Installation Command does not work, see: https://dnf.readthedocs.io/en/latest/command_ref.html Please also check line 68: the (Fedora) "polkit" equivalent Debian package is called "policykit-1". For reference: https://packages.debian.org/stretch/policykit-1 But I´m not sure if policykit-1 is needed, since with qubes-template-debian-9-minimal-4.0.1-201901271906 it is enough to 1) install the template, 2) [user@dom0 ~]$ qvm-run -u root debian-9-minimal xterm 3) bash-4.4# apt install qubes-core-agent-passwordless-root 4) update the template Best Regards, Vinzenz
6.0 KiB
layout | title | permalink |
---|---|---|
doc | Debian Minimal Template | /doc/templates/debian-minimal/ |
Debian - minimal
The template weighs about 200 MB compressed (0.75 GB on disk) and has only the most vital packages installed, including a minimal X and xterm installation. The minimal template, however, can be easily extended to fit your requirements. The sections below contain instructions on cloning the template and provide some examples for commonly desired use cases.
Note that use of the minimal template requires some familiarity with the command line and basics of Qubes.
Installation
The Debian minimal template can be installed with the following command:
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-9-minimal
The download may take a while depending on your connection speed.
Duplication and first steps
It is highly recommended that you clone the original template, and make any changes in the clone instead of the original template.
The following command clones the template.
(Replace your-new-clone
with your desired name.)
[user@dom0 ~]$ qvm-clone debian-9-minimal your-new-clone
You must start the template in order to customize it.
Customization
Customizing the template for specific use cases normally only requires installing additional packages. The following table provides an overview of which packages are needed for which purpose.
As you would expect, the required packages can be installed in the running template with any apt-based command. For example : (Replace "packages` with a space-delimited list of packages to be installed.)
[user@your-new-clone ~]$ sudo apt install packages
Qubes 4.0
In Qubes R4.0 the minimal template is not configured for passwordless root.
To update or install packages to it, from a dom0 terminal window run:
[user@dom0 ~]$ qvm-run -u root debian-9-minimal xterm
to open a root terminal in the template, from which you can use apt tools without sudo. You will have to do this every time you want root access if you choose not to enable passwordless root.
If you want the usual qubes sudo ...
commands, open the root terminal using the above command, and in the root xterm window enter
bash-4.4# apt install qubes-core-agent-passwordless-root polkit
Optionally check this worked: from the gui open the minimal template's xterm and give the command:
[user@debian-9-minimal ~]$ sudo -l
which should give you output that includes the NOPASSWD keyword.
Package table for Qubes 4.0
Use case | Description | Required steps |
---|---|---|
Standard utilities | If you need the commonly used utilities | Install the following packages: pciutils vim-minimal less psmisc gnome-keyring |
Networking | If you want networking | Install qubes-core-agent-networking |
Audio | If you want sound from your VM... | Install pulseaudio-qubes |
FirewallVM | You can use the minimal template as a template for a FirewallVM, like sys-firewall |
Install qubes-core-agent-networking , and nftables . Also install qubes-core-agent-dom0-updates if you want to use a qube based on the template as an updateVM (normally sys-firewall). |
NetVM | You can use this template as the basis for a NetVM such as sys-net |
Install the following packages: qubes-core-agent-networking , qubes-core-agent-network-manager , and nftables . |
NetVM (extra firmware) | If your network devices need extra packages for a network VM | Use the lspci command to identify the devices, then find the package that provides necessary firnware and install it. |
Network utilities | If you need utilities for debugging and analyzing network connections | Install the following packages: tcpdump telnet nmap nmap-ncat |
USB | If you want to use this template as the basis for a USB qube such as sys-usb |
Install qubes-usb-proxy . To use USB mouse or keyboard install qubes-input-proxy-sender . |
VPN | You can use this template as basis for a VPN qube | You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the VPN howto to configure it. |
In Qubes 4.0, additional packages from the qubes-core-agent
suite may be needed to make the customized minimal template work properly.
These packages are:
qubes-core-agent-nautilus
: This package provides integration with the Nautilus file manager (without it, items like "copy to VM/open in disposable VM" will not be shown in Nautilus).qubes-core-agent-thunar
: This package provides integration with the thunar file manager (without it, items like "copy to VM/open in disposable VM" will not be shown in thunar).qubes-core-agent-dom0-updates
: Script required to handledom0
updates. Any template on which the qube responsible for 'dom0' updates (e.g.sys-firewall
) is based must contain this package.qubes-menus
: Defines menu layout.qubes-desktop-linux-common
: Contains icons and scripts to improve desktop experience.
Also, there are packages to provide additional services:
qubes-gpg-split
: For implementing split GPG.qubes-u2f
: For implementing secure forwarding of U2F messages.qubes-pdf-converter
: For implementing safe conversion of PDFs.qubes-image-converter
: For implementing safe conversion of images.qubes-snapd-helper
: If you want to use snaps in qubes.qubes-thunderbird
: Additional tools for use in thunderbird.qubes-app-shutdown-idle
: If you want qubes to automatically shutdown when idle.qubes-mgmt-\*
: If you want to use salt management on the template and qubes.
Documentation on all of these can be found in the docs
You could, of course, use qubes-vm-recommended to automatically install many of these, but in that case you are well on the way to a standard Debian template.