Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-05-02 06:46:11 -04:00
Code Issues Projects Releases Packages Wiki Activity

replaced all github flavored code blocks with fenced kramdown code blocks

Browse source
This commit is contained in:
Jeepler 2015-09-27 01:00:33 +02:00
parent df467baf1c
commit 39ef7373fd
58 changed files with 609 additions and 609 deletions
Download patch file Download diff file Expand all files Collapse all files

68
developers/building/BuildingArchlinuxTemplate.md
View file

@ -23,17 +23,17 @@ Change the following variables GIT\_SUBDIR=marmarek DISTS\_VM=archlinux
Get all required sources
------------------------
```
~~~
make get-sources
```
~~~
Note that make get-sources sometimes fails because it didn't download packages that are not used by archlinux such as xfce or kde packages.
You can ignore the repositories that are failing by adding the following line to your builder.conf:
```
~~~
COMPONENTS:=$(filter-out desktop-linux-kde desktop-linux-xfce,$(COMPONENTS))
```
~~~
Just don't forget that you need to comment this line again if you want to build the whole Qubes-OS install CD.
@ -42,23 +42,23 @@ Make all required qubes components
The first use of the builder can take several hours depending on your bandwidth as it will install an archlinux chroot:
```
~~~
make vmm-xen-vm
make core-vchan-xen-vm
make linux-utils-vm
make core-agent-linux-vm
make gui-common-vm
make gui-agent-linux-vm
```
~~~
Now build the template itself
-----------------------------
This can take again several hours, especially the first time you built and archlinux template:
```
~~~
make linux-template-builder
```
~~~
Retrieve your template
----------------------
@ -75,30 +75,30 @@ Can't open file archlinux-2013.02.01-dual.iso
Archlinux ISO files are sometimes removed from mirrors. Check the last version available on the archlinux mirror (eg: [http://mir.archlinux.fr/iso/](http://mir.archlinux.fr/iso/)), and update qubes-src/linux-template-builder/scripts\_archlinux/00\_prepare.sh accordingly:
```
~~~
ISO_VERSION=2013.06.01
```
~~~
You will also need to download the signature matching this ISO version inside qubes-src/linux-template-builder/scripts\_archlinux/:
```
~~~
wget http://mir.archlinux.fr/iso/2013.06.01/archlinux-2013.06.01-dual.iso.sig
```
~~~
The nm-applet (network manager icon) fails to start when archlinux is defined as a template-vm:
-----------------------------------------------------------------------------------------------
In fact /etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf does not allow a standard user to run network manager clients. To allow this, one need to change inside \<policy context="default"\>:
```
~~~
<deny send_destination="org.freedesktop.NetworkManager"/>
```
~~~
to
```
~~~
<allow send_destination="org.freedesktop.NetworkManager"/>
```
~~~
DispVM, Yum proxy and most Qubes addons (thunderbird ...) have not been tested at all.
--------------------------------------------------------------------------------------
@ -111,26 +111,26 @@ This is apparently a bug in Archlinux between glibc and pulseaudio package 4.0-6
Error when building the gui-agent-linux with pulsecore error
------------------------------------------------------------
```
~~~
module-vchan-sink.c:62:34: fatal error: pulsecore/core-error.h: No such file or directory
#include <pulsecore/core-error.h>
```
~~~
This error is because Archlinux update package too quickly. Probably, a new version of pulseaudio has been released, but the qubes team has not imported the new development headers yet.
You can create fake new headers just by copying the old headers:
```
~~~
cd qubes-builder/qubes-src/gui-agent-linux/pulse
ls
cp -r pulsecore-#lastversion pulsecore-#archlinuxversion
```
~~~
You can check the current archlinux pulseaudio version like this:
```
~~~
sudo chroot chroot-archlinux/ pacman -Qi pulseaudio
```
~~~
chroot-archlinux/dev/pts has not been unmounted
-----------------------------------------------
@ -154,15 +154,15 @@ The boot process fails without visible errors in the logs, but spawn a recovery
The problem is a new conflict between systemd and the old sysvinit style. To fix this, you can change the master xen template in dom0 to remove sysvinit remains: Edit **INSIDE DOM0** /usr/share/qubes/vm-template.conf, and change the variable 'extra' that contains the kernel variables: from:
```
~~~
extra="ro nomodeset 3 console=hvc0 rd_NO_PLYMOUTH {kernelopts}"
```
~~~
to:
```
~~~
extra="ro nomodeset console=hvc0 rd_NO_PLYMOUTH {kernelopts}"
```
~~~
Qubes-OS is now using different xenstore variable names, which makes to archlinux VM failing to boot
----------------------------------------------------------------------------------------------------
@ -171,15 +171,15 @@ Apply the following fix in the template to revert the variable name to the old Q
You can edit the template the following way:
```
~~~
sudo mkdir /mnt/vm
sudo mount /var/lib/qubes/vm-templates/archlinux-x64/root.img /mnt/vm
sudo chroot /mnt/vm
```
~~~
Then apply the fix:
```
~~~
sudo sed 's:qubes-keyboard:qubes_keyboard:g' -i /etc/X11/xinit/xinitrc.d/qubes-keymap.sh
sudo sed 's:qubes-netvm-domid:qubes_netvm_domid:g' -i /etc/NetworkManager/dispatcher.d/30-qubes-external-ip
@ -212,19 +212,19 @@ sudo sed 's:qubes-vm-updateable:qubes_vm_updateable:g' -i /usr/lib/qubes/qubes_t
sudo sed 's:qubes-vm-type:qubes_vm_type:g' -i /usr/bin/qubes-session
sudo sed 's:qubes-vm-updateable:qubes_vm_updateable:g' -i /usr/bin/qubes-session
```
~~~
Do not forgot to:
```
~~~
umount /mnt/vm
```
~~~
Installing the template in dom0 fails because of a missing dependency (qubes-core-dom0-linux)
---------------------------------------------------------------------------------------------
Again you built a template based on a recent Qubes API which has not been released yet. So skip the dependency for now:
```
~~~
sudo rpm -U --nodeps yourpackage.rpm
```
~~~

16
developers/building/BuildingNonFedoraTemplate.md
View file

@ -24,11 +24,11 @@ You need to install your OS inside a chroot that will be used to build all the r
The scripts you will be interested in will be inside the qubes-src/linux-template-builder project:
```
~~~
scripts_fedora
scripts_archlinux
scripts_yourOSname
```
~~~
### 00\_prepare.sh
@ -42,19 +42,19 @@ The goal of this script is to install a base environment of your target OS insid
Edit the builder.conf file to change the variable DISTS\_VM to your OS name (DISTS\_VM=your\_os\_name). The try to make the template to check that at least these to first scripts are working correctly:
```
~~~
make linux-template-builder
```
~~~
Qubes builder Makefiles
-----------------------
Now you need to create Makefiles specific to your OS. You will find the required scripts directly inside qubes-builder:
```
~~~
prepare-chroot-yourOSname
Makefile.yourOSname
```
~~~
### prepare-chroot-yourOSname
@ -103,11 +103,11 @@ Additional Installation scripts
Again you need to work on scripts inside the qubes-src/linux-template-builder project:
```
~~~
scripts_fedora
scripts_archlinux
scripts_yourOSname
```
~~~
### 02\_install\_groups.sh

56
developers/building/DevelopmentWorkflow.md
View file

@ -22,10 +22,10 @@ The best way to write and contribute code is to create a git repo somewhere (e.g
**Example:**
```
~~~
$ cd qubes-builder/qubes-src/qubes-manager
$ git remote add abel git@github.com:abeluck/qubes-manager.git
```
~~~
You can then proceed to easily develop in your own branches, pull in new commits from the dev branches, merge them, and eventually push to your own repo on github.
@ -37,55 +37,55 @@ When you are ready to submit your changes to Qubes to be merged, push your chang
In qubes-builder/qubes-src/kernel:
```
~~~
make prep
```
~~~
The resulting tree will be in kernel-\<VERSION\>/linux-\<VERSION\>:
```
~~~
ls -ltrd kernel*/linux*
```
~~~
```
~~~
drwxr-xr-x 23 user user 4096 Nov 5 09:50 kernel-3.4.18/linux-3.4.18
drwxr-xr-x 6 user user 4096 Nov 21 20:48 kernel-3.4.18/linux-obj
```
~~~
#### Go to the kernel tree and update the version
In qubes-builder/qubes-src/kernel:
```
~~~
cd kernel-3.4.18/linux-3.4.18
```
~~~
#### Changing the config
In kernel-3.4.18/linux-3.4.18:
```
~~~
cp ../../config-pvops .config
make oldconfig
```
~~~
Now change the configuration. For example, in kernel-3.4.18/linux-3.4.18:
```
~~~
make menuconfig
```
~~~
Copy the modified config back into the kernel tree:
```
~~~
cp .config ../../../config-pvops
```
~~~
#### Patching the code
TODO: describe the workflow for patching the code, below are some random notes, not working well
```
~~~
ln -s ../../patches.xen
export QUILT_PATCHES=patches.xen
export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index"
@ -101,7 +101,7 @@ quilt add drivers/usb/host/Kconfig drivers/usb/host/Makefile \
quilt refresh
cd ../..
vi series-pvops.conf
```
~~~
#### Building RPMS
@ -113,20 +113,20 @@ You might want to take a moment here to review (git diff, git status), commit yo
To actually build RPMS, in qubes-src/kernel:
```
~~~
make rpms
```
~~~
RPMS will appear in qubes-src/kernel/rpm/x86\_64:
```
~~~
-rw-rw-r-- 1 user user 42996126 Nov 17 04:08 kernel-3.4.18-1debug20121116c.pvops.qubes.x86_64.rpm
-rw-rw-r-- 1 user user 43001450 Nov 17 05:36 kernel-3.4.18-1debug20121117a.pvops.qubes.x86_64.rpm
-rw-rw-r-- 1 user user 8940138 Nov 17 04:08 kernel-devel-3.4.18-1debug20121116c.pvops.qubes.x86_64.rpm
-rw-rw-r-- 1 user user 8937818 Nov 17 05:36 kernel-devel-3.4.18-1debug20121117a.pvops.qubes.x86_64.rpm
-rw-rw-r-- 1 user user 54490741 Nov 17 04:08 kernel-qubes-vm-3.4.18-1debug20121116c.pvops.qubes.x86_64.rpm
-rw-rw-r-- 1 user user 54502117 Nov 17 05:37 kernel-qubes-vm-3.4.18-1debug20121117a.pvops.qubes.x86_64.rpm
```
~~~
### Useful [QubesBuilder](/doc/QubesBuilder/) commands
@ -148,7 +148,7 @@ You may also like to run your [test environment on separate machine](/doc/TestBe
TODO: edit this script to be more generic
```
~~~
#!/bin/sh
set -x
@ -171,24 +171,24 @@ sudo cp misc/qubes-start.desktop /usr/share/qubes/
sudo cp misc/block-snapshot /etc/xen/scripts/
sudo cp aux-tools/qubes-dom0-updates.cron /etc/cron.daily/
# FIXME(Abel Luck): I hope to
```
~~~
### Apply qvm-tools
TODO: make it more generic
```
~~~
#!/bin/sh
BAK=qvm-tools.bak$$
mkdir -p $BAK
cp -a /usr/bin/qvm-* /usr/bin/qubes-* $BAK/
sudo cp qvm-tools/qvm-* qvm-tools/qubes-* /usr/bin/
```
~~~
### Copy from dom0 to an appvm
```
~~~
#/bin/sh
#
# usage ./cp-domain <vm_name> <file_to_copy>
@ -199,4 +199,4 @@ fname=`basename $file`
qvm-run $domain 'mkdir /home/user/incoming/dom0 -p'
cat $file| qvm-run --pass-io $domain "cat > /home/user/incoming/dom0/$fname"
```
~~~

42
developers/building/InstallationIsoBuilding.md
View file

@ -17,10 +17,10 @@ Build installer packages
Get [Qubes Installer repository](http://git.qubes-os.org/?p=smoku/installer) and build its packages:
```
~~~
cd installer
make rpms
```
~~~
Packages will be in `rpm/noarch` and `rpm/x86_64`.
@ -29,57 +29,57 @@ Install Revisor
Next install the freshly built revisor and anaconda:
```
~~~
yum install rpm/noarch/revisor*.rpm
yum install rpm/x86_64/anaconda*.rpm
```
~~~
Review configuration files
--------------------------
All configuration files for Qubes Revisor are kept in the ```conf/``` directory:
All configuration files for Qubes Revisor are kept in the ~~~conf/~~~ directory:
- ```conf/qubes-install.conf``` - Main Revisor configuration file. This configures Revisor to build Qubes Installation image based on Fedora 13. All other configuration files and working directories are pointed here.
- ~~~conf/qubes-install.conf~~~ - Main Revisor configuration file. This configures Revisor to build Qubes Installation image based on Fedora 13. All other configuration files and working directories are pointed here.
- ```conf/qubes-x86_64.conf``` - This file describes all repositories needed to build Qubes for x86\_64 architecture.
- ~~~conf/qubes-x86_64.conf~~~ - This file describes all repositories needed to build Qubes for x86\_64 architecture.
- ```conf/qubes-kickstart.cfg``` - Fedora Kickstart formatted file describing which packages should land in the ISO `/Packages` repository. This describes basically what will be available for installation. The packages list built using this file will be further filtered by the comps file.
- ~~~conf/qubes-kickstart.cfg~~~ - Fedora Kickstart formatted file describing which packages should land in the ISO `/Packages` repository. This describes basically what will be available for installation. The packages list built using this file will be further filtered by the comps file.
- ```conf/comps-qubes.xml``` - Repository Comps file for ISO `/Packages` repository, describing packages and package groups of the installer repository. Package groups are used to select which of the packages are mandatory to install, which are optional and which are to be just available on the ISO but not installed by default (not used on Qubes).
- ~~~conf/comps-qubes.xml~~~ - Repository Comps file for ISO `/Packages` repository, describing packages and package groups of the installer repository. Package groups are used to select which of the packages are mandatory to install, which are optional and which are to be just available on the ISO but not installed by default (not used on Qubes).
Create/Update local repository
------------------------------
Revisor fetches all RPM packages from YUM repositories. We currently use 5 repositories:
- ```yum/installer``` (installer-related rpms)
- ```yum/qubes-dom0``` (all the Qubes stuff)
- ```yum/dom0-updates``` (for select 3rd party packages, e.g. Xorg)
- ```yum/fedora13-repo``` (local fedora 13 repo, copy from DVD)
- ~~~yum/installer~~~ (installer-related rpms)
- ~~~yum/qubes-dom0~~~ (all the Qubes stuff)
- ~~~yum/dom0-updates~~~ (for select 3rd party packages, e.g. Xorg)
- ~~~yum/fedora13-repo~~~ (local fedora 13 repo, copy from DVD)
- remote fedora repo for extra packages (usually deps for qubes-dom0)
You need to manually copy the Fedora 13 installation DVD contents (```Packages/``` and ```repodata/``` directories) into ```build/fedora13-repo```.
You need to manually copy the Fedora 13 installation DVD contents (~~~Packages/~~~ and ~~~repodata/~~~ directories) into ~~~build/fedora13-repo~~~.
Also, you need to copy all the qubes dom0 rpms into ```build/yum/qubes-dom0/rpm``` and run the ```yum/update_repo.sh``` script afterwards.
Also, you need to copy all the qubes dom0 rpms into ~~~build/yum/qubes-dom0/rpm~~~ and run the ~~~yum/update_repo.sh~~~ script afterwards.
In order to fill the ```build/yum/installer``` repo one can just use ```make update-repo```.
In order to fill the ~~~build/yum/installer~~~ repo one can just use ~~~make update-repo~~~.
The ```build/yum/dom0-updates``` is to be used for select rpms that should also be used instead of those from the fedora (loacal and remote) repos.
The ~~~build/yum/dom0-updates~~~ is to be used for select rpms that should also be used instead of those from the fedora (loacal and remote) repos.
Update your local repos:
```
~~~
make update-repo
```
~~~
Build ISO
---------
Now you're finally ready to build the ISO image:
```
~~~
make iso
```
~~~
and wait...

20
developers/building/KdeDom0.md
View file

@ -13,9 +13,9 @@ The Qubes kde-dom0 project (see [Source Code](/doc/SourceCode/)) contains the so
Getting the sources
-------------------
```
~~~
git clone git://qubes-os.org/mainstream/kde-dom0.git kde-dom0
```
~~~
Building the packages
---------------------
@ -24,27 +24,27 @@ It's best to use Fedora 12 or 13 as a development system.
First, you should download and verify the original KDE sources (not part of the kde-dom0 repository):
```
~~~
make get-sources verify-sources
```
~~~
Now, check if you have all the required build dependencies:
```
~~~
make prep
```
~~~
Install any required packages that `make` might have complained about. Then you're ready to build the rpms (you might want to adjust the release of each rpm package by editing the `rel` variable at the beginning of each `.spec` file):
```
~~~
make rpms
```
~~~
**Note:** The `kdebase-*` packages build process requires corresponding `kdelibs-devel` package to be installed first. If your build system is based on Fedora 12/13, and if the `kdelibs-devel` package exist in Fedora repo that is based the same KDE software version (e.g. 4.4.3) as the KDE packages you're building (see the `version` file), than you should be able to use the Fedora package:
```
~~~
yum install kdelibs-devel-{version}
```
~~~
If not, then you should build your `kdelibs-devel` first (`cd kdelibs-devel && make rpms`), then install it on your build system, and then you can build all the rest (`make rpms`).

24
developers/building/QubesBuilder.md
View file

@ -26,15 +26,15 @@ In order to use it one should use an rpm-based distro, like Fedora :) and should
Unusually one can install those packages by just issuing:
```
~~~
sudo yum install git createrepo rpm-build make wget rpmdevtools python-sh dialog rpm-sign
```
~~~
The build system creates build environments in chroots and so no other packages are needed on the host. All files created by the build system are contained within the qubes-builder directory. The full build requires some 25GB of free space, so keep that in mind when deciding where to place this directory.
The build system is configured via builder.conf file -- one should copy the attached builder.conf.default, and modify it as needed, e.g.:
```
~~~
cp builder.conf.default builder.conf
# edit the builder.conf file and set the following variables:
# (make sure to leave no spaces around '=' sign!)
@ -44,23 +44,23 @@ NO_SIGN=1
# and VMs is fc20 so if you want to build Qubes 2
DIST_DOM0=fc20
DISTS_VM=fc20
```
~~~
One additional useful requirement is that 'sudo root' work without any prompt, which is default on most distros (e.g. 'sudo bash' brings you the root shell without asking for any password). This is important as the builder needs to switch to root and then back to user several times during the build process.
Additionally, if building with signing enabled (so NO\_SIGN is not set), one must adjust \~/.rpmmacro file so that it point to the GPG key used for package signing, e.g.:
```
~~~
%_signature gpg
%_gpg_path /home/user/.gnupg
%_gpg_name AC1BF9B3 # <-- Key ID used for signing
```
~~~
It is also recommended to use an empty passphrase for the private key used for signing. Contrary to a popular belief, this doesn't affect your key or sources security -- if somebody compromised your system, then the game is over, whether you use additional passphrase for the key or not.
So, to build Qubes one would do:
```
~~~
# Import the Qubes master key
gpg --recv-keys 0x36879494
@ -90,7 +90,7 @@ make qubes
# ... and then to build the ISO
make iso
```
~~~
And this should produce a shiny new ISO.
@ -128,9 +128,9 @@ If you want to somehow modify sources, you can also do it, here are some basic s
> `get-sources` is already done, so continue with the next one. You can skip `sign-all` if you've disabled signing
>
> ```
> ~~~
> make xen core kernel gui addons docs template kde-dom0 installer qubes-manager dom0-updates
> ```
> ~~~
1. build iso installation image
@ -141,11 +141,11 @@ Code verification keys management
[QubesBuilder](/doc/QubesBuilder/) by default verifies signed tags on every downloaded code. Public keys used for that are stored in `keyrings/git`. By default Qubes developers' keys are imported automatically, but if you need some additional keys (for example your own), you can add them using:
```
~~~
GNUPGHOME=$PWD/keyrings/git gpg --import /path/to/key.asc
GNUPGHOME=$PWD/keyrings/git gpg --edit-key ID_OF_JUST_IMPORTED_KEY
# here use "trust" command to set key fully or ultimately trusted - only those keys are accepted by QubesBuilder
```
~~~
All Qubes developers' keys are signed by the Qubes Master Signing Key (which is set as ultimately trusted key), so are trusted automatically.

20
developers/building/QubesR3Building.md
View file

@ -10,47 +10,47 @@ Building Qubes OS 3.0 ISO
Ensure your system is rpm-based and that you have necessary dependencies installed (see [QubesBuilder](/doc/QubesBuilder/) for more info):
```
~~~
sudo yum install git createrepo rpm-build make wget rpmdevtools pandoc
```
~~~
Get the necessary keys to verify the sources:
```
~~~
$ wget https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
$ gpg --import qubes-master-signing-key.asc
$ gpg --edit-key 36879494
# Verify fingerprint!, set trust to *ultimate*
$ wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
$ gpg --import qubes-developers-keys.asc
```
~~~
Note we do *not* relay above on the security of our server (keys.qubes-os.org) nor the connection (ssl, cert) -- we only rely on you getting the Qubes Master Signing Key fingerprint *somehow* and ensure they match!
Now lets bootstrap the builder. Unfortunately the builder cannot verify itself (the classic Chicken and Egg problem), so we need to verify the signature manually:
```
~~~
$ git clone git://github.com/QubesOS/qubes-builder.git
$ cd qubes-builder
$ git describe --exact-match HEAD
<some tag>
$ git tag -v <some tag>
```
~~~
Assuming the verification went fine, we're good to go with all the rest without ever thinking more about verifying digital signatures on all the rest of the components, as the builder will do that for us, for each component, every time we, even for all aux files (e.g. Xen or Linux kernel sources).
Let's configure the builder first (we can use one of the example configs, either for R2 or "master", which currently means pre-released R3):
```
~~~
cp example-configs/qubes-os-master.conf builder.conf
```
~~~
You can take a loot at the `builder.conf.default` for a description of all available options. Nevertheless, the default config should be enough for start:
```
~~~
$ make get-sources qubes
$ make sign-all # this requires setting SIGN_KEY in the builder.conf, can be skipped for test builds.
$ make iso
```
~~~
Enjoy your new ISO!