Installing Software in Qubes (all methods)

deeplow · April 20, 2022, 5:54pm

On a completely different note, I might have cracked part of the difficulty of installing software in Qubes: (assuming it’s available on the repos, which is not the case of the previous discussion)

github.com/QubesOS/qubes-issues

Software Installation qube

opened 03:54PM - 20 Apr 22 UTC

deeplow

T: enhancement C: core C: templates P: default

### The problem you're addressing (if any) In qubes it's quite hard to install …software and the [graphical software centers don't work](https://github.com/QubesOS/qubes-issues/issues/6310) ### Proposed Solution (simple version) An internet-connect disposable qube running Gnome's software center. When the user chooses the software to install, a prompt asks the user on which qube they want to install and then it communicates the package names to that qube. Then that qube proceeds to install it. ### Proposed Solution (complex version) The workflow for the user would start by clicking a <kbd>install software</kbd> button on the qubes menu tab for a particular qube: ![menu1(1)](https://user-images.githubusercontent.com/47065258/164290624-3a69c124-6df2-49aa-831d-33192521fc65.png) By knowing in advance which qube the user wants to install software on, this software installation qube could be created on-demand based on the template on which the qube to be updated is based. This way it would be running the same system and therefore all packages listed would be guaranteed to be compatible. This could be good for example in systems where there are different software stores: suppose in Fedora there is Software Center and in ubuntu there is the Ubuntu Store (no idea if that's the case). Let's see an example: 1. **user clicks <kbd>install software</kbd>** on `personal` qube tab in the qubes menu 2. **starts `personal-software-center` qube** (created on demand and based on *Fedora* -- the same tempalte as `personal` 3. **starts patched *Software Center*** (*) application on `personal-software-installer` qube 4. **user chooses software** to install (e.g. vlc) 5. **`personal-software-installer` sends package names** via qrexec to `fedora-34` (the template of `personal`) 6. **`fedora-34` shows a prompt** with the package names it received for the user to confirm these are the packages it wants to install (*)*patched software center*: (probably) a forked version that has been modified not to actually install software but rather sends the names of the packages to be installed to the app qube or template. ### The value to a user, and who that user might be - [GUI for installing software](https://github.com/QubesOS/qubes-issues/issues/6310) - More discoverable way to install software

But let’s discuss this one on its github issue page.

deeplow · April 20, 2022, 6:48pm

A post was merged into an existing topic: Curl / Wget-proxy scripts in Templates so users can add GPG distro keys linked to added external repositories

Demi · April 21, 2022, 12:20am

It’s largely a matter of personal preference. I have Signal and Keybase in their own templates, with each template having a single AppVM based on it. For Zoom, I use a StandaloneVM. Both are valid and supported choices, and both have similar security properties.

A TemplateVM becomes a big win if one has more than one AppVM based on it. If there is only one, the benefits are significantly reduced. The main exception is that if the TemplateVM’s configuration is easy to regenerate, one may be able to get away without backing it up, reducing backup size.

Sven · April 21, 2022, 12:44am

@Demi … I would add the ease of upgrading safely by just changing the template.

Demi · April 21, 2022, 12:45am

That is another advantage indeed.

oijawyuh · April 21, 2022, 7:50am

FYI, I have a Template where I installed Zoom, Webex, MS Teams, etc. with one App Qube (AppVM) based on that Template. I use it for video conference. It is considered untrusted considering the software installed. I gave it extra RAM and CPU in Qube Settings. This is the best balance for security and convenience for my own purposes.

deeplow · April 21, 2022, 8:11am

@adw I’ve updated the guide to reflect these changes you’ve made.

I may restructure it sometime in the future as the flow should be from what the user has (.deb, repo, flat, snap) instead of where the user want to install it (app, template, standalone)

deeplow · September 29, 2022, 11:02am

And this is now done.

Pinging the ones who liked my comment above: @fsflover @Insurgo @adw @bayesian

deeplow · February 17, 2023, 11:10am

A post was split to a new topic: Update Scripts for Updating Software Like MS Teams and Zoon in Standalone qube

deeplow · January 26, 2024, 8:35am

I’m happy to see this post being quite popular

https://forum.qubes-os.org/t/installing-software-in-qubes-all-methods/9991.json
“views”:13093