Installing Visual Studio Code & Unity securely

qubeyqube · May 3, 2022, 8:52am

What’s the best approach in downloading VSC + Unity? I was going to do it via a template, but because I would be required to connect to the internet, a lot of people say as soon as you do that consider your template compromised.

What are the alternatives? Download these from a “downloader” App qube, copy the files to development template qube, and install through that way?

BEBF738VD · May 3, 2022, 9:27am

The following assumes you have a debian template.

VSCode:
you can either download the .deb in a dispvm and then transfer it to the template or you can install the snap backend in the template and then download the snap package in the app vm.

Alternatively VScodium provides a repo (scroll down to Debian / Ubuntu (deb package):

you also have a couple of options to accomplish that: you can either use the dispvm approach or you can use qrexec to download it directly from the template:

curl --proxy http://127.0.0.1:8082/ https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg | sudo tee /usr/share/keyrings/vscodium-archive-keyring.gpg

then add the repo:

echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.gpg ] https://download.vscodium.com/debs vscodium main' | sudo tee /etc/apt/sources.list.d/vscodium.list

and install:

sudo apt update && sudo apt install codium

Unity:
Just checked the Unity docs and they also made available a repo, so you can follow the steps above. You can either specify a different keyring name (ie unity.gpg) or remove that part and use apt-key add - instead and remove the [ signed-by= ] part from the repo.

More info:

fsflover · May 3, 2022, 10:19am

See also: Installing Software in Qubes (all methods).

augsch · May 3, 2022, 2:37pm

VScode provides a portable version (tar.gz).

qubeyqube · May 9, 2022, 7:42pm

Updating Visual Studio Code this way, as well as installing extensions, and updating them seems to not be possible, since it reverts back to the version of the template, right?

Might have to go the standalone route.

BEBF738VD · May 9, 2022, 7:45pm

For VSC you’d update the Template, not the AppVM. The extensions on the other hand are downloaded in the AppVM so that’s where you’ll be updating them, as they’re located in $HOME.

No need for a standalone

lstavares84 · June 2, 2023, 1:28pm

Why not just download *.deb file directly from Microsoft and install in debian-11 TemplateVM?