Hi, I’m quiet lost in installing programs mentioned in title. If I understood correctly, for external repositories I need to allow domains in firewall.
Question
Could someone help me set up mentioned installation methods step-by-step?
My tries
I tried installed snap then I tried IntelliJ Idea. Error network is unreachable occurred on fedora and debain template
I tried pip3 install clickable (for Ubuntu Touch) with Temporary failure in name resolution error.
I also tried element.io but there was no connection to the internet.
My advice for pip (and perhaps other repositories) would be to install them on as user programs on the AppVM. Not in Templates
For development purposes, I think it’s better to have these installed on the AppVM user space than enabling network access to install packages with pip for example. Also because ideally you don’t run any other programs than the package manager on the TemplateVM.
But I’d like to hear concerns about the security of this approach.
warning: With any of these methods it’s likely you’ll forget to update software since the auto updater for Qubes will not be able to help you. So you might miss out on important security updates.
Installing Python Packages
Through Package Manager
Debian has quite a lot of packaged python packages, you can find them under the python- name space (apt search python3-)
Through PIP
For example, for pip you can look into virtual environements. What I do is
On Template Qube you install python3-pip and virtualenvwrapper or equivalent
Add the following to the end of ~.bashrc and reopen the terminal
And then on the AppVM you create a profile where you can install python modules that will persist across rebots (they will be installed under ~/.virtualenvs
mkvirtualenv -p /usr/bin/python3 [project] # [project] is a plceholder
pip install newspaper # or whatever python modules you want
Then everytime you open a new terminal and want to access that virtual environement you do
workon project
And then a little (project) will show up in the terminal showing you are now on that virtual environment and as such you have access to all the packages installed.
I do have a program that I have to install as an AppImage since it’s not available in packaged form. What I do in this case is drop it on the template under /opt/, create a shortcut icon under /usr/share/applications and only start it on the AppVM.
Maybe I missed something but when I try to install app using dnf/apt in AppVM it won’t persist until next AppVM reboot, will it? (All in all, in my case, they don’t).
There appears question: What I missed / how do I make them persistent?
You have to understand that most of the file system in template based
qubes is not persistent. This can have some advantages.
Take a look at https://www.qubes-os.org/doc/templates
As to installing software in templates, it is rarely necessary to give
the template network access. Don’t forget that the template has access
to a proxy via qrexec.
You can specify the proxy: export https_proxy=127.0.0.1:8082 pip install....
or pip install --proxy=https://127.0.0.1:8082 ....
If you remember that the proxy is there, you will find that many
problems can be solved by searching for “using X behind a proxy”
Yes, both APT and DNF install software by default on the root filesystem, and since AppVMs inherit the root filesystem from the TemplateVM they are based on, then text time you reboot any software you installed through those methods will have disappeared.
However, there is a way to have software persistently installed on an AppVM and this involves installing it on the user’s home. The installation of python software through virtualenvironemnts and PIP I suggested earlier uses this approach so the packages will persist across reboots of the AppVM.
@unman’s approach on the other hand installs PIP packages on the TemplateVM.
warning: With any of these methods it’s likely you’ll forget to update software since the auto updater for Qubes will not be able to help you. So you might miss out on important security updates.
I have one more question.