Kicksecure 17 Template

General Discussion
1

If anyone wants to try a kicksecure template I’ve uploaded one to
https://qubes.3isec.org

There are a few bugs, which I’m reporting to the Whonix folk:

  1. There’s an unwanted package which should be removed on installation
    of kicksecure but is not. You need to remove it manually.
  2. systemcheck reports that the Kicksecure Repository is disabled when
    it is not. This seems to be a bug.
    Neither affects use of the template and qubes based on it, but are
    somewhat annoying.

As with other large templates you may need to increase the size of dom0 -
there is help on this page

11 Likes
2

Both of these issues seem to no longer exist, at least not when I build the template afresh for Qubes OS R4.3.

1 Like
3

Is this site working now? I can’t connect via tor, connection timeout

1 Like
4

Related topic.

1 Like
5

I’m having trouble installing the qubes-app-shutdown-idle package on the Kicksecure-17 template from the 3isec repositories. The package isn’t found, even though the repositories appear to be configured correctly. I can install it without issues on other templates, just not this one.

For context, I previously created a Kicksecure-17 template by morphing Debian-12-minimal, and in that setup, I was able to install qubes-app-shutdown-idle without any problems. However, the pre-built Kicksecure-17 template from the 3isec repositories doesn’t seem to recognize the package. Any ideas why this might be happening?

Additionally, the template did not have firmware-iwlwifi installed by default, so I had to install it manually. Could you please preinstall this in the template?

1 Like
6

Entirely my fault.
The template that’s there at the moment is configured for Qubes 4.3.
You could grab the package from the 4.2 repository,
add a new repo list for 4.2, or wait until I upload the 4.2 template.
Mea Culpa

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

2 Likes
7

Could you clarify what this implies? Does it mean the qubes-app-shutdown-idle package isn’t available in the Qubes 4.3 repository? Has it been removed or deprecated in 4.3, or is there another reason it’s not showing up there?

1 Like
8

The package for bookworm is indeed in the repository - you can see it
here
But the package is not indexed in the repository. This could be
deliberate or an oversight.It isn’t the only package in this situation.
You could add a definition for the 4.2 repository and pull in such
packages from there, or wait until I push the 4.2 template, (or a
community build of kicksecure becomes available).

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

1 Like
9

I added the 4.2 repository and installed the package. Thanks!

1 Like
10

Official Kicksecure for Qubes Template:

6 Likes
11

Would it be possible to trigger a template build for r4.3 as well? For testing users who are on R4.3 alpha.

2 Likes
12

Created a ticket for it:

3 Likes
13

Thank you very much for following this. It appears that it got built and uploaded few hours after my post. It is now available to r4.3 users:

kicksecure
kicksecure808×628 64.8 KB

3 Likes
14

When running Firefox in an AppVM based on the Kicksecure template, policy messages about denied status changes to sys-whonix pop up. This happens even if the netvm is set to sys-firewall.

This can be fixed by adding the tag anon-vm to the AppVM.

1 Like
15

Unrelated to Firefox.

This should be producible by simply starting the VM. Issue:

4 Likes
16

That’s IT - thank you!

1 Like