.pubkey` +- or create a new file on the Template VM and copy the content of the clipboard (the public key) + Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) + Switch to the gnome terminal in the Multimedia Template VM + `nano videolan.pubkey` + Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) + Save the file (Ctrl+O Ctrl+X) Add the public key to the repository keyring -`apt-key add vlc.pubkey` - -Verify Fingerprint with - -`apt-key finger VideoLAN` - -You can (and should) lookup the fingerprint on the keyserver: -http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xB84288D9&fingerprint=on +`apt-key add videolan.pubkey` Add the new VLC package repositories to your list of sources @@ -126,6 +153,7 @@ Install libdvdcss and VLC `apt-get install -y libdvdcss2 vlc` + Installation Google Chrome -------------------------- @@ -134,28 +162,39 @@ Hint: Using Chromium will not work for some reasons. Download the public key which signs the Google package repositories In an AppVM which has Internet access: -- Open http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x7721F63BD38B4796 -- Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) +- Open https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x7721F63BD38B4796 +- Repeat all steps to save the public signing key on the AppVM (see above / Spotify example) + `xclip -o > google.pubkey` -Switch to the gnome terminal in the Multimedia Template VM +Check the signature of the signing key (still in the AppVM where you downloaded the key) -`nano google.pubkey` +`gpg --with-fingerprint google.pubkey` -Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) -Save the file (Ctrl+O Ctrl+X) +This should look like: +> [user@my-untrusted ~]$ `gpg --with-fingerprint google.pubkey` +> pub 4096R/D38B4796 2016-04-12 Google Inc. (Linux Packages Signing Authority) +> +> Key fingerprint = EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796 +> sub 4096R/640DB551 2016-04-12 [expires: 2019-04-12] +> sub 4096R/997C215E 2017-01-24 [expires: 2020-01-24] + +You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated. +https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x7721F63BD38B4796&fingerprint=on +or https://www.google.com/linuxrepositories/ + +Copy the public signing key which you have just verified over to the multimedia template VM +- copy the file via `qvm-copy-to-vm t-multimedia google.pubkey` +- or create a new file on the Template VM and copy the content of the clipboard (the public key) + Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) + Switch to the gnome terminal in the Multimedia Template VM + `nano google.pubkey` + Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) + Save the file (Ctrl+O Ctrl+X) Add the public key to the repository keyring `apt-key add google.pubkey` -Verify Fingerprint with - -`apt-key finger Google` - -You can (and should) lookup the fingerprint on the keyserver: -http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x7721F63BD38B4796&fingerprint=on -or https://www.google.com/linuxrepositories/ - Add the Google package repositories to your list of sources echo "deb http://dl.google.com/linux/chrome/deb/ stable main"> /etc/apt/sources.list.d/google.list @@ -167,9 +206,10 @@ Install Chrome `apt-get install google-chrome-stable` + Create a Multimedia AppVM ------------------------- -. + The last step is to create a multimedia AppVM (named "my-multimedia" here) based on the new multimedia template. `qvm-create --template t-multimedia --label-orange my-multimedia` From ad738ca2c6b06a4ddaab214c0501278c921326fa Mon Sep 17 00:00:00 2001 From: praschdorff Date: Wed, 21 Feb 2018 23:43:35 +0100 Subject: [PATCH 14/17] added line breaks --- configuration/multimedia.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/configuration/multimedia.md b/configuration/multimedia.md index f6cfaf33..d5a05b8c 100644 --- a/configuration/multimedia.md +++ b/configuration/multimedia.md @@ -67,7 +67,9 @@ Check the signature of the signing key (still in the AppVM where you downloaded This should look like: > [user@my-untrusted ~]$ `gpg --with-fingerprint spotify.pubkey` + > pub 4096R/341D9410 2017-07-25 Spotify Public Repository Signing Key + > Key fingerprint = 0DF7 31E4 5CE2 4F27 EEEB 1450 EFDC 8610 341D 9410 You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated. @@ -120,8 +122,11 @@ Check the signature of the signing key (still in the AppVM where you downloaded This should look like: > [user@my-untrusted ~]$ `gpg --with-fingerprint videolan.pubkey` + > pub 2048R/B84288D9 2013-08-27 VideoLAN APT Signing Key + > Key fingerprint = 8F08 45FE 77B1 6294 429A 7934 6BCA 5E4D B842 88D9 + > sub 2048R/288D4A2C 2013-08-27 You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated. @@ -172,10 +177,15 @@ Check the signature of the signing key (still in the AppVM where you downloaded This should look like: > [user@my-untrusted ~]$ `gpg --with-fingerprint google.pubkey` + > pub 4096R/D38B4796 2016-04-12 Google Inc. (Linux Packages Signing Authority) + > + > Key fingerprint = EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796 + > sub 4096R/640DB551 2016-04-12 [expires: 2019-04-12] + > sub 4096R/997C215E 2017-01-24 [expires: 2020-01-24] You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated. From b970df62a2b4048f21f867cc09d2396202398860 Mon Sep 17 00:00:00 2001 From: praschdorff Date: Thu, 22 Feb 2018 00:14:27 +0100 Subject: [PATCH 15/17] Moved the verification of the GPG Signing keys to the template VM --- configuration/multimedia.md | 72 ++++++++++++++++++------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/configuration/multimedia.md b/configuration/multimedia.md index d5a05b8c..f6215bf7 100644 --- a/configuration/multimedia.md +++ b/configuration/multimedia.md @@ -61,21 +61,7 @@ In an AppVM which has Internet access: - open a Terminal in this AppVM and copy the content of the clipboard to a file `xclip -o > spotify.pubkey` -Check the signature of the signing key (still in the AppVM where you downloaded the key) - -`gpg --with-fingerprint spotify.pubkey` - -This should look like: -> [user@my-untrusted ~]$ `gpg --with-fingerprint spotify.pubkey` - -> pub 4096R/341D9410 2017-07-25 Spotify Public Repository Signing Key - -> Key fingerprint = 0DF7 31E4 5CE2 4F27 EEEB 1450 EFDC 8610 341D 9410 - -You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated. -https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xefdc8610341d9410&fingerprint=on - -Copy the public signing key which you have just verified over to the multimedia template VM +Copy the public signing key over to the multimedia template VM - copy the file via `qvm-copy-to-vm t-multimedia spotify.pubkey` - or create a new file on the Template VM and copy the content of the clipboard (the public key) Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) @@ -84,6 +70,20 @@ Copy the public signing key which you have just verified over to the multimedia Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) Save the file (Ctrl+O Ctrl+X) +Check the signature of the signing key (in the multimedia Template VM) + +`gpg --with-fingerprint spotify.pubkey` + +This should look like: +> [user@t-multimedia ~]$ `gpg --with-fingerprint spotify.pubkey` + +> pub 4096R/341D9410 2017-07-25 Spotify Public Repository Signing Key + +> Key fingerprint = 0DF7 31E4 5CE2 4F27 EEEB 1450 EFDC 8610 341D 9410 + +You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated. +https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xefdc8610341d9410&fingerprint=on + Add the public key to the repository keyring `apt-key add spotify.pubkey` @@ -116,12 +116,21 @@ In an AppVM which has Internet access: - Repeat all steps to save the public signing key on the AppVM (see above / Spotify example) `xclip -o > videolan.pubkey` -Check the signature of the signing key (still in the AppVM where you downloaded the key) +Copy the public signing key over to the multimedia template VM +- copy the file via `qvm-copy-to-vm t-multimedia videolan.pubkey` +- or create a new file on the Template VM and copy the content of the clipboard (the public key) + Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) + Switch to the gnome terminal in the Multimedia Template VM + `nano videolan.pubkey` + Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) + Save the file (Ctrl+O Ctrl+X) + +Check the signature of the signing key `gpg --with-fingerprint videolan.pubkey` This should look like: -> [user@my-untrusted ~]$ `gpg --with-fingerprint videolan.pubkey` +> [user@t-multimedia ~]$ `gpg --with-fingerprint videolan.pubkey` > pub 2048R/B84288D9 2013-08-27 VideoLAN APT Signing Key @@ -132,15 +141,6 @@ This should look like: You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated. https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x6BCA5E4DB84288D9&fingerprint=on -Copy the public signing key which you have just verified over to the multimedia template VM -- copy the file via `qvm-copy-to-vm t-multimedia videolan.pubkey` -- or create a new file on the Template VM and copy the content of the clipboard (the public key) - Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) - Switch to the gnome terminal in the Multimedia Template VM - `nano videolan.pubkey` - Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) - Save the file (Ctrl+O Ctrl+X) - Add the public key to the repository keyring `apt-key add videolan.pubkey` @@ -171,12 +171,21 @@ In an AppVM which has Internet access: - Repeat all steps to save the public signing key on the AppVM (see above / Spotify example) `xclip -o > google.pubkey` +Copy the public signing key over to the multimedia template VM +- copy the file via `qvm-copy-to-vm t-multimedia google.pubkey` +- or create a new file on the Template VM and copy the content of the clipboard (the public key) + Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) + Switch to the gnome terminal in the Multimedia Template VM + `nano google.pubkey` + Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) + Save the file (Ctrl+O Ctrl+X) + Check the signature of the signing key (still in the AppVM where you downloaded the key) `gpg --with-fingerprint google.pubkey` This should look like: -> [user@my-untrusted ~]$ `gpg --with-fingerprint google.pubkey` +> [user@t-multimedia ~]$ `gpg --with-fingerprint google.pubkey` > pub 4096R/D38B4796 2016-04-12 Google Inc. (Linux Packages Signing Authority) @@ -192,15 +201,6 @@ You can (and should) lookup the fingerprint on at least one (or more) keyservers https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x7721F63BD38B4796&fingerprint=on or https://www.google.com/linuxrepositories/ -Copy the public signing key which you have just verified over to the multimedia template VM -- copy the file via `qvm-copy-to-vm t-multimedia google.pubkey` -- or create a new file on the Template VM and copy the content of the clipboard (the public key) - Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C) - Switch to the gnome terminal in the Multimedia Template VM - `nano google.pubkey` - Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) - Save the file (Ctrl+O Ctrl+X) - Add the public key to the repository keyring `apt-key add google.pubkey` From 463aef2a65ffb43786c34a6edc8a2de0df202f33 Mon Sep 17 00:00:00 2001 From: praschdorff Date: Sun, 25 Feb 2018 00:45:59 +0100 Subject: [PATCH 16/17] fixes small typos --- configuration/multimedia.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/configuration/multimedia.md b/configuration/multimedia.md index f6215bf7..334f9ef5 100644 --- a/configuration/multimedia.md +++ b/configuration/multimedia.md @@ -206,7 +206,8 @@ Add the public key to the repository keyring `apt-key add google.pubkey` Add the Google package repositories to your list of sources -echo "deb http://dl.google.com/linux/chrome/deb/ stable main"> /etc/apt/sources.list.d/google.list + +`echo "deb http://dl.google.com/linux/chrome/deb/ stable main"> /etc/apt/sources.list.d/google.list` Update package repositories @@ -222,4 +223,4 @@ Create a Multimedia AppVM The last step is to create a multimedia AppVM (named "my-multimedia" here) based on the new multimedia template. -`qvm-create --template t-multimedia --label-orange my-multimedia` +`qvm-create --template t-multimedia --label orange my-multimedia` From 44e8ba7067f96f9f819634d08c952b5db2436dc4 Mon Sep 17 00:00:00 2001 From: praschdorff Date: Sun, 25 Feb 2018 22:01:53 +0100 Subject: [PATCH 17/17] Fixed typos, added Info about verifiying GPG-signatures depending on the GPG version different commands might be needed to verify a signature of a public key without importing it. More information can be found here: https://unix.stackexchange.com/questions/391344/gnupg-command-to-show-key-info-from-file --- configuration/multimedia.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/configuration/multimedia.md b/configuration/multimedia.md index 334f9ef5..454087fc 100644 --- a/configuration/multimedia.md +++ b/configuration/multimedia.md @@ -12,7 +12,7 @@ Multimedia ========== Note: This Howto has been written and was tested under Qubes 4rc4 -You can consolidate most of your media streaming tasks into one "multimedia" App-VM. This howto explains how to create a multimedia temmplate which can be used to play multimedia content. +You can consolidate most of your media streaming tasks into one "multimedia" App-VM. This howto explains how to create a multimedia template which can be used to play multimedia content. This includes: - Spotify @@ -70,7 +70,10 @@ Copy the public signing key over to the multimedia template VM Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste) Save the file (Ctrl+O Ctrl+X) -Check the signature of the signing key (in the multimedia Template VM) +Check the signature of the signing key (in the multimedia Template VM). +Hint: depending on your installed version of GnuPG the command to show a public might slightly be different. +See https://unix.stackexchange.com/questions/391344/gnupg-command-to-show-key-info-from-file for more information. +If this command doesn't show a fingerprint choose one of the other commands mentioned in the above link. `gpg --with-fingerprint spotify.pubkey`