Hello, I’m following the docs and it says software installation has to be through templates. But then it says network connections are disabled for templates and that I need to use Updates Proxy. But I don’t know how to start up Updates Proxy. I couldn’t figure out what to type into the terminal from the docs. I went from Template:fedora-32 > fedora-32: Software and of course, no network access so I couldn’t install any of those items available in the software screen. What do I do? Should I just change the “Networking” field in settings to sys-firewall? I don’t want to do the wrong thing…
what software screen
if you don’t care about security, yes
it use tinyproxy
can you check this file in dom0
The updates proxy service is configured by default in the templates, so
you should not need to do anything.
The Fedora Software app does not honour this proxy, so you cant use it
to install software. (I recall this is long standing fedora bug.) You
can, of course, use dnf at the command line in the template.
It’s not advisable to enable networking in the template.
Sorry, I’m new to all this Linux stuff. So I chose instead to download the software in one of the Qubes that was setup by default. Is it ok to use “Copy to Other AppVM” and select the Fedora-32 template? And then from that template, install the software? Is this the correct way to do it?
you can, just make sure that file is safe
So I chose instead to download the software in one of the Qubes that was setup by default. Is it ok to use “Copy to Other AppVM” and select the Fedora-32 template? And then from that template, install the software? Is this the correct way to do it?
It is recommended to install software directly from the TemplateVM’s package manager, if it’s available. You can use
dnf search <package> for Fedora or
apt search <package> for Debian to look for the software you’re trying to install. I would not recommend copying any files into a TemplateVM for security.
How to install software | Qubes OS
Hi, what if the software isn’t available in the package manager? For example, I had to download NordVPN from their website as it wasn’t listed in the package manager. What would be the right way to go about it if copying from a Qube is unsecure?
I have read the help file multiple times. Unfortunately, it is not very user-friendly to an absolute beginner coming straight from Windows. Hence, my posts.
No problem. You wouldn’t want to install a VPN onto a TemplateVM anyway.
There is documentation on how to set up VPNs:
I will try to summarize it from what I understand, but I haven’t tried setting up a VPN myself. There are basically three options, setting up the VPN globally (all connections will go through the VPN), setting up the VPN for a specific AppVM, and setting up a ProxyVM that will provide the VPN connection to specific AppVMs.
If you want to set up the VPN globally, you can follow the installation instructions from NordVPN by running the
sh command provided there inside of the sys-net VM’s terminal, then following the instructions to set it up from there.
If you just want to provide the VPN connection for a single AppVM, you can do the same thing, but inside of the AppVM’s terminal.
The third option of creating a ProxyVM requires creating a new VM with Create Qubes VM, choosing the preferred Template (fedora-32 or fedora-33 should work fine), setting Networking to sys-firewall, then checking the box for ‘provides network’. Then follow the same steps for the other two options in the new VM’s terminal.
If you need any further help, you can let us know. There are probably some things I didn’t cover, but they can be found in the documentation.
Also, note that copying files between qubes is not inherently insecure, but I would generally not recommend copying anything to the TemplateVMs specifically as they are usually more trusted.
Ok, thanks! I managed to install some stuff using the
dnf search <package> command you gave me. No Qube file transfers for that part! So I guess I’m on a slow, but right path.
The NordVPN link was the first thing I tried. But at the time, I don’t think I understood some of what was going on so that’s probably why it failed. I will give that a shot again and I’ll read the first link as well as from a glance, that seems to look like the better way to do it.