Eg. I need install just one package, and maybe is was untrust.
So I install it in Template, because work VM is persistent home & volatile root, so is possible for give this package just for one VM, not all where this template is used?
Clone template for this case is not good for me, because wanted save hard space and not update many clone template.
Instead of installing it in the template, could you install it in the app qube directly? With Flatpak or Appimage?
Use a StandaloneVM:
This won’t “save hard space”…
Sure, the only other solution I have and not already mentioned is installing an entirely different TemplateVM just for one AppVM and an untrusted package, since technically it is not cloning an existing TemplateVM.
I think it’s better to have the dedicated template and appvm as its reset the system state of the appvm, allows smaller backups of the appvm and also allows to have multiple appvms if ever needed.
I read about Standalones and HVMs this is equal for clone template, and I didn’t want it, I can’t clone template just for 1 package, SO is not possible use template but tell work VM for install some package for used? What is about bind maybe with this can do it? How to make any file persistent (bind-dirs) — Qubes OS Documentation
Sure, note its limitations:
Depending your needs, you could install the program every time you start the appvm, automatically at boot from rc.local.
I do this for some specific qubes.
Here an example;
user@music:~$ cat /rw/config/qubes-bind-dirs.d/50_user_apt_cache.conf
binds+=( '/var/cache/apt/archives/' )
binds+=( '/etc/apt/apt.conf.d/01keep-debs' )
user@music:~$ cat /etc/apt/apt.conf.d/01keep-debs
Binary::apt::APT::Keep-Downloaded-Packages "true";
user@music:~$ cat ~/run.sh
sudo apt-get -y install moc && mocp
I execute the ~/run.sh which installs the moc package and then runs the mocp software (a TUI music player).
The first bind persists the directory in which apt stores the downloaded packages.
The second bind persists the 01keep-debs file which configures apt to keep the downloaded packages.
So the ./run.sh only downloads the package(s) on the first usage, then for all other usages, it uses the local persisted package cache.
Yes the run.sh content could be in /rw/config/rc.local.
So, I understand with this solution we can install specific package, in specific qube, and it install just once? Not install every boot time, because you are persists it.
No, @ludovic solution persists the downloaded package, but it installs the package every time the app qube is restarted.
Understand, but if we have persists at VM with bind, why we can’t install package and not everytime install it again? Maybe need persists more folder.
100% we haven’t any solution?