How to preserve the softwares I instaled on "untrusted"?

Hello everyone, I need some help.

I used to work on Untrusted (fedora release 36), and i installed pycharm on it for a projet.

The issue is when i reboot the qubes, my pycharm disappear but not my programs (which are in my folder /Documents). It’s the same with sophos-av, installed on /opt/ with root rights.

Its that normal or I missed a parameter?


You can either install the software on your template. (You can clone the template and use it just for the pycharm AppVM) Or you can bind dirs you need to persist: How to make any file persistent (bind-dirs) | Qubes OS. Or you may want use StandaloneVM in some situations.

I would clone the template, install the software (perferably package made for the distribution of the template. It usually enables updates as well.) and switch the AppVM (“untrusted”) to that template.

“untrusted” is just a name. It’s up to you how you work with the AppVM, how you name it.

Ooh okay, I thought it change depending on which VM it’s used.

With the default install, all of those AppVMs have the same, identical template.

Which means that if you install something on that template, all of the AppVMs will have it available. (And If you uninstall from that template, it will be uninstalled from all AppVMs

Honza 's suggestion of cloning that template (I’d name the clone something like “fedora-36-untrusted” so you will know what it’s for, at a glance) and then having “Untrusted” use the clone as its template is therefore a good one. Now “untrusted” no longer uses the “standard” template and you can customize the new template as you like without affecting your other AppVMs.

In particular you can now install your software on the new template. It will only be available to “Untrusted” that way. You can also remove software that “untrusted” does not need, from that template.

Also see:

if you use pip to install software, use pip install --user so it’s installed in your $HOME and not in the non persistent area somewhere in /usr/.

Using a virtualenv is even better for handling that.