Inspired by Exotic OSes which I tried on Qubes topic and intrigued by Bedrock Linux long time before even heard of Qubes, I’m trying to see if it’d be possible to get multiple Linux distro templates in Qubes by simply hijacking single one default template from Qubes.
So far I created StandaloneVM based on debian-11-minimal and hijacked it successfully with Bedrock Linux and then installed following strata (most analog would probably be Qubes templates inside dom0):
user@debian-11-min-bedrock:~$brl list
alpine
arch
bedrock
centos
debian
devuan
fedora
ubuntu
void
And successfully make it work
Updating even over cacher
user@debian-11-min-bedrock:~$ sudo apk upgrade
OK: 10 MiB in 25 packages
user@debian-11-min-bedrock:~$ sudo pacman -Syu
:: Synchronizing package databases…
core is up to date
extra is up to date
community is up to date
:: Starting full system upgrade…
there is nothing to do
user@debian-11-min-bedrock:~$ sudo brl update
- Checking for updates
Checking https://raw.githubusercontent.com/bedrocklinux/bedrocklinux-userland/0.7/releases… done - No updates
user@debian-11-min-bedrock:~$ sudo strat centos dnf upgrade
Last metadata expiration check: 14:22:10 ago on Fri 30 Sep 2022 03:42:14 PM EDT.
Dependencies resolved.
Nothing to do.
Complete!
user@debian-11-min-bedrock:~$ sudo apt dist-upgrade
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
Calculating upgrade… Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
user@debian-11-min-bedrock:~$ sudo strat devuan apt dist-upgrade
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
Calculating upgrade… Done
The following package was automatically installed and is no longer required:
devuan-keyring
Use ‘sudo apt autoremove’ to remove it.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
user@debian-11-min-bedrock:~$ sudo dnf upgrade –releasever=36
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 11:33:18 ago on Fri Sep 30 18:34:53 2022.
Dependencies resolved.
Nothing to do.
Complete!
user@debian-11-min-bedrock:~$ sudo strat ubuntu apt dist-upgrade
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
Calculating upgrade… Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
user@debian-11-min-bedrock:~$ sudo xbps-install -Su
[*] Updating repository https://mirrors.servercentral.com/voidlinux/current/x86_64-repodata …
[*] Updating repository https://repo-default.voidlinux.org/current/x86_64-repodata …
user@debian-11-min-bedrock:~$
Now my idea is to successfully create multiple templates from the distros above by
- cloning debian-11-minimal to bedrock-minimal-template
- cloning bedrock-minimal-template to alpine-minimal-template
- hijacking alpine-minimal-template with alpine strata
- cloning bedrock-minimal-template to arch-minimal-template
- hijacking arch-minimal-template with arch strata
…
and so on…
That way hopefully it would be possible to get multiple Linux distro templates which for most of them is not even possible to create the other way.
The benefit would be that supposedly, no other distro would needed Qubes specific packages (and security aspect consequently), since they would be provided via main template hijacked by Bedrock - in my case debian-11-minimal! And updating wouldn’t be so hard for some of the distros anymore! This is of course yet to explore and test thoroughly. Even if it’s not possible to install it in the template at the moment (I hijacked it successfully with Bedrock but struggling installing strata, so debugging it in a Standalone first because I have debug window there), the fact it works in Standalone is promising since Bedrock doesn’t have much code.
If this would work, maybe Qubes devs should consider common development with Bedrock Linux devs, just like they do now with @adrelanos for Whonix templates.
Please note that even Qubes is on the Bedrock compatibility list, but not developed unfortunately, so say we could imagine someday Qubes inside Bedrock inside Debian/Fedora inside Qubes…
What do you think?