Can't run pip install / git clone / etc. to install software on TemplateVM

Community Guides
1

Sometimes users need to install software on TemplateVMs that is not available on the software respository for that templateVM’s distribution. But first please try the recommended (simpler and safer) method and to see if it’s available. In this post, I try to break down some of the alternatives.

Required reading: from the official docs on Trusting your TemplateVMs

There are at least 3 methods:

  • Temporarily allowing networking for software installation
  • Updates proxy
  • Copy from another VM

Some examples of similar questions

I’m trying to build BitcoinArmory from source into a template VM but get the following error:
$ git clone git://github.com/etotheipi/BitcoinArmory.git
Cloning into ‘BitcoinArmory’…
fatal: unable to access ‘GitHub - etotheipi/BitcoinArmory: Python-Based Bitcoin Software’: Could not resolve host: github.com
– Zhang9000 at google groups

(method 1) Temporarily allowing networking for software installation

This is by far the easiest (GUI only), but you’re giving unchecked network access to the VM, but at least you don’t forget to turn it off (as would happen if you say connect it to sys-firewall).

Before proceeding, read this explanation from the docs about this process.

  1. open the TemplateVM’s qube settings

  2. on the “Basic” tab change networking to sys-firewall (never sys-net since sys-firewall enforces network isolation between qubes)

  3. Important: go to the “Firewall rules” tab and select “Limit outgoing internet connections to…” and then on the bottom click the checkbox saying Allow full network access for 5 min.

  4. You then have 5 min to do the network required part for installing the program on the template.

  5. Go back to the Qube settings “Basic” tab and set the Networking to None.

qube-settings
qube-settings692×571 33.3 KB

(solution based on this post)

(method 2) Updates proxy

The updates proxy is how templateVMs are able to update software, even though they’re not connected to the internet.

So if you want to wget, pip install or git clone for example you can proxy those applications to the updates proxy (running on 127.0.0.1:8082).

Se bellow an example of this in practice

(method 3) Copy from another VM

You can also download the required files on another VM (or even a DisposableVM) and copy those files to the TemplateVM.

2 Likes
2

@adw what’s your take on including an explanation like this (or just one method) on the docs page? (bellow the default installation option)

I’m hesitant because it’s advising users to do potentially unsafer behavior. But I realize this is something many users may come across and end up doing an even unsafer thing that is connecting the TemplateVM directly to sys-net (and potentially forgetting about it).

3

I’m opposed to including this in the official documentation for the reasons explained here. I’d much rather link to external documentation (such as this very thread).

1 Like