From f14b5dd8bdd2d0cd9210486ebe2a61f5833d9992 Mon Sep 17 00:00:00 2001 From: TimFW Date: Mon, 8 Feb 2016 19:04:55 -0500 Subject: [PATCH 1/4] Add full instructions for Archlnux Template build Replaced short orginal intro and link to the dated developer's section template example with step by step instructions as discussed in the devel mailing list. I have reviewed the steps and checked the text but please review and make any changes/corrections as needed. --- managing-os/templates/archlinux.md | 650 ++++++++++++++++++++++++++++- 1 file changed, 635 insertions(+), 15 deletions(-) diff --git a/managing-os/templates/archlinux.md b/managing-os/templates/archlinux.md index d7e61f21..60129ef2 100644 --- a/managing-os/templates/archlinux.md +++ b/managing-os/templates/archlinux.md @@ -16,27 +16,647 @@ be considered experimental as Qubes developers team use mainly Fedora-based VMs to test new features/updates. Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). -He also provides binary updates for the template, which are signed using this -key: - pub 2048R/C1833B9C 2014-03-27 [expires: 2016-03-26] - Key fingerprint = D85E E12F 9678 51CC F433 515A 2043 E7AC C183 3B9C - uid Olivier MEDOC (Qubes-OS signing key) +
+ +##Instructions + +
+**These are the instructions for Qubes 3.1. They will take you step by step thru the entire process start to finish** + +*Note: Currently there are no binary packages and it must be compiled from source using the instructions below.* + +
+
+
+**1: Create and configure VM to use for template building:** + +* The VM should be based on a Fedora template. It's best to use a standalone VM. I created a standalone VM based on + the Fedora 23 template. I named the VM “**development**”. These instructions assume a standalone VM based on a Fedora template is being used. +
+
+ +
+
+* Ensure there is at least 25GB preferably 30GB of free space in the private storage. I made the private storage 30GB to be safe. +
+
+ +
+
+ +*Note: Unless otherwise noted, all commands are from within the “development” VM or whatever you named your standalone VM used for building the template.* +
+
+
+ +**2: Create GitHub Account(optional):** + +* It can be helpful. Creating only a basic account is all that is needed. This will allow you to help, going forward, with the Qubes project. You could be help edit errors in documentation. It can also be of use building other templates. + +* Create user account here https://github.com +
+
+ +
+
+
+ +**3: Install necessary packages in the 'development' VM to use "Qubes Automated Build System":** + +* Necessary packages to install: + + * git + + * createrepo + + * rpm-build + + * make + + * rpmdevtools + + * python-sh + + * dailog + + * rpm-sign +
-Install -------- +* The tools can usually be installed all together with the following terminal command string: -Currently we do not ship ready to use binary package. It can be compiled using -[this instructions](/doc/building-archlinux-template/). + * **$ sudo dnf install git createrepo rpm-build make wget rpmdevtools python-sh dialog rpm-sign** +
+
+ +
+
+
-Olivier provides binary package build by himself, you can get it for: -* Qubes R2 [here](https://groups.google.com/d/msgid/qubes-devel/54CE3FB1.3050708%40yahoo.fr). -* Qubes R3 [here](https://groups.google.com/d/msg/qubes-users/RI3KQVEEc30/h5nsNw_SHTQJ) +**4: Installing the "Qubes Automated Build System":** + +* To get the most current build system its best to use marmarek's git repository. + + * $ **git clone https://github.com/marmarek/qubes-builder.git** +
+
+ +
+
+ +* You will now have the Qubes Builder System enviornment installed in the directory below: + + * **/home/user/qubes-builder** +
+
+
+ +**5: Configuring setup script to create builder.conf file:** + +* You will be creating the builder.conf file which tells where and what to use. The most automated, and in in this case the easiest, way to create this is to use the script that is provided in Qubes Builder. Its named '**setup**'. Before running the script you need to edit one file it uses. + + *In the future this should not be needed once a change is made to the 'setup' script.* + + * Edit the '**qubes-os-master.conf**' which is found in **/home/user/qubes-builder/example-configs** Use the text editor of your choice. + + * **$ cd /home/user/qubes-builder/example-config/** + + * **$ nano -W qubes-os-master.conf** or **$ gedit qubes-os-master.conf** or etc…. +
+
+ +
+
+ * Go to the first line containing '**DIST_VM ?= fc23**' it will be preceeded by line '**DIST_DOM0 ?= fc20**'. Remove '**fc23**' or whatever is listed there leaving only '**DIST_VM ?=**'. Then save the file and close the text editor. +
+
+ +
+
+
+ +**6: Run the 'setup' script to build the builder.conf file** + +* Run the 'setup' script located in '**/home/user/qubes-builder/**' Make sure you are in directory '**qubes-builder**' + + * **$ cd /home/user/qubes-builder/** + + * **$ ./setup** +
+
+ +
+
+ * First screen will ask you to import 'Qubes-Master-Signing-key.asc'. The 'setup' script not only downloads but confirms the key to that of the key on Qubes-OS website. + + * Select '**YES**' + * Select '**OK**' Press '**Enter**' +
+
+ +
+
+ + * Next screen will ask you to import Marek Marczykowski-Goracki (Qubes OS signing key). Again 'setup' will confirm this key to the fingerprint. + + * Select '**YES**' + * Select '**OK**' Press '**Enter**' +
+
+ +
+
+ + * This screen will give you the choice of which Qubes Release to build the template for. + + * Select '**Qubes Release 3.1**' + * Select '**OK**' Press '**Enter**' +
+
+ +
+
+ + * Screen "**Choose Repos To Use To Build Packages**" + + * Select 'marmarek/qubes- Unstable-Bleeding Edge for Development' + * Select '**OK**' Press '**Enter**' +
+
+ +
+
+ + * Screen '**Builder Plugin Selection**' will gives choices of builder plugins to use for the build. + + * Deselect '**Fedora**' + + * Deselect '**mgnt_salt**' + + * Select '**archlinux**' + + * Select '**OK**' Press **Enter** +
+
+ +
+
+ + * Screen '**Get Resources**' wants to download additional packages needed for the choosen plugin/s. + + * Select '**OK**' Prss '**Enter**' + + * Upon completion you will get choose '**OK**' to proceed to the next screen + + * Press '**Enter**' +
+
+ +
+ +
+
+ + * Screen '**Template Distribution Selection**' allows you to choose the actual template/s you wish to build. + + * Scroll Down to the very bottom (it is off the screen at first) + + * Select '**archlinux**' + + * Select '**OK**' Press '**Enter**' +
+
+ +
+
+ + *Note: 'Setup' will close and will output the text of the created build.conf file as well as the needed **make** commands to build the template* +
+
+ +
+
+
+ +**7: Install all the dependencies: (make sure you are in the “qubes-builder” directory to run the following cmds)** + +* **$ make install-deps** +
+
+ +
+
+
+ +**8: Get all the require sources for the build: (Note: this may take some time)** + +* **$ make get-sources** +
+
+ +
+
+
+ +**9: Make all the require Qubes Components:** + +* **Note:** You can run a single command to build all the Qubes components or you can run them each individually. + Both ways below: + + * Single command to build all Qubes components together: (this command can take a long time to process depending of your pc proccessing power) + + * **$ make qubes-vm** +
+
+ +
+
+ + + * These are the indivual component 'make' commands: + + * **$ make vmm-xen-vm** + + * **$ make core-vchan-xen-vm** + + * **$ make core-qubesdb-vm** + + * **$ make linux-utils-vm** + + * **$ make core-agent-linux-vm** + + * **$ make gui-common-vm** + + * **$ make gui-agent-linux-vm** +
+
+ + +**10: Make the actual Archlinux template:** + +* **$ make template** + +
+
+ +
+
+
+ + +**11: Transfer Template into Dom0** + +* You need to ensure these two files are in the '**noarch**' directory + + * **$ cd /home/user/qubes-builder/qubes-src/linux-template-builder/rpm/** + + * **$ ls** *(confirm the below two files are there)* + + * **install-templates.sh** (script to install template in dom0) + + * **$ cd noarch** + + * **$ ls** + + * **qubes-template-archlinux-X.X.X-XXXXXXXXXXXX.noarch.rpm** (this is the template package 'X' replaces version and build digits) + + +
+
+ +
+
+ +* **Transfer the two files into Dom0** + *Note: as there is not a typical file transfer method for Dom0, for security reasons, this less than simple transfer function has to be used* + + * Swtich to Domo and open a terminal window. + + **Note:** Take care when entering these cmd strings. They are very long and have a number of characters that are easy to mix '**-**' vs '**.**' '**Templates** (correct) vs **templates** (wrong) or **Template_**'(also wrong) + + + * **$ cd /** + + * **$ sudo qvm-run --pass-io development 'cat /home/user/qubes-builder/qubes-src/linux-template-builder/rpm/install-templates.sh' > install-templates.sh** + + * **$ sudo qvm-run pass-io development 'cat /home/user/qubes-builder/qubes-src/linux-template-builder/rpm/noarch/qubes-template.archlinux-3.0.4-201512290227.noarch.rpm' > /home/user/Templates/qubes-template-archlinux-3.0.4-201512290227.noarch.rpm** + +
+
+ +
+
+ +
+
+ +
+
+
+
+ +**If everything went correct there should be a Archlinux template listed in your Qubes VM Manager** + +
+
+
+--------------- + +#**Package Manager Proxy Setup Section** + + +One last thing to setup to have a "PROPERLY" functioning archlinux template. + +Archlinux package manager Pacman is a fine package mangers execpt that we could not find a way to configure it to use the Qubes Update Proxy Service (QUPS) that would compliy with Qubes QUPS usage policy. + +*If someone does find a way please post to the Qubes-Users or Devel google groups mailing list.* + +Powerpill is a full Pacman wrapper that not only give easy proxy configuration but futher offers numerous other advantages. + +Please check out: + +[Archlinux Powerpill](https://wiki.archlinux.org/index.php/powerpill) + +[XYNE's (dev) Powerpill](http://xyne.archlinux.ca/projects/powerpill/) + + +**Important Note:** Until Powerpill is configured you will have to open network access to the template to get the intial packages etc downloaded. You can use the "allow full access for" a given time period in the FW settings of the template in the VMM or open up the various services thru the same window. Remember to change it back if you choose the later route. Actions needing network access will be noted with (needs network access) + +
+
+ +**1: Editing Pacman's configuration file (pacman.conf)** + +* Open archlinux terminal app + +* edit /etc/pacman.conf + +* **$ sudo nano -w /etc/pacman.conf** + +* Below is the output of a correct pacman.conf file Make the changes so your file matches this one or rename the orginal and create a new one and copy and paste this text into it. Text should be justifed left in the file. The changes from your default are to make gpg sig signing mandatory for packages but not required for DBs for the archlinux repos. Also to add the repo (at the end) for the Powerpill package. + + +
+
+ + + # + # /etc/pacman.conf + # + # See the pacman.conf(5) manpage for option and repository directives + + # + # GENERAL OPTIONS + # + [options] + # The following paths are commented out with their default values listed. + # If you wish to use different paths, uncomment and update the paths. + #RootDir = / + #DBPath = /var/lib/pacman/ + #CacheDir = /var/cache/pacman/pkg/ + #LogFile = /var/log/pacman.log + GPGDir = /etc/pacman.d/gnupg/ + HoldPkg = pacman glibc + #XferCommand = /usr/bin/curl -C - -f %u > %o + #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u + #CleanMethod = KeepInstalled + #UseDelta = 0.7 + Architecture = auto + + # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup + #IgnorePkg = + #IgnoreGroup = + #NoUpgrade = + NoUpgrade = /etc/X11/xinit/xinitrc.d/pulseaudio + #NoExtract = + + # Misc options + #UseSyslog + #Color + #TotalDownload + CheckSpace + #VerbosePkgLists + + # By default, pacman accepts packages signed by keys that its local keyring + # trusts (see pacman-key and its man page), as well as unsigned packages. + #SigLevel = Required DatabaseOptional + LocalFileSigLevel = Optional + #RemoteFileSigLevel = Required + + # NOTE: You must run `pacman-key --init` before first using pacman; the local + # keyring can then be populated with the keys of all official Arch Linux + # packagers with `pacman-key --populate archlinux`. + + # + # REPOSITORIES + # - can be defined here or included from another file + # - pacman will search repositories in the order defined here + # - local/custom mirrors can be added here or in separate files + # - repositories listed first will take precedence when packages + # have identical names, regardless of version number + # - URLs will have $repo replaced by the name of the current repo + # - URLs will have $arch replaced by the name of the architecture + # + # Repository entries are of the format: + # [repo-name] + # Server = ServerName + # Include = IncludePath + # + # The header [repo-name] is crucial - it must be present and + # uncommented to enable the repo. + # + + # The testing repositories are disabled by default. To enable, uncomment the + # repo name header and Include lines. You can add preferred servers immediately + # after the header, and they will be used before the default mirrors. + + #[testing] + #SigLevel = PackageRequired + #Include = /etc/pacman.d/mirrorlist + + [core] + SigLevel = PackageRequired + Include = /etc/pacman.d/mirrorlist + + [extra] + SigLevel = PackageRequired + Include = /etc/pacman.d/mirrorlist + + #[community-testing] + #SigLevel = PackageRequired + #Include = /etc/pacman.d/mirrorlist + + [community] + SigLevel = PackageRequired + Include = /etc/pacman.d/mirrorlist + + # If you want to run 32 bit applications on your x86_64 system, + # enable the multilib repositories as required here. + + #[multilib-testing] + #Include = /etc/pacman.d/mirrorlist + + #[multilib] + #Include = /etc/pacman.d/mirrorlist + + # An example of a custom package repository. See the pacman manpage for + # tips on creating your own repositories. + #[custom] + #SigLevel = Optional TrustAll + #Server = file:///home/custompkgs + + [multilib] + SigLevel = PackageRequired + Include = /etc/pacman.d/mirrorlist + + #[qubes] + #commented out as it errors and is not current + #Server = http://olivier.medoc.free.fr/archlinux/pkgs/ + + [xyne-x86_64] + # Added to download powerpill app + # A repo for Xyne's own projects: http://xyne.archlinux.ca/projects/ + # Packages for the "x86_64" architecture. + # Note that this includes all packages in [xyne-any]. + SigLevel = Required + Server = http://xyne.archlinux.ca/repos/xyne + + #end of file + -Known issues ------------- +
+ +The addition of the above xrne-x86_64 repo is needed for the repo that contains powerpill. + +
+
+
+ +**2: Setting Up GPG** (needs network access) + +* Initialize GPG Keyring + + * **$ sudo pacman-key --init** + +* Populate the keyring with Archlinux master keys + + * **$ sudo pacmna-key --populate archlinux** + + * Confirm keys with those at [Archlinux Master Keys](https://www.archlinux.org/master-keys/) + + * For more information on Pacman key sigining: [Pacman Package Key Signing](https://wiki.archlinux.org/index.php/Pacman/Package_signing) + +
+
+ +**3: Install Powerpill (Pacman wrapper)** (needs network access) + +* **$ sudo pacman -S powerpill** + +
+
+ +**4: Install Reflector** (needs network access) + +*Note: It scripts mirror updating. Grabbing the most up to date gen mirror list. It ranks them by most recently sync'd. Then ranks them on fastest speed. Also can be used by Powerpill config to allow a once stop conf file for all if so wanted.* + +* **$ sudo pacman -S reflector** + + +Note: You can combine package downloads: **$ sudo pacman -S powerpill reflector** + +
+
+ +**5: Backup mirrorlist prior to first running Reflector.** + +Note: For info on Reflector and its configs: [Reflector](https://wiki.archlinux.org/index.php/Reflector) + +* **$ sudo cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bkup** + +
+
+ +**6: Setup mirrolist with Reflector** (needs network access)** + +*Note: Look at the Reflector page to decide what filter and argument string you wish to run. Below is a default string that will work for most all to setup a working basic mirrorlist. + +*Look to Reflector pages or --help for more info on arug and filters.* + +* **$ sudo reflector --verbose -l 5 --sort rate --save /etc/pacman.d/mirrorlist** + + * The above ranks all the most up to date and sorts for the 5 fastest + + * You can confirm the new list by opening the newly created mirrorlist. + +
+
+ + +**7: Configure Powerpill configuration file to use Qubes Proxy Service** + +* Qubes Proxy Address: **10.137.255.254:8082** + +* Edit **powerpill.json** (powerpill config file) + + * **$ sudo nano -w /etc/powerpill/powerpill.json** + + * Add line '**--all-proxy=10.137.255.254:8082**' at the bottom of the list under the **"aria2"** section under the **"args"** line. Example below: + +
+ + { + "aria2": { + "args": [ + "--allow-overwrite=true", + "--always-resume=false", + "--auto-file-renaming=false", + "--check-integrity=true", + "--conditional-get=true", + "--continue=true", + "--file-allocation=none", + "--log-level=error", + "--max-concurrent-downloads=100", + "--max-connection-per-server=5", + "--min-split-size=5M", + "--remote-time=true", + "--show-console-readout=true", + "--all-proxy=10.137.255.254:8082" + ], + "path": "/usr/bin/aria2c" + }, + +
+
+ +**8: Test Powerpill Configuration** + +*Note: Powerpill uses and passes the same syntax as pacman* + +* Configure Archlinux Template to only use the Qubes Proxy Update Service + * In the Qubes VM Manager under Archlinux FW tab make sure only the access check box for update proxy is on. All others should be set to deny. + +* **$ sudo powerpill -Syu** + + * You should get a similar output as below: + +
+
+ +
+
+ + +**Remember you must open up network access anytime you wish to run the Reflector script to update the mirrorlist. This page will be updated when/if this situation changes.** + + +###**If the above checks out, you can start using your new Archlinux Template**### + +
+
+ + -If you want to help in improving the template, feel free to [contribute](/doc/contributing/). From 44422612329e2bc9f7c5ed42d7b10e1114dea50c Mon Sep 17 00:00:00 2001 From: TimFW Date: Thu, 11 Feb 2016 05:17:54 -0500 Subject: [PATCH 2/4] fix formating and image linking --- managing-os/templates/archlinux.md | 104 ++++++++++++++--------------- 1 file changed, 51 insertions(+), 53 deletions(-) diff --git a/managing-os/templates/archlinux.md b/managing-os/templates/archlinux.md index 60129ef2..2b37a007 100644 --- a/managing-os/templates/archlinux.md +++ b/managing-os/templates/archlinux.md @@ -19,7 +19,7 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr).
-##Instructions +##Instructions##
**These are the instructions for Qubes 3.1. They will take you step by step thru the entire process start to finish** @@ -29,19 +29,19 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr).


-**1: Create and configure VM to use for template building:** +####**1: Create and configure VM to use for template building:**#### * The VM should be based on a Fedora template. It's best to use a standalone VM. I created a standalone VM based on the Fedora 23 template. I named the VM “**development**”. These instructions assume a standalone VM based on a Fedora template is being used.

- +![arch-template-01](/attachment/wiki/ArchlinuxTemplate/arch-template-01.png)

* Ensure there is at least 25GB preferably 30GB of free space in the private storage. I made the private storage 30GB to be safe.

- +![arch-template-02](/attachment/wiki/ArchlinuxTemplate/arch-template-02.png)

@@ -50,19 +50,19 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr).

-**2: Create GitHub Account(optional):** +#####**2: Create GitHub Account(optional):**##### * It can be helpful. Creating only a basic account is all that is needed. This will allow you to help, going forward, with the Qubes project. You could be help edit errors in documentation. It can also be of use building other templates. * Create user account here https://github.com

- +![arch-template-03](/attachment/wiki/ArchlinuxTemplate/arch-template-03.png)


-**3: Install necessary packages in the 'development' VM to use "Qubes Automated Build System":** +#####**3: Install necessary packages to 'development' VM for "Qubes Automated Build System":**##### * Necessary packages to install: @@ -89,19 +89,19 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * **$ sudo dnf install git createrepo rpm-build make wget rpmdevtools python-sh dialog rpm-sign**

- +![arch-template-04](/attachment/wiki/ArchlinuxTemplate/arch-template-04.png)


-**4: Installing the "Qubes Automated Build System":** +#####**4: Installing the "Qubes Automated Build System":**##### * To get the most current build system its best to use marmarek's git repository. * $ **git clone https://github.com/marmarek/qubes-builder.git**

- +![arch-template-05](/attachment/wiki/ArchlinuxTemplate/arch-template-05.png)

@@ -112,7 +112,7 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr).

-**5: Configuring setup script to create builder.conf file:** +#####**5: Configuring setup script to create builder.conf file:**##### * You will be creating the builder.conf file which tells where and what to use. The most automated, and in in this case the easiest, way to create this is to use the script that is provided in Qubes Builder. Its named '**setup**'. Before running the script you need to edit one file it uses. @@ -125,18 +125,18 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * **$ nano -W qubes-os-master.conf** or **$ gedit qubes-os-master.conf** or etc….

- +![arch-template-06](/attachment/wiki/ArchlinuxTemplate/arch-template-06.png)

* Go to the first line containing '**DIST_VM ?= fc23**' it will be preceeded by line '**DIST_DOM0 ?= fc20**'. Remove '**fc23**' or whatever is listed there leaving only '**DIST_VM ?=**'. Then save the file and close the text editor.

- +![arch-template-07](/attachment/wiki/ArchlinuxTemplate/arch-template-07.png)


-**6: Run the 'setup' script to build the builder.conf file** +#####**6: Run the 'setup' script to build the builder.conf file**##### * Run the 'setup' script located in '**/home/user/qubes-builder/**' Make sure you are in directory '**qubes-builder**' @@ -145,7 +145,7 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * **$ ./setup**

- +![arch-template-08](/attachment/wiki/ArchlinuxTemplate/arch-template-08.png)

* First screen will ask you to import 'Qubes-Master-Signing-key.asc'. The 'setup' script not only downloads but confirms the key to that of the key on Qubes-OS website. @@ -154,7 +154,7 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * Select '**OK**' Press '**Enter**'

- +![arch-template-09](/attachment/wiki/ArchlinuxTemplate/arch-template-09.png)

@@ -164,7 +164,7 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * Select '**OK**' Press '**Enter**'

- +![arch-template-10](/attachment/wiki/ArchlinuxTemplate/arch-template-10.png)

@@ -174,7 +174,7 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * Select '**OK**' Press '**Enter**'

- +![arch-template-11](/attachment/wiki/ArchlinuxTemplate/arch-template-11.png)

@@ -184,7 +184,7 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * Select '**OK**' Press '**Enter**'

- +![arch-template-12](/attachment/wiki/ArchlinuxTemplate/arch-template-12.png)

@@ -199,7 +199,7 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * Select '**OK**' Press **Enter**

- +![arch-template-13](/attachment/wiki/ArchlinuxTemplate/arch-template-13.png)

@@ -212,9 +212,9 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * Press '**Enter**'

- +![arch-template-14](/attachment/wiki/ArchlinuxTemplate/arch-template-14.png)
- +![arch-template-15](/attachment/wiki/ArchlinuxTemplate/arch-template-15.png)

@@ -227,39 +227,41 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * Select '**OK**' Press '**Enter**'

- +![arch-template-16](/attachment/wiki/ArchlinuxTemplate/arch-template-16.png)

*Note: 'Setup' will close and will output the text of the created build.conf file as well as the needed **make** commands to build the template*

- +![arch-template-17](/attachment/wiki/ArchlinuxTemplate/arch-template-17.png)


-**7: Install all the dependencies: (make sure you are in the “qubes-builder” directory to run the following cmds)** +#####**7: Install all the dependencies:**##### + +*Note: make sure you are in the “qubes-builder” directory to run the following cmds* * **$ make install-deps**

- +![arch-template-18](/attachment/wiki/ArchlinuxTemplate/arch-template-18.png)


-**8: Get all the require sources for the build: (Note: this may take some time)** +#####**8: Get all the require sources for the build: (Note: this may take some time)**##### * **$ make get-sources**

- +![arch-template-19](/attachment/wiki/ArchlinuxTemplate/arch-template-19.png)


-**9: Make all the require Qubes Components:** +#####**9: Make all the require Qubes Components:**##### * **Note:** You can run a single command to build all the Qubes components or you can run them each individually. Both ways below: @@ -269,7 +271,7 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * **$ make qubes-vm**

- +![arch-template-20](/attachment/wiki/ArchlinuxTemplate/arch-template-20.png)

@@ -293,19 +295,18 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr).
-**10: Make the actual Archlinux template:** - -* **$ make template** +#####**10: Make the actual Archlinux template:**##### +* **$ make template**

- +![arch-template-21](/attachment/wiki/ArchlinuxTemplate/arch-template-21.png)


-**11: Transfer Template into Dom0** +#####**11: Transfer Template into Dom0**##### * You need to ensure these two files are in the '**noarch**' directory @@ -320,11 +321,9 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * **$ ls** * **qubes-template-archlinux-X.X.X-XXXXXXXXXXXX.noarch.rpm** (this is the template package 'X' replaces version and build digits) - -

- +![arch-template-22](/attachment/wiki/ArchlinuxTemplate/arch-template-22.png)

@@ -341,29 +340,28 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). * **$ sudo qvm-run --pass-io development 'cat /home/user/qubes-builder/qubes-src/linux-template-builder/rpm/install-templates.sh' > install-templates.sh** * **$ sudo qvm-run pass-io development 'cat /home/user/qubes-builder/qubes-src/linux-template-builder/rpm/noarch/qubes-template.archlinux-3.0.4-201512290227.noarch.rpm' > /home/user/Templates/qubes-template-archlinux-3.0.4-201512290227.noarch.rpm** -

- +![arch-template-23](/attachment/wiki/ArchlinuxTemplate/arch-template-23.png)

- +![arch-template-24](/attachment/wiki/ArchlinuxTemplate/arch-template-24.png)

- +![arch-template-25](/attachment/wiki/ArchlinuxTemplate/arch-template-25.png)



-**If everything went correct there should be a Archlinux template listed in your Qubes VM Manager** +#####**If everything went correct there should be a Archlinux template listed in your Qubes VM Manager**#####


--------------- -#**Package Manager Proxy Setup Section** +##**Package Manager Proxy Setup Section**## One last thing to setup to have a "PROPERLY" functioning archlinux template. @@ -386,7 +384,7 @@ Please check out:

-**1: Editing Pacman's configuration file (pacman.conf)** +#####**1: Editing Pacman's configuration file (pacman.conf)**##### * Open archlinux terminal app @@ -535,7 +533,7 @@ The addition of the above xrne-x86_64 repo is needed for the repo that contains

-**2: Setting Up GPG** (needs network access) +#####**2: Setting Up GPG** (needs network access)##### * Initialize GPG Keyring @@ -552,14 +550,14 @@ The addition of the above xrne-x86_64 repo is needed for the repo that contains

-**3: Install Powerpill (Pacman wrapper)** (needs network access) +#####**3: Install Powerpill (Pacman wrapper)** (needs network access)##### * **$ sudo pacman -S powerpill**

-**4: Install Reflector** (needs network access) +#####**4: Install Reflector** (needs network access)##### *Note: It scripts mirror updating. Grabbing the most up to date gen mirror list. It ranks them by most recently sync'd. Then ranks them on fastest speed. Also can be used by Powerpill config to allow a once stop conf file for all if so wanted.* @@ -571,7 +569,7 @@ Note: You can combine package downloads: **$ sudo pacman -S powerpill reflector

-**5: Backup mirrorlist prior to first running Reflector.** +#####**5: Backup mirrorlist prior to first running Reflector.**##### Note: For info on Reflector and its configs: [Reflector](https://wiki.archlinux.org/index.php/Reflector) @@ -580,7 +578,7 @@ Note: For info on Reflector and its configs: [Reflector](https://wiki.archlinux.

-**6: Setup mirrolist with Reflector** (needs network access)** +#####**6: Setup mirrolist with Reflector** (needs network access)**##### *Note: Look at the Reflector page to decide what filter and argument string you wish to run. Below is a default string that will work for most all to setup a working basic mirrorlist. @@ -596,7 +594,7 @@ Note: For info on Reflector and its configs: [Reflector](https://wiki.archlinux.
-**7: Configure Powerpill configuration file to use Qubes Proxy Service** +#####**7: Configure Powerpill configuration file to use Qubes Proxy Service**##### * Qubes Proxy Address: **10.137.255.254:8082** @@ -632,7 +630,7 @@ Note: For info on Reflector and its configs: [Reflector](https://wiki.archlinux.

-**8: Test Powerpill Configuration** +#####**8: Test Powerpill Configuration**##### *Note: Powerpill uses and passes the same syntax as pacman* @@ -645,7 +643,7 @@ Note: For info on Reflector and its configs: [Reflector](https://wiki.archlinux.

- +![arch-template-26](/attachment/wiki/ArchlinuxTemplate/arch-template-26.png)

From 8be506c7193f56528c9d6ea6f1b216fbfbe60dda Mon Sep 17 00:00:00 2001 From: TimFW Date: Thu, 11 Feb 2016 06:08:01 -0500 Subject: [PATCH 3/4] Fix issues * Fixed: line 191 - typo * Fixed: line 342 - removed the rpm transfer line 351 - removed corresponding image-25 * Still Open: line 402-523 - denoting pacman.conf lines that need to be changed within the entire file output. --- managing-os/templates/archlinux.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/managing-os/templates/archlinux.md b/managing-os/templates/archlinux.md index 2b37a007..ddbadc70 100644 --- a/managing-os/templates/archlinux.md +++ b/managing-os/templates/archlinux.md @@ -188,7 +188,7 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr).

- * Screen '**Builder Plugin Selection**' will gives choices of builder plugins to use for the build. + * Screen '**Builder Plugin Selection**' will give choices of builder plugins to use for the build. * Deselect '**Fedora**' @@ -327,19 +327,18 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr).

-* **Transfer the two files into Dom0** +* **Transfer the install-templates.sh script file into Dom0** *Note: as there is not a typical file transfer method for Dom0, for security reasons, this less than simple transfer function has to be used* * Swtich to Domo and open a terminal window. - **Note:** Take care when entering these cmd strings. They are very long and have a number of characters that are easy to mix '**-**' vs '**.**' '**Templates** (correct) vs **templates** (wrong) or **Template_**'(also wrong) + **Note:** Take care when entering these cmd strings. They are very long and have a number of characters that are easy to mix '**-**' vs '**.**' '**Templates** (correct) vs **templates** (wrong) or **Template_**'(also wrong) This script will also take care of transfering the actual template.rpm to Dom0 as well. * **$ cd /** * **$ sudo qvm-run --pass-io development 'cat /home/user/qubes-builder/qubes-src/linux-template-builder/rpm/install-templates.sh' > install-templates.sh** - * **$ sudo qvm-run pass-io development 'cat /home/user/qubes-builder/qubes-src/linux-template-builder/rpm/noarch/qubes-template.archlinux-3.0.4-201512290227.noarch.rpm' > /home/user/Templates/qubes-template-archlinux-3.0.4-201512290227.noarch.rpm**

![arch-template-23](/attachment/wiki/ArchlinuxTemplate/arch-template-23.png) @@ -348,9 +347,6 @@ Main maintainer of this template is [Olivier Médoc](mailto:o_medoc@yahoo.fr). ![arch-template-24](/attachment/wiki/ArchlinuxTemplate/arch-template-24.png)

-![arch-template-25](/attachment/wiki/ArchlinuxTemplate/arch-template-25.png) -
-


From a8cabf6c5c56b5afb356d3c552960c41ba7c6203 Mon Sep 17 00:00:00 2001 From: TimFW Date: Thu, 11 Feb 2016 22:27:43 -0500 Subject: [PATCH 4/4] Fix issues * Denoted the edited lines in the pacman.conf output * Added 'known issues' and 'want to contribute' sections * For image links I followed the path format used in the doc-guidelines.md ( know the images show up in the webpage when its live but links in the actual .md file thru github) * Fixed a couple format and typos Is there anything else that should be edited? --- managing-os/templates/archlinux.md | 281 ++++++++++++++++------------- 1 file changed, 153 insertions(+), 128 deletions(-) diff --git a/managing-os/templates/archlinux.md b/managing-os/templates/archlinux.md index ddbadc70..fa67d643 100644 --- a/managing-os/templates/archlinux.md +++ b/managing-os/templates/archlinux.md @@ -395,138 +395,138 @@ Please check out:
- # - # /etc/pacman.conf - # - # See the pacman.conf(5) manpage for option and repository directives - - # - # GENERAL OPTIONS - # - [options] - # The following paths are commented out with their default values listed. - # If you wish to use different paths, uncomment and update the paths. - #RootDir = / - #DBPath = /var/lib/pacman/ - #CacheDir = /var/cache/pacman/pkg/ - #LogFile = /var/log/pacman.log - GPGDir = /etc/pacman.d/gnupg/ - HoldPkg = pacman glibc - #XferCommand = /usr/bin/curl -C - -f %u > %o - #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u - #CleanMethod = KeepInstalled - #UseDelta = 0.7 - Architecture = auto - - # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup - #IgnorePkg = - #IgnoreGroup = - #NoUpgrade = - NoUpgrade = /etc/X11/xinit/xinitrc.d/pulseaudio - #NoExtract = - - # Misc options - #UseSyslog - #Color - #TotalDownload - CheckSpace - #VerbosePkgLists - - # By default, pacman accepts packages signed by keys that its local keyring - # trusts (see pacman-key and its man page), as well as unsigned packages. - #SigLevel = Required DatabaseOptional - LocalFileSigLevel = Optional - #RemoteFileSigLevel = Required - - # NOTE: You must run `pacman-key --init` before first using pacman; the local - # keyring can then be populated with the keys of all official Arch Linux - # packagers with `pacman-key --populate archlinux`. - - # - # REPOSITORIES - # - can be defined here or included from another file - # - pacman will search repositories in the order defined here - # - local/custom mirrors can be added here or in separate files - # - repositories listed first will take precedence when packages - # have identical names, regardless of version number - # - URLs will have $repo replaced by the name of the current repo - # - URLs will have $arch replaced by the name of the architecture - # - # Repository entries are of the format: - # [repo-name] - # Server = ServerName - # Include = IncludePath - # - # The header [repo-name] is crucial - it must be present and - # uncommented to enable the repo. - # - - # The testing repositories are disabled by default. To enable, uncomment the - # repo name header and Include lines. You can add preferred servers immediately - # after the header, and they will be used before the default mirrors. - - #[testing] - #SigLevel = PackageRequired - #Include = /etc/pacman.d/mirrorlist - - [core] - SigLevel = PackageRequired - Include = /etc/pacman.d/mirrorlist - - [extra] - SigLevel = PackageRequired - Include = /etc/pacman.d/mirrorlist - - #[community-testing] - #SigLevel = PackageRequired - #Include = /etc/pacman.d/mirrorlist - - [community] - SigLevel = PackageRequired - Include = /etc/pacman.d/mirrorlist - - # If you want to run 32 bit applications on your x86_64 system, - # enable the multilib repositories as required here. - - #[multilib-testing] - #Include = /etc/pacman.d/mirrorlist - - #[multilib] - #Include = /etc/pacman.d/mirrorlist - - # An example of a custom package repository. See the pacman manpage for - # tips on creating your own repositories. - #[custom] - #SigLevel = Optional TrustAll - #Server = file:///home/custompkgs - - [multilib] - SigLevel = PackageRequired - Include = /etc/pacman.d/mirrorlist - - #[qubes] - #commented out as it errors and is not current - #Server = http://olivier.medoc.free.fr/archlinux/pkgs/ - - [xyne-x86_64] - # Added to download powerpill app - # A repo for Xyne's own projects: http://xyne.archlinux.ca/projects/ - # Packages for the "x86_64" architecture. - # Note that this includes all packages in [xyne-any]. - SigLevel = Required - Server = http://xyne.archlinux.ca/repos/xyne - - #end of file - + # /etc/pacman.conf + # + # See the pacman.conf(5) manpage for option and repository directives + + # + # GENERAL OPTIONS + # + [options] + # The following paths are commented out with their default values listed. + # If you wish to use different paths, uncomment and update the paths. + #RootDir = / + #DBPath = /var/lib/pacman/ + #CacheDir = /var/cache/pacman/pkg/ + #LogFile = /var/log/pacman.log + GPGDir = /etc/pacman.d/gnupg/ + HoldPkg = pacman glibc + #XferCommand = /usr/bin/curl -C - -f %u > %o + #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u + #CleanMethod = KeepInstalled + #UseDelta = 0.7 + Architecture = auto + # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup + #IgnorePkg = + #IgnoreGroup = + #NoUpgrade = + NoUpgrade = /etc/X11/xinit/xinitrc.d/pulseaudio + NoUpgrade = /etc/X11/xinit/xinitrc.d/pulseaudio + NoUpgrade = /etc/X11/xinit/xinitrc.d/pulseaudio + #NoExtract = -
+ # Misc options + #UseSyslog + #Color + #TotalDownload + CheckSpace + #VerbosePkgLists -The addition of the above xrne-x86_64 repo is needed for the repo that contains powerpill. + # By default, pacman accepts packages signed by keys that its local keyring + # trusts (see pacman-key and its man page), as well as unsigned packages. +**Edited Line:** `#SigLevel = Required DatabaseOptional` + + LocalFileSigLevel = Optional + #RemoteFileSigLevel = Required + + # NOTE: You must run `pacman-key --init` before first using pacman; the local + # keyring can then be populated with the keys of all official Arch Linux + # packagers with `pacman-key --populate archlinux`. + + # + # REPOSITORIES + # - can be defined here or included from another file + # - pacman will search repositories in the order defined here + # - local/custom mirrors can be added here or in separate files + # - repositories listed first will take precedence when packages + # have identical names, regardless of version number + # - URLs will have $repo replaced by the name of the current repo + # - URLs will have $arch replaced by the name of the architecture + # + # Repository entries are of the format: + # [repo-name] + # Server = ServerName + # Include = IncludePath + # + # The header [repo-name] is crucial - it must be present and + # uncommented to enable the repo. + # + + # The testing repositories are disabled by default. To enable, uncomment the + # repo name header and Include lines. You can add preferred servers immediately + # after the header, and they will be used before the default mirrors. + + #[testing] + #SigLevel = PackageRequired + #Include = /etc/pacman.d/mirrorlist + + [core] +**Edited Line:** `SigLevel = PackageRequired` + + Include = /etc/pacman.d/mirrorlist + + [extra] +**Edited Line:** `SigLevel = PackageRequired` + + Include = /etc/pacman.d/mirrorlist + + #[community-testing] + #SigLevel = PackageRequired + #Include = /etc/pacman.d/mirrorlist + + [community] +**Edited Line:** `SigLevel = PackageRequired` + + Include = /etc/pacman.d/mirrorlist + + # If you want to run 32 bit applications on your x86_64 system, + # enable the multilib repositories as required here. + + #[multilib-testing] + #Include = /etc/pacman.d/mirrorlist + + #[multilib] + #Include = /etc/pacman.d/mirrorlist + + # An example of a custom package repository. See the pacman manpage for + # tips on creating your own repositories. + #[custom] + #SigLevel = Optional TrustAll + #Server = file:///home/custompkgs + + [multilib] +**Edited Line:** `SigLevel = PackageRequired` + + Include = /etc/pacman.d/mirrorlist + +**Edited Line:** `#[qubes]` + +**Edited Line:** `#Server = http://olivier.medoc.free.fr/archlinux/pkgs/` + +**Add Section Below:** + + [xyne-x86_64] + # A repo for Xyne's own projects: http://xyne.archlinux.ca/projects/ + # Packages for the "x86_64" architecture. + # Added for PowerPill app + # Note that this includes all packages in [xyne-any]. + SigLevel = Required + Server = http://xyne.archlinux.ca/repos/xyne + +---------- -
-

#####**2: Setting Up GPG** (needs network access)##### @@ -537,7 +537,7 @@ The addition of the above xrne-x86_64 repo is needed for the repo that contains * Populate the keyring with Archlinux master keys - * **$ sudo pacmna-key --populate archlinux** + * **$ sudo pacman-key --populate archlinux** * Confirm keys with those at [Archlinux Master Keys](https://www.archlinux.org/master-keys/) @@ -652,5 +652,30 @@ Note: For info on Reflector and its configs: [Reflector](https://wiki.archlinux.

+####**Known Issues:**#### +* If there is an Arch upgrade of Pulse Audio it will require rebuilding and installing Qubes component: gui-agent-linux +* There May also be a similar issue of dependencies with Xorg. + +* Upgrade Relfector functionality to allow its use thru the QUPS + +* Pacman functionality changes and allows it to be directly configured to work thru QUPS. + +
+ +####**Qubes Mailing List Threads on the Archlinux build process:**#### + +* [Qubes-Devel](https://groups.google.com/forum/#!forum/qubes-devel): [Qubes Builder failed Archlinux repository is missing](https://groups.google.com/forum/#!topic/qubes-devel/tIFkS-rPVx8) + +* [Qubes-Users](https://groups.google.com/forum/#!forum/qubes-users): [Trying to compile archlinux template](https://groups.google.com/forum/#!topic/qubes-users/7wuwr3LgkQQ) + +
+ +####**Want to contribute?**#### + +* [How can I contribute to the Qubes Project?](/doc/contributing/) + +* [Guidelines for Documentation Contributors](doc/doc-guidelines/) + +