Debian-minimal networking seemingly paradoxical

suisuss · October 12, 2022, 12:46am

Salutations QubeOS comrades,

I’ve recently installed the debian-minimal template, upon creating a qube off the template i’ve realized that the qube has no networking, ping advises that networks are reachable and deb.debian.org or deb.qubes-os.org can’t be resolved.

Apparently I need to install qubes-core-agent-networking but I can’t apt-get install it because I need that networking package to do so. Please help, how do I install the package I need?

Yes I have sys-firewall as the netVM and I’m connected to the internet. Qubes using the same netVM have access to networking capabilities and the internet fine.

Thanks,

suisuss

aronowski · October 12, 2022, 7:23am

What about downloading the .deb file and all the dependencies, copying them to that template and dpkg -i'ing them?

unman · October 12, 2022, 11:05am

You don’t need to do this.

Templates have no netvm set by default - this is deliberate.
Yet they can update.
How?
They update over qrexec and connect to a proxy that is network
connected.
The process is documented here

@suisuss - if you want some qubes using the minimal template, but not
all, to have networking, then clone the template and just install the
package in to the clone,
Use standard sudo apt install qubes-core-agent-networking - it works
out of the box.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

suisuss · October 12, 2022, 12:27pm

Appreciating the help. I’ve created a StandaloneVM qube (‘test’) off of the minimal template that uses sys-firewall for it’s net VM the reason why I want to add qubes-core-agent-networking to my ‘test’ qube is so I can add other packages and build the qube how I like.

I’ve discovered how to enable and disable qubes-update-proxy and will keep it in the knowledge bank - however I don’t think it’s what I need for this particular issue

@unman

Thanks

unman · October 12, 2022, 2:57pm

Ah, OK - the fact it’s a standalone makes all the difference.
In that case, qvm-copying the packages in is a reasonable approach.
You’ll want:

qubes-core-agent-networking
conntrack
iptables
libip6tc2
libnetfilter-conntrack3
libnfnetlink0
libwrap0
socat
tinyproxy
tinyproxy-bin

I would clone the template, install those packages, and then create the
standalone. Delete the clone if not needed.

enmus · October 12, 2022, 8:01pm

I don’t have testing standalones and I am too tired at the moment, but I don’t see why setting them to be updated over qrexec wouldn’t be an additional way to achieve the goal, without cloning and installing extra packages above, but on the actual standalone?

unman · October 13, 2022, 3:51pm

Of course you can - do you really think that setting it up is easier
that working in a template and then creating the standalone?

enmus · October 13, 2022, 7:42pm

I tried to put myself into @suisuss position. I have standalone qube, I already set it up in so many ways, now I have to:

1a) Clone the template
1b) install those packages
1c) convert it to standalone
1d) set the new standalone in so many ways
1e) copy files from the old standalone to the new one
1f) delete the old one

or,

2a) to add update-proxy-service to the Settings-Service tab of the existing standalone
2b) make an entry for it to corresponding policy and it should work.

suisuss · October 15, 2022, 1:32am

Thanks for your help comrades. I’ve got it all setup now. I ended up updating the template and install the networking packages that way.