CentOS (/RHEL clone) 8 TemplateVM

taradiddles · June 2, 2023, 5:30am

If you would like to use a stable, predictable, manageable and reproducible distribution in your AppVMs, you can install the CentOS template, provided by Qubes in ready to use binary package. For the minimal and Xfce versions, please see the Minimal TemplateVMs and Xfce TemplateVMs pages.

Installation

The standard CentOS TemplateVM can be installed with the following command in dom0, where X is the desired version number:

[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community qubes-template-centos-X

To switch, reinstall and uninstall a CentOS TemplateVM that is already installed in your system, see How to switch, reinstall and uninstall.

After Installing

After a fresh install, we recommend to Update the TemplateVM.

CentOS 8 End of Life

With the end of 2021, CentOS ended its life in its stable form and started functioning as CentOS Stream, a development branch for Red Hat® Enterprise Linux®. As a result, it stopped receiving proven, stable updates and its use, especially in production environments, became risky. This is a very serious problem for many companies and individuals around the world. So there was an urgent need to find a new source of updates for CentOS in order to keep it in the infrastructure. A complete solution to this problem is support switching, that is, pointing to a new repository from which CentOS will be downloading stable updates. Such a solution is offered by various Enterprise Linux vendors such as AlmaLinux, EuroLinux or Rocky Linux. It is worth mentioning that both CentOS and RHEL and AlmaLinux/EuroLinux/Rocky Linux are systems built on the same source code, so they provide the same functionality. They differ mainly in branding.

It’s up to the user to decide, which Enterprise Linux 8 they want to migrate to. There are some differences mainly in the time it takes to release updates, errata, major and minor releases, etc. but it’s up to the user to do their own research for that in order to provide an unbiased opinion.

How to migrate your CentOS 8 template

We’ll use vendors’ migration scripts for migrating our CentOS 8 template.

The scripts will perform various operations that may require connecting the template to the Internet.

The scripts are located in

https://github.com/AlmaLinux/almalinux-deploy - for AlmaLinux
https://github.com/EuroLinux/eurolinux-migration-scripts - for EuroLinux
https://github.com/rocky-linux/rocky-tools - for Rocky Linux

Please read their manuals for a successful operation.

Please update your CentOS 8 template to the latest officially released CentOS 8.5 before running the scripts.

How to update to CentOS 8.5

Edit your CentOS 8 repositories so they point to release 8.5 in CentOS Vault. You can use the following commands:

sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$releasever&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$releasever\// s/^#*/#/' -e '/^\[BaseOS\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/BaseOS/$basearch/os' /etc/yum.repos.d/CentOS-Base.repo
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$releasever&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$releasever\// s/^#*/#/' -e '/^\[AppStream\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/AppStream/$basearch/os' /etc/yum.repos.d/CentOS-AppStream.repo
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$releasever&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$releasever\// s/^#*/#/' -e '/^\[cr\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/ContinuousRelease/$basearch/os' /etc/yum.repos.d/CentOS-CR.repo
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$releasever&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$releasever\// s/^#*/#/' -e '/^\[Devel\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/Devel/$basearch/os' /etc/yum.repos.d/CentOS-Devel.repo
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$releasever&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$releasever\// s/^#*/#/' -e '/^\[extras\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/extras/$basearch/os' /etc/yum.repos.d/CentOS-Extras.repo
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$releasever&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$releasever\// s/^#*/#/' -e '/^\[fasttrack\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/fasttrack/$basearch/os' /etc/yum.repos.d/CentOS-fasttrack.repo
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$releasever&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$releasever\// s/^#*/#/' -e '/^\[HighAvailability\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/HighAvailability/$basearch/os' /etc/yum.repos.d/CentOS-HA.repo
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$releasever&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$releasever\// s/^#*/#/' -e '/^\[centosplus\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/centosplus/$basearch/os' /etc/yum.repos.d/CentOS-centosplus.repo
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$releasever&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$releasever\// s/^#*/#/' -e '/^\[PowerTools\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/PowerTools/$basearch/os' /etc/yum.repos.d/CentOS-PowerTools.repo

Then update your system with sudo dnf update -y --allowerasing

After the update has finished, remove the new .repo files which point to a non-existent mirrorslist with:

sudo rm -f /etc/yum.repos.d/CentOS-Linux-*.repo

You’re now able to use the aformentioned migration scripts to migrate your CentOS 8.5 to your desired Enterprise Linux 8.

Want to contribute?

This document was migrated from the qubes-community project

Page archive
First commit: 08 Dec 2020. Last commit: 13 Oct 2022.
Applicable Qubes OS releases based on commit dates and supported releases: 4.0, 4.1
Original author(s) (GitHub usernames): aronowski
Original author(s) (forum usernames): @aronowski
Document license: CC BY 4.0

ole · March 21, 2026, 2:19pm

Disclaimer: this is a bit of a hack, you should maybe not use the template for VMs with an unrestricted internet connection. But enables you to run legacy software like EDA tools, AlmaLinux is on LTS security only till 2029

How to updated the in qubes 4.2 (community-templates) provided centos-stream-8 template to almalinux 8.10:
adapted from the steps above.

first remove/disable some repos, to avoid upgrade conflicts:

sudo mv /etc/yum.repos.d/CentOS-Stream-Extras-common.repo /etc/yum.repos.d/CentOS-Stream-Extras-common.repo.disabled
sudo mv /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:fepitre:epel-8-qubes.repo /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:fepitre:epel-8-qubes.repo.disabled

then point the repos to the archived centos repos

# Fix BaseOS repository
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$stream&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$stream\// s/^#*/#/' -e '/^\[baseos\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/BaseOS/$basearch/os' /etc/yum.repos.d/CentOS-Stream-BaseOS.repo

# Fix AppStream repository
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$stream&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$stream\// s/^#*/#/' -e '/^\[appstream\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/AppStream/$basearch/os' /etc/yum.repos.d/CentOS-Stream-AppStream.repo

# Fix ContinuousRelease repository
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$stream&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$stream\// s/^#*/#/' -e '/^\[cr\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/ContinuousRelease/$basearch/os' /etc/yum.repos.d/CentOS-Stream-ContinuousRelease.repo

# Fix Extras repository
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$stream&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$stream\// s/^#*/#/' -e '/^\[extras\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/extras/$basearch/os' /etc/yum.repos.d/CentOS-Stream-Extras.repo

# Fix HighAvailability repository
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$stream&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$stream\// s/^#*/#/' -e '/^\[ha\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/HighAvailability/$basearch/os' /etc/yum.repos.d/CentOS-Stream-HighAvailability.repo

# Fix PowerTools repository
sudo sed -i -e '/mirrorlist=http:\/\/mirrorlist.centos.org\/?release=$stream&arch=$basearch&repo=/ s/^#*/#/' -e '/baseurl=http:\/\/mirror.centos.org\/$contentdir\/$stream\// s/^#*/#/' -e '/^\[powertools\]/a baseurl=https://mirror.rackspace.com/centos-vault/8.5.2111/PowerTools/$basearch/os' /etc/yum.repos.d/CentOS-Stream-PowerTools.repo

then update

sudo dnf update -y --allowerasing --nobest

next you need to build some shim packages yourself for this
install

sudo dnf install -y rpm-build redhat-rpm-config make gcc --skip-broken

then use the 3 shell scripts to build dummy or name shims:
shim_packages.tar.gz (1.3 KB)
(download them in a disposible wm, extract, read them, then transfer them to the centos-stream template)

read the scripts first (common sense),
build-shadow-compat creates a package that provides “shadow” and depends on shadow-utils
build-pulseaudio-compat creates a package that provides “pulseaudio-daemon” amd depends on pulseaudio
build-fwupdqubes-dummy creates a empty package that provides “fwupd-qubes-vm” because the original has dependencies requiring EL9

after you run them with bash <build-script.sh>

install them with

sudo dnf install \
/home/user/rpmbuild/RPMS/noarch/fwupd-qubes-vm-dummy-3-1.el8.noarch.rpm \
/home/user/rpmbuild/RPMS/noarch/pulseaudio-compat-2-2.el8.noarch.rpm \
/home/user/rpmbuild/RPMS/noarch/shadow-compat-1-1.el8.noarch.rpm

now download the almalinux-deploy.sh from GitHub - AlmaLinux/almalinux-deploy: EL to AlmaLinux migration tool. · GitHub in a disposible VM and transfer it to your template

give the template internet access to download the new repokeys

run the update and conversion with

sudo bash almalinux-deploy.sh --downgrade

disable internet access to your template

run

sudo dnf update

to notify qubes updater the tmplate is uptodate

and voila you are on almalinux-8.10 with “OS security updates” till 2029