Installing Visual Studio Code & Unity securely

What’s the best approach in downloading VSC + Unity? I was going to do it via a template, but because I would be required to connect to the internet, a lot of people say as soon as you do that consider your template compromised.

What are the alternatives? Download these from a “downloader” App qube, copy the files to development template qube, and install through that way?

The following assumes you have a debian template.

you can either download the .deb in a dispvm and then transfer it to the template or you can install the snap backend in the template and then download the snap package in the app vm.

Alternatively VScodium provides a repo (scroll down to Debian / Ubuntu (deb package):

you also have a couple of options to accomplish that: you can either use the dispvm approach or you can use qrexec to download it directly from the template:

curl --proxy | sudo tee /usr/share/keyrings/vscodium-archive-keyring.gpg

then add the repo:

echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.gpg ] vscodium main' | sudo tee /etc/apt/sources.list.d/vscodium.list

and install:

sudo apt update && sudo apt install codium

Just checked the Unity docs and they also made available a repo, so you can follow the steps above. You can either specify a different keyring name (ie unity.gpg) or remove that part and use apt-key add - instead and remove the [ signed-by= ] part from the repo.

More info:

See also: Installing Software in Qubes (all methods).

VScode provides a portable version (tar.gz).

Updating Visual Studio Code this way, as well as installing extensions, and updating them seems to not be possible, since it reverts back to the version of the template, right?

Might have to go the standalone route.

For VSC you’d update the Template, not the AppVM. The extensions on the other hand are downloaded in the AppVM so that’s where you’ll be updating them, as they’re located in $HOME.

No need for a standalone

1 Like