Hello! After several weeks of fighting I was finally able to build F42 template under Qubes R4.3. Here is my guide:
Requirements:
- having installed and updated Qubes R4.3:
Qubes-R4.3.0-x86_64.iso
First prepare custom Template VM (we will use it for both Disposable and development):
-
clone template with (new template has suffix
qb=Qube Builder):# run in dom0: qvm-clone fedora-42-xfce fedora-42-xfce-qb -
boot that new template
fedora-42-xfce-qbcreate or copy scriptsetup1.shwith
contents:
#!/bin/bash
set -xeuo pipefail
# run in template: fedora-42-xfce-qb
cd
http_proxy=http://127.0.0.1:8082/ https_proxy=http://127.0.0.1:8082/ \
curl -fLO https://raw.githubusercontent.com/QubesOS/qubes-builderv2/refs/heads/main/dependencies-fedora.txt
http_proxy=http://127.0.0.1:8082/ https_proxy=http://127.0.0.1:8082/ \
curl -fLO https://raw.githubusercontent.com/QubesOS/qubes-builderv2/refs/heads/main/dependencies-fedora-qubes-executor.txt
# install Builder/Docker deps
sudo dnf install $(cat dependencies-fedora.txt)
# install Qubes Executor deps
sudo dnf install $(cat dependencies-fedora-qubes-executor.txt)
exit 0
And run it - confirm that you want install packages (2 times) - it should finish without errors.
Now shutdown fedora-42-xfce-qb (so we “commit” all changes for future AppVMs that we will create).
Inside VM you can simply run sudo poweroff
Remember to poll with qvm-ls in dom0 and wait until State of VM is Halted
Now we will create one AppVM (normal Qube for development) and one disposable template for Qubes Executor (it is paradoxically also AppVM but with specific property set to True):
# run in: dom0 as default user
qvm-create -C AppVM -t fedora-42-xfce-qb --label red work-qubesos
qvm-create -C AppVM -t fedora-42-xfce-qb --label red qubes-builder-dvm
qvm-prefs qubes-builder-dvm template_for_dispvms True
Note: you may need to restart Qube Manager to see proper (disposable) icon for Qube qubes-builder-dvm
Now start qube work-qubesos and run these commands inside (we will need one configuration file later):
# run in: work-qubesos as "user"
cd
git clone https://github.com/QubesOS/qubes-release-configs.git
# WARNING! Git repo below must be exactly under /home/user!
# That path is referenced from qubes-release-configs repo
git clone https://github.com/QubesOS/qubes-builderv2.git
cd qubes-builderv2
git submodule update --init
Now we will follow https://github.com/QubesOS/qubes-builderv2
Copy policy file from work-qubesos to dom0:
# run in: dom0 as default user
qvm-run -p work-qubesos cat qubes-builderv2/rpc/policy/50-qubesbuilder.policy |
sudo tee /etc/qubes/policy.d/50-qubesbuilder.policy
Now Configure DVM from https://github.com/QubesOS/qubes-builderv2:
Run qubes-builder-dvm and follow above GitHub guide:
# run in: qubes-builder-dvm
sudo mkdir -p /rw/bind-dirs/builder /rw/config/qubes-bind-dirs.d
echo "binds+=('/builder')" | sudo tee /rw/config/qubes-bind-dirs.d/builder.conf
echo 'mount /builder -o dev,suid,remount' | sudo tee -a /rw/config/rc.local
sudo poweroff
Finally run in dom0 (again from GitHub guide):
# run in: dom0
qvm-prefs work-qubesos default_dispvm qubes-builder-dvm
Now resize private volume size to 30GB at least for:
- qubes-builder-dvm
- work-qubesos
Using:
# run in: dom0 as default user
qvm-volume extend qubes-builder-dvm:private 30G
qvm-volume extend work-qubesos:private 30G
WARNING!
Before building template ensure that yourvm-poolhas lot of free space! Otherwise you risk running out of space in Thin pool with dire consequences: all running VMs will be irrecoverably corrupted and you will have to recreate them from snapshot!
Now moment of truth: run work-qubesos and try these commands
# run in: work-qubesos
cd ~/qubes-builderv2
./qb --builder-conf example-configs/qubes-os-r4.3.yml -c builder-rpm -c builder-debian -c qubes-release package fetch
cd ~/qubes-release-configs/R4.3/
~/qubes-builderv2/qb --builder-conf qubes-os-r4.3-templates-itl.yml -t fedora-42-xfce template fetch prep build
On success you should find root.img as shown below:
[user@work-qubesos R4.3]$ ls -olhs ~/qubes-builderv2/artifacts/templates/qubeized_images/fedora-42-xfce/root.img
5.4G -rw-r--r--. 1 user 20G Mar 26 18:54 /home/user/qubes-builderv2/artifacts/templates/qubeized_images/fedora-42-xfce/root.img
[user@work-qubesos R4.3]$ file ~/qubes-builderv2/artifacts/templates/qubeized_images/fedora-42-xfce/root.img
/home/user/qubes-builderv2/artifacts/templates/qubeized_images/fedora-42-xfce/root.img: DOS/MBR boot sector, extended partition table (last)
[user@work-qubesos R4.3]$ fdisk -l ~/qubes-builderv2/artifacts/templates/qubeized_images/fedora-42-xfce/root.img
Disk /home/user/qubes-builderv2/artifacts/templates/qubeized_images/fedora-42-xfce/root.img: 20 GiB, 21474836480 bytes, 41943040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: F4796A2A-E377-45BD-B539-D6D49E569055
Device Start End Sectors Size Type
/home/user/qubes-builderv2/artifacts/templates/qubeized_images/fedora-42-xfce/root.img1 2048 411647 409600 200M EFI Syst
/home/user/qubes-builderv2/artifacts/templates/qubeized_images/fedora-42-xfce/root.img2 411648 415743 4096 2M BIOS boo
/home/user/qubes-builderv2/artifacts/templates/qubeized_images/fedora-42-xfce/root.img3 415744 41940991 41525248 19.8G Linux fi
How to import and run template:
- WARNING! You need volume with at least 20GB FREE space that has to be accessible from
dom0.
I have/mnt/hostwhich is VirtioFS folder to KVM Host - run these commands in
dom0:
qvm-create -C TemplateVM -r /mnt/host/hp/root.img --label red hp-f42-template
qvm-prefs hp-f42-template netvm sys-firewall
Now simply start hp-f42-template in Qube Manager click on Open Console,
login as user (no password) and try to install something, for example:
# run in: hp-f42-template
sudo dnf install mc
It should work. Power-off TemplateVM with sudo poweroff in same Console.
And that’s all.
I’m looking for volunteers to try my guide if it is reproducible. Thanks!
Source: my personal wiki: Qubes · hpaluch/hpaluch.github.io Wiki · GitHub