When I attempt to open a keepassxc database that is locked using challenge-response (hmac-sha1), it never prompts me for my key. Normally a checkbox will appear asking me to unlock it using my hardware key. Normally (on Fedora WS) the box won’t appear if the yubikey isn’t connected. However, in my vault qube, the yubikey is indeed working, when I touch it it spits out text. It’s specifically challenge-response that isn’t working. I created an issue a while back about not being able to pass yubikeys to appVMs, not sure what happened but it appears the yubikey is automatically working for all qubes now, as if it were a regular keyboard. I’m guessing it’s got the same permissions as keyboards/mouse. I don’t have a usb qube.
I could have sworn templateVMs (eg. fedora) had internet access. IIRC you had to install stuff in the templateVM if you wanted to use that application in normal qubes. But when I tried installing Brave browser in my templateVM, I couldn’t get internet. In network settings, no net VMs are selected (I think default (none) was selected). I do have internet access to the system.
Almost no application I install actually shows up in Applications. I’ve troubleshooted this so many times. I’ve done it the usual way and the manual way, using the docs. I’m getting a bit tired of this. Is it expected for Brave not to show up in Applications when installed using curl -fsS https://dl.brave.com/install.sh | sh in an AppVM? Someone asked me on a different thread what applications aren’t showing up normally, this is one of them. Yes, I refreshed applications. Yes, I’m aware there’s a brute force method of making it show up by following some obscure article buried in the docs. I’m just wondering why a popular application like Brave isn’t showing up in Applications the normal way it is supposed to.
I havent used that method. If I use the dnf method found from Installing Brave on Linux | Brave the application shows up normally. Using Fedora-42 templates, both normal and minimal. If using minimal templates most things, including network access, needs to be installed explicitly. Minimal templates — Qubes OS Documentation It’s not a lot of trouble though. I have a minimal template for brave that has network, USB and sound installed separately. Then I have created an AppVM with my logins to youtube etc, which I have then set as a disposable template. This setup so that I can undo latest brave update if the software renderer gets worse in an update or something. It has happened before. The applications need to be refreshed just about every time I toggle the disposable template option to change settings.
Templates for QubesOS are configured to use a proxy service for their default package manager.
Therefore you can install a browser but not use it.
Just run qvm-sync-appmenus vm-name in dom0 to enforce a application refresh.
If still not showing up, your applications did not create a .desktop file on the default paths.
But I can’t install it. That’s the problem. I don’t have networking at all.
If still not showing up, your applications did not create a .desktop file on the default paths.
Correct. So, why does a popular program like Brave not create .desktop files on the default paths? This makes using QubesOS really difficult to use on a daily basis. And why does it work for some people (mnfTgh) but not others (me)?
Template VMs aren’t supposed to have internet. I have never had such problem with a template (templates don’t have network access but dnf works through proxy) or an AppVM. I do have a full Fedora HVM, which for some reason lost its network settings a few time. I installed it from a downloaded media but its problem was that its IP got changed in Qubes. Also, I have noticed that some settings need to be set twice in the qube settings if I change too many (or wrong) settings all at once. I’m on 4.2.4
Maybe you could give more details about what you do exactly. Do you create separate template or an AppVM from a default template. Do you change the settings and what virtualization mode you use. I have used PVH and HVM and both worked fine for me.
Edit:
I quickly realized the question was about a template and not an AppVM
I havent used that method. If I use the dnf method found from Installing Brave on Linux | Brave the application shows up normally. Using Fedora-42 templates, both normal and minimal.
and i’m fairly certain templateVMs are supposed to have network because I have internet with them when I normally install QubesOS (which I’ve done dozens of times at this point), using default installation.
templates don’t have network access but dnf works through proxy
I’m not sure what you mean. Are you saying the “dnf” command specifically is able to use internet but other commands like “ping” or “curl” don’t? Then that would explain it…
I’m am referring to the default templateVMs using default settings.
Yes. You can use dnf in a template without internet, because it has been configured to use a proxy instead of connecting to the internet. I’m sorry my posts are confusing I don’t mean to contradict myself. I make mistakes too.
When you use the applications, you’re supposed to create a new AppVM qube based on a template and that AppVM qube has internet by default. You can also configure that AppVM qube to become a disposable template, in which case you launch a disposable based on that AppVM when you select the application from that AppVM from the Q menu.
I see. No problem. It’s more apt to say that it does use the internet, just not directly (hence “proxy”).
When you use the applications, you’re supposed to create a new AppVM qube based on a template and that AppVM qube has internet by default. You can also configure that AppVM qube to become a disposable template, in which case you launch a disposable based on that AppVM when you select the application from that AppVM from the Q menu.
I understand. But the issue raised in my post is that I am not able to install Brave in a templateVM using the curl command (which I now realize is not possible, luckily there is an alternative with dnf), and when installing it in an AppVM, the shortcut won’t appear because evidently it’s not creating a .desktop shortcut for some reason. Which is frustrating.
What are you supposed to do in situations where the only way an app can be installed is with curl? Give it net access directly or only install in an AppVM I suppose?
make sure that in the “Services” tab within the template options, an entry “updates-proxy-service” exists and is active
check that the proxy is active. run “netstat -tanp” inside the template and see if port 8082 listed
check your firewall, or dedicated update vm, if the service “qubes-updates-proxy” is active
Make sure you restart template/vm if you needed to change something.
If you still dont get your packet manager online, run a ngrep, tcpdump or whatever you have and debug that proxy path.