On a completely different note, I might have cracked part of the difficulty of installing software in Qubes: (assuming it’s available on the repos, which is not the case of the previous discussion)
But let’s discuss this one on its github issue page.
A post was merged into an existing topic: Curl / Wget-proxy scripts in Templates so users can add GPG distro keys linked to added external repositories
It’s largely a matter of personal preference. I have Signal and Keybase in their own templates, with each template having a single AppVM based on it. For Zoom, I use a StandaloneVM. Both are valid and supported choices, and both have similar security properties.
A TemplateVM becomes a big win if one has more than one AppVM based on it. If there is only one, the benefits are significantly reduced. The main exception is that if the TemplateVM’s configuration is easy to regenerate, one may be able to get away without backing it up, reducing backup size.
@Demi … I would add the ease of upgrading safely by just changing the template.
That is another advantage indeed.
FYI, I have a Template where I installed Zoom, Webex, MS Teams, etc. with one App Qube (AppVM) based on that Template. I use it for video conference. It is considered untrusted considering the software installed. I gave it extra RAM and CPU in Qube Settings. This is the best balance for security and convenience for my own purposes.
@adw I’ve updated the guide to reflect these changes you’ve made.
I may restructure it sometime in the future as the flow should be from what the user has (.deb, repo, flat, snap) instead of where the user want to install it (app, template, standalone)
And this is now done.
Pinging the ones who liked my comment above: @fsflover @Insurgo @adw @bayesian
A post was split to a new topic: Update Scripts for Updating Software Like MS Teams and Zoon in Standalone qube
I’m happy to see this post being quite popular
https://forum.qubes-os.org/t/installing-software-in-qubes-all-methods/9991.json
“views”:13093
Installing the application LibreOffice worked great (using “run sudo dnf install libreoffice-7.6.6.3-1.fc39”) but the repository also has LibreOffice graphics, file converter etc. add-ons. When I try to install the file converter using the same command (sudo dnf install 0.9.0-12.fc39 or sudo dnf install libreoffice-0.9.0-12.fc39) it fails with no package name found. Is there a convention like install all the related packages chained, simultaneously or else they won’t install? Same with lots of other software, only the “top” package installs, none of the add-ons are recognized. I’m clueless. Thanks in advance!
To install the latest package version you don’t need to specify the version and you can just install libreoffice like this:
sudo dnf install libreoffice
To see what other libreoffice package you can install and their names you can use this command:
dnf search libreoffice
To filter the output using some string to search for specific package you can use this command, e.g. for convert:
dnf search libreoffice | grep convert
It’ll have this output:
Last metadata expiration check: 0:00:18 ago on Sat Apr 20 06:34:14 2024.
unoconv.noarch : A tool to convert documents from/to any format supported by LibreOffice
Then you can install it using:
sudo dnf install unoconv
But I’m not sure whatever this is the file converter that you’re looking for. I think it’s better to search the web to find the correct package name that contains the file converter or some other add-on that you’re looking for.
This guide has been quite helpful. I’ve just ran into a situation where some software was on Snap and then one was on Flatpak i.e. Slack and Discord have snaps but the Element Matrix client uses Flatpak for its installation.
In the above case, what should I do? Try to centralize the way I install software as much as I can or embrace the fragmentation? Thanks 
Edit: will use the Flatpak directly instead since I ran into the same issue described here
Guessing here, but;
It would be nice if someone created a bunch of useful FlatPak, and the group find a way to accurately verify the safety of those.
I know it is a lot of work though, so it is more than a full time job. ?? and then there is my trusting the Flatpak’s that get created . ???
It would be nice to have everything in one place. One thing that would help is if updater could also update snaps and flatpaks. However, for installation, which is what you are asking, there is no perfect solution. It is a Linux problem not a Qubes one.
Thank you for the explanation! I am new to Qubes–just got an installation up yesterday. I’m quite familiar with using Linux, but not with DevOps. Today, the availability of the Fedora-41 templates was announced. So, I updated from the Fedora-40 template to the Fedora-41 template. Since I hadn’t installed any other software in the template yet, that was simple.
However, if I had used sudo dnf to install many software packages in the fedora-40 template, then wouldn’t those all have disappeared when I updated?
I have tried looking for a way to save my software configuration to reapply in the updated template. I learned that Salt is included in Qubes and there is also Qubes Ansible, which is external and also depends on Salt. (This is the first I’ve heard of Salt or Ansible.) Salt is listed in the “Advanced” section.
So I’m wondering if I need to use one of these methods, if I want to be able to persist my software configurations and also update the templates from time to time. Or have I misconceived the problem?
If you do an inplace upgrade (instructions in the fedora 41 accouncement page) then you dob’t have to.
You can to the manual way. Most of us do it this way for our personal setups. But some do use salt and others ansible. Others are even trying to setup nix templates.
Installing software with salt is currently broken on fedora 41, Fedora 41 template · Issue #9244 · QubesOS/qubes-issues · GitHub