Adding Ubuntu Template

Hi to all, i’m pretty new on Qube OS, but i find the project so awsome that i want to come in.

I’m trying to install an ubuntu template but i don’t understand how to do it, i surfed but didn’t found anything clear.

I found this with other templates: Index of /Templates but still don’t understand what i’m supposed to do for signing?

And for ubuntu, i don’t know either.

If someone has a guide it would be very nice of you.

Hi Nicola, welcome to Qubes.

There are instructions which you may have missed
here
If you found them, I’m sorry they were not clear.

When you want to install a package in Qubes you should check the
signature, just as you did when you were installing Qubes and checked the
signature on the iso you downloaded.
If you are installing or updating packages using the native tools - like the
Update tool - this is all done for you automatically.
If you get a package from some other source you have to manually check
it for yourself - this is particularly important when installing
something in to dom0, as a mistake here can compromise the whole system.

Packages are usually signed with a PGP key, and you confirm they are
unchanged using gpg, or rpm.
Start by downloading the package in a disposable qube.
Also find and download the key that was used to sign the package.

There are very detailed instructions for working with the Qubes keys
here
My instructions are far less detailed.

My packages are always signed with my Qubes signing key - you can get
copies of this in many places. When you download it, check the signature
using gpg -n --import --import-options import-show UNMAN.PUB - the
signature should be 4B1F 400D F256 51B5 3C41 41B3 8B3F 30F9 C8C0 C2EF
(Replace UNMAN.PUB with the name you gave to the key you downloaded.)

Then you can check the signature on the package like this.

rpmkeys --import  UNMAN.PUB
rpm -K PACKAGE_NAME

If all has gone well you will see output with digests signature OK

Open a terminal in dom0 - copy the files in to dom0 as explained here
Do it all again - check the signature on the key, import the key, check
the signature on the package.

If you are happy, move the key to /etc/pki/rpm-gpg/RPM-GPG-KEY-unman, and install the package:

sudo mv UNMAN.PUB /etc/pki/rpm-gpg/RPM-GPG-KEY-unman
qvm-template install --keyring /etc/pki/rpm-gpg/RPM-GPG-KEY-unman FULL_PATH_TO_DOWNLOADED_TEMPLATE

It seems long winded, but you must be confident in these packages.
Once you’ve done it once for a key you only really need to do the last
step in dom0: qvm-template install --keyring /etc/pki/rpm-gpg/RPM-GPG-KEY-unman FULL_PATH_TO_DOWNLOADED_TEMPLATE
If the package wasnt signed with the key you specify, it wont be
installed.

Of course, when you install an unofficial package you have to trust the
person who produced it.

Those templates are built for 4.1, and I havent yet released Ubuntu
templates for 4.2 - they may or may not work on 4.2

I hope there’s enough here to get you started. If you encounter any
problems, please ask.

2 Likes

Thank you so much, i think it’s far more clear so! I’ll check it :wink: