Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-08-02 11:36:36 -04:00
Code Issues Projects Releases Packages Wiki Activity

Delete deprecated content already migrated to Qubes-Community

Browse source 
https://github.com/QubesOS/qubes-issues/issues/4693
This commit is contained in:
Andrew David Wong 2020-12-07 21:37:15 -08:00
parent 6a506edef0
commit 4fab877c22
No known key found for this signature in database
GPG key ID: 8CE137352A019A17
50 changed files with 0 additions and 6198 deletions
Download patch file Download diff file Expand all files Collapse all files

451
external/building-guides/building-archlinux-template.md vendored
View file

@ -9,454 +9,3 @@ redirect_from:
- /wiki/BuildingArchlinuxTemplate/
---
Archlinux template building instructions
===========================================
**These are the instructions for Qubes 4.0. They will take you step by step through the entire process start to finish**
1: Create and configure a qube for template building
------------------------------------------------------------
* The qube should be based on a Fedora template. I named the qube
`build-archlinux2`, based on the minimal Fedora template.
![arch-template-01](/attachment/wiki/ArchlinuxTemplate/arch-template-01.png)
* Ensure there is at least 15GB of free space in the private storage.
![arch-template-02](/attachment/wiki/ArchlinuxTemplate/arch-template-02.png)
2: Create GitHub Account (optional)
-------------------------------------------
* It can be helpful. Creating only a basic account is all that is needed. This will allow you to help, going forward, with the Qubes project. You could be help edit errors in documentation. It can also be of use building other templates.
* Create user account here https://github.com
![arch-template-03](/attachment/wiki/ArchlinuxTemplate/arch-template-03.png)
3: Install necessary packages to `build-archlinux2` qube for "Qubes Automated Build System"
-----------------------------------------------------------------------------------------------
```shell_session
# dnf install git make
```
4: Downloading and verifying the integrity of the "Qubes Automated Build System"
---------------------------------------------------------------------------------
* Import the Qubes master key
```shell_session
$ gpg --import /usr/share/qubes/qubes-master-key.asc
```
* Verify its fingerprint, set as 'trusted'. [This is described here](/doc/VerifyingSignatures).
* Download the Qubes developers' keys.
```shell_session
$ wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
$ gpg --import qubes-developers-keys.asc
```
* Download the latest stable qubes-builder repository:
```shell_session
$ git clone https://github.com/QubesOS/qubes-builder.git /home/user/qubes-builder/
```
* Verify the integrity of the downloaded repository. The last line should read `gpg: Good signature from`...
```shell_session
$ cd /home/user/qubes-builder/
$ git tag -v $(git describe)
```
* Install the remaining dependencies
```shell_session
$ make install-deps
```
5: Run the 'setup' script to build the builder.conf file
-------------------------------------------------------------
( The manual way would be to copy an example config like '**/home/user/qubes-builder/example-configs/qubes-os-r4.0.conf**' to '**/home/user/qubes-builder/builder.conf**' and edit the file )
* Run the 'setup' script located in '**/home/user/qubes-builder/**' Make sure you are in directory '**qubes-builder**'
```shell_session
$ cd /home/user/qubes-builder/
$ ./setup
```
![arch-template-04](/attachment/wiki/ArchlinuxTemplate/arch-template-04.png)
* Install the missing dependencies
![arch-template-05](/attachment/wiki/ArchlinuxTemplate/arch-template-05.png)
* First screen will ask you to import 'Qubes-Master-Signing-key.asc'. The 'setup' script not only downloads but confirms the key to that of the key on Qubes-OS website.
* Select '**YES**'
* Select '**OK**' Press '**Enter**'
![arch-template-06](/attachment/wiki/ArchlinuxTemplate/arch-template-06.png)
* Next screen will ask you to import Marek Marczykowski-Goracki (Qubes OS signing key). Again 'setup' will confirm this key to the fingerprint.
* Select '**YES**'
* Select '**OK**' Press '**Enter**'
![arch-template-07](/attachment/wiki/ArchlinuxTemplate/arch-template-07.png)
* This screen will give you the choice of which Qubes Release to build the template for.
* Select '**Qubes Release 4.0**'
* Select '**OK**' Press '**Enter**'
![arch-template-08](/attachment/wiki/ArchlinuxTemplate/arch-template-08.png)
* Screen "**Choose Repos To Use To Build Packages**"
* Select 'QubesOS/qubes- Stable - Default Repo'
* Select '**OK**' Press '**Enter**'
![arch-template-09](/attachment/wiki/ArchlinuxTemplate/arch-template-09.png)
* Screen "**Git Clone Faster**"
* Select '**OK**' Press '**Enter**'
![arch-template-10](/attachment/wiki/ArchlinuxTemplate/arch-template-10.png)
* Screen '**Choose Pre-Build Packages Repositories**'
* Select nothing, Press '**Enter**'
![arch-template-11](/attachment/wiki/ArchlinuxTemplate/arch-template-11.png)
* Screen "**Build Template Only?**"
* Select '**Yes**' Press '**Enter**'
![arch-template-12](/attachment/wiki/ArchlinuxTemplate/arch-template-12.png)
* Screen '**Template Distribution Selection**' will give choices of distributions to build
* Deselect everything
* Select '**archlinux**'
![arch-template-13](/attachment/wiki/ArchlinuxTemplate/arch-template-13.png)
* Screen '**Builder Plugin Selection**' will give choices of builder plugins to use for the build.
* Deselect everything
* Select '**builder-archlinux**'
* Select '**OK**' Press **Enter**
![arch-template-14](/attachment/wiki/ArchlinuxTemplate/arch-template-14.png)
* Screen '**Get sources**' wants to download additional packages needed for the choosen plugin/s.
* Select '**Yes**' Press '**Enter**'
![arch-template-15](/attachment/wiki/ArchlinuxTemplate/arch-template-15.png)
* Then wait for download to finish and press '**OK**'
6: Get all the require sources for the build
-----------------------------------------------
```shell_session
$ make get-sources
```
7: Make all the require Qubes Components
------------------------------------------------
* **Note:** You can run a single command to build all the Qubes components or you can run them each individually.
Both ways below:
* Single command to build all Qubes components together: (this command can take a long time to process depending of your pc proccessing power)
```shell_session
$ make qubes-vm
```
* These are the indivual component 'make' commands:
```shell_session
$ make vmm-xen-vm
$ make core-vchan-xen-vm
$ make core-qubesdb-vm
$ make linux-utils-vm
$ make core-agent-linux-vm
$ make gui-common-vm
$ make gui-agent-linux-vm
$ make app-linux-split-gpg-vm
$ make vmm-xen-vm
$ make core-vchan-xen-vm
$ make core-qubesdb-vm
$ make linux-utils-vm
$ make core-agent-linux-vm
$ make gui-common-vm
$ make gui-agent-linux-vm
$ make app-linux-split-gpg-vm
```
8: Make the actual Archlinux template
----------------------------------------
```shell_session
$ make template
```
9: Transfer Template into Dom0
----------------------------------
* You need to ensure these two files are in the '**noarch**' directory
```shell_session
$ cd /home/user/qubes-builder/qubes-src/linux-template-builder/rpm/
$ ls
install-templates.sh
$ cd noarch
$ ls
qubes-template-archlinux-X.X.X-XXXXXXXXXXXX.noarch.rpm
```
![arch-template-16](/attachment/wiki/ArchlinuxTemplate/arch-template-16.png)
* **Transfer the install-templates.sh script file into Dom0**
*Note: as there is not a typical file transfer method for Dom0, for security reasons, this less than simple transfer function has to be used*
* Switch to Dom0 and open a terminal window.
```shell_session
$ qvm-run --pass-io build-archlinux2 'cat /home/user/qubes-builder/qubes-src/linux-template-builder/rpm/install-templates.sh' > install-templates.sh
$ chmod +x install-templates.sh
$ ./install-templates.sh
```
* If everything went correct there should be a Archlinux template listed in your Qubes Manager
Debugging the build process
===============================
Archlinux use bleeding edge version of everything, so it is usually the
first template to break when new software version came out.
So an important point is to understand how to debug the template, how to fix
it, and then do a pull request :).
[My personal building script is here](https://github.com/Qubes-Community/Contents/blob/master/code/OS-administration/build-archlinux.sh).
The most important part about this script is where to add custom code that is not in the QubesOS repositories
After the command:
```shell_session
$ make get-sources
```
And before the command:
```shell_session
$ make qubes-vm
```
you can put your custom code by replacing the qubes-src/ directories.
For example:
```shell_session
$ rm -Rf "$directory/qubes-src/gui-agent-linux/"
$ cp -R ~/qubes-gui-agent-linux "$directory/qubes-src/gui-agent-linux"
```
Example
-----------------------
Launch the build
```shell_session
$ ./build_arch.sh
```
It crash
~~~~
Makefile:202: target 'builder-archlinux.get-sources' given more than once in the same rule
Makefile:204: target 'builder-archlinux.get-sources-extra' given more than once in the same rule
Makefile:225: target 'builder-archlinux-vm' given more than once in the same rule
Makefile:237: target 'builder-archlinux-dom0' given more than once in the same rule
Makefile:585: target 'builder-archlinux.grep' given more than once in the same rule
-> Building template archlinux (logfile: build-logs/template-archlinux.log)...
make: *** [Makefile:319: template-local-archlinux+minimal] Error 1
~~~~
Let's check '**build-logs/template-archlinux.log**'
~~~~
--> Finishing installation of qubes packages...
resolving dependencies...
warning: cannot resolve "xorg-server<1.20.7", a dependency of "qubes-vm-gui"
:: The following package cannot be upgraded due to unresolvable dependencies:
qubes-vm-gui
:: Do you want to skip the above package for this upgrade? [y/N] error: failed to prepare transaction (could not satisfy dependencies)
:: unable to satisfy dependency 'xorg-server<1.20.7' required by qubes-vm-gui
make[1]: *** [Makefile:64: rootimg-build] Error 1
~~~~
The xorg-server package was probably updated to a version greater than 1.20.7.
Let's search what is the current version of xorg-server... Currently, it is
**1.20.7-1**.
Nor a fix nor a minor version change is likely to break things.
So let's find the dependency for "**xorg-server<1.20.7**" and change it to
"**xorg-server<1.21**".
```shell_session
$ rg -iuu "xorg-server<1.20.7" ./qubes-builder/qubes-src/ 2> /dev/null
./qubes-builder/qubes-src/gui-agent-linux/archlinux/PKGBUILD
55: 'xorg-server>=1.20.4' 'xorg-server<1.20.7'
```
So we need to modify the file **/archlinux/PKGBUILD** of the repository
"qubes-gui-agent-linux".
Let's clone "qubes-gui-agent-linux", be sure to checkout the correct
branch (example: `release4.0` instead of master ), and then edit the **/archlinux/PKGBUILD**
to do the modification you want to try.
In your building script, right before the "make qubes-vm", remove the existing
"gui-agent-linux" folder, and replace it with your own.
Example, add this to the script
```shell_session
$ rm -Rf "~/qubes-builder/qubes-src/gui-agent-linux/"
$ cp -R ~/qubes-gui-agent-linux "~/qubes-builder/qubes-src/gui-agent-linux"
```
and retry to build the template.
If it build successfully and that the template work as expected, do a pull request on github to share your fix.
Debugging the qube runtime
================================================================
If you are able to launch a terminal and execute command, just use your usual
archlinux-fu to fix the issue.
If you are not able to launch a terminal, then, shutdown the qube, create a new
DisposableVM, [mount the Archlinux disk in the DisposableVM](/doc/mount-lvm-image/), chroot to it, and then use
your archlinux-fu.
Below, and example of this kind of debugging [that happened on
reddit](https://old.reddit.com/r/Qubes/comments/eg50ne/built_arch_linux_template_and_installed_but_app/):
Question
------------------------------
Hello.
I just built archlinux template and moved to dom0 and installed the template.
Then I tried to open a terminal in archlinux TemplateVM, but it shows nothing.
Can you please check this logs and please tell me what is wrong. Thanks
I searched the word 'Failed" and found few.
~~~~
[0m] Failed to start..... Initialize and mount /rw and /home.... see 'systemctl status qubes-mount-dirs.service' for details
[0m] Failed unmounting.... /usr/lib/modules....
... msg='unit=qubes-mount-dirs comm="systemd" exe="/usr/lib/systemd/systemd" hostname=" addr=? terminal=? res=failed'
tsc: Fast TSC calibration failed
failed to mount moving /dev to /sysroot/dev: Invalid argument
failed to mount moving /proc to /sysroot/dev: Invalid argument
failed to mount moving /sys to /sysroot/dev: Invalid argument
failed to mount moving /run to /sysroot/dev: Invalid argument
when I tried to run terminal, in log says
audit: type=1131 audit(some number): pid=1 uid=0 auid=some number ses=some number msg='unit=systemd=tmpfiles-clean cmm="systemd" exe="/usr/lib/systemd" hostname=? addr=? terminal? res=success'
~~~~
how can I debug this qube?
Answer
---------
I tried to rebuild archlinux and got the same issue.
The issue come from a systemd unit named "qubes-mount-dirs". We want to know more about that. We can't execute command into the qube, so let's shut it down.
Then, we mount the archlinux root disk into a DisposableVM (
[mount_lvm_image.sh](https://github.com/Qubes-Community/Contents/blob/master/code/OS-administration/mount_lvm_image.sh)
& [mount-lvm-image](/doc/mount-lvm-image/) )
```shell_session
$ ./mount_lvm_image.sh /dev/qubes_dom0/vm-archlinux-minimal-root fedora-dvm
```
then in the newly created DisposableVM we mount the disk and chroot to it
```shell_session
# mount /dev/xvdi3 /mnt
# chroot /mnt
```
Then check the journal:
~~~~
[root@disp9786 /]# journalctl -u qubes-mount-dirs
-- Logs begin at Fri 2019-12-27 09:26:15 CET, end at Fri 2019-12-27 09:27:58 CET. --
Dec 27 09:26:16 archlinux systemd[1]: Starting Initialize and mount /rw and /home...
Dec 27 09:26:16 archlinux mount-dirs.sh[420]: /usr/lib/qubes/init/setup-rwdev.sh: line 16: cmp: command not found
Dec 27 09:26:16 archlinux mount-dirs.sh[414]: Private device management: checking /dev/xvdb
Dec 27 09:26:16 archlinux mount-dirs.sh[414]: Private device management: fsck.ext4 /dev/xvdb failed:
Dec 27 09:26:16 archlinux mount-dirs.sh[414]: fsck.ext4: Bad magic number in super-block while trying to open /dev/xvdb
Dec 27 09:26:16 archlinux mount-dirs.sh[414]: /dev/xvdb:
Dec 27 09:26:16 archlinux mount-dirs.sh[414]: The superblock could not be read or does not describe a valid ext2/ext3/ext4
Dec 27 09:26:16 archlinux mount-dirs.sh[414]: filesystem. If the device is valid and it really contains an ext2/ext3/ext4
Dec 27 09:26:16 archlinux mount-dirs.sh[414]: filesystem (and not swap or ufs or something else), then the superblock
Dec 27 09:26:16 archlinux mount-dirs.sh[414]: is corrupt, and you might try running e2fsck with an alternate superblock:
Dec 27 09:26:16 archlinux mount-dirs.sh[414]: e2fsck -b 8193 <device>
Dec 27 09:26:16 archlinux mount-dirs.sh[414]: or
Dec 27 09:26:16 archlinux mount-dirs.sh[414]: e2fsck -b 32768 <device>
Dec 27 09:26:16 archlinux mount-dirs.sh[430]: mount: /rw: wrong fs type, bad option, bad superblock on /dev/xvdb, missing codepage or helper program, or other error.
Dec 27 09:26:16 archlinux systemd[1]: qubes-mount-dirs.service: Main process exited, code=exited, status=32/n/a
Dec 27 09:26:16 archlinux systemd[1]: qubes-mount-dirs.service: Failed with result 'exit-code'.
Dec 27 09:26:16 archlinux systemd[1]: Failed to start Initialize and mount /rw and /home.
-- Reboot --
Dec 27 09:26:54 archlinux mount-dirs.sh[423]: /usr/lib/qubes/init/setup-rwdev.sh: line 16: cmp: command not found
Dec 27 09:26:54 archlinux mount-dirs.sh[416]: Private device management: checking /dev/xvdb
Dec 27 09:26:54 archlinux systemd[1]: Starting Initialize and mount /rw and /home...
Dec 27 09:26:54 archlinux mount-dirs.sh[416]: Private device management: fsck.ext4 /dev/xvdb failed:
Dec 27 09:26:54 archlinux mount-dirs.sh[416]: fsck.ext4: Bad magic number in super-block while trying to open /dev/xvdb
Dec 27 09:26:54 archlinux mount-dirs.sh[416]: /dev/xvdb:
Dec 27 09:26:54 archlinux mount-dirs.sh[416]: The superblock could not be read or does not describe a valid ext2/ext3/ext4
Dec 27 09:26:54 archlinux mount-dirs.sh[416]: filesystem. If the device is valid and it really contains an ext2/ext3/ext4
Dec 27 09:26:54 archlinux mount-dirs.sh[416]: filesystem (and not swap or ufs or something else), then the superblock
Dec 27 09:26:54 archlinux mount-dirs.sh[416]: is corrupt, and you might try running e2fsck with an alternate superblock:
Dec 27 09:26:54 archlinux mount-dirs.sh[416]: e2fsck -b 8193 <device>
Dec 27 09:26:54 archlinux mount-dirs.sh[416]: or
Dec 27 09:26:54 archlinux mount-dirs.sh[416]: e2fsck -b 32768 <device>
Dec 27 09:26:54 archlinux mount-dirs.sh[432]: mount: /rw: wrong fs type, bad option, bad superblock on /dev/xvdb, missing codepage or helper program, or other error.
Dec 27 09:26:54 archlinux systemd[1]: qubes-mount-dirs.service: Main process exited, code=exited, status=32/n/a
Dec 27 09:26:54 archlinux systemd[1]: qubes-mount-dirs.service: Failed with result 'exit-code'.
Dec 27 09:26:54 archlinux systemd[1]: Failed to start Initialize and mount /rw and /home.
~~~~
The most important line we saw is:
~~~~
/usr/lib/qubes/init/setup-rwdev.sh: line 16: cmp: command not found
~~~~
Let's check `setup-rwdev.sh`:
~~~~
[root@disp9786 /]# cat /usr/lib/qubes/init/setup-rwdev.sh
#!/bin/sh
set -e
dev=/dev/xvdb
max_size=1073741824 # check at most 1 GiB
if [ -e "$dev" ] ; then
# The private /dev/xvdb device is present.
# check if private.img (xvdb) is empty - all zeros
private_size=$(( $(blockdev --getsz "$dev") * 512))
if [ $private_size -gt $max_size ]; then
private_size=$max_size
fi
if cmp --bytes $private_size "$dev" /dev/zero >/dev/null && { blkid -p "$dev" >/dev/null; [ $? -eq 2 ]; }; then
# the device is empty, create filesystem
echo "Virgin boot of the VM: creating private.img filesystem on $dev" >&2
if ! content=$(mkfs.ext4 -m 0 -q "$dev" 2>&1) ; then
echo "Virgin boot of the VM: creation of private.img on $dev failed:" >&2
echo "$content" >&2
echo "Virgin boot of the VM: aborting" >&2
exit 1
fi
#.................
~~~~
That is definitely something that we want to be working. So the binary `cmp` is missing, let's find it:
```shell_session
# pacman -Fy cmp
```
It is in `core/diffutils`, that, for some unknown reason, is not installed.
Let's modify the archlinux template builder to add this package. Modify the files `qubes-builder/qubes-src/builder-archlinux/script/packages` to add the `diffutils`, and rebuild the template.
Why this package was not installed in the first place? I am unsure. It could be that it was a dependency of the package `xf86dgaproto` that was removed few days ago, but I don't have the PKGBUILD of this package since it was deleted, so can't confirm. It can be something else too.
I rebuild the template with those modification, and it is working as expected.
I will send a pull request. Does someone have a better idea on "Why `diffutils` was not installed in the first place?" ?
[The commit](https://github.com/neowutran/qubes-builder-archlinux/commit/09a435fcc6bdcb19144d198ea20f7a27826c1d80)
Creating a archlinux repository
===========================
Once the template have been build, you could use the generated archlinux packages to create your own archlinux repository for QubesOS packages.
You need to:
* Sign the packages with your GPG key
* Host the packages on your HTTP server
I will assume that you already have a working http server.
So you need to sign the packages and transmit everything to the qubes that will upload them to your http server.
The script `update-remote-repo.sh` of the qubes-builder-archlinux repository can do that.
Below, an example of code that sign the packages + template rpm file, and transmit everything to another qube.
```bash
$directory/qubes-src/builder-archlinux/update-remote-repo.sh
rpmfile=$(ls -1 $directory/qubes-src/linux-template-builder/rpm/noarch/*.rpm | head -n 1)
qubes-gpg-client-wrapper --detach-sign $rpmfile > $rpmfile.sig
qvm-copy $rpmfile
qvm-copy $rpmfile.sig
qvm-copy $directory/qubes-packages-mirror-repo/vm-archlinux/pkgs/
```
Upload everything to your http server, and you are good.
You can now modify the file `/etc/pacman.d/99-qubes-repository-4.0.conf` in your archlinux template to use your repository.
Example of content for this file (replace the server URL with your own):
```
[qubes]
Server = https://neowutran.ovh/qubes/vm-archlinux/pkgs
```
About the package `qubes-vm-keyring`
=====================================
The goal of this package was to add a `pacman` source for the Qubes OS packages, and to set the maintainer gpg key as trusted.
Currently, no one want to provide binary packages.
**So this package is currently useless.**
If in the future, enough people think it is better to restart providing binary packages instead of the current "Do It Yourself" way, the gpg key and fingerprint of the new maintainer should be added in the files below:
* https://github.com/QubesOS/qubes-core-agent-linux/blob/master/archlinux/PKGBUILD-keyring-keys
* https://github.com/QubesOS/qubes-core-agent-linux/blob/master/archlinux/archlinux/PKGBUILD-keyring-trusted

158
external/building-guides/building-non-fedora-template.md vendored
View file

@ -9,161 +9,3 @@ redirect_from:
- /wiki/BuildingNonFedoraTemplate/
---
Building a TemplateVM for a new OS
==============================================================
If you don't like using one of the existing templates because of specific administration, package management or other building needs, you can build a TemplateVM for your distribution of choice.
This article shows how to go about building a template for a different OS.
You should make sure you understand the details of the BuilderPlugins API - they are explained [here][API].
Qubes builder scripts
=====================
One way to start is by creating Qubes builder scripts for your new OS.
Note that this will probably make your testing process harder than trying to build the package directly in an HVM on which you have already installed the new OS.
chroot initialization
---------------------
You need to customize some scripts that will be used to build all the Qubes tools.
Create a new directory to hold the files for the new os.
You can start from the Fedora scripts in `builder-rpm/template-scripts`, and see how they have been changed for Debian and Archlinux.
The scripts you need are in :
~~~
builder-archlinux/scripts
builder-debian/template-debian
builder-rpm/template-scripts
~~~
### 00\_prepare.sh
The goal of the first script `00_prepare.sh` is to download and verify the signature of the installation CD and tools, or the native tools for building an OS.
You can use the `$CACHEDIR` directory variable to store files that could be reused (such as downloaded scripts or iso files).
### 01\_install\_core.sh
The goal of this script is to install a base environment of your target OS inside the `$INSTALLDIR` directory variable.
Generally you need to bootstrap/install your package manager inside the `$INSTALLDIR` directory and install the base packages.
### Testing the installation process
Edit the file `builder.conf` to change the variable `$DISTS_VM` to your OS name (`DISTS_VM=your_os_name`).
Then try to create (make) the template to check that at least these first two scripts are working correctly:
~~~
make linux-template-builder
~~~
Qubes builder Makefiles
-----------------------
Now you need to create Makefiles specific to your OS.
You will find the required scripts to adapt in the `builder-*` folders:
~~~
prepare-chroot-yourOSname
Makefile.yourOSname
~~~
### prepare-chroot-yourOSname
The goal of this file is to prepare a development environment of your target OS inside a chroot.
You will reuse the `00_prepare.sh` and `01_install_core.sh` scripts.
Additionally, the following things have to be done in this Makefile:
- the `$1` variable will contain the installation directory (`$INSTALLDIR` should contain the same value as `$1` when you run `00_prepare.sh` or `01_install_core.sh`)
- after your base system is installed, you should install development tools and libraries (gcc, make, ...)
- create a user called 'user' inside your chroot, and give them enough rights to run the command sudo without any password
- register all the repositories that will be necessary and synchronize the package database
- register a custom repository that will be used to store Qubes packages
### Makefile.yourOSname
This file will be used to define the action required when installing a custom package.
The most important one are:
- `dist-prepare-chroot`: that's where you will call `prepare-chroot-yourOSname` if the chroot has not been initialized.
- `dist-package`: that's where you will chroot the development environment and run the command used to build a package.
- `dist-build-dep`: that's where you will create the custom repository for your target OS based on already compiled packages.
These additional targets need to exist once you have created your first packages:
- `dist-copy-out`: that's where you will retrieve the package you just built and put it with all the other packages you prepared.
- `update-repo`: that's where you will retrieve the package that has been built and add it to the custom repository.
### Testing the development chroot
You will be able to test these scripts when making the first Qubes packages.
Don't forget that the first things that run when running `make somecomponent-vm` will be these two scripts, and that you will need to debug it at this point.
Qubes packages
--------------
* [vmm-xen](https://github.com/QubesOS/qubes-vmm-xen)
* [core-vchan-xen](https://github.com/QubesOS/qubes-core-vchan-xen)
* [linux-utils](https://github.com/QubesOS/qubes-linux-utils)
* [core-agent-linux](https://github.com/QubesOS/qubes-core-agent-linux)
* [gui-common](https://github.com/QubesOS/qubes-gui-common)
* [gui-agent-linux](https://github.com/QubesOS/qubes-gui-agent-linux)
Additional Installation scripts
-------------------------------
Again you need to create new scripts based on the existing scripts in these folders:
~~~
builder-archlinux/scripts
builder-debian/template-debian
builder-rpm/template-scripts
~~~
### 02\_install\_groups.sh
The goal of this script is to install all the packages that you want to use in your template (eg: firefox, thunderbird, a file manager, Xorg...).
### 04\_install\_qubes.sh
The goal of this script is to install in your template all the packages you built previously.
Also you need to edit the fstab file of your template to mount Qubes virtual hard drives.
### 09\_cleanup.sh
This script is used to finalize and to remove unnecessary things from your template, such as cached packages, unused development packages ...
Starting with an HVM
====================
If no Qubes packages are available for your selected OS you could start by installing your OS in an HVM.
Your goals will be:
- to identify how to install the OS using command lines
- to create required Qubes packages
- to identify potential issues, making sure all Qubes agents and scripts work correctly.
As soon as you manage to get `qrexec` and `qubes-gui-agent` working, you will be ready to start preparing a template VM.
### Xen libraries
Several Xen libraries are required for Qubes to work correctly.
In fact, you need to make `xenstore` commands working before anything else.
For this, Qubes git can be used as several patches have been selected by Qubes developers that could impact the activity inside a VM.
Start by retrieving a recent git and identify how you can build a package from it: `git clone https://github.com/QubesOS/qubes-vmm-xen.git`.
Find the .spec file in the git repository (this is the file used to build rpm packages), and try to adapt it to your OS in order to build a package similar to the target 'vmm-xen'.
For example, a PKGBUILD has been created for
[ArchLinux](/doc/building-archlinux-template/) which can be found in the vmm-xen repository.
Don't be afraid of the complexity of the PKGBUILD: most of the code is almost a copy/paste of required sources and patches found in the .spec file provided in the git repository.
Note once the package has been successfully compiled and installed, you need to setup XEN filesystem.
Add the following line to your fstab (you can create this line in your package install script):
`xen /proc/xen xenfs defaults 0 0`.
Now install the package you built and mount `/proc/xen`.
Verify that xenstore-read works by running: `xenstore-read name`. That should give you the current qube name.
[API]: https://github.com/QubesOS/qubes-builder/blob/master/doc/BuilderPluginAPI.md

86
external/building-guides/building-whonix-template.md vendored
View file

@ -7,89 +7,3 @@ redirect_from:
- /en/doc/building-whonix-template/
---
## Building Whonix Templates
The Whonix templates are easily downloaded and installed by following the [procedure here](https://www.whonix.org/wiki/Qubes/Install).
However, they are integrated into `qubes-builder` so they are straight-forward to build yourself if you prefer.
Many other Qubes templates can also be built by following this procedure.
Simply choose the appropriate builder(s) and template(s) you wish to build in the `./setup` procedure below.
Always include the `mgmt-salt` builder.
First, set up the [Build Environment](/doc/qubes-iso-building/#build-environment) (follow the build environment section only).
Next, configure the builder:
~~~
cd ~/qubes-builder
./setup
# Select Yes to add Qubes Master Signing Key
# Select Yes to add Qubes OS Signing Key
# Select 4.0 for version
# Stable
# Select Current (if you want the option to use pre-built packages)
# Yes (we want to build only templates)
# Select fc29 and stretch (for the currently shipping templates)
# Select builder-rpm, builder-debian, template-whonix, mgmt-salt
# Yes (to download)
~~~
Once it completes downloading, re-run `setup` to add the Whonix templates:
~~~
./setup
# Choose the same options as above, except at templates select:
# whonix-gateway-14, whonix-workstation-14
# If prompted, choose Yes to add adrelanos's third party key
~~~
Continue the build process with:
~~~
make install-deps
make get-sources
~~~
You will often need to edit/update `qubes-src/template-whonix/builder.conf` at this stage to specify the currently shipping Tor Browser version.
Open it in your favorite editor, then look for "Extra Whonix Build Options" and add/edit the `WHONIX_TBB_VERSION` variable to specify the current version.
For example:
```
################################################################################
# Extra Whonix Build Options
################################################################################
# Whonix repository.
WHONIX_APT_REPOSITORY_OPTS ?= stable
#WHONIX_APT_REPOSITORY_OPTS = off
# Use turbo mode to build template
BUILDER_TURBO_MODE ?= 1
# Enable Tor by default (0: disable; 1: enable)
WHONIX_ENABLE_TOR ?= 0
WHONIX_TBB_VERSION ?= 7.5.2
```
You can add/edit the `WHONIX_TBB_VERSION` variable in `~/qubes-builder/builder.conf` instead of this file if preferred.
Finally, use:
~~~
make qubes-vm
make template
~~~
Once the build is complete, the install packages for your newly built templates will be located in `~/qubes-builder/qubes-src/linux-template-builder/rpm/noarch`.
Copy them from there to dom0 and install:
~~~
qvm-run --pass-io <src-vm> 'cat ~/qubes-builder/qubes-src/linux-template-builder/rpm/noarch/qubes-template-whonix-gw-4.0.0-201802250036.noarch.rpm' > ~/qubes-template-whonix-gw-4.0.0-201802250036.noarch.rpm
qvm-run --pass-io <src-vm> 'cat ~/qubes-builder/qubes-src/linux-template-builder/rpm/noarch/qubes-template-whonix-ws-4.0.0-201802250145.noarch.rpm' > ~/qubes-template-whonix-ws-4.0.0-201802250145.noarch.rpm
sudo dnf install qubes-template-whonix-gw-4.0.0-201802250036.noarch.rpm
sudo dnf install qubes-template-whonix-ws-4.0.0-201802250145.noarch.rpm
~~~
And you are done!