I used dnf to download flatpak in a fedora template, but it worked without even netvm which supposed to provide internet access (I forgot about this at that time), but after executing this command it gave me an error that the address cannot be resolved flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
I relized that it has no netvm so I was stunned and I searched through the forum and found that qubes is configured to provide dnf and apt repo through a proxy that is accessible through localhost internal to the template (did not grasp the notion completely to be honest), but I know that it is not secure to connect a netvm to a template so what should I do for downloading software from other repos?
Is there anyway to execute this command and also access flatpak repo without connecting the template to a netvm?
I already did this but I don’t know what was the problem, when I did “search” the terminal would freeze indefinetly and gives no any input prompt later or it says “no matches found” while for sure the package with in the repo, also for “install” it was freezing so I thought there was a problem some problem at first but it then list the packages after couple of minutes.
By the way the problem was resolved after applying updates to my fedora template.
But I have another question, what if I’m trying to install something from github or any other repo or an AppImage from any other trusted website? is there any safe way without exposing the template directly to the internet?
Because this blog post was specific to flatpak and to be honest I was just imitating the procedures and I don’t have enough technical knowledge to adapt it to other services/repos.
[1] @parulin points to a forum post by @solene which refers to a blog post of her guide to implement flatpak in a TemplateVM through internal proxy server to be able to download software from the repo to the template (which should not be connected to a netvm for security reasons)
[2] @solene gives general method to download files from specific URLs through the Template’s internal proxy server