My advice for pip (and perhaps other repositories) would be to install them on as user programs on the AppVM. Not in Templates
For development purposes, I think it’s better to have these installed on the AppVM user space than enabling network access to install packages with pip for example. Also because ideally you don’t run any other programs than the package manager on the TemplateVM.
But I’d like to hear concerns about the security of this approach.
warning: With any of these methods it’s likely you’ll forget to update software since the auto updater for Qubes will not be able to help you. So you might miss out on important security updates.
Installing Python Packages
Through Package Manager
Debian has quite a lot of packaged python packages, you can find them under the
python- name space (
apt search python3-)
For example, for pip you can look into virtual environements. What I do is
On Template Qube you install
virtualenvwrapper or equivalent
Add the following to the end of
~.bashrc and reopen the terminal
And then on the AppVM you create a profile where you can install python modules that will persist across rebots (they will be installed under
mkvirtualenv -p /usr/bin/python3 [project] # [project] is a plceholder
pip install newspaper # or whatever python modules you want
Then everytime you open a new terminal and want to access that virtual environement you do
And then a little
(project) will show up in the terminal showing you are now on that virtual environment and as such you have access to all the packages installed.
There is a small discussion about this here: Qubes os and cryptocurrency wallets bu
I do have a program that I have to install as an AppImage since it’s not available in packaged form. What I do in this case is drop it on the template under
/opt/, create a shortcut icon under
/usr/share/applications and only start it on the AppVM.