Automate debian-minimal based template creation

whoami · July 29, 2022, 2:46pm

I thought it is not worth to open a new topic on this and since it is part of my auto deb-mini tpl script I place it here.

I tried to make a generic function for gpg key download and apt update. Beside the well known Signal case, I picked Sublime and Librewolf. Now, I wonder about their installation instructions.

Librewolf

(Installation on Debian based systems – LibreWolf)

wants to save the gpg key to
/usr/share/keyrings/

and for the apt it is suggesting a .sources file
/etc/apt/sources.list.d/librewolf.sources
with a Signed-By: /usr/share/keyrings/librewolf.gpg link.

Sublime

(Linux Package Manager Repositories)

gpg key instructions points to
/etc/apt/trusted.gpg.d/

and the apt wants a .list
/etc/apt/sources.list.d/sublime-text.list

My question what are the differences? Why, historical reasons, more generic, more robust…? Any pro and cons?

Any pro cons related to Qubes OS, or minimal templates?

Thanks

whoami · July 30, 2022, 7:47am

ok, found it:
https://manpages.debian.org/bullseye/apt/sources.list.5.en.html

side note: apt-key(8) will last be available in Debian 11 and Ubuntu 22.04.

thewanderer · August 4, 2022, 11:40am

Thank you for doing this @Sven. Already recreated most of my qubes using this method. Very easy to modify and create templates as needed. Hopefully this method works into the foreseeable future.

whoami · August 16, 2022, 10:31am

Hi mini-template users,
what do you think about a simple table which helps everyone to find the proper packages?

Something like:

Program or Feature: Signal
Required package:

curl : required to download the gpg key for the apt repository
qubes-core-agent-networking : to allow internet access
qubes-core-agent-nautilus : …
nautilus : …
zenity : …
gnome-keyring : …
policykit-1 : …
libblockdev-crypto2 : …
dunst : …

Qubes OS release: 4.1
Debian release: 11
Comments: …

tanky0u · August 16, 2022, 12:39pm

I think that’s a good idea. How would one go around documenting the required packages on a debian/fedora system? Does apt/dnf offer such a table view?

enmus · August 16, 2022, 4:17pm

You mean somethimg like this?

whoami · August 16, 2022, 4:53pm

Yeah, this was my inspiration. But now, I am looking for a place to store this is a more structured way. Maybe a kind of table. I would skip the customized base line template since this will be very individual but the other elementary qubes (network, usb…) and the “application” qubes could be documented in a predefined table or matrix.

If I find some supporter I would like to ask the community to add and maintain / verify the packages over time.

i.e. if you know how to make minimal template for Signal you should be able to clone it for Session, Threema, Element… with that we extend the list easily and new mini tpl users get a good structure to start with.

Sven · August 16, 2022, 6:07pm

@whoami … start a wiki post in this category and go for it.

whoami · August 16, 2022, 7:22pm

Ok, maybe I overlooked something. Is there a wiki option here? Do I have permission to enable it?

Sven · August 16, 2022, 8:12pm

Under each post there is a button with three dots, when you click it the options expand. Then click the wrench and see if there is a “make wiki” option. Once that’s enabled everyone can edit that post.

So you could start a new thread, make the first post a wiki and start documenting. That’s how e.g. the community-recommended list works.

As an example, I made this post a wiki … so you should be able to edit it.

Edit: I edited this… BOO!

kysstfafm · August 17, 2022, 1:22am

I’ve checked just now, @Sven, and there is no option for make wiki on or in relation to the three dots after each post (expanded a few, no wrench either) and your post has an addition to the post which comes from what you did (little icon next to the area your post depicts the time since your post was made & an icon plus the text Edit beneath where a person would presumably modify your post) but it’s unclear how any of us would achieve that. Maybe you see things differently because of your status?

Sven · August 17, 2022, 2:21am

@deeplow which TL is required to edit Wiki posts?

deeplow · August 19, 2022, 7:14am

Trust level 1 to edit. Trust level 3 to create. Sorry for the delay.

deeplow · August 19, 2022, 7:17am

I just created one for you here: Mini-templates Required Packages (Wiki)

Let me know if you have any issues.

whoami · August 25, 2022, 9:00am

Question about apt-cacher:

For an automated minimal template script I wonder where to set the apt-cacher setup and configuration.

Doing all templates first and then at the very end setup the apt-cacher and do the sed command in all templates (one-by-one)?

Or make the apt-cacher installation at the very beginning of the script? But then how to deal with the baseline (customized) template? How to install and update the packages of baseline template?

In other words, what is your installation order of your automated script when you run it on a fresh and empty Qubes installation?

whoami · August 25, 2022, 3:24pm

(one more)
I am looking for a scriptable solution to automate the Application selection.

If I run my template creation process and afterward my AppVM I still have to add the program to the Selected List (Q > Qubes > Qubes Settings > Application Tab > select and move > confirm with OK). I could not find a qvm- command for this and the App menu shortcut troubleshooting | Qubes OS did not show a solution for the selection (only for the application list).

unman · August 25, 2022, 4:28pm

Here’s my take - I install the caching proxy on install, and immediately
reconfigure the templates.
That way any cloned templates are ready to work with the cacher.
The fact I do this with salt is immaterial - I did the same when working
with scripts.
The only time you have to hit a new template is if it is freshly
installed. I have a salt state for that but you can keep a script to do
it with qvm-run.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

whoami · August 25, 2022, 5:06pm

My current setup is (for a fresh and empty installation).

install debian-11-minimal
clone minimal template and modify (=deb-11-m-base)

clone and create new templates
and AppVMs

create and config apt-cacher
search for all (mini) templates
and loop the sed command for all (mini) templates

whoami · August 26, 2022, 7:11am

A. Can this opt-in setting

At the moment, only checking for visible windows is supported - when a VM has no visible windows for more than 15 minutes, it’s going to be shut down. The mechanism is opt-in - enable shutdown-idle service in qube settings to use it.

be automated with a script or do I have to set this manually one-by-one for all AppVM and templates?

B. It looks hardcoded to 15 mins

TIMEOUT_SECONDS = 15 * 60

any workaround to make this user defined without coding the python source?
(in brief: all you need is a Python module supporting a couple methods)

… would be nice to have it adjustable like the firewall setting “Allow full access for: x min”

whoami · September 9, 2022, 3:29pm

Orange my KeePassXC based on my minimal template.
Black based on a regular Debian 11 template.

How can I change the font and size of the window menu (Database, Entries …)?
… it also looks like the scaling factor is not properly set since the icon and font within the window looks a bit bigger.

My customizing code for my (minimal) base template:

# === GUI and program customization and defaults ===

set-dark-theme () # https://forum.qubes-os.org/t/guide-xfce-global-dark-mode-in-qubes-4-0-4-1/10757
{
	local TARGET_FOLDER="/usr/share"
	local SOURCE_FOLDER="/home/user/QubesIncoming"

	qvm-copy-to-vm ${1} /usr/share/themes/Arc-Dark*
	qvm-run --no-gui --pass-io --quiet --user root ${1} "rm --recursive --force	${TARGET_FOLDER}/themes/"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "mkdir	${TARGET_FOLDER}/themes/"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "mv		${SOURCE_FOLDER}/dom0/* 	${TARGET_FOLDER}/themes/"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "rm --recursive --force ${SOURCE_FOLDER}"

	qvm-copy-to-vm ${1} /usr/share/icons/Adwaita*
	qvm-run --no-gui --pass-io --quiet --user root ${1} "rm --recursive --force ${TARGET_FOLDER}/icons/"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "mkdir 	${TARGET_FOLDER}/icons/"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "mv 	${SOURCE_FOLDER}/dom0/* 	${TARGET_FOLDER}/icons/"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "rm --recursive --force ${SOURCE_FOLDER}"

	qvm-copy-to-vm ${1} /usr/share/fonts/dejavu*
	qvm-run --no-gui --pass-io --quiet --user root ${1} "rm --recursive --force ${TARGET_FOLDER}/fonts/"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "mkdir 	${TARGET_FOLDER}/fonts/"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "mv 	${SOURCE_FOLDER}/dom0/* 	${TARGET_FOLDER}/fonts/"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "rm --recursive --force ${SOURCE_FOLDER}"
}

set-gtk-qt-settings ()
{
	local PROGRAM="qt5-style-plugins gtk2-engines-murrine gnome-themes-standard"
	qvm-apt-install ${1}
	
	local TARGET_FOLDER="/etc/skel"
	local SOURCE_FOLDER="/home/user/QubesIncoming"

	qvm-copy-to-vm ${1} "${SCRIPT_DIR}/files/gtk/.gtkrc-2.0"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "mv 		${SOURCE_FOLDER}/dom0/.gtkrc-2.0 	${TARGET_FOLDER}"
	
	qvm-copy-to-vm ${1} "${SCRIPT_DIR}/files/gtk/settings.ini"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "mkdir -p 	${TARGET_FOLDER}/.config/gtk-3.0"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "mv 		${SOURCE_FOLDER}/dom0/settings.ini 	${TARGET_FOLDER}/.config/gtk-3.0"
	qvm-run --no-gui --pass-io --quiet --user root ${1} "rm --recursive --force 	${SOURCE_FOLDER}"

	qvm-run --no-gui --pass-io --quiet --user root ${1} 'echo 		"QT_QPA_PLATFORMTHEME=gtk2" 	>> /etc/environment'
	qvm-run --no-gui --pass-io --quiet --user root ${1} 'echo 		"QT_SCALE_FACTOR=1" 			>> /etc/environment'
}