Fedora CoreOS and SilverBlue Templates

huaopeng · May 29, 2022, 7:53pm

Hello,

Would it be possible to explore the idea of having CoreOS and SilverBlue templates? These distros

are designed for containerization and would increase security and flexibility of the current template scene

Becko · June 18, 2022, 6:40pm

They’re rather designed to provide the functionality of transactional updates to a system that runs predominantly containerised user software. I’m curious how you see this as being any flexible and whether people more knowledgable about Qubes see containerisation as bringing anything meaningful security-wise to an already compartmentalised operating system.

deeplow · June 21, 2022, 3:51pm

You can create your own templates. It won’t be easy but here are some links:

github.com

unman/notes/blob/master/Building_New_Templates.md

Here's how to build a Parrot template - you can adapt this to cover just
about *any* case which is based on an existing template.

Parrot, like Kali, is based on Debian testing - so the first thing you
need to do is make sure you can build a bullseye template.

1. Set up the Qubes build environment, as set out here:  
https://www.qubes-os.org/doc/qubes-builder/  
If you want a configured environment there is a salt formula in https://github.com/unman/shaker  

2. In `qubes-builder`, run `./setup`  
Select 4.0  
Stable  
Git Clone Faster  
DO NOT use Pre-build Packages - select OK without having selected an option
Build only the templates  
In the Selection list choose "buster"  
In the Plugins Selection, **deselect** builder-rpm and **select** builder-debian.  
Get-sources - select "Yes"

This file has been truncated. show original

Droplet6200 · December 2, 2023, 9:47pm

Why would creating a qube with Fedora Silverblue require so many steps — can’t an iso file be installed on a qube more simply such as in VirtualBox?

Droplet6200 · December 2, 2023, 9:51pm

Having an immutable OS makes it more difficult for an adversary to escalate privileges within the OS and could help to prevent them from escaping the virtual machine.

deeplow · December 2, 2023, 9:54pm

I think immutable OS’s is one of the changes @demi (from the Qubes team) noted as important as well in her talk from the 2023 Qubes summit (on youtube). But I can imagine there are some implementation challenges that make it hard to implement.

Feel free to watch Demi’s talk. I can recommend.

Droplet6200 · December 2, 2023, 9:59pm

Thanks for sharing! Is this the video? There are several 8 hour 2023 summit videos.

deeplow · December 3, 2023, 9:58am

This is it https://www.youtube.com/watch?v=_UxndcxIngw (I think it’s the same)

It starts at 2h22m.

Droplet6200 · December 26, 2023, 4:47am

It’s actually really interesting! I’m going to go through the whole presentation